HBSD: Add "general compilation hardening" USES
This commit introduces a general catch all for compiler hardening flags
that aren't paired with a specific feature (unlike CFI, for example).
The USES for this is "hardcflags" and the USE_HARDENING flag is
"HARDCFLAGS".
We also enable this by default, though we will most likely need to fix a
number of ports (possibly a large number.) The biggest issue will likely
be the -Wformat-security compilation flag.
As of this writing, the HardenedBSD infrastructure lacks a server that
can perform experimental builds. So we need to apply a broad stroke
initially and resolve failed ports.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
HBSD: Use the right Makefile variables
The -fno-delete-null-pointer-checks is not a warning, but rather a
normal compiler flag.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
MFC-to: 15-STABLE
MFC-to: 14-STABLE
Fixes: ca0a80281e4ee936f0bf9df8f40448d37cd6667d
HBSD: Add various C/C++ hardening flags
One common optimization is to remove NULL pointer checks when the
compiler thinks it's not truly needed. We want to keep those checks in
place (-fno-delete-null-pointer-checks).
Another C/C++ compiler flag enabled by this commit is to check for
potential format string vulnerabilities (-Werror=format-security).
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
MFC-to: 15-STABLE
MFC-to: 14-STABLE
diff3: Use logical-not, not bitwise for booleans
And compare impcompat != 0 as it's actually an integer incremented on
each use of one of the AeExX3 options.
Reviewed by: fuz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53808
conf: Mark vchiq as depending on fdt
Fix an ACPI only kernel by only building the vchiq files when FDT is
enabled.
Fixes: 745c4aa5e8f0 ("Make BRCM2837 port conform FreeBSD/ARM64 guidelines")
Sponsored by: Arm Ltd
arm64: Move intr_pic_init_secondary earlier
This may have been called after intr_irq_shuffle. For most interrupt
controllers this appears to be safe, however for the GICv5 we need to
read a per-CPU ID register before we can assign interrupts to a given
CPU.
Fix the race by moving intr_pic_init_secondary earlier in the boot,
after devices have been enumerated and before the interrupts are moved
to their assigned CPUs.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53685
arm64: Switch to gic_get_support_lpis in gicv3_its
The old gicv3_get_support_lpis will be removed.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53664
arm64: Remove gicv3_get_support_lpis
It's no longer used after moving to gic_get_support_lpis.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53665
arm/gic: Make GICV3_IVAR_SUPPORT_LPIS generic
GICv5 will need this too, so move to the GIC_IVAR namespace.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53663
arm: Handle GIC_IVAR_VGIC in the gic driver
We don't have a GICv2 vgic so can just return 0.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53662
arm64: Add non-PCI MSI support
Add the arm64 parts to support for non-PCI MSI and MSI-X interrupts.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53331
dev/fdt: Add support for non-PCI MSI interrupts
Some non-PCI devices can send interrupts, e.g. the Arm SMMU or GICv5
Interrupt Wire Bridge. Add support for these by implementing pci_get_id
and pci_alloc_msi and the MSI/MSI-X parts of the PCIB interface.
Only the MSI parts of the PCI interface are added as that is all I am
able to test.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53330
dev/ofw: Teach ofw_cpu to find the pcpu on arm64
Use the midr value to ensure we find the correct PCPU pointer on arm64.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D53327
kevent: Hold the knlist mutex when invoking f_event(NOTE_FORK)
In general f_event is supposed to be called with the knlist mutex held,
so lock it earlier to follow this protocol. Also make sure that the
update to kn_fflags is synchronized.
Lock the kqueue itself earlier in the case where the knote is activated,
to avoid locking and unlocking the kqueue twice.
PR: 291005
Reported by: Qiu-ji Chen <chenqiuji666 at gmail.com>
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53762
rc.subr: Remove misguided cpuset usage
When running an rc command, if the target rc script defines
<command>_cmd, e.g., start_cmd=..., then the run_rc_command() executes
that instead of $command. In general it's a shell function, and
"cpuset -l <n> <shell function>" doesn't work.
Moreover, it doesn't really make sense to run cpuset for anything other
than start_cmd.
Other optional isolation mechanisms (e.g., <name>_fib,
<name>_chroot) are only used when invoking $command directly as part of
the "start" command. Make <name>_cpuset consistent with everything else
by removing these extraneous cpuset invocations.
Reviewed by: 0mp
MFC after: 2 weeks
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D53746
