Commit Graph

2424 Commits

Author SHA1 Message Date
brooks
b21d3d4e6b Remove remnants of optimization for > pagesize allocations.
In the past, this allocator seems to have allocated things larger than
a page seperately. Much of this code was removed at some point (perhaps
along with sbrk() used) so remove the rest. Instead, keep allocating in
power-of-two bins up to FIRST_BUCKET_SIZE << (NBUCKETS - 1). If we want
something more efficent, we should use a fancier allocator.

While here, remove some vestages of sbrk() use. Most importantly, don't
try to page align the pagepool since it's always page aligned by mmap().

Reviewed by:	kib
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D21453
2019-09-02 08:03:29 +00:00
brooks
cf5228cea1 Remove some compatability with Seventh Edition UNIX realloc().
In Seventh Edition UNIX, the last pointer passed to free() was
guaranteed to not actually have been freed allowing memory to be
"compacted" via the following pattern:

free(foo);
foo = realloc(foo, newsize);

Further, Andrew Koenig reports in "C Traps and Pitfalls" that the
original realloc() implementation required this pattern.

The C standard is clear that this is Undefined Behavior. Modern
allocators don't support it and no portable code could rely on it so
remove this support.

Note: the removed implementation contains an off-by-one error and if
an item isn't found on the freelist, then twice as much memory as the
largest possible allocation will be copied.

Reviewed by:	kib, imp
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D21296
2019-08-20 16:07:17 +00:00
kevans
2f36fbb56f rtld-elf: fix build with xtoolchain-llvm90
strstr ends up using bcmp when compiled with llvm90; pull it in from libc
as well.

MFC after:	3 days
2019-08-15 17:35:24 +00:00
luporl
8becda8caa [PPC64] Fix rtld direct exec mode
Instead of restoring the saved values of argc, argv and envp,
these must be loaded from the stack that _rtld() modifies.

This fixes rtld direct exec mode.
E.g.: /libexec/ld-elf.so.1 /bin/ls

Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D21131
2019-08-05 13:22:02 +00:00
kib
b571393ab3 rtld-elf: Remove x86 elf_rtld.x linker scripts.
First, amd64 version of the script cannot work at least due to the
wrong architecture specification.  Second, kernel can activate shared
objects for long time, due to PIE support.

It seems the intent was to allow ld-elf.so.1 to be build and used as
an executable.  Since we have direct exec mode implemented for dso
ld-elf.so.1, the non-functional and commented out scripts can be
finally removed.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-08-04 21:43:34 +00:00
cem
db99ae1d76 motd: Generate from template to /var/run
Update login(1), its manual pages, similar utilities, and motd.5 to refer to
the new location.

Suggested by:	delphij@ (re: r349256)
Reviewed by:	bcr (manpages), delphij
Differential Revision:	https://reviews.freebsd.org/D20721
2019-07-20 20:56:31 +00:00
brooks
7d65f38dc7 Restore WARNS?=1 here. I missed that libexec/bootpd/bootpgw existed. 2019-07-19 18:47:13 +00:00
brooks
68c77b0c31 Chain Makefile.inc's so default are inherited as expected.
Remove unneeded or duplicate variables.

No functional change.

Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2019-07-19 17:52:23 +00:00
manu
3628c70daa pkgbase: Add a FreeBSD-bluetooth package
Move the bluetooth related files from FreeBSD-runtime to a new package named
FreeBSD-bluetooth
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and bluetooth isn't needed for that.

Reviewed by:	bapt, gjb
Differential Revision:	https://reviews.freebsd.org/D20959
2019-07-19 15:10:03 +00:00
ian
acdf044438 Limit access to system accounting files.
In 2013 the security chapter of the Handbook was updated in r42501 to
suggest limiting access to the system accounting file [*1] by creating the
initial file with a mode of 0600. This was in part based on a discussion in
the forums [*2]. Unfortunately, this advice is overridden by the fact that a
new file is created as part of periodic daily processing, and the file mode
is set by the rc.d/accounting script.

These changes update the accounting script to create the directory with mode
0750 if it doesn't already exist, and to create the daily file with mode
0640. This limits write access to root only, read access to root and members
of wheel, and eliminates world access completely. For admins who want to
prevent even members of wheel from accessing the files, the mode of the
/var/account directory can be manually changed to 0700, because the script
never creates or changes that directory if it already exists.

The accounting_rotate_log() function now also handles the error cases of no
existing log file to rotate, and attempting to rotate the file multiple
times (.0 file already exists).

Another small change here eliminates the complexity of the mktemp/chmod/mv
sequence for creating a new acct file by using install(1) with the flags
needed to directly create the file with the desired ownership and
modes. That allows coalescing two separate if checkyesno accounting_enable
blocks into one.

These changes were inspired by my investigation of PR 202203.

[1] https://www.freebsd.org/doc/handbook/security-accounting.html
[2] http://forums.freebsd.org/showthread.php?t=41059

PR:		202203
Differential Revision:	https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
arichardson
78da2c22e7 Fix build race when building rtld
I found this on one of the CheriBSD Jenkins builders. Using
beforelinking instead of ${PROG} should fix the dependency for the
DEBUG_FILES case.

Reviewed by:	brooks
2019-07-02 22:11:07 +00:00
arichardson
7cfdfb47dd Fix CROSS_TOOLCHAIN=amd64-gcc build after r349554
Apparently clang can remove the reference to __umoddi3 but GCC keeps it.

Reported by:	lwhsu
2019-06-30 17:03:14 +00:00
arichardson
aeefca8121 Fix my name in license header
Reported by:	trasz
2019-06-30 14:04:30 +00:00
arichardson
8ea98b7069 Reduce size of rtld by 22% by pulling in less code from libc
Currently RTLD is linked against libc_nossp_pic which means that any libc
symbol used in rtld can pull in a lot of depedencies. This was causing
symbol such as __libc_interposing and all the pthread stubs to be included
in RTLD even though they are not required. It turns out most of these
dependencies can easily be avoided by providing overrides inside of rtld.

This change is motivated by CHERI, where we have an experimental ABI that
requires additional relocation processing to allow the use of function
pointers inside of rtld. Instead of adding this self-relocation code to
RTLD I attempted to remove most function pointers from RTLD and discovered
that most of them came from the libc dependencies instead of being actually
used inside rtld.

A nice side-effect of this change is that rtld is now 22% smaller on amd64.

   text	   data	    bss	    dec	    hex	filename
0x21eb6	  0xce0	  0xe60	 145910	  239f6	/home/alr48/ld-elf-x86.before.so.1
0x1a6ed	  0x728	  0xdd8	 113645	  1bbed	/home/alr48/ld-elf-x86.after.so.1

The number of R_X86_64_RELATIVE relocations that need to be processed on
startup has also gone down from 368 to 187 (almost 50% less).

Reviewed By:	kib
Differential Revision: https://reviews.freebsd.org/D20663
2019-06-30 11:49:58 +00:00
arichardson
56e633a631 Use rtld_putstr() instead of write() for the rtld msg() macro
This removes an unnecessary libc dependency from rtld.
See https://reviews.freebsd.org/D20663 for more details.
2019-06-26 15:43:26 +00:00
jhibbits
125154cabb powerpc: Transition to Secure-PLT, like most other OSs
Summary:
PowerPC has two PLT models: BSS-PLT and Secure-PLT.  BSS-PLT uses runtime
code generation to generate the PLT stubs.  Secure-PLT was introduced with
GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and Binutils 2.17), and is a
more secure PLT format, using a read-only linkage table, with the dynamic
linker populating a non-executable index table.

This is the libc, rtld, and kernel support only.  The toolchain and build
parts will be updated separately.

Reviewed By: nwhitehorn, bdragon, pfg
Differential Revision: https://reviews.freebsd.org/D20598
MFC after:	1 month
2019-06-25 00:40:44 +00:00
cem
2535eb9e6b rc.d/motd: Update motd more robustly
Use appropriate fsyncs to persist the rewritten /etc/motd file, when a
rewrite is performed.

Reported by:	Jonathan Walton <jonathan AT isilon.com>
Reviewed by:	allanjude, vangyzen
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20701
2019-06-21 02:37:54 +00:00
cy
255c8657d8 Allow the hostapd program to be specified. This allows users to use
hostapd from ports instead of the one in base. The default is the hostapd
in base.

PR:		238571
MFC after:	1 week
2019-06-17 20:11:02 +00:00
cem
6b9e37bf0a /etc/rc.d/local: Fix typo in description
PR:		238448
Submitted by:	Marián Černý <majo-bugs.freebsd.org AT cerny.sk>
2019-06-10 13:34:18 +00:00
rgrimes
4616fcd6d7 Correctly align usage: output 2019-05-25 11:22:49 +00:00
manu
dd6f658fb7 pkgbase: Remove etc/zfs from being packaged
This is an empty directory and it cause a FreeBSD-zfs package to
be created when we don't need one.

Reviewed by:	bapt
2019-05-23 06:53:59 +00:00
ian
b20953fd32 Remove accidentally-added blank line; the style throughout this file
is to use no whitespace between a comment block and the code it describes.
2019-05-23 01:49:08 +00:00
ian
3f912ff987 Handle the driftfile option correctly when ntpd_flags is empty.
The logic I originally wrote to detect whether a driftfile option was in the
set of flags was based on the result of removing the pattern *flag* being an
empty string.  That didn't handle the case where the string was empty to
begin with.  Doh!  So now it also specifically checks for an empty string.

The result of the bad check was that ntpd would run without a driftfile, but
it would do so only if it was running as root instead of the non-priveleged
ntpd user, which isn't a typical case.  Ntpd runs fine without a driftfile,
although it does take it longer to stabilize the clock frequency at startup.

Reported by:	avg@
Pointy hat:	ian@
MFC after:	some testing
2019-05-23 01:41:49 +00:00
cem
a4cd5928a7 save-entropy(8), rc.d/random: Set nodump flag
Tag saved entropy files as "nodump," to signal that the files should not be
backed up by dump(8) or other automated backup software that honors the file
flag.

Do not produce an error if the target file resides on a filesystem that does
not support file flags (e.g., msdos /boot).

Reviewed by:	delphij
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20358
2019-05-22 21:47:17 +00:00
manu
f424e10a39 pkgbase: Really move rc.sendmail
Messed up with git->svn in r348100
2019-05-22 07:40:39 +00:00
manu
e288ffc500 pkgbase: Really move rc.bsdextended
Messed up with git->svn in r348099
2019-05-22 07:39:59 +00:00
manu
b22d67238c pkgbase: Really move rc.firewall
Messed up with git->svn in r348098
2019-05-22 07:38:54 +00:00
manu
5b97bfe96b pkgbase: Move rc.sendmail to libexec/rc
Reviewed by:	bapt
2019-05-22 07:22:08 +00:00
manu
b01fc6ae4c pkgbase: Move rc.bsdextended to libexec/rc
Reviewed by:	bapt
2019-05-22 07:21:39 +00:00
manu
162a1148dd pkgbase: Move rc.firewall to libexec/rc
Put it with all the other rc files

Reviewed by:	bapt
2019-05-22 07:21:05 +00:00
markj
d20f945f23 Marginally improve usage() message style in bootpd.
- Remove an extra space after "usage:".
- Avoid lines exceeding 80 columns.

Based on notes from rgrimes.

MFC with:	r348066
Event:		Waterloo Hackathon 2019
2019-05-22 04:13:57 +00:00
emaste
fee72ad3a9 bootpd: avoid the same error indication for different issues
There were several (apparently) copy-pasted NEED validation macros,
leading to the same error string for different issues.  Change the
YP and NTP tags so they are distinct.

PR:		30863
Submitted by:	Dan Lukes <dan@obluda.cz>
Reviewed by:	markj
MFC after:	1 week
Event:		Waterloo Hackathon 2019
2019-05-21 21:27:14 +00:00
markj
53fa0f1251 bootpd: Add an option to skip modifications to the ARP table.
PR:		30854
Submitted by:	Dan Lukes <dan@obluda.cz>
Reviewed by:	imp (previous version)
MFC after:	1 week
Event:		Waterloo Hackathon 2019
Differential Revision:	https://reviews.freebsd.org/D2581
2019-05-21 21:22:43 +00:00
brooks
979311de39 Change ed(4), ep(4), and fxp(4) examples to em(4).
ed(4) and ep(4) have been removed. fxp(4) remains popular in older
systems, but isn't as future proof as em(4).

Reviewed by:	bz, jhb
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D20311
2019-05-18 21:01:36 +00:00
kib
7b940212e1 rtld_malloc.c: cleanup morepages().
Use roundup2() and rounddown2() instead of inlining them.
Get rid of the fd local variable, use literal -1 for the mmap argument.
Use MAP_FAILED as mmap(2) failure indicator.
After that, apply some style.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-16 13:13:33 +00:00
kib
6e3417b2d8 Remove more dead definitions from rtld_malloc.c after r347019.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-16 13:07:26 +00:00
ae
f60e7d9600 Add ipsec.ko to required_modules for rc.d/ipsec script.
Thus it can be automatically loaded if ipsec_enable="YES" and option IPSEC
is not in the kernel config.

MFC after:	1 week
2019-05-06 08:30:53 +00:00
kib
2dc0d9edaa Switch to use shared vnode locks for text files during image activation.
kern_execve() locks text vnode exclusive to be able to set and clear
VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0
condition.

The change removes VV_TEXT, replacing it with the condition
v_writecount <= -1, and puts v_writecount under the vnode interlock.
Each text reference decrements v_writecount.  To clear the text
reference when the segment is unmapped, it is recorded in the
vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and
v_writecount is incremented on the map entry removal

The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that
v_writecount does not contradict the desired change.  vn_writecheck()
is now racy and its use was eliminated everywhere except access.
Atomic check for writeability and increment of v_writecount is
performed by the VOP.  vn_truncate() now increments v_writecount
around VOP_SETATTR() call, lack of which is arguably a bug on its own.

nullfs bypasses v_writecount to the lower vnode always, so nullfs
vnode has its own v_writecount correct, and lower vnode gets all
references, since object->handle is always lower vnode.

On the text vnode' vm object dealloc, the v_writecount value is reset
to zero, and deadfs vop_unset_text short-circuit the operation.
Reclamation of lowervp always reclaims all nullfs vnodes referencing
lowervp first, so no stray references are left.

Reviewed by:	markj, trasz
Tested by:	mjg, pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
kib
e854394704 Cleanup for rtld_malloc.c.
- Remove dead and most likely rotten MALLOC_DEBUG, MSTAT, and RCHECK options.
- Remove unused headers.
- Remove one case of undefined behavior where left shift could overflow.
  It is impossible on practice for rtld and libthr consumer.

PR:	237577
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-02 15:03:16 +00:00
lev
df040cdbc0 Make mdmfs verbose if diskless boot is verbose.
Approved by:	ian@
Differential Revision:	D17104
2019-04-26 14:44:50 +00:00
kib
551099d589 Fix order of destructors between main binary and libraries.
Since inits for the main binary are run from rtld (for some time), the
rtld_exit atexit(3) handler, which is passed from rtld to the program
entry and installed by csu, is installed after any atexit(3) handlers
installed by main binary constructors.  This means that rtld_exit() is
fired before main binary handlers.

Typical C++ static constructors are executed from init (either binary
or libs) but use atexit(3) to ensure that destructors are called in
the right order, independent of the linking order.  Also, C++
libraries finalizers call __cxa_finalize(3) to flush library'
atexit(3) entries.  Since atexit(3) entry is cleared after being run,
this would be mostly innocent, except that, atexit(rtld_exit) done
after main binary constructors, makes destructors from libraries
executed before destructors for main.

Fix by reordering atexit(rtld_exit) before inits for main binary, same
as it happened when inits were called by csu.  Do it using new private
libc symbol with pre-defined ABI.

Reported. tested, and reviewed by:	kan
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-15 13:03:09 +00:00
kib
b652ed5f59 ld-elf.so: make LD_DEBUG always functional.
This causes some increase of the dynamic linker size, but benefits of
avoiding compiling private copy or the linker when debugging is
required. definitely worth it.

The dbg() calls can be compiled out by defining LD_NO_DEBUG symbol.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-14 18:04:53 +00:00
crees
d2a873b062 Revert r346017 pending compiled-in zfs fix
PR:		237172
Approved by:	jilles
Differential Revision:	https://reviews.freebsd.org/D18670
2019-04-10 07:51:13 +00:00
crees
fdf4ebb85e Remove now unnecessary kldstat check before attempting to load modules.
Since r233109, kldload has the -n option, which silently ignores options
that are already loaded.

https://lists.freebsd.org/pipermail/freebsd-rc/2018-December/003899.html

Note that this script no longer reports if the module is already loaded,
but it could be argued this wasn't particularly useful information.

PR:			docs/234248
Reviewed by:		bcr (docs), kib, rgrimes (visual)
Approved by:		jilles
Differential Revision:	https://reviews.freebsd.org/D18670
2019-04-07 18:31:45 +00:00
ae
793f238762 Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf
Reported by:	Andrey Fesenko
X-MFC after:	r345450
2019-04-06 17:21:05 +00:00
eugen
645d0bb86c network.subr: improve configuration of cloned gif(4) interfaces
ifconfig(8) syntax allows to specify only single address_family,
so we need additional invocation of ifconfig to support configuration
of cloned gif interface that may use different address families
for its internal and external addresses.

Also, ifconfig(8) does not allow to omit "inet6" keyword for address family
specifying IPv6 addresses as outer addresses of the interface.

Also, address_family is not "parameter" and it has to go before parameters
including "tunnel" keyword, so "ifconfig gif0 tunnel inet6 $oip1 $oip2" would be
wrong syntax and only "ifconfig gif0 inet6 tunnel $oip1 $oip2" is right.

With this change, the following works:

gifconfig_gif0="inet6 2a00::1 2a01::1"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.252"

MFC after:	2 weeks
2019-04-05 22:45:08 +00:00
cem
942f34746a random(4): Attempt to persist entropy promptly
The goal of saving entropy in Fortuna is two-fold: (1) to provide early
availability of the random device (unblocking) on next boot; and (2), to
have known, high-quality entropy available for that initial seed.  We know
it is high quality because it's output taken from Fortuna.

The FS&K paper makes it clear that Fortuna unblocks when enough bits have
been input that the output //may// be safely seeded.  But they emphasize
that the quality of various entropy sources is unknown, and a saved entropy
file is essential for both availability and ensuring initial
unpredictability.

In FreeBSD we persist entropy using two mechanisms:

1. The /etc/rc.d/random shutdown() function, which is used for ordinary
   shutdowns and reboots; and,

2. A cron job that runs every dozen minutes or so to persist new entropy, in
   case the system suffers from power loss or a crash (bypassing the
   ordinary shutdown path).

Filesystems are free to cache dirty data indefinitely, with arbitrary flush
policy.  Fsync must be used to ensure the data is persisted, especially for
the cron job save-entropy, whose entire goal is power loss and crash safe
entropy persistence.

Ordinary shutdown may not need the fsync because unmount should flush out
the dirty entropy file shortly afterwards.  But it is always possible power
loss or crash occurs during the short window after rc.d/random shutdown runs
and before the filesystem is unmounted, so the additional fsync there seems
harmless.

PR:		230876
Reviewed by:	delphij, markj, markm
Approved by:	secteam (delphij)
Differential Revision:	https://reviews.freebsd.org/D19742
2019-03-31 04:57:50 +00:00
kib
9638d3e2e6 Fix initial exec TLS mode for dynamically loaded shared objects.
If dso uses initial exec TLS mode, rtld tries to allocate TLS in
static space. If there is no space left, the dlopen(3) fails. If space
if allocated, initial content from PT_TLS segment is distributed to
all threads' pcbs, which was missed and caused un-initialized TLS
segment for such dso after dlopen(3).

The mode is auto-detected either due to the relocation used, or if the
DF_STATIC_TLS dynamic flag is set.  In the later case, the TLS segment
is tried to allocate earlier, which increases chance of the dlopen(3)
to succeed.  LLD was recently fixed to properly emit the flag, ld.bdf
did it always.

Initial test by:	dumbbell
Tested by:	emaste (amd64), ian (arm)
Tested by:	Gerald Aryeetey <aryeeteygerald_rogers.com> (arm64)
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D19072
2019-03-29 17:52:57 +00:00
emaste
7ebe05b989 rtld: attempt to fix reloc_non_plt TLS allocation on MIPS
allocate_tls_offset returns true on success.  The same issue existed
on arm and was fixed in r345693.

PR:		236880
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2019-03-29 15:07:00 +00:00
emaste
2ef156ce23 rtld: attempt to fix reloc_nonplt_object TLS allocation
allocate_tls_offset returns true on success.  This still needs more
testing and review, but this change is consistent with other archs.

PR:		236880
Reported by:	Andrew Gierth <andrew@tao11.riddles.org.uk>
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-03-29 14:35:23 +00:00