Commit Graph

2194 Commits

Author SHA1 Message Date
John W. De Boskey
5e3f9bb882 A little tweak for performance
Reviewed by: adrian
Approved by: rmacklem (mentor)
MFC after: 3 weeks
2017-06-27 13:24:06 +00:00
Konstantin Belousov
a36deee3d3 Use address space guard to implement inter-segment gap.
Rtld checks and use old MAP_ANON/PROT_NONE method of creating gap if
running on old kernel.

Reviewed by:	alc, markj
Tested by:	pho, Qualys
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-06-24 17:04:27 +00:00
Enji Cooper
3a286197d0 Add MLINKS for atf-sh(3) to each of the functions it implements
This hopefully will make atf-sh(3) easier to understand for newcomers,
without having to go through the atf-sh(3) level of indirection.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-06-07 21:18:28 +00:00
Enji Cooper
8393f4feaf Revert r319659
I missed the fact that atf-sh(3) already documents atf_check(3). I'll
be adding an manpage link for that instead in the next commit.

MFC after:	1 week
MFC with:	r319659
Sponsored by:	Dell EMC Isilon
2017-06-07 21:11:32 +00:00
Enji Cooper
cdfe874a10 Add an MLINK for atf_check(1) -> atf-check(1)
This is being done to make the documentation for atf-check(1) easier to find/more
intuitive for new users, because atf_check is the atf-run(1) shell version of the
standalone atf-check(1) command, which is used in atf-sh(3) test programs.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-06-07 21:03:27 +00:00
Konstantin Belousov
109f3b8c69 Document direct execution mode for rtld.
Reviewed by:	emaste, jonathan (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D10826
2017-05-29 13:38:26 +00:00
Konstantin Belousov
18934eb6b8 Correct explanation of the dynamic tokens handling.
Reviewed by:	emaste, jonathan
Sponsored by:	The FreeBSD Foundation
X-Differential Revision:	https://reviews.freebsd.org/D10826
2017-05-29 13:36:32 +00:00
Eric van Gyzen
7fb37371e8 rtld: fix warnings about redundant declarations
Fix warnings about redundant declarations in rtld
when libthr in increased to WARNS=6.

Reviewed by:	kib
MFC after:	3 days
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D10934
2017-05-26 15:55:03 +00:00
Konstantin Belousov
9e5e0e8850 For ld.so direct execution mode, implement -p option: search for the
binary in $PATH.

Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D10790
2017-05-23 10:00:52 +00:00
Konstantin Belousov
ce9600b12e Update my copyright, note The FreeBSD Foundation involvement.
While tweaking copyright block, switch to use __FBSDID for tag.

Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-05-18 09:34:26 +00:00
Konstantin Belousov
591986a8da Fix style [1], add static keyword before static function definition.
Noted by:	bapt [1]
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-05-18 09:31:30 +00:00
Jonathan Anderson
dc902dbd60 Fix some nroff syntax in rtld.1.
When I originally documented the LD_LIBRARY_PATH_FDS environment variable,
I used `.Ev` rather than `.It Ev` to introduce it; this led to the
documentation being embedded in the previous paragraph (LD_LIBRARY_PATH).
2017-05-18 00:32:05 +00:00
Jonathan Anderson
d5a5e50d3b Allow rtld direct-exec to take a file descriptor.
When executing rtld directly, allow a file descriptor to be explicitly
specified rather than opened from the given path. This, together with the
LD_LIBRARY_PATH_FDS environment variable, allows dynamically-linked
applications to be executed from within capability mode.

Also add some rudimentary argument parsing (without pulling in getopt or
the like) to accept this file descriptor, a help (-h) option and a basic
usage string.

Reviewed by:	kib
Sponsored by:	NSERC, RDC
Differential Revision:	https://reviews.freebsd.org/D10751
2017-05-17 22:51:28 +00:00
Konstantin Belousov
da403aea11 Pretend that there is some security when executing in direct mode.
Do not allow direct exec if we the process is suid. Try to follow Unix
permission checks for DACs, ignore ACLs.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D10750
2017-05-16 19:53:38 +00:00
Jonathan Anderson
7a36bd9ffd Rename rtld's parse_libdir to parse_integer.
This is a more accurate name, as the integer doesn't have to be a library
directory descriptor. It is also a prerequisite for more argument parsing
coming in the near future (e.g., parsing explicit binary descriptors).

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	NSERC
2017-05-16 13:27:44 +00:00
Konstantin Belousov
0fc65b0ab8 Make ld-elf.so.1 directly executable.
Check if passed phdr is actually phdr of the interpreter itself, and
decide that this is the case of direct execution.  In this case, the
binary to activate is specified in the argv[1].  After opening it,
shift down on-stack structure with argv, env and aux vectors to
emulate execution of the binary and not of the interpreter.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D10701
2017-05-15 18:48:58 +00:00
Konstantin Belousov
9104191924 Fix the AT_EXECFD functionality.
If the mapped object is linked at specific address, we must obey it.
If AT_EXECFD is not used, only in-kernel ELF image activator needed to
keep the mapping address, since only binaries are linked at the fixed
address, and binaries are mapped by kernel in this case.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
X-Differential revision:	https://reviews.freebsd.org/D10701
2017-05-15 18:47:25 +00:00
Konstantin Belousov
c4f7cccbe7 In _rtld(), reorder local declarations to compact the block and
partially sort them by style(9).  Move locals declarations from nested
blocks into the block at function start.

Discussed with:	emaste
MFC after:	1 week
2017-05-13 18:59:27 +00:00
Bryan Drewery
07676084ec DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-05-09 01:48:23 +00:00
Kurt Lidl
be4b793398 Improve blacklist support before upgrading libblacklist
The locally declared enum of blacklistd actions needs to be
hidden when the soon to be committed changes to libblacklist
are brought into the tree.  Fix the type of the "msg" parameter
to match the library.

There should be no functional changes.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2017-05-06 04:17:48 +00:00
Edward Tomasz Napierala
4b89eed669 Fix markup in gettytab(5).
Reviewed by:	bapt
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D10476
2017-05-04 19:01:17 +00:00
Gleb Smirnoff
83c9dea1ba - Remove 'struct vmmeter' from 'struct pcpu', leaving only global vmmeter
in place.  To do per-cpu stats, convert all fields that previously were
  maintained in the vmmeters that sit in pcpus to counter(9).
- Since some vmmeter stats may be touched at very early stages of boot,
  before we have set up UMA and we can do counter_u64_alloc(), provide an
  early counter mechanism:
  o Leave one spare uint64_t in struct pcpu, named pc_early_dummy_counter.
  o Point counter(9) fields of vmmeter to pcpu[0].pc_early_dummy_counter,
    so that at early stages of boot, before counters are allocated we already
    point to a counter that can be safely written to.
  o For sparc64 that required a whole dummy pcpu[MAXCPU] array.

Further related changes:
- Don't include vmmeter.h into pcpu.h.
- vm.stats.vm.v_swappgsout and vm.stats.vm.v_swappgsin changed to 64-bit,
  to match kernel representation.
- struct vmmeter hidden under _KERNEL, and only vmstat(1) is an exclusion.

This is based on benno@'s 4-year old patch:
https://lists.freebsd.org/pipermail/freebsd-arch/2013-July/014471.html

Reviewed by:	kib, gallatin, marius, lidl
Differential Revision:	https://reviews.freebsd.org/D10156
2017-04-17 17:34:47 +00:00
Robert Watson
45c0d45bb5 Emply contemporary function prototypes in bootpd, rather than relying on
locally defined K&R prototypes in .c files; use appropriate casts for
pointer types now that types for arguments are available at compile time.
This ensures that compilers with multiple incompatible calling conventions
can select the correct calling convention for external functions.

Sponsored by:	DARPA, AFRL
MFC after:	1 week
2017-03-26 14:37:12 +00:00
Warner Losh
37b5835028 Impelemnt ttys onifexists in init.
Implement a new init(8) option in /etc/ttys. If this option is present
on the entry in /etc/ttys, the entry will be active if and only if it
exists.  If the name starts with a '/', it will be considered an
absolute path. If not, it will be a path relative to /dev.

This allows one to turn off video console getty that aren't present
(while running a getty on them even when they aren't the system
console). Likewise with serial ports.

It differs from onifconsole in only requiring the device exist rather
than it be listed as one of the system consoles.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D10037
2017-03-22 19:00:41 +00:00
Gleb Smirnoff
62cd9e48ca Remove unused vmmeter. 2017-03-17 04:16:14 +00:00
Jilles Tjoelker
2d6acb22fe rtld(1): Document that LD_BIND_NOT is unset for setugid processes.
MFC after:	2 weeks
2017-03-16 22:15:43 +00:00
Konstantin Belousov
018865f8e8 Disable LD_BIND_NOT for setugid processes.
Requested by:	jilles
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-03-15 23:47:19 +00:00
Konstantin Belousov
e35ddbe448 Implement LD_BIND_NOT knob for rtld.
From the manpage:
When set to a nonempty string, prevents modifications of the PLT slots
when doing bindings.  As result, each call of the PLT-resolved
function is resolved.  In combination with debug output, this provides
complete account of all bind actions at runtime.

Same feature exists on Linux and Solaris.

Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-03-15 21:11:57 +00:00
Alan Somers
35804720ec Increase WARNS for rtld-elf tests
ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by:  ngie, julian
MFC after:    3 weeks
Sponsored by: Spectra Logic Corporation
Differential Revision:        https://reviews.freebsd.org/D9933
2017-03-11 00:10:40 +00:00
Konstantin Belousov
12c81769b6 Avoid bind lock recursion.
When dlclose(3) unloads an object with filtees, it recursively calls
dlclose(3) on each filtee in free_needed_filtees().  Introduce
dlclose_locked() helper, called from free_needed_filtees() instead of
dlclose(), and pass the bind lockstate down to avoid recursing.

Reported and tested by:	jhibbits
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-03-09 21:05:47 +00:00
Rodney W. Grimes
ce9f2d31b3 Convert absolute links to relative links.
Style.Makefile(9) has been ignored to produce minimal diffs.

Approved by:	grehan (mentor)
MFC after:	1 week
2017-03-07 05:10:38 +00:00
Enji Cooper
a251f9dcf8 libexec: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:28:03 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
John Baldwin
e278d94bca Fully handle the special encoding of GOT[1] on mips64.
The MIPS ABI does not require the second GOT entry to be reserved for use
by the runtime linker as on other architectures.  Instead, static linkers
use a special value in the second GOT entry to indicate if the entry is
reserved.  This value is supposed to consist of an address with the MSB
set and the rest of the bits all zero which is an invalid user address.

However, the old binutils currently in the tree uses the 32-bit mask value
(2^31) on 64-bit MIPS instead of 2^63.  This was fixed in upstream
binutils in 2008 to use 2^63 on 64-bit MIPS.

The first part of this change changes the runtime check in init_pltgot()
to check for both values (2^31 and 2^63) when deciding whether to store
the current object pointer in GOT[1] which fixes dynamic N64 binaries
compiled with modern binutils.

However, the initial version of this fix exposed another related bug in
that _rtld_relocate_nonplt_self() was only checking for the new value
(2^63) in GOT[1] and incorrectly treated GOT[1] as a local GOT entry
(and did not relocate the final local GOT entry).  To handle this, fix
all of the places that check for GOT[1]'s status to use the same macro
that checks for both values on N64.

Reviewed by:	kan, imp
Sponsored by:	DARPA / AFRL
Differential Revision:	https://reviews.freebsd.org/D9708
2017-02-23 00:02:49 +00:00
Konstantin Belousov
6d20836aa7 Handle protected symbols in rtld.
Protected symbol reference in GOT of the defining object must be
resolved to itself, same as -Bsymbolic globally.

Discussed with:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D9317
2017-02-09 23:33:06 +00:00
Alexey Dokuchaev
f73ff060d2 Try to fix the old "he capability is stupid" bug in gettytab(5)/getty(8)
There is one capability explicitly documented in gettytab(5) as stupid: he.
And it is indeed.  It was meant to facilitate system hostname modification,
but is hardly usable in practice because it allows very limited editing
(e.g., it depends on a particular hostname length, making it non-generic).

Replace it with simple implementation that treats ``he'' as POSIX extended
regular expression which is matched against the hostname.  If there are no
parenthesized subexpressions in the pattern, entire matched string is used
as the final hostname.  Otherwise, use the first matched subexpression.
If the pattern does not match, the original hostname is not modified.

Using regex(3) gives more freedom, does not complicate the code very much,
and makes a lot more sense, in turn making ``he'' less stupid and actually
useful (e.g., it is now possible to obtain node or domain names from the
original hostname string, without knowing it in advance).

Reviewed by:		jilles, manpages (wblock)
Approved by:		jilles (implied)
Differential Revision:	https://reviews.freebsd.org/D9244
2017-02-02 20:30:50 +00:00
John Baldwin
2a7278307b Remove a duplicate store when performing REL32 relocations in rtld.
The duplicate call to store_ptr() was added in r204687, but it should
have no effect as it only stores an Elf_Sword and the later store_ptr()
does a write that is at least as large if not larger.

Reviewed by:	jmallett
Obtained from:	CheriBSD (sort of)
Sponsored by:	DARPA / AFRL
2017-01-30 23:13:41 +00:00
Peter Jeremy
8787928589 Extend LD_UTRACE by also generating utrace(2) log events for runtime linker
errors.

Reviewed by:	kib, jhb
Approved by:	jhb(mentor)
MFC after:	1 week
Differential Revision:	 D9347
2017-01-30 08:38:32 +00:00
Yoshihiro Takahashi
2b375b4edd Remove pc98 support completely.
I thank all developers and contributors for pc98.

Relnotes:	yes
2017-01-28 02:22:15 +00:00
Andrew Turner
02dbdb1677 Pull the R_AARCH64_TLSDESC code out into a common function and use them in
both the plt and non-plt case.

This fixes an issue where libraries built with LLD can fail with
"Unhandled relocation 1031"

PR:		214971
Obtained from:	1 week
Sponsored by:	DARPA, AFRL
2017-01-25 17:35:11 +00:00
Ed Maste
ebf8934652 rtld: do not rely on a populated GOT on amd64
On rela architectures GNU BFD ld and gold store the relocation addend
in GOT entries (in addition to the relocation's r_addend field).
rtld previously relied on this to access its own _DYNAMIC symbol in
order to apply its own relocations.

However, recording addends in the GOT is not specified by the ABI,
and some versions of LLVM's LLD linker leave the GOT uninitialized on
rela architectures.

BFD ld does not populate the GOT on sparc64, and sparc64 rtld has a
machine-dependent rtld_dynamic_addr() function that returns the
_DYNAMIC address. Use the same approach on amd64, obtaining the %rip-
relative _DYNAMIC address following a suggestion from Rafael Espíndola.

Architectures other than amd64 should be addressed in future work.

PR:		214972
Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D9180
2017-01-16 14:49:29 +00:00
Konstantin Belousov
f8adf1a784 For the main binary, postpone enforcing relro read-only protection
until copy relocations are done.

Newer binutils and lld seems to output copy into relro-protected range.

Reported by: Rafael Espц╜ndola via emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-01-12 15:54:03 +00:00
Konstantin Belousov
b88a8d3d1d Fix acquisition of nested write compat rtld locks.
Obtaining compat rtld lock in write mode sets process signal mask to
block all signals.  Previous mask is stored in the global variable
oldsigmask.  If a lock is write-locked while another lock is already
write-locked, oldsigmask is overwritten by the total mask and on the
last unlock, all signals except traps appear to be blocked.

Fix this by counting the write-lock nested level, and only storing to
oldsigmask/restoring from it at the outermost level.

Masking signals disables involuntary preemption for libc_r, and there
could be no voluntary context switches in the locked code
(dl_iterate_phdr(3) keeps a lock around user callback, but it was
added long after libc_r was renounced).  Due to this, remembering the
level in the global variable after the lock is obtained should be
safe, because no two libc_r threads can acquire different write locks
in parallel.

PR:	215826
Reported by:	kami
Tested by:	yamagi@yamagi.org (previous version)
To be reviewed by:	kan
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-01-10 19:26:55 +00:00
Konstantin Belousov
e7bfd34bdf Use ANSI C definitions, update comment.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-01-10 17:05:34 +00:00
Enji Cooper
4eb4663b0e Conditionalize all code that uses tcpd.h behind LIBWRAP guard
This will allow the code to stand by itself without libwrap

MFC after:	2 weeks
2017-01-06 04:27:07 +00:00
Xin LI
62b0ff4e66 Don't use high precision clock for expiration as only second portion is
used.

MFC after:	2 weeks
2016-12-26 17:23:09 +00:00
Xin LI
9a0ebab4d4 Avoid use after free.
Reported by:	Clang static code analyzer
MFC after:	2 weeks
2016-12-26 17:10:41 +00:00
Mark Johnston
57a9273f93 rtld: Fix a couple of bugs around the unloading of ELF filters.
- Pass the correct object to unload_filtees().
- Use a marker to restart iteration after unload_filtees() has returned.
  It calls dlclose() and may recursively remove entries from the global
  object list, so TAILQ_FOREACH_SAFE is not sufficient.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2016-12-22 17:44:27 +00:00
Mark Johnston
510fe58c82 rtld: Ensure that dlopen() cannot obtain a reference on a doomed object.
rtld drops the bind lock to call fini functions in an object prior to
unmapping it. The new "doomed" state flag prevents the acquisition of new
references for an object while the lock is dropped.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2016-12-22 17:41:32 +00:00
Mark Johnston
c02741759f rtld: Fix a race between dl_iterate_phdr() and dlclose().
Add a transient reference count to ensure that the phdr argument to the
callback remains valid while the bind lock is dropped.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2016-12-22 17:37:39 +00:00