openbsd changes of note 624
Saving up a bunch of changes for a very special treat.
Randomize link order of objects in the kernel. Full commit message.
Backout futex support in librthread for a minute, then put it back. Not a particularly interesting change, but made possible by the fact that librthread is ABI opaque, a property inherited from its predecessor, libpthread. Functions like pthread_mutex_lock take a pointer to a pthread_mutex_t, which is itself actually a pointer, not a struct. It’s possible to remove a layer of indirection (and maybe even desirable to do so) by making the mutex type a struct, but this means that any change to the size of this structure requires relinking all programs with a new version of the library. This has been on the todo list for a long time now, but at the very, very bottom, after we’re certain all the other changes are done.
Start plugging some leaks. Compile kernels with umask 007. Install them minus read permissions.
Pure preprocessor implementation of the roff .ec and .eo requests, though you are warned that very bad things will happen to anybody trying to use these macros in OpenBSD manuals.
Some tmux changes: Support SIGUSR2 to stop and start logging for an existing server. Be more strict about escape sequences that rename windows or set titles. Add a timeout to prevent the sequences which wait for a specific terminator waiting forever and locking up the pane.
Random linking for arm64. And octeon. And alpha. And hppa. There’s some variation by platform, because every architecture has the kernel loaded with different flavors of initial physical and virtual mappings. And landisk. And loongson. And sgi. And macppc. And a gap file for sparc64, but nobody yet dares split locore. And arm7.
Errata for perl File::Path race condition.
Enable -fwrapv by default with clang to treat signed integer overflows as defined. There’s still a lot of code which assumes overflow works in predictable ways. Tracking it all down and adding -fwrapv to hundreds of makefiles only means some programs will inevitably be missed.
Rewrite the xbf driver to handle 64kb transfers. Interesting fact: the kernel defines a MAXPHYS value to be 64K, which is actually kind of a minimum: it’s the transfer size that a disk device must support. From the filesystem side, it’s the maximum request it can issue with a guarantee that the request will succeed (barring extreme hardware failure). The xbf driver was limiting reads to 44K, which made the filesystem code sad.
Implement simulated baudrate support in the vmd ns8250 module. Some details here. Interesting bug where running simulated hardware too fast made it look like the hardware was broken. For a bit more detail, the problem is that after sending a character, Linux waits for an interrupt that transmission is done. vmd would complete the transfer instantly, thus the interrupt would remain asserted. Linux knows that working hardware should not be able to transmit 512 bytes without pause, and assumes if this happens that something must be broken.
Some fixes for potential link attacks against cron.
Add pledge violations to acct reporting.
Contrary to the manual, since corrected, monop doesn’t actually permit single player games.
Fix some bugs involving the creation of very large softraid crypto volumes.
Take random linking to the next stage. More about KARL - kernel address randomized link. As noted, a few difficulties with hibernate and such, but the plan is coming together. Add a new function reorder_kernel() that relinks and installs the new kernel in the background on system startup. Add support for the bootblocks to detect hibernate and boot the previous kernel.
Cluster readahead for msdosfs is back out.
More mandoc features for roff compat.
Fixes and improvements to pool, specifically pool cache, to be more efficient and easier to return memory to the system. Or something. I kinda lost track of what’s going on in pool these days, but it sure sounds cool. There is now a man page for pool_cache_init to read.
Port the RBT code to userland by making it part of libc. There are two copies of red-black tree code, the older pure macro RB code and the newer part macro, part function code. The new implementation generates smaller binaries by reducing duplication.
Remove the poorly described “stuff” from ksh.
Replace usage of TIOCSTI in csh using a more common IO loop. Kind of like the stuff in ksh, but part of the default command line editing and parsing code, csh would read too many characters, then send the ones it didn’t like back into the terminal. Which is weird, right? Also, more importantly, eliminating the code that uses TIOCSTI to inject characters into ttys means that maybe TIOCSTI can be removed.
Update to freetype-2.8.
Revamp some of the authentication logging in ssh.
Split the -Wstyle warning in mandoc into system specific and generic warnings. Not every man page is written specifically for OpenBSD, but that’s no reason for it not to use good style.
Assert that the corresponding socket is locked when manipulating socket buffers. A step towards unlocking the TCP input path.
Add a verbose flag to rm so you can panic immediately upon seeing it delete the wrong file instead of waiting to discover your mistake after the fact.
Some rework of makefiles to eliminate the extra depend step. Dependencies can be calculated while compiling the source instead. Should be a bit faster since it can run in parallel now and also eliminates a few possible user errors.
The file command no longer needs an elaborate privilege separation design since the introduction of pledge.
Go ahead and remove TIOCSTI.
Update libexpat to version 2.2.1 which has some security fixes. Never trust an expat, that’s my motto.
Update inteldrm to code based on Linux 4.4.70. This brings us support for Skylake and Cherryview and better support for Broadwell and Valleyview. Also adds MST support. Fun times for people with newish laptops.