understand which code paths aren't possible.
This commit eliminates 117 false positive bug reports of the form
"allocate memory; error out if pointer is NULL; use pointer".
big endian platforms where time_t is 64bits (ie armeb and sparc64), it will
be a problem.
Use a temporary time_t to work around this.
Submitted by: Matthew Luckie <mjl AT luckie DOT org dot nz>
MFC after: 3 days
but \0ddd in a %b argument, with a length restriction of 3 octal digits
in either case. This seems silly, but it needs to be right so it's possible
to write an octal escape followed by an ordinary digit. Solaris printf(1)
and GNU printf(1) also behave this way.
Example: "printf '\0752'" now produces "=2" instead of garbage.
Specifically, build a 32-bit /usr/bin/ldd32 on amd64 which handles 32-bit
objects. Since it is a 32-bit binary, it can fork a child process which
can dlopen() a 32-bit shared library. The current 32-bit support in ldd
can't do this because it does the dlopen() from a 64-bit process. In order
to preserve an intuitive interface for users, the ldd binary automatically
execs /usr/bin/ldd32 for 32-bit objects. The end result is that ldd on
amd64 now transparently handles 32-bit shared libraries in addition to
32-bit binaries.
Submitted by: ps (indirectly)
This article [1] describes the -p flag for make(1):
Write to standard output the complete set of macro definitions and
target descriptions. The output format is unspecified.
We already support a similar flag (-d g1), but unlike -p, it still
executes commands. Our implementation just turns it into -d g1, but also
sets flag `printGraphOnly', which will cause make(1) to skip execution.
[1] http://www.opengroup.org/onlinepubs/009695399/utilities/make.html
Reviewed by: imp
PR: standards/99960
In particular, this fixes the oddity that -dumpl would apply
umask to copied dirs (which are created in the target tree)
but not to "copied" files (which are only linked). After
this change:
$ ls -ld a a/b a/b/c
d--x-w-r-- 3 tim tim 512 Jul 29 20:08 a
drwxr----x 3 tim tim 512 Jul 29 20:09 a/b
dr----x-w- 2 tim tim 512 Jul 29 20:09 a/b/c
$ (echo a; echo a/b; echo a/b/c) | cpio -dumpl o
$ cd o
$ ls -ld a a/b a/b/c
d--x-w-r-- 3 tim tim 512 Jul 29 20:08 a
drwxr----x 3 tim tim 512 Jul 29 20:09 a/b
dr----x-w- 2 tim tim 512 Jul 29 20:09 a/b/c
if we're reducing a rule that has an empty
right hand side and the yacc stackpointer is pointing at the very
end of the allocated stack, we end up accessing the stack out of
bounds by the implicit $$ = $1 action
Obtained from: OpenBSD
where it is used. [1]
Don't leak file descriptors in write_entry_backend if archive_write_header
returns ARCHIVE_FAILED.
Found by: Coverity Prevent [1]
[/] root@ed-exigent>ldd `which httpd`
ldd: /usr/local/sbin/httpd: can't read program header
ldd: /usr/local/sbin/httpd: not a dynamic executable
But...
[/] root@ed-exigent>LD_32_TRACE_LOADED_OBJECTS==1 `which httpd`
libm.so.4 => /lib32//libm.so.4 (0x280c8000)
libaprutil-1.so.2 => /usr/local/lib/libaprutil-1.so.2 (0x280de000)
libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x280f2000)
libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28110000)
libapr-1.so.2 => /usr/local/lib/libapr-1.so.2 (0x281fd000)
libcrypt.so.3 => /lib32//libcrypt.so.3 (0x2821d000)
libpthread.so.2 => not found (0x0)
libc.so.6 => /lib32//libc.so.6 (0x28235000)
libpthread.so.2 => /usr/lib32/libpthread.so.2 (0x2830d000)
Added support in ldd(1) for the LD_32_xxx environment variables if
the architecture of the machine is >32 bits. If we ever go to 128
bit architectures this excercise will have to be repeated but thanks
to earlier commits today it will be relative simple.
PR: bin/124906
Submitted by: edwin
Approved by: bde (mentor)
MFC after: 1 week
the main-loop into a seperate function.
Instead of using hardcoded environment variables, define them in a
lookup table.
For the rest, no functionality changes.
Approved by: bde (mentor)
MFC after: 1 week
semaphores. Specifically, semaphores are now represented as new file
descriptor type that is set to close on exec. This removes the need for
all of the manual process reference counting (and fork, exec, and exit
event handlers) as the normal file descriptor operations handle all of
that for us nicely. It is also suggested as one possible implementation
in the spec and at least one other OS (OS X) uses this approach.
Some bugs that were fixed as a result include:
- References to a named semaphore whose name is removed still work after
the sem_unlink() operation. Prior to this patch, if a semaphore's name
was removed, valid handles from sem_open() would get EINVAL errors from
sem_getvalue(), sem_post(), etc. This fixes that.
- Unnamed semaphores created with sem_init() were not cleaned up when a
process exited or exec'd. They were only cleaned up if the process
did an explicit sem_destroy(). This could result in a leak of semaphore
objects that could never be cleaned up.
- On the other hand, if another process guessed the id (kernel pointer to
'struct ksem' of an unnamed semaphore (created via sem_init)) and had
write access to the semaphore based on UID/GID checks, then that other
process could manipulate the semaphore via sem_destroy(), sem_post(),
sem_wait(), etc.
- As part of the permission check (UID/GID), the umask of the proces
creating the semaphore was not honored. Thus if your umask denied group
read/write access but the explicit mode in the sem_init() call allowed
it, the semaphore would be readable/writable by other users in the
same group, for example. This includes access via the previous bug.
- If the module refused to unload because there were active semaphores,
then it might have deregistered one or more of the semaphore system
calls before it noticed that there was a problem. I'm not sure if
this actually happened as the order that modules are discovered by the
kernel linker depends on how the actual .ko file is linked. One can
make the order deterministic by using a single module with a mod_event
handler that explicitly registers syscalls (and deregisters during
unload after any checks). This also fixes a race where even if the
sem_module unloaded first it would have destroyed locks that the
syscalls might be trying to access if they are still executing when
they are unloaded.
XXX: By the way, deregistering system calls doesn't do any blocking
to drain any threads from the calls.
- Some minor fixes to errno values on error. For example, sem_init()
isn't documented to return ENFILE or EMFILE if we run out of semaphores
the way that sem_open() can. Instead, it should return ENOSPC in that
case.
Other changes:
- Kernel semaphores now use a hash table to manage the namespace of
named semaphores nearly in a similar fashion to the POSIX shared memory
object file descriptors. Kernel semaphores can now also have names
longer than 14 chars (up to MAXPATHLEN) and can include subdirectories
in their pathname.
- The UID/GID permission checks for access to a named semaphore are now
done via vaccess() rather than a home-rolled set of checks.
- Now that kernel semaphores have an associated file object, the various
MAC checks for POSIX semaphores accept both a file credential and an
active credential. There is also a new posixsem_check_stat() since it
is possible to fstat() a semaphore file descriptor.
- A small set of regression tests (using the ksem API directly) is present
in src/tools/regression/posixsem.
Reported by: kris (1)
Tested by: kris
Reviewed by: rwatson (lightly)
MFC after: 1 month
