Module Name: src Committed By: maxv Date: Sat Sep 26 16:33:16 UTC 2015
Modified Files: src/sys/arch/alpha/conf: GENERIC src/sys/arch/amd64/conf: ALL src/sys/arch/evbarm64/conf: A64EMUL src/sys/arch/i386/conf: ALL src/sys/arch/shark/conf: GENERIC Log Message: Disable PAX_SEGVGUARD. We actually have a big problem: the fileassocs are never deleted. Therefore, if a user generates a lot of buggy binaries and launches them all, the kernel will allocate memory again again and again for all these entries and will never free them (unless the files are deleted from the disk). Which means that a user can too easily put the kernel under memory pressure. To generate a diff of this commit: cvs rdiff -u -r1.365 -r1.366 src/sys/arch/alpha/conf/GENERIC cvs rdiff -u -r1.30 -r1.31 src/sys/arch/amd64/conf/ALL cvs rdiff -u -r1.4 -r1.5 src/sys/arch/evbarm64/conf/A64EMUL cvs rdiff -u -r1.395 -r1.396 src/sys/arch/i386/conf/ALL cvs rdiff -u -r1.122 -r1.123 src/sys/arch/shark/conf/GENERIC Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/arch/alpha/conf/GENERIC diff -u src/sys/arch/alpha/conf/GENERIC:1.365 src/sys/arch/alpha/conf/GENERIC:1.366 --- src/sys/arch/alpha/conf/GENERIC:1.365 Sat Aug 8 06:36:24 2015 +++ src/sys/arch/alpha/conf/GENERIC Sat Sep 26 16:33:16 2015 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.365 2015/08/08 06:36:24 maxv Exp $ +# $NetBSD: GENERIC,v 1.366 2015/09/26 16:33:16 maxv Exp $ # # This machine description file is used to generate the default NetBSD # kernel. @@ -19,7 +19,7 @@ include "arch/alpha/conf/std.alpha" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "GENERIC-$Revision: 1.365 $" +ident "GENERIC-$Revision: 1.366 $" maxusers 32 @@ -789,5 +789,4 @@ pseudo-device putter # for puffs and p #options VERIFIED_EXEC_FP_MD5 options PAX_MPROTECT=0 # PaX mprotect(2) restrictions -#options PAX_SEGVGUARD=0 # PaX Segmentation fault guard options PAX_ASLR=0 # PaX Address Space Layout Randomization Index: src/sys/arch/amd64/conf/ALL diff -u src/sys/arch/amd64/conf/ALL:1.30 src/sys/arch/amd64/conf/ALL:1.31 --- src/sys/arch/amd64/conf/ALL:1.30 Sat Aug 8 06:36:24 2015 +++ src/sys/arch/amd64/conf/ALL Sat Sep 26 16:33:16 2015 @@ -1,4 +1,4 @@ -# $NetBSD: ALL,v 1.30 2015/08/08 06:36:24 maxv Exp $ +# $NetBSD: ALL,v 1.31 2015/09/26 16:33:16 maxv Exp $ # From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp # # ALL machine description file @@ -17,7 +17,7 @@ include "arch/amd64/conf/std.amd64" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "ALL-$Revision: 1.30 $" +#ident "ALL-$Revision: 1.31 $" maxusers 64 # estimated number of users @@ -1633,7 +1633,7 @@ options VERIFIED_EXEC_FP_MD5 options PAX_MPROTECT=0 # PaX mprotect(2) restrictions options PAX_ASLR=0 # PaX Address Space Layout Randomization -options PAX_SEGVGUARD=0 # PaX Segmentation fault guard +#options PAX_SEGVGUARD=0 # PaX Segmentation fault guard # # NetBSD: GENERIC_ISDN,v 1.16 2010/01/03 03:53:34 dholland Exp Index: src/sys/arch/evbarm64/conf/A64EMUL diff -u src/sys/arch/evbarm64/conf/A64EMUL:1.4 src/sys/arch/evbarm64/conf/A64EMUL:1.5 --- src/sys/arch/evbarm64/conf/A64EMUL:1.4 Wed Aug 12 07:53:57 2015 +++ src/sys/arch/evbarm64/conf/A64EMUL Sat Sep 26 16:33:16 2015 @@ -1,4 +1,4 @@ -# $NetBSD: A64EMUL,v 1.4 2015/08/12 07:53:57 maxv Exp $ +# $NetBSD: A64EMUL,v 1.5 2015/09/26 16:33:16 maxv Exp $ # # This machine description file is used to generate the default NetBSD # kernel. @@ -19,7 +19,7 @@ include "arch/evbarm64/conf/std.a64emul options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "A64EMUL-$Revision: 1.4 $" +ident "A64EMUL-$Revision: 1.5 $" maxusers 32 @@ -267,5 +267,4 @@ pseudo-device putter # for puffs and p #options VERIFIED_EXEC_FP_MD5 #options PAX_MPROTECT=0 # PaX mprotect(2) restrictions -#options PAX_SEGVGUARD=0 # PaX Segmentation fault guard #options PAX_ASLR=0 # PaX Address Space Layout Randomization Index: src/sys/arch/i386/conf/ALL diff -u src/sys/arch/i386/conf/ALL:1.395 src/sys/arch/i386/conf/ALL:1.396 --- src/sys/arch/i386/conf/ALL:1.395 Sat Sep 26 11:16:12 2015 +++ src/sys/arch/i386/conf/ALL Sat Sep 26 16:33:16 2015 @@ -1,4 +1,4 @@ -# $NetBSD: ALL,v 1.395 2015/09/26 11:16:12 maxv Exp $ +# $NetBSD: ALL,v 1.396 2015/09/26 16:33:16 maxv Exp $ # From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp # # ALL machine description file @@ -17,7 +17,7 @@ include "arch/i386/conf/std.i386" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "ALL-$Revision: 1.395 $" +#ident "ALL-$Revision: 1.396 $" maxusers 64 # estimated number of users @@ -1823,7 +1823,7 @@ options VERIFIED_EXEC_FP_MD5 options PAX_MPROTECT=0 # PaX mprotect(2) restrictions options PAX_ASLR=0 # PaX Address Space Layout Randomization -options PAX_SEGVGUARD=0 # PaX Segmentation fault guard +#options PAX_SEGVGUARD=0 # PaX Segmentation fault guard # # NetBSD: GENERIC_ISDN,v 1.16 2010/01/03 03:53:34 dholland Exp Index: src/sys/arch/shark/conf/GENERIC diff -u src/sys/arch/shark/conf/GENERIC:1.122 src/sys/arch/shark/conf/GENERIC:1.123 --- src/sys/arch/shark/conf/GENERIC:1.122 Sat Aug 8 06:36:26 2015 +++ src/sys/arch/shark/conf/GENERIC Sat Sep 26 16:33:16 2015 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.122 2015/08/08 06:36:26 maxv Exp $ +# $NetBSD: GENERIC,v 1.123 2015/09/26 16:33:16 maxv Exp $ # # Generic Shark configuration. # @@ -7,7 +7,7 @@ include "arch/shark/conf/std.shark" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.122 $" +#ident "GENERIC-$Revision: 1.123 $" # estimated number of users maxusers 32 @@ -330,5 +330,4 @@ pseudo-device putter # for puffs and p #options VERIFIED_EXEC_FP_MD5 options PAX_MPROTECT=0 # PaX mprotect(2) restrictions -#options PAX_SEGVGUARD=0 # PaX Segmentation fault guard options PAX_ASLR=0 # PaX Address Space Layout Randomization