| created | 2023-07-15T20:20:12Z |
|---|---|
| begin | 2023-07-10T00:00:00Z |
| end | 2023-07-11T00:00:00Z |
| path | src/sys |
| commits | 6 |
| date | 2023-07-10T03:31:57Z | |||
|---|---|---|---|---|
| author | guenther | |||
| files | src/sys/kern/kern_exec.c | log | diff | annotate |
| message |
Add PS_NOBTCFI, a per-process flag indicating that Branch Target Control Flow Integrity has been disabled for the process. At exec-time, set that flag iff EXEC_NOBTCFI is passed from the ELF exec bits (which set it based on presence of a PT_OPENBSD_NOBTCFI segment). This will be used by the amd64 code. kern_exec.c part by kettenis@ ok guenther@ deraadt@ |
|||
| date | 2023-07-10T03:31:58Z | |||
|---|---|---|---|---|
| author | guenther | |||
| files | src/sys/sys/proc.h | log | diff | annotate |
| message |
Add PS_NOBTCFI, a per-process flag indicating that Branch Target Control Flow Integrity has been disabled for the process. At exec-time, set that flag iff EXEC_NOBTCFI is passed from the ELF exec bits (which set it based on presence of a PT_OPENBSD_NOBTCFI segment). This will be used by the amd64 code. kern_exec.c part by kettenis@ ok guenther@ deraadt@ |
|||
| date | 2023-07-10T03:32:10Z | |||
|---|---|---|---|---|
| author | guenther | |||
| files | src/sys/arch/amd64/amd64/cpu.c | log | diff | annotate |
| src/sys/arch/amd64/amd64/locore.S | log | diff | annotate | |
| src/sys/arch/amd64/amd64/machdep.c | log | diff | annotate | |
| src/sys/arch/amd64/amd64/vmm_machdep.c | log | diff | annotate | |
| src/sys/arch/amd64/include/codepatch.h | log | diff | annotate | |
| src/sys/arch/amd64/include/fpu.h | log | diff | annotate | |
| src/sys/arch/amd64/include/specialreg.h | log | diff | annotate | |
| message |
Enable Indirect Branch Tracking for amd64 userland, using XSAVES/XRSTORS to save/restore the state and enabling it at exec-time (and for signal handling) if the PS_NOBTCFI flag isn't set. Note: this changes the format of the sc_fpstate data in the signal context to possibly be in compressed format: starting now we just guarantee that that state is in a format understood by the XRSTOR instruction of the system that is being executed on. At this time, passing sigreturn a corrupt sc_fpstate now results in the process exiting with no attempt to fix it up or send a T_PROTFLT trap. That may change. prodding by deraadt@ issues with my original signal handling design identified by kettenis@ lots of base and ports preparation for this by deraadt@ and the libressl and ports teams ok deraadt@ kettenis@ |
|||
| date | 2023-07-10T13:48:02Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/dev/fdt/rkgpio.c | log | diff | annotate |
| message |
The changes to the register layout affect the interrupt status/ack registers as well. Make use of these, otherwise it might lead to an interrupt flood. ok kettenis@ |
|||
| date | 2023-07-10T19:36:54Z | |||
|---|---|---|---|---|
| author | jan | |||
| files | src/sys/dev/pci/if_ix.c | log | diff | annotate |
| message |
ix(4): allocate less memory for tx buffers TSO packets are limited to MAXMCLBYTES (64k). Thus, we don't need to allocate IXGBE_TSO_SIZE (256k) per packet for the transmit buffers. tested by bluhm ok bluhm@ |
|||
| date | 2023-07-10T22:54:40Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/kern_sig.c | log | diff | annotate |
| src/sys/kern/vfs_vnops.c | log | diff | annotate | |
| message |
Allow unveiled programs to dump core (in the default, classic, into . way) by passing BYPASSUNVEIL just for this vnode. The coredump() code is quite careful, so this will be fine. ok kn kettenis semarie |
|||