The goal of saving entropy in Fortuna is two-fold: (1) to provide early
availability of the random device (unblocking) on next boot; and (2), to
have known, high-quality entropy available for that initial seed. We know
it is high quality because it's output taken from Fortuna.
The FS&K paper makes it clear that Fortuna unblocks when enough bits have
been input that the output //may// be safely seeded. But they emphasize
that the quality of various entropy sources is unknown, and a saved entropy
file is essential for both availability and ensuring initial
unpredictability.
In FreeBSD we persist entropy using two mechanisms:
1. The /etc/rc.d/random shutdown() function, which is used for ordinary
shutdowns and reboots; and,
2. A cron job that runs every dozen minutes or so to persist new entropy, in
case the system suffers from power loss or a crash (bypassing the
ordinary shutdown path).
Filesystems are free to cache dirty data indefinitely, with arbitrary flush
policy. Fsync must be used to ensure the data is persisted, especially for
the cron job save-entropy, whose entire goal is power loss and crash safe
entropy persistence.
Ordinary shutdown may not need the fsync because unmount should flush out
the dirty entropy file shortly afterwards. But it is always possible power
loss or crash occurs during the short window after rc.d/random shutdown runs
and before the filesystem is unmounted, so the additional fsync there seems
harmless.
PR: 230876
Reviewed by: delphij, markj, markm
Approved by: secteam (delphij)
Differential Revision: https://reviews.freebsd.org/D19742
If dso uses initial exec TLS mode, rtld tries to allocate TLS in
static space. If there is no space left, the dlopen(3) fails. If space
if allocated, initial content from PT_TLS segment is distributed to
all threads' pcbs, which was missed and caused un-initialized TLS
segment for such dso after dlopen(3).
The mode is auto-detected either due to the relocation used, or if the
DF_STATIC_TLS dynamic flag is set. In the later case, the TLS segment
is tried to allocate earlier, which increases chance of the dlopen(3)
to succeed. LLD was recently fixed to properly emit the flag, ld.bdf
did it always.
Initial test by: dumbbell
Tested by: emaste (amd64), ian (arm)
Tested by: Gerald Aryeetey <aryeeteygerald_rogers.com> (arm64)
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D19072
allocate_tls_offset returns true on success. The same issue existed
on arm and was fixed in r345693.
PR: 236880
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
allocate_tls_offset returns true on success. This still needs more
testing and review, but this change is consistent with other archs.
PR: 236880
Reported by: Andrew Gierth <andrew@tao11.riddles.org.uk>
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
r345620 by kib@ fixed the rtld issue that caused a crash at startup
during resolution of libc's ifuncs with BIND_NOW.
PR: 233333
Sponsored by: The FreeBSD Foundation
modules by declaring corresponding variables in rc.conf. Also document
them in rc.conf(5).
Submitted by: Dries Michiels
Differential Revision: https://reviews.freebsd.org/D19673
It seems my subconcious plan in r345088 to not only prefer IPv6 autoconf
but to also slowly deteriorate legacy IP auto-configuration was uncovered
way too early.
In case IPv6 is a thing yet ipv6_autoconfif was not true, we would not
bring up the interface yet tell the follow-up DHCPv4 configuration in
ifconfig_up() that we did. So unless you were doing SYNCDHCP or IPv6
you would not get legacy-IP DHCPv4 configuration.
I see multiple problems here: (a) people not yet using IPv6 (obviously a
problem), and (b) the dhclient startup script not running dhclient in
that case despite configured to do so (needs to be investigated seperately).
Reported by: Pawel Biernacki (pawel.biernacki gmail.com)
Tested by: Pawel Biernacki
Differential Revision: https://reviews.freebsd.org/D19488
Pointyhat to: bz (not sure if it is for breaking or
for letting them notice it so easily)
Before this change we would only run rtsol on an interface which was
set to accept_rtadv and did not have rtsold enabled. This change
removes the latter condition and always runs rtsol (rather than the
deferred rtsold) to reduce the delay until we send the first RS.
This change will also handle the accept_rtadv before dhcp hence
starting IPv6 auto-configuration before IPV4 DHCP.
This change is intended for FreeBSD 13 and later only and will not be MFCed.
Reviewed by: hrs
Differential Revision: https://reviews.freebsd.org/D19488
FreeBSD removed the default /etc/pf.conf file in previous releases, but
the documentation kept mentioning it like any other file present in the
system. Change pf.conf(5) to mention in the description of the default
ruleset location that this file needs to be created manually. Also, the
default rc.conf file had it's comment extended a bit to let people know
that this file does not exist by default.
PR: 231977
Submitted by: koobs@
Reviewed by: kp@, 0mp@
Approved by: kp@
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D19530
is specified.
When WITHOUT_IPFILTER is specified, delete-old-files fails to delete
the optional rc.d files from above. Fix this.
WITHOUT_IPFILTER fails to delete the ipfilter.5 optional file during
delete-old-files. Fix this.
Reported by: Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after: 1 week
When piping to awk, it's almost always an anti-pattern to use 'grep'
first.
When not in a pipeline, sometimes it is faster to use tail, as awk
must process all the lines in the input stream, and won't 'seek'.
In a pipeline, both grep and awk must process all lines, so we might
as well skip the extra process creation for tail and just use awk
for all the processing.
Reviewed by: jilles
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D19441
Specifically, this allows (via "-V vhostname") telling nfsd what principal
to use, instead of the hostname. This is used at iXsystems for fail-over in
HA systems.
Reviewed by: macklem
Sponsored by: iXsystems Inc.
Differential Revision: https://reviews.freebsd.org/D19191
Building binaries as PIE allows the executable itself to be loaded at a
random address when ASLR is enabled (not just its shared libraries).
With this change PIE objects have a .pieo extension and INTERNALLIB
libraries libXXX_pie.a.
MK_PIE is disabled for some kerberos5 tools, Clang, and Subversion, as
they explicitly reference .a libraries in their Makefiles. These can
be addressed on an individual basis later. MK_PIE is also disabled for
rtld-elf because it is already position-independent using bespoke
Makefile rules.
Currently only dynamically linked binaries will be built as PIE.
Discussed with: dim
Reviewed by: kib
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18423
There are many cases which this code does not handle (e.g. ZFS mirrors)
but the code can handle the single-disk case -- so it's enough to take
care of the "disk image which gets booted into a VM with a larger than
expected disk" case for which this firstboot script was created.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D19095
This allows to reuse the allocator in other environments that get
malloc(3) and related functions from libc or interposer.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D18988
They will stop it automatically ('Interface wlan0 is down,
dhclient exiting'); use /etc/rc.d/dhclient stop command only when
none of them is used.
MFC after: 5 days
removed as part of r341441.
This call to reloc_non_plt() may crash if ifunc resolvers use the
needed libraries symbols since the pass over the needed libs
relocation is not yet done. The change in r341441 ensures the right
relocation order otherwise.
Submitted by: theraven
MFC after: 1 week
Discussed in: https://reviews.freebsd.org/D17529
The buffer allocated in read_chat() could be 1 element too short, if the
chatstr parameter passed in is 1 or 3 charachters long (e.g. "a" or "a b").
The allocation of the pointer array does not account for the terminating
NULL pointer in that case.
Overlapping source and destination strings are undefined in strcpy().
Instead of moving a string to the left by one character just increment the
char pointer before it is assigned to the results array.
MFC after: 2 weeks
Summary: reloc_jmpslot function parameter 'defobj' is not used when using ELFv2
ABI
Submitted by: alfredo.junior_eldorado.org.br
Reviewed By: kib, git_bdragon.rtk0.net, emaste, jhibbits
Differential Revision: https://reviews.freebsd.org/D18808
Originally intended as 'in case in needs to be re-invoked', but it was later
decided (by myself) that 're-invoke itself' makes it more clear that the
script is expected to use this in a way.
Reported by: Jose Luis Duran (jlduran @ github)
X-MFC-With: r342792
Some rc scripts in ports (e.g. uwsgi, apache, openvpn) allow for
'application profiles' that usually require the rc script to be invoked
again for each active profile. Because there's no consistent way to
determine the path because it differs between manual/service(8) invocations
and /etc/rc invocations, this leads to patterns like these:
- www/uwsgi hardcodes the script path
- security/openvpn guesses either $_file or $0 based on $0 = /etc/rc
Instead of forcing rc scripts to guess, provide an rc_service variable to
the scripts that gets set appropriately both for direct execution or when a
script is being executed via run_rc_script (e.g. /etc/rc).
This is our analog of an OpenRC variable with the same name, different case
(RC_SERVICE).
PR: 234614
Reported by: koobs
Reviewed by: dteske, jilles
MFC after: 3 days
We need to subtract the TLS_TCB_SIZE to get to the real data pointer, since
r13 points to the end of the TCB structure. Prior to this, devel/protobuf-c
port broke with recent update to devel/protobuf, which exposed this issue.
Submitted by: andreast
Reported by: Piotr Kubaj
MFC after: 1 week
iBCS2 was disconnected from the build in 2015 (see r291419)
bsdconfig parts submitted by dteske.
Reviewed by: kib (previous version)
Sponsored by: The FreeBSD Foundation
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.
admbugs: 850
Reported by: Reno Robert
Reviewed by: markj
Approved by: so
Security: FreeBSD-SA-18:15.bootpd
Sponsored by: The FreeBSD Foundation
/usr/sbin/audit(dist)?d are only installed if ${MK_AUDIT} == yes. Their
supporting scripts should only be installed in those instances as well.
Submitted by: ngie
Reviewed by: emaste
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd/pull/242
The original code did not support dynamically loaded libraries and used
suboptimal access to TLS variables.
New implementation removes lazy resolving of TLS relocation - due to flaw
in TLSDESC design is impossible to switch resolver function at runtime
without expensive locking.
Due to this, 3 specialized resolvers are implemented:
- load time resolver for TLS relocation from libraries loaded with main
executable (thus with known TLS offset).
- resolver for undefined thread weak symbols.
- slower lazy resolver for dynamically loaded libraries with fast path for
already resolved symbols.
PR: 228892, 232149, 233204, 232311
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D18417
'read' pessimistically read(2)s one byte at a time, which can be quite
silly for large environments in slow emulators.
In my boring user environment, truss shows that the number of read()
syscalls to source rc.subr and invoke list_vars is reduced by something like
3400 to 60. ministat(1) shows a significant time difference of about -71%
for my environment.
Suggested by: jilles
Discussed with: dteske, jhb, jilles
Differential Revision: https://reviews.freebsd.org/D18481
Although these are slightly obsolete in favor of R_AARCH64_TLSDESC,
gcc -mtls-dialect=trad still use them.
Please note that definition of TLS_DTPMOD64 and TLS_DTPREL64 are incorrectly
exchanged in GNU binutils. TLS_DTPREL64 should be encoded to 1028 (as is
defined in ARM ELF ABI) but binutils encode it to 1029. And vice versa,
TLS_DTPMOD64 should be encoded to 1029 but binutils encode it to 1028.
While I'm in, add also R_AARCH64_NONE. It can be produced as result of linker
relaxation.
MFC after: 1 week
- don't relocate jump slots multiple times (if LD_BIND_NOW is defined).
- process only R_AARCH64_JUMP_SLOT here, other relocation types are handled
by reloc_plt().
MFC after: 1 week
- Do not perform ifunc relocations together with other PLT relocations
in PLT. Instead, do it during an additional pass over the init
list, so that ifuncs are resolved in the order of dso
dependencies. This allows the ifuncs resolvers to call into depended
libs. Init list now includes all objects instead of only objects
with init/fini callables.
- Disable relro protection around bind_now ifunc relocations.
I considered calling ifunc resolvers of dso after initializers of all
dependencies are processed, and decided that this is wrong/should not
be supported. The order now is normal relocations for all
objects->ifunc resolution in init order->initializers, where each step
does complete pass over all loaded objects before moving to the next
step.
Reported, tested and reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D18400
bzero(3) for rtld.
This again reduces rtld dependency on libc, and in future, avoid ifunc
relocations when the functions are converted to ifuncs in libc.
Reported by: mjg
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D18400
An issue remains with BIND_NOW and processes using threads. For now,
restore libc's BIND_NOW disable, and also disable BIND_NOW in rtld and
libthr.
A patch is in review (D18400) that likely fixes this issue, but just
disable BIND_NOW pending further testing after it is committed.
PR: 233333
Sponsored by: The FreeBSD Foundation
The function reloc_non_plt has complicated variable lifetimes that GCC 6.4.0
(the version currently used by amd64-xtoolchain-gcc) misunderstands and
produces an erroneous warning about. Silence it to allow the -Werror build
to proceed.
Reviewed by: emaste
immediately after other PLT relocs.
Otherwise, if the object has relro page, we write to readonly page,
and we would need to use mprotect(2) two more times to fix it. Note
that resolve_object_ifunc() does nothing when called second time, so
there is no need to avoid existing call.
Reported and tested by: emaste
PR: 233333
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
This dynamic tag contains the location of the .rld_map section relative to
the location of the dynamic tag. For PIE MIPS binaries DT_MIPS_RLD_MAP can
not be used since it contains an absolute address. Without this change
GDB can not find the function program counters in other libraries and once
I apply this change I can successfully run info sharedlibraries again.
Reviewed By: kib
Differential Revision: https://reviews.freebsd.org/D17867
Previously the combination of relro (implicit), -z now and ifunc use
resulted in a segfault when applying ifuncs after relro (test binary
here just calls amd64_get_fsbase()):
| % env LD_DEBUG=1 libexec/rtld-elf/obj/ld-elf.so.1 a.out
| ...
| enforcing main obj relro
| ...
| resolving ifuncs
| reloc_jmpslot: *0x203198 = 0x189368ea4570
| zsh: bus error (core dumped) LD_DEBUG=1 obj/ld-elf.so.1 ~/a.out
Reported by: Shawn Webb
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
It is unused after r340102, and more important, I do not see how to
define textsize in both practically useful and correct way, for binaries
with more that one executable segments.
Sponsored by: The FreeBSD Foundation
Do not use textsize and do not flush everything between map base and
base + textsize, because unmapped areas cannot be flushed.
This makes Obj_Entry textsize only use go away, and I will remove it
later.
Reported by: tuexen
Tested by: Mark Millard <marklmi26-fbsd@yahoo.com>
Sponsored by: The FreeBSD Foundation
This adds new keywords to rc/service to enable/disable a service's
rc.conf(5) variable and "delete" to remove the variable.
When the "service_delete_empty" variable in rc.conf(5) is set to "YES"
(default is "NO") an rc.conf.d file (in /etc/ or /usr/local/etc) is
deleted if empty after modification using "service $foo delete".
Submitted by: lme (modified)
Reviewed by: 0mp (previous version), lme, bcr
Relnotes: yes
Sponsored by: Smule, Inc.
Differential Revision: https://reviews.freebsd.org/D17113
One less non-trivial dependency of rtld on libc. Also,
amd64_set_fsbase() is to be converted to ifunc, which I do not want to
support inside rtld.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
In particular, do it before the first call to allocate_initial_tls(),
which contains MD parts to set the initial thread' TLS pointer.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
With lld-generated binaries the first PT_LOAD will usually be a read-only
segment unless you pass --no-rosegment. For those binaries the textsize is
determined by the next PT_LOAD. To allow both LLD and bfd 2.17 binaries to
be parsed correctly use the end of the last PT_LOAD that is marked as
executable instead.
I noticed that the value was wrong while adding some debug prints for some rtld
changes for CHERI binaries. `obj->textsize` only seems to be used by PPC so the
effect is untested. However, the value before was definitely wrong and the new
result matches the phdrs.
Reviewed By: kib
Approved By: brooks (mentor)
Differential Revision: https://reviews.freebsd.org/D17117
and runs scripts containing "KEYWORD: resume" with single "resume" argument.
Working example is the port sysutils/cpupdate that defines
extra_commands="resume" to reload CPU microcode cleared
by suspend/resume sequence.
This change does nothing for a system having no scripts with KEYWORD: resume.
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D15247
Currently, rc.inidiskless assumes that local system configuration
changes are kept in some mountable file system. For example,
nanobsd uses dedicated partition mounted as /cfg for this.
However, small embedded devices like MIPS routers may have no enough flash
space to keep full-blown file system but have only one or couple
small flash blocks to keep persistent local configuration overrides.
This change extends rc.initdiskless and introduces ability to run auxiliary
command /conf/T/M/extract that is supposed to extract configuration overrides
from such local storage.
For example, the command /conf/default/etc/extract may contain something like:
cd "$1" && bsdcpio --quiet -idu < /dev/map/cfg
bsdcpio command extracts compressed archive from the storage to /etc
assuming the storage is exposed by the kernel as /dev/map/cfg to userland.
PR: 204215
MFC after: 1 month
and make previously working configuration like this work again:
gif_interfaces="gif0"
gifconfig_gif0="1.1.1.1 2.2.2.2"
ifconfig_gif0="inet 192.168.1.1 192.168.1.2 netmask 255.255.255.252"
PR: 204700
MFC after: 1 month
if a network connection is available. This is not an issue when running
'service local_unbound setup' interactively, but can be on a diskless
system where local_unbound self-configures on every boot. To address
this, add explicit dependencies on netwait and defaultroute.
Submitted by: eugen
Approved by: re (gjb)
in r339413, a current pkgbase update problem came up. For users
testing pkgbase at the moment there is no (automatic) way to pick
up new base packages (yet).
As a result rather than also moving init(8) to its own package,
back out the part of the change in r339413 that moved rc* to its
own package and defer creating new packages until the
infrastructure is in place to handle these cases.
Both init and rc* are considered too problematic to be lost by
early adaptors at this stage.
Discussed with: brd
Reviewed by: brd
Approved by: re (gjb)
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.
Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)
Fix the issue with subtracting the TLS_TCB_SIZE too when we are trying to get
the 'where' in the R_PPC_TPREL32 case. At allocation time we added an offset
and the TLS_TCB_SIZE. This has to be subtracted as well.
Now all the issues reported are fixed. Tests were done on G4 and G5 PowerMac's.
Additionally I ran the tls tests from the gcc test suite and made sure the
results are as good as pre 338486.
Thanks to tuexen for reporting the malfunction and for patient testing.
Also testing thanks goes to jhibbits.
Reported by: tuexen
Discussed with: jhibbits, nwhitehorn
Approved by: re (gjb)
Pointyhat to: andreast
This is based on the amd64 implementation. Support for both PLT and
non-PLT (e.g. a global variable initilised with a pointer to an ifunc)
cases are supported.
We don't pass anything to the resolver as it is expected they will read
the ID registers directly, with the number of registers with CPU info
likely to increase in the future.
Reviewed by: kib
Approved by: re (gjb)
Differential Revision: https://reviews.freebsd.org/D17341
search_library_path().
This corrects the scope of libmap matches.
Reported and tested by: Andreas Longwitz <longwitz@incore.de>
Sponsored by: The FreeBSD Foundation
Approved by: re (gjb)
MFC after: 1 week
This is useful when lm_find() moves the match to the global mapping,
since lm_find() could be called with a same path more than once.
Reported and tested by: Andreas Longwitz <longwitz@incore.de>
Sponsored by: The FreeBSD Foundation
Approved by: re (gjb)
MFC after: 1 week
some TLS bits. This broke operation on the PowerMac. Namely one could not login.
At login the screen/shell was giving back lots of backslashes and the login
shell dumped core.
The fix to this issue is to revert the powerpc commit from 338486 and to
increase the TLS_TCB_SIZE to 16.
Reverting only did not help, login was possible but userland applications
aborted with strange messages.
I tested this patch with world/kernel builds and with port upgrades.
Additionally a full gcc8 bootstrap was successfully completed.
Reviewed by: jhibbits@
Approved by: re (Glen)
The above commit fixed handling overaligned TLS segments in libc's
TLS Variant I implementation, but rtld provides its own implementation
for dynamically-linked executables which lacks these fixes. Thus,
port these changes to rtld.
This was previously commited as r337978 and reverted in r338149 due to
exposing a bug the ARM rtld. This bug was fixed in r338317 by mmel.
Submitted by: James Clarke
Approved by: re (kib)
Reviewed by: kbowling
Testing by: kbowling (powerpc64), br (riscv), kevans (armv7)
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16510
TLS_TCB_SIZE is already accounted in defobj-> tlsoffset so all these symbols
were incorrectly relocated by +8.
Note:
The only consumer (for all binaries on my ARM board) of R_ARM_TLS_TPOFF32
relocation is _ThreadRuneLocale variable. And the incorrectly relocated
ThreadRuneLocale accidentally pointed to zeroed memory before memory layout
change from D16510 had changed status quo.
MFC after: 3 weeks
Reviewed by: imp, jhb
Approved by: re (marius)
Transferring files in netascii format requires, among other things,
translating all CR characters to a CR,NUL pair. tftpd does this correctly
except when the CR occurs as the last octet of a packet. In that case, it
erroneously drops the NUL which should be part of the following packet. The
bug was caused by using 0 as a sentinel value in a variable that could
legitimately hold 0. Fix it by switching the sentinel value to -1.
PR: 178055
Reported by: Richard <rsitze@gmail.com>
Reviewed by: cem
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16853
Michal Meloun reports that it breaks ctype (isspace()..) related
functions on armv7 so back out while we diagnose the issue.
Reported by: Michal Meloun <melounmichal@gmail.com>
Thsi helps with pkgbase by switching to CONFS so that ftpusers will be
properly tagged as a config file.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16787
The above commit fixed handling overaligned TLS segments in libc's
TLS Variant I implementation, but rtld provides its own implementation
for dynamically-linked executables which lacks these fixes. Thus,
port these changes to rtld.
Submitted by: James Clarke
Reviewed by: kbowling
Testing byL kbowling (powerpc64), br (riscv), kevans (armv7)
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16510
While here fix capitalization of a few nearby strings, add the
rtld's file name prefix so it's obvious where the message come
from, and return zero when "-h" is used.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16530
Some of the changes are in the libexec/tftpd directory, but to functions that
are only used by tftp(1) (they share some code).
* strcpy => strlcpy (1006793, 1006794, 1006796, 1006741)
* Unchecked return value and TOCTTOU (1009314)
* NULL pointer dereference (1018035, 1018036)
Reported by: Coverity
CID: 1006793, 1006794, 1006796, 1006741, 1009314, 1018035
CID: 1018036
MFC after: 2 weeks
tftpd(8) should flush a newly written file to disk before ACKing the final DATA
packet. Otherwise there is a narrow race window when a subsequent read may not
see the file. This is somewhat related to r330710, but the race window is much
smaller. Hopefully this will fix the intermittent tests in Jenkins.
Reported by: Jenkins
MFC after: 2 weeks
quatactl(2) mechanism. (Read-only at this point, however.)
In particular, this is to allow rpc.rquotad query quotas
for NFS mounts, allowing users to see their quotas on the
hosts using the datasets.
The changes specifically:
* Add new RPC entry points for querying quotas.
* Changes the library routines to allow non-UFS quotas.
* Changes rquotad to check for quotas on mounted filesystems,
rather than being limited to entries in /etc/fstab
* Lastly, adds a VFS entry-point for ZFS to query quotas.
Note that this makes one unavoidable behavioural change: if quotas
are enabled, then they can be queried, as opposed to the current
method of checking for quotas being specified in fstab. (With
ZFS, if there are user or group quotas, they're used, always.)
Reviewed by: delphij, mav
Approved by: mav
Sponsored by: iXsystems Inc
Differential Revision: https://reviews.freebsd.org/D15886
If tftpd receives a command with an unknown opcode, it simply exits 1. It
doesn't send an ERROR packet, and the client will hang waiting for one. Fix
it.
PR: 226005
MFC after: 3 weeks
On a WRQ (write request) tftpd checks whether the client has access
permission for the file in question. If not, then the write is prevented.
However, tftpd doesn't reply with an ERROR packet, nor does it abort.
Instead, it tries to receive the packet anyway.
The symptom is slightly different depending on the nature of the error. If
the target file is nonexistent and tftpd lacks permission to create it, then
tftpd will willingly receive the file, but not write it anywhere. If the
file exists but is not writable, then tftpd will fail to ACK to WRQ.
PR: 225996
MFC after: 3 weeks
tftpd(8) says that files may only be written if they already exist and are
publicly writable. tftpd.c verifies that a file is publicly writable if it
uses an absolute pathname. However, if the pathname is relative, that check
is skipped. Fix it.
Note that this is not a security vulnerability, because the transfer
ultimately doesn't work unless the file already exists and is owned by user
nobody. Also, this bug does not affect the default configuration, because
the default uses the "-s" option which makes all pathnames absolute.
PR: 226004
MFC after: 3 weeks
On an RRQ, tftpd doesn't exit as soon as it's finished receiving a file.
Instead, it waits five seconds just in case the client didn't receive the
server's last ACK and decides to resend the final DATA packet.
Unfortunately, this created a 5 second delay from when the client thinks
it's done sending the file, and when the file is available for other
processes.
Fix this bug by closing the file as soon as receipt is finished.
PR: 157700
Reported by: Barry Mishler <barry_mishler@yahoo.com>
MFC after: 3 weeks
tftpd(8) is difficult to test in isolation due to its relationship with
inetd. Create a test program that mimics the behavior of tftp(1) and
inetd(8) and verifies tftpd's response in several different scenarios.
These test cases cover all of the basic TFTP protocol, but not the optional
parts.
PR: 157700
PR: 225996
PR: 226004
PR: 226005
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D14310
exist. This behaviour makes no sense for eg USB serial adapters, or
USB device-side serial templates.
This mostly reverts to pre-r135941 behaviour.
Reviewed by: imp@
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14198
objects' init functions instead of doing the setup via a constructor
in libc as the init functions may already depend on these handlers
to be in place. This gets us rid of:
- the undefined order in which libc constructors as __guard_setup()
and jemalloc_constructor() are executed WRT __sparc_utrap_setup(),
- the requirement to link libc last so __sparc_utrap_setup() gets
called prior to constructors in other libraries (see r122883).
For static binaries, crt1.o still sets up the user trap handlers.
o Move misplaced prototypes for MD functions in to the MD prototype
section of rtld.h.
o Sprinkle nitems().
Most notable, other than some style issues:
CVS 1.11:
do not use LOG_CONS.
CVS 1.13:
consistently use exit instead of return in main().
use LOG_WARNING instead of LOG_ERR for non critical errors.
Obtained from: NetBSD
MFC after: 2 weeks
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Initially, only tag files that use BSD 4-Clause "Original" license.
RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D13133
The old value was probably fine back in 1998, when that code was imported
(although the comments still mention VAX, which was quite obsolete by then);
now, however, it's too small to handle our libc, which results in some
additional calls to munmap/mmap later on. Asking for more virtual address
space is virtually free, and syscalls are not, thus the change.
It was suggested by kib@ that this might be a symptom of a deeper problem.
It doesn't only affect libc, though - the change also improves rtld memory
management for eg KDE libraries. I guess it's just a natural bloat.
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D12834
The directives I added in r323466 and r323501 did not define a valid
CFA until several instructions into the associated functions. This
triggers an assertion in GDB when generating a stack trace while
stopped at the first instruction of PLT stub entry point since there
is no valid CFA rule for the first instruction.
This is probably just wrong on my part as the non-simple .cfi_startproc
would have defined a valid CFA. Instead, define a valid CFA as sp + 0
at the start of the functions and then use .cfa_def_offset to change the
offset when sp is adjusted later in the function.
Sponsored by: DARPA / AFRL
This is only cosmetic, but the entry point for rtld is not a leaf function,
and this avoids two .frame directives for rtld_start.
Sponsored by: DARPA / AFRL
This removes the need to call munmap(2) afterwards.
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D12767
Apply authenticated user context after update of wtmp(5) at start of session,
so that ftpd process is not killed by kernel with SIGXFSZ when user has
"filesize" limit lower than size of system wtmp file. Same applies
to session finalization: revert to super-user context before update of wtmp.
If ftpd hits limit while writing a file at user request,
do not get killed with SIGXFSZ instantly but apparently ignore the signal,
process error and report it to the user, and continue with the session.
PR: 143570
Approved by: avg (mentor), mav (mentor)
MFC after: 1 week
If they are still needed, you can find them in the net/bsdrcmds port.
This was proposed June, 20th and approved by various committers [1].
They have been marked as deprecated on CURRENT in r320644 [2] on July, 4th.
Both stable/11 and release/11.1 contain the deprecation notice (thanks to
allanjude@).
Note that ruptime(1)/rwho(1)/rwhod(8) were initially thought to be part of
rcmds but this was a mistake and those are therefore NOT removed.
[1] https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html
[2] https://svnweb.freebsd.org/base?view=revision&revision=320644
Reviewed by: bapt, brooks
Differential Revision: https://reviews.freebsd.org/D12573
in favor of just rendering the manpage instead of relying on pre-formatted
catpages. Note, this does not impede the ability to use existing catpages,
it just removes the utility to generate them.
Reviewed by: imp, allanjude
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D12317
Newer binutils supports extensions to the MIPS ABI for non-PIC code
that is used when compiling O32 binaries with clang 5 (but not used
for N64 oddly enough). These extensions require support for
R_MIPS_COPY relocations as well as a second PLT GOT using
R_MIPS_JUMP_SLOT relocations.
For R_MIPS_COPY, use the same approach as on other architectures where
fixups are deferred to the MD do_copy_relocations.
The additional PLT GOT for jump slots is located in a .got.plt section
which is identified by a DT_MIPS_PLTGOT dynamic entry. This GOT also
requires fixups for the first two GOT entries just as the normal GOT.
However, the entry point for this second GOT uses a different calling
convention. Rather than passing an offset into the GOT, it passes an
offset into the .rel.plt section. This requires a second entry point
(_rtld_pltbind_start) which calls the normal _rtld_bind() rather than
_mips_rtld_bind(). This also means providing a real version of
reloc_jmpslot() which is used by _rtld_bind().
In addition, add real implementions of reloc_plt() and
reloc_jmpslots() which walk .rel.plt handling R_MIPS_JUMP_SLOT
relocations.
Reviewed by: kib
Sponsored by: DARPA / AFRL
Differential Revision: https://reviews.freebsd.org/D12326
On hard-float 32-bit arm platforms, always search for the soft float
binaries in the alternative locations.
Sponsored by: Netflix
Differential Review: https://reviews.freebsd.org/D12274
MFC After: 1 week