From 2c7c7e7056c013722aab8f2972f87904c9605b1a Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Sat, 3 Aug 2019 15:22:22 +0000
Subject: In the bootblocks, after discovering and opening /bsd.upgrade, fchmod
 -x so the file cannot be re-executed upon the next boot.  This provides a
 stronger one-shot-upgrade model than the upgrade script's rm /bsd.upgrade.
 Now various forms of upgrade failure will reboot into /bsd, which is probably
 more recoverable.  Performing fchmod -x depends on (1) use of MI boot.c (not
 alpha/macppc/sparc64/sgi/octeon) and (2) "can write blocks" functionality in
 the IO layer.  Most architectures have this support now.

Two diagnostics "fchmod a-x %s: failed" and "/bsd.upgrade is not u+x" will
remain in the tree while refinements happen for some of the laggard
architectures.

based upon a discussion florian
tested in snapshots for more than a week without any complaints
---
 sys/arch/i386/stand/boot/Makefile    | 6 +++---
 sys/arch/i386/stand/boot/conf.c      | 4 ++--
 sys/arch/i386/stand/cdboot/Makefile  | 6 +++---
 sys/arch/i386/stand/cdboot/conf.c    | 4 ++--
 sys/arch/i386/stand/pxeboot/Makefile | 6 +++---
 sys/arch/i386/stand/pxeboot/conf.c   | 4 ++--
 6 files changed, 15 insertions(+), 15 deletions(-)

(limited to 'sys/arch/i386/stand')

diff --git a/sys/arch/i386/stand/boot/Makefile b/sys/arch/i386/stand/boot/Makefile
index f087b3ee62e..4b7f7ab71c2 100644
--- a/sys/arch/i386/stand/boot/Makefile
+++ b/sys/arch/i386/stand/boot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.68 2019/04/20 22:59:03 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.69 2019/08/03 15:22:20 deraadt Exp $
 
 COPTS?=
 MAN?=	boot.8
@@ -39,8 +39,8 @@ SRCS+=	softraid_i386.c
 SRCS+=	alloc.c ctime.c exit.c getchar.c memcmp.c memcpy.c memmove.c memset.c printf.c \
 	putchar.c snprintf.c strcmp.c strerror.c strlen.c strncmp.c strncpy.c \
 	strtol.c strtoll.c
-SRCS+=	close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fstat.c \
-	lseek.c open.c read.c readdir.c stat.c
+SRCS+=	close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fchmod.c \
+	fstat.c lseek.c open.c read.c readdir.c stat.c
 SRCS+=	elf32.c elf64.c loadfile.c
 SRCS+=	ufs.c
 .if ${SOFTRAID:L} == "yes"
diff --git a/sys/arch/i386/stand/boot/conf.c b/sys/arch/i386/stand/boot/conf.c
index 0e6cccc3741..37a8f006347 100644
--- a/sys/arch/i386/stand/boot/conf.c
+++ b/sys/arch/i386/stand/boot/conf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.c,v 1.69 2019/06/08 02:52:20 jsg Exp $	*/
+/*	$OpenBSD: conf.c,v 1.70 2019/08/03 15:22:20 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1996 Michael Shalayeff
@@ -65,7 +65,7 @@ int nibprobes = nitems(probe_list);
 
 struct fs_ops file_system[] = {
 	{ ufs_open,    ufs_close,    ufs_read,    ufs_write,    ufs_seek,
-	  ufs_stat,    ufs_readdir    },
+	  ufs_stat,    ufs_readdir,  ufs_fchmod },
 #ifdef notdef
 	{ fat_open,    fat_close,    fat_read,    fat_write,    fat_seek,
 	  fat_stat,    fat_readdir    },
diff --git a/sys/arch/i386/stand/cdboot/Makefile b/sys/arch/i386/stand/cdboot/Makefile
index fe157e400bd..064803c8d95 100644
--- a/sys/arch/i386/stand/cdboot/Makefile
+++ b/sys/arch/i386/stand/cdboot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.32 2019/04/20 22:59:03 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.33 2019/08/03 15:22:21 deraadt Exp $
 
 MAN=	cdboot.8
 
@@ -30,8 +30,8 @@ SRCS+=	bootarg.c cmd.c vars.c
 SRCS+=	alloc.c ctime.c exit.c getchar.c memcmp.c memcpy.c memmove.c memset.c printf.c \
 	putchar.c snprintf.c strcmp.c strerror.c strlen.c strncmp.c strncpy.c \
 	strtol.c strtoll.c
-SRCS+=	close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fstat.c \
-	lseek.c open.c read.c readdir.c stat.c
+SRCS+=	close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fchmod.c \
+	fstat.c lseek.c open.c read.c readdir.c stat.c
 SRCS+=	elf32.c elf64.c loadfile.c
 SRCS+=	cd9660.c ufs.c
 SRCS+=	aes_xts.c bcrypt_pbkdf.c blowfish.c explicit_bzero.c hmac_sha1.c \
diff --git a/sys/arch/i386/stand/cdboot/conf.c b/sys/arch/i386/stand/cdboot/conf.c
index 85bc425a4a8..3d797291a4c 100644
--- a/sys/arch/i386/stand/cdboot/conf.c
+++ b/sys/arch/i386/stand/cdboot/conf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.c,v 1.36 2019/04/10 04:19:32 deraadt Exp $	*/
+/*	$OpenBSD: conf.c,v 1.37 2019/08/03 15:22:21 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2004 Tom Cosgrove
@@ -64,7 +64,7 @@ int nibprobes = nitems(probe_list);
 
 struct fs_ops file_system[] = {
 	{ ufs_open,    ufs_close,    ufs_read,    ufs_write,    ufs_seek,
-	  ufs_stat,    ufs_readdir    },
+	  ufs_stat,    ufs_readdir,  ufs_fchmod },
 	{ cd9660_open, cd9660_close, cd9660_read, cd9660_write, cd9660_seek,
 	  cd9660_stat, cd9660_readdir },
 #ifdef notdef
diff --git a/sys/arch/i386/stand/pxeboot/Makefile b/sys/arch/i386/stand/pxeboot/Makefile
index 5c678a92da7..926e2b2cf2c 100644
--- a/sys/arch/i386/stand/pxeboot/Makefile
+++ b/sys/arch/i386/stand/pxeboot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.29 2019/04/20 22:59:03 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.30 2019/08/03 15:22:21 deraadt Exp $
 
 MAN=	pxeboot.8
 
@@ -31,8 +31,8 @@ SRCS+=	boot.c cmd.c vars.c bootarg.c
 SRCS+=	alloc.c ctime.c exit.c getchar.c globals.c memcmp.c memmove.c memcpy.c memset.c \
 	printf.c putchar.c snprintf.c strcmp.c strerror.c strlen.c strncmp.c \
 	strncpy.c strtol.c strtoll.c
-SRCS+=	close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fstat.c \
-	lseek.c read.c readdir.c stat.c
+SRCS+=	close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fchmod.c \
+	fstat.c lseek.c read.c readdir.c stat.c
 SRCS+=	elf32.c elf64.c loadfile.c
 SRCS+=	nfs.c ufs.c tftp.c
 SRCS+=	bootp.c ether.c net.c netif.c rpc.c
diff --git a/sys/arch/i386/stand/pxeboot/conf.c b/sys/arch/i386/stand/pxeboot/conf.c
index 1a2b06afc6d..420f499f332 100644
--- a/sys/arch/i386/stand/pxeboot/conf.c
+++ b/sys/arch/i386/stand/pxeboot/conf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: conf.c,v 1.41 2019/04/10 04:19:32 deraadt Exp $	*/
+/*	$OpenBSD: conf.c,v 1.42 2019/08/03 15:22:21 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2004 Tom Cosgrove
@@ -77,7 +77,7 @@ int nfsname = nitems(fs_name);
 
 struct fs_ops file_system[] = {
 	{ ufs_open,    ufs_close,    ufs_read,    ufs_write,    ufs_seek,
-	  ufs_stat,    ufs_readdir    },
+	  ufs_stat,    ufs_readdir,  ufs_fchmod },
 	{ tftp_open,   tftp_close,   tftp_read,   tftp_write,   tftp_seek,
 	  tftp_stat,   tftp_readdir   },
 	{ nfs_open,    nfs_close,    nfs_read,    nfs_write,    nfs_seek,
-- 
cgit v1.2.3