Commit Graph

2554 Commits

Author SHA1 Message Date
Bjoern A. Zeeb
1459a8eb24 Run netoptions startup script in vnet jails.
People use rc.conf inside vnet jails to configure networking setups.
Presumably because some sysctl were not virtualised up until r356527 the
script was not run for vnet jails leaving the rc.conf options without
effect for non-obvious reasons.  Run the netoptions startup script also
for VNET jails now to make the rc.conf options work.

PR:		243193
MFC after:	2 weeks
2020-01-08 23:34:50 +00:00
Konstantin Belousov
f26c30a5f3 rtld: fix after r356300
binpath local was changed from char array to a char pointer, update
strlcpy/strlcat uses.

Reported by:	Coverity through vangyzen
CID:	1412239 and 1412240
Reviewed by:	emaste, imp, vangyzen
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D23090
2020-01-08 17:37:20 +00:00
Ryan Stone
68faee11e8 rtld: Fix segfault in direct exec mode
When rtld is directly executed with arguments, it has to move the
program arguments, environment and elf aux data up a few slots to
remove its own arguments before the process being executed sees
them.  When copying the environment, rtld was incorrectly testing
whether the location about to be written to currently contained
NULL, when was supposed to check whether it had just copied the
NULL terminator of the environment string.  This had the result
that the ELF aux data was mostly treated as environment variables,
and rtld would quickly crash when it tried to access required
ELF aux data that it didn't think was present.

Differential Revision:	https://reviews.freebsd.org/D23008
Reviewed by:	kib
MFC after:	1 month
2020-01-07 16:03:11 +00:00
Konstantin Belousov
137aed91e7 Fix AT_EXECPATH for direct exec mode.
When activated in direct exec mode, kernel-provided AT_EXECPATH points
to the interpreter.  We need to recalculate auxv to point to the
string with the path to the executable which is actually executed.

The somewhat problematic case is when the executable path is relative
and either $PATH use is not enabled or it contains '/' so $PATH search
is not performed. In this case resulting AT_EXECPATH is relative, I
might fix this later.

Reported and reviewed by:	rstone
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D22894
2020-01-02 22:48:08 +00:00
Conrad Meyer
168bbfa737 rtld(1): Do booleans like C99
Reviewed by:	kib, rlibby
Differential Revision:	https://reviews.freebsd.org/D22964
2019-12-31 05:41:47 +00:00
Justin Hibbits
adea0d6368 Eliminate the last MI difference in AT_* definitions (for powerpc).
Summary:
As a transition aide, implement an alternative elfN_freebsd_fixup which
is called for old powerpc binaries.  Similarly, add a translation to rtld to
convert old values to new ones (as expected by a new rtld).

Translation of old<->new values  is incomplete, but sufficient to allow an
installworld of a new userspace from an old one when a new kernel is running.

Test Plan:
Someone needs to see how a new kernel/rtld/libc works with an old
binary.  If if works we can probalby ship this.  If not we probalby need
some more compat bits.

Submitted by:	brooks
Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D20799
2019-12-27 04:07:03 +00:00
Brandon Bergren
57462f8f81 [PowerPC] powerpc32 rtld IFUNC handling code
As PowerPC is moving to clang, we can finally start taking advantage of
IFUNC.

Implement the MD parts of IFUNC handling for rtld.

Currently, it is necessary to look for R_PPC_IRELATIVE in the PLT in
addition to RELA. This is an ABI violation, but LLD9 has some .iplt bugs
that require this as a workaround.

Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D22855
2019-12-24 16:13:15 +00:00
Brandon Bergren
41b4ec8ab0 [PowerPC] powerpc64 rtld IFUNC handling code
As PowerPC is moving to clang, we can finally start taking advantage of
IFUNC.

Implement the MD parts of IFUNC handling for rtld.

Currently, it is necessary to look for R_PPC_IRELATIVE in the PLT in
addition to RELA. This is an ABI violation, but LLD9 has some .iplt bugs
that require this as a workaround.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D22789
2019-12-24 16:07:35 +00:00
Konstantin Belousov
f5392eb672 rtld: make checks for mmap(2) failures compliant with documentation.
On error, mmap(2) returns MAP_FAILED.  There is no need to use its
definition or to cast.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-12-12 22:59:22 +00:00
Brandon Bergren
44c9aa49ea rtld: do not try to mmap a zero-sized PT_LOAD
When a PT_LOAD segment has a zero p_filesz, skip the data mmap, as mmapping
zero bytes from a file is an error.

A PT_LOAD with zero p_filesz is legal (but somewhat uncommon due to segment
merging in modern linkers, as it is more efficient to merge .data and .bss
by just extending p_memsz in the previous segment, assuming compatible
page protection.)

This was seen on ports/graphics/glew on a powerpc64 ELFv2 experimental
build.

Submitted by:	Alfredo Dal'Ava Junior <alfredo.junior@eldorado.org.br>
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D22634
2019-12-12 17:40:32 +00:00
Simon J. Gerraty
2c9a9dfc18 Update Makefile.depend files
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files

Reviewed by:	 bdrewery
MFC after:	1 week
Sponsored by:   Juniper Networks
Differential Revision:  https://reviews.freebsd.org/D22494
2019-12-11 17:37:53 +00:00
Simon J. Gerraty
5ab1c5846f Add Makefile.depend.options
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend

DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options

See share/mk/dirdeps-options.mk

Reviewed by:	 bdrewery
MFC after:	1 week
Sponsored by:   Juniper Networks
Differential Revision:  https://reviews.freebsd.org/D22469
2019-12-11 17:37:37 +00:00
John Baldwin
15d0350503 Correct the offset of static TLS variables for Initial-Exec on RISC-V.
TP points to the start of the TLS block after the tcb, but
Obj_Entry.tlsoffset includes the tcb, so subtract the size of the tcb
to compute the offset relative to TP.

This is identical to the same fixes for powerpc in r339072 and r342671.

Reviewed by:	James Clarke
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D22661
2019-12-10 21:56:44 +00:00
Ed Maste
7424699c9f rc.shutdown: kill shutdown process after logging message
Move the kill -KILL $$ back to the pre-r354446 location at the end of
the shutdown timeout handler.

MFC with:	r354446
2019-12-07 00:33:08 +00:00
Warner Losh
f86e60008b Regularize my copyright notice
o Remove All Rights Reserved from my notices
o imp@FreeBSD.org everywhere
o regularize punctiation, eliminate date ranges
o Make sure that it's clear that I don't claim All Rights reserved by listing
  All Rights Reserved on same line as other copyright holders (but not
  me). Other such holders are also listed last where it's clear.
2019-12-04 16:56:11 +00:00
Xin LI
76b71718fe Simplify code with strlcpy/strlcat.
MFC after:	2 weeks
2019-12-01 08:04:22 +00:00
Xin LI
46413cedf7 Reduce disk write load in /usr/libexec/save-entropy.
Before this commit, the save-entropy script rotates entropy files
like logs. This involves creating a new file that holds the entropy
and renaming of all existing entropy files. However, the entropy
data do not really need to be kept in a particular order, and
replacing the oldest file is sufficient.

This commit replaces the rotation with a scan in the
[1..entropy_save_num] space that finds the first empty slot, or
the slot of the oldest file, and writes entropy into that slot.

This also fixes an issue that prevents save-entropy from saving
any entropy when there is one non-regular file in any slot as a
side effect.

Based on an earlier patch from peterj@.

PR:		134225
Reported by:	peterj
Reviewed by:	csprng (cem, markm)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22612
2019-11-30 20:06:53 +00:00
Mateusz Guzik
9da3dfff9a ldconfig: fetch hw.machine_arch only once
This happens to be of significance with poudriere which runs the script a lot
when installing packages.
2019-11-30 17:30:01 +00:00
Ian Lepore
735c001b6b Allow opt-out of automatic ntpd leapfile checking/fetching.
When a system has no internet connection, or when it is configured to obtain
ntpd leapfiles from some source other than the internet, or even when the
sysadmin has decided for some reason to customize ntp.conf to eliminate use
of the leapfile, the rc.d/ntpd script emits various error messages related
to the file.

This change allows setting the rc var ntp_db_leapfile to NONE to disable all
automatic processing related to that file in rc.d/ntpd.

Differential Revision:	https://reviews.freebsd.org/D22461
2019-11-25 19:59:53 +00:00
Brandon Bergren
e58d379587 [PowerPC] Fix stack padding issue on ppc32.
Four bytes of padding are needed in the regular powerpc case to bring the
stack frame size up to a multiple of 16 bytes to meet ABI requirements.

Fixes odd hangs I was encountering during testing.
2019-11-24 06:43:03 +00:00
Justin Hibbits
7511645efa rtld/powerpc: Fix _rtld_bind_start for powerpcspe
Summary:
We need to save off the full 64-bit register, not just the low 32 bits,
of all registers getting saved off in _rtld_bind_start.  Additionally,
we need to save off the other SPE registers (SPEFSCR and accumulator),
so that their program state is not affected by the PLT resolver.

Reviewed by:	bdragon
Differential Revision:	https://reviews.freebsd.org/D22520
2019-11-24 04:35:29 +00:00
Warner Losh
6467506baf Create /etc/os-release file.
Each boot, regenerate /var/run/os-release based on the currently running
system. Create a /etc/os-release symlink pointing to this file (so that this
doesn't create a new reason /etc can not be mounted read-only).

This is compatible with what other systems do and is what the sysutil/os-release
port attempted to do, but in an incomplete way. Linux, Solaris and DragonFly all
implement this natively as well. The complete standard can be found at
https://www.freedesktop.org/software/systemd/man/os-release.html

Moving this to the base solves both the non-standard location problem with the
port, as well as the lack of update of this file on system update.

Bump __FreeBSD_version to 1300060

PR: 238953
Differential Revision:  https://reviews.freebsd.org/D22271
2019-11-20 23:45:31 +00:00
Kyle Evans
061f7e2fd0 flua: newer GCC complains about format-nonliteral at WARNS=2
Disable that one, too.
2019-11-19 00:02:56 +00:00
Kyle Evans
506f364029 Add flua to the base system, install to /usr/libexec
FreeBSDlua ("flua") is a FreeBSD-private lua, flavored with whatever
extensions we need for base system operations. We currently support a subset
of lfs and lposix that are used in the rewrite of makesyscall.sh into lua,
added in r354786.

flua is intentionally written such that one can install standard lua and
some set of lua modules from ports and achieve the same effect.

linit_flua is a copy of linit.c from contrib/lua with lfs and lposix added
in. This is similar to what we do in stand/. linit.c has been renamed to
make it clear that this has flua-specific bits.

luaconf has been slightly obfuscated to make extensions more difficult. Part
of the problem is that flua is already hard enough to use as a bootstrap
tool because it's not in PATH- attempting to do extension loading would
require a special bootstrap version of flua with paths changed to protect
the innocent.

src.lua.mk has been added to make it easy for in-tree stuff to find flua,
whether it's bootstrap-flua or relying on PATH frobbing by Makefile.inc1.

Reviewed by:	brooks, emaste (both earlier version), imp
Differential Revision:	https://reviews.freebsd.org/D21893
2019-11-18 23:21:13 +00:00
Edward Tomasz Napierala
5dece9b25a Add 'linux_mounts_enable' rc.conf(5) variable, to make it possible
to disable mounting Linux-specific filesystems under /compat/linux
when 'linux_enable' is set to YES.

Reviewed by:	netchild, ian (earlier version)
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D22320
2019-11-13 20:27:38 +00:00
Brooks Davis
051ed84f28 libcompat: Correct rtld MLINKS
Don't install duplicate ld-elf.so.1.1 and ld.so.1 links in rtld-elf32.
Do install lib-elf32.so.1.1 and ldd32.1 links.

Reported by:	madpilot
2019-11-12 22:31:59 +00:00
Brooks Davis
a4330302f2 libcompat: build 32-bit rtld and ldd as part of "everything"
Alter bsd.compat.mk to set MACHINE and MACHINE_ARCH when included
directly so MD paths in Makefiles work. In the process centralize
setting them in LIBCOMPATWMAKEENV.

Alter .PATH and CFLAGS settings in work when the Makefile is included.

While here only support LIB32 on supported platforms rather than always
enabling it and requiring users of MK_LIB32 to filter based
TARGET/MACHINE_ARCH.

The net effect of this change is to make Makefile.libcompat only build
compatability libraries.

Changes relative to r354449:

Correct detection of the compiler type when bsd.compat.mk is used
outside Makefile.libcompat.  Previously it always matched the clang
case.

Set LDFLAGS including the linker emulation for mips where -m32 seems to
be insufficent.

Reviewed by:	imp, kib (origional version in r354449)
Obtained from:	CheriBSD (conceptually)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D22251
2019-11-07 22:58:10 +00:00
Brooks Davis
ccad77fe1e Revert r354449: libcompat: build 32-bit rtld and ldd as part of "everything"
Additional testing is required..
2019-11-07 19:22:51 +00:00
Edward Tomasz Napierala
c13f19c0cf Extend the linux rc script to mount the neccessary file systems,
set ELF fallback brand, and load pty(4).

Reviewed by:	emaste (earlier version)
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21874
2019-11-07 18:15:24 +00:00
Brooks Davis
36712a9497 libcompat: build 32-bit rtld and ldd as part of "everything"
Alter bsd.compat.mk to set MACHINE and MACHINE_ARCH when included
directly so MD paths in Makefiles work. In the process centralize
setting them in LIBCOMPATWMAKEENV.

Alter .PATH and CFLAGS settings in work when the Makefile is included.

While here only support LIB32 on supported platforms rather than always
enabling it and requiring users of MK_LIB32 to filter based
TARGET/MACHINE_ARCH.

The net effect of this change is to make Makefile.libcompat only build
compatability libraries.

Reviewed by:	imp, kib
Obtained from:	CheriBSD (conceptually)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D22251
2019-11-07 17:10:33 +00:00
Ed Maste
4a76bd99ac rc.shutdown: print a newline before watchdog timeout message
Previously the watchdog timeout message was appended to the last entry
in the "Waiting for PIDS" list, resulting in a message like

    Waiting for PIDS: 31299 31296 90201 9020090 second watchdog timeout
    expired. Shutdown terminated.

Print a newline to separate the watchdog timeout message.  Also perform
the kill before logging or echoing the message.

PR:		241072
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2019-11-07 15:48:46 +00:00
Cy Schubert
e5f2f48e62 Remove trailing tab.
MFC after:	3 days
2019-10-27 18:27:25 +00:00
Dimitry Andric
8b3bc70a2b Merge ^/head r352764 through r353315. 2019-10-08 18:17:02 +00:00
Edward Tomasz Napierala
ee0ee18c9c Add rcvar back to the linux rc script. Without it it was enabled
unconditionally.

Reported by:	Michael Butler <imb at protected-networks dot net>
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-10-03 16:38:44 +00:00
Andriy Gapon
5fda0d60c1 add ability to set watchdog timeout for a shutdown
This change allows to specify a watchdog(9) timeout for a system
shutdown.  The timeout is activated when the watchdogd daemon is
stopped.  The idea is to a prevent any indefinite hang during late
stages of the shutdown.  The feature is implemented in rc.d/watchdogd,
it builds upon watchdogd -x option.

Note that the shutdown timeout is not actiavted when the watchdogd
service is individually stopped by an operator.  It is also not
activated for the 'shutdown' to the single-user mode.  In those cases it
is assumed that the operator knows what they are doing and they have
means to recover the system should it hang.

Significant subchanges and implementation details:
- the argument to rc.shutdown, completely unused before, is assigned to
  rc_shutdown variable that can be inspected by rc scripts
- init(8) passes "single" or "reboot" as the argument, this is not
  changed
- the argument is not mandatory and if it is not set then rc_shutdown is
  set to "unspecified"
- however, the default jail management scripts and jail configuration
  examples have been updated to pass "jail" to rc.shutdown, just in case
- the new timeout can be set via watchdogd_shutdown_timeout rc option
- for consistency, the regular timeout can now be set via
  watchdogd_timeout rc option
- watchdogd_shutdown_timeout and watchdogd_timeout override timeout
  specifications in watchdogd_flags
- existing configurations, where the new rc options are not set, should
  keep working as before

I am not particularly wed to any of the implementation specifics.
I am open to changing or removing any of them as long as the provided
functionality is the same (or very close) to the proposed one.
For example, I think it can be implemented without using watchdogd -x,
by means of watchdog(1) alone.  In that case there would be a small
window between stopping watchdogd and running watchdog, but I think that
that is acceptable.

Reviewed by:	bcr (man page changes)
MFC after:	5 weeks
Relnotes:	yes
Differential Revision: https://reviews.freebsd.org/D21221
2019-10-03 11:23:10 +00:00
Edward Tomasz Napierala
028af4ae67 Rename etc/rc.d/abi to etc/rc.d/linux; after moving out the SysV IPC stuff
it's entirely linux-specific.

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21830
2019-10-02 11:40:40 +00:00
Edward Tomasz Napierala
c97588b451 Move the SysV IPC stuff out of the 'abi' rc script, into a new one:
'sysvipc' - it has nothing to do with ABIs, and I'd like to later
rename 'abi' to 'linux', which better describes its purpose and also
matches the rcvar name.

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21615
2019-09-28 09:12:41 +00:00
Dimitry Andric
419f843fff Merge ^/head r352319 through r352435. 2019-09-17 06:08:15 +00:00
Dimitry Andric
2c3f47a727 Another round of attempting to squelch -Wdeprecated-declarations, which
has become very trigger-happy with libc++ 9.0.0.

It does not help that gcc's implementation of this warning is even more
trigger-happy, in the sense that it already warns on the declaration
itself, not when you are using it.  This is very annoying with our use
of -Wsystem-headers.  That should really be disabled for gcc.
2019-09-17 06:07:08 +00:00
John-Mark Gurney
3ed737eb91 fix the article to be correct... 2019-09-16 22:48:40 +00:00
Brandon Bergren
d020b3ebde Fix aux_info corruption in rtld direct execution mode.
After the aux vector is moved, it is necessary to re-digest aux_info so the
pointers are updated to the new locations.

This was causing thread creation to fail on powerpc64 when using direct
execution due to a nonsense value being read for aux_info[AT_STACKPROT].

Approved by: jhibbits (mentor)
Differential Revision: https://reviews.freebsd.org/D21656
2019-09-14 21:18:10 +00:00
Dimitry Andric
23e2b4d9b1 Instead of disabling gcc's deprecated declaration warnings about e.g.
std::auto_ptr in a whole bunch of individual Makefiles, make the warning
globally non-fatal instead.  This is similar to what was done to many
more non-fatal warnings from newer gcc versions.
2019-09-14 19:16:28 +00:00
Dimitry Andric
f993ed2fbd Merge ^/head r351732 through r352104. 2019-09-09 19:58:46 +00:00
Mateusz Piotrowski
d15e810db9 rc: Honor ${name}_env when a custom *_cmd is defined (e.g., start_cmd)
A user may set ${name}_env variable in rc.conf(5) in order to set additional
environment variables for a service command.  Unfortunately, at the moment
this variable is only honored when the command is specified via the command
variable. Those additional environment variables coming from ${name}_env
are never set if the service is started via the ${rc_arg}_cmd variable (for
example start_cmd).

PR:		239692
Reviewed by:	bcr, jilles
Approved by:	src (jilles)
Differential Revision:	https://reviews.freebsd.org/D21228
2019-09-05 14:52:22 +00:00
Emmanuel Vadot
8c15be73b6 pkgbase: Move rc scripts and related files to their own packages
It doesn't need to be in runtime and might help people who want to
experiment with other rc system or don't use one (like in small
embedded mfsroot).

Reviewed by:	bapt, gjb
Differential Revision:	https://reviews.freebsd.org/D21499
2019-09-05 14:08:45 +00:00
Dimitry Andric
c5c3ba6b43 Merge ^/head r351317 through r351731. 2019-09-03 05:58:43 +00:00
Dimitry Andric
b903ca97ef Add workarounds for obsolete std::auto_ptr usage in atf. 2019-09-03 05:55:56 +00:00
Brooks Davis
389154096a Remove remnants of optimization for > pagesize allocations.
In the past, this allocator seems to have allocated things larger than
a page seperately. Much of this code was removed at some point (perhaps
along with sbrk() used) so remove the rest. Instead, keep allocating in
power-of-two bins up to FIRST_BUCKET_SIZE << (NBUCKETS - 1). If we want
something more efficent, we should use a fancier allocator.

While here, remove some vestages of sbrk() use. Most importantly, don't
try to page align the pagepool since it's always page aligned by mmap().

Reviewed by:	kib
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D21453
2019-09-02 08:03:29 +00:00
Brooks Davis
98ab79066d Remove some compatability with Seventh Edition UNIX realloc().
In Seventh Edition UNIX, the last pointer passed to free() was
guaranteed to not actually have been freed allowing memory to be
"compacted" via the following pattern:

free(foo);
foo = realloc(foo, newsize);

Further, Andrew Koenig reports in "C Traps and Pitfalls" that the
original realloc() implementation required this pattern.

The C standard is clear that this is Undefined Behavior. Modern
allocators don't support it and no portable code could rely on it so
remove this support.

Note: the removed implementation contains an off-by-one error and if
an item isn't found on the freelist, then twice as much memory as the
largest possible allocation will be copied.

Reviewed by:	kib, imp
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D21296
2019-08-20 16:07:17 +00:00
Kyle Evans
12ba1c232d rtld-elf: fix build with xtoolchain-llvm90
strstr ends up using bcmp when compiled with llvm90; pull it in from libc
as well.

MFC after:	3 days
2019-08-15 17:35:24 +00:00
Leandro Lupori
1180fa861b [PPC64] Fix rtld direct exec mode
Instead of restoring the saved values of argc, argv and envp,
these must be loaded from the stack that _rtld() modifies.

This fixes rtld direct exec mode.
E.g.: /libexec/ld-elf.so.1 /bin/ls

Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D21131
2019-08-05 13:22:02 +00:00
Konstantin Belousov
4105901933 rtld-elf: Remove x86 elf_rtld.x linker scripts.
First, amd64 version of the script cannot work at least due to the
wrong architecture specification.  Second, kernel can activate shared
objects for long time, due to PIE support.

It seems the intent was to allow ld-elf.so.1 to be build and used as
an executable.  Since we have direct exec mode implemented for dso
ld-elf.so.1, the non-functional and commented out scripts can be
finally removed.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-08-04 21:43:34 +00:00
Conrad Meyer
2826da432c motd: Generate from template to /var/run
Update login(1), its manual pages, similar utilities, and motd.5 to refer to
the new location.

Suggested by:	delphij@ (re: r349256)
Reviewed by:	bcr (manpages), delphij
Differential Revision:	https://reviews.freebsd.org/D20721
2019-07-20 20:56:31 +00:00
Brooks Davis
4ca9bcd650 Restore WARNS?=1 here. I missed that libexec/bootpd/bootpgw existed. 2019-07-19 18:47:13 +00:00
Brooks Davis
df7a21a703 Chain Makefile.inc's so default are inherited as expected.
Remove unneeded or duplicate variables.

No functional change.

Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2019-07-19 17:52:23 +00:00
Emmanuel Vadot
9553ea80a8 pkgbase: Add a FreeBSD-bluetooth package
Move the bluetooth related files from FreeBSD-runtime to a new package named
FreeBSD-bluetooth
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and bluetooth isn't needed for that.

Reviewed by:	bapt, gjb
Differential Revision:	https://reviews.freebsd.org/D20959
2019-07-19 15:10:03 +00:00
Ian Lepore
1e121c3ef1 Limit access to system accounting files.
In 2013 the security chapter of the Handbook was updated in r42501 to
suggest limiting access to the system accounting file [*1] by creating the
initial file with a mode of 0600. This was in part based on a discussion in
the forums [*2]. Unfortunately, this advice is overridden by the fact that a
new file is created as part of periodic daily processing, and the file mode
is set by the rc.d/accounting script.

These changes update the accounting script to create the directory with mode
0750 if it doesn't already exist, and to create the daily file with mode
0640. This limits write access to root only, read access to root and members
of wheel, and eliminates world access completely. For admins who want to
prevent even members of wheel from accessing the files, the mode of the
/var/account directory can be manually changed to 0700, because the script
never creates or changes that directory if it already exists.

The accounting_rotate_log() function now also handles the error cases of no
existing log file to rotate, and attempting to rotate the file multiple
times (.0 file already exists).

Another small change here eliminates the complexity of the mktemp/chmod/mv
sequence for creating a new acct file by using install(1) with the flags
needed to directly create the file with the desired ownership and
modes. That allows coalescing two separate if checkyesno accounting_enable
blocks into one.

These changes were inspired by my investigation of PR 202203.

[1] https://www.freebsd.org/doc/handbook/security-accounting.html
[2] http://forums.freebsd.org/showthread.php?t=41059

PR:		202203
Differential Revision:	https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
Alex Richardson
0cc62e2695 Fix build race when building rtld
I found this on one of the CheriBSD Jenkins builders. Using
beforelinking instead of ${PROG} should fix the dependency for the
DEBUG_FILES case.

Reviewed by:	brooks
2019-07-02 22:11:07 +00:00
Alex Richardson
10faac99fb Fix CROSS_TOOLCHAIN=amd64-gcc build after r349554
Apparently clang can remove the reference to __umoddi3 but GCC keeps it.

Reported by:	lwhsu
2019-06-30 17:03:14 +00:00
Alex Richardson
e1470c8f96 Fix my name in license header
Reported by:	trasz
2019-06-30 14:04:30 +00:00
Alex Richardson
b54a59f3ba Reduce size of rtld by 22% by pulling in less code from libc
Currently RTLD is linked against libc_nossp_pic which means that any libc
symbol used in rtld can pull in a lot of depedencies. This was causing
symbol such as __libc_interposing and all the pthread stubs to be included
in RTLD even though they are not required. It turns out most of these
dependencies can easily be avoided by providing overrides inside of rtld.

This change is motivated by CHERI, where we have an experimental ABI that
requires additional relocation processing to allow the use of function
pointers inside of rtld. Instead of adding this self-relocation code to
RTLD I attempted to remove most function pointers from RTLD and discovered
that most of them came from the libc dependencies instead of being actually
used inside rtld.

A nice side-effect of this change is that rtld is now 22% smaller on amd64.

   text	   data	    bss	    dec	    hex	filename
0x21eb6	  0xce0	  0xe60	 145910	  239f6	/home/alr48/ld-elf-x86.before.so.1
0x1a6ed	  0x728	  0xdd8	 113645	  1bbed	/home/alr48/ld-elf-x86.after.so.1

The number of R_X86_64_RELATIVE relocations that need to be processed on
startup has also gone down from 368 to 187 (almost 50% less).

Reviewed By:	kib
Differential Revision: https://reviews.freebsd.org/D20663
2019-06-30 11:49:58 +00:00
Alex Richardson
e69dc8626a Use rtld_putstr() instead of write() for the rtld msg() macro
This removes an unnecessary libc dependency from rtld.
See https://reviews.freebsd.org/D20663 for more details.
2019-06-26 15:43:26 +00:00
Justin Hibbits
f62da49b2f powerpc: Transition to Secure-PLT, like most other OSs
Summary:
PowerPC has two PLT models: BSS-PLT and Secure-PLT.  BSS-PLT uses runtime
code generation to generate the PLT stubs.  Secure-PLT was introduced with
GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and Binutils 2.17), and is a
more secure PLT format, using a read-only linkage table, with the dynamic
linker populating a non-executable index table.

This is the libc, rtld, and kernel support only.  The toolchain and build
parts will be updated separately.

Reviewed By: nwhitehorn, bdragon, pfg
Differential Revision: https://reviews.freebsd.org/D20598
MFC after:	1 month
2019-06-25 00:40:44 +00:00
Conrad Meyer
cd07b6eddc rc.d/motd: Update motd more robustly
Use appropriate fsyncs to persist the rewritten /etc/motd file, when a
rewrite is performed.

Reported by:	Jonathan Walton <jonathan AT isilon.com>
Reviewed by:	allanjude, vangyzen
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20701
2019-06-21 02:37:54 +00:00
Cy Schubert
2b951e9c6d Allow the hostapd program to be specified. This allows users to use
hostapd from ports instead of the one in base. The default is the hostapd
in base.

PR:		238571
MFC after:	1 week
2019-06-17 20:11:02 +00:00
Conrad Meyer
f0e5d3ff8e /etc/rc.d/local: Fix typo in description
PR:		238448
Submitted by:	Marián Černý <majo-bugs.freebsd.org AT cerny.sk>
2019-06-10 13:34:18 +00:00
Rodney W. Grimes
327477d6c5 Correctly align usage: output 2019-05-25 11:22:49 +00:00
Emmanuel Vadot
39fb10372c pkgbase: Remove etc/zfs from being packaged
This is an empty directory and it cause a FreeBSD-zfs package to
be created when we don't need one.

Reviewed by:	bapt
2019-05-23 06:53:59 +00:00
Ian Lepore
9c6dc2fec5 Remove accidentally-added blank line; the style throughout this file
is to use no whitespace between a comment block and the code it describes.
2019-05-23 01:49:08 +00:00
Ian Lepore
a2119d62c0 Handle the driftfile option correctly when ntpd_flags is empty.
The logic I originally wrote to detect whether a driftfile option was in the
set of flags was based on the result of removing the pattern *flag* being an
empty string.  That didn't handle the case where the string was empty to
begin with.  Doh!  So now it also specifically checks for an empty string.

The result of the bad check was that ntpd would run without a driftfile, but
it would do so only if it was running as root instead of the non-priveleged
ntpd user, which isn't a typical case.  Ntpd runs fine without a driftfile,
although it does take it longer to stabilize the clock frequency at startup.

Reported by:	avg@
Pointy hat:	ian@
MFC after:	some testing
2019-05-23 01:41:49 +00:00
Conrad Meyer
26c4978843 save-entropy(8), rc.d/random: Set nodump flag
Tag saved entropy files as "nodump," to signal that the files should not be
backed up by dump(8) or other automated backup software that honors the file
flag.

Do not produce an error if the target file resides on a filesystem that does
not support file flags (e.g., msdos /boot).

Reviewed by:	delphij
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20358
2019-05-22 21:47:17 +00:00
Emmanuel Vadot
19dad0edbe pkgbase: Really move rc.sendmail
Messed up with git->svn in r348100
2019-05-22 07:40:39 +00:00
Emmanuel Vadot
410304e347 pkgbase: Really move rc.bsdextended
Messed up with git->svn in r348099
2019-05-22 07:39:59 +00:00
Emmanuel Vadot
5d8c2d4c4f pkgbase: Really move rc.firewall
Messed up with git->svn in r348098
2019-05-22 07:38:54 +00:00
Emmanuel Vadot
424383210b pkgbase: Move rc.sendmail to libexec/rc
Reviewed by:	bapt
2019-05-22 07:22:08 +00:00
Emmanuel Vadot
f4022639ae pkgbase: Move rc.bsdextended to libexec/rc
Reviewed by:	bapt
2019-05-22 07:21:39 +00:00
Emmanuel Vadot
f0f0053abc pkgbase: Move rc.firewall to libexec/rc
Put it with all the other rc files

Reviewed by:	bapt
2019-05-22 07:21:05 +00:00
Mark Johnston
d3f77d0afe Marginally improve usage() message style in bootpd.
- Remove an extra space after "usage:".
- Avoid lines exceeding 80 columns.

Based on notes from rgrimes.

MFC with:	r348066
Event:		Waterloo Hackathon 2019
2019-05-22 04:13:57 +00:00
Ed Maste
34366bc932 bootpd: avoid the same error indication for different issues
There were several (apparently) copy-pasted NEED validation macros,
leading to the same error string for different issues.  Change the
YP and NTP tags so they are distinct.

PR:		30863
Submitted by:	Dan Lukes <dan@obluda.cz>
Reviewed by:	markj
MFC after:	1 week
Event:		Waterloo Hackathon 2019
2019-05-21 21:27:14 +00:00
Mark Johnston
35131b4616 bootpd: Add an option to skip modifications to the ARP table.
PR:		30854
Submitted by:	Dan Lukes <dan@obluda.cz>
Reviewed by:	imp (previous version)
MFC after:	1 week
Event:		Waterloo Hackathon 2019
Differential Revision:	https://reviews.freebsd.org/D2581
2019-05-21 21:22:43 +00:00
Brooks Davis
ffda67901e Change ed(4), ep(4), and fxp(4) examples to em(4).
ed(4) and ep(4) have been removed. fxp(4) remains popular in older
systems, but isn't as future proof as em(4).

Reviewed by:	bz, jhb
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D20311
2019-05-18 21:01:36 +00:00
Konstantin Belousov
3cac4083ef rtld_malloc.c: cleanup morepages().
Use roundup2() and rounddown2() instead of inlining them.
Get rid of the fd local variable, use literal -1 for the mmap argument.
Use MAP_FAILED as mmap(2) failure indicator.
After that, apply some style.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-16 13:13:33 +00:00
Konstantin Belousov
37f0b7f1d7 Remove more dead definitions from rtld_malloc.c after r347019.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-16 13:07:26 +00:00
Andrey V. Elsukov
51d97e1b23 Add ipsec.ko to required_modules for rc.d/ipsec script.
Thus it can be automatically loaded if ipsec_enable="YES" and option IPSEC
is not in the kernel config.

MFC after:	1 week
2019-05-06 08:30:53 +00:00
Konstantin Belousov
78022527bb Switch to use shared vnode locks for text files during image activation.
kern_execve() locks text vnode exclusive to be able to set and clear
VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0
condition.

The change removes VV_TEXT, replacing it with the condition
v_writecount <= -1, and puts v_writecount under the vnode interlock.
Each text reference decrements v_writecount.  To clear the text
reference when the segment is unmapped, it is recorded in the
vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and
v_writecount is incremented on the map entry removal

The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that
v_writecount does not contradict the desired change.  vn_writecheck()
is now racy and its use was eliminated everywhere except access.
Atomic check for writeability and increment of v_writecount is
performed by the VOP.  vn_truncate() now increments v_writecount
around VOP_SETATTR() call, lack of which is arguably a bug on its own.

nullfs bypasses v_writecount to the lower vnode always, so nullfs
vnode has its own v_writecount correct, and lower vnode gets all
references, since object->handle is always lower vnode.

On the text vnode' vm object dealloc, the v_writecount value is reset
to zero, and deadfs vop_unset_text short-circuit the operation.
Reclamation of lowervp always reclaims all nullfs vnodes referencing
lowervp first, so no stray references are left.

Reviewed by:	markj, trasz
Tested by:	mjg, pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
Konstantin Belousov
5cac2021fe Cleanup for rtld_malloc.c.
- Remove dead and most likely rotten MALLOC_DEBUG, MSTAT, and RCHECK options.
- Remove unused headers.
- Remove one case of undefined behavior where left shift could overflow.
  It is impossible on practice for rtld and libthr consumer.

PR:	237577
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-02 15:03:16 +00:00
Lev A. Serebryakov
26e8ed624e Make mdmfs verbose if diskless boot is verbose.
Approved by:	ian@
Differential Revision:	D17104
2019-04-26 14:44:50 +00:00
Konstantin Belousov
760e34772c Fix order of destructors between main binary and libraries.
Since inits for the main binary are run from rtld (for some time), the
rtld_exit atexit(3) handler, which is passed from rtld to the program
entry and installed by csu, is installed after any atexit(3) handlers
installed by main binary constructors.  This means that rtld_exit() is
fired before main binary handlers.

Typical C++ static constructors are executed from init (either binary
or libs) but use atexit(3) to ensure that destructors are called in
the right order, independent of the linking order.  Also, C++
libraries finalizers call __cxa_finalize(3) to flush library'
atexit(3) entries.  Since atexit(3) entry is cleared after being run,
this would be mostly innocent, except that, atexit(rtld_exit) done
after main binary constructors, makes destructors from libraries
executed before destructors for main.

Fix by reordering atexit(rtld_exit) before inits for main binary, same
as it happened when inits were called by csu.  Do it using new private
libc symbol with pre-defined ABI.

Reported. tested, and reviewed by:	kan
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-15 13:03:09 +00:00
Konstantin Belousov
e3e21edb19 ld-elf.so: make LD_DEBUG always functional.
This causes some increase of the dynamic linker size, but benefits of
avoiding compiling private copy or the linker when debugging is
required. definitely worth it.

The dbg() calls can be compiled out by defining LD_NO_DEBUG symbol.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-14 18:04:53 +00:00
Chris Rees
b11974c250 Revert r346017 pending compiled-in zfs fix
PR:		237172
Approved by:	jilles
Differential Revision:	https://reviews.freebsd.org/D18670
2019-04-10 07:51:13 +00:00
Chris Rees
f5dfe75da5 Remove now unnecessary kldstat check before attempting to load modules.
Since r233109, kldload has the -n option, which silently ignores options
that are already loaded.

https://lists.freebsd.org/pipermail/freebsd-rc/2018-December/003899.html

Note that this script no longer reports if the module is already loaded,
but it could be argued this wasn't particularly useful information.

PR:			docs/234248
Reviewed by:		bcr (docs), kib, rgrimes (visual)
Approved by:		jilles
Differential Revision:	https://reviews.freebsd.org/D18670
2019-04-07 18:31:45 +00:00
Andrey V. Elsukov
577640dcbc Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf
Reported by:	Andrey Fesenko
X-MFC after:	r345450
2019-04-06 17:21:05 +00:00
Eugene Grosbein
734b726d80 network.subr: improve configuration of cloned gif(4) interfaces
ifconfig(8) syntax allows to specify only single address_family,
so we need additional invocation of ifconfig to support configuration
of cloned gif interface that may use different address families
for its internal and external addresses.

Also, ifconfig(8) does not allow to omit "inet6" keyword for address family
specifying IPv6 addresses as outer addresses of the interface.

Also, address_family is not "parameter" and it has to go before parameters
including "tunnel" keyword, so "ifconfig gif0 tunnel inet6 $oip1 $oip2" would be
wrong syntax and only "ifconfig gif0 inet6 tunnel $oip1 $oip2" is right.

With this change, the following works:

gifconfig_gif0="inet6 2a00::1 2a01::1"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"

MFC after:	2 weeks
2019-04-05 22:45:08 +00:00
Conrad Meyer
c849485d90 random(4): Attempt to persist entropy promptly
The goal of saving entropy in Fortuna is two-fold: (1) to provide early
availability of the random device (unblocking) on next boot; and (2), to
have known, high-quality entropy available for that initial seed.  We know
it is high quality because it's output taken from Fortuna.

The FS&K paper makes it clear that Fortuna unblocks when enough bits have
been input that the output //may// be safely seeded.  But they emphasize
that the quality of various entropy sources is unknown, and a saved entropy
file is essential for both availability and ensuring initial
unpredictability.

In FreeBSD we persist entropy using two mechanisms:

1. The /etc/rc.d/random shutdown() function, which is used for ordinary
   shutdowns and reboots; and,

2. A cron job that runs every dozen minutes or so to persist new entropy, in
   case the system suffers from power loss or a crash (bypassing the
   ordinary shutdown path).

Filesystems are free to cache dirty data indefinitely, with arbitrary flush
policy.  Fsync must be used to ensure the data is persisted, especially for
the cron job save-entropy, whose entire goal is power loss and crash safe
entropy persistence.

Ordinary shutdown may not need the fsync because unmount should flush out
the dirty entropy file shortly afterwards.  But it is always possible power
loss or crash occurs during the short window after rc.d/random shutdown runs
and before the filesystem is unmounted, so the additional fsync there seems
harmless.

PR:		230876
Reviewed by:	delphij, markj, markm
Approved by:	secteam (delphij)
Differential Revision:	https://reviews.freebsd.org/D19742
2019-03-31 04:57:50 +00:00
Konstantin Belousov
5d00c5a657 Fix initial exec TLS mode for dynamically loaded shared objects.
If dso uses initial exec TLS mode, rtld tries to allocate TLS in
static space. If there is no space left, the dlopen(3) fails. If space
if allocated, initial content from PT_TLS segment is distributed to
all threads' pcbs, which was missed and caused un-initialized TLS
segment for such dso after dlopen(3).

The mode is auto-detected either due to the relocation used, or if the
DF_STATIC_TLS dynamic flag is set.  In the later case, the TLS segment
is tried to allocate earlier, which increases chance of the dlopen(3)
to succeed.  LLD was recently fixed to properly emit the flag, ld.bdf
did it always.

Initial test by:	dumbbell
Tested by:	emaste (amd64), ian (arm)
Tested by:	Gerald Aryeetey <aryeeteygerald_rogers.com> (arm64)
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D19072
2019-03-29 17:52:57 +00:00
Ed Maste
650f4477a5 rtld: attempt to fix reloc_non_plt TLS allocation on MIPS
allocate_tls_offset returns true on success.  The same issue existed
on arm and was fixed in r345693.

PR:		236880
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2019-03-29 15:07:00 +00:00
Ed Maste
dc412d2d4b rtld: attempt to fix reloc_nonplt_object TLS allocation
allocate_tls_offset returns true on success.  This still needs more
testing and review, but this change is consistent with other archs.

PR:		236880
Reported by:	Andrew Gierth <andrew@tao11.riddles.org.uk>
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-03-29 14:35:23 +00:00
Ed Maste
09b47fc1c2 revert r341429 "disable BIND_NOW in libc, libthr, and rtld"
r345620 by kib@ fixed the rtld issue that caused a crash at startup
during resolution of libc's ifuncs with BIND_NOW.

PR:		233333
Sponsored by:	The FreeBSD Foundation
2019-03-28 02:12:32 +00:00
Konstantin Belousov
ad484b8c53 rtld: disable relro enforcement for irelative relocation processing.
This fixes yet another breakage for relro + bind now.

Reported by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2019-03-27 22:35:28 +00:00
Andrey V. Elsukov
0bd4858ed3 Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod
modules by declaring corresponding variables in rc.conf. Also document
them in rc.conf(5).

Submitted by:	Dries Michiels
Differential Revision:	https://reviews.freebsd.org/D19673
2019-03-23 15:41:32 +00:00
Cy Schubert
817c58e3ac The check for $ippool_rules in start_cmd is tautological.
Reported by:	hrs@
MFC after:	13 days
X-MFC with:	r345400
2019-03-23 04:32:10 +00:00
Cy Schubert
299173580f Use internal command variables for consistent style.
Reported by:	rgrimes@
MFC after:	13 days
X-MFC with:	r345400
2019-03-22 11:46:35 +00:00
Cy Schubert
c297300196 From r345400, connect ippool to the build/install.
PR:		218433
MFC after:	2 weeks
X-MFC with:	r345400
2019-03-22 01:42:27 +00:00
Cy Schubert
d8f9371044 Add rc.d support for ippool(8).
I've been using ippool at my site for approximately two years. It's
about time this was committed.

PR:		218433
MFC after:	2 weeks
2019-03-22 01:30:51 +00:00
Bjoern A. Zeeb
76d32f047a Fix legacy IP autoconfiguration.
It seems my subconcious plan in r345088 to not only prefer IPv6 autoconf
but to also slowly deteriorate legacy IP auto-configuration was uncovered
way too early.

In case IPv6 is a thing yet ipv6_autoconfif was not true, we would not
bring up the interface yet tell the follow-up DHCPv4 configuration in
ifconfig_up() that we did.  So unless you were doing SYNCDHCP or IPv6
you would not get legacy-IP DHCPv4 configuration.

I see multiple problems here: (a) people not yet using IPv6 (obviously a
problem), and (b) the dhclient startup script not running dhclient in
that case despite configured to do so (needs to be investigated seperately).

Reported by:	Pawel Biernacki (pawel.biernacki gmail.com)
Tested by:	Pawel Biernacki
Differential Revision:	https://reviews.freebsd.org/D19488
Pointyhat to:	bz (not sure if it is for breaking or
		for letting them notice it so easily)
2019-03-17 09:31:09 +00:00
Bjoern A. Zeeb
1b5be7204e Enhance IPv6 autoconf startup.
Before this change we would only run rtsol on an interface which was
set to accept_rtadv and did not have rtsold enabled.  This change
removes the latter condition and always runs rtsol (rather than the
deferred rtsold) to reduce the delay until we send the first RS.

This change will also handle the accept_rtadv before dhcp hence
starting IPv6 auto-configuration before IPV4 DHCP.

This change is intended for FreeBSD 13 and later only and will not be MFCed.

Reviewed by:		hrs
Differential Revision:	https://reviews.freebsd.org/D19488
2019-03-13 17:00:15 +00:00
Benedict Reuschling
1b35da5af7 Extend descriptions and comments about the need to create /etc/pf.conf.
FreeBSD removed the default /etc/pf.conf file in previous releases, but
the documentation kept mentioning it like any other file present in the
system.  Change pf.conf(5) to mention in the description of the default
ruleset location that this file needs to be created manually. Also, the
default rc.conf file had it's comment extended a bit to let people know
that this file does not exist by default.

PR:		    231977
Submitted by:	    koobs@
Reviewed by:	    kp@, 0mp@
Approved by:	    kp@
MFC after:	    10 days
Differential Revision:	https://reviews.freebsd.org/D19530
2019-03-12 20:08:37 +00:00
Cy Schubert
77e6f9282e Fix still installing ipfilter rc.d files even when WITHOUT_IPFILTER
is specified.

When WITHOUT_IPFILTER is specified, delete-old-files fails to delete
the optional rc.d files from above. Fix this.

WITHOUT_IPFILTER fails to delete the ipfilter.5 optional file during
delete-old-files. Fix this.

Reported by:	Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after:	1 week
2019-03-12 19:34:33 +00:00
Alan Somers
809a8352dd Drop "All rights reserved" from the files I own
Also, add SPDX tags where needed.

MFC after:	2 weeks
2019-03-11 22:23:56 +00:00
Kurt Lidl
c65b552f89 Remove an unneeded 'tail -n 1' from a pipeline
When piping to awk, it's almost always an anti-pattern to use 'grep'
first.

When not in a pipeline, sometimes it is faster to use tail, as awk
must process all the lines in the input stream, and won't 'seek'.
In a pipeline, both grep and awk must process all lines, so we might
as well skip the extra process creation for tail and just use awk
for all the processing.

Reviewed by:	jilles
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D19441
2019-03-11 13:33:03 +00:00
Sean Eric Fagan
025816d9ce Add support for a virtual hostname to nfsd
Specifically, this allows (via "-V vhostname") telling nfsd what principal
to use, instead of the hostname.  This is used at iXsystems for fail-over in
HA systems.

Reviewed by:	macklem
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D19191
2019-02-16 00:15:54 +00:00
Ed Maste
bcf99d2d99 Add WITH_PIE knob to build Position Independent Executables
Building binaries as PIE allows the executable itself to be loaded at a
random address when ASLR is enabled (not just its shared libraries).

With this change PIE objects have a .pieo extension and INTERNALLIB
libraries libXXX_pie.a.

MK_PIE is disabled for some kerberos5 tools, Clang, and Subversion, as
they explicitly reference .a libraries in their Makefiles.  These can
be addressed on an individual basis later.  MK_PIE is also disabled for
rtld-elf because it is already position-independent using bespoke
Makefile rules.

Currently only dynamically linked binaries will be built as PIE.

Discussed with:	dim
Reviewed by:	kib
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18423
2019-02-15 22:22:38 +00:00
Colin Percival
efed7c6db7 Teach /etc/rc.d/growfs how to handle systems running ZFS.
There are many cases which this code does not handle (e.g. ZFS mirrors)
but the code can handle the single-disk case -- so it's enough to take
care of the "disk image which gets booted into a VM with a larger than
expected disk" case for which this firstboot script was created.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D19095
2019-02-08 19:19:31 +00:00
Warner Losh
d3f1313287 Remove All Rights Reserved
Remove the all rights reserved clause from my copyright, and make
other minor tweaks needed where that might have created ambiguity.
2019-02-05 21:37:34 +00:00
Eric van Gyzen
ac818ca644 rtld: pacify -Wmaybe-uninitialized from gcc6
Sponsored by:	Dell EMC Isilon
2019-02-01 23:16:59 +00:00
Konstantin Belousov
d49ca25de6 Rename rtld-elf/malloc.c to rtld-elf/rtld_malloc.c.
Then malloc.c file name is too generic to use it for libthr.a.

Sponsored by:	The FreeBSD Foundation
MFC after:	13 days
2019-01-30 16:28:27 +00:00
Konstantin Belousov
7a6d40b22c Add header file missed in r343564.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D18988
2019-01-29 22:45:24 +00:00
Konstantin Belousov
1a3b2ebf95 Adjust posix symbols from rtld-elf/malloc.c with the __crt_ prefix.
This allows to reuse the allocator in other environments that get
malloc(3) and related functions from libc or interposer.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D18988
2019-01-29 22:40:42 +00:00
Andriy Voskoboinyk
1a7c1b2cbc rc(8): do not stop dhclient(8) when wpa_supplicant(8) / hostapd(8) is used
They will stop it automatically ('Interface wlan0 is down,
dhclient exiting'); use /etc/rc.d/dhclient stop command only when
none of them is used.

MFC after:	5 days
2019-01-27 15:55:31 +00:00
Konstantin Belousov
8b40aab156 Remove now redundand ifunc relocation code which should have been
removed as part of r341441.

This call to reloc_non_plt() may crash if ifunc resolvers use the
needed libraries symbols since the pass over the needed libs
relocation is not yet done.  The change in r341441 ensures the right
relocation order otherwise.

Submitted by:	theraven
MFC after:	1 week
Discussed in:	https://reviews.freebsd.org/D17529
2019-01-27 00:37:52 +00:00
Stefan Eßer
71bc4af6ed Fix potential buffer overflow and undefined behavior.
The buffer allocated in read_chat() could be 1 element too short, if the
chatstr parameter passed in is 1 or 3 charachters long (e.g. "a" or "a b").
The allocation of the pointer array does not account for the terminating
NULL pointer in that case.

Overlapping source and destination strings are undefined in strcpy().
Instead of moving a string to the left by one character just increment the
char pointer before it is assigned to the results array.

MFC after:	2 weeks
2019-01-26 20:43:28 +00:00
Brooks Davis
e4478d7e46 Use a private definition of osockaddr rather then relying on type
namespace polution in sys/socket.h.

Also remove support for operation on 4.3BSD.

PR:		224529
Differential Revision:	https://reviews.freebsd.org/D14505
2019-01-18 21:30:06 +00:00
Dag-Erling Smørgrav
c9cf7cb85b Revert r343093 until I can address the issues raised by kib@. 2019-01-17 16:50:50 +00:00
Dag-Erling Smørgrav
9b35e90238 Implement dlopenat(3).
MFC after:	3 weeks
2019-01-16 12:12:40 +00:00
Justin Hibbits
b6abe132d4 Fix rtld-elf compilation warning for powerpc64 ELFv2 ABI
Summary: reloc_jmpslot function parameter 'defobj' is not used when using ELFv2
ABI

Submitted by:	alfredo.junior_eldorado.org.br
Reviewed By: kib, git_bdragon.rtk0.net, emaste, jhibbits
Differential Revision: https://reviews.freebsd.org/D18808
2019-01-13 02:33:20 +00:00
Kyle Evans
478e7696ff rc.subr: Fix typo
Originally intended as 'in case in needs to be re-invoked', but it was later
decided (by myself) that 're-invoke itself' makes it more clear that the
script is expected to use this in a way.

Reported by:	Jose Luis Duran (jlduran @ github)
X-MFC-With:	r342792
2019-01-06 01:39:01 +00:00
Kyle Evans
ac102a2a63 rc.subr: Provide rc_service variable for service scripts
Some rc scripts in ports (e.g. uwsgi, apache, openvpn) allow for
'application profiles' that usually require the rc script to be invoked
again for each active profile. Because there's no consistent way to
determine the path because it differs between manual/service(8) invocations
and /etc/rc invocations, this leads to patterns like these:

- www/uwsgi hardcodes the script path
- security/openvpn guesses either $_file or $0 based on $0 = /etc/rc

Instead of forcing rc scripts to guess, provide an rc_service variable to
the scripts that gets set appropriately both for direct execution or when a
script is being executed via run_rc_script (e.g. /etc/rc).

This is our analog of an OpenRC variable with the same name, different case
(RC_SERVICE).

PR:		234614
Reported by:	koobs
Reviewed by:	dteske, jilles
MFC after:	3 days
2019-01-05 21:23:25 +00:00
Justin Hibbits
45a18a1fe3 rtld-elf: Fix powerpc64 TLS handling, matching powerpc's fix
We need to subtract the TLS_TCB_SIZE to get to the real data pointer, since
r13 points to the end of the TCB structure.  Prior to this, devel/protobuf-c
port broke with recent update to devel/protobuf, which exposed this issue.

Submitted by:	andreast
Reported by:	Piotr Kubaj
MFC after:	1 week
2019-01-01 20:12:58 +00:00
Mateusz Guzik
405c3050f1 Remove iBCS2, part1: userspace
iBCS2 was disconnected from the build in 2015 (see r291419)

bsdconfig parts submitted by dteske.

Reviewed by:	kib (previous version)
Sponsored by:	The FreeBSD Foundation
2018-12-19 21:56:54 +00:00
Ed Maste
1e13299fd8 bootpd: validate hardware type
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.

admbugs:	850
Reported by:	Reno Robert
Reviewed by:	markj
Approved by:	so
Security:	FreeBSD-SA-18:15.bootpd
Sponsored by:	The FreeBSD Foundation
2018-12-19 18:16:29 +00:00
Alan Somers
738ea87196 Conditionally install /etc/rc.d/audit* based on ${MK_AUDIT}
/usr/sbin/audit(dist)?d are only installed if ${MK_AUDIT} == yes. Their
supporting scripts should only be installed in those instances as well.

Submitted by:	ngie
Reviewed by:	emaste
MFC after:	2 weeks
Pull Request:	https://github.com/freebsd/freebsd/pull/242
2018-12-16 23:38:46 +00:00
George V. Neville-Neil
53fc043d41 Remove, the now very outdated, timed.
Submitted by:	Kyle Spiers ksspiers at gmail
Reviewed by:	bcr,brooks,bz,sbruno
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D18505
2018-12-15 21:34:40 +00:00
Michal Meloun
4849c3a570 Improve R_AARCH64_TLSDESC relocation.
The original code did not support dynamically loaded libraries and used
suboptimal access to TLS variables.
New implementation removes lazy resolving of TLS relocation - due to flaw
in TLSDESC design is impossible to switch resolver function at runtime
without expensive locking.

Due to this, 3 specialized resolvers are implemented:
 - load time resolver for TLS relocation from libraries loaded with main
   executable (thus with known TLS offset).
 - resolver for undefined thread weak symbols.
 - slower lazy resolver for dynamically loaded libraries with fast path for
   already resolved symbols.

PR:		228892, 232149, 233204, 232311
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18417
2018-12-15 10:38:07 +00:00
Conrad Meyer
b2b1708d59 rc.subr: Implement list_vars without using 'read'
'read' pessimistically read(2)s one byte at a time, which can be quite
silly for large environments in slow emulators.

In my boring user environment, truss shows that the number of read()
syscalls to source rc.subr and invoke list_vars is reduced by something like
3400 to 60.  ministat(1) shows a significant time difference of about -71%
for my environment.

Suggested by:	jilles
Discussed with:	dteske, jhb, jilles
Differential Revision:	https://reviews.freebsd.org/D18481
2018-12-11 01:38:50 +00:00
Michal Meloun
63003c4bcb Implement R_AARCH64_TLS_DTPMOD64 and A_AARCH64_TLS_DTPREL64 relocations.
Although these are slightly obsolete in favor of R_AARCH64_TLSDESC,
gcc -mtls-dialect=trad still use them.

Please note that definition of TLS_DTPMOD64 and TLS_DTPREL64 are incorrectly
exchanged in GNU binutils. TLS_DTPREL64 should be encoded to 1028 (as is
defined in ARM ELF ABI) but binutils encode it to 1029. And vice versa,
TLS_DTPMOD64 should be encoded to 1029 but binutils encode it to 1028.

While I'm in, add also R_AARCH64_NONE. It can be produced as result of linker
relaxation.

MFC after:	1 week
2018-12-08 14:58:17 +00:00
Michal Meloun
419333b944 Tidy up arm64 reloc_jmpslots() implementation.
- don't relocate jump slots multiple times (if LD_BIND_NOW is defined).
- process only R_AARCH64_JUMP_SLOT here, other relocation types are handled
  by reloc_plt().

MFC after:	1 week
2018-12-05 10:30:53 +00:00
Michal Meloun
22e9ff95aa Implement arm64 version of __tls_get_addr().
MFC after:	1 week
2018-12-05 10:23:38 +00:00
Michal Meloun
e8c479fddc Fix style(9).
Not a functional change.

MFC after:	1 week
2018-12-05 10:22:14 +00:00
Konstantin Belousov
4903c73faf Some fixes for LD_BIND_NOW + ifuncs.
- Do not perform ifunc relocations together with other PLT relocations
  in PLT.  Instead, do it during an additional pass over the init
  list, so that ifuncs are resolved in the order of dso
  dependencies. This allows the ifuncs resolvers to call into depended
  libs.  Init list now includes all objects instead of only objects
  with init/fini callables.
- Disable relro protection around bind_now ifunc relocations.

I considered calling ifunc resolvers of dso after initializers of all
dependencies are processed, and decided that this is wrong/should not
be supported. The order now is normal relocations for all
objects->ifunc resolution in init order->initializers, where each step
does complete pass over all loaded objects before moving to the next
step.

Reported, tested and reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D18400
2018-12-03 20:03:43 +00:00
Konstantin Belousov
5962a71ecf Provide naive but self-contained implementations of memset(3) and
bzero(3) for rtld.

This again reduces rtld dependency on libc, and in future, avoid ifunc
relocations when the functions are converted to ifuncs in libc.

Reported by:	mjg
Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D18400
2018-12-03 19:55:55 +00:00
Ed Maste
0e450664ad disable BIND_NOW in libc, libthr, and rtld
An issue remains with BIND_NOW and processes using threads.  For now,
restore libc's BIND_NOW disable, and also disable BIND_NOW in rtld and
libthr.

A patch is in review (D18400) that likely fixes this issue, but just
disable BIND_NOW pending further testing after it is committed.

PR:		233333
Sponsored by:	The FreeBSD Foundation
2018-12-03 15:59:46 +00:00
Konstantin Belousov
e8927aa6c6 rtld: parse FreeBSD Feature Control note on the object load.
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2018-11-23 22:37:35 +00:00
Conrad Meyer
c15faaac95 Revert r340843 - addressed independently in r340842! 2018-11-23 18:27:16 +00:00
Conrad Meyer
66a87f8cfd rtld: Silence a false positive GCC 6.4.0 warning
The function reloc_non_plt has complicated variable lifetimes that GCC 6.4.0
(the version currently used by amd64-xtoolchain-gcc) misunderstands and
produces an erroneous warning about.  Silence it to allow the -Werror build
to proceed.

Reviewed by:	emaste
2018-11-23 18:23:29 +00:00
Konstantin Belousov
bac111cc74 Silence gcc warnings.
Reported by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2018-11-23 18:15:23 +00:00
Cy Schubert
d19c1c8ec2 Allow forced start of ipmon in special cases where testing is desired
(or other special cases) and when ipfilter is disabled in rc.conf but
started by other means.

MFC after:	1 week
2018-11-22 04:48:27 +00:00
Konstantin Belousov
abfc3b2fef rtld: when immediate bind mode is requested, process irelocs in PLT
immediately after other PLT relocs.

Otherwise, if the object has relro page, we write to readonly page,
and we would need to use mprotect(2) two more times to fix it.  Note
that resolve_object_ifunc() does nothing when called second time, so
there is no need to avoid existing call.

Reported and tested by:	emaste
PR:	233333
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-11-20 14:52:43 +00:00
Eugene Grosbein
7b3c65ba1c Move definition of $jail_conf variable to /etc/defaults/rc.conf
from jail startup script so it can be successfully queried
with the command "sysrc jail_conf".

MFC after:	1 month
2018-11-10 14:11:54 +00:00
Alex Richardson
57fe7128b7 Handle the DT_MIPS_RLD_MAP_REL dynamic tag in RTLD
This dynamic tag contains the location of the .rld_map section relative to
the location of the dynamic tag. For PIE MIPS binaries DT_MIPS_RLD_MAP can
not be used since it contains an absolute address. Without this change
GDB can not find the function program counters in other libraries and once
I apply this change I can successfully run info sharedlibraries again.

Reviewed By:	kib
Differential Revision: https://reviews.freebsd.org/D17867
2018-11-07 15:04:41 +00:00
Ed Maste
eda66948fe rtld: move relro enforcement after ifunc processing
Previously the combination of relro (implicit), -z now and ifunc use
resulted in a segfault when applying ifuncs after relro (test binary
here just calls amd64_get_fsbase()):

| % env LD_DEBUG=1 libexec/rtld-elf/obj/ld-elf.so.1 a.out
| ...
| enforcing main obj relro
| ...
| resolving ifuncs
| reloc_jmpslot: *0x203198 = 0x189368ea4570
| zsh: bus error (core dumped)  LD_DEBUG=1 obj/ld-elf.so.1 ~/a.out

Reported by:	Shawn Webb
Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
2018-11-04 19:21:12 +00:00