1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-16 10:20:30 +00:00
Commit Graph

2414 Commits

Author SHA1 Message Date
Andriy Gapon
5fda0d60c1 add ability to set watchdog timeout for a shutdown
This change allows to specify a watchdog(9) timeout for a system
shutdown.  The timeout is activated when the watchdogd daemon is
stopped.  The idea is to a prevent any indefinite hang during late
stages of the shutdown.  The feature is implemented in rc.d/watchdogd,
it builds upon watchdogd -x option.

Note that the shutdown timeout is not actiavted when the watchdogd
service is individually stopped by an operator.  It is also not
activated for the 'shutdown' to the single-user mode.  In those cases it
is assumed that the operator knows what they are doing and they have
means to recover the system should it hang.

Significant subchanges and implementation details:
- the argument to rc.shutdown, completely unused before, is assigned to
  rc_shutdown variable that can be inspected by rc scripts
- init(8) passes "single" or "reboot" as the argument, this is not
  changed
- the argument is not mandatory and if it is not set then rc_shutdown is
  set to "unspecified"
- however, the default jail management scripts and jail configuration
  examples have been updated to pass "jail" to rc.shutdown, just in case
- the new timeout can be set via watchdogd_shutdown_timeout rc option
- for consistency, the regular timeout can now be set via
  watchdogd_timeout rc option
- watchdogd_shutdown_timeout and watchdogd_timeout override timeout
  specifications in watchdogd_flags
- existing configurations, where the new rc options are not set, should
  keep working as before

I am not particularly wed to any of the implementation specifics.
I am open to changing or removing any of them as long as the provided
functionality is the same (or very close) to the proposed one.
For example, I think it can be implemented without using watchdogd -x,
by means of watchdog(1) alone.  In that case there would be a small
window between stopping watchdogd and running watchdog, but I think that
that is acceptable.

Reviewed by:	bcr (man page changes)
MFC after:	5 weeks
Relnotes:	yes
Differential Revision: https://reviews.freebsd.org/D21221
2019-10-03 11:23:10 +00:00
Edward Tomasz Napierala
028af4ae67 Rename etc/rc.d/abi to etc/rc.d/linux; after moving out the SysV IPC stuff
it's entirely linux-specific.

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21830
2019-10-02 11:40:40 +00:00
Edward Tomasz Napierala
c97588b451 Move the SysV IPC stuff out of the 'abi' rc script, into a new one:
'sysvipc' - it has nothing to do with ABIs, and I'd like to later
rename 'abi' to 'linux', which better describes its purpose and also
matches the rcvar name.

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21615
2019-09-28 09:12:41 +00:00
John-Mark Gurney
3ed737eb91 fix the article to be correct... 2019-09-16 22:48:40 +00:00
Brandon Bergren
d020b3ebde Fix aux_info corruption in rtld direct execution mode.
After the aux vector is moved, it is necessary to re-digest aux_info so the
pointers are updated to the new locations.

This was causing thread creation to fail on powerpc64 when using direct
execution due to a nonsense value being read for aux_info[AT_STACKPROT].

Approved by: jhibbits (mentor)
Differential Revision: https://reviews.freebsd.org/D21656
2019-09-14 21:18:10 +00:00
Mateusz Piotrowski
d15e810db9 rc: Honor ${name}_env when a custom *_cmd is defined (e.g., start_cmd)
A user may set ${name}_env variable in rc.conf(5) in order to set additional
environment variables for a service command.  Unfortunately, at the moment
this variable is only honored when the command is specified via the command
variable. Those additional environment variables coming from ${name}_env
are never set if the service is started via the ${rc_arg}_cmd variable (for
example start_cmd).

PR:		239692
Reviewed by:	bcr, jilles
Approved by:	src (jilles)
Differential Revision:	https://reviews.freebsd.org/D21228
2019-09-05 14:52:22 +00:00
Emmanuel Vadot
8c15be73b6 pkgbase: Move rc scripts and related files to their own packages
It doesn't need to be in runtime and might help people who want to
experiment with other rc system or don't use one (like in small
embedded mfsroot).

Reviewed by:	bapt, gjb
Differential Revision:	https://reviews.freebsd.org/D21499
2019-09-05 14:08:45 +00:00
Brooks Davis
389154096a Remove remnants of optimization for > pagesize allocations.
In the past, this allocator seems to have allocated things larger than
a page seperately. Much of this code was removed at some point (perhaps
along with sbrk() used) so remove the rest. Instead, keep allocating in
power-of-two bins up to FIRST_BUCKET_SIZE << (NBUCKETS - 1). If we want
something more efficent, we should use a fancier allocator.

While here, remove some vestages of sbrk() use. Most importantly, don't
try to page align the pagepool since it's always page aligned by mmap().

Reviewed by:	kib
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D21453
2019-09-02 08:03:29 +00:00
Brooks Davis
98ab79066d Remove some compatability with Seventh Edition UNIX realloc().
In Seventh Edition UNIX, the last pointer passed to free() was
guaranteed to not actually have been freed allowing memory to be
"compacted" via the following pattern:

free(foo);
foo = realloc(foo, newsize);

Further, Andrew Koenig reports in "C Traps and Pitfalls" that the
original realloc() implementation required this pattern.

The C standard is clear that this is Undefined Behavior. Modern
allocators don't support it and no portable code could rely on it so
remove this support.

Note: the removed implementation contains an off-by-one error and if
an item isn't found on the freelist, then twice as much memory as the
largest possible allocation will be copied.

Reviewed by:	kib, imp
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D21296
2019-08-20 16:07:17 +00:00
Kyle Evans
12ba1c232d rtld-elf: fix build with xtoolchain-llvm90
strstr ends up using bcmp when compiled with llvm90; pull it in from libc
as well.

MFC after:	3 days
2019-08-15 17:35:24 +00:00
Leandro Lupori
1180fa861b [PPC64] Fix rtld direct exec mode
Instead of restoring the saved values of argc, argv and envp,
these must be loaded from the stack that _rtld() modifies.

This fixes rtld direct exec mode.
E.g.: /libexec/ld-elf.so.1 /bin/ls

Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D21131
2019-08-05 13:22:02 +00:00
Konstantin Belousov
4105901933 rtld-elf: Remove x86 elf_rtld.x linker scripts.
First, amd64 version of the script cannot work at least due to the
wrong architecture specification.  Second, kernel can activate shared
objects for long time, due to PIE support.

It seems the intent was to allow ld-elf.so.1 to be build and used as
an executable.  Since we have direct exec mode implemented for dso
ld-elf.so.1, the non-functional and commented out scripts can be
finally removed.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-08-04 21:43:34 +00:00
Conrad Meyer
2826da432c motd: Generate from template to /var/run
Update login(1), its manual pages, similar utilities, and motd.5 to refer to
the new location.

Suggested by:	delphij@ (re: r349256)
Reviewed by:	bcr (manpages), delphij
Differential Revision:	https://reviews.freebsd.org/D20721
2019-07-20 20:56:31 +00:00
Brooks Davis
4ca9bcd650 Restore WARNS?=1 here. I missed that libexec/bootpd/bootpgw existed. 2019-07-19 18:47:13 +00:00
Brooks Davis
df7a21a703 Chain Makefile.inc's so default are inherited as expected.
Remove unneeded or duplicate variables.

No functional change.

Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2019-07-19 17:52:23 +00:00
Emmanuel Vadot
9553ea80a8 pkgbase: Add a FreeBSD-bluetooth package
Move the bluetooth related files from FreeBSD-runtime to a new package named
FreeBSD-bluetooth
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and bluetooth isn't needed for that.

Reviewed by:	bapt, gjb
Differential Revision:	https://reviews.freebsd.org/D20959
2019-07-19 15:10:03 +00:00
Ian Lepore
1e121c3ef1 Limit access to system accounting files.
In 2013 the security chapter of the Handbook was updated in r42501 to
suggest limiting access to the system accounting file [*1] by creating the
initial file with a mode of 0600. This was in part based on a discussion in
the forums [*2]. Unfortunately, this advice is overridden by the fact that a
new file is created as part of periodic daily processing, and the file mode
is set by the rc.d/accounting script.

These changes update the accounting script to create the directory with mode
0750 if it doesn't already exist, and to create the daily file with mode
0640. This limits write access to root only, read access to root and members
of wheel, and eliminates world access completely. For admins who want to
prevent even members of wheel from accessing the files, the mode of the
/var/account directory can be manually changed to 0700, because the script
never creates or changes that directory if it already exists.

The accounting_rotate_log() function now also handles the error cases of no
existing log file to rotate, and attempting to rotate the file multiple
times (.0 file already exists).

Another small change here eliminates the complexity of the mktemp/chmod/mv
sequence for creating a new acct file by using install(1) with the flags
needed to directly create the file with the desired ownership and
modes. That allows coalescing two separate if checkyesno accounting_enable
blocks into one.

These changes were inspired by my investigation of PR 202203.

[1] https://www.freebsd.org/doc/handbook/security-accounting.html
[2] http://forums.freebsd.org/showthread.php?t=41059

PR:		202203
Differential Revision:	https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
Alex Richardson
0cc62e2695 Fix build race when building rtld
I found this on one of the CheriBSD Jenkins builders. Using
beforelinking instead of ${PROG} should fix the dependency for the
DEBUG_FILES case.

Reviewed by:	brooks
2019-07-02 22:11:07 +00:00
Alex Richardson
10faac99fb Fix CROSS_TOOLCHAIN=amd64-gcc build after r349554
Apparently clang can remove the reference to __umoddi3 but GCC keeps it.

Reported by:	lwhsu
2019-06-30 17:03:14 +00:00
Alex Richardson
e1470c8f96 Fix my name in license header
Reported by:	trasz
2019-06-30 14:04:30 +00:00
Alex Richardson
b54a59f3ba Reduce size of rtld by 22% by pulling in less code from libc
Currently RTLD is linked against libc_nossp_pic which means that any libc
symbol used in rtld can pull in a lot of depedencies. This was causing
symbol such as __libc_interposing and all the pthread stubs to be included
in RTLD even though they are not required. It turns out most of these
dependencies can easily be avoided by providing overrides inside of rtld.

This change is motivated by CHERI, where we have an experimental ABI that
requires additional relocation processing to allow the use of function
pointers inside of rtld. Instead of adding this self-relocation code to
RTLD I attempted to remove most function pointers from RTLD and discovered
that most of them came from the libc dependencies instead of being actually
used inside rtld.

A nice side-effect of this change is that rtld is now 22% smaller on amd64.

   text	   data	    bss	    dec	    hex	filename
0x21eb6	  0xce0	  0xe60	 145910	  239f6	/home/alr48/ld-elf-x86.before.so.1
0x1a6ed	  0x728	  0xdd8	 113645	  1bbed	/home/alr48/ld-elf-x86.after.so.1

The number of R_X86_64_RELATIVE relocations that need to be processed on
startup has also gone down from 368 to 187 (almost 50% less).

Reviewed By:	kib
Differential Revision: https://reviews.freebsd.org/D20663
2019-06-30 11:49:58 +00:00
Alex Richardson
e69dc8626a Use rtld_putstr() instead of write() for the rtld msg() macro
This removes an unnecessary libc dependency from rtld.
See https://reviews.freebsd.org/D20663 for more details.
2019-06-26 15:43:26 +00:00
Justin Hibbits
f62da49b2f powerpc: Transition to Secure-PLT, like most other OSs
Summary:
PowerPC has two PLT models: BSS-PLT and Secure-PLT.  BSS-PLT uses runtime
code generation to generate the PLT stubs.  Secure-PLT was introduced with
GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and Binutils 2.17), and is a
more secure PLT format, using a read-only linkage table, with the dynamic
linker populating a non-executable index table.

This is the libc, rtld, and kernel support only.  The toolchain and build
parts will be updated separately.

Reviewed By: nwhitehorn, bdragon, pfg
Differential Revision: https://reviews.freebsd.org/D20598
MFC after:	1 month
2019-06-25 00:40:44 +00:00
Conrad Meyer
cd07b6eddc rc.d/motd: Update motd more robustly
Use appropriate fsyncs to persist the rewritten /etc/motd file, when a
rewrite is performed.

Reported by:	Jonathan Walton <jonathan AT isilon.com>
Reviewed by:	allanjude, vangyzen
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20701
2019-06-21 02:37:54 +00:00
Cy Schubert
2b951e9c6d Allow the hostapd program to be specified. This allows users to use
hostapd from ports instead of the one in base. The default is the hostapd
in base.

PR:		238571
MFC after:	1 week
2019-06-17 20:11:02 +00:00
Conrad Meyer
f0e5d3ff8e /etc/rc.d/local: Fix typo in description
PR:		238448
Submitted by:	Marián Černý <majo-bugs.freebsd.org AT cerny.sk>
2019-06-10 13:34:18 +00:00
Rodney W. Grimes
327477d6c5 Correctly align usage: output 2019-05-25 11:22:49 +00:00
Emmanuel Vadot
39fb10372c pkgbase: Remove etc/zfs from being packaged
This is an empty directory and it cause a FreeBSD-zfs package to
be created when we don't need one.

Reviewed by:	bapt
2019-05-23 06:53:59 +00:00
Ian Lepore
9c6dc2fec5 Remove accidentally-added blank line; the style throughout this file
is to use no whitespace between a comment block and the code it describes.
2019-05-23 01:49:08 +00:00
Ian Lepore
a2119d62c0 Handle the driftfile option correctly when ntpd_flags is empty.
The logic I originally wrote to detect whether a driftfile option was in the
set of flags was based on the result of removing the pattern *flag* being an
empty string.  That didn't handle the case where the string was empty to
begin with.  Doh!  So now it also specifically checks for an empty string.

The result of the bad check was that ntpd would run without a driftfile, but
it would do so only if it was running as root instead of the non-priveleged
ntpd user, which isn't a typical case.  Ntpd runs fine without a driftfile,
although it does take it longer to stabilize the clock frequency at startup.

Reported by:	avg@
Pointy hat:	ian@
MFC after:	some testing
2019-05-23 01:41:49 +00:00
Conrad Meyer
26c4978843 save-entropy(8), rc.d/random: Set nodump flag
Tag saved entropy files as "nodump," to signal that the files should not be
backed up by dump(8) or other automated backup software that honors the file
flag.

Do not produce an error if the target file resides on a filesystem that does
not support file flags (e.g., msdos /boot).

Reviewed by:	delphij
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20358
2019-05-22 21:47:17 +00:00
Emmanuel Vadot
19dad0edbe pkgbase: Really move rc.sendmail
Messed up with git->svn in r348100
2019-05-22 07:40:39 +00:00
Emmanuel Vadot
410304e347 pkgbase: Really move rc.bsdextended
Messed up with git->svn in r348099
2019-05-22 07:39:59 +00:00
Emmanuel Vadot
5d8c2d4c4f pkgbase: Really move rc.firewall
Messed up with git->svn in r348098
2019-05-22 07:38:54 +00:00
Emmanuel Vadot
424383210b pkgbase: Move rc.sendmail to libexec/rc
Reviewed by:	bapt
2019-05-22 07:22:08 +00:00
Emmanuel Vadot
f4022639ae pkgbase: Move rc.bsdextended to libexec/rc
Reviewed by:	bapt
2019-05-22 07:21:39 +00:00
Emmanuel Vadot
f0f0053abc pkgbase: Move rc.firewall to libexec/rc
Put it with all the other rc files

Reviewed by:	bapt
2019-05-22 07:21:05 +00:00
Mark Johnston
d3f77d0afe Marginally improve usage() message style in bootpd.
- Remove an extra space after "usage:".
- Avoid lines exceeding 80 columns.

Based on notes from rgrimes.

MFC with:	r348066
Event:		Waterloo Hackathon 2019
2019-05-22 04:13:57 +00:00
Ed Maste
34366bc932 bootpd: avoid the same error indication for different issues
There were several (apparently) copy-pasted NEED validation macros,
leading to the same error string for different issues.  Change the
YP and NTP tags so they are distinct.

PR:		30863
Submitted by:	Dan Lukes <dan@obluda.cz>
Reviewed by:	markj
MFC after:	1 week
Event:		Waterloo Hackathon 2019
2019-05-21 21:27:14 +00:00
Mark Johnston
35131b4616 bootpd: Add an option to skip modifications to the ARP table.
PR:		30854
Submitted by:	Dan Lukes <dan@obluda.cz>
Reviewed by:	imp (previous version)
MFC after:	1 week
Event:		Waterloo Hackathon 2019
Differential Revision:	https://reviews.freebsd.org/D2581
2019-05-21 21:22:43 +00:00
Brooks Davis
ffda67901e Change ed(4), ep(4), and fxp(4) examples to em(4).
ed(4) and ep(4) have been removed. fxp(4) remains popular in older
systems, but isn't as future proof as em(4).

Reviewed by:	bz, jhb
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D20311
2019-05-18 21:01:36 +00:00
Konstantin Belousov
3cac4083ef rtld_malloc.c: cleanup morepages().
Use roundup2() and rounddown2() instead of inlining them.
Get rid of the fd local variable, use literal -1 for the mmap argument.
Use MAP_FAILED as mmap(2) failure indicator.
After that, apply some style.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-16 13:13:33 +00:00
Konstantin Belousov
37f0b7f1d7 Remove more dead definitions from rtld_malloc.c after r347019.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-16 13:07:26 +00:00
Andrey V. Elsukov
51d97e1b23 Add ipsec.ko to required_modules for rc.d/ipsec script.
Thus it can be automatically loaded if ipsec_enable="YES" and option IPSEC
is not in the kernel config.

MFC after:	1 week
2019-05-06 08:30:53 +00:00
Konstantin Belousov
78022527bb Switch to use shared vnode locks for text files during image activation.
kern_execve() locks text vnode exclusive to be able to set and clear
VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0
condition.

The change removes VV_TEXT, replacing it with the condition
v_writecount <= -1, and puts v_writecount under the vnode interlock.
Each text reference decrements v_writecount.  To clear the text
reference when the segment is unmapped, it is recorded in the
vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and
v_writecount is incremented on the map entry removal

The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that
v_writecount does not contradict the desired change.  vn_writecheck()
is now racy and its use was eliminated everywhere except access.
Atomic check for writeability and increment of v_writecount is
performed by the VOP.  vn_truncate() now increments v_writecount
around VOP_SETATTR() call, lack of which is arguably a bug on its own.

nullfs bypasses v_writecount to the lower vnode always, so nullfs
vnode has its own v_writecount correct, and lower vnode gets all
references, since object->handle is always lower vnode.

On the text vnode' vm object dealloc, the v_writecount value is reset
to zero, and deadfs vop_unset_text short-circuit the operation.
Reclamation of lowervp always reclaims all nullfs vnodes referencing
lowervp first, so no stray references are left.

Reviewed by:	markj, trasz
Tested by:	mjg, pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
Konstantin Belousov
5cac2021fe Cleanup for rtld_malloc.c.
- Remove dead and most likely rotten MALLOC_DEBUG, MSTAT, and RCHECK options.
- Remove unused headers.
- Remove one case of undefined behavior where left shift could overflow.
  It is impossible on practice for rtld and libthr consumer.

PR:	237577
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-02 15:03:16 +00:00
Lev A. Serebryakov
26e8ed624e Make mdmfs verbose if diskless boot is verbose.
Approved by:	ian@
Differential Revision:	D17104
2019-04-26 14:44:50 +00:00
Konstantin Belousov
760e34772c Fix order of destructors between main binary and libraries.
Since inits for the main binary are run from rtld (for some time), the
rtld_exit atexit(3) handler, which is passed from rtld to the program
entry and installed by csu, is installed after any atexit(3) handlers
installed by main binary constructors.  This means that rtld_exit() is
fired before main binary handlers.

Typical C++ static constructors are executed from init (either binary
or libs) but use atexit(3) to ensure that destructors are called in
the right order, independent of the linking order.  Also, C++
libraries finalizers call __cxa_finalize(3) to flush library'
atexit(3) entries.  Since atexit(3) entry is cleared after being run,
this would be mostly innocent, except that, atexit(rtld_exit) done
after main binary constructors, makes destructors from libraries
executed before destructors for main.

Fix by reordering atexit(rtld_exit) before inits for main binary, same
as it happened when inits were called by csu.  Do it using new private
libc symbol with pre-defined ABI.

Reported. tested, and reviewed by:	kan
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-15 13:03:09 +00:00
Konstantin Belousov
e3e21edb19 ld-elf.so: make LD_DEBUG always functional.
This causes some increase of the dynamic linker size, but benefits of
avoiding compiling private copy or the linker when debugging is
required. definitely worth it.

The dbg() calls can be compiled out by defining LD_NO_DEBUG symbol.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-14 18:04:53 +00:00
Chris Rees
b11974c250 Revert r346017 pending compiled-in zfs fix
PR:		237172
Approved by:	jilles
Differential Revision:	https://reviews.freebsd.org/D18670
2019-04-10 07:51:13 +00:00