| created | 2020-09-27T09:22:50Z |
|---|---|
| begin | 2020-09-24T00:00:00Z |
| end | 2020-09-25T00:00:00Z |
| path | src/sys |
| commits | 14 |
| date | 2020-09-24T09:51:07Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/uvm/uvm_fault.c | log | diff | annotate |
| message | Remove trailing white spaces. | |||
| date | 2020-09-24T11:18:37Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/arch/i386/i386/pmap.c | log | diff | annotate |
| src/sys/arch/i386/i386/trap.c | log | diff | annotate | |
| src/sys/arch/i386/include/pmap.h | log | diff | annotate | |
| src/sys/arch/i386/include/segments.h | log | diff | annotate | |
| message |
Make sure we fetch the CS limit of the CPU the trap happened on. It is possible to switch CPUs when handling a trap since we need to lock the vm_map of the process. In that case the CS limit would be wrong an we incorrectly decide that there has been an execute privilige violation. Also make sure we only modify the variables that keep track of the CS limit and segment descriptor while holding the kernel lock. Fixes builds of go ports on i386. tested by sthen@ ok deraadt@ |
|||
| date | 2020-09-24T11:36:50Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/i386/i386/machdep.c | log | diff | annotate |
| src/sys/arch/i386/i386/pmap.c | log | diff | annotate | |
| src/sys/arch/i386/i386/trap.c | log | diff | annotate | |
| src/sys/arch/i386/include/segments.h | log | diff | annotate | |
| message |
When operating in NX mode, GUCODE_SEL can cover the entire userland address space permanently, and the line-in-the-sand manipulation T_PROTFLT|T_USER fixup handling can be skipped. This change was written to side-step the segment-descriptor mismanagement issues, commited recently for the "go on i386" tested by sthen ok kettenis guenther |
|||
| date | 2020-09-24T17:54:28Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/alpha/alpha/trap.c | log | diff | annotate |
| message |
Only perform uvm_map_inentry() checks for PROC_SP for userland pagefaults. This should be sufficient for identifying pivoted ROP. Doing so for other traps is at best opportunistic for finding a straight-running ROP chain, but the added (and rare) sleeping point has proven to be dangerous. Discussed at length with kettenis and mortimer. ok mortimer kettenis mpi |
|||
| date | 2020-09-24T17:54:29Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/amd64/amd64/trap.c | log | diff | annotate |
| src/sys/arch/hppa/hppa/trap.c | log | diff | annotate | |
| src/sys/arch/i386/i386/trap.c | log | diff | annotate | |
| src/sys/arch/m88k/m88k/trap.c | log | diff | annotate | |
| message |
Only perform uvm_map_inentry() checks for PROC_SP for userland pagefaults. This should be sufficient for identifying pivoted ROP. Doing so for other traps is at best opportunistic for finding a straight-running ROP chain, but the added (and rare) sleeping point has proven to be dangerous. Discussed at length with kettenis and mortimer. ok mortimer kettenis mpi |
|||
| date | 2020-09-24T17:54:30Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/mips64/mips64/trap.c | log | diff | annotate |
| src/sys/arch/powerpc/powerpc/trap.c | log | diff | annotate | |
| src/sys/arch/powerpc64/powerpc64/trap.c | log | diff | annotate | |
| src/sys/arch/sh/sh/trap.c | log | diff | annotate | |
| src/sys/arch/sparc64/sparc64/trap.c | log | diff | annotate | |
| message |
Only perform uvm_map_inentry() checks for PROC_SP for userland pagefaults. This should be sufficient for identifying pivoted ROP. Doing so for other traps is at best opportunistic for finding a straight-running ROP chain, but the added (and rare) sleeping point has proven to be dangerous. Discussed at length with kettenis and mortimer. ok mortimer kettenis mpi |
|||
| date | 2020-09-24T17:57:57Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/mips64/mips64/trap.c | log | diff | annotate |
| message |
mi_ast() needs curcpu()->ci_want_resched rather than ci->ci_want_resched, because refreshcreds() may sleep in pool_put(). Subtle isn't it... ok visa kettenis |
|||
| date | 2020-09-24T20:21:50Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/i386/i386/trap.c | log | diff | annotate |
| message |
mi_ast() should not use the old cpu, but the cpu (after potential sleep in refreshcreds() ok kettenis |
|||
| date | 2020-09-24T20:22:15Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/powerpc64/powerpc64/trap.c | log | diff | annotate |
| message |
mi_ast() should not use the old cpu, but the cpu (after potential sleep in refreshcreds() ok kettenis |
|||
| date | 2020-09-24T20:22:50Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/powerpc/powerpc/trap.c | log | diff | annotate |
| message |
mi_ast() should not use the old cpu, but the cpu (after potential sleep in refreshcreds() ok kettenis |
|||
| date | 2020-09-24T20:30:41Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/i386/include/cpu.h | log | diff | annotate |
| message |
the legacy need_resched macro to access per-cpu value is no longer needed ok kettenis |
|||
| date | 2020-09-24T20:33:10Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/alpha/alpha/trap.c | log | diff | annotate |
| message |
ast() was lacking refreshcreds(). That can sleep, and mi_ast() requires the current cpu so use curcpu() rather than the old cpu in ci. ok kettenis |
|||
| date | 2020-09-24T21:14:32Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/i386/isa/npx.c | log | diff | annotate |
| message | an ugly white space | |||
| date | 2020-09-24T23:49:59Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/sparc64/sparc64/trap.c | log | diff | annotate |
| message |
The sparc64 pagefault vectors are directly to specific functions, and all 3 were missing refreshcreds() preceding calls to uvm_fault() ok kettenis |
|||