Here's the newest version of all 3 diffs:
- kernel diff, can be tested alone
- userland diff, can be tested alone
- syscalls.master cleanup, would happen afterwards, and conflicts a bit.
the ports team has repaired a majority of the syscall fallout in non-go
programs. The effort for go is still
Theo de Raadt wrote:
> Piece by piece, I've been trying to remove the easiest of the
> terminal-actions that exploit code uses (ie. getting to execve, or performing
> other system calls, etc).
> Snapshots for some architectures now contain kernel diffs which reject
> sys
Theo de Raadt wrote:
> Piece by piece, I've been trying to remove the easiest of the
> terminal-actions that exploit code uses (ie. getting to execve, or performing
> other system calls, etc).
> So in this next step, I'm going to take away the ability to perform syscall #0
Piece by piece, I've been trying to remove the easiest of the
terminal-actions that exploit code uses (ie. getting to execve, or performing
other system calls, etc).
I recognize we can never completely remove all mechanisms they
use. However, I hope I am forcing attack coders into using increasing
There is a pretty disruptive amd64 snapshot coming, so anyone who is
using snapshots for critical stuff should take a pause. (This warning
about a development step is unusual, I won't make it common practice).
Crystal Kolipe wrote:
`> Hi Theo, it's a long time since we last conversed.
>
> On Mon, Oct 23, 2023 at 03:44:17PM -0600, Theo de Raadt wrote:
> > What user without OpenBSD experience is booting from 'd'?
> >
> > Which also poses the question -- what u
Crystal Kolipe wrote:
> On Mon, Oct 23, 2023 at 11:04:07AM +, Klemens Nanni wrote:
> > 10/16/23 04:02, Klemens Nanni ??:
> > > The current check implies one could use, e.g. SWAP or MSDOS partitions
> > > as softraid(4) chunks, but sys/dev/softraid.c always expects FS_RAID,
> > > thus
Otto Moerbeek wrote:
> On Sat, Oct 21, 2023 at 10:40:45PM +0300, Kapetanakis Giannis wrote:
>
> > On 21/10/2023 20:39, Florian Obser wrote:
> > > Which was 8 years ago. I don't understand why you see a change in 7.4.
> > >
> > > Anyway, we decided to not clean up control sockets in any of our
>
What will come of this discussion of opinions?
Chris Narkiewicz wrote:
> Hi,
>
> Tomohiro Kusumi is currently working on HAMMER2 implementation
> for OpenBSD, FreeBSD and NetBSD.
>
> The repository is here:
> https://github.com/kusumi/openbsd_hammer2
>
>
> He maintains repositories for NetBS
This manual page provides details for the EXIT STATUS.
This should be added.
Scott Cheloha wrote:
> Align timeout(1)'s execvp(3) failure statuses with those of GNU
> timeout. 127 for ENOENT, 126 for everything else.
>
> $ cd /tmp
> $ touch script.sh
> $ ls -l script.sh
> -rw-r--r-- 1 ssc wh
I think this is correct support for cross-compilation, and what you
are trying to do is less important.
Frederic Cambus wrote:
> Hi tech@,
>
> When trying the GCC 11 static analyzer on games, I noticed that some of
> them (adventure, boggle, fortune, hack, monop, phantasia) have hardcoded
> cal
Peter J. Philipp wrote:
> On Tue, Oct 10, 2023 at 06:25:44AM +0200, Peter J. Philipp wrote:
> > > > Thanks, I actually have one of these myself. So I'm going to
> > > > investigate (and probably drop one of the diffs).
> > >
> > > I don't see any problems on my machine. Firmware loads and WiFi
Alexander Bluhm wrote:
> During configuration there is usually some kind of lock, it happens
> rarely, and bugs are hard to trigger, especially on amd64 which
> guarantees some consistency. That's why it works.
>
> > Some times ago, I privately pointed this and proposed to modify if_flags
> > a
Mikhail Pchelin wrote:
> On Sun, Oct 01, 2023 at 11:17:32AM -0600, Theo de Raadt wrote:
> > >I'm interested if anyone has already done any research or code regarding
> > >these drivers to save double effort.
> >
> > Over in freebsd land won't you
>I'm interested if anyone has already done any research or code regarding
>these drivers to save double effort.
Over in freebsd land won't you just use the linux drivers, to "save double
effort"? And how's that going.
It does not seem crucial to commit this just before a release.
Klemens Nanni wrote:
> On Fri, Sep 29, 2023 at 05:28:46PM +0200, Florian Obser wrote:
> > On 2023-09-29 14:41 UTC, Klemens Nanni wrote:
> > > The response file contains only to non-defaults, except for
> > > Set name(s)? (or 'abor
Our kernel also has the concept of guard-pages, meaning it will try to
keep a gap of 1 page between mmap() allocations.
The way it is coded, it isn't perfect, but it tends to work and
catch some issues.
to which I have not been yet
> invited, so will defer that to your schedule and preferred solution,
> needless to say. Thanks for your qualified feedback as usual.
>
> On 9/26/23, Theo de Raadt wrote:
> > Stuart Henderson wrote:
> >
> >> > This results in f
Stuart Henderson wrote:
> > This results in failure to upgrade to a valid snapshot on the mirrors,
> > and users having to wait a new snapshot fanout without mixed sets and
> > checksum files containing both versions (incompletely the older).
>
> I do not agree with "be lenient on what you expec
Klemens Nanni wrote:
> Are there more reasons or benefits to this approach than a) less intrusive
> chmod() and b) more shared, overall less code?
>
> I obviously don't see the full picture (yet).
A normal bootloader only reads from disk.
No write occur.
The chmod hack is a write. In the li
Visa Hankala wrote:
> On Sat, Sep 23, 2023 at 02:26:18PM +, Klemens Nanni wrote:
> > On Sat, Sep 23, 2023 at 01:11:32PM +0200, Mark Kettenis wrote:
> > > > Date: Thu, 21 Sep 2023 22:30:01 +
> > > > From: Klemens Nanni
> > > >
> > > > In comparison to MI boot which only cares about /bsd.
20-some years ago I was very much involved in the integration of the
stack-protector into OpenBSD. This subsystem was developed as a gcc
patch by Hiroaki Etoh. Many years later it adopted and substantially
rewritten to incorporate it into mainline gcc. Thus, OpenBSD for a few
years was the first
Mark Kettenis wrote:
> > Date: Fri, 22 Sep 2023 23:19:30 +
> > From: Klemens Nanni
> >
> > Does the tiny kexec kernel actually need network, bio(4) or HID devices?
> > octeon/BOOT does not have any of this.
>
> Well, we do need the USB keyboard stuff to allow users to type at the
> bootloa
Klemens Nanni wrote:
> Does the tiny kexec kernel actually need network, bio(4) or HID devices?
I think you are playing with fire when you remove potential console devices.
Ingo, that's a bit cynical.
As long as the process is slow, step by step, adding one or two manuals at
a time, and focusing on being ACCURATE, then it will be good.
It would be wrong to add inaccurate pages. A lack of documentation is slightly
better than inaccurate documentation.
So if you re
ropose as my "last" attempt on this topic to add more
> clarification "how to fix it by user on his machine" with this patch
>
> 2023-09-16 5:14 GMT+03:00, Theo de Raadt :
> >
> > revision 1.18
> > date: 2015/11/24 03:10:10; author: deraadt; state
It is a poor trade.
Giving a user an additional gid or uid (for program lifetime), in
programs which have not been reviewed (or -- cannot be reviewed and
fixed), is not good.
Before, setgid games could be used along with another bug to fill /var.
Now, you can just fill /var because you made it w
back setgid-supported scorefiles.
S V wrote:
> Why don't drop it in this case?
>
> сб, 16 сент. 2023 г., 05:03 Theo de Raadt :
>
> Nope, 'setgid games' is intentionally dead.
>
> We will not be bringing it back.
>
> S V wrote:
>
> &
Nope, 'setgid games' is intentionally dead.
We will not be bringing it back.
S V wrote:
> It is pretty to not have this game running, but included so
>
> I just added chmod ugo+rw "game files" after chown root:games in Makefile
>
> and add notice about it in man file
>
> It is unbroke game
I did not point you in this direction, not at all.
I said make execve failure report an accurate error. Rather than
requiring a special hook which will report the problem. Meaning
if the problem areas were known, they could be coped with. What
I'm seeing here appears to be a thing like system()
Pietro Cerutti wrote:
> The motivation is that several network protocols are line oriented
> with CRLF as line terminators. SMTP and HTTP are among the most
> popular.
Yet, all servers of those protocols and and will accept the simpler 1-byte
line terminator.
> FWIW, it works on RHEL 7.9
That
Stuart Henderson wrote:
> On 2023/08/13 11:44, Andrew Hewus Fresh wrote:
> > My laptop doesn't have the fastest wifi and sysupgrade already uses a
> > progress bar to show what it's doing, so I'd really like to provide more
> > feedback on what it is doing:
>
> Does a single -v give enough feedb
Visa Hankala wrote:
> On Sat, Aug 12, 2023 at 01:29:10PM +0200, Martin Pieuchot wrote:
> > On 12/08/23(Sat) 10:57, Visa Hankala wrote:
> > > On Fri, Aug 11, 2023 at 09:52:15PM +0200, Martin Pieuchot wrote:
> > > > When stopping a machine, with "halt -p" for example, secondary CPUs are
> > > > rem
Mark Kettenis wrote:
> > Date: Fri, 11 Aug 2023 11:13:23 +
> > From: Klemens Nanni
> >
> > On Mon, May 08, 2023 at 11:00:27AM +, Klemens Nanni wrote:
> > > On Sun, Apr 23, 2023 at 05:07:30PM +, Klemens Nanni wrote:
> > > > For new installs, it seems adequate to base the number on th
Greg Steuck wrote:
> Thanks for the patch.
>
> I could see some value in tightening the conditions to always check
> `!= expected`. I don't see enough improvement from separating the error
> case of -1 from the incomplete read case considering the otherwise
> identical behavior.
Hmm, that is a
enh wrote:
> (fwiw, Android has someone working on adding this header to upstream
> LLVM right now, so hopefully it should come "for free" in llvm 18.
> what, if anything, to _do_ with it is another question though :-) )
Will stdckdint.h come into common usage before or after 32-bit time_t
wraps
Lucian Popescu wrote:
> I noticed that some parts of OpenBSD use awkward techniques to detect
> undefined behavior in arithmetic operations, for example:
...
> The snippet was taken from lib/libexpat/lib/xmlparse.c
libexpat is outside source, which we incorporate
We have no influence over what
That looks better.
Lucas wrote:
> Theo Buehler wrote:
> > > - if (pread(fd, phdr, size, ehdr.e_phoff) != size) {
> > > + if ((nr = pread(fd, phdr, size, ehdr.e_phoff)) != -1) {
> >
> > did you intend to check for == -1?
> >
> > > warn("read(%s)", name);
> >
> > should that not say
Lucas wrote:
> "Theo de Raadt" wrote:
> > What errno is being printed here?
>
> """Everything is alright""" error,
>
> $ : >empty && ./obj/ldd empty
> ldd: read(empty): Undefined error: 0
>
> which
Lucas wrote:
> Bump.
>
> Lucas wrote:
> > Now with a better subject.
> >
> > I was also wondering about the lack of pledge() other than the newly
> > added one. That goes because dlopen() can do anything?
> >
> > Lucas wrote:
> > > Hi,
> > >
> > > I wanted to understand how the pledge execp
Theo Buehler wrote:
> On Fri, Aug 04, 2023 at 11:40:36AM +0200, Claudio Jeker wrote:
> > When copying the shutdown reason from ctl_neighbor into the peer struct
> > the strlcpy needs a NUL terminated string input. This may not be the case
> > so we should be more careful here.
> > I see two ways
Scott Cheloha wrote:
> On Thu, Aug 03, 2023 at 09:09:30AM -0600, Theo de Raadt wrote:
> > Scott Cheloha wrote:
> >
> > > > > How about this. Kill the spc_ldavg calculation. Its use is more then
> > > > > questionable. The cpu selection code
Scott Cheloha wrote:
> > > How about this. Kill the spc_ldavg calculation. Its use is more then
> > > questionable. The cpu selection code using this is not wroking well and
> > > process stealing will do the rest.
>
> This is more or less what I said yesterday. The per-CPU load average
> is no
S V wrote:
> 2023-07-27 17:24 GMT+03:00, Theo de Raadt :
> > You don't explain why you are trying to enable floating point register
> > use in the kernel.
>
> I just have CPU with it (Cortex-a57 with NEON), so was toying with it
> trying to look if I get more perf
You don't explain why you are trying to enable floating point register
use in the kernel.
S V wrote:
> I was trying (as an experiment) to build aarch64 current kernel with
> -march=armv8-a+simd and stumble upon error
>
> Interesting to notice that armv8-a+nofp+simd compiles and runs OK
>
> par
Manawyrm wrote:
> (Hetzner engineer here, but speaking as a private individual)
>
> Hetzner Cloud is using regular mainline QEMU on Linux as the hypervisor,
> so while I'd agree that faulting when the MSR is set isn't ideal, this
> behaviour will probably also occur on a lot of other machines/se
Mark Kettenis wrote:
> I'm not sure to what extent this makes IBT less effective. Can the
> retpolines be used as gadgets to bypass IBT? Should we stop enabling
> retpolines by default?
>
> What *is* obvious is that retpolines are incompatible wuth shadow
> stacks. Is there an alternative tha
Would like to know if this patch helps anyone with this type of
problem.
Index: sys/arch/amd64/amd64/cpu.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/cpu.c,v
retrieving revision 1.172
diff -u -p -u -r1.172 cpu.c
--- sys/arch/amd64/am
I am not aware of a feature flag we can check for if we can
write to MSR_DE_CFG, and my guess is their VM needs to silently
ignore the bits we modify, and not generate a fault.
I'm not sure what we can do here, but I suspect some developers will
think about it.
Anyways, they decided to fault. T
Zenbleed errata for 7.2 and 7.3 will come out soon.
sysupgrade of the -current snapshot already contains a fix.
I wanted to share some notes on impact:
OpenBSD does not use the AVX instructions to the same extent that Linux
and Microsoft do, so this is not as important.
On Linux, glibc has AVX-
Andrew Hewus Fresh wrote:
> One thing to note, on the advice of miod@, I adjusted the mapping of
> size_t from u_int to u_long, but that means we no longer recognize
> getlogin_r. When I asked, miod@ suggested that syscalls.master was
> confused.
>
> $ grep getlogin_r /usr/src/sys/kern/syscalls
Theo Buehler wrote:
> On Thu, Jul 20, 2023 at 05:22:25PM +0200, Theo Buehler wrote:
> > On Thu, Jul 20, 2023 at 05:06:00PM +0200, Claudio Jeker wrote:
> > > I think it is better to use a safe ideom when matching against a peer name
> > > instead of forcefully NUL terminate the string somewhere un
Theo Buehler wrote:
> On Thu, Jul 20, 2023 at 05:06:00PM +0200, Claudio Jeker wrote:
> > I think it is better to use a safe ideom when matching against a peer name
> > instead of forcefully NUL terminate the string somewhere unrelated.
> > By default all these string buffers use the same size so
-my $sb = "\0\0\0\0";
+my $sb = "\0" x 4096;
That's pretty terrible. Does this language not have types?
rhl120 wrote:
> Hello, this commit fixes nothing. To me it is just an instance of using
> the right tool for the right job.
Sorry, you are incorrect.
> I could also argue that there is a
> performance improvement (because the call passes less arguments) but
> that is probably negligible.
Th
What are you fixing by making this less precise?
rhl120 wrote:
> Hello, while browsing the source code of init, I found a couple of calls to
> waitpid which, I believe, could be replaced with wait(NULL). As far as I can
> tell lib/libc/gen/wait.c and lib/libc/gen/waitpid.c backup my belief but
> ok kettenis@
ok deraadt also
Mark Kettenis wrote:
> It is still a bit scary to have cpu_hatch() call _mcount() but I guess
> adding __attribute__((no_profile)) to all of the functions called by
> cpu_hatch() isn't really workable either.
It now immediately returns.
> > + int gmon_state = gmoninit;
>
> No variable declar
I dare you to write the simplest fix for this, instead of a diff that
scrolls by.
Scott Cheloha wrote:
> Secondary CPUs are still running at the top of sleep_state(). To
> disable _mcount with gmoninit we would need to wait until after
> secondary CPUs have halted to toggle it off, which is way further into
> sleep_state().
I suspect you are exaggerating the window of time w
Mark Kettenis wrote:
> So isn't the real problem that some of the lower-level code involved
> in the resume path isn't properly marked to not do the
> instrumentation? Traditionally that was assembly code and we'd use
> NENTRY() (in amd64) or ENTRY_NP() (on some other architectures) to
> prevent
Tobias Heider wrote:
> +#ifdef SUSPEND
> + if (ksym == KS_Cmd_Sleep)
> + return request_sleep(SLEEP_SUSPEND);
> +#endif
Oh wait, it is consumed.
Is that a problem
Tobias Heider wrote:
> +#ifdef SUSPEND
> + if (ksym == KS_Cmd_Sleep)
> + return request_sleep(SLEEP_SUSPEND);
> +#endif
This key is not absorbed when it performs this action.
Is that OK?
Alexander Bluhm wrote:
> After that we have only the syscall Perl diff floating around and
> can concentrate on that.
It is important to make some sort of progress on that before the
release cycle, because immediately after release I want to start
burning syscall down.
Sure.
Tobias Heider wrote:
> I am planning to restructure the APM/sleep APIs to make it easier to suspend
> from more places like as a suspend keyboard shortcut.
>
> The acpiioctl handler is x86 specific code which is currently built on all
> platforms but only hooked up on i386 and amd64. It
Lee, Jonathan D wrote:
> Hello, the empty section yes, I agree would still need to be populated.
> Thanks for adding some fresh visibility to this problem as I noticed OpenBSD
> has p0f as well as FreeBSD the FreeBSD is being used as an example with
> PfSense.
>
> The p0f database is starting
Todd C. Miller wrote:
> Other implementations of "time -p" (both builtin and standalone)
> only display two digits after the radix point. I'm a little concerned
> about breaking scripts that consume out the output of "time -p".
I share that concern.
Claudio Jeker wrote:
> On Mon, Jun 19, 2023 at 06:41:14PM -0500, Scott Cheloha wrote:
> > > On Jun 19, 2023, at 18:07, Theo de Raadt wrote:
> > >
> > > Make sure to STOP all kernel profiling before attempting to
> > >suspend or hiberna
Make sure to STOP all kernel profiling before attempting to
suspend or hibernate your machine. Otherwise I expect it
will hang.
It is completely acceptable if it produces wrong results, but it must
not hang the system.
Make sure to STOP all kernel profiling before attempting to
suspend or hibernate your machine. Otherwise I expect it
will hang.
That is not acceptable. People suspend and hibernate machines without
being aware of what applications are doing.
GPROF is a kernel com
Relinking's goal is to reduce gadget discovery.
There are two reasons we do this:
- The existance of many small stub functions that might be reached with
the wrong parameters to act upon data structures incorrectly
- polymorphic gadget availability on variable-sized instruction architectures
R
Thordur I. Bjornsson wrote:
> On Mon, Jun 12, 2023 at 9:15 PM Bob Beck wrote:
> >
> > On Mon, Jun 12, 2023 at 11:01:18AM -0600, Theo de Raadt wrote:
> > > + KASSERTMSG(1, "Ich Habe eine Rotweinflarsche in meinem Arsche");
> > > That part of th
+ KASSERTMSG(1, "Ich Habe eine Rotweinflarsche in meinem Arsche");
That part of the diff is not OK. If everyone did this, we would have a
mess on our hands.
Todd C. Miller wrote:
> On Fri, 09 Jun 2023 07:25:04 +0200, Florian Obser wrote:
>
> > OK?
> >
> > p.s. I'm currently busy writing an ISC licensed bash in rust to safely
> > support HiCA. So this might take a while...
>
> Have you considered implementing wordexp(3) to allow command
> substituti
g...@oat.com wrote:
> Theo de Raadt wrote:
> After pledge, 80% of the base programs were converted to pledge-assisted
> priv-drop, because it was really obvious that "initialization code"
> could
> and should be moved earlier in the program, so
William Ahern wrote:
> Rather, the point of pledge and unveil is to make that
> deliberate refactoring as pleasant and minimal as is practicable.
Indeed, after the first 10 programs were converted to use pledge, it
became very obvious what would happen next:
"priv-drop everything"
The firs
We will wait for the demo.
Leah Rowe wrote:
> Hi Theo,
>
> On Fri, 02 Jun 2023 11:03:40 -0600
> "Theo de Raadt" wrote:
>
> > Additionally the two outcomes of this will be:
> >
> > 1. Don't call pledge in the program.
> >
> >
Leah Rowe wrote:
> Hi everyone,
>
> I had an interesting idea for OpenBSD. Haven't tried it yet. I'm
> wondering what other people think of it? The idea is, thus:
>
> 1) Do execution tracing and just run a program. Do everything possible
> in it to the fullest extent feasible and get an entire
How do you ensure you have coverage of all the operational choices
the program makes?
How about we what you propose and remove all the bugs and then we
don't need pledge?
Anyone who has done a 3nd year computer science course knows why this
does not work.
Leah Rowe wrote:
>
>
> Hi everyone,
Alexander Klimov wrote:
> Wait a second!
> (Yes, one of my biggest talents is to "oversee elephants"TM, but not this
> time.)
> E.g. I use the (C)ustom layout which *clearly indicates* its one-(C)har
> shortcut.
> Other prompts, like my diff(1)ed one, *do not*.
>
> Change my mind.
>
> Now, gi
Alexander Klimov wrote:
> First of all, my compliment.
> The installer is already quite ergonomic (for a CLI ;) ).
> But there are the following two little diff(1)s standing
> between it and its perfection IMAO.
>
>
> --- distrib/miniroot/install.sub.orig Thu May 18 12:37:52 2023
> +++ distri
Alexander Klimov wrote:
> --- distrib/miniroot/install.sub.orig Thu May 18 12:37:52 2023
> +++ distrib/miniroot/install.subThu May 18 12:44:49 2023
> @@ -2306,15 +2306,15 @@
> [[ $START_SSHD == y ]] || return
>
> if [[ -z $ADMIN ]]; then
> echo "Since no
No.
First of all, because there is no justification.
Secondly, because it is not documented.
But thirdly, because we keep shit simple so that people don't build
their own stuff on top of our infrastructure, so that if we feel the
need to change/break our own infrastructure we don't need to give
Yuichiro NAITO wrote:
> 2. MTU 9000 is required for 10Gbps performance.
>
> The default MTU size 1500 is too small for 10Gbps link for now.
It is dangerous to give this suggestion without caveats. MTU over 1500
does not work on even small parts of the internet, and many people will
have
Omar Polo wrote:
> On 2023/05/10 09:30:12 +0200, Theo Buehler wrote:
> > > I forgot to include one off_t cast since it was in a different
> > > directory and -even if off topic because it's not in portable- instead
> > > of "const"-ify only tz why don't mark as const also the two arrays day
> >
> + (long long int)tv.tv_sec, tv.tv_usec,
Please do not use that form. (long long) is enough.
I am still not seeing any reason to change how OpenBSD works, since
noone else has ever been affected by this behaviour.
Juan Picca wrote:
> Hi Stuart
>
> > I'd suggest targetting the umask setting, either by giving all users
> > class 'staff' or adding a new one which inherits from default.
>
Well, now you get to own the consequences of your change, which is wrong.
You pointed a gun at your own foot. Have you noticed that noone else has
holes in their feet?
Juan Picca wrote:
> > I'm saying you will find this "problem" in 100 places, because the real
> > problem is your own change.
Christian Weisgerber wrote:
> Alexander Bluhm:
>
> > After enabling -fcf-protection=branch for the kernel, we have a new
> > .plt section in the kernel. It was not there before.
>
> Same issue in userland: At least /usr/lib/crt0.o and /usr/lib/crtbegin.o
> have grown .plt and .note.gnu.propert
It may still be better to add it to match the style. On i386, also.
It is quite surprising compiler behaviour to create a PLT for such .rodata..
Alexander Bluhm wrote:
> On Thu, Apr 20, 2023 at 05:21:37PM -0600, Theo de Raadt wrote:
> > I wonder if the same happens on arm64.
>
I'm saying you will find this "problem" in 100 places, because the real
problem is your own change.
Juan Picca wrote:
> On Thu, Apr 20, 2023 at 11:33:30PM -0600, Theo de Raadt wrote:
> > But this situation does not arise, not in this program, and not in 20 other
> >
But this situation does not arise, not in this program, and not in 20 other
daemons.
You changed something to cause this problem.
Juan Picca wrote:
> Force a standard umask in /sbin/resolvd/resolvd.c.
> If not done and the default mask is a restrictive one, /etc/resolv.conf
> ends up not readab
I wonder if the same happens on arm64.
Someone might want to try to do endbr32 on i386. It lacks a solid tail-CFI
(only stack-protector on some functions), mostly because retguard isn't possible
on the limited registers. So i386 would benefit from having a head CFI.
Thank you. That is correct.
Alexander Bluhm wrote:
> Hi,
>
> After enabling -fcf-protection=branch for the kernel, we have a new
> .plt section in the kernel. It was not there before.
>
> $ objdump -s .../snapshots/amd64/bsd
> ...
> 82048540 c7c13140 0682c9e9 c43646ff ..1@
Christian Weisgerber wrote:
> Mark Kettenis:
>
> > CVSROOT:/cvs
> > Module name:src
> > Changes by: kette...@cvs.openbsd.org2023/04/17 12:10:26
> >
> > Modified files:
> > gnu/llvm/clang/lib/Driver/ToolChains: Clang.cpp
> >
> > Log message:
> > Make -mbranch-protection
Yes, that is nice
Klemens Nanni wrote:
> '?' output could better distuingish from questions and other lines,
> like sets selection does with four leading spaces.
>
> ---
> Terminal type? [vt220]
> Available disks are: sd0.
> Which disk is the root disk? ('?' for details) [sd0] ?
> -sd0: Vir
Sebastien Marie wrote:
> For post-execution gmon.out extraction, an helper might be needed: ktrace.out
> could contain multiple gmon.out files.
kdump can be taught to generate the right file.
Mark Kettenis wrote:
> > +{
> > + int len;
> > +
> > + len = OF_getprop(handle, prop, buf, buflen);
> > + if (buflen > 0)
> > + buf[min(len, buflen - 1)] = '\0';
> > +
> > + return (len);
>
I've mailed dlg seperately, but will raise it here also.
If buflen is 0, then why call
Florian Obser wrote:
> On 2023-04-07 10:51 -04, Dave Voutila wrote:
> > In vmd, the vmm process forks to create the resulting vm process. After
> > this fork, the vmm parent process closes all the file descriptors
> > pointing to the vm's devices (cdrom, kernel, disks, nics, etc.).
> >
> > The l
Claudio Jeker wrote:
> On Fri, Apr 07, 2023 at 04:53:52PM +1000, David Gwynne wrote:
> > ethernet interfaces in device trees can have a "label" property which
> > is generally used (when it is used) to identify which connector it is on
> > the case or something like that. eg, eth2 in the turris o
1 - 100 of 1095 matches
Mail list logo
