Commit Graph

1554 Commits

Author SHA1 Message Date
Sam Leffler
690f477d75 add new build knobs and jigger some existing controls to improve
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd

Reviewed by:	various (posted to arch)
MFC after:	1 month
2008-09-21 22:02:26 +00:00
David Xu
d8b04dc0d4 Allow multiple locks to be acquired by detecting corresponding
bit flag, otherwise if a thread acquired a lock, another thread
or the current thread itself can no longer acquire another lock
because thread_mask_set() return whole flag word, this results
bit leaking in the word and misbehavior in later locking and
unlocking.
2008-09-16 01:46:11 +00:00
Alexander Kabaev
61adda8468 Make sure internal rtld malloc routines are not called from unlocked
contexts as rtld's malloc is not thread safe and is only supposed to be
called with exclusive bind lock already held.

The originating PR submitted a patch on top of different pre-requisite
workaroud for unsafe dlopen calls, and the patch was midief slighlty to apply
to stock sources for the purpose of this commit. Running rtld malloc from
unlocked contexts is a bug on its own.

PR: 126950
Submited by: Oleg Dolgov
2008-09-03 01:05:32 +00:00
Ed Schouten
878f530ff8 Remove the now unneeded pt_chown utility.
Before we had a posix_openpt() that allocated PTY's with proper
permissions in place, we used this set-uid utility to change the
ownership of PTY slave devices to the real user ID of the process. This
utility was used to implement grantpt().

In my first designs of the MPSAFE TTY layer, I replaced this by adding
an ioctl() called TIOCGRANTPT, which was used to change the ownership.
I left the pt_chown utility, because older C libraries needed it to work
properly.

After some discussions back in June I changed the PTY code to set
permissions properly upon creation. Fortunately the previous grantpt()
implementation changed permissions by hand when pt_chown is not
installed, which always succeeds. This means grantpt() still works
properly, even though the set-uid utility is missing.

I've done tests with FreeBSD 5.2.1, FreeBSD 6.3 and FreeBSD 7.0 jails.
All of them still work if I remove pt_chown.

Reviewed by:	philip (ex-mentor)
2008-08-24 10:01:22 +00:00
Colin Percival
f9bcf9cabf Mark functions as __dead2 in order to help the LLVM static checker
understand which code paths aren't possible.

This commit eliminates 117 false positive bug reports of the form
"allocate memory; error out if pointer is NULL; use pointer".
2008-08-04 01:25:48 +00:00
Ruslan Ermilov
042df2e2da Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00
John Baldwin
87f2ff4f3e Use sysctl to fetch stats from the kernel instead of reading variables
directly via libkvm.

PR:		kern/122875, bin/123014
Tested by:	Danny Braniss  danny cs.huji.ac.il
MFC after:	1 week
2008-06-10 18:47:43 +00:00
Bruce M Simpson
523b17effe Make the meaning of the %A format specifier, as passed to
LD_TRACE_LOADED_OBJECTS_FMT[12], more obvious for users like me.
2008-05-15 10:47:14 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
Konstantin Belousov
e91ff25c0c Fix the problem with the C++ exception handling for the multithreaded
programs.

From the PR description:
The gcc runtime's _Unwind_Find_FDE function, invoked during exception
handling's stack unwinding, is not safe to execute from within multiple
threads. FreeBSD' s dl_iterate_phdr() however permits multiple threads
to pass through it though. The result is surprisingly reliable infinite
looping of one or more threads if they just happen to be unwinding at
the same time.

Introduce the new lock that is write locked around the dl_iterate_pdr,
thus providing required exclusion for the stack unwinders.

PR:	threads/123062
Submitted by:	Andy Newman <an at atrn org>
Reviewed by:	kan
MFC after:	2 weeks
2008-05-06 09:27:41 +00:00
Warner Losh
652d402e7b MFp4: Add mips support for dynamic linking.
This code came from the merged mips2 and Juniper mips repositories.
Warner Losh, Randall Seager, Oleksandr Tymoshenko and Olivier Houchard
worked to merge, debug and integrate this code.  This code may also
contain code derived from NetBSD.
2008-04-04 20:59:26 +00:00
Christian Brueffer
662cac9f23 Fix some "in in" typos in comments.
PR:		121490
Submitted by:	Anatoly Borodin <anatoly.borodin@gmail.com>
Approved by:	rwatson (mentor), jkoshy
MFC after:	3 days
2008-03-26 07:32:08 +00:00
Robert Watson
19ab4b35fb For un-prototyped static inline functions declared in pthread_md.h on
sparc64, use ANSI function headers and specifically indicate the lack of
arguments with 'void'.  Otherwise, warnings are generated at WARNS=3 for
libkse, leading to a compile failure with -Werror.
2007-12-01 14:24:44 +00:00
Edwin Groothuis
b71d8e695c Add "with" to make the line go smoother. 2007-11-23 01:52:44 +00:00
Edwin Groothuis
dba0fd308e Add the -W options, which acts the same as -w but will generate
unique names based on the submitted filename, a strftime(3) format
string and a two digit sequence number.

By default the strftime(3) format string is %Y%m%d (YYYYMMDD), but
this can be changed by the -F option.

PR:		bin/106049 (based on patch in that PR)
Approved by:	grog@ (mentor)
2007-11-23 00:05:29 +00:00
John Birrell
1566f9a7f9 Include an extra header to get a function prototype. 2007-11-19 08:58:11 +00:00
Yaroslav Tykhiy
b2c4f888fd Add a hackish knob to skip rtld, NO_RTLD. In conjunction with
src/Makefile.inc1 rev. 1.590, it can allow installing a world
cross-built for a different arch over the live system.  The procedure
is more or less as follows:

	cp -R /rescue /rescue.old
	make installkernel TARGET_ARCH=foo
	make -DNO_RTLD installworld TARGET_ARCH=foo
	     ^^^^^^^^^
	PATH=/rescue.old
	chflags noschg /libexec/ld-elf.so.1
	cp /usr/obj/foo/usr/src/libexec/rtld/ld-elf.so.1 /libexec
	chflags schg /libexec/ld-elf.so.1
	<ditto for ld-elf32.so.1 if installing for amd64>
	reboot
2007-10-31 11:19:32 +00:00
Marius Strobl
77ddefb873 - Fix the handling of R_SPARC_OLO10, which is a bit of a special case
in the way we implement handling of relocations.
  As for the kernel part this fixes the loading of lots of modules,
  which failed to load due to unresolvable symbols when built after
  the GCC 4.2.0 import. This wasn't due to a change in GCC itself
  though but one of several changes in configuration done along the
  import. Specfically, HAVE_AS_REGISTER_PSEUDO_OP, which causes GCC
  to denote global registers used for scratch purposes and in turn
  GAS uses R_SPARC_OLO10 relocations for, is now defined.
  While at it replace some more ELF_R_TYPE which should have been
  ELF64_R_TYPE_ID but didn't cause problems so far.
- Sync a sanity check between kernel and rtld(1) and change it to be
  maintenance free regarding the type used for the lookup table.
- Sprinkle const on lookup tables.
- Use __FBSDID.

Reported and tested by:	yongari
MFC after:		5 days
2007-10-16 19:17:48 +00:00
Ruslan Ermilov
0376869747 Fixed static linkage (build with -DNO_SHARED).
Approved by:	re (kensmith)
2007-10-01 18:17:24 +00:00
Xin LI
9a0e6be26a Stop mentioning /usr/X11R6.
Approved by:	re (hrs)
2007-07-24 06:41:07 +00:00
Marcel Moolenaar
99227f1ec4 Unbreak the dynamic linker by not creating a cache for rtld-elf
itself. It needs mmap(2), which now needs getosreldate(3) and
which in turn uses a global variable to cache the result. This
cannot be done before linking is done.

See also: ../sparc64/reloc.c:1.15
Approved by: re (kensmith)
2007-07-15 22:52:15 +00:00
Ken Smith
6e5e629f07 Cache does not serve any purpose when rtld is relocating itself, do
not bother allocating one.

Submitted by:	kan
Approved by:	re (bmah)
2007-07-13 16:18:43 +00:00
Alexander Kabaev
03c4fb02dd Add r_debug_state to the list of symbols exported from rtld. GDB needs to
be able to find it in order to trap shared library events from rtld.

Approved by:	re (rwatson)
2007-07-11 23:07:37 +00:00
Sean Farley
2966d28c32 Significantly reduce the memory leak as noted in BUGS section for
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.

Convert all calls to POSIX from historic BSD API:
 - unsetenv returns an int.
 - putenv takes a char * instead of const char *.
 - putenv no longer makes a copy of the input string.
 - errno is set appropriately for POSIX.  Exceptions involve bad environ
   variable and internal initialization code.  These both set errno to
   EFAULT.

Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit.  A few I re-wrote to use setenv()
instead of putenv().

New regression module for tools/regression/environ to test these
functions.  It also can be used to test the performance.

Bump __FreeBSD_version to 700050 due to API change.

PR:		kern/99826
Approved by:	wes
Approved by:	re (kensmith)
2007-07-04 00:00:41 +00:00
Max Laier
60ee384760 Link pf 4.1 to the build:
- move ftp-proxy from libexec to usr.sbin
 - add tftp-proxy
 - new altq mtag link

Approved by:	re (kensmith)
2007-07-03 12:46:08 +00:00
Yaroslav Tykhiy
54dd7f5c36 Note PAM support in atrun(8).
Sort FILES section while there.
Touch document date.
2007-06-17 14:02:31 +00:00
Yaroslav Tykhiy
553284d74a Add PAM support to atrun(8). 2007-06-15 12:02:16 +00:00
Yaroslav Tykhiy
858d347f2f Actually use new features of perr() and perrx(). 2007-06-15 10:34:36 +00:00
Yaroslav Tykhiy
657acd1063 Catch up with perr() becoming variadic. 2007-06-15 10:12:37 +00:00
Yaroslav Tykhiy
287303f0ea Make perr() variadic and add perrx() to use in cases where
errno is irrelevant.  Some code duplication can be reduced
if perr() is variadic and perrx() is available.
2007-06-15 10:10:40 +00:00
Yaroslav Tykhiy
1add474291 Use a single setusercontext(3) instead of a bunch of basic syscalls.
Besides aesthetic benefits, that makes at(1) jobs subject to such
login.conf(5) settings as resource limits.
2007-06-14 22:16:21 +00:00
Yaroslav Tykhiy
b53756d2fe Spotted another copy of the loony error message. 2007-06-14 21:24:05 +00:00
Yaroslav Tykhiy
ff86050785 Fix an error message that was beside the point. 2007-06-14 15:18:44 +00:00
Yaroslav Tykhiy
7a855803b9 Fix a typical off-by-one error that can result in an unterminated string:
strncpy(dst, src, sizeof(dst));

by substituting the safer strlcpy() for strncpy().

X-Security:	none (the source string isn't user-supplied)
2007-06-14 14:44:04 +00:00
Bjoern A. Zeeb
41d05ce706 Correct a typo.
PR:		106049
Submitted by:	edwin (as part of a larger patch)
2007-06-03 15:32:06 +00:00
Christian S.J. Peron
b075897e99 Update the man page to reflect that certain variables will be unset in
the case that the program is set-user-ID or set-group-ID. Add missing
annotations for LIBMAP and LIBMAP_DISABLE.
2007-05-17 19:14:25 +00:00
Christian S.J. Peron
d61e5aa4ed In the event a process is tainted (setuid/setgid binaries), un-set any
potentially dangerous environment variables all together. It should be
noted that the run-time linker will not honnor these environment variables
if the process is tainted currently. However, once a child of the tainted
process calls setuid(2), it's status as being tainted (as defined by
issetugid(2)) will be removed. This could be problematic because
subsequent activations of the run-time linker could honnor these
dangerous variables.

This is more of an anti foot-shot mechanism, there is nothing I am
aware of in base that does this, however there may be third party
utilities which do, and there is no real negative impact of clearing
these environment variables.

Discussed on:	secteam
Reviewed by:	cperciva
PR:		kern/109836
MFC after:	2 weeks
2007-05-17 18:00:27 +00:00
Marcel Moolenaar
cc09c7fb77 Don't enable symbol versioning on ia64 for now. It causes
symbol lookup failures that later result in null-pointer
dereferences. This needs looking into, but since we're
close to release it's possible that it's not resolved before
that time.
2007-05-16 23:24:15 +00:00
Marcel Moolenaar
878dd988ef We don't need --export-dynamic for ld-elf.so.1, because it's a
shared object.
2007-05-16 23:19:51 +00:00
Daniel Eischen
00fb440c1a Enable symbol versioning by default. Use WITHOUT_SYMVER to disable it.
Warning, after symbol versioning is enabled, going back is not easy
(use WITHOUT_SYMVER at your own risk).

Change the default thread library to libthr.

There most likely still needs to be a version bump for at least the
thread libraries.  If necessary, this will happen later.
2007-05-13 14:12:40 +00:00
Pav Lucistnik
88922cf00e Remove %m formatter, it's ifdef 0'ed in the code from the very beginning
MFC after:	1 week
2007-05-12 12:26:25 +00:00
Pav Lucistnik
b9e1d83e61 Expand documentation for LD_TRACE_LOADED_OBJECTS_FMT? variables
PR:		docs/66265 (inspired by)
Submitted by:	Michel Lavondes <fox@vader.aacc.cc.md.us>
MFC after:	1 week
2007-05-12 12:24:49 +00:00
David Xu
25785f9165 Fix a TLS memory leak.
PR: threads/112297
MFC: 1 week
2007-05-05 08:44:59 +00:00
Andrey A. Chernov
ba174a5e38 Back out all POSIXified *env() changes.
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.

Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
2007-05-01 16:02:44 +00:00
Daniel Eischen
7046601eca Catch up with the private namespace change (s/FBSDprivate/FBSDprivate_1.0). 2007-05-01 13:46:27 +00:00
Andrey A. Chernov
f03351ff2a Prepare for upcoming POSIXed putenv() rewrite:
don't allow putenv() arg be on the stack, replace putenv() with setenv()
2007-04-30 12:27:58 +00:00
Alexander Kabaev
effa5b4e71 Retire rtld-specific Versions.def. Symbols exported by rtld are supposed
to override weak symbols exported by libc, so by definition these two
are using the same symbol version names.

Reflect the reality by referring to libc's Versions.def directly.
2007-04-29 16:12:06 +00:00
Daniel Eischen
b5a71dda23 Give the private version namespace a number to match libc. 2007-04-29 14:16:19 +00:00
Daniel Eischen
5f864214bb Use C comments since we now preprocess these files with CPP. 2007-04-29 14:05:22 +00:00
Tom Rhodes
dcac077f4b Remove references to S/Key and list OPIE. 2007-04-20 09:08:20 +00:00