Commit Graph

1808 Commits

Author SHA1 Message Date
Kyle Evans
b85ea80975 libc: provide fputc_unlocked
Among the same justification as the other stdio _unlocked; in addition to an
inline version in <stdio.h>, we must provide a function in libc as well for
the functionality. This fixes the lang/gcc* builds, which want to use the
symbol from libc.

PR:		243810
Reported by:	antoine, swills, Michael <michael.adm gmail com>
X-MFC-With:	r357284
2020-02-02 19:45:12 +00:00
Conrad Meyer
672e12255d rand(3): Replace implementation with one backed by random(3) algorithm
rand(3)'s standard C API is extremely limiting, but we can do better
than the historical 32-bit state Park-Miller LCG we've shipped since
2001: r73156.

The justification provided at the time for not using random(3) was that
rand_r(3) could not be made to use the same algorithm.  That is still
true.  However, the irrelevance of rand_r(3) is increasingly obvious.
Since that time, POSIX has marked the interface obsolescent.  rand_r(3)
never became part of the standard C library.  If not for API
compatibility reasons, I would just remove rand_r(3) entirely.

So, I do not believe it is a problem for rand_r(3) and rand(3) to
diverge.

The 12 ABI is maintained with compatibility definitions, but this
revision does subtly change the API of rand(3).  The sequences of
pseudorandom numbers produced in programs built against new versions of
libc will differ from programs built against prior versions of libc.

Reviewed by:	kevans, markm
MFC after:	no
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D23290
2020-02-01 20:33:23 +00:00
Kyle Evans
12fe218f0b stdio: provide _unlocked variants of fflush, fputc, fputs, fread, fwrite
fflush_unlocked is currently desired in ports by sysutils/metalog, and
redefined as the locked fflush.

fputc_unlocked, fputs_unlocked, fread_unlocked, and fwrite_unlocked are
currently desired in ports by devel/elfutils, and redefined as the locked
fputs, fread, and fwrite respectively.

Reviewed by:	kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D23336
2020-01-30 03:31:16 +00:00
Kyle Evans
979b4b3495 Mark rfork(2) as __returns_twice
rfork is not generally a built-in that would be recognized as behaving like
vfork/fork; provide the hint.
2020-01-22 20:53:25 +00:00
Edward Tomasz Napierala
0d2fabfc04 Add qsort_s(3). Apart from the constraints, it also makes it easier
to port software written for Linux variant of qsort_r(3).

Reviewed by:	kib, arichardson
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D23174
2020-01-20 11:40:07 +00:00
Conrad Meyer
482f0c0255 Revert r355760, r355759
And remove the inline/deprecated attribute use entirely in stdlib.h, from
r355747.  The intent was to provide a buildable API transitionary period, but
clearly that was counter-productive.

Reported by:	delphij, imp, others
2019-12-15 17:33:26 +00:00
Kyle Evans
727b66b6d9 <unistd.h>: remove redundant __BSD_VISIBLE
This bit is already inside of a larger __BSD_VISIBLE block.

Reported by:	vangyzen
2019-12-15 01:26:57 +00:00
Conrad Meyer
215332ffe7 cdefs: Add __deprecated(message) function attribute macro
The legacy version of GCC4 currently in base does not support the
parameterized form of this function attribute, as recent introduced in
stdlib.h (r355747).

As we have done for other function attributes with similar compatibility
problems, add a version-compatibile definition in sys/cdefs.h.  Note that
Clang defines itself to be GCC 4, so one must check for __clang__ in
addition to __GNUC__ version.  On legacy GCC 4, the macro expands to just
the __deprecated__ attribute; on modern GCC or Clang, the macro expands to
the parameterized variant with the message.

Ignoring legacy or unsupported compilers, the macro is also beneficial in
that it is a bit more ergonomic than the full
__attribute__((__deprecated__())) boilerplate.

Reported by:	CI (but not tinderbox); imp and others
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D22817
2019-12-14 21:52:49 +00:00
Conrad Meyer
c62ff2800b Deprecate sranddev(3) API
It serves no useful purpose and wasn't as popular as its equally meritless
cousin, srandomdev(3).

Setting aside the problems with rand(3) in general, the problem with this
interface is that the seed isn't shared with the caller (other than by
attacking the output of the generator, which is trivial, but not a hallmark of
pleasant API design).  The (arguable) utility of rand(3) or random(3) is as a
semi-fast simulation generator which produces consistent results from a given
seed.  These are mutually at odd.  Furthermore, sometimes people got the
mistaken impression that a high quality random seed meant a weak generator like
rand(3) or random(3) could be used for things like cryptographic key
generation.  This is absolutely not so.

The API was never part of a standard and was not widely used in tree.  Existing
in-tree uses have all been removed.

Possible replacement in out of tree codebases:

	char buf[3];
	time_t t;

	time(t);
	strftime(buf, sizeof(buf), "%S", gmtime(&t));
	srand(atoi(buf));

Relnotes:	yes
2019-12-14 08:28:10 +00:00
Kyle Evans
7dc859a5f3 Add sigsetop extensions commonly found in musl libc and glibc
These functions (sigandset, sigisemptyset, sigorset) are commonly available
in at least musl libc and glibc; sigorset, at least, has proven quite useful
in qemu-bsd-user work for tracking the current process signal mask in a more
self-documenting/aesthetically pleasing manner.

Reviewed by:	bapt, jilles, pfg
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D22187
2019-12-12 01:41:55 +00:00
Dimitry Andric
bc053cafca Correctly check for C++17 and higher when declaring timespec_get()
Summary:
In rS338751, the check to declare `timespec_get()` for C++17 and higher
was incorrectly done against a `cplusplus` define, while it should have
been `__cplusplus`.

Fix this by using `__cplusplus`, and also bump `__FreeBSD_version` so it
becomes possible to correctly check for `timespec_get()` in upstream
libc++ headers.

Reviewed by:	brooks, emaste
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D22735
2019-12-09 19:17:56 +00:00
Konstantin Belousov
7f3ea0ab3a Make snprintf(3) and vscanf(3) definitions available under appropriate
POSIX visibility.

Reported by:	jbeich
Reviewed by:	jilles
PR:	207287
MFC after:	1 week
2019-09-09 11:15:14 +00:00
Emmanuel Vadot
3c8868056c pkgbase: Add TAG for evdev and veriexec headers
Reviewed by:	bapt
Differential Revision:	https://reviews.freebsd.org/D21505
2019-09-05 14:14:47 +00:00
Ed Maste
7381dcc9ee libc: remove gets
gets is unsafe and shouldn't be used (for many years now).  Leave it in
the existing symbol version so anything that previously linked aginst it
still runs, but do not allow new software to link against it.

(The compatability/legacy implementation must not be static so that
the symbol and in particular the compat sym gets@FBSD_1.0 make it
into libc.)

PR:		222796 (exp-run)
Reported by:	Paul Vixie
Reviewed by:	allanjude, cy, eadler, gnn, jhb, kib, ngie (some earlier)
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D12298
2019-09-01 16:12:05 +00:00
Konstantin Belousov
6b462d2762 Increase YPMAXRECORD to 16M to be compatible with Linux.
Since YP protocol definition uses the constant to declare
variable-size opaque byte strings, the change should be binary
compatible with existing installations which do not expose keys or
values larger than 1024 bytes.

All uses of local variables with YPMAXRECORD sizes were removed to
avoid insane stack use.  On the other hand, variables with static
lifetime should be fine and only result in increased VA use.

Glibc made same change, increasing the allowed length for keys and
values in YP to 16M, in 2013.

Reviewed by:	markj
Discussed with:	ian
Sponsored by:	Mellanox Technologies
MFC after:	3 weeks
Differential revision:	https://reviews.freebsd.org/D20900
2019-08-12 20:27:33 +00:00
Mark Johnston
076574744c Add mkostempsat(3).
This is a variant of mkostemps() which takes a directory descriptor and
returns a descriptor for a tempfile relative to that directory.  Unlike
the other mktemp functions, mkostempsat() can be used in capability
mode.

Reviewed by:	cem
Discussed with:	brooks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21031
2019-07-29 19:02:16 +00:00
Rick Macklem
6639e9bc31 Add an entry for copy_file_range(2) to unistd.h.
copy_file_range(2) is a Linux compatible syscall created by r350315.

Reviewed by:	kib, asomers
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D20584
2019-07-25 06:10:44 +00:00
Warner Losh
f5a95d9a07 Remove NAND and NANDFS support
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.

Numerous posts to arch@ and other locations have found no actual users
for this software.

Relnotes:	Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
2019-06-25 04:50:09 +00:00
Ian Lepore
71fb373934 Move/rename the sys/pwm.h header file to dev/pwm/pwmc.h. The file contains
ioctl definitions and related datatypes that allow userland control of pwm
hardware via the pwmc device.  The new name and location better reflects its
assocation with a single device driver.
2019-06-15 19:46:59 +00:00
Warner Losh
0dd16fd9d1 Move to using newvers -c instead of VARS_ONLY=1
Use newvers.sh -c to get the copyright, and newvers.sh -V RELDATE to
get the release date.

Differential Revision: https://reviews.freebsd.org/D19849
2019-05-23 17:19:05 +00:00
Mariusz Zaborski
a1304030b8 Introduce funlinkat syscall that always us to check if we are removing
the file associated with the given file descriptor.

Reviewed by:	kib, asomers
Reviewed by:	cem, jilles, brooks (they reviewed previous version)
Discussed with:	pjd, and many others
Differential Revision:	https://reviews.freebsd.org/D14567
2019-04-06 09:34:26 +00:00
Simon J. Gerraty
eb12b8ea5e Add verifying manifest loader for mac_veriexec
This tool will verify a signed manifest and load contents into
mac_veriexec for storage

Sponsored by:	Juniper Networks
Differential Revision:	D16575
2019-02-26 06:17:23 +00:00
Brooks Davis
e4478d7e46 Use a private definition of osockaddr rather then relying on type
namespace polution in sys/socket.h.

Also remove support for operation on 4.3BSD.

PR:		224529
Differential Revision:	https://reviews.freebsd.org/D14505
2019-01-18 21:30:06 +00:00
Dag-Erling Smørgrav
c9cf7cb85b Revert r343093 until I can address the issues raised by kib@. 2019-01-17 16:50:50 +00:00
Dag-Erling Smørgrav
9b35e90238 Implement dlopenat(3).
MFC after:	3 weeks
2019-01-16 12:12:40 +00:00
Pedro F. Giffuni
a5dabd6c3c Fix mismatch from r342379. 2018-12-23 20:51:13 +00:00
Pedro F. Giffuni
09ed804717 gai_strerror() - Update string error messages according to RFC 3493.
Error messages in gai_strerror(3) vary largely among OSs.

For new software we largely replaced the obsoleted EAI_NONAME and
with EAI_NODATA but we never updated the corresponding message to better
match the intended use. We also have references to ai_flags and ai_family
which are not very descriptive for non-developer end users.

Bring new new error messages based on informational RFC 3493, which has
obsoleted RFC 2553, and make them consistent among the header adn
manpage.

MFC after:	1 month
Differentical Revision:	D18630
2018-12-23 18:15:48 +00:00
Brooks Davis
8bff61a6ba Reduce NL_ARGMAX to 4096 to match Linux.
NL_ARGMAX is the maximum number of positional arguments supported by
printf(3). Prior to r308145 it was declared as 99 and not enforced.
r308145 added enforcement and increased the value to 64k.

Unfortunately, development versions of PostgreSQL used the system
definition to allocate and zero an NL_ARGMAX * 4 sized array on the
stack of its snprintf implementation with measurable performance
impacts. This has been fixed in new PostgreSQL versions, but it is
possible that other programs suffer from this problem.

A value of 4096 puts us on par with Linux and is certainly large enough
for any reasonable program.

Reviewed by:	mjg
Reported by:	mjg
Approved by:	re (gjb)
Differential revision:	https://reviews.freebsd.org/D17387
Differential revision:	https://reviews.freebsd.org/D8286
2018-10-04 21:55:58 +00:00
Brooks Davis
d02489d11a Fix C11 and POSIX 1003.1b-1993 compliance in time.h
Only expose timespec_get in C11, C++17, or BSD code.  Always define
struct timespect if defining timespec_get.

PR:		231425
Reviewed by:	kib
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D17174
2018-09-18 15:31:24 +00:00
Xin LI
a29173be53 Remove arc4random_stir and arc4random_addrandom from stdlib.h.
Users of arc4random(3) should never call them directly.

All ports tree usage was fixed as part of bug 230756.

Relnotes:       yes
Approved by:    re (marius), exp-run (bug 230756 by portmgr antoine)
2018-08-26 18:04:54 +00:00
Alex Richardson
a52fd948a2 Handle -DNO_ROOT for make compat in include/
Otherwise this step will fail on a Linux host due to missing "wheel" group

Approved By:	brooks (mentor)
Differential Revision: https://reviews.freebsd.org/D16841
2018-08-23 18:18:52 +00:00
Xin LI
c1e80940f3 Update userland arc4random() with OpenBSD's Chacha20 based arc4random().
ObsoleteFiles.inc:

    Remove manual pages for arc4random_addrandom(3) and
    arc4random_stir(3).

  contrib/ntp/lib/isc/random.c:
  contrib/ntp/sntp/libevent/evutil_rand.c:

    Eliminate in-tree usage of arc4random_addrandom().

  crypto/heimdal/lib/roken/rand.c:
  crypto/openssh/config.h:

    Eliminate in-tree usage of arc4random_stir().

  include/stdlib.h:

    Remove arc4random_stir() and arc4random_addrandom() prototypes,
    provide temporary shims for transistion period.

  lib/libc/gen/Makefile.inc:

    Hook arc4random-compat.c to build, add hint for Chacha20 source for
    kernel, and remove arc4random_addrandom(3) and arc4random_stir(3)
    links.

  lib/libc/gen/arc4random.c:

    Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the
    sys/crypto/chacha20 implementation of keystream.

  lib/libc/gen/Symbol.map:

    Remove arc4random_stir and arc4random_addrandom interfaces.

  lib/libc/gen/arc4random.h:

    Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own.

  lib/libc/gen/arc4random.3:

    Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and
    r118247.

  lib/libc/gen/arc4random-compat.c:

    Compatibility shims for arc4random_stir and arc4random_addrandom
    functions to preserve ABI.  Log once when called but do nothing
    otherwise.

  lib/libc/gen/getentropy.c:
  lib/libc/include/libc_private.h:

    Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl).
    Remove from libc_private.h as a result.

  sys/crypto/chacha20/chacha.c:
  sys/crypto/chacha20/chacha.h:

    Make it possible to use the kernel implementation in libc.

PR:		182610
Reviewed by:	cem, markm
Obtained from:	OpenBSD
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16760
2018-08-19 17:40:50 +00:00
Pedro F. Giffuni
b6413b6db8 POSIX compliance improvements in the pthread(3) functions.
This basically adds makes use of the C99 restrict keyword, and also
adds some 'const's to four threading functions: pthread_mutexattr_gettype(),
pthread_mutexattr_getprioceiling(), pthread_mutexattr_getprotocol(), and
pthread_mutex_getprioceiling. The changes are in accordance to POSIX/SUSv4-2018.

Hinted by:	DragonFlyBSD

Relnotes:	yes
MFC after:	1 month
Differential Revision:	D16722
2018-08-18 01:05:38 +00:00
Konstantin Belousov
4627d47bc8 Add pthread_get_name_np(3).
The function retrieves the thread name previously set by
pthread_set_name_np(3). The name is cached in the process memory.

Requested by:	Willem Jan Withagen <wjw@digiware.nl>
Man page update:	Yuri Pankov <yuripv@yuripv.net>
Reviewed by:	ian (previous version)
Discussed with:	arichardson, bjk (man page)
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D16702
2018-08-17 18:34:07 +00:00
Konstantin Belousov
d9cf291382 Reorder alphabetically.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D16702
2018-08-17 18:24:11 +00:00
Kyle Evans
cd87846e6e Install symlink for sys/nvpair.h in include/Makefile symlinks target
Noticed while fixing the install/sysroot situation for libnvpair and
libzfs_core- if one uses the symlinks target, libzfs_core.h is not
installed.
2018-08-13 05:16:27 +00:00
Kyle Evans
ce33c57d6c Use INCS for non-sys/ libnvpair and libzfs_core includes
While nothing was wrong with libnvpair.h, libzfs_core.h was only guarded by
MK_CDDL rather than MK_CDDL && MK_ZFS. Rather than ugl'if'ying
include/Makefile to impose the extra restriction, just move the non-sys/
includes into INCS with the respect lib builds.

This has the added bonus of allowing third party packagers to try and split
these libs out of the FreeBSD-runtime package, if they are so inclined.

The sys/ include was left alone- generally userland libraries shouldn't
install kernel headers.

MFC after:	1 week
2018-08-13 03:38:32 +00:00
Warner Losh
7e299411ac Bring in timespce_get form NetBSD.
Bring in the functionality for timespec_get from NetBSD. I've lightly
edited the .c file to remove _DIAGASSERT because FreeBSD doesn't have
that functionality and the typical #define'ing it to assert isn't
right here. The man page is verbatim from NetBSD, but will be revised
as part of a larger cleanup of the time man pages (they are
inconsistent and vague in all the wrong places).

Differential Review: https://reviews.freebsd.org/D16649
2018-08-10 15:16:30 +00:00
Matt Macy
6813d08ff5 msun: add ld80/ld128 powl, cpow, cpowf, cpowl from openbsd
This corresponds to the latest status (hasn't changed in 9+
years) from openbsd of ld80/ld128 powl, and source cpowf, cpow,
cpowl (the complex power functions for float complex, double
complex, and long double complex) which are required for C99
compliance and were missing from FreeBSD. Also required for
some numerical codes using complex numbered Hamiltonians.

Thanks to jhb for tracking down the issue with making
weak_reference compile on powerpc.

When asked to review, bde said "I don't like it" - but
provided no actionable feedback or superior implementations.

Discussed with: jhb
Submitted by: jmd
Differential Revision: https://reviews.freebsd.org/D15919
2018-07-15 00:23:10 +00:00
Konstantin Belousov
f4a5a0b8ac Add a missed chunk r335939.
Noted by:	David Carlier
MFC after:	9 days
Differential revision:	https://reviews.freebsd.org/D16178
2018-07-08 15:48:47 +00:00
Sean Eric Fagan
aad5531e71 This exposes ZFS user and group quotas via the normal
quatactl(2) mechanism.  (Read-only at this point, however.)
In particular, this is to allow rpc.rquotad query quotas
for NFS mounts, allowing users to see their quotas on the
hosts using the datasets.

The changes specifically:

* Add new RPC entry points for querying quotas.
* Changes the library routines to allow non-UFS quotas.
* Changes rquotad to check for quotas on mounted filesystems,
rather than being limited to entries in /etc/fstab
* Lastly, adds a VFS entry-point for ZFS to query quotas.

Note that this makes one unavoidable behavioural change: if quotas
are enabled, then they can be queried, as opposed to the current
method of checking for quotas being specified in fstab.  (With
ZFS, if there are user or group quotas, they're used, always.)

Reviewed by:	delphij, mav
Approved by:	mav
Sponsored by:	iXsystems Inc
Differential Revision:	https://reviews.freebsd.org/D15886
2018-07-05 22:56:13 +00:00
Eitan Adler
fe9fbe221d Add time2posix and posix2time to time.h
These are documented in `time2posix.3` but the symbols are not actually
visible. Since these are not POSIX hide them behind _BSD_VISIBLE.

Reviewed by:		wollman
Differential Revision:	https://reviews.freebsd.org/D15530
2018-05-25 13:40:05 +00:00
Konstantin Belousov
0c0288a218 Add implementations for clog(3), clogf(3), and clog(3).
PR:	216863
Submitted by:	bde, Steven G. Kargl <sgk@troutmask.apl.washington.edu>
MFC after:	2 weeks
2018-05-13 09:54:34 +00:00
Mark Johnston
e505460228 Import the netdump client code.
This is a component of a system which lets the kernel dump core to
a remote host after a panic, rather than to a local storage device.
The server component is available in the ports tree. netdump is
particularly useful on diskless systems.

The netdump(4) man page contains some details describing the protocol.
Support for configuring netdump will be added to dumpon(8) in a future
commit. To use netdump, the kernel must have been compiled with the
NETDUMP option.

The initial revision of netdump was written by Darrell Anderson and
was integrated into Sandvine's OS, from which this version was derived.

Reviewed by:	bdrewery, cem (earlier versions), julian, sbruno
MFC after:	1 month
X-MFC note:	use a spare field in struct ifnet
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D15253
2018-05-06 00:38:29 +00:00
Ed Maste
e6a376d196 Retire lmc(4)
This driver supports legacy, 32-bit PCI devices, and had an ambiguous
license.  Supported devices were already reported to be rare in 2003
(when an earlier version of the driver was removed in r123201).

Reviewed by:	rgrimes
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15245
2018-05-01 16:30:48 +00:00
Pedro F. Giffuni
65436b2e12 pthread.h: minor indentation cleanups.
No functional change.

X-MFC with:	r331969
2018-04-04 15:16:04 +00:00
Pedro F. Giffuni
7a07ca9b3c pthread.h: drop nullability attributes.
These have been found to be practically useless. We were actually
following the Android bionic library and had some interest in replicating
the same warnings and behaviour but Android has since removed them.

We are still keeping some uses of nullability attributes in other headers,
somewhat in line with Apple's libc.

MFC after:	1 week
Hinted by: bionic (git 3f66e74b903905e763e104396aff52a81718cfde)
2018-04-04 02:00:10 +00:00
Cy Schubert
dc711d6db3 Remove redundant check.
Reported by:	kib@
MFC after:	2 weeks
X-MFC with:	r331936
Differential Revision:	https://reviews.freebsd.org/D12785
2018-04-03 20:59:46 +00:00
Cy Schubert
c13559d31e Include update to stdio.h missed in r331936.
In my attempt to limit the commit in r331936 to only the gets_s()
commit and not include unrelated patches in my tree, this patch
was missed.

Reported by:	pfg
MFC after:	2 weeks
X-MFC with:	r331936
Differential Revision:	https://reviews.freebsd.org/D12785
2018-04-03 20:14:37 +00:00
Jonathan T. Looney
2529f56ed3 Add the "TCP Blackbox Recorder" which we discussed at the developer
summits at BSDCan and BSDCam in 2017.

The TCP Blackbox Recorder allows you to capture events on a TCP connection
in a ring buffer. It stores metadata with the event. It optionally stores
the TCP header associated with an event (if the event is associated with a
packet) and also optionally stores information on the sockets.

It supports setting a log ID on a TCP connection and using this to correlate
multiple connections that share a common log ID.

You can log connections in different modes. If you are doing a coordinated
test with a particular connection, you may tell the system to put it in
mode 4 (continuous dump). Or, if you just want to monitor for errors, you
can put it in mode 1 (ring buffer) and dump all the ring buffers associated
with the connection ID when we receive an error signal for that connection
ID. You can set a default mode that will be applied to a particular ratio
of incoming connections. You can also manually set a mode using a socket
option.

This commit includes only basic probes. rrs@ has added quite an abundance
of probes in his TCP development work. He plans to commit those soon.

There are user-space programs which we plan to commit as ports. These read
the data from the log device and output pcapng files, and then let you
analyze the data (and metadata) in the pcapng files.

Reviewed by:	gnn (previous version)
Obtained from:	Netflix, Inc.
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11085
2018-03-22 09:40:08 +00:00
Conrad Meyer
e9ac27430c Implement getrandom(2) and getentropy(3)
The general idea here is to provide userspace programs with well-defined
sources of entropy, in a fashion that doesn't require opening a new file
descriptor (ulimits) or accessing paths (/dev/urandom may be restricted
by chroot or capsicum).

getrandom(2) is the more general API, and comes from the Linux world.
Since our urandom and random devices are identical, the GRND_RANDOM flag
is ignored.

getentropy(3) is added as a compatibility shim for the OpenBSD API.

truss(1) support is included.

Tests for both system calls are provided.  Coverage is believed to be at
least as comprehensive as LTP getrandom(2) test coverage.  Additionally,
instructions for running the LTP tests directly against FreeBSD are provided
in the "Test Plan" section of the Differential revision linked below.  (They
pass, of course.)

PR:		194204
Reported by:	David CARLIER <david.carlier AT hardenedbsd.org>
Discussed with:	cperciva, delphij, jhb, markj
Relnotes:	maybe
Differential Revision:	https://reviews.freebsd.org/D14500
2018-03-21 01:15:45 +00:00
Hans Petter Selasky
e808190a59 Add kernel and userspace code to dump the firmware state of supported
ConnectX-4/5 devices in mlx5core.

The dump is obtained by reading a predefined register map from the
non-destructive crspace, accessible by the vendor-specific PCIe
capability (VSC). The dump is stored in preallocated kernel memory and
managed by the mlx5tool(8), which communicates with the driver using a
character device node.

The utility allows to store the dump in format
    <address> <value>
into a file, to reset the dump content, and to manually initiate the
dump.

A call to mlx5_fwdump() should be added at the places where a dump
must be fetched automatically. The most likely place is right before a
firmware reset request.

Submitted by:	kib@
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2018-03-08 15:21:56 +00:00
Edward Tomasz Napierala
1cde387c83 Improve missing tty handling in init(8). This removes a check that did
nothing - it was checking for ENXIO, which, with devfs, is no longer
returned - and was badly placed anyway, and replaces it with similar
one that works, and is done just before starting getty, instead of being
done when rereading ttys(5).

From the practical point of view, this makes init(8) handle disappearing
terminals (eg /dev/ttyU*) gracefully, without unneccessary getty restarts
and resulting error messages.

Reviewed by:	imp@
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14307
2018-02-27 10:54:15 +00:00
Warner Losh
ef1fcaf0f5 Do not include float interfaces when using libsa.
We don't support float in the boot loaders, so don't include
interfaces for float or double in systems headers. In addition, take
the unusual step of spiking double and float to prevent any more
accidental seepage.
2018-02-23 04:04:25 +00:00
Warner Losh
982e7bdafc We don't support gcc < 4.2.1, so varargs.h now is just #error
always. Unifdef for versions prior to 4.2.1 and remove now-unused
header files.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D14323
2018-02-12 14:48:14 +00:00
Pedro F. Giffuni
2fd63590ae Avoid implicit gcc nonnull attribute in vwarnx().
We removed the nonnull attributes from our headers long ago, but still
__printflike() includes it implicitly. This will cause the NULL check to
be optimized away in higher -O levels and it will also trigger a
-Wnonnull-compare warning.

Avoid warning with it in vwarnx().

Obtained from:	DragonfLyBSD (git 6329e2f68af73662a1960240675e796ab586bcb1)
2018-01-28 19:37:30 +00:00
Pedro F. Giffuni
b8d1747e75 Use the __alloc_size2 attribute where relevant.
This follows the documented use in GCC. It is basically only relevant for
calloc(3), reallocarray(3) and  mallocarray(9).

Suggested by:	Mark Millard

Reference:
https://docs.freebsd.org/cgi/mid.cgi?9DE674C6-EAA3-4E8A-906F-446E74D82FC4
2018-01-22 01:50:10 +00:00
Pedro F. Giffuni
dd5edb11b1 Use the __result_use_check attribute also for reallocf(3).
The GCC attribute causes a warning to be emitted if a caller of the
function with this attribute does not use its return value. Unlike the
traditional realloc, with reallocf(3) we don't have to check for NULL
values but we still have to make sure the result is used.

MFC after:	3 days
2018-01-09 22:48:13 +00:00
Mariusz Zaborski
16545cf5d5 Introduce the daemonfd function.
The daemonfd function is equivalent to the daemon(3) function expect that
arguments are descriptors. For example dhclient(8) which is sandboxed is
unable to open /dev/null to close stdio instead it's allows to fail
daemon(3) function to close the descriptors and then do it explicit in code.
Instead of such hacks we can use now daemonfd.

This API can be also helpful to migrate system to platforms like CheriBSD.

Reviewed by:	brooks@, bcr@, jilles@ (earlier version)
Differential Revision:	https://reviews.freebsd.org/D13433
2017-12-23 18:07:43 +00:00
Pedro F. Giffuni
9b10f59a10 SPDX: mostly fixes to previous changes.
Introduce the recently approved BSD-1-Clause and replace 0BSD which
never did fit well our use cases.
2017-12-13 16:13:17 +00:00
Ed Schouten
6c093deeda Remove basename_r(3).
Now that the POSIX working group is going to require that basename(3)
and dirname(3) are thread-safe in future revisions of the standard,
there is even less of a need to provide basename_r(3). Remove this
function to prevent people from writing code that only builds on
FreeBSD and Bionic.

Removing this function seems to break exactly one port: sbruno@'s
qemu-user-static. I will send him a pull request on GitHub in a bit.
__FreeBSD_version will not be bumped, as any value from 2017 can be used
to test for the presence of a thread-safe basename(3)/dirname(3).

PR:		https://bugs.freebsd.org/224016
2017-12-08 22:06:18 +00:00
Pedro F. Giffuni
6e778a7efd SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
Pedro F. Giffuni
66a2396a61 netconfig.h: sync with upstream.
Bring some comments and the license.
Add SPDX License ID tag while here.

Obtained from:	NetBSD (CVS rev 1.2, 1.5, 1.6)
2017-11-27 17:18:31 +00:00
Pedro F. Giffuni
e58eb3c437 include: General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-25 17:09:43 +00:00
Konstantin Belousov
383f241dce Remove lint support from system headers and MD x86 headers.
Reviewed by:	dim, jhb
Discussed with:	imp
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D13156
2017-11-23 11:40:16 +00:00
Pedro F. Giffuni
981e34b9ca Indent protection and some other oops from the prvious commits. 2017-11-20 19:56:11 +00:00
Pedro F. Giffuni
2321c47418 include: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:45:28 +00:00
Jilles Tjoelker
1f04a45950 libc: Do not refer to _DefaultRuneLocale in ctype inlines
Referring to _DefaultRuneLocale causes this >4KB structure to be copied to
all executables that use <ctype.h> inlines (except PIE executables).

This only affects the case where thread local storage is available.

_CurrentRuneLocale cannot be NULL, so the check can be removed entirely.

_DefaultRuneLocale needs to remain available for now since libc++ uses it.
The __isctype inline in include/_ctype.h also refers to _DefaultRuneLocale
and remains available because it may still be used by third party software.

Reviewed by:	bdrewery, theraven
Differential Revision:	https://reviews.freebsd.org/D10363
2017-10-22 20:01:07 +00:00
Cy Schubert
93ca7f45e7 Sync (make same) the offsetof macro definition in include/ with the
definition of the same in sys/sys/. The problem was discovered while
working on implementing a new C11 gets_s() for libc. (The new gets_s()
requires rsize_t found in include/stddef.h.) The solution to sync the two
definitions was suggested by ed@ while discussing D12667.

Suggested by:	ed
MFC after:	2 weeks
2017-10-15 02:40:13 +00:00
Warner Losh
a94a63f0a6 An MMC/SD/SDIO stack using CAM
Implement the MMC/SD/SDIO protocol within a CAM framework. CAM's
flexible queueing will make it easier to write non-storage drivers
than the legacy stack. SDIO drivers from both the kernel and as
userland daemons are possible, though much of that functionality will
come later.

Some of the CAM integration isn't complete (there are sleeps in the
device probe state machine, for example), but those minor issues can
be improved in-tree more easily than out of tree and shouldn't gate
progress on other fronts. Appologies to reviews if specific items
have been overlooked.

Submitted by: Ilya Bakulin
Reviewed by: emaste, imp, mav, adrian, ian
Differential Review: https://reviews.freebsd.org/D4761

merge with first commit, various compile hacks.
2017-07-09 16:57:24 +00:00
Ed Schouten
f49db4cf69 Use __ISO_C_VISIBLE, as opposed to testing __STDC_VERSION__.
FreeBSD's C library uses __STDC_VERSION__ to determine whether the
compiler provides language features specific to a certain version of the
C standard. __ISO_C_VISIBLE is used to specify which library features
need to be exposed.

max_align_t currently uses __STDC_VERSION__, even though it should be
using __ISO_C_VISIBLE to remain consistent with the rest of the headers
in include/.

Reviewed by:	dim
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D11303
2017-06-22 18:39:52 +00:00
Bryan Drewery
c99b67a794 Utilize SYSROOT from r320119 in places where DESTDIR may be wanting WORLDTMP.
Since buildenv exports SYSROOT all of these uses will now look in
WORLDTMP by default.

sys/boot/efi/loader/Makefile
        A LIBSTAND hack is no longer required for buildenv.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-19 20:47:24 +00:00
Jason Evans
b7eaed250f Update jemalloc to 5.0.0. 2017-06-15 07:15:05 +00:00
Konstantin Belousov
a07c3aeb73 Use __BSD_VISIBLE test instead checking for absense of _POSIX_SOURCE.
The Termios headers <termios.h> and <sys/_termios.h> used sometimes
_POSIX_SOURCE directly to determine if a thing should be exposed to
the user.  This circumvented the feature mechanisms of <sys/cdefs.h>.

Submitted by:	Sebastian Huber <sebastian.huber@embedded-brains.de>
MFC after:	2 weeks
2017-05-24 09:25:13 +00:00
Eric van Gyzen
5a6d7b723f libthr: fix warnings from GCC when WARNS=6
Fix warnings about:
- redundant declarations
- a local variable shadowing a global function (dlinfo)
- an old-style function definition (with an empty parameter list)
- a variable that is possibly used uninitialized

"make tinderbox" passes this time, except for a few unrelated
kernel failures.

Reviewed by:	kib
MFC after:	3 days
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D10870
2017-05-23 16:12:50 +00:00
Konstantin Belousov
6992112349 Commit the 64-bit inode project.
Extend the ino_t, dev_t, nlink_t types to 64-bit ints.  Modify
struct dirent layout to add d_off, increase the size of d_fileno
to 64-bits, increase the size of d_namlen to 16-bits, and change
the required alignment.  Increase struct statfs f_mntfromname[] and
f_mntonname[] array length MNAMELEN to 1024.

ABI breakage is mitigated by providing compatibility using versioned
symbols, ingenious use of the existing padding in structures, and
by employing other tricks.  Unfortunately, not everything can be
fixed, especially outside the base system.  For instance, third-party
APIs which pass struct stat around are broken in backward and
forward incompatible ways.

Kinfo sysctl MIBs ABI is changed in backward-compatible way, but
there is no general mechanism to handle other sysctl MIBS which
return structures where the layout has changed. It was considered
that the breakage is either in the management interfaces, where we
usually allow ABI slip, or is not important.

Struct xvnode changed layout, no compat shims are provided.

For struct xtty, dev_t tty device member was reduced to uint32_t.
It was decided that keeping ABI compat in this case is more useful
than reporting 64-bit dev_t, for the sake of pstat.

Update note: strictly follow the instructions in UPDATING.  Build
and install the new kernel with COMPAT_FREEBSD11 option enabled,
then reboot, and only then install new world.

Credits: The 64-bit inode project, also known as ino64, started life
many years ago as a project by Gleb Kurtsou (gleb).  Kirk McKusick
(mckusick) then picked up and updated the patch, and acted as a
flag-waver.  Feedback, suggestions, and discussions were carried
by Ed Maste (emaste), John Baldwin (jhb), Jilles Tjoelker (jilles),
and Rick Macklem (rmacklem).  Kris Moore (kris) performed an initial
ports investigation followed by an exp-run by Antoine Brodin (antoine).
Essential and all-embracing testing was done by Peter Holm (pho).
The heavy lifting of coordinating all these efforts and bringing the
project to completion were done by Konstantin Belousov (kib).

Sponsored by:	The FreeBSD Foundation (emaste, kib)
Differential revision:	https://reviews.freebsd.org/D10439
2017-05-23 09:29:05 +00:00
Pedro F. Giffuni
b95b332c4b ndbm.h: Add a comment pointing out our non-compliance with POSIX.
Changing it to full conformance breaks the ABI.

Reference:
http://pubs.opengroup.org/onlinepubs/009695399/basedefs/ndbm.h.html

Discussion at:	https://reviews.freebsd.org/D10544
2017-05-22 23:17:55 +00:00
Pedro F. Giffuni
0558617b42 <stdio.h>: ftello() and fseeko() were in SUSv2, so extend visibility.
See:

http://pubs.opengroup.org/onlinepubs/007908799/xsh/fseek.html
http://pubs.opengroup.org/onlinepubs/007908799/xsh/ftell.html

Hinted from:	DragonFlyBSD (git 58696e28)
2017-04-29 18:48:05 +00:00
Brooks Davis
a7dc31283a Remove the NATM framework including the en(4), fatm(4), hatm(4), and
patm(4) devices.

Maintaining an address family and framework has real costs when we make
infrastructure improvements.  In the case of NATM we support no devices
manufactured in the last 20 years and some will not even work in modern
motherboards (some newer devices that patm(4) could be updated to
support apparently exist, but we do not currently have support).

With this change, support remains for some netgraph modules that don't
require NATM support code. It is unclear if all these should remain,
though ng_atmllc certainly stands alone.

Note well: FreeBSD 11 supports NATM and will continue to do so until at
least September 30, 2021.  Improvements to the code in FreeBSD 11 are
certainly welcome.

Reviewed by:	philip
Approved by:	harti
2017-04-24 21:21:49 +00:00
Konstantin Belousov
9851b3400a Implement the memset_s(3) function as specified by the C11 ISO/IEC
9899:2011 Appendix K 3.7.4.1.

Other needed supporting types, defines and constraint_handler
infrastructure is added as specified in the C11 spec.

Submitted by:	Tom Rix <trix@juniper.net>
Sponsored by:	Juniper Networks
Discussed with:	ed
MFC after:	3 weeks
Differential revision:	https://reviews.freebsd.org/D9903
Differential revision:	https://reviews.freebsd.org/D10161
2017-03-30 04:57:26 +00:00
Warner Losh
37b5835028 Impelemnt ttys onifexists in init.
Implement a new init(8) option in /etc/ttys. If this option is present
on the entry in /etc/ttys, the entry will be active if and only if it
exists.  If the name starts with a '/', it will be considered an
absolute path. If not, it will be a path relative to /dev.

This allows one to turn off video console getty that aren't present
(while running a getty on them even when they aren't the system
console). Likewise with serial ports.

It differs from onifconsole in only requiring the device exist rather
than it be listed as one of the system consoles.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D10037
2017-03-22 19:00:41 +00:00
Eric van Gyzen
3f8455b090 Add clock_nanosleep()
Add a clock_nanosleep() syscall, as specified by POSIX.
Make nanosleep() a wrapper around it.

Attach the clock_nanosleep test from NetBSD. Adjust it for the
FreeBSD behavior of updating rmtp only when interrupted by a signal.
I believe this to be POSIX-compliant, since POSIX mentions the rmtp
parameter only in the paragraph about EINTR. This is also what
Linux does. (NetBSD updates rmtp unconditionally.)

Copy the whole nanosleep.2 man page from NetBSD because it is complete
and closely resembles the POSIX description. Edit, polish, and reword it
a bit, being sure to keep any relevant text from the FreeBSD page.

Reviewed by:	kib, ngie, jilles
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D10020
2017-03-19 00:51:12 +00:00
Marius Strobl
72dec0792a - Add support for eMMC "partitions". Besides the user data area, i. e.
the default partition, eMMC v4.41 and later devices can additionally
  provide up to:
  1 enhanced user data area partition
  2 boot partitions
  1 RPMB (Replay Protected Memory Block) partition
  4 general purpose partitions (optionally with a enhanced or extended
    attribute)

  Of these "partitions", only the enhanced user data area one actually
  slices the user data area partition and, thus, gets handled with the
  help of geom_flashmap(4). The other types of partitions have address
  space independent from the default partition and need to be switched
  to via CMD6 (SWITCH), i. e. constitute a set of additional "disks".

  The second kind of these "partitions" doesn't fit that well into the
  design of mmc(4) and mmcsd(4). I've decided to let mmcsd(4) hook all
  of these "partitions" up as disk(9)'s (except for the RPMB partition
  as it didn't seem to make much sense to be able to put a file-system
  there and may require authentication; therefore, RPMB partitions are
  solely accessible via the newly added IOCTL interface currently; see
  also below). This approach for one resulted in cleaner code. Second,
  it retains the notion of mmcsd(4) children corresponding to a single
  physical device each. With the addition of some layering violations,
  it also would have been possible for mmc(4) to add separate mmcsd(4)
  instances with one disk each for all of these "partitions", however.
  Still, both mmc(4) and mmcsd(4) share some common code now e. g. for
  issuing CMD6, which has been factored out into mmc_subr.c.

  Besides simply subdividing eMMC devices, some Intel NUCs having UEFI
  code in the boot partitions etc., another use case for the partition
  support is the activation of pseudo-SLC mode, which manufacturers of
  eMMC chips typically associate with the enhanced user data area and/
  or the enhanced attribute of general purpose partitions.

  CAVEAT EMPTOR: Partitioning eMMC devices is a one-time operation.

- Now that properly issuing CMD6 is crucial (so data isn't written to
  the wrong partition for example), make a step into the direction of
  correctly handling the timeout for these commands in the MMC layer.
  Also, do a SEND_STATUS when CMD6 is invoked with an R1B response as
  recommended by relevant specifications. However, quite some work is
  left to be done in this regard; all other R1B-type commands done by
  the MMC layer also should be followed by a SEND_STATUS (CMD13), the
  erase timeout calculations/handling as documented in specifications
  are entirely ignored so far, the MMC layer doesn't provide timeouts
  applicable up to the bridge drivers and at least sdhci(4) currently
  is hardcoding 1 s as timeout for all command types unconditionally.
  Let alone already available return codes often not being checked in
  the MMC layer ...

- Add an IOCTL interface to mmcsd(4); this is sufficiently compatible
  with Linux so that the GNU mmc-utils can be ported to and used with
  FreeBSD (note that due to the remaining deficiencies outlined above
  SANITIZE operations issued by/with `mmc` currently most likely will
  fail). These latter will be added to ports as sysutils/mmc-utils in
  a bit. Among others, the `mmc` tool of the GNU mmc-utils allows for
  partitioning eMMC devices (tested working).

- For devices following the eMMC specification v4.41 or later, year 0
  is 2013 rather than 1997; so correct this for assembling the device
  ID string properly.

- Let mmcsd.ko depend on mmc.ko. Additionally, bump MMC_VERSION as at
  least for some of the above a matching pair is required.

- In the ACPI front-end of sdhci(4) describe the Intel eMMC and SDXC
  controllers as such in order to match the PCI one.
  Additionally, in the entry for the 80860F14 SDXC controller remove
  the eMMC-only SDHCI_QUIRK_INTEL_POWER_UP_RESET.

OKed by:	imp
Submitted by:	ian (mmc_switch_status() implementation)
2017-03-16 22:23:04 +00:00
Warner Losh
28d60d6a80 Convert include over to SRCTOP
Use SRCTOP in place of .CURDIR/.. as appropriate. The hand-crafted
relative paths for the "links" option remain, though, since those are
relative to /usr/include/sys/<blah> not to the source tree.

Differential Revision:	https://reviews.freebsd.org/D9932
Sponsored by:		Netflix
Silence	On:		arch@ (twice)
2017-03-12 18:59:00 +00:00
Eric van Gyzen
81027fa594 Sort declaration of sem_clockwait_np
Also mention <time.h> in sem_timedwait(3), because POSIX does,
and because the user will need it for clockid_t, struct timespec,
and TIMER_ABSTIME.

Reported by:	bde
MFC after:	9 days
X-MFC with:	r314179
Sponsored by:	Dell EMC
2017-02-28 21:47:00 +00:00
Warner Losh
df6186309a Fix include/arpa/nameser_compat.h by adding T_DNAME definition.
Fixes Apache trafficserver

Submitted by: John J. Rushford <https://github.com/jrushford>
Pull Request: https://github.com/freebsd/freebsd/pull/104
2017-02-28 20:34:25 +00:00
Eric van Gyzen
f4b4cf565d Guard sem_clockwait_np() declaration with __BSD_VISIBLE
This is a POSIX header file, so keep the namespace clean.

Reported by:	kib
MFC after:	13 days
X-MFC with:	r314179
Sponsored by:	Dell EMC
2017-02-24 14:37:55 +00:00
Eric van Gyzen
b215ceaaec Add sem_clockwait_np()
This function allows the caller to specify the reference clock
and choose between absolute and relative mode.  In relative mode,
the remaining time can be returned.

The API is similar to clock_nanosleep(3).  Thanks to Ed Schouten
for that suggestion.

While I'm here, reduce the sleep time in the semaphore "child"
test to greatly reduce its runtime.  Also add a reasonable timeout.

Reviewed by:	ed (userland)
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D9656
2017-02-23 19:36:38 +00:00
Mahdi Mokhtari
507c3d47af Add new catrigl.c (r313761) APIs to include/complex.h
Reviewed by:	bde, emaste
Approved by:	bde, emaste (src committers)
Differential Revision:	https://reviews.freebsd.org/D9615
2017-02-18 21:08:09 +00:00
Pedro F. Giffuni
10723054ce Remove outdated claim.
Despite wishful thinking the removal of these old function hasn't
happened yet.

MFC after:	3 days
2017-02-16 20:30:55 +00:00
Pedro F. Giffuni
4eecef9062 Small inclusion guard comment fix. 2017-02-16 20:28:30 +00:00
Pedro F. Giffuni
649702c5a3 Make use of clang nullability attributes.
Replace uses of the GCC __nonnull__ attribute with the clang nullability
qualifiers. The replacement should be transparent for clang developers as
the new qualifiers will produce the same warnings and will be useful for
static checkers but will not cause aggressive optimizations.

GCC will not produce such warnings and developers will have to use
upgraded GCC ports built with the system headers from r312538.

Hinted by:	Apple's Libc-1158.20.4, Bionic libc
MFC after:	11.1 Release

Differential Revision:	https://reviews.freebsd.org/D9004
2017-01-28 20:54:43 +00:00
Pedro F. Giffuni
f1b298ad46 Remove some uses of the GCC __nonnull() attribute.
While the checks are considered useful, the attribute does dangerous
optimizations, removing NULL checks where they can be needed. Remove the
uses of this attribute introduced in r281130: the changes were inspired on
Google's bionic where this attribute is not used anymore.

The __nonnull() attribute will be deprecrated from our headers and
replaced with the Clang _Nonnull qualifier in the future.

MFC after:	3 days
2017-01-01 17:16:47 +00:00
Andriy Gapon
7502cc401b libkvm: support access to vmm guest memory, allow writes to fwmem and vmm
This change consists of two parts:
- allow libkvm to recognize /dev/vmm/* character devices as devices that
  provide access to the physical memory of a system (similarly to /dev/fwmem*)
- allow libkvm to recognize that /dev/vmm/* and /dev/fwmem* devices provide
  access to the physical memory of live remote systems and, thus, the memory
  is writable

As a result, it should be possible to run commands like
$ kgdb -w /path/to/kernel /dev/fwmem0.0
$ kgdb /path/to/kernel /dev/vmm/guest

Reviewed by:	kib, jhb
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	Panzura
Differential Revision: https://reviews.freebsd.org/D8679
2016-12-27 10:17:56 +00:00
Sepherosa Ziehau
9622c93ae8 hyperv: Allow userland to ro-mmap reference TSC page
This paves way to implement VDSO for the enlightened time counter.

Reviewed by:	kib
MFC after:	1 week
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8768
2016-12-15 03:32:24 +00:00
Bryan Drewery
34ecf41885 Create the /usr/lib/include symlink as relative.
This ugly code is done to avoid assuming LIBDIR is 2 components
deep.

Reported by:	jhb
2016-12-03 05:29:12 +00:00
John Baldwin
31ad7c11b3 Use the correct name for the GCC macro indicating max_align_t is defined.
MFC after:	3 days
2016-11-29 00:16:19 +00:00
Sepherosa Ziehau
168fce73b5 hyperv/vss: Add driver and tools for VSS
VSS stands for "Volume Shadow Copy Service".  Unlike virtual machine
snapshot, it only takes snapshot for the virtual disks, so both
filesystem and applications have to aware of it, and cooperate the
whole VSS process.

This driver exposes two device files to the userland:

    /dev/hv_fsvss_dev

    Normally userland programs should _not_ mess with this device file.
    It is currently used by the hv_vss_daemon(8), which freezes and
    thaws the filesystem.  NOTE: currently only UFS is supported, if
    the system mounts _any_ other filesystems, the hv_vss_daemon(8)
    will veto the VSS process.

    If hv_vss_daemon(8) was disabled, then this device file must be
    opened, and proper ioctls must be issued to keep the VSS working.

    /dev/hv_appvss_dev

    Userland application can opened this device file to receive the
    VSS freeze notification, hold the VSS for a while (mainly to flush
    application data to filesystem), release the VSS process, and
    receive the VSS thaw notification i.e. applications can run again.

    The VSS will still work, even if this device file is not opened.
    However, only filesystem consistency is promised, if this device
    file is not opened or is not operated properly.

hv_vss_daemon(8) is started by devd(8) by default.  It can be disabled
by editting /etc/devd/hyperv.conf.

Submitted by:	Hongjiang Zhang <honzhan microsoft com>
Reviewed by:	kib, mckusick
MFC after:	3 weeks
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8224
2016-11-15 02:36:12 +00:00
Ed Schouten
34168b28e9 Replace basename(3) by a thread-safe implementation.
Now that the changes to the dirname(3) function had some time to settle,
let's go ahead and use the same approach for replacing basename(3) by a
simple implementation that modifies the input string, thereby making it
thread-safe and guaranteed to succeed.

Unlike dirname(3), this function already had a thread-safe variant
basename_r(3). This function had its own set of problems, like having an
upper bound on the pathname length. Keep this function around for
compatibility, but remove most references from the man page. Make the
man page more similar to that of dirname(3).

As the basename_r(3) function is only provided by FreeBSD (and Bionic),
depending on its use is even more implementation defined than assuming
that basename(3) is thread-safe.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D8382
2016-11-03 20:21:34 +00:00
Ruslan Bukin
130a08a362 Detect integer overflow and limit the number of positional
arguments in the string format.

Sponsored by:	DARPA, AFRL
Sponsored by:	HEIF5
Differential Revision:	https://reviews.freebsd.org/D8286
2016-10-31 18:38:58 +00:00