By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.
If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of
module_verbose=0
VE_VEBOSE=0
is sufficient to make the loader almost totally silent.
When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd
Also add better debugging output for is_verified and add_verify_status.
vectx handle compressed modules
When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.
Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc. This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.
Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)
interp.c: restrict interactive input
Apply the same restrictions to interactive input as for
unverified conf and hints files.
Use version.veriexec when LOADER_VERIEXEC is yes
Reviewed by: kevans
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43810
We have BASEPATH defined.
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Reviewed by: dev_submerge.ch, markj
Differential Revision: https://reviews.freebsd.org/D43812
This reverts commit 470f9f13de.
I need more time to figure out how to make this work correctly with
incremental builds, which it currently miserably fails on.
There is no reason anymore to not build these as PIE. Unfortunately
bsd.lib.mk does not allow for building _only_ PIE static libraries, so
lib/clang/Makefile.inc needs a kludge to work around that issue.
MFC after: 1 week
and use the current file offset instead.
Requested by: Vinícius dos Santos Oliveira <vini.ipsmaker@gmail.com>
Reviewed by: jhb
Discussed with: asomers
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43448
In initial hacking I'd bluntly disabled manpage installation in libsys,
then later disabled them for libc, but forgot to fix the former leading
to no syscall manapages.
PR: 276887
Reported by: Martin Birgmeier <d8zNeCFG@aon.at>
The allows gcc + GNU ld to link programs with -m32 -pthread without
erroring out due to _umtx_op_err being undefined (unless -lsys is added
to the link command.
We now always link _umtx_op_err into libthr (not just when it's static)
and filter it with libsys so we call that implementation. The dynamic
implementations (at least the assembly ones) should likely become stubs
as a further refinement.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43783
We need to use libsys.so.7 so that we can work without /usr and because
we're bound a specific ABI.
Reported by: jtrc27, kib
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43772
At runtime, when rtld loads libc it will also load libsys. For each
symbol that is present in both, the libsys one will override the libc
one. It continues to be the case that program need only link against
libc (usually implicitly). The linkage to libsys is automatic.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
Declare in sys/umtx.h and implement in libsys. Explicitly link libthr
with libsys.
When building libthr static include _umtx_op_err so we don't break static
linkage with -lpthread.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
libsys provides the FreeBSD kernel interface (auxargs, system calls,
vdso). It can be linked directly for programs using a non-standard
libc and will later be linked as a filter library to libc providing
the actual system call implementation.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
We now export all _ and __sys_ prefixed syscalls stubs from libc and
libsys so that libsys can replace them.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
This is part of the interface to the kernel and some syscall wrappers
depend on it so move it there.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
auxv support requires _once(), but we don't want the libsys version
stomping on the libc version should they diverge in the future. We
could rename it entierly, but for now just hook it in via Makefile.sys.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
rfork_thread(3) is assembly that makes syscalls directly and uses
cerror so it belongs in libsys.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
libc/<arch>/sys/Makefile.inc -> libsys/<arch>/Makefile.sys.
Require that libsys/<arch>/Makefile.sys exist. At least for current
archtiectures, it's not possible for an architecture to not have and MD
syscall bits.
powerpcspe/Makefile.sys's structure means it had to be modified when moved
so rename detection won't work, but it has trivial contents so the
history is unimportant.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
These system call wrappers call interposed system calls in fairly
trivial ways. Move them over to libsys so all __libsys_interposer
consumers end up in libsys.
Also move recvmmsg and sendmmsg as they are documented with recv and
send.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
Remove core system call implementations and documentation to lib/libsys
and lib/libsys/<arch> from lib/libc/sys and lib/libc/<arch>/<sys>.
Update paths to allow libc to find them in their new home.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
System calls or their wrappers are now interposed by
__libsys_interposing with purely libc entries remaining in
__libc_interposing.
Use __libsys_interposing_slot in libthr to update __libsys_interposing,
but also make __libc_interposing_slot fall back to
__libsys_interposing_slot so an out of date libc has a chance of working
during updates.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
If the caller didn't use jailparam_import() to fetch the parameter
value, an attempt to export it will trigger a segfault. Make it a bit
easier to figure out what's happening in this situation.
PR: 276809
Reviewed by: jamie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43732
The way the __fp_type_select macro uses the _Generic expression causes
gcc to throw a warning on valid code if the -Wconversion flag is used.
For example, consider the following program:
#include <math.h>
int main()
{
double x = 1.0;
isnan(x);
return 0;
}
which throws a warning:
$ gcc -Wconversion a.c
a.c:5:15: warning: conversion from 'double' to 'float' may change value [-Wfloat-conversion]
5 | isnan(x);
| ^
This happens because the functions are invoked inside of the _Generic.
Looking at the example of _Generic in the C11 specification, one sees
that the parameters are outside of the _Generic expression (see page 79
here: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf).
Reference: https://stackoverflow.com/a/68309379
Signed-off-by: Martin Oliveira <martin.oliveira@eideticom.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/841