Re: git: 8a62a2a5659d - main - zfs: merge openzfs/zfs@f8e5af53e

Reply: Charlie Li : "Re: git: 8a62a2a5659d - main - zfs: merge openzfs/zfs@f8e5af53e"
In reply to: Shawn Webb : "Re: git: 8a62a2a5659d - main - zfs: merge openzfs/zfs@f8e5af53e"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Thu, 19 Mar 2026 14:57:46 UTC

On Tue, Mar 17, 2026 at 04:52:16PM +0000, Shawn Webb wrote:
> On Tue, Mar 17, 2026 at 10:44:59AM -0600, Warner Losh wrote:
> > On Tue, Mar 17, 2026 at 10:36 AM Shawn Webb <shawn.webb@hardenedbsd.org>
> > wrote:
> > 
> > > Hey Martin,
> > >
> > > On Sat, Mar 14, 2026 at 01:26:23PM +0000, Martin Matuska wrote:
> > > > The branch main has been updated by mm:
> > > >
> > > > URL:
> > > https://cgit.FreeBSD.org/src/commit/?id=8a62a2a5659d1839d8799b4274c04469d7f17c78
> > > >
> > > > commit 8a62a2a5659d1839d8799b4274c04469d7f17c78
> > > > Merge: f91464171d61 f8e5af53e92f
> > > > Author:     Martin Matuska <mm@FreeBSD.org>
> > > > AuthorDate: 2026-03-14 12:14:56 +0000
> > > > Commit:     Martin Matuska <mm@FreeBSD.org>
> > > > CommitDate: 2026-03-14 12:14:56 +0000
> > > >
> > > > [snip for brevity]
> > > >
> > > >     Obtained from:  OpenZFS
> > > >     OpenZFS commit: f8e5af53e92fa7c03393fbd4922cb9c1d0c15920
> > >
> > > This commit seems to cause issues when building boot loader related
> > > code:
> > >
> > > ==== BEGIN LOG ====
> > > 114232 bytes available
> > > btxld -v -f aout -e 0x200000 -o loader_simp -l
> > > /usr/obj/usr/src/amd64.amd64/stand/i386/btx/btxldr/btxldr  -b
> > > /usr/obj/usr/src/amd64.amd64/stand/i386/btx/btx/btx loader_simp.bin
> > > kernel: ver=1.02 size=690 load=9000 entry=9010 map=16M pgctl=0:58
> > > client: fmt=elf size=5e2e8 text=57930 data=514c bss=7470 entry=0
> > > output: fmt=aout size=61000 text=1000 data=5f000 org=200000 entry=200000
> > > ===> stand/i386/pxeldr (all)
> > > -560 bytes available
> > > *** Error code 1
> > >
> > 
> > What all do you have enabled? The defaults aren't even close to running out
> > of space (though I've not looked at this).
> 
> Hey Warner,
> 
> Thanks for reaching out! I've uploaded `make showconfig` here:
> https://hardenedbsd.org/~shawn/2026-03-17_srcconf-r01.txt
> 
> The following options are specific to HardenedBSD (in no particular
> order):
> 
> 1. MK_HBSD_UPDATE
> 2. MK_HBSDCONTROL
> 3. MK_PIE
> 4. MK_RELRO
> 5. MK_SHLIBRANDOM
> 6. MK_ZERO_REGS
> 7. MK_SPECTREV1_FIX
> 8. MK_SAFESTACK
> 9. MK_RETPOLINE
> 10. MK_LTOLIB
> 11. MK_CFI

MK_RETPOLINE was the culprit. Something about this ZFS commit causes
LLVM to emit more retpoline entries than before--too many for a little
bootloader. That might be something to investigate later, but only to
satisfy a curious mind, not to actuall fix anything (since nothing's
actually broken.)

Since it doesn't really make sense to apply speculative execution
mitigations to a bootloader, I disabled retpoline for a components
in stand/.

Good to go.

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username:  shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc