Commit Graph

2693 Commits

Author SHA1 Message Date
Konstantin Belousov
73dddffc31 crt_malloc: more accurate handling of mmap(2) failure
Reset both pagepool_start and pagepool_end after a mmap(2) failure,
to avoid using invalid pagepool either for allocation or munmap(2).

PR:	259076
Noted by:	Denis Koreshkov <dynamic-wind@mail.ru>
Reviewed by:	arichardson
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32514
2021-10-19 01:02:47 +03:00
Fangrui Song
a7d137fcbc rtld: Support DT_RELR relative relocation format
PIE and shared objects usually have many relative relocations. In
2017/2018, a compact relative relocation format RELR was proposed on
https://groups.google.com/g/generic-abi/c/bX460iggiKg/m/GxjM0L-PBAAJ
("Proposal for a new section type SHT_RELR") and is a pre-standard.
RELR usually takes 3% or smaller space than R_*_RELATIVE relocations.
The virtual memory size of a mostly statically linked PIE is typically
5~10% smaller.

ld.lld --pack-dyn-relocs=relr emits RELR relocations. DT_RELR has been
adopted by Android bionic, Linux kernel's arm64 port, Chrome OS (patched
glibc).

This patch adds DT_RELR support to FreeBSD rtld-elf.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D32524
2021-10-17 02:37:13 +03:00
Emmanuel Vadot
d0f0e0bd74 rtld: Do not install libmap.conf when installing the COMPAT32 version
This has the effect of installing the same file twice at the same location
and confuse pkgbase as we add this file twice in the package config part.

MFC after:  1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
2021-10-13 14:42:08 +02:00
Konstantin Belousov
ba7f9c1b61 rtld direct exec: add -d option
to ignore lack of execute permission on the binary.  The check is a
bad security theatre anyway.

Reviewed by:	arichardson, imp
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32464
2021-10-13 03:41:48 +03:00
Konstantin Belousov
19e008e7f7 crt_malloc: Be more persistent when handling mmap() failure
In the situation with limited address space, together with
fragmentation, it is possible for mmap() request in morecore() to fail
when asking for required size + NPOOLPAGES, but succeed without the
addend.  Retry allocation there.

PR:	259076
Reported by:	Denis Koreshkov <dynamic-wind@mail.ru>
Reviewed by:	arichardson
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32474
2021-10-13 02:37:09 +03:00
Konstantin Belousov
0b72d2965d crt_malloc: use uintptr_t instead of long for arithmetic on addresses
and avoid unneeded casts

Reviewed by:	arichardson (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32474
2021-10-13 02:37:09 +03:00
Tom Hukins
70ffa69e1b Remove obsolete amd(8) rc.conf configuration
The script that used these was removed in 13f7dbe822 along with amd
itself.

Fixes:		13f7dbe822 ("retire amd(8)")
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/548
2021-10-05 17:16:58 -04:00
Baptiste Daroussin
cbc83e378a ncurses: chase dependency changes in the source tree
Differential Revision:	https://reviews.freebsd.org/D32098
2021-10-04 11:38:24 +02:00
Kyle Evans
cfb9be5062 bootp: remove the USE_BFUNCS knob
We'd likely be better served by converting these to the equivalent mem*
calls, but just kill the knob for now. The b* macros being defined get
in the way of _FORTIFY_SOURCE.

Reviewed by:	imp, markj
Differential Revision:	https://reviews.freebsd.org/D32235
2021-09-30 23:47:06 -05:00
Warner Losh
24ccef8140 bluetooth: Remove stray btccc references
The 3com bluetooth PC Card adapter was removed from the tree when PC
Card support was removed earlier this year. Remove stray references to
it still in the tree.

Sponsored by:		Netflix
2021-09-29 21:58:27 -06:00
Warner Losh
66d6299848 bluetooth: remove hcseriald
Without ng_h4 gone, there's no need for hcseriald.

Sponsored by:		Netflix
2021-09-29 21:18:17 -06:00
Emmanuel Vadot
860ee1792a Fix gssd rc.d installation
CONFGROUPS needs to be in CAPS

Fixes: a30235a4c3 ("pkgbase: Create a FreeBSD-kerberos package")
Reported by:	    kp
2021-09-27 18:31:20 +02:00
Hans Petter Selasky
624a34b87b rc.d/mixer: Use -o flag instead of -s flag to get current mixer state.
Submitted by:	christos@
Differential Revision:	https://reviews.freebsd.org/D31636
Sponsored by:	NVIDIA Networking
2021-09-22 22:09:36 +02:00
Baptiste Daroussin
c96da19945 dma: make the version exposed reflect the new version 2021-09-22 11:12:04 +02:00
Xin LI
6f62e3a719 The linux rc.d script mounts several filesystems related to Linux ABI
compatibility layer.  When /compat is located on a ZFS other than /,
mount would fail because they were not mounted.

Solve this by moving `linux` to depend on `zfs` which mounts all ZFS
filesystems.

Differential Revision:	https://reviews.freebsd.org/D31848
MFC after:		2 weeks
2021-09-19 22:25:26 -07:00
Antranig Vartanian
7955efd574 Add support for jail.conf.d
Using /etc/jail.{jailname}.conf is nice, however it makes /etc/ very
messy if you have many jails.  This patch allows one to move these
config files out of the way into /etc/jail.conf.d/{jailname}.conf.

Note that the same caveat as /etc/jail.*.conf applies: the jail service
will not autodiscover all of these for starting 'all' jails.  This is
considered future work, since the behavior matches.

Reviewed by:	kevans
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D24570
2021-09-10 00:30:04 -05:00
Cy Schubert
d06d7eb091 wpa: Address CTRL-EVENT-SCAN-FAILED
5fcdc19a81 didn't fully resolve the issue. There remains a report
that an ifconfig wlan0 up by itself is insufficient. Ifconfig down
must precede it.

Reported by:	Filipe da Silva Santos <contact _ shiori_com_br>
Fixes:		5fcdc19a81
MFC after:	3 days
2021-09-08 17:20:52 -07:00
Cy Schubert
5fcdc19a81 wpa: Address CTRL-EVENT-SCAN-FAILED
Some installations may experience CTRL-EVENT-SCAN-FAILED when
associating to an AP. Installations that specify
ifconfig_wlan0="WPA ... up" in rc.conf do not experience
the problem whereas those which specify ifconfig_wlan0="WPA" without
the "up" will experience CTRL-EVENT-SCAN_FAILED.

However those that specify "up" in ifconfig_wlan0 will be able to
reproduce this problem by service netif stop wlan0;
service netif start wlan0. Interestingly The service netif stop/start
problem is reproducible on the older wpa 2.9 as well.

Reported by:	dhw
Reported by:	"Oleg V. Nauman" <oleg _ theweb_org_ua>
Reported by:	Filipe da Silva Santos <contact _ shiori_com_br>
Reported by:	Jakob Alvermark <jakob _ alvermark_net>
MFC after:	3 days
2021-09-07 05:55:48 -07:00
Emmanuel Vadot
db953e8b97 pkgbase: Create a FreeBSD-hyperv package
Put all hyperv utilities in it.

Differential Revision:	 https://reviews.freebsd.org/D31805
2021-09-07 10:24:54 +02:00
Emmanuel Vadot
a30235a4c3 pkgbase: Create a FreeBSD-kerberos package
This allows users to install or not kerberos related utilities
and libs.

Differential Revision:	https://reviews.freebsd.org/D31801
2021-09-07 10:23:14 +02:00
Emmanuel Vadot
c7fd29f0f2 pkgbase: Create a FreeBSD-telnet package
both telnet and telnetd aren't that useful nowadays but some
might want them.
Create a FreeBSD-telnet package so users have a choice to have
them or not.

Differential Revision:	https://reviews.freebsd.org/D31791
Reviewed by: emaste
2021-09-07 10:18:11 +02:00
Maxim Sobolev
2651609fcb Allow rc.d script to provide "status" method, even if it does not
define procname or have a PID file. This might be useful for cases,
such as mounting local FS, when there is no running daemon
still some other persistent state in the system which status
can be checked.

It is still possible to have a status method before this by having
extra_commands="status", but it's not obvious and might give
an script writer some extra legwork to figure out how and why
the straight method is not working.

Reviewed by:	cy
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D31614
2021-08-20 09:43:46 -07:00
Scott Long
045001075e - Fix the growfs rc script to cope with diskid labels.
- Fix a warning in growfs. gpart commit is supposed to be called on disk
  device.
- Silence a gpart commit warning in growfs.

Submitted by: loos
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D31587
Sponsored by: Rubicon Communications, LLC ("Netgate")
2021-08-17 21:50:18 +00:00
Konstantin Belousov
aa68b3bb2e rtld: constify most variables holding references to the environment values
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31545
2021-08-17 15:06:08 +03:00
Konstantin Belousov
b4b2748891 rtld: provide private getenv(3)
Reviewed by:	arichardson, markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31545
2021-08-17 15:05:47 +03:00
Konstantin Belousov
bfd4c875a1 rtld: avoid use of of getenv(3) for evaluating rtld env vars (LD_XXX)
Scan through the set of environment variables during initialization and
store values in the corresponding ld_env_var_desc structure, in the
single pass at init time. This does not eliminate use of getenv(3) and
unsetenv(3) completely, but provides a foundation to do that as the next
step.

Also organize the scan in a way that makes it easier to support aliases
like LD_DEBUG vs. LD_64_DEBUG.

Suggested by:	arichardson
Reviewed by:	arichardson, markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31545
2021-08-17 15:05:47 +03:00
Konstantin Belousov
451dc2b7cc rtld: rework how environment variables are named
Instead of specifying the main name part of the environment variable as the
string literal, create array of the var names and access them by symbolic
index.  Convert main name parts into complete names by prefixing with
ABI-specific ld_env_vars.

This way the name is not repeated, and also it can carry additional
proporties explicitly.  For instance, cleanup of the environment for
the setuid image does not require retyping all names.

Reviewed by:	arichardson, markj
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D31545
2021-08-17 15:05:46 +03:00
Dan Langille
35cf9fecbd Enable rc.d/jail within jails
Jails with jails is a supported. This change allows the script to run
upon startup with a jail. Without this, jails are not automatically
started within jails.
2021-08-17 09:07:53 +02:00
Fangrui Song
7da378f9de rtld: Switch to the standard symbol lookup behavior if LD_DYNAMIC_WEAK is set
The current lookup prefers a strong definition to a STB_WEAK definition
(similar to glibc pre-2.2 behavior) which does not conform to the ELF
specification.

The non-compliant behavior provoked https://reviews.llvm.org/D4418
which was intended to fix -shared-libasan but introduced
new problems (and caused some sanitizer tests (e.g.
test/asan/TestCases/interception_failure_test.cpp) to fail): sanitizer
interceptors are STB_GLOBAL instead of STB_WEAK, so defining a second
STB_GLOBAL interceptor can lead to a multiple definition linker error.
For example, in a -fsanitize={address,memory,...} build, libc functions
like malloc/free/strtol/... cannot be provided by user object files.

See
https://docs.freebsd.org/cgi/getmsg.cgi?fetch=16483939+0+archive/2014/freebsd-current/20140716.freebsd-current
for discussions.

This patch implements the ELF-compliant behavior when LD_DYNAMIC_WEAK is
set. STB_WEAK wrestling in symbol lookups in `Search the dynamic linker
itself` are untouched.

Reviewed by:	kib
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D26352
2021-08-16 13:55:35 +03:00
Fangrui Song
8f63fa78e8 rtld: Remove calculate_tls_end
Variant I architectures use off and Variant II ones use size + off.
Define TLS_VARIANT_I/TLS_VARIANT_II symbols similarly to how libc
handles it.

Reviewed by:	kib
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31539
Differential revision:	https://reviews.freebsd.org/D31541
2021-08-16 13:55:35 +03:00
Fangrui Song
e6c7696203 rtld: Fix i386/amd64 TP offset when p_vaddr % p_align != 0
For a Variant II architecture, the TP offset of a TLS symbol is st_value -
tlsoffset + r_addend. tlsoffset is computed by either calculate_tls_offset
or calculate_first_tls_offset.

The return value of calculate_first_tls_offset is the smallest integer
satisfying res >= size and (-res) % p_align = p_vaddr % p_align
(= p_offset % p_align).  (The formula is a bit contrived. The basic idea
is to subtract the minimum integer from size + align - 1 so that the result
ihas the expected remainder.)

Reviewed by:	kib
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31538
Differential revision:	https://reviews.freebsd.org/D31541
2021-08-16 13:55:34 +03:00
Konstantin Belousov
c9f833abf1 rtld: Round down relro_size
lld rounds up p_memsz(PT_GNU_RELRO) to satisfy common-page-size. If the
page size is smaller than common-page-size, rounding up relro_size may
incorrectly make some RW pages read-only.

GNU ld, gold, and ld.lld ensures p_vaddr+p_memsz is a multiple of
common-page-size. While max-page-size >= system the page size,
common-page-size can be smaller than the system page size.

Submitted by:	MaskRay
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31498
2021-08-13 12:58:53 +03:00
Alex Richardson
7bc797e3f3 Add build system support for ASAN+UBSAN instrumentation
This adds two new options WITH_ASAN/WITH_UBSAN that can be set to
enable instrumentation of all binaries with AddressSanitizer and/or
UndefinedBehaviourSanitizer. This current patch is almost sufficient
to get a complete buildworld with sanitizer instrumentation but in
order to actually build and boot a system it depends on a few more
follow-up commits.

Reviewed By:	brooks, kib, markj
Differential Revision: https://reviews.freebsd.org/D31043
2021-08-02 14:33:24 +01:00
Eirik Øverby
33ff39796f Add zfskeys rc.d script for auto-loading encryption keys
ZFS in 13 supports encryption, but for the use case where keys are
available in plaintext on disk there is no mechanism for automatically
loading keys on startup.

This script will, by default, look for any dataset with encryption and
keylocation prefixed with file://. It will attempt to unlock, timing
out after 10 seconds for each dataset found.
User can optionally specify explicitly which datasets to attempt to
unlock.

Also supports (optionally by force) unmounting filesystems and unloading
associated keys.

Sponsored by:	Modirum
Differential Revision:	https://reviews.freebsd.org/D30015
2021-07-28 16:26:45 +00:00
Alan Somers
674400eb20 ftpd: delete dead code
Delete code killed by SVN r13139 in 1996.  Little chance that it would
still compile today.

PR:		257317
Reported by:	Alan Shearer <sakison@gmail.com>
MFC after:	2 weeks
Sponsored by:	Axcient
2021-07-27 12:18:08 -06:00
Mark Johnston
f238ebd142 rtld/arm64: Remove checks for undefined symbols when processing TPREL64
lld emits several GOT relocations referencing the null sumbol in libc.so
when compiled with -ftls-model=initial-exec.  This symbol is specified
to be undefined.

We generally do not handle dynamic TLS relocations against weak,
undefined symbols, so avoid printing a warning here.  This makes it
possible to compile libc.so using the initial-exec TLS model on arm64.

Reviewed by:	jrtc27, kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31069
2021-07-15 22:41:10 -04:00
Warner Losh
5549c6a62f devmatch: don't announce autoloading so much
devmatch rc script would announce it was loading a module multiple
times. It used kldload -n so it really wasn't loading it that many
times, but the message is confusing. Use kldstat to see if we need to
load the module before saying we do. This fixes the vast majority of the
problems. It may be possible to race devmatch with a user invocation and
devd, though quite hard. In that case we'll announce things twice, but
still only load it once. No attempt is made to fix this.

PR:			232782
MFC After:		2 weeks
Sponsored by:		Netflix
2021-07-08 15:22:22 -06:00
Warner Losh
b29ebb9c65 devmatch: Be tolerant of .ko being present.
We document that we did not need .ko on the module names in
devmatch_blocklist, but we really needed them. Keep the documentation
the same, but strip the .ko when we need to use the names so you can
specify either.

PR:			256240
MFC After:		2 weeks
Sponsored by:		Netflix
2021-07-08 15:22:22 -06:00
Thomas Steen Rasmussen
28f47a199c pf: fallback if $pf_rules fails to load
Support loading a default pf ruleset in case of invalid pf.conf.

If no pf rules are loaded pf will pass/allow all traffic, assuming the
kernel is compiled without PF_DEFAULT_TO_DROP, as is the case in
GENERIC.

In other words: if there's a typo in the main pf_rules we would allow
all traffic. The new default rules minimise the impact of this.

If $pf_program (i.e. pfctl) fails to set $pf_fules and
$pf_fallback_rules_enable is YES we will load $pf_fallback_rules_file if
set, or $pf_fallback_rules.

$pf_fallback_rules can include multiple rules, for example to permit
traffic on a management interface.

$pf_fallback_rules_enable defaults to "NO", preserving historic behaviour.

man page changes by ceri@.

PR:		256410
Reviewed by:	donner, kp
Sponsored by:	semaphor.dk
Differential Revision:	https://reviews.freebsd.org/D30791
2021-07-08 14:22:04 +02:00
Helge Oldach
f68e3ea831 devmatch: defer until after kld
devmatch loads a number of things automatically. Allow the list of
things to load to happen first in case those drivers affect what would
be loaded. Normally, this will produce the same results, but there's
some special cases that may not when drivers are loaded that report
other drivers missing, like virtio_pci.

PR:		253287
Reviewed by:	imp
MFC After:	2 weeks
2021-07-07 14:48:40 -06:00
Alex Richardson
e34c713b0e rtld/tests: Avoid function name conflict with libc opendir()
This prevents these tests from being compiled with ASAN since the asan
interceptors also define opendir() but matching the libc function.

Reviewed By:	oshogbo, kib, markj
Differential Revision: https://reviews.freebsd.org/D31038
2021-07-06 10:51:57 +01:00
Mariusz Zaborski
6ba108e52d rc.subr: use _pidcmd to determine pid for protect
This is a more reliable method that accounts for existing pidfiles,
procname and interpreter settings.

Current method of obtaining the pid for oomprotect="YES"|"ALL" processes
in certain cases fails to find a unique pid.

One such case are rc.d scripts defining command as:
command="daemon"

which results in all processes started via daemon being selected and
passed to protect(1) which fails and prints usage:

$ /etc/rc.d/exampled restart
Stopping exampled.
Starting exampled.
usage: protect [-i] command
   protect [-cdi] -g pgrp | -p pid

Running the same with -x reveals what happens:

+ pid='3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979
5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419'
+ /usr/bin/protect -p 3051 4268 4390 4421 4427 4470 4588 4733 4740 4870
4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167
99419
usage: protect [-i] command
   protect [-cdi] -g pgrp | -p pid

We have a more reliable way of obtaining pid already defined in rc.subr
and available when protect(1) needs it. We can simply `eval $_pidcmd`
which also invokes `check_process` but properly accounts for existing
pidfile, procname and interpreter settings.

With the change the pidfile is properly obtained.

Submitted by:	Adam Wolk <a.wolk at fudosecurity.com>
Sponsored by:	Fudo Security
Differential Revision:	https://reviews.freebsd.org/D30367
2021-06-24 20:14:31 +02:00
Alex Richardson
e3be51b2bc rtld-elf: Check the return value of obj_enforce_relro()
The mprotect() call was failing on CheriBSD when changing rtld's relro
page permissions due to missing CHERI capability permissions on the
mprotect() argument but did not report an error since the return value
was being ignored. It should never fail on any supported FreeBSD
architecture, but checking the return value seems like a good
sanity check to me.

Reviewed By:	kib, imp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30820
2021-06-22 09:10:48 +01:00
Emmanuel Vadot
081fb64492 pkgbase: Create a FreeBSD-nfs package
And move all the nfs related commands there.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D30754
Sponsored by:	Diablotin Systems
2021-06-19 17:49:50 +02:00
Ceri Davies
c43b0081fa devmatch: improve naming of devmatch config variable
Accept the old rc.conf variable if the new one is not present for
compatability.

Approved by:	imp
Differential Revision:	https://reviews.freebsd.org/D30806
2021-06-18 13:17:30 +01:00
Andriy Gapon
20eb6bd8c5 rc.d: liberate powerd from ACPI dependency
For instance, many non-ACPI ARM systems have CPU power / frequency
levels.

Discussed with:	manu
MFC after:	1 week
2021-06-09 12:40:53 +03:00
Konstantin Belousov
e3149e0a02 rtld: Rename -t option to -u (ignore LD_ vars)
Requested by:	arichardson
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2021-06-03 01:55:08 +03:00
Ceri Davies
33764e3fd0 libexec/getty/ttys.5: document correct "dialup" flag.
This manpage has incorrectly documented the "dialup"
keyword as "dialin" since it was first added.  Correct that.

Approved by:	blackend (mentor)
MFC after:	12 days
2021-06-01 17:05:16 +01:00
Konstantin Belousov
d81f999ac2 rtld direct exec: add option to ignore LD_ variables
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2021-05-29 17:59:09 +03:00
Eugene Grosbein
3bca93e042 rc.d/random: add support for zero harvest_mask
Replace the check for zero harvest_mask with new check for empty string.
This allows one to specify harvest_mask="0" that disables harversting
entropy from all but "pure" sources. Exact bit values for "pure" sources
differ for stable/12 and later branches, so it is handy to use zero.
The check for zero pre-dates introduction of "pure" non-maskable sources
Use empty string to disable altering sysctl kern.random.harvest.mask.

Note that notion of "pure" random sources is not documented in user level
manual pages yet. Still, it helps to extend battery life for hardware
with embedded "Intel Secure Key RNG" by disabling all other sources.

Note that no defaults changed and default behaviour is not affected.

Reported by:	Dmitry Luhtionov
2021-05-26 18:30:24 +07:00