Remove compat_freebsd from the list of autoloaded modules. Interested users
will now have to type 'modload' to use it, or uncomment the entry in
GENERIC. I should have removed it when I disabled COMP

Remove compat_freebsd from the list of autoloaded modules. Interested users
will now have to type 'modload' to use it, or uncomment the entry in
GENERIC. I should have removed it when I disabled COMPAT_FREEBSD by
default, sorry about that.

show more ...

- Propagate the signal mask from the ucontext_t to the newly created thread
as specified by _lwp_create(2)
- Reset the signal stack for threads created with _lwp_create(2)

es_arglen is already in bytes...

Cleanup dead code after revert of racy vfork(2) commit

This removes dead code introduced with the following commit:

date: 2012-07-27 22:52:49 +0200; author: christos; state: Exp; lines: +8 -2;
r

Cleanup dead code after revert of racy vfork(2) commit

This removes dead code introduced with the following commit:

date: 2012-07-27 22:52:49 +0200; author: christos; state: Exp; lines: +8 -2;
revert racy vfork() parent-blocking-before-child-execs-or-exits code.
ok rmind

show more ...

Introduce new SIGTRAP code: TRAP_EXEC

On exec() events under a debugger generate the SIGTRAP signal with
TRAP_EXEC property. This allows tracer to distinguish exec() events easily.

Sponsored by <Th

Introduce new SIGTRAP code: TRAP_EXEC

On exec() events under a debugger generate the SIGTRAP signal with
TRAP_EXEC property. This allows tracer to distinguish exec() events easily.

Sponsored by <The NetBSD Foundation>

show more ...

Prefer modern simple past tense and past participle of catch

The "catched" form is obsolete and nonstandard, prefer "caught".

m68k binaries load @ pagesize. unbreak.

The way the kernel tries to prevent a userland process from allocating page
zero is hugely flawed. It is easy to demonstrate that one can trick UVM
into chosing a NULL hint after the user_va0_disable

The way the kernel tries to prevent a userland process from allocating page
zero is hugely flawed. It is easy to demonstrate that one can trick UVM
into chosing a NULL hint after the user_va0_disable check from uvm_map.
Such a bypass allows kernel NULL pointer dereferences to be exploitable on
architectures with a shared userland<->kernel VA, like amd64.

Fix this by increasing the limit of the vm space made available for
userland processes. This way, UVM will never chose a NULL hint, since it
would be outside of the vm space.

The user_va0_disable sysctl still controls this feature.

show more ...

KNF. Remove extra spaces. No functional change.

put back commented out name resolution code that was gc'ed after previous
refactoring.

fix variable name

ignore EACCES

Give 0,1,2 for security.pax.mprotect.ptrace and make it default to 1
as documented in sysctl(7):
0 - ptrace does not affect mprotect
1 - (default) mprotect is disabled for processes that start execut

Give 0,1,2 for security.pax.mprotect.ptrace and make it default to 1
as documented in sysctl(7):
0 - ptrace does not affect mprotect
1 - (default) mprotect is disabled for processes that start executing from
the debugger (being traced)
2 - mprotect restrictions are relaxed for traced processes

show more ...

reduce #ifdef mess caused by PaX

Fix builds of ALL kernels that define DEBUG_EXEC

Enable DEBUG_EXEC, if we have DEBUG (since it only fires on errors) and
disable the super verbose printing by protecting it against TRACE_EXEC.

Move all the randomization inside kern_pax.c so we can control it directly.
Add debugging flags to be able to set the random number externally.

no need to pass the coredump flag to exit1() since it is set and known
in one place.

Split p_xstat (composite wait(2) status code, or signal number depending
on context) into:
1. p_xexit: exit code
2. p_xsig: signal number
3. p_sflag & WCOREFLAG bit to indicated that the process co

Split p_xstat (composite wait(2) status code, or signal number depending
on context) into:
1. p_xexit: exit code
2. p_xsig: signal number
3. p_sflag & WCOREFLAG bit to indicated that the process core-dumped.

Fix the documentation of the flag bits in <sys/proc.h>

show more ...

Let PaX ASLR know about the current emulation

This effectively fixes PaX ASLR with 32-bits emulation on 64-bits
platforms. Without this knowledge, the offset applied for 32-bits
programs was really

Let PaX ASLR know about the current emulation

This effectively fixes PaX ASLR with 32-bits emulation on 64-bits
platforms. Without this knowledge, the offset applied for 32-bits
programs was really meant for a 64-bits address space - thus
shifting the address up to 12 bits, with a success rate of about
1/4096. This offset is calculated once in the lifetime of the
process, which therefore behaved normally when able to start.

Fixes kern/50469, probably also kern/50986

Tested on NetBSD/amd64 (emul_netbsd32)

show more ...

Make the list of syscalls which can trigger a module autoload an
attribute of each emulation, rather than having a single global
list which applies only to the default emulation.

This changes 'struc

Make the list of syscalls which can trigger a module autoload an
attribute of each emulation, rather than having a single global
list which applies only to the default emulation.

This changes 'struct emul' so

Welcome to 7.99.23 !

show more ...

We never exec(2) with a kernel vmspace, so do not test for that, but instead
KASSERT() that we don't.
When calculating the load address for the interpreter (e.g. ld.elf_so),
we need to take into acco

We never exec(2) with a kernel vmspace, so do not test for that, but instead
KASSERT() that we don't.
When calculating the load address for the interpreter (e.g. ld.elf_so),
we need to take into account wether the exec'd process will run with
topdown memory or bottom up. We can not use the current vmspace's flags
to test for that, as this happens too early. Luckily the execpack already
knows what the new state will be later, so instead of testing the current
vmspace, pass the info as additional argument to struct emul
e_vm_default_addr.
Fix all such functions and adopt all callers.

show more ...

Reset the PaX flags, make sure ep_emul_arg is NULL, and add a comment.

In spawn_return() we temporarily move the process state to SSTOP, but
without updating its p_waited value or its parent's p_nstopchild
counter. Later, we restore the original state, again without an

In spawn_return() we temporarily move the process state to SSTOP, but
without updating its p_waited value or its parent's p_nstopchild
counter. Later, we restore the original state, again without any
adjustment of the related values. This leaves a relatively short
window when the values are inconsistent and could interfere with the
proper operation of sys_wait() for the parent (if it manages to be
scheduled; it's not totally clear what, if anything, prevents
scheduling/execution of the parent).

If during this window, any of the checks being made result in an
error, we call exit1() which will eventually migrate the process's
state to SDEAD (with an intermediate transition to SDYING). At
this point the other variables get updated, and we finally restore
a consistent state.

This change updates the p_waited and parent's p_nstopchild at each
step to eliminate any windows during which the values could lead to
incorrect decisions.

Fixes PR kern/50330

Pullups will be requested for NetBSD-7, -6, -6-0, and -6-1

show more ...

In execve_runproc(), update the p_waited entry for the process being
moved to SSTOP state, not for its parent. (It is correct to update
the parent's p_nstopchild count.) If the value is not already

In execve_runproc(), update the p_waited entry for the process being
moved to SSTOP state, not for its parent. (It is correct to update
the parent's p_nstopchild count.) If the value is not already zero,
it could prevent its parent from waiting for the process.

Fixes PR kern/50298

Pullups will be requested for:

NetBSD-7, -6, -6-0, -6-1, -5, -5-0, -5-1, and -5-2

show more ...