Module Name: src Committed By: bouyer Date: Thu Aug 31 08:32:39 UTC 2017
Modified Files: src/lib/libpthread [netbsd-8]: TODO pthread.c pthread_attr.c pthread_attr_getguardsize.3 pthread_int.h src/sys/arch/amd64/include [netbsd-8]: vmparam.h src/sys/arch/i386/include [netbsd-8]: vmparam.h src/sys/arch/mips/include [netbsd-8]: vmparam.h src/sys/arch/powerpc/include [netbsd-8]: vmparam.h src/sys/arch/riscv/include [netbsd-8]: vmparam.h src/sys/kern [netbsd-8]: exec_subr.c src/sys/uvm [netbsd-8]: uvm_meter.c uvm_param.h src/tests/lib/libpthread [netbsd-8]: t_join.c Log Message: Pull up following revision(s) (requested by joerg in ticket #234): sys/arch/amd64/include/vmparam.h: revision 1.43 sys/kern/exec_subr.c: revision 1.79 lib/libpthread/pthread_int.h: revision 1.94 sys/arch/mips/include/vmparam.h: revision 1.58 sys/arch/mips/include/vmparam.h: revision 1.59 lib/libpthread/TODO: revision 1.19 sys/arch/powerpc/include/vmparam.h: revision 1.20 sys/arch/riscv/include/vmparam.h: revision 1.2 sys/arch/riscv/include/vmparam.h: revision 1.3 sys/arch/i386/include/vmparam.h: revision 1.85 tests/lib/libpthread/t_join.c: revision 1.9 sys/uvm/uvm_meter.c: revision 1.66 sys/uvm/uvm_param.h: revision 1.36 sys/kern/exec_subr.c: revision 1.80 sys/uvm/uvm_param.h: revision 1.37 sys/kern/exec_subr.c: revision 1.81 sys/kern/exec_subr.c: revision 1.82 lib/libpthread/pthread_attr_getguardsize.3: revision 1.4 lib/libpthread/pthread.c: revision 1.148 lib/libpthread/pthread_attr.c: revision 1.17 sys/arch/amd64/include/vmparam.h: revision 1.42 Always include a 1MB guard area beyond the end of stack. While ASLR will normally create a guard area as well, this provides a deterministic area for all binaries. Mitigates the rest of CVE-2017-1000374 and CVE-2017-1000375 from Qualys. Revert for the moment, creates problems on i386. Recommit exec_subr.c revision 1.79: Always include a 1MB guard area beyond the end of stack. While ASLR will normally create a guard area as well, this provides a deterministic area for all binaries. Mitigates the rest of CVE-2017-1000374 and CVE-2017-1000375 from Qualys. Additionally, change VM_DEFAULT_ADDRESS_TOPDOWN to include user_stack_guard_size in the size reservation. Update VM_DEFAULT_ADDRESS32_TOPDOWN to include guard area. Export the guard size of the main thread via vm.guard_size. Add a complementary writable sysctl for the initial guard size of threads created via pthread_create. Let the existing attribut accessors do the right thing. Raise the default guard size for threads to 64KB. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.18.4.1 src/lib/libpthread/TODO cvs rdiff -u -r1.147.8.2 -r1.147.8.3 src/lib/libpthread/pthread.c cvs rdiff -u -r1.16 -r1.16.24.1 src/lib/libpthread/pthread_attr.c cvs rdiff -u -r1.3 -r1.3.8.1 src/lib/libpthread/pthread_attr_getguardsize.3 cvs rdiff -u -r1.93 -r1.93.4.1 src/lib/libpthread/pthread_int.h cvs rdiff -u -r1.39 -r1.39.6.1 src/sys/arch/amd64/include/vmparam.h cvs rdiff -u -r1.84 -r1.84.6.1 src/sys/arch/i386/include/vmparam.h cvs rdiff -u -r1.57 -r1.57.8.1 src/sys/arch/mips/include/vmparam.h cvs rdiff -u -r1.19 -r1.19.12.1 src/sys/arch/powerpc/include/vmparam.h cvs rdiff -u -r1.1 -r1.1.12.1 src/sys/arch/riscv/include/vmparam.h cvs rdiff -u -r1.78.2.2 -r1.78.2.3 src/sys/kern/exec_subr.c cvs rdiff -u -r1.65 -r1.65.10.1 src/sys/uvm/uvm_meter.c cvs rdiff -u -r1.35 -r1.35.10.1 src/sys/uvm/uvm_param.h cvs rdiff -u -r1.8 -r1.8.24.1 src/tests/lib/libpthread/t_join.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.