1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
like EX and SRX. The install command uses pkgfs to extract a kernel,
zero or more modules and a root file system from the specified package
and boots the kernel. The name of the kernel, the list of modules and
the name of the root file system can be specified by putting a
file called "metatags in the package.
The package to use is given by an URL. The schemes supported are
tftp and file. For the file scheme, the disk is currently hardcoded
but that should really look for the package on all devices and
partititions.
Obtained from: Juniper Networks, Inc.
Make the sysinit tool a build tool rather than building in with
/usr/bin/cc and running it from OBJDIR. (It will be moved to usr.bin
once a manpage is written and a few style cleanups are done.)
Split the makefile bits for Hans' kernel shim layer into their own
includable kshim.mk.
Move USB support into a .mk file so loaders can include it.
(4 in operation), 4GB ram (3.5 usable) ARM machine.
Support covers device drivers for:
- Serial Peripheral Interface (SPI)
- Chrome Embedded Controller (EC) - SPI-based version
- XHCI and USB 3.0 dual-role device PHY
Also:
- Add support for Exynos5420 in Pad module
- Move power-related functions to separate driver --
Power Management Unit (PMU)
- Enable XHCI for Chromebook1
Special thanks to grehan@ for hardware, and to
hselasky@ for r269139.
compressed tarball, aka package. The file system assumes that the
files are layed-out in the same order as needed to allow for the
package to be streamed. As such, it does not read an entire package
into memory first.
Some properties of the file system:
o Files that start with '+' are silently skipped. These are found
in FreeBSD package files.
o Files smaller than or equal to 4KB will be cached in memory and
as such allow for some flexibility in accessing files out of
order.
o Files with the .tgz suffix are assumed to be (sub-)packages and
signal the end for a directory scan.
Obtained from: Juniper Networks, Inc.
place for the NFS-based PXE loader. Information like rootpath
or rootip aren't that useful for TFTP and the gateway IP is
typically already printed by the firmware.
2. Only set boot.nfsroot.* environment variables for NFS. This
makes it possible for the OS to work either way by checking
for the presence or absence of environment variables.
3. Set boot.netif.server when using TFTP so that the OS can fetch
files as well. A typical use case for this is network-based
installations with the installation process implemented on
top of FreeBSD.
4. The pxelinux loader has a set of alternative names it tries
for configuration files. Make it easier to do something
similar in Forth by providing the IP address as a 32-bit hex
number in the pxeboot.ip variable and the MAC address with
dashes in the pxeboot.hwaddr environment variable.
Obtained from: Juniper Networks, Inc.
particular, allow loaders to define the name of the RC script the
interpreter needs to use. Use this new-found control to have the
PXE loader (when compiled with TFTP support and not NFS support)
read from ${bootfile}.4th, where ${bootfile} is the name of the
file fetched by the PXE firmware.
The normal startup process involves reading the following files:
1. /boot/boot.4th
2. /boot/loader.rc or alternatively /boot/boot.conf
When these come from a FreeBSD-defined file system, this is all
good. But when we boot over the network, subdirectories and fixed
file names are often painful to administrators and there's really
no way for them to change the behaviour of the loader.
Obtained from: Juniper Networks, Inc.
This also fixes a few minor violations of the SD protocol, such as running
the bus at high speed during the card identification sequence.
The sdcard_init() routine now probes for SDHC cards so that later read
requests can make needed adjustments between block and byte offsets based
on card type.
There is a new MCI_readblocks() function that takes block number and block
count parameters instead of byte-offset values. Using this routine, boot
loader code can load a kernel from any location on an SDHC or standard SD.
The old MCI_read() interface remains unchanged so that existing customized
boot loader code will still keep working without changes. Using this
routine, boot loaders can load a kernel from anywhere in the first 4GB of
an SDHC card (or of course any location on a standard SD card).
A new sdcard_use4wire() routine allows boot loaders to request 4-bit
transfers; it should be called after sdcard_init(). The sdcard_init()
routine no longer assumes the hardware is 4-wire capable and by default
sets things up for 1-bit transfers. (4-wire mode is unreliable on
at91rm9200, works on later SoCs.)
PR: 155894
Submitted by: me. years ago.
Setting PSE together with PAE or in long mode just makes the PSE bit
completely ignored, so don't set it.
Sponsored by: Citrix Systems R&D
Reviewed by: kib
that it can connect to switches at speeds other than 1gb.
This requires changing the reference clock speed. Since we still don't
have a general clock API that lets a SoC-independant driver manipulate its
own clocks, this change includes a weak reference to a routine named
cgem_set_ref_clk(). The default implementation is a no-op; SoC-specific
code can provide an implementation that actually changes the speed.
Submitted by: Thomas Skibo <ThomasSkibo@sbcglobal.net>
percentage of machines has a 16550. Disable it for pc98 since only a
tiny fraction of them have one. These changes save 293 bytes when
building with clang, but preserves the ability to build with serial if
you really want. We now have 92 bytes free (412 with the in-tree gcc).
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
The EFI framebuffer produces corrupted output on certain systems. For
now display the framebuffer parameters (address, dimensions, etc.) on
boot to aid in tracking down these issues.
Sponsored by: The FreeBSD Foundation
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
(7-bit device address << 1), always leaving the room for the read/write bit.
This commit convert ti_i2c and revert r259127 on bcm2835_bsc to make them
compatible with 8-bit addresses. Previous to this commit an i2c device
would have different addresses depending on the controller it was attached
to (by example, when compared to any iicbb(4) based i2c controller), which
was a pretty annoying behavior.
Also, update the PMIC i2c address on beaglebone* DTS files to match the new
address scheme.
Now the userland utilities need to do the correct slave address shifting
(but it is going to work with any i2c controller on the system).
Discussed with: ian
MFC after: 2 weeks
If the user specifies in /boot/loader.conf:
loader_brand="mycustom-brand"
Then "mycustom-brand" will be executed instead of "fbsd-logo".
Submitted by: alfred
Obtained from: FreeNAS
- Make the USB boot library more configurable.
- Resolve compile issues when cross building.
- Allow use of separate malloc.
- Allow use of separate endian macros.
Sponsored by: DARPA, AFRL
o Allow setting keymap in FDT, use hardcoded one by default
o Represent fallback keymap as a list rather than directly usable M*N array
Submitted by: Maxim Ignatenko <gelraen.ua@gmail.com>
current RADXA config. Radxa Rock (RR) boards have few types such as
RR (full version), RR Lite and some variants of RR engineering samples.
Add kernel config and FDT file for RR Lite board.
Approved by: stas (mentor)
- Update FDT file for BERI DE4 boards.
- Add needed kernel configuration keywords.
- Rename module to saf1761otg so that the device unit number does not
interfere with the hardware ID in dmesg.
Sponsored by: DARPA, AFRL
thicket of .if ${COMPILER_TYPE} == "clang" that controls
warnings. Also, use CFLAGS.clang in a couple places in preference to
having a similar construct that's related to the CWARNFLAGS changes.
lindev(4) was only used to provide /dev/full which is now a standard feature of
FreeBSD. /dev/full was never linux-specific and provides a generally useful
feature.
Document this in UPDATING and bump __FreeBSD_version. This will be documented
in the PH shortly.
Reported by: jkim
Adjust the exynos and zedboard dts files to use max-frequency (the
documented standard property) instead of clock-frequency.
Submitted by: Thomas Skibo <ThomasSkibo@sbcglobal.net>
This allows existing loader.conf files that set "console=comconsole"
to work without failing. No functional difference otherwise.
Reported by: Michael Dexter, pfSense install.
Reviewed by: neel
MFC after: 3 weeks
copy of the code from boot1.chrp again.
The resulting image is installed to /boot/boot1.efifat. If dd'ed to an 800K
"efi" partition, it should result in a bootable system.
NetFPGA-10G Embedded CPU Ethernet Core.
The current version operates on a simple PIO based interface connected
to a NetFPGA-10G port.
To avoid confusion: this driver operates on a CPU running on the FPGA,
e.g. BERI/mips, and is not suited for the PCI host interface.
MFC after: 1 week
Relnotes: yes
Sponsored by: DARPA/AFRL
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
the PowerPC port with all the Open Firmware bits removed and replaced by
their EFI counterparts. On the whole, I think I prefer Open Firmware.
This code is supposed to be an immutable shim that sits on the EFI system
partition, loads /boot/loader.efi from UFS and tells the real loader what
disk/partition to look at. It finds the UFS root partition by the somewhat
braindead approach of picking the first UFS partition it can find. Better
approaches are called for, but this works for now. This shim loader will
also be useful for secure boot in the future, which will require some
rearchitecture.
Previously ${COMPILER_TYPE} was checked in sys/boot/amd64, and the efi
subdirectory was skipped altogether for gcc (since GCC does not support
a required attribute). However, during the early buildworld stages
${COMPILER_TYPE} is the existing system compiler (i.e., gcc on 9.x build
hosts), not the compiler that will eventually be used. This caused
"make obj" to skip the efi subdirectory. In later build stages
${COMPILER_TYPE} is "clang", and then the efi loader would attempt to
build in the source directory.
Sponsored by: The FreeBSD Foundation
