===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.104
retrieving revision 1.105
diff -c -r1.104 -r1.105
*** www/innovations.html	2023/02/01 19:12:06	1.104
--- www/innovations.html	2023/02/03 06:37:51	1.105
***************
*** 220,226 ****
  	the perspective of userland reading its own memory, or the kernel
  	trying to read memory in a system call.  Many sloppy practices in
  	userland code had to be repaired to allow this.  The linker option
! 	--execute-only is enabled by default. In order of development: arm64,
  	riscv64, hppa, octeon, sparc64 (sun4u only), amd64, powerpc64,
  	powerpc (G5 only).
  	Mark Kettenis, Theo de Raadt, Visa Hankala, Miod Vallat,
--- 220,226 ----
  	the perspective of userland reading its own memory, or the kernel
  	trying to read memory in a system call.  Many sloppy practices in
  	userland code had to be repaired to allow this.  The linker option
! 	<b>--execute-only<b> is enabled by default. In order of development: arm64,
  	riscv64, hppa, octeon, sparc64 (sun4u only), amd64, powerpc64,
  	powerpc (G5 only).
  	Mark Kettenis, Theo de Raadt, Visa Hankala, Miod Vallat,
***************
*** 228,236 ****
  	Theo Buehler, Robert Nagy, Christian Weisgerber in ports.
  	Dec 2022 - Feb 2023, still ongoing.
      <li>On all architectures which lack hardware-enforcement of xonly,
! 	prevent system-call reading (via copyin/copyinst) of the program's
! 	main text, ld.so text, sigtramp text, or libc.so text.
  	Theo de Raadt, Jan 2023.
  </ul>
  
  <h3>Functions</h3>
--- 228,244 ----
  	Theo Buehler, Robert Nagy, Christian Weisgerber in ports.
  	Dec 2022 - Feb 2023, still ongoing.
      <li>On all architectures which lack hardware-enforcement of xonly,
! 	system calls are now prevented from reading (via copyin/copyinst)
! 	inside the program's main text, ld.so text, sigtramp text, or
! 	libc.so text.
  	Theo de Raadt, Jan 2023.
+     <li>Architectures which lack xonly mmu-enforcement can still benefit
+ 	from switching to --execute-only binaries if the cpu generates
+ 	different traps for instruction-fetch versus data-fetch.  The
+ 	VM system will not allowed momeory to be read before it was
+ 	executed which is valuable together with library relinking.
+ 	Architectures switched over include sparc64 (sun4v), loongson.
+ 	Theo de Raadt, Feb 2023.
  </ul>
  
  <h3>Functions</h3>