Now we use p_filesz - 1 to test for NUL check that p_filesz is
at least two and while here allow the upper bound to be
MAXPATHLEN by changing a >= to > as suggested by krw@ in a thread
on tech where

Now we use p_filesz - 1 to test for NUL check that p_filesz is
at least two and while here allow the upper bound to be
MAXPATHLEN by changing a >= to > as suggested by krw@ in a thread
on tech where Maxime Villard proposed additional PT_INTERP checks.

tested by and ok guenther@

show more ...

Error out if the PT_INTERP segment isn't NUL terminated

ok deraadt@ millert@ miod@

Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz.

test cases provided by Alejandro Herna'ndez (nitrousenador (at) gmail.com)
ok deraadt@ jsg@

Extend uvm_map_hint() to get an address range as extra arguments, and make
sure it will return an address within that range.

Use this in uaddr_rnd_select() to make sure we will not attempt to pick
a

Extend uvm_map_hint() to get an address range as extra arguments, and make
sure it will return an address within that range.

Use this in uaddr_rnd_select() to make sure we will not attempt to pick
an address beyond what we are allowed to map.

In my trees for 9 months, blackmailed s2k15 attendees into agreeing now would
be a good time to commit.

show more ...

Don't use an uninitialized variable when a PT_LOAD segment with
alignment 0 or 1 is encountered. The result before was just a
spurious failure by execve(), though I had to manually mangle a
binary t

Don't use an uninitialized variable when a PT_LOAD segment with
alignment 0 or 1 is encountered. The result before was just a
spurious failure by execve(), though I had to manually mangle a
binary to hit this case: segments are all long-aligned or better
in practice.

uninitialized variable noted by Maxime Villard (rustyBSD (at) gmx.fr)
ok and prod jsg@

show more ...

Raise ELF_RANDOMIZE_LIMIT to 64K, so that programs and libraries can
legitimately use random section variables without execve failures...
Because this section is not demand faulted, yield() every pag

Raise ELF_RANDOMIZE_LIMIT to 64K, so that programs and libraries can
legitimately use random section variables without execve failures...
Because this section is not demand faulted, yield() every page during
the fill otherwise the costs are charged poorly.
ok tedu matthew

show more ...

Require EFT shared objects have a PT_PHDR entry to be considered
a pie binary. The kernel will now reject executing a typical shared
library with EINVAL. This breaks compatibility with initial static

Require EFT shared objects have a PT_PHDR entry to be considered
a pie binary. The kernel will now reject executing a typical shared
library with EINVAL. This breaks compatibility with initial static pie
binaries and requires a recent user-land prior to upgrading. In
addition, more fine grained errors can be returned from execve(2)
when errors occur while attempting to execute ELF objects.

okay guenther@, kettenis@, deraadt@

show more ...

Move ps_strings "after" the random stackgap. This makes its location a
per-process value, and therefpore turns the VM_PSSTRINGS sysctl into a
per-process one as well. This gets rid of a pointer to

Move ps_strings "after" the random stackgap. This makes its location a
per-process value, and therefpore turns the VM_PSSTRINGS sysctl into a
per-process one as well. This gets rid of a pointer to the bottom of the
stack at a fixed location. Also clears the road for unmapping the stackgap.

ok deraadt@

show more ...

Make it possible to execute PIE binaries that don't have an PT_INTERP segment
(and therefore no interpreter). Necessary to make self-relocating "static"
PIE working.

This will also allow execution

Make it possible to execute PIE binaries that don't have an PT_INTERP segment
(and therefore no interpreter). Necessary to make self-relocating "static"
PIE working.

This will also allow execution of shared libraries that have the 'x' bit set.
Those shouldn't exist, but unfortunately people outside OpenBSD think
differently which means third-party software sometimes installs shared
libraries with the 'x' bit set.

ok kurt@, deraadt@

show more ...

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

show more ...

Replace a plethora of historical protection options with just
PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h.
PROT_MASK is introduced as the one true way of extracting those bits.
Remove

Replace a plethora of historical protection options with just
PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h.
PROT_MASK is introduced as the one true way of extracting those bits.
Remove UVM_ADV_* wrapper, using the standard names.
ok doug guenther kettenis

show more ...

prefer sizeof(*ptr) to sizeof(struct) for malloc and free

printf debugging worked! figured out the bug (in free()) just after
committing the printfs. revert.

Make better use of the value of psectionslen instead of recomputing
it multiple times. Also remove an unused variable. OK deraadt@ tedu@

resort to printf debugging hints until we can figure this out. ok deraadt

pass size argument to free()
ok doug tedu

use mallocarray for multiplied value checking

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h
don't need to be married.
ok guenther miod beck jsing kettenis

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetB

Eliminates struct pcred by moving the real and saved ugids into
struct ucred; struct process then directly links to the ucred

Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.

ok matthew@

show more ...

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

show more ...

Move p_sigacts from struct proc to struct process.

testing help mpi@

bzero -> memset

now that free(null) is safe, delete checks

Coredumping is now single-threaded, so update comment about locking