Commit Graph

2246 Commits

Author SHA1 Message Date
jhb
73e564150a Some fixups to the CFI directives for PLT stub entry points.
The directives I added in r323466 and r323501 did not define a valid
CFA until several instructions into the associated functions.  This
triggers an assertion in GDB when generating a stack trace while
stopped at the first instruction of PLT stub entry point since there
is no valid CFA rule for the first instruction.

This is probably just wrong on my part as the non-simple .cfi_startproc
would have defined a valid CFA.  Instead, define a valid CFA as sp + 0
at the start of the functions and then use .cfa_def_offset to change the
offset when sp is adjusted later in the function.

Sponsored by:	DARPA / AFRL
2017-11-10 01:17:26 +00:00
jhb
f77a4e7d64 Use NESTED() instead of LEAF() for rtld_start.
This is only cosmetic, but the entry point for rtld is not a leaf function,
and this avoids two .frame directives for rtld_start.

Sponsored by:	DARPA / AFRL
2017-11-10 01:13:45 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
bdrewery
fdd34babd3 These values already set by src.libnames.mk.
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-10-31 00:03:25 +00:00
trasz
d403a9d535 Use MAP_PRIVATE instead of obsolete MAP_COPY. No functional changes.
MFC after:	2 weeks
2017-10-30 08:56:04 +00:00
trasz
bedd65c99d Plug memory leak on error case.
Reported by:	Coverity
CID:		1382112
MFC after:	2 weeks
2017-10-29 12:07:27 +00:00
trasz
d623bf7192 Remove unneeded calls to access(2) from rtld(1); just call open(2) instead.
The result looks like this:

--- przed       2017-10-21 23:19:21.445034000 +0100
+++ po  2017-10-21 23:18:50.031865000 +0100
@@ -11,7 +11,6 @@ mmap(0x0,102,PROT_READ,MAP_PRIVATE,3,0x0)      = 343665418
 close(3)                                        = 0 (0x0)
 open("/usr/local/etc/libmap.d",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,0165) ERR#2 'No such file or directory'
 munmap(0x80067d000,102)                                 = 0 (0x0)
-access("/usr/local/lib/libintl.so.8",F_OK)      = 0 (0x0)
 openat(AT_FDCWD,"/usr/local/lib/libintl.so.8",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
 fstat(3,{ mode=-rw-r--r-- ,inode=642560,size=55188,blksize=32768 }) = 0 (0x0)
 mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000)
@@ -20,14 +19,13 @@ mmap(0x800877000,40960,PROT_READ|PROT_EXEC,MAP_PRIVATE
 mmap(0x800a81000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xa000) = 34370752512 (0x800a81000)
 munmap(0x80067d000,4096)                        = 0 (0x0)
 close(3)                                        = 0 (0x0)
-access("/usr/local/lib/libc.so.7",F_OK)                 ERR#2 'No such file or directory'
+openat(AT_FDCWD,"/usr/local/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) ERR#2 'No such file or directory'
 openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
 read(3,"Ehnt\^A\0\0\0\M^@\0\0\0\M-2\0\0"...,128) = 128 (0x80)
 fstat(3,{ mode=-r--r--r-- ,inode=970684,size=306,blksize=32768 }) = 0 (0x0)
 lseek(3,0x80,SEEK_SET)                          = 128 (0x80)
 read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,178) = 178 (0xb2)
 close(3)                                        = 0 (0x0)
-access("/lib/libc.so.7",F_OK)                   = 0 (0x0)
 openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
 fstat(3,{ mode=-r--r--r-- ,inode=1605239,size=1910320,blksize=32768 }) = 0 (0x0)
 mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366541824 (0x80067d000)

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12766
2017-10-24 12:56:08 +00:00
trasz
20894895b5 Replace lseek(2)/read(2) pair with pread(2), removing yet another syscall
from the binary startup code.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-10-24 12:04:07 +00:00
trasz
5b7fff3b37 Make find_library() conform to style(9). No functional changes.
Suggested by:	kib
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-10-24 11:24:54 +00:00
trasz
b383c7a174 Reword the conditional; it was ugly, and adding another parameter,
which I'm going to do in a subsequent commit, would make it even uglier.
No functional changes.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-10-24 11:16:38 +00:00
trasz
f80b548569 Use xmalloc and read(2) instead of mmap(2) to read in libmap.conf(5).
This removes the need to call munmap(2) afterwards.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12767
2017-10-24 10:48:26 +00:00
trasz
ae63a24a87 Don't call realpath(3) from libmap rtld code. This gets rid of a few calls
to fstatat(2) at binary startup; the difference looks like this:

--- przed       2017-10-14 13:55:49.983528000 +0100
+++ po  2017-10-14 14:10:39.134343000 +0100
@@ -1,15 +1,10 @@
 mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366173184 (0x800623000)
 issetugid()                                     = 0 (0x0)
-fstatat(AT_FDCWD,"/etc",{ mode=drwxr-xr-x ,inode=1364352,size=2560,blksize=32768 },AT_SYMLINK_NOFOLLOW) = 0 (0x0)
-fstatat(AT_FDCWD,"/etc/libmap.conf",{ mode=-rw-r--r-- ,inode=1373288,size=102,blksize=32768 },AT_SYMLINK_NOFOLLOW) = 0 (0x0)
 openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
 fstat(3,{ mode=-rw-r--r-- ,inode=1373288,size=102,blksize=32768 }) = 0 (0x0)
 mmap(0x0,102,PROT_READ,MAP_PRIVATE,3,0x0)       = 34366205952 (0x80062b000)
 close(3)                                        = 0 (0x0)
-fstatat(AT_FDCWD,"/usr",{ mode=drwxr-xr-x ,inode=561792,size=512,blksize=32768 },AT_SYMLINK_NOFOLLOW) = 0 (0x0)
-fstatat(AT_FDCWD,"/usr/local",{ mode=drwxr-xr-x ,inode=561800,size=512,blksize=32768 },AT_SYMLINK_NOFOLLOW) = 0 (0x0)
-fstatat(AT_FDCWD,"/usr/local/etc",{ mode=drwxr-xr-x ,inode=653279,size=1536,blksize=32768 },AT_SYMLINK_NOFOLLOW) = 0 (0x0)
-fstatat(AT_FDCWD,"/usr/local/etc/libmap.d",0x7fffffffcf50,AT_SYMLINK_NOFOLLOW) ERR#2 'No such file or directory'
+open("/usr/local/etc/libmap.d",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,0165) ERR#2 'No such file or directory'
 munmap(0x80062b000,102)                                 = 0 (0x0)
 openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
 read(3,"Ehnt\^A\0\0\0\M^@\0\0\0\M-2\0\0"...,128) = 128 (0x80)

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12741
2017-10-22 10:32:40 +00:00
eugen
82b41a4415 ftpd(8): fix user context handling.
Apply authenticated user context after update of wtmp(5) at start of session,
so that ftpd process is not killed by kernel with SIGXFSZ when user has
"filesize" limit lower than size of system wtmp file. Same applies
to session finalization: revert to super-user context before update of wtmp.

If ftpd hits limit while writing a file at user request,
do not get killed with SIGXFSZ instantly but apparently ignore the signal,
process error and report it to the user, and continue with the session.

PR:		143570
Approved by:	avg (mentor), mav (mentor)
MFC after:	1 week
2017-10-06 13:46:05 +00:00
jlh
f7dc81f848 Remove rcmds.
If they are still needed, you can find them in the net/bsdrcmds port.

This was proposed June, 20th and approved by various committers [1].
They have been marked as deprecated on CURRENT in r320644 [2] on July, 4th.
Both stable/11 and release/11.1 contain the deprecation notice (thanks to
allanjude@).

Note that ruptime(1)/rwho(1)/rwhod(8) were initially thought to be part of
rcmds but this was a mistake and those are therefore NOT removed.

[1] https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html
[2] https://svnweb.freebsd.org/base?view=revision&revision=320644

Reviewed by:	bapt, brooks
Differential Revision:	https://reviews.freebsd.org/D12573
2017-10-06 08:43:14 +00:00
gordon
daef3d23e9 Deorbit catman. The tradeoff of disk for performance has long since tipped
in favor of just rendering the manpage instead of relying on pre-formatted
catpages. Note, this does not impede the ability to use existing catpages,
it just removes the utility to generate them.

Reviewed by:	imp, allanjude
Approved by:	emaste (mentor)
Differential Revision:	https://reviews.freebsd.org/D12317
2017-09-13 16:35:16 +00:00
jhb
3783785a2f Handle relocations for newer non-PIC MIPS ABI.
Newer binutils supports extensions to the MIPS ABI for non-PIC code
that is used when compiling O32 binaries with clang 5 (but not used
for N64 oddly enough).  These extensions require support for
R_MIPS_COPY relocations as well as a second PLT GOT using
R_MIPS_JUMP_SLOT relocations.

For R_MIPS_COPY, use the same approach as on other architectures where
fixups are deferred to the MD do_copy_relocations.

The additional PLT GOT for jump slots is located in a .got.plt section
which is identified by a DT_MIPS_PLTGOT dynamic entry.  This GOT also
requires fixups for the first two GOT entries just as the normal GOT.
However, the entry point for this second GOT uses a different calling
convention. Rather than passing an offset into the GOT, it passes an
offset into the .rel.plt section.  This requires a second entry point
(_rtld_pltbind_start) which calls the normal _rtld_bind() rather than
_mips_rtld_bind().  This also means providing a real version of
reloc_jmpslot() which is used by _rtld_bind().

In addition, add real implementions of reloc_plt() and
reloc_jmpslots() which walk .rel.plt handling R_MIPS_JUMP_SLOT
relocations.

Reviewed by:	kib
Sponsored by:	DARPA / AFRL
Differential Revision:	https://reviews.freebsd.org/D12326
2017-09-12 17:46:30 +00:00
imp
9b789e10f5 End softfp->hardfp transition period for arm
On hard-float 32-bit arm platforms, always search for the soft float
binaries in the alternative locations.

Sponsored by: Netflix
Differential Review: https://reviews.freebsd.org/D12274
MFC After: 1 week
2017-09-12 17:06:35 +00:00
jhb
698de0bfc6 Add CFI directives for _rtld_bind_start.
This allows debuggers to unwind back into the caller when stopped in the
runtime linker.

Sponsored by:	DARPA / AFRL
2017-09-11 22:18:01 +00:00
dab
048f93ec6e Add a new getty/gettytab capability to generate an initial message dynamically.
This modification adds a new gettytab(5) option (iM) to specify a
program to run that will generate the initial (banner) message that is
displayed before the login prompt. Such a capability is useful when
dynamic information is needed in the banner message that cannot be
supplied by the set of % substitution sequences available in the "im"
option.

Reviewed by:	vangyzen, wblock, manpages
Approved by:	vangyzen (mentor)
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D12108
2017-09-07 00:20:17 +00:00
kib
00bd22b86d Add serial comma.
Submitted by:	wblock
MFC after:	3 days
2017-09-01 16:56:37 +00:00
jhb
438c415da1 Compile reloc.o with -fno-jump-tables on MIPS.
In particular, the switch statement on the type of dynamic entries
in _rtld_relocate_nonplt_self() needs to not use a jump table since
jump tables on MIPS use local GOT entries which aren't initialized
until after this loop.

Suggested by:	arichardson
Reviewed by:	emaste
Sponsored by:	DARPA / AFRL
2017-08-30 20:00:15 +00:00
jhb
02b4490919 Read max_stack_flags from correct object.
'obj' is not initialized here.

Reviewed by:	kib
MFC after:	1 week
Sponsored by:	DARPA / AFRL
2017-08-30 18:22:52 +00:00
ngie
18951eee49 Add supporting changes for Add limited sandbox capability to "make check"
Non-tests/... changes:
- Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration
  and propagate the appropriate environment down to *.test.mk.

tests/... changes:
- Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner,
  since tests/... is a special subdirectory tree compared to the others.

MFC after:	2 months
MFC with:	r322511
Reviewed by:	arch (silence), testing (silence)
Differential Revision:	D12014
2017-08-14 19:21:37 +00:00
br
b002bfbade Support for v1.10 (latest) of RISC-V privilege specification.
New version is not compatible on supervisor mode with v1.9.1
(previous version).

Highlights:
    o BBL (Berkeley Boot Loader) provides no initial page tables
      anymore allowing us to choose VM, to build page tables manually
      and enable MMU in S-mode.
    o SBI interface changed.
    o GENERIC kernel.
      FDT is now chosen standard for RISC-V hardware description.
      DTB is now provided by Spike (golden model simulator). This
      allows us to introduce GENERIC kernel. However, description
      for console and timer devices is not provided in DTB, so move
      these devices temporary to nexus bus.
    o Supervisor can't access userspace by default. Solution is to
      set SUM (permit Supervisor User Memory access) bit in sstatus
      register.
    o Compressed extension is now turned on by default.
    o External GCC 7.1 compiler used.
    o _gp renamed to __global_pointer$
    o Compiler -march= string is now in use allowing us to choose
      required extensions (compressed, FPU, atomic, etc).

Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D11800
2017-08-10 14:18:09 +00:00
br
3364e8aea9 o Replace __riscv__ with __riscv
o Replace __riscv64 with (__riscv && __riscv_xlen == 64)

This is required to support new GCC 7.1 compiler.
This is compatible with current GCC 6.1 compiler.

RISC-V is extensible ISA and the idea here is to have built-in define
per each extension, so together with __riscv we will have some subset
of these as well (depending on -march string passed to compiler):

__riscv_compressed
__riscv_atomic
__riscv_mul
__riscv_div
__riscv_muldiv
__riscv_fdiv
__riscv_fsqrt
__riscv_float_abi_soft
__riscv_float_abi_single
__riscv_float_abi_double
__riscv_cmodel_medlow
__riscv_cmodel_medany
__riscv_cmodel_pic
__riscv_xlen

Reviewed by:	ngie
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D11901
2017-08-07 14:09:57 +00:00
ngie
d26727d972 Add HAS_TESTS to all Makefiles that are currently using the
`SUBDIR.${MK_TESTS}+= tests` idiom.

This is a follow up to r321912.
2017-08-02 08:50:42 +00:00
ngie
734d081ed1 MFhead@r321912 2017-08-02 08:38:36 +00:00
ngie
d810089ddf Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .

No functional change intended.

MFC after:	1 weeks
2017-08-02 08:35:51 +00:00
sephe
b09fed4fd3 hyperv: Add VF bringup scripts and devd rules.
How network VF works with hn(4) on Hyper-V in non-transparent mode:

- Each network VF has a cooresponding hn(4).
- The network VF and the it's cooresponding hn(4) have the same hardware
  address.
- Once the network VF is up, e.g. ifconfig VF up:
  o  All of the transmission should go through the network VF.
  o  Most of the reception goes through the network VF.
  o  Small amount of reception may go through the cooresponding hn(4).
     This reception will happen, even if the the cooresponding hn(4) is
     down.  The cooresponding hn(4) will change the reception interface
     to the network VF, so that network layer and application layer will
     be tricked into thinking that these packets were received by the
     network VF.
  o  The cooresponding hn(4) pretends the physical link is down.
- Once the network VF is down or detached:
  o  All of the transmission should go through the cooresponding hn(4).
  o  All of the reception goes through the cooresponding hn(4).
  o  The cooresponding hn(4) fallbacks to the original physical link
     detection logic.

All these features are mainly used to help live migration, during which
the network VF will be detached, while the network communication to the
VM must not be cut off.  In order to reach this level of live migration
transparency, we use failover mode lagg(4) with the network VF and the
cooresponding hn(4) attached to it.

To ease user configuration for both network VF and non-network VF, the
lagg(4) will be created by the following rules, and the configuration
of the cooresponding hn(4) will be applied to the lagg(4) automatically.

Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D11635
2017-07-31 07:18:15 +00:00
kib
f5d8337496 Allow to specify targets by absolute paths in libmap.conf.
Submitted by:	Tatu Kilappa <tatu.kilappa@iki.fi>
PR:	221032
MFC after:	2 weeks
2017-07-27 08:33:31 +00:00
kib
1daf6d39a8 Language improvements.
Submitted by:	wblock
MFC after:	3 days
Differential revision:	https://reviews.freebsd.org/D10826
2017-07-14 15:42:12 +00:00
delphij
07cd15e90e In open_binary_fd: when using buffer size for strl* and snprintf,
always use >= instead of > to avoid truncation.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D11474
MFC after:	3 days
2017-07-05 06:12:21 +00:00
kib
4c56744947 When reporting undefined symbol, note the version, if specified.
Use the standard syntax of name@version, I do not expect a confusion
due to unlikely possibility of the name containing the '@' character.

Requested by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-07-04 20:19:36 +00:00
allanjude
db35f30854 Add deprecation notices for all rcmd tools
Submitted by:	bcr
Reviewed by:	emaste, bapt, jhl
MFC after:	immediate
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11471
2017-07-04 15:44:30 +00:00
ngie
7f82f9173d atf-sh(3): document atf_init_test_cases(3) fully
The function was missing from the NAME/SYNOPSIS sections. Add a manpage link
to complete the documentation reference.

MFC after:	1 month
2017-06-30 05:49:12 +00:00
delphij
6b0e94a509 Use strlcpy() instead of strncpy() and nul-terminating.
MFC after:	2 weeks
2017-06-28 04:24:10 +00:00
jwd
5a955330d5 A little tweak for performance
Reviewed by: adrian
Approved by: rmacklem (mentor)
MFC after: 3 weeks
2017-06-27 13:24:06 +00:00
kib
caec37f797 Use address space guard to implement inter-segment gap.
Rtld checks and use old MAP_ANON/PROT_NONE method of creating gap if
running on old kernel.

Reviewed by:	alc, markj
Tested by:	pho, Qualys
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-06-24 17:04:27 +00:00
ngie
738093ebd7 Add MLINKS for atf-sh(3) to each of the functions it implements
This hopefully will make atf-sh(3) easier to understand for newcomers,
without having to go through the atf-sh(3) level of indirection.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-06-07 21:18:28 +00:00
ngie
41b7e33402 Revert r319659
I missed the fact that atf-sh(3) already documents atf_check(3). I'll
be adding an manpage link for that instead in the next commit.

MFC after:	1 week
MFC with:	r319659
Sponsored by:	Dell EMC Isilon
2017-06-07 21:11:32 +00:00
ngie
cbfb5e59c0 Add an MLINK for atf_check(1) -> atf-check(1)
This is being done to make the documentation for atf-check(1) easier to find/more
intuitive for new users, because atf_check is the atf-run(1) shell version of the
standalone atf-check(1) command, which is used in atf-sh(3) test programs.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-06-07 21:03:27 +00:00
kib
4af7f7589a Document direct execution mode for rtld.
Reviewed by:	emaste, jonathan (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D10826
2017-05-29 13:38:26 +00:00
kib
26edd6a926 Correct explanation of the dynamic tokens handling.
Reviewed by:	emaste, jonathan
Sponsored by:	The FreeBSD Foundation
X-Differential Revision:	https://reviews.freebsd.org/D10826
2017-05-29 13:36:32 +00:00
vangyzen
977249ca11 rtld: fix warnings about redundant declarations
Fix warnings about redundant declarations in rtld
when libthr in increased to WARNS=6.

Reviewed by:	kib
MFC after:	3 days
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D10934
2017-05-26 15:55:03 +00:00
kib
32b7611c73 For ld.so direct execution mode, implement -p option: search for the
binary in $PATH.

Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D10790
2017-05-23 10:00:52 +00:00
kib
ce4b581267 Update my copyright, note The FreeBSD Foundation involvement.
While tweaking copyright block, switch to use __FBSDID for tag.

Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-05-18 09:34:26 +00:00
kib
2e07e1ff4d Fix style [1], add static keyword before static function definition.
Noted by:	bapt [1]
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-05-18 09:31:30 +00:00
jonathan
f74c0ee574 Fix some nroff syntax in rtld.1.
When I originally documented the LD_LIBRARY_PATH_FDS environment variable,
I used `.Ev` rather than `.It Ev` to introduce it; this led to the
documentation being embedded in the previous paragraph (LD_LIBRARY_PATH).
2017-05-18 00:32:05 +00:00
jonathan
6eac0c2874 Allow rtld direct-exec to take a file descriptor.
When executing rtld directly, allow a file descriptor to be explicitly
specified rather than opened from the given path. This, together with the
LD_LIBRARY_PATH_FDS environment variable, allows dynamically-linked
applications to be executed from within capability mode.

Also add some rudimentary argument parsing (without pulling in getopt or
the like) to accept this file descriptor, a help (-h) option and a basic
usage string.

Reviewed by:	kib
Sponsored by:	NSERC, RDC
Differential Revision:	https://reviews.freebsd.org/D10751
2017-05-17 22:51:28 +00:00
kib
3736dfaf97 Pretend that there is some security when executing in direct mode.
Do not allow direct exec if we the process is suid. Try to follow Unix
permission checks for DACs, ignore ACLs.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D10750
2017-05-16 19:53:38 +00:00