1. 01 May, 2015 1 commit
  2. 27 Apr, 2015 1 commit
    • kib's avatar
      Change interpretation of the DF_ORIGIN and DF_1_ORIGIN flags. · 786bb389
      kib authored
      According to standard, the presence of the flags only means that the
      object path must be resolved at the time object loading, instead of my
      reading that the flag is required to enable token substitution at all.
      
      The consequence is that -z origin linker flag is no longer required
      for the token substitution in the run/rpath or the needed library
      soname.  It is only recommended if token substition is needed at
      dlopen(3) time, since namecache might drop the required entries at the
      time of resolution.
      
      Found, reviewed and tested by:	emaste
      Sponsored by:	The FreeBSD Foundation
      MFC after:	1 week
      786bb389
  3. 22 Apr, 2015 1 commit
    • rodrigc's avatar
      Support file verification in MAC. · b5fb244c
      rodrigc authored
      * Add VCREAT flag to indicate when a new file is being created
      * Add VVERIFY to indicate verification is required
      * Both VCREAT and VVERIFY are only passed on the MAC method vnode_check_open
        and are removed from the accmode after
      * Add O_VERIFY flag to rtld open of objects
      * Add 'v' flag to __sflags to set O_VERIFY flag.
      
      Submitted by:		Steve Kiernan <stevek@juniper.net>
      Obtained from:		Juniper Networks, Inc.
      GitHub Pull Request:	https://github.com/freebsd/freebsd/pull/27
      Relnotes:		yes
      b5fb244c
  4. 15 Apr, 2015 1 commit
  5. 03 Apr, 2015 1 commit
  6. 02 Apr, 2015 1 commit
  7. 31 Mar, 2015 1 commit
  8. 29 Mar, 2015 1 commit
    • kib's avatar
      Change compiler setting to make default visibility of the symbols for · 563a44c1
      kib authored
      rtld on x86 to be hidden.  This is a micro-optimization, which allows
      intrinsic references inside rtld to be handled without indirection
      through PLT.  The visibility of rtld symbols for other objects in the
      symbol namespace is controlled by a version script.
      
      Reviewed by:	kan, jilles
      Sponsored by:	The FreeBSD Foundation
      MFC after:	2 weeks
      563a44c1
  9. 27 Feb, 2015 1 commit
  10. 30 Jan, 2015 4 commits
  11. 25 Jan, 2015 1 commit
  12. 04 Jan, 2015 1 commit
    • kib's avatar
      Do not erronously export 'openat' symbol from rtld. · 63d6bc23
      kib authored
      The symbol leaked after r276630 since lib/libc/sys/openat.c defines
      versions for openat using .symver (version script cannot assign two
      versions to one symbol), and rtld uses openat.  Instead, directly use
      __sys_openat().
      
      Reported and tested by:	antoine
      Sponsored by:	The FreeBSD Foundation
      MFC after:	1 week
      63d6bc23
  13. 03 Jan, 2015 1 commit
  14. 11 Dec, 2014 1 commit
  15. 02 Dec, 2014 1 commit
    • jhb's avatar
      The runtime linker needs to include a path to itself in the link map · c6eaca62
      jhb authored
      it exports to the debugger.  It currently has two choices: it can use
      a compiled-in path (/libexec/ld-elf.so.1) or it can use the path stored
      in the interpreter path in the binary being executed.  The runtime linker
      currently prefers the second.  However, this is usually wrong for compat32
      binaries since the binary specifies the path of rtld on a 32-bit system
      (/libexec/ld-elf.so.1) instead of the actual path (/libexec/ld-elf32.so.1).
      For now, always assume the compiled in path (/libexec/ld-elf32.so.1) as
      the rtld path and ignore the path in the binary for the 32-bit runtime
      linker.
      
      Differential Revision:	https://reviews.freebsd.org/D1236
      Reviewed by:	kib
      c6eaca62
  16. 25 Nov, 2014 1 commit
  17. 21 Nov, 2014 1 commit
  18. 09 Oct, 2014 1 commit
    • emaste's avatar
      Always return pathname in dl_iterate_phdr's dlpi_name, as Linux does · 4e4631a4
      emaste authored
      Linux LD_ITERATE_PHDR(3):
          The dlpi_name field is a null-terminated string giving the
          pathname from which the shared object was loaded.
      
      That functionality is much more useful than returning just the short
      name.
      
      Approved by:	kan
      Sponsored by:	The FreeBSD Foundation
      4e4631a4
  19. 29 Aug, 2014 2 commits
    • kib's avatar
      Optimize r270798, only do the second pass over non-plt relocations · 359d218e
      kib authored
      when the first pass found IFUNCs.
      
      Sponsored by:	The FreeBSD Foundation
      MFC after:	2 weeks
      359d218e
    • kib's avatar
      IFUNC symbol type shall be processed for non-PLT relocations, · c5152576
      kib authored
      e.g. when a global variable is initialized with a pointer to ifunc.
      Add symbol type check and call resolver for STT_GNU_IFUNC symbol types
      when processing non-PLT relocations, but only after non-IFUNC
      relocations are done.  The two-phase proceessing is required since
      resolvers may reference other symbols, which must be ready to use when
      resolver calls are done.
      
      Restructure reloc_non_plt() on x86 to call find_symdef() and handle
      IFUNC in single place.
      
      For non-x86 reloc_non_plt(), check for call for IFUNC relocation and
      do nothing, to avoid processing relocs twice.
      
      PR:	193048
      Sponsored by:	The FreeBSD Foundation
      MFC after:	2 weeks
      c5152576
  20. 27 Aug, 2014 1 commit
  21. 07 Jul, 2014 1 commit
    • marcel's avatar
      Remove ia64. · 9f28abd9
      marcel authored
      This includes:
      o   All directories named *ia64*
      o   All files named *ia64*
      o   All ia64-specific code guarded by __ia64__
      o   All ia64-specific makefile logic
      o   Mention of ia64 in comments and documentation
      
      This excludes:
      o   Everything under contrib/
      o   Everything under crypto/
      o   sys/xen/interface
      o   sys/sys/elf_common.h
      
      Discussed at: BSDcan
      9f28abd9
  22. 02 Jul, 2014 1 commit
    • marcel's avatar
      Fix r264346 for ia64. We need to allocate memory for the function · 36520146
      marcel authored
      descriptors in order to relocate RTLD itself. To allocate memory,
      we need the pagesizes array initialized, but that happens after
      RTLD is relocated. This ordering is important for amd64, but it's
      opposite of what ia64 needs. Handle this conflict with the define
      called RTLD_INIT_PAGESIZES_EARLY. When defined, obtain the page
      sizes before relocating rtld, otherwise do it after.
      36520146
  23. 20 Jun, 2014 1 commit
    • jonathan's avatar
      Add the LD_LIBRARY_PATH_FDS environmental variable. · ab3c0264
      jonathan authored
      This variable allows the loading of shared libraries via directory descriptors
      rather than via library paths.  If LD_LIBRARY_PATH_FDS=3:4:12, the directories
      represented by file descriptors 3, 4 and 12 will searched for shared libraries
      before the normal path-based mechanisms are used.  This allows us to execute
      unprivileged binaries from within a Capsicum sandbox even if they require
      shared libraries.
      
      Approved by:	rwatson (mentor)
      Reviewed by:	kib
      MFC after:	3 weeks
      Sponsored by:	DARPA/AFRL
      ab3c0264
  24. 07 May, 2014 1 commit
  25. 06 May, 2014 1 commit
    • markj's avatar
      Add a postinit debugger hook to rtld. This will be used by dtrace(1) to halt · 0ee8ca39
      markj authored
      the victim process before its entry point is called, at which point probes
      and DOF data are registered with the kernel. The r_debug_state hook cannot
      be used for this purpose, as it is called before the program's init routines
      are invoked and in particular before DOF data is registered (via drti.o).
      
      Reviewed by:	kib
      MFC after:	2 weeks
      0ee8ca39
  26. 11 Apr, 2014 1 commit
    • alc's avatar
      Before calling mmap() on a shared library's text and data sections, rtld · 5f3ef7ae
      alc authored
      first calls mmap() with the arguments PROT_NONE and MAP_ANON to reserve a
      single, contiguous range of virtual addresses for the entire shared library.
      Later, rtld calls mmap() with the the shared library's file descriptor
      and the argument MAP_FIXED to place the text and data sections within the
      reserved range.  The rationale for mapping shared libraries in this way is
      explained in the commit message for Revision 190885.  However, this approach
      does have an unintended, negative consequence.  Since the first call to
      mmap() specifies MAP_ANON and not the shared library's file descriptor, the
      kernel has no idea what alignment the vm object backing the file prefers.
      As a result, the reserved range's alignment is unlikely to be the same as
      the vm object's, and so mapping with superpages becomes impossible.  To
      address this problem, this revision adds the argument MAP_ALIGNED_SUPER to
      the first call to mmap() if the text section is larger than the smallest
      superpage size.
      
      To determine if the text section is larger than the smallest superpage
      size, rtld must always fetch the page size information.  As a result, the
      private code for fetching the base page size in rtld's builtin malloc is
      redundant.  Eliminate it.  Requested by: kib
      
      Tested by:	zbb (on arm)
      Reviewed by:	kib (an earlier version)
      Discussed with:	jhb
      5f3ef7ae
  27. 08 Apr, 2014 1 commit
    • Oliver Pinter's avatar
      backport ASLR and PIE support to FreeBSD 10-STABLE · 22b2fef1
      Oliver Pinter authored
      
      
      based on my previous work + lattera's extension:
      
      upstream git-id: 401a161083850a9a4ce916f37520c084cff1543b
      
       Changes to be committed:
      	modified:   bin/sh/Makefile
      	modified:   libexec/getty/Makefile
      	modified:   libexec/rtld-elf/rtld.c
      	modified:   sbin/dhclient/Makefile
      	modified:   sbin/hastd/Makefile
      	modified:   sbin/natd/Makefile
      	modified:   sbin/nfsiod/Makefile
      	modified:   sbin/rtsol/Makefile
      	modified:   secure/usr.sbin/sshd/Makefile
      	modified:   share/mk/bsd.own.mk
      	modified:   share/mk/bsd.prog.mk
      	new file:   sys/amd64/conf/OP-ASLR
      	modified:   sys/amd64/include/vmparam.h
      	modified:   sys/compat/freebsd32/freebsd32_misc.c
      	modified:   sys/conf/files
      	modified:   sys/conf/options
      	modified:   sys/kern/imgact_elf.c
      	modified:   sys/kern/kern_exec.c
      	modified:   sys/kern/kern_jail.c
      	new file:   sys/kern/kern_pax.c
      	modified:   sys/sys/jail.h
      	new file:   sys/sys/pax.h
      	modified:   sys/vm/vm_map.c
      	modified:   sys/vm/vm_map.h
      	modified:   sys/vm/vm_mmap.c
      	new file:   tools/build/options/WITH_PIE
      	modified:   usr.sbin/apmd/Makefile
      	modified:   usr.sbin/auditd/Makefile
      	modified:   usr.sbin/auditdistd/Makefile
      	modified:   usr.sbin/bsnmpd/bsnmpd/Makefile
      	modified:   usr.sbin/ctld/Makefile
      	modified:   usr.sbin/daemon/Makefile
      	modified:   usr.sbin/iscsid/Makefile
      	modified:   usr.sbin/jail/Makefile
      	modified:   usr.sbin/jexec/Makefile
      	modified:   usr.sbin/mountd/Makefile
      	modified:   usr.sbin/moused/Makefile
      	modified:   usr.sbin/nfsd/Makefile
      	modified:   usr.sbin/nfsuserd/Makefile
      	modified:   usr.sbin/powerd/Makefile
      	modified:   usr.sbin/rpc.lockd/Makefile
      	modified:   usr.sbin/rpc.statd/Makefile
      	modified:   usr.sbin/rpc.yppasswdd/Makefile
      	modified:   usr.sbin/rpc.ypupdated/Makefile
      	modified:   usr.sbin/rpc.ypxfrd/Makefile
      	modified:   usr.sbin/rpcbind/Makefile
      	modified:   usr.sbin/syslogd/Makefile
      	modified:   usr.sbin/tcpdump/tcpdump/Makefile
      	modified:   usr.sbin/watchdogd/Makefile
      Signed-off-by: default avatarOliver Pinter <oliver.pntr@gmail.com>
      22b2fef1
  28. 21 Feb, 2014 1 commit
  29. 27 Dec, 2013 1 commit
  30. 07 Dec, 2013 1 commit
  31. 06 Dec, 2013 1 commit
    • kib's avatar
      For variant II static TLS, properly align tls segments. Pre-calculate · 6d8fd140
      kib authored
      the max required alignment for the static tls segments, and honor it
      when carving the pieces for next module, from the static space.  Use
      aligned allocator to get properly-aligned dynamic blocks.
      
      Reported by:	dt71@gmx.com
      Reviewed by:	kan
      Sponsored by:	The FreeBSD Foundation
      MFC after:	1 week
      6d8fd140
  32. 07 Nov, 2013 1 commit
  33. 07 Oct, 2013 1 commit
  34. 02 Oct, 2013 2 commits
    • markm's avatar
      MFC - tracking update. · e7fc623a
      markm authored
      e7fc623a
    • emaste's avatar
      Populate .rld_map on MIPS for debuggers · 207f0bc6
      emaste authored
      On MIPS the .dynamic section is read-only, so the pointer to rtld
      information for debuggers cannot be stored there (in DT_DEBUG).
      Instead, a special section .rld_map is used.
      
      Sponsored by:	DARPA, AFRL
      Approved by:	re (delphij)
      207f0bc6
  35. 21 Sep, 2013 1 commit