Commit Graph

1897 Commits

Author SHA1 Message Date
Ian Lepore
f64342e354 Rework tty_drain() to poll the hardware for completion, and restore
drain timeout handling to historical freebsd behavior.

The primary reason for these changes is the need to have tty_drain() call
ttydevsw_busy() at some reasonable sub-second rate, to poll hardware that
doesn't signal an interrupt when the transmit shift register becomes empty
(which includes virtually all USB serial hardware).  Such hardware hangs
in a ttyout wait, because it never gets an opportunity to trigger a wakeup
from the sleep in tty_drain() by calling ttydisc_getc() again, after
handing the last of the buffered data to the hardware.

While researching the history of changes to tty_drain() I stumbled across
some email describing the historical BSD behavior of tcdrain() and close()
on serial ports, and the ability of comcontrol(1) to control timeout
behavior.  Using that and some advice from Bruce Evans as a guide, I've
put together these changes to implement the hardware polling and restore
the historical timeout behaviors...

 - tty_drain() now calls ttydevsw_busy() in a loop at 10 Hz to accomodate
   hardware that requires polling for busy state.

 - The "new historical" behavior for draining during close(2) is retained:
   the drain timeout is "1 second without making any progress".  When the
   1-second timeout expires, if the count of bytes remaining in the tty
   layer buffer is smaller than last time, the timeout is extended for
   another second.  Unfortunately, the same logic cannot be extended all
   the way down to the hardware, because the interface to that layer is a
   simple busy/not-busy indication.

 - Due to the previous point, an application that needs a guarantee that
   all data has been transmitted must use TIOCDRAIN/tcdrain(3) before
   calling close(2).

 - The historical behavior of honoring the drainwait setting for TIOCDRAIN
   (used by tcdrain(3)) is restored.

 - The historical kern.drainwait sysctl to control the global default
   drainwait time is restored, but is now named kern.tty_drainwait.

 - The historical default drainwait timeout of 300 seconds is restored.

 - Handling of TIOCGDRAINWAIT and TIOCSDRAINWAIT ioctls is restored
   (this also makes the comcontrol(1) drainwait verb work again).

 - Manpages are updated to document these behaviors.

Reviewed by:	bde (prior version)
2017-01-12 00:48:06 +00:00
John Baldwin
34ed0c63c8 Rename the 'flags' argument to getfsstat() to 'mode' and validate it.
This argument is not a bitmask of flags, but only accepts a single value.
Fail with EINVAL if an invalid value is passed to 'flag'.  Rename the
'flags' argument to getmntinfo(3) to 'mode' as well to match.

This is a followup to r308088.

Reviewed by:	kib
MFC after:	1 month
2016-12-27 20:21:11 +00:00
Ed Schouten
8ab00b8fbc Properly sign extend the result of jrand48() and mrand48().
These functions are supposed to return a value between [_2^31, 2^31).
This doesn't seem to work on 64-bit systems, where we return a value
between [0, 3^32). Patch up the function to use proper casts to int32_t.
While there, fix some other style bugs.

MFC after:	2 weeks
2016-12-06 19:08:29 +00:00
Ed Maste
134ede2dd2 remove unnecessary vm includes from setproctitle
vm headers were needed only for the PS_STRINGS fallback, which was
removed in r297888.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2016-11-22 16:00:18 +00:00
Ed Schouten
34168b28e9 Replace basename(3) by a thread-safe implementation.
Now that the changes to the dirname(3) function had some time to settle,
let's go ahead and use the same approach for replacing basename(3) by a
simple implementation that modifies the input string, thereby making it
thread-safe and guaranteed to succeed.

Unlike dirname(3), this function already had a thread-safe variant
basename_r(3). This function had its own set of problems, like having an
upper bound on the pathname length. Keep this function around for
compatibility, but remove most references from the man page. Make the
man page more similar to that of dirname(3).

As the basename_r(3) function is only provided by FreeBSD (and Bionic),
depending on its use is even more implementation defined than assuming
that basename(3) is thread-safe.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D8382
2016-11-03 20:21:34 +00:00
John Baldwin
ab1b41edb5 Fix formatting of tables.
Specifically, use .Ta instead of tabs to separate column entries.  While
here fix a few other things:
- Use .Sy for all column headers (previously only the first column header
  was bold)
- Use .Dv to markup constants used for MIB names.
- Use "1234" and "4321" for the byte order descriptions without
  thousands separators.
- Mark up header files in the first table with .In.

MFC after:	2 weeks
2016-10-28 18:09:08 +00:00
Ed Maste
49a6e1ba32 Add comment on use of abort() in libc
Suggested by:	jonathan (in review D8133)
2016-10-12 13:56:14 +00:00
Konstantin Belousov
6886c70100 Correct indent.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2016-10-11 11:46:02 +00:00
Konstantin Belousov
c3b83049d6 Fill msg_len for the initial element of msgvec.
Submitted by:	Daniel Salzman <daniel.salzman@nic.cz>
MFC after:	3 days
2016-10-11 11:45:12 +00:00
Ed Schouten
1a466ddc79 Remove setkey(), encrypt(), des_setkey() and des_cipher().
The setkey() and encrypt() functions are part of XSI, not the POSIX base
definitions. There is no strict requirement for us to provide these,
especially if we're only going to keep these around as undocumented
stubs. The same holds for des_setkey() and des_cipher().

Instead of providing functions that only generate warnings when linking,
simply disallow linking against them. The impact of this is relatively
low. It only causes two leaf ports to break. I'll see what I can do to
help out to get those fixed.

PR:		211626
2016-10-03 18:20:58 +00:00
Ed Maste
5c1ea1fcd0 libc arc4_stir: use only kern.arandom sysctl
The sysctl cannot fail. If it does fail on some FreeBSD derivative or
after some future change, just abort() so that the problem will be found
and fixed.

It's preferable to provide an arc4random() function that cannot fail and
cannot return poor quality random data. While abort() is not normally
suitable for a library, it makes sense here.

Reviewed by:	ed, jonathan, markm
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D8077
2016-10-03 13:12:44 +00:00
Ed Schouten
fd85bff53e Replace dirname(3) by a copy that complies to POSIX.
It turns out that the path normalization that our brand new copy of
dirname(3) does is actually not allowed by the draft version of the
upcoming version of POSIX. It has to behave identically to the
dirname(1) utility.

This change replaces our new dirname(3) implementation by yet another
version that doesn't implement the path normalization logic; it merely
looks for the end of the directory name and overwrites that with a null
byte.

More details: See note #3370 at http://austingroupbugs.net/view.php?id=1073

PR:		212193
Reviewed by:	emaste, jilles
Differential Revision:	https://reviews.freebsd.org/D7790
2016-09-18 20:47:55 +00:00
Brooks Davis
466522c3ac Initialize lists of signals using C99 designators
Reviewed by:	jilles
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D7601
2016-09-02 00:16:19 +00:00
Jilles Tjoelker
89688ae708 directory(3): Deprecate readdir_r(). Clarify dirent buffers.
In existing implementations including FreeBSD, there is no reason to use
readdir_r() in the common case where potentially multiple threads each list
their own directory. Code using readdir() is simpler.

What's more, lthough readdir_r() can safely be used on FreeBSD because
NAME_MAX is forced to 255, it cannot be used safely on systems where
{NAME_MAX} is not fixed. As a concrete example, FAT/NTFS filenames can be up
to 255 UTF-16 code units long, which can be up to 765 UTF-8 bytes.

Deprecating readdir_r() in POSIX has been proposed in
http://www.austingroupbugs.net/view.php?id=696
and glibc wants to deprecate it as well.

Reviewed by:	ed, wblock
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D7678
2016-08-31 20:38:40 +00:00
Jilles Tjoelker
1221d42990 getvfsbyname(3): Remove [EFAULT] error.
Since r101651 in 2002, getvfsbyname() has written *vfc using userland
memcpy(), so the [EFAULT] error no longer occurs.

MFC after:	1 week
2016-08-30 21:43:57 +00:00
Ed Schouten
cd4dcac89a Improve compatibility of calls to dirname() on constant strings.
As the xinstall(8) utility had to be patched up to work with the POSIXly
correct basename()/dirname() prototypes, we make it pretty hard to build
previous versions of FreeBSD on HEAD. xinstall(8) is part of the
bootstrap tools.

Add some logic to <libgen.h> to automatically detect bad calls to
dirname() based on the type of the argument. If the argument is of type
'const char *', we simply fall back to calling into dirname@FBSD_1.0
directly.

I'll also give basename() similar treatment when importing the
thread-safe version of that function.

Tested by:	bdrewery, madpilot (thanks!)
2016-08-26 20:23:10 +00:00
Brooks Davis
2438d9a0e1 Avoid a redecleartion of __getosreldate().
Sponsored by:	DARPA, AFRL
2016-08-24 00:02:20 +00:00
Kevin Lo
0de6c9d651 - Add the 'restrict' type qualifier to match function prototype.
- Use .Lb libc rather than libpthread.

Reviewed by:	delphij
2016-08-17 07:25:50 +00:00
Ed Schouten
e2f6816100 Reimplement dirname(3) to be thread-safe.
Now that we've updated the prototypes of the basename(3) and dirname(3)
functions to conform to POSIX, let's go ahead and reimplement dirname(3)
in such a way that it's thread-safe, but also guaranteed to succeed. C
libraries like glibc, musl and the one that's part of Solaris already
follow such an approach.

Move the existing implementation to another source file,
freebsd11_dirname.c to keep existing users of the API that pass in a
constant string happy, using symbol versioning.

Put a new version of the function in dirname.c, obtained from CloudABI's
C library. This version scans through the pathname string from left to
right, normalizing it, while discarding the last pathname component.

Reviewed by:	emaste, jilles
Differential Revision:	https://reviews.freebsd.org/D7355
2016-08-12 07:03:58 +00:00
Sergey Kandaurov
18ac59f431 Grammar fixes. 2016-08-04 11:38:53 +00:00
Sergey Kandaurov
eb6a434243 mdoc: The .Fn function. 2016-08-04 11:22:51 +00:00
Andrey A. Chernov
20e37fa8ca Although the code amount is not big, move POSIX error processing into
two sepatate functions to make glob(3) code less obscure and more simple.
There is no needs to make them inline since it is error path which supposed
to not happes often.
2016-08-03 09:09:34 +00:00
Bryan Drewery
a8d890b4fb Add link for getnetgrent_r(3).
MFC after:	3 days
Sponsored by:	EMC / Isilon Storage Division
2016-08-02 23:46:32 +00:00
Ed Schouten
9c24291370 Fix up setgrent(3) to have a POSIX-compliant prototype.
Just like with freelocale(3), I haven't been able to find any piece of
code that actually makes use of this function's return value, both in
base and in ports. The reason for this is that FreeBSD seems to be the
only operating system to have such a prototype. This is why I'm deciding
to not use symbol versioning for this.

It does seem that the pw(8) utility depends on the function's typing and
already had a switch in place to toggle between the FreeBSD and POSIX
variant of this function. Clean this up by always expecting the POSIX
variant.

There is also a single port that has a couple of local declarations of
setgrent(3) that need to be patched up. This is in the process of being
fixed.

PR:		211394 (exp-run)
2016-07-31 08:05:15 +00:00
Andrey A. Chernov
000b8f832a In addition to prev. commit. Since potentially glob2() can return error
without setting errno, restore errno before its call.
2016-07-31 02:28:50 +00:00
Andrey A. Chernov
869eb80c16 Both C99 and POSIX directly prohibits any standard function to set errno
to 0. Breaking this rule in 2001 NetBSD hack was imported which attempts
to workaround very limited glob() return codes amount. Use POSIX-compatible
workaround now with E2BIG which can't comes from other functions used
instead of prohibited 0.
2016-07-31 01:14:06 +00:00
Andrey A. Chernov
15cb786674 Rework r303074 case 4. Don't immediatelly skip directory entries which
cause MAXPATHLEN exceeded. Process them first through gl_errfunc() and
GLOB_ERR.
2016-07-30 03:11:54 +00:00
Andrey A. Chernov
e04d8562b6 Reset errno for readdirfunc() before contunue. 2016-07-30 02:09:11 +00:00
Ed Schouten
329ecc7f94 Mention that basename(3) and dirname(3) will change in the future.
Update the existing manual pages for basename(3) and dirname(3) to
mention that in future versions of FreeBSD, these functions will no
longer use internal buffers for storing the results.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D7356
2016-07-29 16:25:09 +00:00
Ed Schouten
938809f941 Fix up prototypes of basename(3) and dirname(3) to comply to POSIX.
POSIX allows these functions to be implemented in a way that the
resulting string is stored in the input buffer. Though some may find
this annoying, this has the advantage that it makes it possible to
implement this function in a thread-safe way. It also means that they
can be implemented in a way that they work for paths of arbitrary
length, as the output string of these functions is never longer than
max(1, len(input)).

Portable code already needs to be written with this in mind, so in my
opinion it makes very little sense to allow the existing behaviour.
Prevent the base system from falling back to this by switching over to
POSIX prototypes.

I'm not going to bump the __FreeBSD_version for this. The reason is that
it's possible to account for this change in a portable way, without
depending on a specific version of FreeBSD. An exp-run was done some
time ago. As far as I know, all regressions as a result of this have
already been fixed.

I'll give this change some time to settle. In the long run I want to
replace our copies by ones that are thread-safe and don't depend on
PATH_MAX/MAXPATHLEN.
2016-07-28 16:20:27 +00:00
Andrey A. Chernov
a5ab035dd7 1) POSIX defines well when GLOB_NOMATCH or original pattern
(instead) should be returned, so we can't return GLOB_NOMATCH blindly
just because we dislike something in the pattern.

2) Remove extra condition.
2016-07-23 03:49:02 +00:00
Andrey A. Chernov
09264d7448 1) We need the original pattern (in the next round of changes) not only in
case it fully constructed, but for half-constructed too, so have no
other choice to pass original pattern from glob() down to globextend()
instead of attempt to reconstruct I implement previously.

2) Instead of copy&paste the same big enough code, make function for it:
globfinal().
2016-07-23 01:21:58 +00:00
Andrey A. Chernov
bd7a98506c 1) GLOB_BRACE was somewhat broken. First it repeatedly calls glob0() in
globexp1() recursive calls, but glob0() was not supposed to be called
repeatedly in the original code. It finalize results by possible adding
original pattern for no match case, may return GLOB_NOMATCH error and
by sorting all things. Original pattern adding or GLOB_NOMATCH error
can happens each time glob0() called repeatedly, and sorting happens
for one item only, all things are never sorted. Second, f.e. "a{a"
pattern does not match "a{a" file but match "a" file instead
(just one example, there are many). Third, some errors (f.e. for limits
or overflow) can be ignored by GLOB_BRACE code because it forces return (0).
Add non-finalizing flag to glob0() and make globexp0() wrapper around
recursively called globexp1() to finalize things like glob0() does.
Reorganize braces code to work correctly.

2) Don't allow MB_CUR_MAX * strlen overallocation hits GLOB_LIMIT_STRING
(ARG_MAX) limit, use final string length, not malloced space for it.

3) Revive DEBUG-ifdefed section.
2016-07-21 12:53:36 +00:00
Andrey A. Chernov
7455a07a9f In addition to r303074 case 1, search for protected L'/' too in globtilde() 2016-07-20 12:46:21 +00:00
Andrey A. Chernov
aed721ec51 1) Per POSIX (and glibc) GLOB_NOCHECK should return original pattern,
unmodified, if no matches found. But our original code strips all '\'
returning it. Rewrite the code to allow to reconstruct exact the
original pattern with backslashes for this case.

2) Prevent to use truncated pattern if MAXPATHLEN exceeded, return
GLOB_NOMATCH instead.

3) Fix few end loop conditions filling Char arrays with mbrtowc(),
MB_CUR_MAX is unneeded in two places and condition is less by one
in other place.

4) Prevent to use truncated filenames match if MAXPATHLEN exceeded,
skip such directory entries.

5) Don't end *pathend with L'/' in glob3() if limit is reached, this
change will be not visible since error is returned.

6) If error happens in (*readdirfunc)(), do the same GLOB_ABORTED
processing as for g_opendir() as POSIX requires.
2016-07-20 07:30:44 +00:00
Andrey A. Chernov
eef722c337 1) Don't protect \/ and \. even if user say so. They are not special chars
in any case and needed for further processing. For ~ expansion too.

2) Don't terminate *pathend with / when GLOB_LIMIT_STAT is reached, it will
be not visible outside in any case since error is returned.

3) Cosmetic: change if expression to better reflect its semantic.
2016-07-19 00:25:27 +00:00
Andrey A. Chernov
e9c0137235 g_Ctoc() conversion buffers are smaller than needed up to MB_CUR_MAX - 1
since whole conversion needs a room for (len >= MB_CUR_MAX). It is no
difference when MB_CUR_MAX == 1, but for multi-byte locales last few chars
('\0' and before) may need just one byte, and the rest of MB_CUR_MAX - 1
space becomes unavailable in the MAXPATHLEN-sized buffer, which cause
conversion error on near MAXPATHLEN long pathes.

Increase g_Ctoc() conversion buffers to MB_LEN_MAX - 1.
2016-07-18 20:24:13 +00:00
Andrey A. Chernov
d67355c507 Change patch from r303004 case 3. According to POSIX gl_errfunc should be
called first, then GLOB_ERR should be considered.
2016-07-18 19:20:49 +00:00
Andrey A. Chernov
196d61a92b 1) Add all characters from ~ expansion as protected to be not interpreted
as pattern meta chars.

2) GLOB_ERR and gl_errfunc are supposed to work only for real directories
per POSIX, so don't act on missing or plain files, for ENOENT or ENOTDIR
(as TODO in the code suggested).

3) Remove the hack in the manpage describing how to skip ENOENT and ENOTDIR
in gl_errfunc, it is unneeded now.

4) Set errno to ENAMETOOLONG if g_Ctoc() expansion fails in g_opendir(),
as in other places in the code which are wrappers around system functions.
2016-07-18 18:24:31 +00:00
Andrey A. Chernov
f4d4982ea6 1) POSIX defines well when GLOB_ABORTED can be returned (only for directory
open/read errors and with GLOB_ERR and gl_errfunc processing), so we can't
blindly return it on any MAXPATHLEN overflow. Even our manpage disagrees
with such GLOB_ABORTED usage. Use GLOB_NOSPACE for that now with errno is
set to 0 as for limits.

2) Return GLOB_NOSPACE when valid ~ expansion can't happens due to
MAXPATHLEN overflow too.

3) POSIX (and our manpage) says, if GLOB_ERR is set, GLOB_ABORTED should
be returned immediatelly, without using gl_errfunc. Implement it now.
2016-07-18 16:06:21 +00:00
Andrey A. Chernov
1cecacfe73 Reflect pathnames sorting in collation order. 2016-07-17 13:10:57 +00:00
Andrey A. Chernov
7e9488dda3 In g_Ctoc() apply CHAR() macro to *str to strip all flags. It gains nothing
right now, but some architectures theoretically may 64-bit wchar_t and the
code looks more correct.
2016-07-17 11:25:24 +00:00
Andrey A. Chernov
aa3d69a636 1) This file full of direct char <-> wchar_t assignment, not converted, cut
them down. This hack still remains:
 * 2. Illegal byte sequences in filenames are handled by treating them as
 *    single-byte characters with a values of such bytes of the sequence
 *    cast to wchar_t.

2) Reword the comment in the hack above to reflect implementation.

3) Protect signed wchar_t from sign extension when a signed char is assigned
to it in the hack above.

3) Corresponding backward hack in g_Ctoc() was not implemented, so all
pathes with illegal byte sequences are skipped as result, implement it now.

4) globtilde() forget to convert expanded user home dir from multibyte to
wchar.

5) Protect globtilde() from long expansion truncation.

6) Results was not sorted according to collate as POSIX requires.
2016-07-17 09:39:59 +00:00
Andrey A. Chernov
12eae8c8f3 1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.

2) Restore __collate_range_cmp() in __sccl().

3) Collating [a-z] range in regcomp() only for single bytes locales
(we can't do it now for other ones). In previous state only first 256
wchars are considered and all others are just silently dropped from the
range.
2016-07-14 09:07:25 +00:00
Andrey A. Chernov
1daad8f5ad Back out non-collating [a-z] ranges.
Instead of changing whole course to another POSIX-permitted way
for consistency and uniformity I decide to completely ignore missing
regex fucntionality and concentrace on fixing bugs in what we have now,
too many small obstacles instead, counting ports.
2016-07-14 08:18:12 +00:00
Andrey A. Chernov
5a5807dd4c Remove broken support for collation in [a-z] type ranges.
Only first 256 wide chars are considered currently, all other are just
dropped from the range. Proper implementation require reverse tables
database lookup, since objects are really big as max UTF-8 (1114112
code points), so just the same scanning as it was for 256 chars will
slow things down.

POSIX does not require collation for [a-z] type ranges and does not
prohibit it for non-POSIX locales. POSIX require collation for ranges
only for POSIX (or C) locale which is equal to ASCII and binary for
other chars, so we already have it.

No other *BSD implements collation for [a-z] type ranges.

Restore ABI compatibility with unused now __collate_range_cmp() which
is visible from outside (will be removed later).
2016-07-10 03:49:38 +00:00
Jilles Tjoelker
f4aa4c78c7 utimes(2),utime(3): Add deprecation in favour of utimensat(2) and futimens(2).
Setting time by seconds or microseconds may cause unexpected effects
especially if sysctl vfs.timestamp_precision=3 (not default).

Calling the obsolete functions with NULL timestamps is acceptable.
2016-06-09 22:14:58 +00:00
Mark Johnston
714ac00292 Implement an NSS backend for netgroups and add getnetgrent_r(3).
This support appears to have been documented in nsswitch.conf(5) for some
time. The implementation adds two NSS netgroup providers to libc. The
default, compat, provides the behaviour documented in netgroup(5), so this
change does not make any user-visible behaviour changes. A files provider
is also implemented.

innetgr(3) is implemented as an optional NSS method so that providers such
as NIS which are able to implement efficient reverse lookup can do so.
A fallback implementation is used otherwise. getnetgrent_r(3) is added for
convenience and to provide compatibility with glibc and Solaris.

With a small patch to net/nss_ldap, it's possible to specify an ldap
netgroup provider, allowing one to query nisNetgroupTriple entries.

Sponsored by:	EMC / Isilon Storage Division
2016-06-09 01:28:44 +00:00
Mark Johnston
03ad7e450a Fix an infinite loop in setnetgrent(3) with NIS netgroups.
Handle an empty result from yp_match() by returning NULL, which is
consistent with the handling of an empty netgroup in /etc/netgroup.
setnetgrent(3) has no return value, so there is no particular need to
distinguish this case from an error.

PR:		26486
MFC after:	2 weeks
2016-06-09 01:11:48 +00:00
Mark Johnston
7f750d5034 Use a more common spelling for "(char *)0" in the getnetgrent man page.
MFC after:	3 days
2016-06-09 01:05:23 +00:00