freebsd-skq/sys
bz bc660fe08f Add a mitigation feature that will prevent user mappings at
virtual address 0, limiting the ability to convert a kernel
NULL pointer dereference into a privilege escalation attack.

If the sysctl is set to 0 a newly started process will not be able
to map anything in the address range of the first page (0 to PAGE_SIZE).
This is the default. Already running processes are not affected by this.

You can either change the sysctl or the tunable from loader in case
you need to map at a virtual address of 0, for example when running
any of the extinct species of a set of a.out binaries, vm86 emulation, ..
In that case set security.bsd.map_at_zero="1".

Superseeds:		r197537
In collaboration with:	jhb, kib, alc
2009-10-02 17:48:51 +00:00
..
amd64 As a workaround, for Intel CPUs, do not use CLFLUSH in 2009-10-01 12:52:48 +00:00
arm Remove performance counter headers. This code came from NetBSD, but our 2009-10-02 11:10:05 +00:00
boot lindev(4) [1] is supposed to be a collection of linux-specific pseudo 2009-09-26 12:45:28 +00:00
bsm Add audit events for process descriptor system calls, which will appear in 2009-09-29 21:25:59 +00:00
cam Report SATA 3.x devices. 2009-09-27 20:50:54 +00:00
cddl Return EOPNOTSUPP instead of EINVAL when doing chflags(2) over an old 2009-10-01 18:58:26 +00:00
compat Regenerate system call files following r197636. 2009-09-30 08:48:59 +00:00
conf Fix build nfscl and/or nfsd. 2009-10-02 12:47:01 +00:00
contrib Use __FBSDID to embed RCS ID. 2009-09-21 08:37:57 +00:00
crypto Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(), 2009-05-27 09:52:12 +00:00
ddb Put square backets ([]) around process names for system processes to patch 2009-10-01 19:12:14 +00:00
dev EHCI Hardware BUG workaround 2009-10-01 18:37:16 +00:00
fs Provide default implementation for VOP_ACCESS(9), so that filesystems which 2009-10-01 17:22:03 +00:00
gdb
geom The first 96 bytes may not be zeroes. It can contain trivial boot 2009-09-28 23:52:47 +00:00
gnu Fix the build by using proper format. 2009-06-25 16:48:13 +00:00
i386 make read_eflags and write_eflags accomplish the same effect on PVM as native, 2009-10-01 22:05:38 +00:00
ia64 Add a new sysctl for reporting all of the supported page sizes. 2009-09-18 17:04:57 +00:00
isa Tweak the way that the ACPI and ISA bus drivers match hint devices to 2009-08-24 21:51:46 +00:00
kern Add a mitigation feature that will prevent user mappings at 2009-10-02 17:48:51 +00:00
kgssapi When the KOBJMETHOD() macro was updated, it resulted in the 2009-06-14 17:33:46 +00:00
libkern done method is supposed to return int. 2009-06-22 22:09:18 +00:00
mips Add a new sysctl for reporting all of the supported page sizes. 2009-09-18 17:04:57 +00:00
modules Compile ACPI debugger and disassembler for kernel modules unconditionally. 2009-10-01 20:56:15 +00:00
net The flow-table associates TCP/UDP flows and IP destinations with 2009-10-01 20:32:29 +00:00
net80211 Update 802.11s mesh support to draft 3.03. This includes a revised frame 2009-09-22 18:18:14 +00:00
netatalk Reverse misordered unlock and lock in at_control for netatalk phase I 2009-08-12 10:44:13 +00:00
netgraph Get those pesky RFCOMM RPM data bits right. This is likely a noop. 2009-09-10 23:30:13 +00:00
netinet Remove a log message from production code. This log message can be 2009-10-02 01:45:11 +00:00
netinet6 Enable adding a link-local address even if ND6_IFF_IFDISABLED. 2009-10-02 07:00:20 +00:00
netipsec Changed an IPSEC_ASSERT to a simple test, as such invalid packets 2009-10-01 15:33:53 +00:00
netipx Use queue(9) instead of hand-crafted link lists for the global IPX 2009-06-24 20:57:50 +00:00
netnatm Reimplement the netisr framework in order to support parallel netisr 2009-06-01 10:41:38 +00:00
netncp
netsmb Don't print out a message on loading a module. 'kldload -v' and 'kldstat 2009-09-10 18:33:08 +00:00
nfs Revert rev 192323 (nfs_common.c only): 2009-07-12 03:53:52 +00:00
nfsclient Reverting the previous change for now. Some users reports the patch 2009-09-15 22:09:42 +00:00
nfsserver Ensure that tv_sec is between INT32_MIN and INT32_MAX, so ZFS won't object. 2009-09-26 18:23:16 +00:00
nlm Since svc_[dg|vc|tli|tp]_create() did not hold a reference count on the 2009-06-17 22:50:26 +00:00
opencrypto If crypto operation is finished with EAGAIN, don't repeat operation from 2009-09-04 09:48:18 +00:00
pc98 MFi386: revision 197653 2009-10-01 10:46:22 +00:00
pci intpm/sb700: force polling mode if configured interrupt is SMI 2009-09-19 08:56:28 +00:00
powerpc Add a new sysctl for reporting all of the supported page sizes. 2009-09-18 17:04:57 +00:00
rpc Set the prison in NFS anon and GSS SVC creds (as I indended to in r197581). 2009-09-28 18:55:29 +00:00
security Having thrown the cat out of the house, add a necessary include. 2009-09-08 13:24:36 +00:00
sparc64 Merge r194204 from amd64/i386: 2009-09-25 17:08:51 +00:00
sun4v Add a new sysctl for reporting all of the supported page sizes. 2009-09-18 17:04:57 +00:00
sys Reserve numbers for XScale. 2009-10-02 11:14:12 +00:00
teken Add support for VT200-style mouse input. 2009-09-27 18:19:41 +00:00
tools - Increase dynamic range of filter coefficients from 28bit to 30bit. 2009-07-05 18:15:06 +00:00
ufs Don't build ufs_gjournal.c at all if UFS_GJOURNAL option is not given 2009-09-22 16:22:05 +00:00
vm Move the annotation for vm_map_startup() immediately before the function. 2009-10-01 12:48:35 +00:00
xdr Add a check for a NULL mbuf ptr at the beginning of xdrmbuf_inline() 2009-08-12 16:27:51 +00:00
xen Temporarily revert the new-bus locking for 8.0 release. It will be 2009-08-20 19:17:53 +00:00
Makefile