When enabled, have the framework use the boottrace(8) utility to execute
each rc script, generating trace entries for the entire suite of
scripts.
Reviewed by: 0mp (slightly earlier version)
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D31930
Arno Tuber reported via email that he needed to restart the gssd daemon
after booting, to get his Kerberized NFS mount to work.
Without this patch, rcorder shows that the gssd starts before NETWORKING
and kdc. The gssd will need NETWORKING to connect to the KDC and, if
the kdc is running on the same system, it does not make sense to start it
before the kdc. This fixed the problem for Arno.
While here, I also added a "# BEFORE: mountcritremote".
It does not affect ordering at this time, but I felt
it should be added, since the gssd needs to be running
when remote NFS mounts are done.
PR: 261939
Reported by: anothatuber@gmail.com
Tested by: anothatuber@gmail.com
Reviewed by: rew
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34265
it seems that glibc supports them, and such spelling is mentioned in the
ld.bfd manual. Idea seems to auto-correct some quoting/makefile sytnax
errors on linker command line.
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D34247
NanoBSD or, more generally, systems with root_rw_mount="NO" are not able
to remove the firstboot_sentinel file, typically /firstboot, because the
logic in /etc/rc is currently inverted.
When checkyesno root_rw_mount tests on a read-only file system, the
return is 1, hence avoiding the option to mount the system read-write.
Restore the ability to remove the firstboot_sentinel file on read-only
mounted file systems.
This change was introduced in 40adda8665, and partially fixed in
1ce07411fa.
Differential Revision: https://reviews.freebsd.org/D34166
PR#254282 reports a problem where nullfs mounts cannot be
exported via mountd for FreeBSD 13.0.
The problem seems to be that, to do the nullfs mounts in
/etc/fstab, they require the "late" mount option, so that the
underlying filesystem is mounted (ZFS for the PR).
Adding "mountlate" to the REQUIRE list in /etc/rc.d/mountd
fixes the problem, but that results in a dependency cycle
because /etc/rc.d/lockd specifies:
REQUIRE: nfsd
BEFORE: DAEMON
--> which forces mountd to preceed DAEMON.
This patch removes "nfsd" from REQUIRE for lockd and statd,
then adds mountlate to REQUIRE for mountd, to fix this
problem. Having lockd REQUIRE nfsd was done in the NetBSD
code when it was pulled into FreeBSD and there does not
seem to be a need for this.
In case this causes problems, a long MFC has been specified.
PR: 254282
Differential Revision: https://reviews.freebsd.org/D33256
MFC after: 3 months
This addresses the following boot message:
/etc/rc: WARNING: $zfskeys_enable is not set properly - see rc.conf(5).
Reported by: Mark Millard
Sponsored by: Modirum MDPay
Sponsored by: Klara Inc.
Fixes: bfb7a31b6a ("rc: Hook zfskeys to the build")
Fixes: 33ff39796f ("Add zfskeys rc.d script for auto-loading encryption keys")
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.
PR: 261298
Reported by: Martin Waschbusch <martin@waschbuesch.de>
MFC after: 3 days
And put the tcp-wrapper utilities in it.
Reviewed by: emaste
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33439
Move some needed binaries/libs from FreeBSD-utilities to FreeBSD_runtime.
This is everything needed to boot to multiuser with FreeBSD-rc installed.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33435
YP is less and less used, split them to users have the choice to not
install them.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33441
Like wpa_supplicant, hostapd does not automatically UP the interface
when configured. The fix is similar to 5fcdc19a81.
Reported by: avg
Tested by: avg
MFC after: 1 week
In network6_getladdr() we are iterating over inet6 lines and are not
interested in any others. So tell ifconfig to limit output to "inet6"
as much as possible.
This is probably a micro-optimisation but was noticed while looking
at other IPv6-related boot-time improvements.
MFC after: 1 week
- Include <machine/tls.h> in MD rtld_machdep.h headers.
- Remove local definitions of TLS_* constants from rtld_machdep.h
headers and libc using the values from <machine/tls.h> instead.
- Use _tcb_set() instead of inlined versions in MD
allocate_initial_tls() routines in rtld. The one exception is amd64
whose _tcb_set() invokes the amd64_set_fsbase ifunc. rtld cannot
use ifuncs, so amd64 inlines the logic to optionally write to fsbase
directly.
- Use _tcb_set() instead of _set_tp() in libc.
- Use '&_tcb_get()->tcb_dtv' instead of _get_tp() in both rtld and libc.
This permits removing _get_tp.c from rtld.
- Use TLS_TCB_SIZE and TLS_TCB_ALIGN with allocate_tls() in MD
allocate_initial_tls() routines in rtld.
Reviewed by: kib, jrtc27 (earlier version)
Differential Revision: https://reviews.freebsd.org/D33353
This matches the TLS_TCB_ALIGN definition in libc.
Reviewed by: kib, jrtc27
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33349
Previously TLS_DTV_OFFSET was added to the offset passed to
tls_get_addr_common; however, this approach matches powerpc and RISC-V
and better matches the intention.
Reviewed by: kib, jrtc27
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33347
This is the more standard name for the bias of dtv pointers used on
other platforms. This also fixes a few other places that were using
the wrong bias previously on MIPS such as dlpi_tls_data in struct
dl_phdr_info and the recently added __libc_tls_get_addr().
Reviewed by: kib, jrtc27
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33346
This reverts commit 266f97b5e9, reversing
changes made to a10253cffe.
A mismerge of a merge to catch up to main resulted in files being
committed which should not have been.
This disables the random (between zero and one seconds) delay before
rtsol and rtsold send a a Router Solicitation packet. This delay is
specified as a SHOULD by RFC 4861 for avoidance of network congestion,
but network speeds have increased enough in the 25 years since this
first appeared (in RFC 1970) that it seems unnecessary as a default
at this point.
This speeds up the FreeBSD boot process by an average of 500 ms.
Reviewed by: kp
MFC after: 1 week
Relnotes: yes
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D33089
Variables must be quoted if they contain non-alphanumeric characters.
Warner noted in the review that the lack of quoting causing problems
here is rather an edge case. I believe that it's worth adding the quotes
here anyway because this is what the specification says and there is no
good reason not to follow it.
Reviewed by: imp
Approved by: imp (src)
MFC after: 7 days
Add in all the variables set in the kenv variable devmatch_blocklist
too. This allows blocking autoloading from the boot loader.
Sponsored by: Netflix
Reviewed by: 0mp
Differential Revision: https://reviews.freebsd.org/D32171
Since vfs.nfsd.srvmaxio can only be set when nfsd.ko
is loaded, but nfsd is not running, setting it in
/etc/sysctl.conf is not feasible when "options NFSD"
was not specified for the kernel.
This patch adds a new rc variable nfs_server_maxio,
which sets vfs.nfsd.srvmaxio at the correct time.
rc.conf.5 will be patched separately.
Reviewed by: 0mp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D32997
Currently, if the linux service is run twice, mount(8) fails with:
mount: linprocfs: Device busy
mount: linsysfs: Device busy
mount: devfs: Device busy
mount: fdescfs: Device busy
mount: tmpfs: Device busy
It is a bit more user-friendly if before running mount(8) the service
checks if there are any file systems left to be mounted. This patch
implements this behavior.
Also, while here, create mount points directories (as suggested by
otis).
Reviewed by: trasz
Approved by: trasz (src)
Differential Revision: https://reviews.freebsd.org/D32463
Consistently use `return ()'.
Fix some spacing issues with types formatting, and around binary ops.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
File descriptor we operate on might reference something that is not a
file, e.g. shmfd. In this case, we cannot check MNT_NOEXEC in
principle.
If fstatfs(2) caused some failure on normal filesystem, then typical
expectation is that read or mmap of this file would also fail. If not,
mmap(2) PROT_EXEC on MNT_NOEXEC filesystem returns EACCES.
Reported by: obiwac@gmail.com
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Default value for ld_dynamic_weak is true, non-default settings should
be activated for the false value.
Reported by: obiwac@gmail.com
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
The last two drivers that required sppp are cp(4) and ce(4).
These devices are still produced and can be purchased
at Cronyx <http://cronyx.ru/hardware/wan.html>.
Since Roman Kurakin <rik@FreeBSD.org> has quit them, they no
longer support FreeBSD officially. Later they have dropped
support for Linux drivers to. As of mid-2020 they don't even
have a developer to maintain their Windows driver. However,
their support verbally told me that they could provide aid to
a FreeBSD developer with documentaion in case if there appears
a new customer for their devices.
These drivers have a feature to not use sppp(4) and create an
interface, but instead expose the device as netgraph(4) node.
Then, you can attach ng_ppp(4) with help of ports/net/mpd5 on
top of the node and get your synchronous PPP. Alternatively
you can attach ng_frame_relay(4) or ng_cisco(4) for HDLC.
Actually, last time I used cp(4) back in 2004, using netgraph(4)
instead of sppp(4) was already the right way to do.
Thus, remove the sppp(4) related part of the drivers and enable
by default the negraph(4) part. Further maintenance of these
drivers in the tree shouldn't be a big deal.
While doing that, remove some cruft and enable cp(4) compilation
on amd64. The ce(4) for some unknown reason marks its internal
DDK functions with __attribute__ fastcall, which most likely is
safe to remove, but without hardware I'm not going to do that, so
ce(4) remains i386-only.
Reviewed by: emaste, imp, donner
Differential Revision: https://reviews.freebsd.org/D32590
See also: https://reviews.freebsd.org/D23928
but still for tightly coupled things like ldd(1)
Rename paths.h to rtld_paths.h.
Add guard for rtld-specific externs declarations.
Add _COMPAT32_BASENAME_RTLD and _COMPAT32_PATH_RTLD.
Reviewed by: arichardson, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D32464
Reset both pagepool_start and pagepool_end after a mmap(2) failure,
to avoid using invalid pagepool either for allocation or munmap(2).
PR: 259076
Noted by: Denis Koreshkov <dynamic-wind@mail.ru>
Reviewed by: arichardson
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D32514
PIE and shared objects usually have many relative relocations. In
2017/2018, a compact relative relocation format RELR was proposed on
https://groups.google.com/g/generic-abi/c/bX460iggiKg/m/GxjM0L-PBAAJ
("Proposal for a new section type SHT_RELR") and is a pre-standard.
RELR usually takes 3% or smaller space than R_*_RELATIVE relocations.
The virtual memory size of a mostly statically linked PIE is typically
5~10% smaller.
ld.lld --pack-dyn-relocs=relr emits RELR relocations. DT_RELR has been
adopted by Android bionic, Linux kernel's arm64 port, Chrome OS (patched
glibc).
This patch adds DT_RELR support to FreeBSD rtld-elf.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D32524
This has the effect of installing the same file twice at the same location
and confuse pkgbase as we add this file twice in the package config part.
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
to ignore lack of execute permission on the binary. The check is a
bad security theatre anyway.
Reviewed by: arichardson, imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D32464
In the situation with limited address space, together with
fragmentation, it is possible for mmap() request in morecore() to fail
when asking for required size + NPOOLPAGES, but succeed without the
addend. Retry allocation there.
PR: 259076
Reported by: Denis Koreshkov <dynamic-wind@mail.ru>
Reviewed by: arichardson
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D32474
We'd likely be better served by converting these to the equivalent mem*
calls, but just kill the knob for now. The b* macros being defined get
in the way of _FORTIFY_SOURCE.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D32235
The 3com bluetooth PC Card adapter was removed from the tree when PC
Card support was removed earlier this year. Remove stray references to
it still in the tree.
Sponsored by: Netflix
compatibility layer. When /compat is located on a ZFS other than /,
mount would fail because they were not mounted.
Solve this by moving `linux` to depend on `zfs` which mounts all ZFS
filesystems.
Differential Revision: https://reviews.freebsd.org/D31848
MFC after: 2 weeks
Using /etc/jail.{jailname}.conf is nice, however it makes /etc/ very
messy if you have many jails. This patch allows one to move these
config files out of the way into /etc/jail.conf.d/{jailname}.conf.
Note that the same caveat as /etc/jail.*.conf applies: the jail service
will not autodiscover all of these for starting 'all' jails. This is
considered future work, since the behavior matches.
Reviewed by: kevans
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D24570
5fcdc19a81 didn't fully resolve the issue. There remains a report
that an ifconfig wlan0 up by itself is insufficient. Ifconfig down
must precede it.
Reported by: Filipe da Silva Santos <contact _ shiori_com_br>
Fixes: 5fcdc19a81
MFC after: 3 days
Some installations may experience CTRL-EVENT-SCAN-FAILED when
associating to an AP. Installations that specify
ifconfig_wlan0="WPA ... up" in rc.conf do not experience
the problem whereas those which specify ifconfig_wlan0="WPA" without
the "up" will experience CTRL-EVENT-SCAN_FAILED.
However those that specify "up" in ifconfig_wlan0 will be able to
reproduce this problem by service netif stop wlan0;
service netif start wlan0. Interestingly The service netif stop/start
problem is reproducible on the older wpa 2.9 as well.
Reported by: dhw
Reported by: "Oleg V. Nauman" <oleg _ theweb_org_ua>
Reported by: Filipe da Silva Santos <contact _ shiori_com_br>
Reported by: Jakob Alvermark <jakob _ alvermark_net>
MFC after: 3 days
both telnet and telnetd aren't that useful nowadays but some
might want them.
Create a FreeBSD-telnet package so users have a choice to have
them or not.
Differential Revision: https://reviews.freebsd.org/D31791
Reviewed by: emaste
define procname or have a PID file. This might be useful for cases,
such as mounting local FS, when there is no running daemon
still some other persistent state in the system which status
can be checked.
It is still possible to have a status method before this by having
extra_commands="status", but it's not obvious and might give
an script writer some extra legwork to figure out how and why
the straight method is not working.
Reviewed by: cy
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D31614
- Fix a warning in growfs. gpart commit is supposed to be called on disk
device.
- Silence a gpart commit warning in growfs.
Submitted by: loos
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D31587
Sponsored by: Rubicon Communications, LLC ("Netgate")
Scan through the set of environment variables during initialization and
store values in the corresponding ld_env_var_desc structure, in the
single pass at init time. This does not eliminate use of getenv(3) and
unsetenv(3) completely, but provides a foundation to do that as the next
step.
Also organize the scan in a way that makes it easier to support aliases
like LD_DEBUG vs. LD_64_DEBUG.
Suggested by: arichardson
Reviewed by: arichardson, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D31545
Instead of specifying the main name part of the environment variable as the
string literal, create array of the var names and access them by symbolic
index. Convert main name parts into complete names by prefixing with
ABI-specific ld_env_vars.
This way the name is not repeated, and also it can carry additional
proporties explicitly. For instance, cleanup of the environment for
the setuid image does not require retyping all names.
Reviewed by: arichardson, markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D31545
Jails with jails is a supported. This change allows the script to run
upon startup with a jail. Without this, jails are not automatically
started within jails.
The current lookup prefers a strong definition to a STB_WEAK definition
(similar to glibc pre-2.2 behavior) which does not conform to the ELF
specification.
The non-compliant behavior provoked https://reviews.llvm.org/D4418
which was intended to fix -shared-libasan but introduced
new problems (and caused some sanitizer tests (e.g.
test/asan/TestCases/interception_failure_test.cpp) to fail): sanitizer
interceptors are STB_GLOBAL instead of STB_WEAK, so defining a second
STB_GLOBAL interceptor can lead to a multiple definition linker error.
For example, in a -fsanitize={address,memory,...} build, libc functions
like malloc/free/strtol/... cannot be provided by user object files.
See
https://docs.freebsd.org/cgi/getmsg.cgi?fetch=16483939+0+archive/2014/freebsd-current/20140716.freebsd-current
for discussions.
This patch implements the ELF-compliant behavior when LD_DYNAMIC_WEAK is
set. STB_WEAK wrestling in symbol lookups in `Search the dynamic linker
itself` are untouched.
Reviewed by: kib
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D26352
Variant I architectures use off and Variant II ones use size + off.
Define TLS_VARIANT_I/TLS_VARIANT_II symbols similarly to how libc
handles it.
Reviewed by: kib
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D31539
Differential revision: https://reviews.freebsd.org/D31541
For a Variant II architecture, the TP offset of a TLS symbol is st_value -
tlsoffset + r_addend. tlsoffset is computed by either calculate_tls_offset
or calculate_first_tls_offset.
The return value of calculate_first_tls_offset is the smallest integer
satisfying res >= size and (-res) % p_align = p_vaddr % p_align
(= p_offset % p_align). (The formula is a bit contrived. The basic idea
is to subtract the minimum integer from size + align - 1 so that the result
ihas the expected remainder.)
Reviewed by: kib
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D31538
Differential revision: https://reviews.freebsd.org/D31541
lld rounds up p_memsz(PT_GNU_RELRO) to satisfy common-page-size. If the
page size is smaller than common-page-size, rounding up relro_size may
incorrectly make some RW pages read-only.
GNU ld, gold, and ld.lld ensures p_vaddr+p_memsz is a multiple of
common-page-size. While max-page-size >= system the page size,
common-page-size can be smaller than the system page size.
Submitted by: MaskRay
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D31498
This adds two new options WITH_ASAN/WITH_UBSAN that can be set to
enable instrumentation of all binaries with AddressSanitizer and/or
UndefinedBehaviourSanitizer. This current patch is almost sufficient
to get a complete buildworld with sanitizer instrumentation but in
order to actually build and boot a system it depends on a few more
follow-up commits.
Reviewed By: brooks, kib, markj
Differential Revision: https://reviews.freebsd.org/D31043
ZFS in 13 supports encryption, but for the use case where keys are
available in plaintext on disk there is no mechanism for automatically
loading keys on startup.
This script will, by default, look for any dataset with encryption and
keylocation prefixed with file://. It will attempt to unlock, timing
out after 10 seconds for each dataset found.
User can optionally specify explicitly which datasets to attempt to
unlock.
Also supports (optionally by force) unmounting filesystems and unloading
associated keys.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D30015
Delete code killed by SVN r13139 in 1996. Little chance that it would
still compile today.
PR: 257317
Reported by: Alan Shearer <sakison@gmail.com>
MFC after: 2 weeks
Sponsored by: Axcient
lld emits several GOT relocations referencing the null sumbol in libc.so
when compiled with -ftls-model=initial-exec. This symbol is specified
to be undefined.
We generally do not handle dynamic TLS relocations against weak,
undefined symbols, so avoid printing a warning here. This makes it
possible to compile libc.so using the initial-exec TLS model on arm64.
Reviewed by: jrtc27, kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31069
devmatch rc script would announce it was loading a module multiple
times. It used kldload -n so it really wasn't loading it that many
times, but the message is confusing. Use kldstat to see if we need to
load the module before saying we do. This fixes the vast majority of the
problems. It may be possible to race devmatch with a user invocation and
devd, though quite hard. In that case we'll announce things twice, but
still only load it once. No attempt is made to fix this.
PR: 232782
MFC After: 2 weeks
Sponsored by: Netflix
We document that we did not need .ko on the module names in
devmatch_blocklist, but we really needed them. Keep the documentation
the same, but strip the .ko when we need to use the names so you can
specify either.
PR: 256240
MFC After: 2 weeks
Sponsored by: Netflix
Support loading a default pf ruleset in case of invalid pf.conf.
If no pf rules are loaded pf will pass/allow all traffic, assuming the
kernel is compiled without PF_DEFAULT_TO_DROP, as is the case in
GENERIC.
In other words: if there's a typo in the main pf_rules we would allow
all traffic. The new default rules minimise the impact of this.
If $pf_program (i.e. pfctl) fails to set $pf_fules and
$pf_fallback_rules_enable is YES we will load $pf_fallback_rules_file if
set, or $pf_fallback_rules.
$pf_fallback_rules can include multiple rules, for example to permit
traffic on a management interface.
$pf_fallback_rules_enable defaults to "NO", preserving historic behaviour.
man page changes by ceri@.
PR: 256410
Reviewed by: donner, kp
Sponsored by: semaphor.dk
Differential Revision: https://reviews.freebsd.org/D30791
devmatch loads a number of things automatically. Allow the list of
things to load to happen first in case those drivers affect what would
be loaded. Normally, this will produce the same results, but there's
some special cases that may not when drivers are loaded that report
other drivers missing, like virtio_pci.
PR: 253287
Reviewed by: imp
MFC After: 2 weeks
This prevents these tests from being compiled with ASAN since the asan
interceptors also define opendir() but matching the libc function.
Reviewed By: oshogbo, kib, markj
Differential Revision: https://reviews.freebsd.org/D31038
This is a more reliable method that accounts for existing pidfiles,
procname and interpreter settings.
Current method of obtaining the pid for oomprotect="YES"|"ALL" processes
in certain cases fails to find a unique pid.
One such case are rc.d scripts defining command as:
command="daemon"
which results in all processes started via daemon being selected and
passed to protect(1) which fails and prints usage:
$ /etc/rc.d/exampled restart
Stopping exampled.
Starting exampled.
usage: protect [-i] command
protect [-cdi] -g pgrp | -p pid
Running the same with -x reveals what happens:
+ pid='3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979
5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419'
+ /usr/bin/protect -p 3051 4268 4390 4421 4427 4470 4588 4733 4740 4870
4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167
99419
usage: protect [-i] command
protect [-cdi] -g pgrp | -p pid
We have a more reliable way of obtaining pid already defined in rc.subr
and available when protect(1) needs it. We can simply `eval $_pidcmd`
which also invokes `check_process` but properly accounts for existing
pidfile, procname and interpreter settings.
With the change the pidfile is properly obtained.
Submitted by: Adam Wolk <a.wolk at fudosecurity.com>
Sponsored by: Fudo Security
Differential Revision: https://reviews.freebsd.org/D30367
The mprotect() call was failing on CheriBSD when changing rtld's relro
page permissions due to missing CHERI capability permissions on the
mprotect() argument but did not report an error since the return value
was being ignored. It should never fail on any supported FreeBSD
architecture, but checking the return value seems like a good
sanity check to me.
Reviewed By: kib, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30820
And move all the nfs related commands there.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D30754
Sponsored by: Diablotin Systems
Accept the old rc.conf variable if the new one is not present for
compatability.
Approved by: imp
Differential Revision: https://reviews.freebsd.org/D30806
This manpage has incorrectly documented the "dialup"
keyword as "dialin" since it was first added. Correct that.
Approved by: blackend (mentor)
MFC after: 12 days
Replace the check for zero harvest_mask with new check for empty string.
This allows one to specify harvest_mask="0" that disables harversting
entropy from all but "pure" sources. Exact bit values for "pure" sources
differ for stable/12 and later branches, so it is handy to use zero.
The check for zero pre-dates introduction of "pure" non-maskable sources
Use empty string to disable altering sysctl kern.random.harvest.mask.
Note that notion of "pure" random sources is not documented in user level
manual pages yet. Still, it helps to extend battery life for hardware
with embedded "Intel Secure Key RNG" by disabling all other sources.
Note that no defaults changed and default behaviour is not affected.
Reported by: Dmitry Luhtionov
/etc/rc.d/securelevel is supposed to run /etc/rc.d/sysctl lastload
late at boot time to apply /etc/sysctl.conf settings that fail
to apply early. However, this does not work in default configuration
because of kern_securelevel_enable="NO" by default.
Add new script /etc/rc.d/sysctl lastload that starts unconditionally.
Reported by: Marek Zarychta
MFC after: 1 month
Currently ipfw has multiple components that are not parts
of GENERIC kernel like dummynet etc. They can bring in important
sysctls if enabled with rc.conf(5) and loaded with ipfw startup script
by means of "required_modules" after initial consult
with /etc/sysctl.conf at boot time. Here is an example of one
increasing limit for dummynet hold queues that defaults to 100:
net.inet.ip.dummynet.pipe_slot_limit=1000
This makes it possible to use ipfw/dummynet rules such as:
ipfw pipe 1 config bw 50Mbit/s queue 1000
Such rule is rejected unless above sysctl is applied.
Another example is a group of net.inet.ip.alias.* sysctls
created after libalias.ko loaded as dependency of ipfw_nat.
This is not a problem if corresponding code compiled in custom kernel
so sysctls exist when sysctl.conf is read early or kernel modules
loaded with a loader. This change makes it work also for GENERIC
and modules loaded by means of rc.conf(5) settings.
MFC after: 1 month
There are still references to timed(8) and timedc(8) in the base system,
which were removed in 2018.
PR: 255425
Reported by: Ceri Davies <ceri at submonkey dot net>
Reviewed by: ygy, gbe
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30232
There should be no error after startup.
PR: 255698
Reported by: Eugene M. Kim <astralblue@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Make rc.d/routing read defaultrouter_fibN and ipv6_defaultrouter_fibN, and
set it as the default gateway for FIB N, where N is from 1 to (net.fibs - 1)
This allows adding gateways for multiple FIBs in the same format as the main
gateway. (FIB 0)
Reviewed by: olivier, rgrimes, bcr (man page)
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D22706
rtld preserves its current error message around calls to user init/fini
lists, to not override original error with potential secondary errors
caused by user code recursing into rtld. After 4d9128da54,
the preservation of the string itself is not enough, the 'seen'
indicator must be preserved as well. Otherwise, since new code does not
clear string (it cannot), call to _rtld_error() from errmsg_restore()
revived whatever message was consumed last.
Change errmsg_save() to return structure recording both 'seen' indicator
and the message, if any.
PR: 255698
Reported by: Eugene M. Kim <astralblue@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
set kld_disbale=y or any value in the boot loader and that will
disable loading of the kld_list.
Differential Revision: https://reviews.freebsd.org/D26939
Once the ipfw0 interface has been created, ifconfig(8) create will
throw a warning: ifconfig: create: bad value' when trying to create it
again.
PR: 241013
Submitted by: Jose Luis Duran
Approved by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30083
Previously it depended on sysctl, which itself has no dependencies,
so rcorder(8) had a bit too much flexibility when choosing when to run
it. Make sure it runs just between 'fsck' and 'root'.
Reviewed By: jmg, imp
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29748
This removes a minor annoyance with Linux jails, where you often
want linux_mounts_enable="NO", yet you want those filesystems
available for mounting in jails; normally mount(8) would result
in kernel automatically loading the KLD, but this doesn't work
inside jails or chroots.
PR: 242955
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29725
This improves consistency; the NETWORKING script provides both,
so there should be no functional change.
Differential Revision: https://reviews.freebsd.org/D29587
It was unused since 405c3050f1, which removed iBCS support.
This also moves the 'linux' rc script slightly earlier, which
might help in some setups. The original version of this patch
moved it even more, before 'mountcritlocal', which would fixe
mount(8) errors due to missing /dev/shm in setups with entries
for /path/to/chroot/dev/shm without the "late" flag; however,
in the end 'kldxref' turned out to depend on 'mountcritlocal'
anyway.
Reported By: pstef
Reviewed By: dchagin
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29590
Right now, libthr does not initialize RtldLockInfo.rtli_version when calling
_rtld_thread_init(), which makes versioning the interface troublesome.
Add a workaround: if the calling object of _rtld_thread_init() exports
the "_pli_rtli_version" symbol, then consider rtli_version initialized.
Otherwise, forcibly set it to RTLI_VERSION_ONE, currently defined as
RTLI_VERSION.
Export "_pli_rtli_version" from libthr and properly initialize rtli_version.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D29633
This makes it run a bit earlier in the startup, which will
be useful for the linux rc script later on.
Reviewed By: imp (earlier version)
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29589
This eliminates some non-trivial amount of code duplication, where done.
Only x86 and mips are handled right now.
Tested by: bdragon (powerpc), mhorne (riscv)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D29623
This fixes a regression in d36d681615, where the call to
__tls_get_address() was performed under rtld_bind_lock write-locked.
Instead use tls_get_addr_slow() directly, with locked = true.
Reported by: jkim, many others
Tested by: jkim, bdragon (powerpc), mhorne (riscv)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D29623
This was only needed on 32-bit arm prior to ARMv6. As we only support
ARMv6 or later remove it.
Reviewed by: mannu
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D29624
dl_iterate_phdr() dlpi_tls_data should provide the TLS module segment
address, and not the TLS init segment address as it does now.
Reported by: emacsray@gmail.com
PR: 254774
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
If the root file system is composed from multiple devices, wait for
devices to be ready before running zpool and dumpon rc scripts.
An example of this is if the bulk of the root file system exists on a
fast device (e.g. NVMe) but the /var directory comes from a ZFS dataset
on a slower device (e.g. SATA). In this case, it is possible that the
zpool import may run before the slower device has finished being probed,
leaving the system in an intermediate state.
Fix is to add root_hold_wait to the zpool and dumpon (which has a
similar issue) rc scripts.
PR: 242189
Reported by: osidorkin@gmail.com
Reviewed by: allanjude
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D29101
This fixes a problem where ctld(8) would refuse to start on boot
with a specific IP address to listen on configured in ctl.conf(5).
It also fixes a problem where ctld(8) would fail to start with
some network interfaces which require a sysctl.conf(5) tweak
to configure them, eg to switch them from InfiniBand to IP mode.
PR: 232397
Reported By: Mahmoud Al-Qudsi <mqudsi at neosmart.net>
Submitted By: Jeremy Faulkner <gldisater at gmail.com>
Reviewed By: mav
Differential Revision: https://reviews.freebsd.org/D29578
The new PRELOAD_FDS variable accepts a list of file descriptors
that should be loaded into the process.
This may be used to optimize a loading process - in the case when
we already have a file descriptor to the library; we don't have
to look into multiple PATH to find it.
It may also be used in capability mode to load a single additional
library without the need to open a directory that contains it.
The last use of this functionality t may be a race-free method
of loading libraries.
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D29334
Previously it would try to load linux.ko instead of linux64.ko
and fail. While here, don't try to match 'linuxaout'; even if
implemented, it's the same module as `linuxelf`.
Reviewed By: emaste
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29288
This is not ready yet for prime time
This reverts commit 763db58932.
This reverts commit f1ab799927.
This reverts commit 6e822e9957.
This reverts commit 77e1ccbee3.
Daniel reported that NFSv4 mounts were not working despite having
set "nfsv4_server_enable=YES" in /etc/rc.conf. Mountd was logging a
message that there was no /etc/exports file.
He noted that creating a /etc/exports file with a "V4:" line in it
was needed make NFSv4 mounts work.
At least one "V4:" line in one of the exports(5) file(s) is needed to
make NFSv4 mounts work. This patch fixes mountd.c so that it logs a
message indicting that there is no "V4:" line in any exports(5)
file when NFSv4 mounts are enabled.
To avoid this message being generated erroneously, /etc/rc.d/mountd
is updated to make sure vfs.nfsd.server_max_nfsvers is properly set
before mountd(8) is started.
Reported by: debdrup
PR: 253901
MFC after: 2 weeks
Parentheses added to HASZERO macro to avoid a GCC warning, and formatted
with clang-format as we have adopted these and don't consider them
'contrib' code.
Obtained from: musl (snapshot at commit 4d0a82170a25)
Reviewed by: kib (libc integration), mjg (both earlier)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17630
Fix another bug in 77e1ccbee3. $IFS
should be fully restored for its other users.
PR: 249192
Reported by: jkim
MFC after: 3 weeks
X-MFC with: 77e1ccbee3
77e1ccbee3 introduced a bug whereby
rc scripts in etc/rc.d and $local_startup failed to parse output
from called commands because IFS was set to " " instead of the
default " \t\n". This caused parsing of output that contains any
whitespace character, such as tabs and newlines, not matching just a
space to fail.
PR: 249192
MFC after: 3 weeks
X-MFC with: 77e1ccbee3
77e1ccbee3 introduced parallel execution
of rc. It separated groups with line feeds (\n) and elements within
groups using spaces. This is a natural separation due to rcorder
using spaces and lines to separate elements within groups with groups
of services separated by line feeds.
77e1ccbee3 parses the output from rcorder
by setting $IFS. However it failed to reset $IFS to default ' \t\n'
prior to calling find_local_scripts_new(), causing find_local_scripts_new()
to fail parsing $local_startup for site-specific local rc scripts, i.e.
${LOCALBASE}/etc/rc.d. This caused daemons from ports and packages such
as postfix, dovecot, nut, and others in ${LOCALBASE} not to be started.
PR: 249192
MFC after: 3 week
X-MFC with: 77e1ccbee3
- Upgrading from older FreeBSD versions can result in errors
- /var/run can be a tmpfs, and this should be handled correctly
Approved by: markj
Differential Revision: https://reviews.freebsd.org/D28843
MFC after: 2 weeks
As of ipfilter 5.1.2 the IPv4 and IPv6 rules tables have been merged.
The ipf(8) -6 option has been a NOP since then. Currently the additional
ipf -6 load statement in rc.d/ipfilter simply added the second ipfilter
rules file to the table already populated by the previous ipf command.
Plenty of time has passed since ipfilter 5.1.2 was imported. It is time to
remove the option from rc.conf and the rc script.
Differential Revision: https://reviews.freebsd.org/D28615
Fix e40787f900 to make libexec/rc/rc.d/linux retrieve the sysctl
after loading the kernel module which provides it, not before.
Reported By: jkim
Sponsored By: The FreeBSD Foundation
In /etc/rc.d/linux the mounting paths of procfs, sysfs and devfs
are hardcoded to "/compat/linux". Switching to the content of
compat.linux.emul_path sysctl would allow to switch linuxulator
to different place.
Submitted by: freebsdnewbie_freenet.de
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27807
When a library is opened via fdlopen, it has a null pointer for its path
and so _rtld_bind can crash as a result of passing the null pointer to
basename() (which passes it to strrchr(), which doesn't do a null check).
PR: 253081
Submitted by: theraven
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28442
This eliminates a lot of stat() calls that happen when lualoader renders the
menu with the default settings, and greatly speeds up rendering on my
laptop.
ftype is nil if loader/loader.efi hasn't been updated yet, falling back to
lfs.attributes() to test.
This is technically incompatible with lfs, but not in a particularly
terrible way.
Reviewed-by: cem
MFC-after: 4 days
Differential Revision: https://reviews.freebsd.org/D27542
auditd creates a pidfile so we should use it for status checks.
This also seems to speed up the frequent onestatus checks used in
tests/sys/audit.
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28389
In order to reduce the pre-requisites of this file, implement the
pattern matching and creation of a temporary test directory without
use of grep respectively mktemp.
The new version makes it possible to provide a writable /tmp in any
case and independently of other local or remote file systems (except /
and /dev) being mounted.
The use of "dd if=/dev/random" has the same dependency on /dev/random
being operational as the previous version that used "mktemp". If this
is found to be an issue on platforms that do not have gathered
sufficient entropy at the time when this scriot is run, I suggest to
replace the "dd" command with "ps lauxww" to get a somewhat random
test directory name.
Approved by: rgrimes, glebius, cy
MFC after: 4 weeks
Differential Revision: https://reviews.freebsd.org/D28209
depend on FILESYSTEMS run mktemp(1). For systems that have read-only
root this is broken until memory disk based /tmp is instantiated. At
least 'os-release' and 'motd' are subject to this problem.
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D28097
remote filesystems. Discussed this with Brooks and he can't find
evidence that provoked the change in 2005. If anything gets broken
I will fix it in a different way, not via rc sequence change.
Discussed with: brooks
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D28097
the following warning printed at boot time:
rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
Close that using BEFORE rather than REQUIRE for writing down
dependencies of optional components.
This was disconnected from the build in 2001 in commit 66422f5b7a
with a comment that it was long overdue even then.
Sponsored by: The FreeBSD Foundation
This makes text segment relocation work under W^X.
Submitted by: Greg V <greg@unrelenting.technology> (original version)
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D27953
to prevent obliteration of error value from the original syscall.
Also improve error message for short read.
Submitted by: Konrad Sewiłło-Jopek
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27864
Statically link rtld-elf with libcompiler_rt on all architectures so
that we don't need to try to pick and choose the bits we need from it
for each architecture (we now leave that to the linker). Compilers may
emit calls to support functions in this library, but because of the use
of the linker flag -nostdlib for rtld's special needs, the library is
not linked as normal.
Previously we had two different solutions. On some architectures, we
were able to extract reimplementations of the necessary builtin
functions from our special build of libc. On ARM, we just linked
libcompiler_rt.
This is motivated by the same issue as D26199 and D27665, but should be
a simpler solution that will apply to all architectures.
Reviewed by: arichardson, kib
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D27736
This fixes the gcc9 build of rtld-elf32 on amd64, which needed an
implementation of udivmoddi4.
rtld-elf uses certain functions normally found in libc, and so it
includes certain files from libc in its own build. It has two
mechanisms to include files from libc: one that rebuilds source files in
the rtld-elf environment, and one that extracts object files from a
purpose-built no-SSP PIC archive.
In addition to libc functions, rtld-elf may need to link functions
normally found in libcompiler_rt (formerly libgcc). Now, add an ability
to rebuild libcompiler_rt source files in the rtld-elf environment. We
don't yet have a need for an object file extraction mechanism.
libcompiler_rt could also supply udivdi3 and umoddi3, but leave them
alone for now.
Reviewed by: arichardson, kib
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D27665
ar cr is an update of an archive, not a creation of a new one. During
incremental builds (e.g. with meta mode) the archive was not getting
cleaned, and so could retain now-deleted objects from previous builds.
Now, delete the archive before creating/updating it.
Reviewed by: arichardson, bdrewery, kib
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D27663
Although it is not often needed, the nfscbd(8) should be running when
NFSv4 mounts are done if callback functionality is required.
Callback functionality is required for the NFSv4 server to issue
delegations or pNFS layouts.
This patch adds nfscbd to the mountcritremote's REQUIRED line
to ensure it is started before NFS mounts specified in /etc/fstab
are done.
Reviewed by: 0mp
Differential Revision: https://reviews.freebsd.org/D27506
Follow-up to r353959 and r368070: do the same for other architectures.
arm32 already seems to use its own .fnstart/.fnend directives, which
appear to be ARM-specific variants of the same thing. Likewise, MIPS
uses .frame directives.
Reviewed by: arichardson
Differential Revision: https://reviews.freebsd.org/D27387
r366857 created a number of problems, tearing down interfaces too
early in shutdown. This resulted in:
- hung ssh sessions when shutting down or rebooting remotely using
shutdown (I've used exec shutdown, for years, as apposed to simply
shutdown).
- NFS mounted filesystems "disappear" prior to unmount.
- dhclient attached to a VLAN on an interface who's parent interface
has already shut down prints errors.
The path forward is to teach lagg(4) and vlan(4) about WOL.
PR: 251531, 251540
PR: 158734, 109980 are broken again
Reported by: jhb, emaste, jtl, Helge Oldach<freebsd_oldach.net>
Martin Birgmeier <d8zNeCFG_aon.at>
MFC after: Immediately
Discussion at: https://reviews.freebsd.org/D27459
Enable ND6_IFF_IFDISABLED when the interface is created in the
kernel before return to user space.
This avoids a race when an interface is create by a program which
also calls ifconfig IF inet6 -ifdisabled and races with the
devd -> /etc/pccard_ether -> .. netif start IF -> ifdisabled
calls (the devd/rc framework disabling IPv6 again after the program
had enabled it already).
In case the global net.inet6.ip6.accept_rtadv was turned on,
we also default to enabling IPv6 on the interfaces, rather than
disabling them.
PR: 248172
Reported by: Gert Doering (gert greenie.muc.de)
Reviewed by: glebius (, phk)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D27324
The problem is that zfs is asked to stop too early in the shutdown
sequence. Other services, such as syslog may still be running and have some
files open (e.g., under /var/log). This of course causes the messages like:
cannot unmount '/var/run': umount failed
cannot unmount '/var/log': umount failed
cannot unmount '/var': umount failed
cannot unmount '/usr/home': umount failed
cannot unmount '/usr': umount failed
cannot unmount '/': umount failed
For now, let's remove the shutdown KEYWORD from the zfs service, as people are
reporting problems in their setups:
https://lists.freebsd.org/pipermail/freebsd-current/2020-November/077559.html
In the future, we may think of stopping zfs on shutdown after all the other
services and just before init(8) exits. Another interesting option might be to
a new rcorder(8) KEYWORD like "shutdownjail", but this idea would need to be
discussed a bit.
Reported by: Johan Hendriks <joh.hendriks gmail.com>
Reported by: Yasuhiro KIMURA <yasu utahime.org>
Reported by: Tomoaki AOKI <junchoon dec.sakura.ne.jp>
Approved by: kevans (src)
MFC: 3 days
Differential Revision: https://reviews.freebsd.org/D27263
meowthink@gmail.com reported that the gssd daemon was not
starting, because /etc/rc.d/gssd was executed before his local
/usr file system was mounted.
He fixed the problem by adding mountcritlocal to the REQUIRED
line.
This fix seems safe and works for a separately mounted /usr file
system on a local disk.
The case of a separately mounted remote /usr file system (such as
NFS) is still broken, but there is no obvious solution for that.
Adding mountcritremote would fix the problem, but it would
cause a POLA violation, because all kerberized NFS mounts
in /etc/fstab would need the "late" option specified to work.
Submitted by: meowthink@gmail.com
Reported by: meowthink@gmail.com
Reviewed by: 0mp
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27203
r376026 added a new "-R" option to mountd, which tells it to
not support the Mount protocol (not used by NFSv4) and not
register with rpcbind.
Rpcbind is considered a security issue by some sites now.
This patch adds a new yes/no variable called nfsv4_server_only.
When that is set, make vfs.nfsd.server_min_vers=4 and set "=R"
for mountd.
Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind.
While here, add a check for "load_kld nfsd" failing to nfsd.
Reviewed by: 0mp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26938
The variable defaults to "/usr/local", unless sysctl returns some other
value for "user.localbase".
The value of user.localbase defaults to _PATH_LOCALBASE as defined in
paths.h and thus this commit has no immediate effect.
The purpose of this change is to make /etc/defaults/rc.conf automatically
use the value of _PATH_LOCALBASE when not set to the default value.
Reviewed by: imp, scottl
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D27014
The problem is that Without walling /etc/rc.d/zfs on shutdown, resources
associated with ZFS mounts are not freed and the jails will remain in dying
state. In addition, the dataset is now in a dangling state, as the jail it
is attached to is dying.
A known workaround for jails was to add the following lines
to /etc/jail.conf, to make sure that "service zfs stop" is run
when the jail is stopped:
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.stop += "/usr/sbin/service zfs stop || /usr/bin/true";
While the workaround seems to be okay-ish for the jail situation, it is
still unclean. However, for physical hosts this may wreak havoc with the
pool if shared spares are used, as "zfs unshare" is never invoked on
shutdown.
PR: 147444
Submitted by: Markus Stoff <markus__stoffdv_at>
Reported by: Mykah <mburkhardt__exavault_com>
Reviewed by: cy
Approved by: cy (src)
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27039
This is especially important during shutdown because a child interface
of lagg with WOL enabled will not enable WOL at interface shutdown and
thus no WOL to wake up the device (and machine).
PR: 158734, 109980
Reported by: Antonio Huete Jimenez <tuxillo at quantumachine.net>
Marat N.Afanasyev <marat at zealot.ksu.ru>
reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26797
- whitespace at end of input line
- skipping paragraph macro: Pp at the end of Sh
- new sentence, new line
- consider using OS macro: Fx
- AUTHORS section without An macro
- skipping paragraph macro: Pp before Ss
When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in
/etc/pf.conf, these hostnames cannot be resolved via external nameservers
because the default route is not yet set. This results in an empty
(all open) ruleset.
Since r195026 already put netif back to REQUIRE, this change does not affect
the issue that the firewall should rather have been setup before any
network traffic can occur.
PR: 211928
Submitted by: Robert Schulze
Reported by: Robert Schulze
Tested by: Mateusz Kwiatkowski
No objections from: kp
MFC after: 3 days
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.
Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
Given that we have converted to ELFv2 for BE already, endianness is the only
difference between the two ARCHs.
As such, there is no need to differentiate LIBC_ARCH between the two.
Combining them like this lets us avoid needing to have two copies of several
bits for no good reason.
Sponsored by: Tag1 Consulting, Inc.
bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.
By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.
By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.
bootonce dataset name is recorded in boot pool labels, bootenv area.
in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.
bootonce and nextboot features are usable in both UEFI and BIOS boot.
To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).
At this time, only lua loader is updated.
Sponsored by: Netflix, Klara Inc.
Differential Revision: https://reviews.freebsd.org/D25512
This would allow interested parties to do experimental runs with an
environment set appropriately to raise all the warnings throughout the
build; e.g. env WARNS=6 NO_WERROR=yes buildworld.
Not currently touching the numerous instances in ^/tools.
MFC after: 1 week
Currently, WITHOUT_PORTSNAP forces WITHOUT_FREEBSD_UPDATE because the
latter relies on phttpget, which lives inside the portsnap build bits.
Remove the dependency between these two options by moving phttpget out into
^/libexec and building/installing it if either WITH_PORTSNAP or
WITH_FREEBSD_UPDATE.
Future work could remove the conditional if it's decided that users will use
it independently of either the current in-base consumers.
Reported by: swills
Reviewed by: jilles, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D26255
This is consistent with how array inits are called, and also makes us
more compatible with glibc environment.
Requested by: Alex S <iwtcex@gmail.com>
PR: 249162
Reviewed by: dim, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D26351
Such objects can still have valid relocations not requiring symbolic
references.
PR: 249121
Reported by: wsh@riski.sh
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
If object has no dynamic phdr, do not try to dereference NULL. This
means that we cannot process any relocation, and that there cannot be
symbols defined, but it is up to static linker to produce meaningful
objects.
PR: 249121
Reported by: wsh@riski.sh
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
After OpenZFS import, zpool auto import behavior was moved to an
explicit "zpool import -a", and the zpool rc.d script was added
as a prerequisite of zvol.
However, in r299839, zvol was added as a prerequisite of dumpon,
making it to start very early and before all 'disks' providers.
At this time, dumping on a zvol is not supported, so remove this
requirement and make zpool depend on disks to allow zpool on
full disk encryption work.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D26333
This violated the RISC-V 64-bit ABI. On CheriBSD this manifested as
a trap when attempting to store 16-byte aligned types while zeroing
the stack.
Reported by: CHERI, jrtc27
Reviewed by: mhorne, br
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D26327
prior to zvol and mountcritlocal resulting in ZVOLs (swap and
virtual machine UFS filesystems) being unavailable, leading to
boot failures.
We move the zpool import from zfs to a new zpool script, with the
-N option to avoid mounting datasets while making the ZPOOL's
datasets available for "legacy" mount (mountpoint=legacy) and ZVOLs
available for subsequent use for swap (in the zvol rc sript) or
for UFS or other filesystems in fstab(5), mounted by mountcritlocal.
Reviewed by: freqlabs (previous version)
Differential Revision: https://reviews.freebsd.org/D26185
The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.
I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.
Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.
Improvements include:
project quotas, encrypted datasets,
allocation classes, vectorized raidz,
vectorized checksums, various command line
improvements, zstd compression.
Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D25872
flua does have some specific bits that will include luaconf.h, but the
definition of LUA_USE_DLOPEN for those won't matter. This belongs in liblua
instead.
To expand on my previous commit, which was a little sparse with details,
it's not really safe to allow LUA_USE_DLOPEN with host lib paths being used.
The host system could have an entirely different lua version and this could
cause us to crash and burn.
If we want to revive this later, we need to make sure to define c module
paths inside OBJDIR that are compiled against whatever version we've
bootstrapped.
Pointy hat: kevans
are encountered at boot time:
rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netif' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netwait' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/net_watchdog' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/securelevel' has no
providers.
Listing its own requrements in BEFORE rather than use REQUIRE of
non-optional scripts resolves this issue.
The issue was discovered and patched by glebius at Netflix.
Submitted by: glebius
Reported by: glebius
MFC after: 1 week
The space between words is already being echoed by the space between quoted strings:
% echo 'foo' 'bar'
foo bar
% echo 'foo' ' baz'
foo baz
Found in `ipfw` and `mountlate` messages.
PR: 247948
Submitted by: Jose Luis Duran <jlduran@gmail.com>
MFC after: 2 weeks
Sponsored by: Klara Inc.
In the last IFUNC related changes to rtld, the code that handled non-PLT
GNU IFUNC relocations ended up getting lost. This could leave some
relocations unhandled, causing crashes or misbehavior. This change restores
the handling of these relocations, but now together with the other IFUNC
relocations, allowing resolvers to reference external symbols.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Eldorado Research Institute (eldorado.org.br)
Differential Revision: https://reviews.freebsd.org/D25550
This fixes Linux gettyname(3), with caveats (see PR).
PR: kern/240767
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25558
aout support in ldconfig hasn't been required since FreeBSD 2.x.
Anyone still using FreeBSD 2 shared libraries can use a FreeBSD 2
ldconfig to generate aout ldconfig hints.
Reviewed by: dim, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24883
There are cases when gif_interfaces cannot be replaced
with cloned_interfaces, such as tunnels with external IPv6 addresses
and internal IPv4 or vice versa. Such configuration requires
extra invocation of ifconfig(8) and supported with gif_interfaces only.
MFC after: 1 week
libucl comes with a Lua library binding. Build it into flua.
This lets us parse/generate config files in the various formats supported by
libucl with flua. For example, the following script will detect the format of
an object written to stdin as one of UCL config, JSON, or YAML and write it to
stdout as pretty-printed JSON:
local ucl = require('ucl')
local parser = ucl.parser()
parser:parse_string(io.read('*a'))
local obj = parser:get_object()
print(ucl.to_format(obj, 'json'))
Reviewed by: kevans, pstef
Approved by: mmacy (mentor)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D25009
This makes old ldd to still work on newer tagged PIE binaries.
Also move debug line for hashes before both decisions to not load are
done, so that the end of digest_dynamic() processing and reason to not
load or load is seen in debug trace.
Noted by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Which makes all calls to load_object() to observe the flag, except the
calls for preloaded DSOs.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Rtld itself is a shared object which does not have vendor note, so
after the direct exec of ld-elf.so.1 process has p_osrel set to zero.
This affects the ABI of syscalls.
Set osrel to the __FreeBSD_version value at compile time right after
rtld identified direct exec mode. Then, switch to the osrel read from
the binary note or zero if no note, right before starting calling
ifunc resolvers, which is the first byte of the user code.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Linkers are supposed to mark PIE binaries with DF_1_PIE, such binary
cannot be correctly and usefully loaded neither by dlopen(3) nor as a
dependency of other object. For instance, we cannot do anything
useful with COPY relocations, among other things.
Glibc already added similar restriction.
Requested and reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D25086
It is wrong to relate on __FreeBSD_version, either from
include/param.h, kernel, or libc, to check for rtld features.
Rtld might be from newer world than the running userspace.
Add special private symbols exported by rtld itself, to indicate the
changes in runtime behavior, and features that cannot be otherwise
detected or deduced at runtime.
Note that the symbols are not exported from libc, so they intentionally
cannot be linked against, and exported from the private namespace from rtld.
Consumers are required to use dlsym(3). For instance, for
_rtld_version_laddr_offset, user should do
ptr = dlsym(RTLD_DEFAULT, "_rtld_version_laddr_offset")
or even
ptr = dlvsym(RTLD_DEFAULT, "_rtld_version_laddr_offset",
"FBSDprivate_1.0");
Non-null ptr means that the change is present.
Also add _rtld_version__FreeBSD_version indicator to report the
headers version used at time of the rtld build.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D24982
Keep link_map l_addr binary layout compatible, rename l_addr to l_base
where rtld returns map base. Provide relocbase in newly added l_addr.
This effectively reverts the patch to the initial version of D24918.
Reported by: antoine (portmgr)
Reviewed by: jhb, markj
Tested by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D24946
It previously returned the object map base address, while all other
ELF operating systems return load offset, i.e. the difference between
map base and the link base.
Explain the meaning of the field in the man page.
Stop filling the mips-only l_offs member, which is apparently unused.
PR: 246561
Requested by: Damjan Jovanovic <damjan.jov@gmail.com>
Reviewed by: emaste, jhb, cem (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D24918
Prior to this change, using lagg to aggregate wired and wireless networks
was broken in the (relatively common) case where wifi drivers + firmware
are loaded by devmatch, since the interface didn't exist at the time when
the lagg interface was being created.
Suggested by: imp
MFC after: 3 days
