Re: CVS commit: src/sys/arch/xen/x86

2016-08-07 Thread Cherry G. Mathew 
On 2 August 2016 at 19:51, Maxime Villard  wrote:

> Module Name:src
> Committed By:   maxv
> Date:   Tue Aug  2 14:21:53 UTC 2016
>
> Modified Files:
> src/sys/arch/xen/x86: x86_xpmap.c
>
> Log Message:
> Map the kernel text, rodata and data+bss independently on Xen, with
> respectively RX, R and RW.
>
>
>
Hi - wondering why you're getting more divergence from generic x86 - is
there a way to do this (and the pg_nx stuff for eg:) without having to
special case this in Xen ?

-- 
~~Cherry

Re: CVS commit: src/sys/arch/amd64/conf

2016-08-07 Thread Christos Zoulas 
will do.

christos

re: CVS commit: src/sys/arch/amd64/conf

2016-08-07 Thread matthew green 
"Christos Zoulas" writes:
> Module Name:  src
> Committed By: christos
> Date: Sun Aug  7 10:39:59 UTC 2016
> 
> Modified Files:
>   src/sys/arch/amd64/conf: MODULAR
> 
> Log Message:
> Use "-no" and add more cloners.

please bump the config version and the minimum required config version.

thanks.


.mrg.

ps:  since we stopped failing on "no options" that don't exist, i'd
actually be more inclined to simply make "no device " work as the
same by default than add this (either way, the version matters.)

Re: CVS commit: src/sys

2016-08-07 Thread Maxime Villard 

Le 06/08/2016 à 17:13, Maxime Villard a écrit :

Module Name:src
Committed By:   maxv
Date:   Sat Aug  6 15:13:14 UTC 2016

Modified Files:
src/sys/compat/linux32/common: linux32_exec_elf32.c
src/sys/compat/netbsd32: netbsd32_exec_aout.c netbsd32_exec_elf32.c
src/sys/kern: kern_exec.c
src/sys/sys: exec.h
src/sys/uvm: uvm_map.c

Log Message:
The way the kernel tries to prevent a userland process from allocating page
zero is hugely flawed. It is easy to demonstrate that one can trick UVM
into chosing a NULL hint after the user_va0_disable check from uvm_map.


*choosing


Such a bypass allows kernel NULL pointer dereferences to be exploitable on
architectures with a shared userland<->kernel VA, like amd64.

Fix this by increasing the limit of the vm space made available for
userland processes. This way, UVM will never chose a NULL hint, since it


*choose