Commit Graph

1938 Commits

Author SHA1 Message Date
Julio Merino
0677dfd1c4 MFV: Import atf-0.21. 2014-11-01 11:17:54 +00:00
Mark Murray
10cb24248a This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random.
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.

The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.

The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.

Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.

My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.

My Nomex pants are on. Let the feedback commence!

Reviewed by:	trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by:	so(des)
2014-10-30 21:21:53 +00:00
Warner Losh
46fbe6c8ed Add an "empty" Makefile.pc98 because it doesn't need/want HYPERV. It
is not relevant to the hardware it runs on.
2014-10-16 14:08:59 +00:00
Warner Losh
f8080a9986 HYPERV isn't available on all architectures, but just on by default
for i386/amd64. Rather, it only works on i386/amd64 and should only be
built there. Rather than change the default based on which
architecutre, do things more directly by only building it on
i386/amd64 and having it always on. This is how we handle other
options that are relevant only for a few architectures.
2014-10-16 00:33:06 +00:00
Ed Maste
54ac10780f Always return pathname in dl_iterate_phdr's dlpi_name, as Linux does
Linux LD_ITERATE_PHDR(3):
    The dlpi_name field is a null-terminated string giving the
    pathname from which the shared object was loaded.

That functionality is much more useful than returning just the short
name.

Approved by:	kan
Sponsored by:	The FreeBSD Foundation
2014-10-09 20:39:18 +00:00
Andrew Turner
6d4766c1b8 Remove MK_ARM_EABI, the armeb issues have been fixed. The code to support
the oabi is still in the tree, but it is expected this will be removed
as developers work on surrounding code.

With this commit the ARM EABI is the only supported supported ABI by
FreeBSD on ARMa 32-bit processors.

X-MFC after:	never
Relnotes:	yes
Differential Revision: https://reviews.freebsd.org/D876
2014-10-01 08:26:51 +00:00
Xin LI
e72055b7fe Import HyperV Key-Value Pair (KVP) driver and daemon code by Microsoft,
many thanks for their continued support of FreeBSD.

While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.

The HyperV utilities are only built for i386 and amd64 targets.

This is a stable/10 candidate for inclusion with 10.1-RELEASE.

Submitted by:	Wei Hu <weh microsoft com>
MFC after:	1 week
2014-09-13 02:15:31 +00:00
Konstantin Belousov
d3b06cf2be Document the whole settings needed to build a debug version of rtld.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2014-08-29 10:44:58 +00:00
Konstantin Belousov
74b0daf4f9 Optimize r270798, only do the second pass over non-plt relocations
when the first pass found IFUNCs.

Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2014-08-29 10:43:56 +00:00
Konstantin Belousov
14c3564759 IFUNC symbol type shall be processed for non-PLT relocations,
e.g. when a global variable is initialized with a pointer to ifunc.
Add symbol type check and call resolver for STT_GNU_IFUNC symbol types
when processing non-PLT relocations, but only after non-IFUNC
relocations are done.  The two-phase proceessing is required since
resolvers may reference other symbols, which must be ready to use when
resolver calls are done.

Restructure reloc_non_plt() on x86 to call find_symdef() and handle
IFUNC in single place.

For non-x86 reloc_non_plt(), check for call for IFUNC relocation and
do nothing, to avoid processing relocs twice.

PR:	193048
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2014-08-29 09:29:10 +00:00
Konstantin Belousov
e404dc33e2 Remove stray newline. 2014-08-27 00:48:09 +00:00
Enji Cooper
35829c84f1 Fix "make checkdpadd" by "spoofing" DPADD
Approved by: jmmv (mentor)
Phabric: D631
PR: 192769
2014-08-26 09:01:11 +00:00
Pedro F. Giffuni
0fa46a4231 Always check the limits of array index variables before using them.
Obtained from:	DragonFlyBSD
MFC after:	1 week
2014-08-21 02:40:33 +00:00
Bryan Drewery
5608fd23c2 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
Neel Natu
06224a9492 Remove LOG_ODELAY because it does nothing.
Reviewed by:	jilles
CR:		https://reviews.freebsd.org/D611
2014-08-17 19:06:26 +00:00
Baptiste Daroussin
d029c3aa25 Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
Enji Cooper
fd5c99b51e Similar to r269506, fix LIBDIR to not duplicate TESTSDIR
Phabric: D536
Reviewed by: jmmv
Approved by: jmmv (mentor)
Sponsored by: EMC / Isilon Storage Division
2014-08-05 18:09:39 +00:00
Enji Cooper
522da0b0ad Remove unnecessary .PATH directive
All of the sources for the tests are contained in the
current working directory and the subdirectories

Phabric: D537
Reviewed by: jmmv
Approved by: jmmv (mentor)
Sponsored by: EMC / Isilon Storage Division
2014-08-05 18:05:31 +00:00
Enji Cooper
2db8752cef Fix BINDIR to not duplicate "${TESTSDIR}
This should fix 'make release' with MK_TESTS != no

Phabric: D525 (part of a larger patch)

Reviewed by: jmmv
Approved by: jmmv (co-mentor)
2014-08-04 05:50:21 +00:00
Enji Cooper
07014efe94 Move a -L argument from LDADD to LDFLAGS
Phabric: D525 (part of a larger patch)

Reviewed by: jmmv
Approved by: jmmv (co-mentor)
2014-08-04 05:49:13 +00:00
Enji Cooper
35e8923e7e Fix a -Wsecurity warning with clang
Phabric: D525 (part of a larger patch)

Reviewed by: jmmv
Approved by: jmmv (co-mentor)
2014-08-04 05:46:10 +00:00
Enji Cooper
1a49685c28 Remove hardcoded path to TESTSDIR (Makefile, ld_library_pathfds.c) at
build time by using atf_tc_get_config_var(tc, "srcdir"))

This will allow end-users to move the binaries to different locations
after they've been built without having to rebuild the binaries with
the new paths

Phabric: D525 (part of a larger patch)

Reviewed by: jmmv
Approved by: jmmv (co-mentor)
2014-08-04 05:45:09 +00:00
Xin LI
8fcb9ca99b Don't save entropy inside jails.
As of r126744, we no longer feed the entropy device in jails upon
start, and collecting them is no longer useful.

PR:		conf/126744
Submitted by:	Eugene Grosbein <eugen grosbein net> (with minor changes)
MFC after:	1 week
Approved by:	so (des)
2014-07-22 06:40:27 +00:00
Brooks Davis
80189b3b09 Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
Julio Merino
2504a6af6b libpythagoras needs libm.
This fixes "make tinderbox" failures on various architectures when
WITH_TESTS=yes is enabled.  Problem introduced in r267679.
2014-07-16 16:42:58 +00:00
Julio Merino
64dc02450b Fix atf-sh's integration_test
With the move of atf-sh into /usr/libexec in r267181, some of the
tests in the integration_test program broke because they could not
execute atf-sh from the path any longer.

This slipped through because I do have a local atf installation in
my home directory that appears in my path, hence the tests could
still execute my own version.

Fix this by forcing /usr/libexec to appear at the beginning of the
path when attempting to execute atf-sh.

To make upgrading easy (and to avoid an unnecessary entry in UPDATING),
make integration_test depend on the Makefile so that a rebuild of the
shell script is triggered.  This requires a hack in the *.test.mk files
to ensure the Makefile is not treated as a source to the generated
program.  Ugly, I know, but I don't have a better way of doing this at
the moment.  Will think of one once I address the TODO in the *.test.mk
files that suggests generalizing the file generation functionality.

PR:		191052
Reviewed by:	Garrett Cooper
2014-07-09 00:55:50 +00:00
Marcel Moolenaar
e7d939bda2 Remove ia64.
This includes:
o   All directories named *ia64*
o   All files named *ia64*
o   All ia64-specific code guarded by __ia64__
o   All ia64-specific makefile logic
o   Mention of ia64 in comments and documentation

This excludes:
o   Everything under contrib/
o   Everything under crypto/
o   sys/xen/interface
o   sys/sys/elf_common.h

Discussed at: BSDcan
2014-07-07 00:27:09 +00:00
Andrew Turner
0685d955d6 Align the stack in _rtld_bind_start. Normally this is called with the
correct stack alignment, however when we have a leaf function that uses
thread local storage it calls __aeabi_read_tp to get the thread pointer.
Neither GCC or clang see this as a function call so will align the stack
to a 4-byte boundary. This may be a problem as _rtld_bind expects to be
on an 8-byte boundary.

The solution is to store a copy of the stack pointer and force the
alignment before calling _rtld_bind.

This fixes a problem with armeb where applications would crash in odd ways.
It should also remove the need for a local patch to clang to force the
stack alignment to an 8-byte boundary, even for leaf functions. Further
testing will be needed before reverting this local change to clang as we
may rely on it in other places.

Reviewed by:	jmg@
2014-07-06 10:24:06 +00:00
Marcel Moolenaar
97ef768914 Fix r264346 for ia64. We need to allocate memory for the function
descriptors in order to relocate RTLD itself. To allocate memory,
we need the pagesizes array initialized, but that happens after
RTLD is relocated. This ordering is important for amd64, but it's
opposite of what ia64 needs. Handle this conflict with the define
called RTLD_INIT_PAGESIZES_EARLY. When defined, obtain the page
sizes before relocating rtld, otherwise do it after.
2014-07-02 22:04:12 +00:00
Joel Dahl
df2d82e003 mdoc: remove superfluous paragraph macros. 2014-06-23 18:40:21 +00:00
Jonathan Anderson
6b22f423cf Test RTLD's new LD_LIBRARY_PATH_FDS variable.
Test LD_LIBRARY_PATH_FDS by linking a binary that requires a shared
library that isn't in any of the usual search paths.  Ensure this fails
when we don't supply LD_LIBRARY_PATH_FDS or we pass invalid information
in it.  Ensure it works when we pass the correct directory in various
places in the variable.

Approved by:	rwatson (mentor)
MFC after:	3 weeks
Sponsored by:	DARPA/AFRL
2014-06-20 17:14:59 +00:00
Jonathan Anderson
02d3b38e0a Add the LD_LIBRARY_PATH_FDS environmental variable.
This variable allows the loading of shared libraries via directory descriptors
rather than via library paths.  If LD_LIBRARY_PATH_FDS=3:4:12, the directories
represented by file descriptors 3, 4 and 12 will searched for shared libraries
before the normal path-based mechanisms are used.  This allows us to execute
unprivileged binaries from within a Capsicum sandbox even if they require
shared libraries.

Approved by:	rwatson (mentor)
Reviewed by:	kib
MFC after:	3 weeks
Sponsored by:	DARPA/AFRL
2014-06-20 17:08:32 +00:00
Baptiste Daroussin
01c2b8ac0d use .Mt to mark up email addresses consistently (part2)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:57:27 +00:00
Bryan Drewery
864c53ead8 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
Julio Merino
8c7ec47a40 Move atf-sh from /usr/bin/ to /usr/libexec/
In r266650, we made libatf-c and libatf-c++ private libraries so that no
components outside of the source tree could unintendedly depend on them.

This change does the same for the "atf-sh library" by moving the atf-sh
interpreter from its public location in /usr/bin/ to the private location
in /usr/libexec/.  Our build system will ensure that our own test programs
use the right binary, but users won't be able to depend on atf-sh by
"mistake".

Committing this now to ride the UPDATING notice added with r267172 today.
2014-06-06 18:58:06 +00:00
Warner Losh
04efeffe99 When building picobsd, define WITHOUT_OPENSSL and WITHOUT_KERBEROS and
remove the now-redundant checks for RELEASE_CRUNCH. This originally
was defined for building smaller sysinstall images, but was later also
used by picobsd builds for a similar purpose. Now that we've moved
away from sysinstall, picobsd is the only remaining consumer of this
interface. Adding these two options reduces the RELEASE_CRUNCH
special cases in the tree by half.
2014-06-06 04:09:07 +00:00
Julio Merino
17a286a994 Change libatf-c and libatf-c++ to be private libraries.
We should not be leaking these interfaces to the outside world given
that it's much easier for third-party components to use the devel/atf
package from ports.

As a side-effect, we can also drop the ATF pkgconfig and aclocal files
from the base system.  Nothing in the base system needs these, and it
was quite ugly to have to get them installed only so that a few ports
could build.  The offending ports have been fixed to depend on
devel/atf explicitly.

Reviewed by:	bapt
2014-05-25 12:01:13 +00:00
Konstantin Belousov
1c70d00733 Right now, the rtld prefork hook locks the rtld bind lock in the read
mode.  This allows the binder to be functional in the child after the
fork (assuming no lazy loading of a filter is needed), but other rtld
services which require write lock on rtld_bind_lock cause deadlock, if
called by child.

Change the _rtld_atfork() to lock the bind lock in write mode, making
the rtld fully functional after the fork.

Pre-resolve the symbols which are called by the libthr' fork()
interposer, since dynamic resolution causes deadlock due to the
rtld_bind_lock already owned in the write mode.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2014-05-24 10:23:06 +00:00
Konstantin Belousov
490c68de98 Fix LD_LIBMAP.
The r232862 passed the pointer to end of string to lmc_parse() and free().

Submitted by:	Wolfgang Jenkner <wjenkner@inode.at>
MFC after:	1 week
2014-05-18 17:14:08 +00:00
Mark Johnston
7a61fc5a8e - Export the function added in r265456 rather than the non-existent
_rtld_debug_postinit(). [1]
- Use __compiler_membar() instead of inline asm in _r_debug_state() and
  _r_debug_postinit(). [2]

Pointy hat to:	markj [1]
Reported by:	attilio [2]
Discussed with:	kib
X-MFC-With:	r265456
2014-05-07 17:21:22 +00:00
Mark Johnston
a8509eb20e Add a postinit debugger hook to rtld. This will be used by dtrace(1) to halt
the victim process before its entry point is called, at which point probes
and DOF data are registered with the kernel. The r_debug_state hook cannot
be used for this purpose, as it is called before the program's init routines
are invoked and in particular before DOF data is registered (via drti.o).

Reviewed by:	kib
MFC after:	2 weeks
2014-05-06 18:07:58 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Guy Helmer
c759c06046 Fix releasing the lock in the parent atrun process after the queue
directory has been processed. Otherwise, a long-running child process
caused other atrun invocations to stall unnecessarily.
2014-04-17 16:00:26 +00:00
Konstantin Belousov
8cc5663495 Add dwarf annotations to the amd64 _rtld_bind_start to allow debuggers
to unwind around the calls from PLT to binder.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2014-04-14 22:44:50 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Alan Cox
ea8577c712 Before calling mmap() on a shared library's text and data sections, rtld
first calls mmap() with the arguments PROT_NONE and MAP_ANON to reserve a
single, contiguous range of virtual addresses for the entire shared library.
Later, rtld calls mmap() with the the shared library's file descriptor
and the argument MAP_FIXED to place the text and data sections within the
reserved range.  The rationale for mapping shared libraries in this way is
explained in the commit message for Revision 190885.  However, this approach
does have an unintended, negative consequence.  Since the first call to
mmap() specifies MAP_ANON and not the shared library's file descriptor, the
kernel has no idea what alignment the vm object backing the file prefers.
As a result, the reserved range's alignment is unlikely to be the same as
the vm object's, and so mapping with superpages becomes impossible.  To
address this problem, this revision adds the argument MAP_ALIGNED_SUPER to
the first call to mmap() if the text section is larger than the smallest
superpage size.

To determine if the text section is larger than the smallest superpage
size, rtld must always fetch the page size information.  As a result, the
private code for fetching the base page size in rtld's builtin malloc is
redundant.  Eliminate it.  Requested by: kib

Tested by:	zbb (on arm)
Reviewed by:	kib (an earlier version)
Discussed with:	jhb
2014-04-11 16:55:25 +00:00
Julio Merino
f5fd950e35 Make bsd.test.mk the only public mk fragment for the building of tests.
Change {atf,plain,tap}.test.mk to be internal implementation details of
bsd.test.mk.  Makefiles that build tests should now only include bsd.test.mk
and declaratively specify what they want to build, without worrying about
the internal implementation of the mk files.

The reason for this change is to permit building test programs of different
interfaces from a single directory, which is something I had a need for
while porting tests over from src/tools/regression/.

Additionally, this change makes it possible to perform some other requested
changes to bsd.test.mk in an easier manner.  Coming soon.
2014-03-14 08:56:19 +00:00
Dag-Erling Smørgrav
cf961c95e5 Remove lukemftpd. It was disconnected from the build in 2009.
MFC after:	3 days
2014-03-14 08:43:56 +00:00
Christian Brueffer
47babcedb9 Re-format the license to conform to our BSD license template as much
as possible.  This does not change the wording in any way.

Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.  While the
clause itself mentions Lawrence Berkeley Laboratory, UCB is the sole
copyright holder of this file.

Reviewed by:	imp, emaste, eadler
MFC after:	2 weeks
2014-03-13 23:31:05 +00:00
Jilles Tjoelker
dd4abc6a5c ttys(5): Pseudo-terminals are not listed and the network keyword is obsolete. 2014-03-09 22:38:11 +00:00