1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-14 10:09:48 +00:00
Commit Graph

3204 Commits

Author SHA1 Message Date
Ed Maste
7c807d7708 retire LINKER_FEATURES filter flag
And build libdl unconditionally.  All supported FreeBSD linkers accept
-F / --filter so there is no need to test for support.

Discussed with:	kib
Sponsored by:	The FreeBSD Foundation
2018-11-12 20:44:22 +00:00
Mariusz Zaborski
cdd6ea94b0 libcasper: introduce cap_fileargs service
cap_fileargs is a Casper service which helps to sandbox applications that need
access to the filesystem namespace. The main purpose of the service is to make
easy to capsicumize applications that works on multiple files passed in argv.

We have a couple example of using it but we still treat this service as an
experimental one.

Reviewed by:	emsate (previous version), jonathan (partially)
Discussed with:	many
Differential Revision:	https://reviews.freebsd.org/D14407
2018-11-12 17:40:47 +00:00
Andrew Turner
a0e4ca397e Add the (untested) mips and sparc64 .init call sequences.
The BSD crtbegin/crtend code now builds on all architectures, however
further work is needed to check if it works correctly.

MFC with:	r339738
Sponsored by:	DARPA, AFRL
2018-11-07 09:49:25 +00:00
Ed Maste
bf81eb3ca9 Add a WITH_BIND_NOW build knob
The linker's -z now flag sets the DF_BIND_NOW flag, which signals to the
runtime loader that all relocation processing should be performed at
process startup rather than on demand.  In combination with lld's
default of enabling relro this causes the GOT to be made read-only when
the process starts, preventing straightforward GOT overwrite attacks.

Shawn Webb discovered a failure on HardenedBSD with BIND_NOW and ifunc
use, which resulted in my rtld fix in r340137.  Add a BIND_NOW knob as
it is trivial to do so and is a useful ELF hardening feature.  This
change is equivalent to HardenedBSD's but not identical as there are
other diffs/conflicts nearby.

Note that our ELF Tool Chain readelf does not currently decode the
DF_BIND_NOW flag - see PR232983.

Reviewed by:	brooks
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17846
2018-11-06 15:52:49 +00:00
Conrad Meyer
d83db3fb6a Drop ed(1) "crypto"
You should not be using DES.  You should not have been using DES for the
past 30 years.

The ed DES-CBC scheme lacked several desirable properties of a sealed
document system, even ignoring DES itself.  In particular, it did not
provide the "integrity" cryptographic property (detection of tampering), and
it treated ASCII passwords as 64-bit keys (instead of using a KDF like
scrypt or PBKDF2).

Some general approaches ed(1) users might consider to replace the removed
DES mode:

1. Full disk encryption with something like AES-XTS.  This is easy to
conceptualize, design, and implement, and it provides confidentiality for
data at rest.  Like CBC, it lacks tampering protection.  Examples include
GELI, LUKS, FileVault2.

2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS,
others).

3. Native encryption at the filesystem layer.  Ext4/F2FS, ZFS, APFS, and
NTFS all have some flavor of this.

4. Storing your files unencrypted.  It's not like DES was doing you much
good.

If you have DES-CBC scrambled files produced by ed(1) prior to this change,
you may decrypt them with:

  openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext>

Reviewed by:	allanjude, bapt, emaste
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D17829
2018-11-04 17:56:16 +00:00
Alex Richardson
d6be9fdde5 Don't run cc --version during cleandir/obj stages
This will no work when there is no cc in $PATH (which is the case before the
cross-tools stage once we no longer inherit $PATH in $WMAKE).
The variables set by bsd.compiler.mk/bsd.linker.mk are not needed in these
stages so this avoids a little bit of makefile parsing.

Reviewed By:	emaste
Approved By:	jhb (mentor)
Differential Revision: https://reviews.freebsd.org/D16814
2018-10-31 10:45:28 +00:00
Bjoern A. Zeeb
43f75d57a2 Introduce an EXPERIMENTAL option for both src.conf(5) and the kernel.
In the last decade(s) we have seen both short term or long term projects
committed to the tree which were considered or even marked "experimental".
While out-of-tree development has become easier than it used to be in
CVS times, there still is a need to have the code shipping with HEAD but
not enabled by default.

While people may think about VIMAGE as one of the recent larger, long term
projects, early protocol implementations (before they are standardised)
are others.  (Free)BSD historically was one of the operating systems
which would have running code at early stages and help develop and
influence standardisation and the industry.

Give developers an opportunity to be more pro-active for early adoption
or running large scale code changes stumbling over each others but not
the user's feet.  I have not added the option to NOTES in order to avoid
breaking supported option builds, which require constant compile testing.

Discussed with:	people in the corridor
2018-10-30 15:46:30 +00:00
Andrew Turner
31d62a73c2 Implement a BSD licensed crtbegin/crtend
These are needed for .ctors/.dtors and .jcr handling. The former needs
all the function pointers to be called in the correct order from the
.init/.fini section. The latter just needs to call a gcj specific function
if it exists with a pointer to the start of the .jcr section.

This is currently disabled until __dso_handle support is added.

Reviewed by:	emaste
MFC after:	1 month
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17587
2018-10-25 17:39:41 +00:00
Alex Richardson
74f6548619 Only compute the X_COMPILER_*/X_LINKER_* variables when needed
When building CheriBSD we have to set XLD/XCC/XCFLAGS on the command line.
This triggers the $XCC != $CC case in bsd.compiler.mk (and the same for LD
in bsd.linker.mk) which causes it to call ${XCC} --version and
${XLD} --version (plus various awk+sed+echo calls) in every subdirectory.
For incremental builds and stages that only walk the source tree this is
often the majority of the time spent in that directory.

By only computing the value of the X_COMPILER_*/X_LINKER_* variables if
_WANT_TOOLCHAIN_CROSS_VARS is set we can reduce the number of cc/ld calls
to once per build stage instead of once per recursive make.

With this change (and no changes to the sources) the `make includes` stage
now takes 28 seconds at -j1 instead of 86 seconds.

Approved By:	brooks (mentor)
Differential Revision: https://reviews.freebsd.org/D17046
2018-10-23 06:31:25 +00:00
Warner Losh
983a395d1a Use BROKEN_OPTIONS for NVME, HYPERV, CXGBETOOL and MLX5TOOL instead of
__DEFAULT_YES/NO. These options simply cannot work where we were using
__DEFAULT_NO. The proper thing to do in that case is to use the
BROKEN_OPTIONS knob instead.
2018-10-21 06:52:10 +00:00
Ed Maste
fc191b1111 Introduce src.conf knob to build userland with retpoline
WITH_RETPOLINE enables -mretpoline vulnerability mitigation in userland
for CVE-2017-5715.

Reported by:	Peter Malcom
Reviewed by:	markj
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17421
2018-10-21 00:27:59 +00:00
Yuri Pankov
4644f9bef6 Add -b/-l options to localedef(1) to specify output endianness and use
it appropriately when building share/ctypedef and share/colldef.

This makes the resulting locale data in EL->EB (amd64->powerpc64) cross
build and in the native EB build match.  Revert the changes done to libc
in r308170 as they are no longer needed.

PR:		231965
Reviewed by:	bapt, emaste, sbruno, 0mp
Approved by:	kib (mentor)
Differential Revision:	https://reviews.freebsd.org/D17603
2018-10-20 20:51:05 +00:00
Dag-Erling Smørgrav
0ffba31975 Add libssl to libldns for DANE.
Approved by:	re (gjb)
2018-10-12 05:27:58 +00:00
Nathan Whitehorn
49f1151fb6 Loader GELI support, like lua loader, seems to be broken on PowerPC as
well as on SPARC64 and can cause boot failures even when no encrypted
disks are present. Presumably, the reasons, while unknown, are the same
and most-likely are the result of some endian-unsafe code. Pending
finding the actual problem, extend the blacklist entry for these parts
of loader on SPARC to also cover all PowerPC platforms.

Approved by:	re (kib)
2018-10-11 00:54:39 +00:00
Glen Barber
01d4e2149e MFH r338661 through r339200.
Sponsored by:	The FreeBSD Foundation
2018-10-05 17:53:47 +00:00
Andreas Tobler
a669177576 Set the default loader for powerpc64 back to to forth too.
The commit from r338893 covered only the powerpc build.

Approved by:	re (kib)
2018-10-03 19:09:09 +00:00
Andreas Tobler
697fb19207 Set the default loader for powerpc(32- and 64-bit) back to to forth.
There are some issues with the lua-loader. To be on the safe side, use a well
known and working loader.

Approved by: re (glen)
2018-09-22 20:58:43 +00:00
Jung-uk Kim
acd3ae1266 Link libcrypto with pthread. 2018-09-20 00:20:04 +00:00
Brooks Davis
5b87c94a46 Only enable HyperV support by default on x86.
Without this we get spurious output during boot as we try to run
nonexistant HyperV scripts on non-x86 models.

Reviewed by:	kib
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D17211
2018-09-18 16:06:24 +00:00
Bryan Drewery
4be52feeca DIRS: Rework how duplicated dirs are installed.
- Warn if multiple DIRS have conflicting metadata
- This fixes META_MODE writing to a very long .meta file that contained
  the full DESTDIR path.

Reported by:	sjg, jonathan
Sponsored by:	Dell EMC
Approved by:	re (gjb)
2018-09-17 22:15:12 +00:00
Bryan Drewery
ebd2a66265 installdirs can be a recursive/standalone target.
Sponsored by:	Dell EMC
Approved by:	re (gjb)
2018-09-17 22:15:09 +00:00
Bryan Drewery
c86ac3193f PROGS: Don't redundantly process DIRS.
Sponsored by:	Dell EMC
Approved by:	re (gjb)
2018-09-17 22:15:06 +00:00
Bryan Drewery
c655284641 DIRS: installdirs should also be .PHONY
Sponsored by:	Dell EMC
Approved by:	re (gjb, kib)
2018-09-17 22:14:53 +00:00
Ed Maste
657b6006ba Enable reproducible builds in advance of 12.0-REL
We want to build the 12.0 release artifacts with reproducible builds
mode enabled. Switch it on in HEAD now to enable testing with upcoming
ALPHA builds. We can revisit the default setting for HEAD after the
branch is created.

This change eliminates the build metadata (user, hostname, timestamp,
etc.) from the kernel and loader.  If the src tree is a git, svn or p4
checkout with changes then the metadata is retained.

The WITHOUT_REPRODUCIBLE_BUILD src.conf(5) knob can be used to revert
to the previous behaviour.

Approved by:	re (gjb)
Sponsored by:	The FreeBSD Foundation
2018-09-13 14:26:53 +00:00
Ruslan Bukin
888c8381ad Enable 'C'-compressed ISA extension.
This was disabled recently due to lack of support in KDB disassembler
and DTrace FBT provider. Support for 'C'-extension to both of these was
added, so we can now enable 'C'-extension.

This reduces size of the kernel important for low-end embedded devices,
and saves cache footprint for high perfomance machines.

Approved by:	re (kib)
Sponsored by:	DARPA, AFRL
2018-09-03 14:43:16 +00:00
Brad Davis
d8c069708e Add beforeinstallconfig to bsd.confs.mk to enable running commands prior to
the installconfig target.

Approved by:	re (rgrimes), bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16874
2018-08-28 22:22:06 +00:00
Kurt Lidl
f54d801ae5 Turn off LOADER_GELI and LOADER_LUA for sparc64, until those options
are fully debugged.  With these options off, the unified "loader"
binary for sparc64 works to boot a kernel from ZFS.

Submitted by:	kevans
Reviewed by:	imp kevans
2018-08-22 15:29:54 +00:00
Kyle Evans
7920ad944b libbe(3): Move build goop back out of cddl/
Some background: in the GSoC project, libbe/Makefile lived in lib/libbe. I
created projects/bectl branch, maintained the above for all of five
minutes before I misread Makefile.inc1 and decided that it couldn't possibly
build outside of cddl/, so I kicked the Makefile out into the cddl/ build
and all was good. The misreading was of the bit where .WAIT is added to
SUBDIR after lib, libexec but prior to building bin and cddl *only during
the install targets*, which is the critical part.

Fast forward- buildworld was still broken in my branch unbeknownst to me
because I didn't nuke my OBJDIR. Combing through Makefile.inc1 eventually
revealed the necessary magic to make sure that libbe's dependencies are
specified well enough, and it becomes clear what needs done to make a
non-cddl/ build work. This is an interesting prospect, because the build
split is kind of annoying to work with.

IGNORE_PRAGMA is added to avoid dropping WARNS by one more. This was
previously pulled in via cddl/Makefile.inc.
2018-08-18 03:20:59 +00:00
Ed Maste
113025767e Enable LLD_IS_LD by default on armv7
lld should now be a usable linker for armv7, and is already used as the
bootstrap linker (for linking the kernel and userland).  Also enable as
the system linker now (/usr/bin/ld) for further testing and evaluation.
(This change will be reverted in case of unexpected fallout.)

Approved by:	manu
Sponsored by:	The FreeBSD Foundation
2018-08-16 09:11:34 +00:00
Warner Losh
9d45c24cc4 Create a loader for each interpreter for x86 BIOS and all EFI
Create loader_{4th,lua,simp}{,.efi}. All of these are installed by
default. Create LOADER_DEFAULT_INTERP to specify the default
interpreter when no other is specified. LOADER_INTERP is the current
interpreter language building. Turn building of lua on by default to
match 4th. simploader is a simplified loader build w/o any interpreter
language (but with a simple loader).  This is the historic behavir you
got with WITHOUT_FORTH. Make a hard link to the default loader. This
has to be a hard link rather than the more desirable soft link because
older zfsboot blocks don't support symlinks.

RelNotes: Yes
Differential Revision: https://reviews.freebsd.org/D16705
2018-08-14 18:44:41 +00:00
Kyle Evans
14b841d4a8 MFH @ r337607, in preparation for boarding 2018-08-11 04:26:29 +00:00
Kyle Evans
a6061733c6 libbe(3): Add to bsd.libnames.mk 2018-08-11 04:07:00 +00:00
Dimitry Andric
89edb881e6 Add optional LLVM BPF target support
BPF (eBPF) is an independent instruction set architecture which is
introduced in Linux a few years ago. Originally, eBPF execute
environment was only inside Linux kernel. However, recent years there
are some user space implementation (https://github.com/iovisor/ubpf,
https://doc.dpdk.org/guides/prog_guide/bpf_lib.html) and kernel space
implementation for FreeBSD is going on
(https://github.com/YutaroHayakawa/generic-ebpf).

The BPF target support can be enabled using WITH_LLVM_TARGET_BPF, as it
is not built by default.

Submitted by:	Yutaro Hayakawa <yhayakawa3720@gmail.com>
Reviewed by:	dim, bdrewery
Differential Revision: https://reviews.freebsd.org/D16033
2018-08-09 21:28:31 +00:00
John Baldwin
a6bb5342e3 Correct default path of kernel modules. 2018-08-09 16:42:13 +00:00
Bryan Drewery
6a318e696e DIRS: Fix duplicate target warnings. 2018-08-08 19:15:48 +00:00
Bryan Drewery
c16d241dcc DIRS: Ensure existing directory still has permissions set. 2018-08-08 19:15:45 +00:00
Simon J. Gerraty
a6589ab760 Update dirdeps.mk et al to latest
dirdeps.mk and meta.autodep.mk will now look for
Makefile.depend.options
to handle optional dependencies, the work is all done by
dirdeps-options.mk

Also update to latest meta.stage.mk and gendirdeps.mk

Reviewed by:	bdrewery
Differential Revision:	https://reviews.freebsd.org/D15701
2018-08-02 21:33:45 +00:00
Ed Maste
800ab3e3c7 Use lld as the bootstrap linker on armv7 by default
As of r336972 lld is capable linking the armv7 kernel and userland,
so enable it by default.

PR:		229050
Reviewed by:	kevans
Tested by:	kevans
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16528
2018-08-01 19:17:55 +00:00
Ed Maste
3f6cd86b65 Revert accidental change from r336908
By default ld.lld should be the bootstrap linker (only) on i386 right
now.  Once the i386 exp-run with LLD_IS_LD has a good result this will
also be enabled by default.

Reported by:	andrew
Pointy hat to:	emaste
2018-07-30 15:10:06 +00:00
Ed Maste
0d84986542 Makefile.libcompat: correctly append to make variable
Reported by:	hselasky
Pointy hat to:	emaste
2018-07-30 14:42:59 +00:00
Ed Maste
f1a0604de4 Enable ld.lld as bootstrap linker by default on i386
Akin to r327783 for amd64.  lld has been usable for amd64 for quite some
time, but a couple of issues remained that affected i386.  These were
recently addressed upstream in lld and merged into FreeBSD or addressed
directly in FreeBSD (r326831, r326879, r326897, r326957, r333401,
r334626, r336664).

Similarly to the intial amd64 commit this change enables lld only as the
bootstrap linker (used to link the kernel and userland libraries and
executables), while GNU ld.bfd is still installed as /usr/bin/ld and
used for ports builds.  That will be changed shortly, after an exp-run.

This is a recommit of r327823 after additional lld fixes.

PR:		225128 (exp-run)
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2018-07-30 12:38:08 +00:00
Brad Davis
d26b89d9b6 Whitespace only change, no functional change intended.
The padding makes it much easier to read, but occasionally means that commits
like this one have to be done to follow up.  I intentionally kept this
separate from r336841 to try and make things easier to follow later on.

Approved by:	bapt (mentor)
2018-07-28 20:31:03 +00:00
Brad Davis
c696b89541 Fix `make distribute' installing some configs which means CONFS was broken
with etcupdate and mergemaster.

Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16478
2018-07-28 20:26:25 +00:00
Brad Davis
29c3c889cb Avoid a install(1) crash by not using -C when the source is /dev/null
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D16476
2018-07-27 22:46:42 +00:00
Warner Losh
c81b12e0d7 Revert r336773: it removed too much.
r336773 removed all things xscale. However, some things xscale are
really armv5. Revert that entirely. A more modest removal will follow.

Noticed by: andrew@
2018-07-27 21:25:01 +00:00
Warner Losh
626930c2fd Remove xscale support
The OLD XSCALE stuff hasn't been useful in a while. The original
committer (cognet@) was the only one that had boards for it. He's
blessed this removal. Newer XSCALE (GUMSTIX) is for hardware that's
quite old. After discussion on arm@, it was clear there was no support
for keeping it.

Differential Review: https://reviews.freebsd.org/D16313
2018-07-27 18:33:09 +00:00
Eitan Adler
f324fafcc5 Feex a cuple of small typos 2018-07-27 10:44:38 +00:00
Brad Davis
7b821f55bd Convert bsd.files.mk to support DIRS and simplify by only having one install
target.

Also update the pfctl tests Makefile to work with this change.

Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16430
2018-07-26 17:05:33 +00:00
Ruslan Bukin
7ddf05ed5b Disable OFED for RISC-V: it does not build.
Sponsored by:	DARPA, AFRL
2018-07-26 14:15:04 +00:00
John Baldwin
513fdd50ee Install base gdb in /usr/libexec for 32-bit arm by default.
kgdb in ports now supports 32-bit arm kernels.  sparc64 is now the only
remaining architecture which ships base gdb in /usr/bin.

Relnotes:	yes
2018-07-25 18:21:14 +00:00