Limit some cc options based upon features

Limit the use of stack clash protection and zeroregs based upon
compiler features:
- switch unconditional use of stack clash protection into a compiler

Limit some cc options based upon features

Limit the use of stack clash protection and zeroregs based upon
compiler features:
- switch unconditional use of stack clash protection into a compiler
feature
- limit the use of stack clash protection on unsupported architectures
(I did not wade into the source of each compiler to determine when
support arrived for each architecture, I used the compiler version
when it was introduced with what is supported currently)
- add a safeguard for stack clash protection in places where we have no
SSP provisions (we may not need it, but better safe than sorry when
something changes or is overridden by the user)
- limit the use of zeroregs the same way, so that even specifying it
will not lead to build failures (useful for universe builds when
WITH_ZEROREGS is specified in src.conf)

Differential Revision: https://reviews.freebsd.org/D48724

show more ...

Add option to clear caller-used registers on function return.

The WITH_ZEROREGS option for src.conf will zero caller-used register
contents just before returning from a function, ensuring that
tempo

Add option to clear caller-used registers on function return.

The WITH_ZEROREGS option for src.conf will zero caller-used register
contents just before returning from a function, ensuring that
temporary values are not leaked beyond the function boundary. This
means that register contents are less likely to be available for side
channel attacks and information exposures.

It reduces all except 1 of the simple "write-what-where" ROP gadgets in
/lib:
grep "Gadget found" /tmp/before_lib* | wc -l
197
grep "Gadget found" /tmp/after_lib* | wc -l
1
grep "Gadget found" /tmp/after_lib*
/tmp/after_libbsdxml.so.4.txt: [+] Gadget found: 0x1b3f1 mov qword ptr [rdi], rcx ; pop rbp ; ret

To reproduce:
for lib in *.so.*; do
echo $lib:
ROPgadget --ropchain --binary /tmp/be_mount.Sx87/lib/$lib | sed -n '/Step 1/,/Step 2/p' >! /tmp/before_$lib.txt
ROPgadget --ropchain --binary $lib | sed -n '/Step 1/,/Step 2/p' >! /tmp/after_$lib.txt
done

Additionally, in some cases this reduces the number of all ROP gadgets
(quick check with /libs only):
libalias.so.7: reduction 10.000%
libavl.so.2: reduction 13.900%
libbsdxml.so.4: reduction 37.500%
libc.so.7: reduction 10.000%
libc++.so.1: reduction 14.800%
libcam.so.7: reduction 50.700%
libcap_netdb.so.1: reduction 5.800%
libcasper.so.1: reduction 14.600%
libcrypto.so.30: reduction 7.500%
libdtrace.so.2: reduction 3.900%
libelf.so.2: reduction 15.800%
libgcc_s.so.1: reduction 32.700%
libibverbs.so.1: reduction 5.300%
libicp.so.3: reduction 2.100%
libipt.so.0: reduction 28.200%
libirdma.so.1: reduction 1.600%
libkiconv.so.4: reduction 0%
libm.so.5: reduction 21.900%
libmd.so.6: reduction 0%
libmd.so.7: reduction 3.100%
libncursesw.so.9: reduction 11.200%
libnvpair.so.2: reduction 40.200%
libpcap.so.8: reduction 11.400%
libpjdlog.so.0: reduction 27.400%
libsbuf.so.6: reduction 2.900%
libspl.so.2: reduction 42.300%
libsys.so.7: reduction 2.700%
libthr.so.3: reduction 21.000%
libuutil.so.2: reduction 13.100%
libz.so.6: reduction 5.600%
libzpool.so.2: reduction 15.100%

In some cases it adds some ROP gadgets despite removing the simple ROP
gadgets:
lib80211.so.1: reduction -32.700%
libbe.so.1: reduction -22.300%
libbegemot.so.4: reduction -20.500%
libcap_dns.so.2: reduction -58.000%
libcap_fileargs.so.1: reduction -28.200%
libcap_grp.so.1: reduction -54.000%
libcap_net.so.1: reduction -28.800%
libcap_pwd.so.1: reduction -38.800%
libcap_sysctl.so.2: reduction -71.100%
libcap_syslog.so.1: reduction -15.000%
libcrypt.so.5: reduction -14.600%
libctf.so.2: reduction -.300%
libcxxrt.so.1: reduction -14.000%
libdevstat.so.7: reduction -1.600%
libedit.so.8: reduction -4.200%
libgeom.so.5: reduction -16.500%
libicp_rescue.so.3: reduction -2.300%
libipsec.so.4: reduction -31.800%
libjail.so.1: reduction -21.700%
libkvm.so.7: reduction -5.300%
libmlx5.so.1: reduction -6.300%
libmt.so.5: reduction -23.000%
libnv.so.1: reduction -.400%
librss.so.1: reduction -3.800%
librt.so.1: reduction -24.000%
libssp.so.0: reduction -21.100%
libstats.so.0: reduction -9.000%
libtinfow.so.9: reduction -3.500%
libtpool.so.2: reduction -36.500%
libufs.so.8: reduction -11.900%
libulog.so.0: reduction -67.400%
libumem.so.2: reduction -2.000%
libutil.so.9: reduction -7.200%
libxo.so.0: reduction -9.000%
libzdb.so.2: reduction -11.700%
libzfs_core.so.2: reduction -17.700%
libzfs.so.4: reduction -.300%
libzfsbootenv.so.1: reduction -26.900%
libzutil.so.2: reduction -5.600%

To reproduce:
for lib in *.so.*; do
echo -n $lib:
before="$(ROPgadget --nosys --nojop --binary /tmp/be_mount.Sx87/lib/$lib | tail -n1 | cut -d : -f 2)"
after="$(ROPgadget --nosys --nojop --binary $lib | tail -n1 | cut -d : -f 2)"
echo " reduction" $(bc -S 3 -e "(1-${after}/${before})*100")%
done >/tmp/reduction.txt

Most of the time the size difference is very small (<1% for >50% of the
files and >10% for only 2 files):
lib80211.so.1: size change .100%
libalias.so.7: size change 0%
libavl.so.2: size change 0%
libbe.so.1: size change .100%
libbegemot.so.4: size change .100%
libbsdxml.so.4: size change 0%
libc.so.7: size change 1.200%
libc++.so.1: size change 1.600%
libcam.so.7: size change 1.900%
libcap_dns.so.2: size change .100%
libcap_fileargs.so.1: size change .100%
libcap_grp.so.1: size change .100%
libcap_net.so.1: size change .100%
libcap_netdb.so.1: size change .100%
libcap_pwd.so.1: size change .100%
libcap_sysctl.so.2: size change .100%
libcap_syslog.so.1: size change .100%
libcasper.so.1: size change 0%
libcrypt.so.5: size change 3.900%
libcrypto.so.30: size change 1.400%
libctf.so.2: size change .100%
libcxxrt.so.1: size change .100%
libdevstat.so.7: size change 15.400% exceptional
libdtrace.so.2: size change .600%
libedit.so.8: size change 1.800%
libelf.so.2: size change .100%
libgcc_s.so.1: size change 3.000%
libgeom.so.5: size change 0%
libibverbs.so.1: size change .100%
libicp_rescue.so.3: size change .100%
libicp.so.3: size change 1.500%
libipsec.so.4: size change .100%
libipt.so.0: size change 3.100%
libirdma.so.1: size change .100%
libjail.so.1: size change .100%
libkiconv.so.4: size change .100%
libkvm.so.7: size change .100%
libm.so.5: size change 1.700%
libmd.so.6: size change 0%
libmd.so.7: size change .100%
libmlx5.so.1: size change 0%
libmt.so.5: size change .100%
libncursesw.so.9: size change 1.900%
libnv.so.1: size change 4.300%
libnvpair.so.2: size change 4.300%
libpcap.so.8: size change 1.200%
libpjdlog.so.0: size change .100%
librss.so.1: size change .200%
librt.so.1: size change .100%
libsbuf.so.6: size change .100%
libspl.so.2: size change 0%
libssp.so.0: size change .100%
libstats.so.0: size change .100%
libsys.so.7: size change .100%
libthr.so.3: size change 2.400%
libtinfow.so.9: size change 1.600%
libtpool.so.2: size change .100%
libufs.so.8: size change .100%
libulog.so.0: size change .100%
libumem.so.2: size change 54.300% exceptional
libutil.so.9: size change .100%
libuutil.so.2: size change .100%
libxo.so.0: size change .100%
libz.so.6: size change .100%
libzdb.so.2: size change .300%
libzfs_core.so.2: size change .100%
libzfs.so.4: size change 2.000%
libzfsbootenv.so.1: size change .100%
libzpool.so.2: size change 1.200%
libzutil.so.2: size change 0%

show more ...

bsd.lib.mk: Capitalize "Building" for libraries

This is consistent with the case we use when building object files.

Reviewed by: emaste
Pull request: https://github.com/freebsd/freebsd-src/pull/1542

Retire MK_PROFILE infrastructure

It was disabled by default in fe52b7f60ef4. We planned to (but did not)
remove the option before FreeBSD 14. Remove it now, for FreeBSD 15.

Relnotes: Yes
Reviewed

Retire MK_PROFILE infrastructure

It was disabled by default in fe52b7f60ef4. We planned to (but did not)
remove the option before FreeBSD 14. Remove it now, for FreeBSD 15.

Relnotes: Yes
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31558

show more ...

mk: Add a BTI-report linker feature

Add support for specifying how to report the missing Branch Target
Identification (BTI) linker feature on AArch64.

For:

Kernel: bti-report on when the linker

mk: Add a BTI-report linker feature

Add support for specifying how to report the missing Branch Target
Identification (BTI) linker feature on AArch64.

For:

Kernel: bti-report on when the linker supports it
Userspace: bti-report on when the linker supports it and
BTI_REPORT_ERROR is defined

Fixes: 43e8849bc294 ("conf: Enable BTI checking in the arm64 kernel")
Pull Request: https://github.com/freebsd/freebsd-src/pull/1393

show more ...

arm64: Allow userspace to be built with PAC and BTI

Add the WITH/WITHOUT_BRANCH_PROTECTION build flags. This can be used
to enable the use of pointer authentication (FEAT_PAuth) and branch
target id

arm64: Allow userspace to be built with PAC and BTI

Add the WITH/WITHOUT_BRANCH_PROTECTION build flags. This can be used
to enable the use of pointer authentication (FEAT_PAuth) and branch
target identification (FEAT_BTI) in userspace.

The kernel already handles both of these is userspace, we just need
to enable it.

Leave disabled for a short period for this to settle before enabling.

Reviewed by: emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42596

show more ...

Add an UNDEFINED_VERSION option

When enabled (current default) link with --undefined-version to allow
symbol maps to contain symbols not defined by libraries. When disabled,
link with --no-undefine

Add an UNDEFINED_VERSION option

When enabled (current default) link with --undefined-version to allow
symbol maps to contain symbols not defined by libraries. When disabled,
link with --no-undefined-version to disallow these bugs.

WITHOUT_UNDEFINED_VERSION is currently broken. Once it is fixed it
should be made the default and this option should likely be removed.

Reviewed by: dim, emaste
Differential Revision: https://reviews.freebsd.org/D44169

show more ...

share: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl

share: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

show more ...

pkgbase: put library links and symlinks in the -dev package

Some libraries (e.g. ncurses) install links to the main library for
backwards compatibilty. This change ensures that those links are in th

pkgbase: put library links and symlinks in the -dev package

Some libraries (e.g. ncurses) install links to the main library for
backwards compatibilty. This change ensures that those links are in the
dev package since the files being linked to are in that package.

PR: 249143
MFC after: 1 week
Reviewed by: emaste, manu
Differential Revision: https://reviews.freebsd.org/D41841

show more ...

Add INIT_ALL build option

This option replaces WITH_INIT_ALL_PATTERN and WITH_INIT_ALL_ZERO with
INIT_ALL=pattern and INIT_ALL=zero respectively. As these are
relatively rarely used options no back

Add INIT_ALL build option

This option replaces WITH_INIT_ALL_PATTERN and WITH_INIT_ALL_ZERO with
INIT_ALL=pattern and INIT_ALL=zero respectively. As these are
relatively rarely used options no backwards compatibility is
implemented.

Reviewed by: emaste
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D41675

show more ...

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

mk: fix unnecessary library relinking with incremental builds

Initial libs such as csu are always built (.PHONY), and their
installation to WORLDTMP was causing all the subsequent libraries to
be co

mk: fix unnecessary library relinking with incremental builds

Initial libs such as csu are always built (.PHONY), and their
installation to WORLDTMP was causing all the subsequent libraries to
be considered out-of-date even when in reality they were not. Use
install -C more consistently everywhere to avoid unnecessarily
updating the mtimes in WORLDTMP, fixing this problem.

This cut down my no-change buildworld time from 30 to 15 seconds.

Fixes: https://lists.freebsd.org/pipermail/freebsd-current/2016-May/061481.html
TODO.1

Reviewed by: sjg
Sponsored by: https://www.patreon.com/valpackett
Differential Revision: https://reviews.freebsd.org/D39980

show more ...

bsd.lib.mk: Automatically generate libcompat TAGS

Note that the pattern for matching is made slightly more specific, so as
to permit libcompats where one is a prefix of another (e.g. CheriBSD has
li

bsd.lib.mk: Automatically generate libcompat TAGS

Note that the pattern for matching is made slightly more specific, so as
to permit libcompats where one is a prefix of another (e.g. CheriBSD has
lib64 and lib64c).

Reviewed by: brooks, jhb, emaste
Differential Revision: https://reviews.freebsd.org/D41185

show more ...

share/mk: Pass -znoexecstack to ld.bfd when linking libraries and programs.

lld assumes -znoexecstack by default whereas ld.bfd still defaults to
-zexecstack in the absence of .note.GNU-stack annota

share/mk: Pass -znoexecstack to ld.bfd when linking libraries and programs.

lld assumes -znoexecstack by default whereas ld.bfd still defaults to
-zexecstack in the absence of .note.GNU-stack annotations. Adding the
flags centrally avoids having to patch various libraries in the tree
as one-offs (e.g. OpenSSL 3 is the current thing generating new
warnings with ld.bfd).

Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D41120

show more ...

Assemble .s to .o using cc, not as

As of commit fd71da37d478 we no longer have an `as` in the default
toolchain. Although we do not make use of this rule in the base system
some ports or downstream

Assemble .s to .o using cc, not as

As of commit fd71da37d478 we no longer have an `as` in the default
toolchain. Although we do not make use of this rule in the base system
some ports or downstream projects might. Use `cc -x assembler` instead
of as.

Reviewed by: arichardson
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35859

show more ...

Update -ftrivial-auto-var-init flags for clang >= 16

As of clang 16, the -ftrivial-auto-var-init=zero option no longer needs
-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang

Update -ftrivial-auto-var-init flags for clang >= 16

As of clang 16, the -ftrivial-auto-var-init=zero option no longer needs
-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
to enable the option. Only add it for older clang versions.

PR: 271047
Reviewed by: emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D40208

show more ...

bsd.lib.mk: decouple lib*_pic.a from TOOLCHAIN build knob

A user may use a tool chain from a package or just use an existing
tool chain from a previous installation. There is no reason for this
to

bsd.lib.mk: decouple lib*_pic.a from TOOLCHAIN build knob

A user may use a tool chain from a package or just use an existing
tool chain from a previous installation. There is no reason for this
to disable the installation of lib${LIB}_pic.a.

This also means we don't need to force MK_TOOLCHAIN=yes in lib/libc.

This reverts part of commit c0f5aeb0329d71e6b02379133c0c9c0145c9afea.

Reviewed by: jrtc27
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39917

show more ...

Suppress lld 16 errors about undefined symbols in version maps

lld >= 16 turned on --no-undefined-version by default, which results in
errors whenever symbols are mentioned in version maps, but are

Suppress lld 16 errors about undefined symbols in version maps

lld >= 16 turned on --no-undefined-version by default, which results in
errors whenever symbols are mentioned in version maps, but are not
actually defined in the binary.

Since we have quite a few instances of symbols that are defined or not,
depending on various compile-time settings, suppress this lld check for
the time being.

MFC after: 1 week

show more ...

Install working pkgconfig .pc files for compat libraries

The default ones are install them to /usr/libdata/pkgconfig, and we can't
use this path for compat libraries, so we use /usr/lib<suffix>/pkgc

Install working pkgconfig .pc files for compat libraries

The default ones are install them to /usr/libdata/pkgconfig, and we can't
use this path for compat libraries, so we use /usr/lib<suffix>/pkgconfigi here.

Test Plan: grep -rn libdir= ./usr/lib32/pkgconfig/*.pc
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34939

show more ...

Really fix cross-builds from macOS

LINKER_TYPE is set to mac not macos on macOS.

Fixes: 7927452ac4e9 ("Add RELRO build knob, default to enabled")

Fix cross-builds from macOS

The macOS linker does not support -zrelro/-znorelro. Since it is only
used to for build tools that run on the host, and WITH_RELRO or
WITHOUT_RELRO does not matter there

Fix cross-builds from macOS

The macOS linker does not support -zrelro/-znorelro. Since it is only
used to for build tools that run on the host, and WITH_RELRO or
WITHOUT_RELRO does not matter there, just skip the option.

Reviewed by: markj
Fixes: 2f3a961487c9 ("Add RELRO build knob, default to enabled")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35589

show more ...

Add RELRO build knob, default to enabled

Note that lld enables relro by default, so that we already had either
partial or full RELRO, depending on the state of the BIND_NOW knob.

Add a RELRO knob s

Add RELRO build knob, default to enabled

Note that lld enables relro by default, so that we already had either
partial or full RELRO, depending on the state of the BIND_NOW knob.

Add a RELRO knob so that the option can be disabled if desired, and so
that builds using the GNU toolchain are equivalent to those using the
standard Clang/LLVM toolchain.

Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35545

show more ...

bsd.lib/prog.mk: Remove special case for mips

We no longer need to set the TLS model for mips64*.

Sponsored by: Netflix

Move _p.a profiling archives under MK_INSTALLLIB

_p.a are just a special case of .a archives, and should not be installed
if WITHOUT_INSTALLLIB is set.

MFC after: 1 week
Sponsored by: The FreeBSD F

Move _p.a profiling archives under MK_INSTALLLIB

_p.a are just a special case of .a archives, and should not be installed
if WITHOUT_INSTALLLIB is set.

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

show more ...

ncurses: convert libncursesw.a into a static ldscript

Introduce the notion of static linker scripts to allow libncursesw.a to
track its dependency on libtinfow.a

this allows the build of older free

ncurses: convert libncursesw.a into a static ldscript

Introduce the notion of static linker scripts to allow libncursesw.a to
track its dependency on libtinfow.a

this allows the build of older freebsd source tree to happen and make
static linking in part with dynamic linking which already provides a
ldscript

This fixes a bootstrapping FreeBSD 12 or 13 on recent FreeBSD 14

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D32435

show more ...