===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.114
retrieving revision 1.115
diff -c -r1.114 -r1.115
*** www/innovations.html	2024/01/22 19:06:01	1.114
--- www/innovations.html	2024/01/22 23:23:35	1.115
***************
*** 240,259 ****
  	executed which is valuable together with library relinking.
  	Architectures switched over include loongson.
  	Theo de Raadt, Feb 2023.
!     <li>ld.so and crt0 register the location of the execve(2) stub with
! 	the kernel using pinsyscall(2), after which the kernel only accepts
! 	an execve call from that specific location. Theo de Raadt, Feb 2023.
!         Made redundant by pinsyscalls(2) which handles all system calls.
      <li>Mandatory enforcement of indirect branch targets (BTI on arm64,
          IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests
          no enforcement.
!     <li>The kernel and ld.so register the precise entry location of every
!         system call used by a program, as described in the new ELF section
!         <b>.openbsd.syscalls</b> inside ld.so and libc.so.  ld.so uses the
!         new syscall pinsyscalls(2) to tell the kernel where libc.so the
!         precise entry location of system calls.  Since all syscall entries
!         are now known to the kernel, the pininsyscall(SYS_execve) interface
!         becomes redundant. Theo de Raadt, Jan 2024.
  </ul>
  
  <h3>Functions</h3>
--- 240,265 ----
  	executed which is valuable together with library relinking.
  	Architectures switched over include loongson.
  	Theo de Raadt, Feb 2023.
!     <li>ld.so and crt0 register the location of the
!         <a href="https://man.openbsd.org/execve.2">execve(2)</a>
! 	libc syscall stub with the kernel using
!         <a href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a>,
! 	after which the kernel only accepts an execve call from that
! 	specific location. Theo de Raadt, Feb 2023. Made redundant by
!         <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>
!         which handles all system calls.
      <li>Mandatory enforcement of indirect branch targets (BTI on arm64,
          IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests
          no enforcement.
!     <li>The kernel and ld.so register the precise entry location of
! 	every system call used by a program, as described in the
! 	new ELF section <b>.openbsd.syscalls</b> inside ld.so and
! 	libc.so.  ld.so uses the new syscall
!         <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>
!         to tell the kernel where libc.so the precise entry location
! 	of system calls.  Since all syscall entries are now known
! 	to the kernel, the pininsyscall(SYS_execve) interface  becomes
! 	redundant. Theo de Raadt, Jan 2024.
  </ul>
  
  <h3>Functions</h3>