Commit Graph

3933 Commits

Author SHA1 Message Date
Kyle Evans 05427f4639 secure: hook up libecc as libpkgecc
libecc is not intended to be general use, other applications should
really be using openssl.  pkg(7) uses libecc to align with the pkg(8)
project and its goals.  This will be used in the upcoming support for
ECC in pkg(7).

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D48117
2025-01-01 15:11:22 -06:00
Kyle Evans f59bb61e1e lib: hook libder up to the build
libder will be used in upcoming ECC support in the pkg(7) bootstrap to
read DER-encoded keys and signatures.

Differential Revision:	https://reviews.freebsd.org/D48116
2025-01-01 15:11:06 -06:00
John Baldwin 365b89e8ea nvmf: Switch several ioctls to using nvlists
For requests that handoff queues from userspace to the kernel as well
as the request to fetch reconnect parameters from the kernel, switch
from using flat structures to nvlists.  In particular, this will
permit adding support for additional transports in the future without
breaking the ABI of the structures.

Note that this is an ABI break for the ioctls used by nvmf(4) and
nvmft(4).  Since this is only present in main I did not bother
implementing compatability shims.

Inspired by:	imp (suggestion on a different review)
Reviewed by:	imp
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D48230
2024-12-30 13:52:21 -05:00
Minsoo Choo c6e56e6500 bsd.lib.mk: Capitalize "Building" for libraries
This is consistent with the case we use when building object files.

Reviewed by:	emaste
Pull request:	https://github.com/freebsd/freebsd-src/pull/1542
2024-12-08 11:17:01 -05:00
Stefan Eßer 8ea6c11540 usr.bin/bc: remove OpenBSD derived bc and dc commands
In 2020, an improved implementation of the bc and dc commands
developed by Gavin D. Howard has been imported into FreeBSD.
It has replaced the OpenBSD-derived versions of these commands
in all currently supported FreeBSD releases.

The OpenBSD versions could still be built using the WITHOUT_GH_BC
option. There have been no reports of problems or unexpected
deviations from the OpenBSD version for some time, therefore
keeping the OpenBSD version is no longer required in FreeBSD.

This commit removes the option to build the OpenBSD version and
corresponding source files from -CURRENT. No MFC is planned, all
currently released FreeBSD versions should retain the build option.

The WITHOUT_GH_BC option is no longer accepted and will cause
make buildworld to fail.

Reviewed by:	des, emaste
Approved by:	des
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D46876
2024-11-24 22:38:23 +01:00
Ed Maste 3750ccefb8 Retire MK_PROFILE infrastructure
It was disabled by default in fe52b7f60e.  We planned to (but did not)
remove the option before FreeBSD 14.  Remove it now, for FreeBSD 15.

Relnotes:	Yes
Reviewed by:	imp
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31558
2024-11-12 12:11:51 -05:00
Robert Clausecker cb5e41b160 lib/libcrypt: unbundle hash functions
libcrypt bundles the various hash functions it needs,
duplicating code that is also found in libmd.
Unbundle the hash functions and apply the same hack used
for libncursesw so static consumers link -lmd in addition
to -lcrypt.

Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D47062
2024-10-25 16:02:38 +02:00
Warner Losh 23dee252da loader: Change this BIOS tradeoff: Add back zip and use text only
After talking with a number of people about the removal of some things
to make the loader fit, readjust things a little.

Add back GZIP and BZIP2 compression support. Many of the downstream MFC
packaging systems depend on this. This adds back 20k to the size of the
loader.

Make the boot loader text-only by default. This saves 40k in size. Net,
we're 20k smaller. The graphics loader for BIOS is less useful than the
zip functionality: You can still boot w/a text only one it and you can
build a custom one if you really want it. It's also the default we use
for dual console.

This should be merged back into stable/14 and stable/13 so it's in the
next release for each of these. That way we have only one release (13.4)
with the other defaults.

MFC After:		3 days
Sponsored by:		Netflix
Reviewed by:		olce, rgrimes, emaste
Differential Revision:	https://reviews.freebsd.org/D47203
2024-10-24 20:26:25 -06:00
Dimitry Andric a3a88aa132 Fix buildworld with gcc 13 after llvm-19 import
It turns out the new libc++ 19 headers result in a -Werror warning from
gcc 13:

  In file included from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/shared_ptr.h:31:
  /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/uninitialized_algorithms.h: In instantiation of 'constexpr void std::__1::__uninitialized_allocator_relocate(_Alloc&, _Tp*, _Tp*, _Tp*) [with _Alloc = allocator<basic_string<char> >; _Tp = basic_string<char>]':
  /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/vector:1052:42:   required from 'void std::__1::vector<_Tp, _Alloc>::__swap_out_circular_buffer(std::__1::__split_buffer<_Tp, _Allocator&>&) [with _Tp = std::__1::basic_string<char>; _Allocator = std::__1::allocator<std::__1::basic_string<char> >]'
  /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/vector:1469:31:   required from 'void std::__1::vector<_Tp, _Alloc>::reserve(size_type) [with _Tp = std::__1::basic_string<char>; _Allocator = std::__1::allocator<std::__1::basic_string<char> >; size_type = long unsigned int]'
  /usr/src/freebsd/src/contrib/googletest/googletest/src/gtest.cc:795:27:   required from here
  /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/uninitialized_algorithms.h:645:21: error: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' writing to an object of type 'std::__1::__remove_const_t<std::__1::basic_string<char> >' {aka 'class std::__1::basic_string<char>'} with no trivial copy-assignment; use copy-assignment or copy-initialization instead o[-Werror=class-memaccess]
    645 |     __builtin_memcpy(const_cast<__remove_const_t<_Tp>*>(__result), __first, sizeof(_Tp) * (__last - __first));
        |     ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  In file included from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__system_error/error_category.h:15,
                   from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__system_error/error_code.h:18,
                   from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__ostream/basic_ostream.h:16:
  /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/string:752:7: note: 'std::__1::__remove_const_t<std::__1::basic_string<char> >' {aka 'class std::__1::basic_string<char>'} declared here
    752 | class basic_string {
        |       ^~~~~~~~~~~~

Since this is all benign, turn off errors for -Wclass-memaccess.

PR:		280562
MFC after:	3 days
2024-10-25 00:09:33 +02:00
Dimitry Andric d575077527 bsd.sys.mk: for clang >= 19, similar to gcc >= 8.1, turn off -Werror for
-Wcast-function-type-mismatch.

PR:		280562
MFC after:	1 month
2024-10-23 20:26:34 +02:00
Kyle Evans 44f736c385 mk: add PLAIN_TESTS_PORCH support
porch(1), available via sysutils/porch, is an expect(1)-like program
that uses lua instead of tcl for scripting.  Imminent use will be to
execute tests of tty canonicalization to ensure we don't regress some of
the corner cases we've fixed, but tests for other interactive programs
are being considered as well.

PLAIN_TESTS_PORCH is being introduced primarily to get the metadata
right without writing it out for every single test; required_programs
ensures that we skip the tests if the port is not installed.

Reviewed by:	0mp (previous version), ngie
Differential Revision:	https://reviews.freebsd.org/D46805
2024-10-20 20:32:31 -05:00
Ka Ho Ng 968bcca262 libkldelf: add a private library for kernel/kld-related ELF parsing
The libkldelf library was originally a part of kldxref(8). It exposed
ELF parsing helpers specialized in parsing KLDs and the kernel
executable. The library can be used to read metadata such as linker_set,
mod_depend, mod_version and PNP match info, and raw data from the ELF.

To promote the reuse of the facilities the ELF parsing code is separated
from kldxref(8) into a new private library.

For now, libkldelf's source files will be compiled into kldxref(8)
directly if kldxref is built during bootstrapping phase. The reason is
linking kldxref(8) against the libkldelf static library has an unwanted
side effect which renders the linker sets inside the libkldelf
implementation empty if the static library is not build by ld -r all the
.o files into a single .o before producing the static library.

Sponsored by:	Juniper Networks, Inc.
Reviewed by:	markj
Suggested by:	jrtc27, markj
Differential Revision:	https://reviews.freebsd.org/D46719
2024-10-18 20:20:13 +00:00
Simon J. Gerraty c5c0e79bb0 Add local.meta.stage.mk
We need to undo NO_OBJ if we are staging
as it causes us to drop the stage* target cookies in src tree
which is bad, and may break doing the same targets for multiple
architectures.

Reviewed by:	stevek
2024-10-16 09:26:29 -07:00
Simon J. Gerraty ec7e7ee868 local.dirdeps-targets.mk include src.opts.mk
Include src.opts.mk to ensure we have options defined for when
assessing dirdeps-options.

Reviewed by:	stevek
2024-10-14 11:34:55 -07:00
Simon J. Gerraty 6b135dd607 local.gendirdeps.mk skip awk and xinstall for host
Do not record DIRDEPS for awk.host or xinstall.host
if we ever need them they can be dealt with specially.

Reviewed by: stevek
2024-10-14 11:34:55 -07:00
Simon J. Gerraty 498dac0ace Update dirdeps.mk for better debug output
Latest dirdeps.mk provides better clue as to which makefile
is being read for a given DIRDEP.

Reviewed by: stevek
2024-10-14 10:30:39 -07:00
Isaac Freund d5e9faf1f3 mk: honor TAGS for FILES in default group
Currently the lib32 crt files (/usr/lib32/Scrt1.o etc.) are placed in
the clibs-dev package rather than the clibs-dev-lib32 package.

The /usr/lib32/dtrace/drti.o file is similarly placed in the dtrace
package rather than the dtrace-lib32 package.

Splitting shared libraries in /usr/lib32 into a -lib32 package is
handled in bsd.lib.mk by adding "lib32" to TAGS. However bsd.files.mk
ignores TAGS and only honors ${group}TAGS since 144c442.

This patch changes the behavior of bsd.files.mk to honor TAGS if the
default FILES group is used. This matches the handling of PACKAGE, which
is also ignored unless the default FILES group is used.

With this patch, both the clibs and dtrace package are split correctly.

PR:		249145
Reviewed by:	bapt
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46991
2024-10-09 12:03:26 -04:00
Ka Ho Ng 50c64df2a1 Revert "libkldelf: add a private library for kernel/kld-related ELF parsing"
This reverts commit 0a2cfd653e.
2024-10-08 19:40:20 +00:00
Ka Ho Ng 0a2cfd653e libkldelf: add a private library for kernel/kld-related ELF parsing
The libkldelf library was originally a part of kldxref(8). It exposed
ELF parsing helpers specialized in parsing KLDs and the kernel
executable. The library can be used to read metadata such as linker_set,
mod_depend, mod_version and PNP match info, and raw data from the ELF.

To promote the reuse of the facilities the ELF parsing code is separated
from kldxref(8) into a new private library.

kldxref(8) is modified to link against the libkldelf library.

Sponsored by:	Juniper Networks, Inc.
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D46719
2024-10-08 04:24:07 +00:00
Konstantin Belousov eade2001aa jemalloc: set LG_VADDR to 64 on amd64
and allow to revert it back to 48 with WITHOUT_JEMALLOC_LG_VADDR_WIDE build
option.

Reviewed by:	andrew, emaste
Sponsored by:	Advanced Micro Devices (AMD)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D46686
2024-09-27 01:54:25 +03:00
Ahmad Khalifa fe3f792f9a Add build option for the ia32 loader
In preparation for supporting 64-bit machines with 32-bit UEFI firmware,
add a build option for compiling the ia32 loader. Currently unused.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
2024-09-20 08:45:05 -06:00
Mark Johnston 24affded3d src.conf: Add a MK_ZFS_TESTS knob
The in-tree ZFS test suite is somewhat outdated and I see a number of
failures there.  I tend to think that we want to integrate the OpenZFS
test suite somehow, replacing the legacy one, though it's also possible
to run that as a separate test suite.

In any case, if one wants to run the OpenZFS test suite separately, it's
useful to be able to disable installation of the legacy ZFS test suite,
so let's provide a src.conf option to do that.

Reviewed by:	asomers
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D46476
2024-09-07 14:36:28 +00:00
Jose Luis Duran 973bbdab47 mk: Add a BTI-report linker feature
Add support for specifying how to report the missing Branch Target
Identification (BTI) linker feature on AArch64.

For:

Kernel:    bti-report on when the linker supports it
Userspace: bti-report on when the linker supports it and
           BTI_REPORT_ERROR is defined

Fixes:	43e8849bc2 ("conf: Enable BTI checking in the arm64 kernel")
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1393
2024-08-30 16:03:17 +00:00
Ed Maste aa0bc761d2 bsd.symver.mk: pass $CFLAGS to $CPP invocation
This allows us to support symbols optionally available based on
configuration, not just on compiler built-in #defines.

Reviewed by:	brooks, jrtc27
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45346
2024-08-20 21:17:52 -04:00
Warner Losh 20d35d5817 loader: Add WITH/WITHOUT_LOADER_PXEBOOT build option
Make it possible to disable pxeboot. This loader will fail to build when
it's too large. When /boot/loader needs to be larger like that, this
options will disable a component whose build will fail. It is an explicit
option rather than implicit when things are too large to force the user to
make the explicit tradeoffs rather than wonder why they have a stale pxeboot
or other odd failure mode.

MFC After:		3 days
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D46212
2024-08-06 17:22:36 -06:00
Simon J. Gerraty a2b67d4a6e Update dirdeps.mk to latest
Also add meta2deps.{py,sh} to FILES so they get installed/staged

Reviewed by: stevek
2024-07-29 12:48:56 -07:00
Ed Maste ba373fca78 Do not clean (in buildworld/buildkernel) by default
As discussed on the freebsd-arch mailing list[1].  For historical
reasons FreeBSD's buildworld and buildkernel targets started by cleaning
the object tree, for traditional (non-metamode) builds.

Cleaning is not necessary when dependencies are properly tracked, and we
have a somewhat kludgey script[2] to handle some known cases where deps
were mishandled by traditional builds.  Be consistent with the vast
majority of open source build systems by default, and do not clean at
the beginning of buildworld or buildkernel.

Users may set WITH_CLEAN in src.conf(5) to restore the previous
behaviour, or run `make cleanworld` and/or `make cleankernel` before
starting a build.

[1] https://lists.freebsd.org/archives/freebsd-arch/2024-July/000727.html
[2] tools/build/depend-cleanup.sh

Reviewed by:	jhb, imp
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46172
2024-07-29 13:16:52 -04:00
Cy Schubert a90b9d0159 wpa: Import 2.11
Following is a changelog of new features and fixes to wpa:

hostapd:
* Wi-Fi Easy Connect
  - add support for DPP release 3
  - allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
  - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
  - add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
  drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
  - use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
  to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
  - this is based on additional details being added in the IEEE 802.11
    standard
  - the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
  (a mitigation for CVE-2023-52424; disabled by default for now, can be
  enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions

wpa_supplicant:
* Wi-Fi Easy Connect
  - add support for DPP release 3
  - allow Configurator parameters to be provided during config exchange
* MACsec
  - add support for GCM-AES-256 cipher suite
  - remove incorrect EAP Session-Id length constraint
  - add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
  - support BSS color updates
  - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
  - add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
  - discard unencrypted EAPOL frames in additional cases
  - use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
  to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
  - extend support for secure ranging
  - allow PASN implementation to be used with external programs for
    Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
  - this is based on additional details being added in the IEEE 802.11
    standard
  - the new implementation is not backwards compatible, but PMKSA
    caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
  for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
  to improve security for still unfortunately common invalid
  configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
  (a mitigation for CVE-2023-52424; disabled by default for now, can be
  enabled with ssid_protection=1)
  - in addition, verify SSID after key setup when beacon protection is
    used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions

MFC after:	2 months

Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5'
2024-07-23 12:49:40 -07:00
Warner Losh e9ac41698b Remove residual blank line at start of Makefile
This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
2024-07-15 16:43:39 -06:00
Andrew Turner 06999c8a3a share/mk: Remove armv6 support
It is being removed from the tree. Remove the build infrastructure to
configure armv6 builds.

Reviewed by:	manu, imp, emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D45643
2024-07-12 11:31:54 +00:00
Colin Percival 19597c0233 Fix typo in previous commit
I fixed this when I tested the patch, but apparently forgot to commit
the typo fix into my local git tree.  ".ORDER" -> ".ORDER:".

MFC after:	5 minutes
Fixes:	187d696a0a "bsd.progs.mk: Create directories first"
Sponsored by:	Amazon
2024-07-10 08:08:20 -07:00
Colin Percival 187d696a0a bsd.progs.mk: Create directories first
Order installdirs before the $p.install targets; this is necessary
when a user of <bsd.progs.mk> also creates the directory into which
the binaries are installed.

In particular, without this patch running `make installworld -jN` can
break when installing tests since the /usr/tests/foo/bar directories
are created during installworld; this has been causing the stable/14
weekly snapshot builds to intermittently fail for months.

MFC after:	5 minutes
Sponsored by:	Amazon
Differential Revision:	https://reviews.freebsd.org/D45923
2024-07-10 07:47:18 -07:00
Andrew Turner e726eed75d share/mk: Remove pre-armv7 example architectures
These are already removed from the tree, or are in the process of being
removed.

Reviewed by:	manu, imp, emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D45638
2024-06-20 09:26:14 +00:00
Jessica Clarke 3cc91b7751 Revert "src.sys.obj.mk: Export OBJTOP"
Unfortunately this results in make universe's environment, i.e.
corresponding to the host, being used for every one of its sub-makes, so
they're in the wrong place and trample over each other.

This reverts commit 2b7c1402f9.
2024-06-03 00:33:52 +01:00
Simon J. Gerraty 2b7c1402f9 src.sys.obj.mk: Export OBJTOP
If we had to set OBJTOP we want to .export it (if .MAKE.LEVEL > 0)
for the benefit of things like x!= ${.MAKE} -r ... and similar.

Without OBJTOP, the default MAKEOBJDIR setting will result in
attempting to use an objdir like /lib or /bin etc in some cases.

This patch is based on D30990
with the addition of the check for level > 0.

Reviewed by: jrtc27
Differential Revision:        <https://reviews.freebsd.org/D30990>
2024-05-28 11:51:31 -07:00
Andrew Turner 82854693ae arm64: Allow userspace to be built with PAC and BTI
Add the WITH/WITHOUT_BRANCH_PROTECTION build flags. This can be used
to enable the use of pointer authentication (FEAT_PAuth) and branch
target identification (FEAT_BTI) in userspace.

The kernel already handles both of these is userspace, we just need
to enable it.

Leave disabled for a short period for this to settle before enabling.

Reviewed by:	emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D42596
2024-05-22 17:02:26 +00:00
Brooks Davis 6edb14c006 Make WITHOUT_UNDEFINED_VERSION the default
Link with --no-undefined-version by default.  Will detect and prevent
the accidental removal of symbols from versioned libraries.

(cherry picked from commit 4510f2ca91)
This reverts commit b25ceb97ed.

Reviewed by:	arichardson, kib, dim, emaste
Differential Revision:	https://reviews.freebsd.org/D44216
2024-05-20 15:40:19 +01:00
Brooks Davis 16d8dfde0c aarch64: disable LIB32 with gcc
gcc doesn't have -m32 support on aarch64 so mark LIB32 broken there.

We have to check both COMPILER_TYPE and X_COMPILER_TYPE becuase
X_COMPILER_TYPE is only conditionally set and COMPILER_TYPE is the host
compiler in Makefile.inc1.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D45089
2024-05-17 17:01:18 +01:00
Kyle Evans 9bfd3b4076 Add a build knob for _FORTIFY_SOURCE
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0.  For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.

include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.

Reviewed by:	des, markj
Relnotes:	yes
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D32308
2024-05-13 00:23:50 -05:00
John Baldwin 2da066ef6d libnvmf: Add internal library to support NVMe over Fabrics
libnvmf provides APIs for transmitting and receiving Command and
Response capsules along with data associated with NVMe commands.
Capsules are represented by 'struct nvmf_capsule' objects.

Capsules are transmitted and received on queue pairs represented by
'struct nvmf_qpair' objects.

Queue pairs belong to an association represented by a 'struct
nvmf_association' object.

libnvmf provides additional helper APIs to assist with constructing
command capsules for a host, response capsules for a controller,
connecting queue pairs to a remote controller and optionally
offloading connected queues to an in-kernel host, accepting queue pair
connections from remote hosts and optionally offloading connected
queues to an in-kernel controller, constructing controller data
structures for local controllers, etc.

libnvmf also includes an internal transport abstraction as well as an
implementation of a userspace TCP transport.

libnvmf is primarily intended for ease of use and low-traffic use cases
such as establishing connections that are handed off to the kernel.
As such, it uses a simple API built on blocking I/O.

For a host, a consumer first populates an 'struct
nvmf_association_params' with a set of parameters shared by all queue
pairs for a single association such as whether or not to use SQ flow
control and header and data digests and creates a 'struct
nvmf_association' object.  The consumer is responsible for
establishing a TCP socket for each queue pair.  This socket is
included in the 'struct nvmf_qpair_params' passed to 'nvmf_connect' to
complete transport-specific negotiation, send a Fabrics Connect
command, and wait for the Connect reply. Upon success, a new 'struct
nvmf_qpair' object is returned.  This queue pair can then be used to
send and receive capsules.  A command capsule is allocated, populated
with an SQE and optional data buffer, and transmitted via
nvmf_host_transmit_command.  The consumer can then wait for a reply
via nvmf_host_wait_for_response.  The library also provides some
wrapper functions such as nvmf_read_property and nvmf_write_property
which send a command and wait for a response synchronously.

For a controller, a consumer uses a single association for a set of
incoming connections.  A consumer can choose to use multiple
associations (e.g. a separate association for connections to a
discovery controller listening on a different port than I/O
controllers).  The consumer is responsible for accepting TCP sockets
directly, but once a socket has been accepted it is passed to
nvmf_accept to perform transport-specific negotiation and wait for the
Connect command.  Similar to nvmf_connect, nvmf_accept returns a newly
construct nvmf_qpair.  However, in contrast to nvmf_connect,
nvmf_accept does not complete the Fabrics negotiation.  The consumer
must explicitly send a response capsule before waiting for additional
command capsules to arrive.  In particular, in the kernel offload
case, the Connect command and data are provided to the kernel
controller and the Connect response capsule is sent by the kernel once
it is ready to handle the new queue pair.

For userspace controller command handling, the consumer uses
nvmf_controller_receive_capsule to wait for a command capsule.
nvmf_receive_controller_data is used to retrieve any data from a
command (e.g. the data for a WRITE command).  It can be called
multiple times to split the data transfer into smaller sizes.
nvmf_send_controller_data is used to send data to a remote host in
response to a command.  It also sends a response capsule indicating
success, or an error if an internal error occurs.  nvmf_send_response
is used to send a response without associated data.  There are also
several convenience wrappers such as nvmf_send_success and
nvmf_send_generic_error.

Reviewed by:	imp
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D44710
2024-05-02 16:28:16 -07:00
Brooks Davis b25ceb97ed Revert "Make WITHOUT_UNDEFINED_VERSION the default"
This is causing failures on gcc13 CI builds so those need to be fixed
or worked around.

This reverts commit 4510f2ca91.
2024-05-02 22:55:08 +01:00
Brooks Davis 4510f2ca91 Make WITHOUT_UNDEFINED_VERSION the default
Link with --no-undefined-version by default.  Will detect and prevent
the accidental removal of symbols from versioned libraries.

Reviewed by:	arichardson, kib, dim, emaste
Differential Revision:	https://reviews.freebsd.org/D44216
2024-05-02 18:13:39 +01:00
Brooks Davis 68cbb072fd Revert "config.mk: Add MK_VIMAGE knob"
This commit broke "make makeman" checks in github CI due to a lack of
option description files.  The split between VIMAGE and VIMAGE_SUPPORT
is not clearly justified and the code is broken because there is no
opt_vimage.h (it's in opt_global.h).

This reverts commit 22ca6db50f.
2024-04-25 22:43:36 +01:00
Simon J. Gerraty 0135101e23 meta.autodep.mk do not override start_utc
Update meta.autodep.mk
If included at level 0 it is important not to override start_utc
2024-04-24 12:25:42 -07:00
John Baldwin ee3187f6fa Remove the MK_NVME build option
The drivers and utilities are now built and installed unconditionally.

Reviewed by:	imp, emaste
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D44843
2024-04-23 11:47:44 -07:00
Ed Maste 91d35fb663 Remove WITHOUT_CAPSICUM build support
Capsicum is non-optional as of c24c117b96 ("Remove
WITHOUT_{CAPSICUM,CASPER} options").

`#ifndef WITHOUT_CAPSICUM` is left in the source for the benefit of
downstream consumers, but is never defined in FreeBSD.

Reviewed by:	oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D42077
2024-04-23 08:26:28 -04:00
Enji Cooper b571bcea54 bsd.subdir.mk: improve SUBDIR.${MK_FOO} advice
- Remove superfluous whitespace by removing trailing whitespace
  before `\` (line continuation character)
- Quote `SUBDIR.` to clarify the fact that this is a variable
  reference--not the end of a sentence.
2024-04-21 09:30:09 -07:00
Simon J. Gerraty f697b9d03d Update sys.dirdeps.mk set default DEP_*
Even at level 0 it is handy to default DEP_*
used by Makefile.depend* to aid the first include if
in a leaf dir.

Reviewed by: stevek
2024-04-18 14:07:24 -07:00
Dimitry Andric 2fd73b7126 share/mk/bsd.cpu.mk: add F16C feature for i386 and amd64 architectures
As discussed in bug 278417, some ports require the F16C instruction set
to compile, but there is no way yet to detect whether the currently
chosen CPUTYPE supports this feature.

Add the feature to the MACHINE_CPU variable, for each processor that
supports it. The list of processors was extracted from clang 18's -dM
output, filtered on the __F16C__ define.

PR:		278417
Reviewed by:	brooks, emaste
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D44848
2024-04-18 20:42:21 +02:00
Warner Losh 2fda3ab0ac WITH_NVME: Remove from broken.
NVME works everywhere, so we can eliminate this. We may remove the
option altogether.

Sponsored by:		Netflix
Discussed with:		ken, jhb
2024-04-16 21:30:19 -06:00