Commit graph

260 commits

Author SHA1 Message Date
David van Moolenbroek
e4d99eb9b0 Basic live rerandomization infrastructure
This commits adds a basic infrastructure to support Address Space
Randomization (ASR).  In a nutshell, using the already imported ASR
LLVM pass, multiple versions can be generated for the same system
service, each with a randomized, different address space layout.
Combined with the magic instrumentation for state transfer, a system
service can be live updated into another ASR-randomized version at
runtime, thus providing live rerandomization.

Since MINIX3 is not yet capable of running LLVM linker passes, the
ASR-randomized service binaries have to be pregenerated during
crosscompilation.  These pregenerated binaries can then be cycled
through at runtime.  This patch provides the basic proof-of-concept
infrastructure for both these parts.

In order to support pregeneration, the clientctl host script has
been extended with a "buildasr" command.  It is to be used after
building the entire system with bitcode and magic support, and will
produce a given number of ASR-randomized versions of all system
services.  These services are placed in /usr/service/asr in the
image that is generated as final step by the "buildasr" command.

In order to support runtime updating, a new update_asr(8) command
has been added to MINIX3.  This command attempts to live-update the
running system services into their next ASR-randomized versions.
For now, this command is not run automatically, and thus must be
invoked manually.

Technical notes:

- For various reasons, magic instrumentation is x86-only for now,
  and ASR functionality is therefore to be used on x86 only as well.
- The ASR-randomized binaries are placed in numbered subdirectories
  so as not to have to change their actual program names, which are
  assumed to be static in various places (system.conf, procfs).
- The root partition is typically too small to contain all the
  produced binaries, which is why we introduce /usr/service.  There
  is a symlink from /service/asr to /usr/service/asr for no other
  reason than to let userland continue to assume that all services
  are reachable through /service.
- The ASR count field (r_asr_count/ASRcount) maintained by RS is not
  used within RS in any way; it is only passed through procfs to
  userland in order to allow update_asr(8) to keep track of which
  version is currently loaded without having to maintain own state.
- Ideally, pre-instrumentation linking of a service would remove all
  its randomized versions.  Currently, the user is assumed not to
  perform ASR instrumentation and then recompile system services
  without performing ASR instrumentation again, as the randomized
  binaries included in the image would then be stale.  This aspect
  has to be improved later.
- Various other issues are flagged in the comments of the various
  parts of this patch.

Change-Id: I093ad57f31c18305591f64b2d491272288aa0937
2015-09-17 17:15:03 +00:00
Erik van der Kouwe
63a89582ab x86_hdimage: increase image size for bitcode build
Make disk image size sufficient for LLVM bitcode build with symbols.

Edited by David van Moolenbroek to do this only when -b is given.

Change-Id: I3bde164756c477b4af5ed9435ca03da3b186cf7e
2015-09-17 13:55:38 +00:00
Lionel Sambuc
d8d3052dd0 QEMU default command lines updates
- Fix a bug in clientctl which tried to test for kvm. This simply
   remove this faulty test  as the kvm command has been deprecated by the
   QEMU project for a couple of years now.

 - Specify by default 256M of RAM as this is the minimal amount required
   for the whole-OS live update test to succeed.

 - Update the default command printed out at the end of the x86_hdimage
   script to be more generic, less focused on one use-case.

Change-Id: Ic555d50a3a1471f7d35cc7fd369f2292add6ac39
2015-09-17 13:51:14 +00:00
Cristiano Giuffrida
f8ddf7c81d releasetools: Fix CREATE_IMAGE_ONLY in x86 hdimage script.
Change-Id: Ie1c8dbedc16b8edac16f5b76b36df30b3a4eddb1
2015-09-17 13:51:02 +00:00
David van Moolenbroek
da21d85025 Add PTYFS, Unix98 pseudo terminal support
This patch adds support for Unix98 pseudo terminals, that is,
posix_openpt(3), grantpt(3), unlockpt(3), /dev/ptmx, and /dev/pts/.
The latter is implemented with a new pseudo file system, PTYFS.

In effect, this patch adds secure support for unprivileged pseudo
terminal allocation, allowing programs such as tmux(1) to be used by
non-root users as well.  Test77 has been extended with new tests, and
no longer needs to run as root.

The new functionality is optional.  To revert to the old behavior,
remove the "ptyfs" entry from /etc/fstab.

Technical nodes:

o The reason for not implementing the NetBSD /dev/ptm approach is that
  implementing the corresponding ioctl (TIOCPTMGET) would require
  adding a number of extremely hairy exceptions to VFS, including the
  PTY driver having to create new file descriptors for its own device
  nodes.

o PTYFS is required for Unix98 PTYs in order to avoid that the PTY
  driver has to be aware of old-style PTY naming schemes and even has
  to call chmod(2) on a disk-backed file system.  PTY cannot be its
  own PTYFS since a character driver may currently not also be a file
  system.  However, PTYFS may be subsumed into a DEVFS in the future.

o The Unix98 PTY behavior differs somewhat from NetBSD's, in that
  slave nodes are created on ptyfs only upon the first call to
  grantpt(3).  This approach obviates the need to revoke access as
  part of the grantpt(3) call.

o Shutting down PTY may leave slave nodes on PTYFS, but once PTY is
  restarted, these leftover slave nodes will be removed before they
  create a security risk.  Unmounting PTYFS will make existing PTY
  slaves permanently unavailable, and absence of PTYFS will block
  allocation of new Unix98 PTYs until PTYFS is (re)mounted.

Change-Id: I822b43ba32707c8815fd0f7d5bb7a438f51421c1
2015-06-23 17:43:46 +00:00
Lionel Sambuc
426224bbc6 release.sh: Support preinstalled package selection
This allows to both override the default package repository and
preinstalled packages list from the command line or the environment.

Also use everywhere PACKAGEURL.

Change-Id: I3434ff53be769f8d0f890bb5fb44521a0017e123
2015-03-20 11:17:24 +01:00
Lionel Sambuc
6c30d22a56 Allow u-boot repository URL to be overridden
This allows the URL used to clone our specific version of u-boot to be
specified in the environment, instead of being hard-coded.

This new flexibility will be required by the new Continuous Integration
infrastructure, whose test nodes are in a network without direct
internet access.

Change-Id: I7440b5bba6786f979623b4509111e4e99c6558f6
2015-02-05 14:04:31 +01:00
Ben Gras
5ae1a533c7 ARM: can build with llvm, switch to EABI
. bitcode fixes
	. switch to compiler-rt instead of netbsd libc functions
	  or libgcc for support functions for both x86 and arm
	. minor build fixes
	. allow  build with llvm without crossbuilding llvm itself
	. can now build minix/arm using llvm and eabi - without C++
	  support for now (hence crossbuilding llvm itself is turned off
	  for minix/arm)

Change-Id: If5c44ef766f5b4fc4394d4586ecc289927a0d6eb
2014-12-12 13:04:56 +01:00
Lionel Sambuc
ce3cb94487 Fix OS X crossbuilds for arm
- Fixed missing variable interpolation because of single quotes
 - Replaced /bin/sh in gen_uEnv.txt.sh with /usr/bin/env bash as the default
   echo doesn't support '-n'
 - Fixed some whitespace errors
 - A succesful build requires for now to skip the gold linker on OSX.

Change-Id: Id09bf52f45252026e3a58b74e8448ea24a0dab12
2014-10-10 12:56:41 +02:00
Ben Gras
5457987d13 set reasonable packages list
. clang, binutils and git and dependencies on CD
	. don't bzip .iso

Change-Id: If43324b46289de5fd1ca7b64785f8ae6e97fd6b7
2014-09-13 22:23:43 +02:00
Ben Gras
43eceae54c restore pkgin_cd
. make release.sh put packages on the cd
	. make setup script produce a better rc.package file

Change-Id: Ia4b7588975c2ddf630fa1c510715d82755f67f1e
2014-09-13 17:05:52 +02:00
Ben Gras
8d311af7ae small arm image script changes
. let you specify IMG as a block device directly. this minimizes
	  i/o (only write used parts of the filesystem) and so turnaround
	  time - while still allowing the big default FS size.

Change-Id: Ib738499464e0d350a474a706f688d3f10806207d
2014-09-12 14:20:37 +02:00
Lionel Sambuc
c48c7d47f7 Remove SETS.* from the CD.
Change-Id: I06385c51d7d24b4e0e6af037c5953ef11695c923
2014-09-05 10:26:19 +02:00
Lionel Sambuc
da9af514b5 Make the kernel less chatty
Change some messages from always printed to varying level of the "verbose"
argument.

Change-Id: I6899268aa895c66e72806ca4d02bb53a0e4ea785
2014-09-01 16:36:26 +02:00
Ben Gras
55f2063ed0 release.sh changes & fixes
. source release.functions with explicit path
	. make xargs touch not fail (due to too long invocations
	  and spaces in paths)

Change-Id: I448b96cebd641bf2c7b86ecbb3d1f1cb568e4f70
2014-08-31 17:29:21 +00:00
Lionel Sambuc
9a718e59fd releasetools/Makefile: updates 2014-08-21 10:59:26 +02:00
Lionel Sambuc
17eed55f28 releasetools/*image.sh
- Removed an "export CPPFLAGS=${FLAG}" which prevented proper settings
   from the environment to be passed to the build step.

 - Re-arranged variable settings at the top, so that we don't need
   to evaluate the argument to vfat mkfs command anymore in
   arm_sdimage.sh

 - "Merged" both script for easier comparison in the future.

Change-Id: Id59f902e4eaeb7f268d5051789462f14421a114a
2014-08-08 17:42:41 +02:00
Philip Homburg
b06a8f390e OSX and FreeBSD don't have mkfs.vfat.
Use newfs_msdos instead.

Change-Id: I51c4086192332f0967a434d88add14db2791395e
2014-08-08 13:44:24 +02:00
Lionel Sambuc
f1778d4cdd Update the default package URL
Change-Id: I1f82f195b5bbc511b54b0598cf55a2231ed20c42
2014-07-31 16:00:32 +02:00
Lionel Sambuc
feace670ed Remove old scripts to check against NBSD
As we have switched to a local git repository containing the NetBSD
reference, at specific points in time, the following scripts are not
anymore useful.

Change-Id: Iec0606a640a73e6ce80ecc5d9ac438daab9f2a1f
2014-07-31 16:00:32 +02:00
Lionel Sambuc
84bb300f88 Remove /multiboot
This is just a duplicate of /boot/.temp, and it is not used anymore.

Change-Id: I8a4d6e68829de3ff3628ff0fe15f6d1d0a6b128f
2014-07-31 16:00:31 +02:00
Lionel Sambuc
433d6423c3 New sources layout
Change-Id: Ic716f336b7071063997cf5b4dae6d50e0b4631e9
2014-07-31 16:00:30 +02:00
Ben Gras
597efc6c54 release script fixes
. we need libc++ in the base system
	. big packages & sources don't fit on the cd any more
	. the fetch scripts have to be triggered for some tools

Change-Id: Ife53c64fda0ed65b96fa8d6a0b0fee2c6a14d6d7
2014-07-28 17:06:30 +02:00
Ben Gras
e3a0e6c3c3 custom message type for VM_REMAP, VM_REMAP_RO 2014-07-28 17:06:16 +02:00
Cristiano Giuffrida
3bfef65a9a releasetools: Add rc.local support when building x86 images. 2014-07-28 17:06:11 +02:00
Koustubha Bhat
2d00147b3f CREATE_IMAGE_ONLY option added to releasetools/x86_hdimage.sh 2014-07-28 17:06:04 +02:00
Koustubha Bhat
5ba302fdea Bridging Minix & llvm-apps repos for instrumentating Minix
Allows instrumentation of Minix components using LLVM passes from
"llvm-apps" repository

In addition, the change does the following:
 1. Move releasetools/generate_gold_plugin.sh to minix/llvm
 2. Move external/bsd/llvm/passes to minix/llvm/passes
 3. libLTO.so, LLVMgold.so and WeakAliasModuleOverride.so files
    now get installed in minix/llvm/bin
2014-07-28 17:06:03 +02:00
Lionel Sambuc
4684ddb6aa LLVM Minix changes
- import libcxx
 - reduce targets to the one when compiled as a tools

Change-Id: Iabb8427f80ff8e89463559a28bcb8b4f2bdbc496
2014-07-28 17:05:59 +02:00
Lionel Sambuc
fe5a129a88 I should not have been born.
This patch is a ugly, but a this moment I have no better alternatives to
offer.

 - Add a script to compile the llvm sources through the standard
   makefiles instead of the bsd build system. The produced gold plugin
   is then copied into the source tree and used from there by the BSD
   Makefiles.

Change-Id: I7fd7ad80be8efcedf27a047b872930ed602d7874
2014-07-28 17:05:58 +02:00
Thomas Cort
7b1dfc682a Importing games/colorbars
No Minix specific changes needed.

Change-Id: Id853551c7d19adc68cfc76ddc353bccf0510387a
2014-07-28 17:05:50 +02:00
Kees Jongenburger
47c191720b arm:no longer disable caches in the bootloader.
Change-Id: If586c5ba19bd61776e92ff232dd1e9be7746d7be

http://gerrit.minix3.org/#/c/2692/
2014-07-28 17:05:39 +02:00
Kees Jongenburger
c4a8cb3d4b build:Only keep one ref to .settings and allow to override it.
Rreleasetools/arm_sdimage.sh uses a ".settings" file to allow to override
the defaults settings found in arm_sdimage. This change allows to use an
alternate file for this purpose. We figured out more programs (like eclipse)
use a ".settings" file.

One can tweak the settings files to use by settings the SETTINGS_MINIX
variable

 SETTING_MINIX=.settings_minix

Change-Id: I57f5ca64d2ac27c9e015ab24b864b9a5f14c42fb

http://gerrit.minix3.org/#/c/2687/
2014-07-28 17:05:38 +02:00
Kees Jongenburger
372247712a build:check if .settings file is a file.
Check if the .settings entry is a file and not a directory. Eclipse
as we found out also likes creating .settings directories.

Change-Id: I3cbcaa7aa9e5dfb3d51c6c71df7fd72079fe213e
2014-07-28 17:05:21 +02:00
Thomas Cort
2f98b65abf Importing games/tetris
No Minix specific changes needed.

Change-Id: Ia6a2d9d2192ae0cee29e395aa42271005c6179c2
2014-07-28 17:05:20 +02:00
Thomas Cort
8df22d598f Importing games/arithmetic
No Minix specific changes needed.

Change-Id: I67d7a01edea0cee5be403dbbea20c2ca0f1771f0
2014-07-28 17:05:19 +02:00
Thomas Cort
b098ee9ca6 Importing games/random
No Minix specific changes needed.

Change-Id: I0fd074325f334f03426accbece4e731b746ebe14
2014-07-28 17:05:19 +02:00
Thomas Cort
6e7922ee31 Importing games/wargames
No Minix specific changes needed.

Change-Id: Ie752ee476dd6be712b1dc9cae6ea260f12aaf906
2014-07-28 17:05:19 +02:00
Thomas Cort
0c3cfeffb3 Importing games/monop
No Minix specific changes needed.

Change-Id: I362b974a95911d26fcd8a4401129ca946179d93c
2014-07-28 17:05:19 +02:00
Thomas Cort
5f9253d438 Importing games/number
No Minix specific changes needed.

Change-Id: Iaf87f29a954f241d41c101dd74fe338b9d7c4d95
2014-07-28 17:05:18 +02:00
Thomas Cort
0868456318 Importing games/bcd
No Minix specific changes needed.

Change-Id: Ib98d41526baf73445f3a9465dd75fbc517b1edbe
2014-07-28 17:05:17 +02:00
Thomas Cort
193687130e Importing games/ppt
No Minix specific changes needed.

Change-Id: I81eecad5c0f4c1d7a7dba356bcc2e928e3f2c175
2014-07-28 17:05:17 +02:00
Thomas Cort
90dc219012 Importing games/morse
No Minix specific changes needed.

Change-Id: Ie0d427d39a5392c0c0f2c3856ba36286957d21a4
2014-07-28 17:05:17 +02:00
Thomas Cort
402f338ee6 Importing games/pig
No Minix specific changes needed.

Change-Id: If6c638f44e9cabc5b667f0b30a0654f1e8e61c13
2014-07-28 17:05:16 +02:00
Thomas Cort
bd0f8badfa Importing games/fortune
Replaces commands/fortune. No Minix specific changes needed.

Change-Id: Iac79ea82dedd12e80377c85954da5e2d8eee74af
2014-07-28 17:05:16 +02:00
Thomas Cort
c1f592a24c Importing games/factor
Replaces commands/factor. No Minix specific changes needed.

Change-Id: Ie2a58534c59a1ebbf922d483fb27abd8dffd1f5f
2014-07-28 17:05:16 +02:00
Thomas Cort
d1878c29f6 Importing games/primes
No Minix specific changes needed.

Change-Id: Id4133ad419cb1e31e49b625ad80bb003561afaad
2014-07-28 17:05:16 +02:00
Thomas Cort
0819c9f89b Importing games/adventure
No Minix specific changes needed.

Change-Id: I6826d660c60a9e01676e21ef9b95d27e64a67aa5
2014-07-28 17:05:16 +02:00
Ben Gras
aa6ee31737 test74: add mmap-related regression tests
tests many complex system/process memory interaction cases.

has to run as root so it can flush the FS cache; needed to
force FS cache misses for unmapped pages.

See the comment in test74.c for a full description of what the tested
cases are.

also re-enable filemap on arm
2014-07-28 17:05:14 +02:00
Thomas Cort
6bc75c4a0d x86_hdimage.sh: use nbstat from tooldir.
The syntax of the stat(1) command varies between Linux and FreeBSD.
This prevented `x86_hdimage.sh -i` from succeeding on FreeBSD 10.0.
The fix is to use the NetBSD stat from the tooldir for all systems.

Change-Id: I121e5fd36b0d4a944ba0109cf58095ab7d150847
2014-07-28 17:05:09 +02:00
Zachary Storer
1d48ef9844 Import NetBSD true and false commands
Replaces the 'true' and 'false' functionality provided by commands/true
and commands/false.

Change-Id: I736efb9a650f3154eb21e442d676a0f5d2dee957
2014-07-28 17:05:09 +02:00