Clear BTYPE bits when setting up a signal handler and when handling a
PT_CONTINUE ptrace(2) request. Otherwise we would trap if userland was
interrupted at a point where it is doing an indirect branch that has set
the bits but before it has executed the BTI instruction at the branch
target.

The PT_SETREGS request may need similar treatment, at least when the
PC is changed. But Linux doesn't do this and debuggers might want full
control over the BTYPE bits. So leave this alone for now.

ok guenther@

Change sendsig() interface so that the MD code does not need to access
data from struct process anymore. This changes how siginfo and onstack
are accessed and make sendsig() more MP friendly.
With and OK semarie@ OK kettenis@

In case of failure, call sigexit() from trapsignal instead of sensig().

Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.

ok cheloha@, deraadt@

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Arm64 compilers like many others anymore will use floating point registers
for non-foating point data, so it is important that FPU state be
saved and restored when a signal is delivered.

This diff that performs a save and restore of all of the floating point
registers (not just the callee save registers). It is added to sigcode
running in userland instead of into the kernel with copyin()/copyout()
similar to the code in powerpc (macppc) locore.S

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

Fix an off by one when saving and restoring an array of registers.
ok patrick@

Import of OpenBSD/arm64

This commit contains all the kernel files related to the OpenBSD/arm64
port. It is based on the PowerPC pmap, loongson, arm/armv7 code and
FreeBSD aarch64 code. Hard work done by Dale Rahn.

Change sendsig() interface so that the MD code does not need to access
data from struct process anymore. This changes how siginfo and onstack
are accessed and make sendsig() more MP friendly.
With and OK semarie@ OK kettenis@

In case of failure, call sigexit() from trapsignal instead of sensig().

Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.

ok cheloha@, deraadt@

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Arm64 compilers like many others anymore will use floating point registers
for non-foating point data, so it is important that FPU state be
saved and restored when a signal is delivered.

This diff that performs a save and restore of all of the floating point
registers (not just the callee save registers). It is added to sigcode
running in userland instead of into the kernel with copyin()/copyout()
similar to the code in powerpc (macppc) locore.S

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

Fix an off by one when saving and restoring an array of registers.
ok patrick@

Import of OpenBSD/arm64

This commit contains all the kernel files related to the OpenBSD/arm64
port. It is based on the PowerPC pmap, loongson, arm/armv7 code and
FreeBSD aarch64 code. Hard work done by Dale Rahn.

In case of failure, call sigexit() from trapsignal instead of sensig().

Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.

ok cheloha@, deraadt@

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Arm64 compilers like many others anymore will use floating point registers
for non-foating point data, so it is important that FPU state be
saved and restored when a signal is delivered.

This diff that performs a save and restore of all of the floating point
registers (not just the callee save registers). It is added to sigcode
running in userland instead of into the kernel with copyin()/copyout()
similar to the code in powerpc (macppc) locore.S

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

Fix an off by one when saving and restoring an array of registers.
ok patrick@

Import of OpenBSD/arm64

This commit contains all the kernel files related to the OpenBSD/arm64
port. It is based on the PowerPC pmap, loongson, arm/armv7 code and
FreeBSD aarch64 code. Hard work done by Dale Rahn.

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Arm64 compilers like many others anymore will use floating point registers
for non-foating point data, so it is important that FPU state be
saved and restored when a signal is delivered.

This diff that performs a save and restore of all of the floating point
registers (not just the callee save registers). It is added to sigcode
running in userland instead of into the kernel with copyin()/copyout()
similar to the code in powerpc (macppc) locore.S

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

Fix an off by one when saving and restoring an array of registers.
ok patrick@

Import of OpenBSD/arm64

This commit contains all the kernel files related to the OpenBSD/arm64
port. It is based on the PowerPC pmap, loongson, arm/armv7 code and
FreeBSD aarch64 code. Hard work done by Dale Rahn.

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Arm64 compilers like many others anymore will use floating point registers
for non-foating point data, so it is important that FPU state be
saved and restored when a signal is delivered.

This diff that performs a save and restore of all of the floating point
registers (not just the callee save registers). It is added to sigcode
running in userland instead of into the kernel with copyin()/copyout()
similar to the code in powerpc (macppc) locore.S

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

Fix an off by one when saving and restoring an array of registers.
ok patrick@

Import of OpenBSD/arm64

This commit contains all the kernel files related to the OpenBSD/arm64
port. It is based on the PowerPC pmap, loongson, arm/armv7 code and
FreeBSD aarch64 code. Hard work done by Dale Rahn.

Arm64 compilers like many others anymore will use floating point registers
for non-foating point data, so it is important that FPU state be
saved and restored when a signal is delivered.

This diff that performs a save and restore of all of the floating point
registers (not just the callee save registers). It is added to sigcode
running in userland instead of into the kernel with copyin()/copyout()
similar to the code in powerpc (macppc) locore.S

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

Fix an off by one when saving and restoring an array of registers.
ok patrick@

Import of OpenBSD/arm64

This commit contains all the kernel files related to the OpenBSD/arm64
port. It is based on the PowerPC pmap, loongson, arm/armv7 code and
FreeBSD aarch64 code. Hard work done by Dale Rahn.