7112 Commits

Author SHA1 Message Date
Ed Maste
580b4d185b Renumber clauses to reduce diffs to other versions
NetBSD, OpenBSD, and Android's Bionic number the clauses 1 through 3,
so follow suit to make comparison easier.
2013-06-13 00:19:30 +00:00
Jeremie Le Hen
54f82841d5 Turn libc.so into an ld script rather than a symlink pointing to the
real shared object and libssp_nonshared.a.

This was the last showstopper that prevented from enabling SSP for ports
by default.  portmgr@ performed a buildworld which showed no significant
breakage with this patch.

Details:

On i386 for PIC objects, gcc uses the __stack_chk_fail_local hidden
symbol instead of calling __stack_chk_fail directly [1].  This happen
not only with our gcc-4.2.1 but also with the latest gcc-4.8.  If you
want the very nasty details, see [2].

OTOH the problem doesn't exist on other architectures.  It also doesn't
exist with Clang as the latter will somehow manage to create the
function in the object file at compile time (contrary to only
referencing it through a symbol that will be brought in at link time).

In a perfect world, when an object file is compiled with
-fstack-protector, it will be linked into a binary or a DSO with this
same flag as well, so GCC will add libssp_nonshared.a to the linker
command-line.  Unfortunately, we don't control softwares in ports and we
may have such broken DSO.  This is the whole point of this patch.

You can reproduce the problem on i386 by compiling a source file into an
object file with "-fstack-protector-all -fPIE" and linking it
into a binary without "-fstack-protector".

This ld script automatically proposes libssp_nonshared.a along with the
real libc DSO to the linker.  It is important to understand that the
object file contained in this library will be pulled in the resulting
binary _only if_ the linker notices one of its symbols is needed (i.e.
one of the SSP symbol is missing).

A theorical performance impact could be when compiling, but my testing
showed less than 0.1% of difference.

[1] For 32-bit code gcc saves the PIC register setup by using
    __stack_chk_fail_local hidden function instead of calling
    __stack_chk_fail directly.  See comment line 19460 in:
    src/contrib/gcc/config/i386/i386.c

[2] When compiling a source file to an object file, if you use something
    which is external to the compilation unit, GCC doesn't know yet if
    this symbol will be inside or outside the DSO.  So it expects the
    worst case and routes the symbol through the GOT, which means
    additional space and extra relocation for rtld(1).

    Declaring a symbol has hidden tells GCC to use the optimal route (no
    GOT), but on the other hand this means the symbol has to be provided
    in the same DSO (namely libssp_nonshared.a).

    On i386, GCC actually uses an hidden symbol for SSP in PIC objects
    to save PIC register setup, as said in [1].

PR:		ports/138228
PR:		ports/168010
Reviewed by:	kib, kan
2013-06-12 21:12:05 +00:00
Jilles Tjoelker
42cb36d269 Make recv() and send() cancellation points, as required by POSIX.
Call the recvfrom() and sendto() functions overridden by libthr instead of
the _recvfrom() and _sendto() versions that are not cancellation points.
2013-06-09 14:31:59 +00:00
Joel Dahl
2a82581d9b Minor mdoc fixes. 2013-06-09 07:15:43 +00:00
Jilles Tjoelker
172886a93e sigaction(2): Document various non-POSIX functions as async-signal safe. 2013-06-08 13:45:43 +00:00
Gleb Smirnoff
6160e12c10 Add new system call - aio_mlock(). The name speaks for itself. It allows
to perform the mlock(2) operation, which can consume a lot of time, under
control of aio(4).

Reviewed by:	kib, jilles
Sponsored by:	Nginx, Inc.
2013-06-08 13:27:57 +00:00
Andrew Turner
8e03dd5926 Finish pulling in the NetBSD setjmp/longjmp updates on ARM.
Store/restore the VFP registers in setjmp/longjmp on ARM EABI if VFP is
enabled in the kernel. It checks the hw.floatingpoint sysctl to see if
floating-point is available and uses this to determine if it should store
them. If it does it uses a different magic value so longjmp is able to know
if it should load them.
2013-06-07 22:01:06 +00:00
Andrew Turner
4e75169f43 Include machine/setjmp.h to get the definition of _JB_MAGIC__SETJMP. This
allows us to remove it from the ARM copy of machine/asm.h.
2013-06-07 21:13:28 +00:00
Ed Maste
371df6c6ad Switch to 2-clause license and standard text
Approved by:	bms@
2013-06-06 21:09:27 +00:00
Andrew Turner
d2d3491d5a Remove part of the NetBSD longjmp code that was not ready to be merged. 2013-06-05 07:37:45 +00:00
Andrew Turner
8ed717de58 Start to merge the updated ARM NetBSD setjump/longjmp functions. To begin
with merge the functions but leave out the code to save/load the VFP
registers as that requires other changes to ensure the VFP is enabled
first.

This removes storing the old fpa registers. These were never fully
supported, and the only user of this code I can find have moved to newer
CPUs which use a VFP.
2013-06-04 19:47:26 +00:00
Joel Dahl
580dbd6574 mdoc: convert .Fd to .In, which is much nicer. 2013-06-04 07:37:06 +00:00
Ed Schouten
49111f0092 Add libiconv based versions of *c16*() and *c32*().
I initially thought wchar_t was locale independent, but this seems to be
only the case on Linux. This means that we cannot depend on the *wc*()
routines to implement *c16*() and *c32*(). Instead, use the Citrus
libiconv that is part of libc.

I'll see if there is anything I can do to make the existing functions
somewhat useful in case the system is built without libiconv in the
nearby future. If not, I'll simply remove the broken implementations.

Reviewed by:	jilles, gabor
2013-06-03 17:17:56 +00:00
Ed Maste
acbbd07aca Switch to 2-clause license
Approved by:	bms@
2013-06-03 12:43:09 +00:00
Jilles Tjoelker
4b08438c22 dup(2): Clarify return value, in particular of dup2(). 2013-05-31 22:09:31 +00:00
Jilles Tjoelker
4e3f0e45cf sigaction(2): *at system calls are async-signal safe. 2013-05-31 21:31:38 +00:00
Jilles Tjoelker
f8732c7fc3 sigaction(2): Extend description of async-signal safe functions:
* Improve description when unsafe functions are unsafe.
* Add various safe functions from POSIX.1-2008 and Austin Group issue #692.
2013-05-31 21:25:51 +00:00
Jilles Tjoelker
0bbe34c35d fork(2): Add information about fork() in multi-threaded processes.
There is nothing about pthread_atfork(3) or extensions like calling
malloc(3) in the child process as this may be unreliable or broken.
2013-05-31 20:46:08 +00:00
Jilles Tjoelker
45100a722a fork(2): #include <sys/types.h> is not needed. 2013-05-31 14:48:37 +00:00
Ed Maste
9eafd63574 Remove clause 3 and 4 from TNF licenses
Per the NetBSD Foundation statement
  Third parties are encouraged to change the license on any files which
  have a 4-clause license contributed to the NetBSD Foundation to a
  2-clause license.
2013-05-29 01:54:10 +00:00
Ed Maste
e2e9c35fa4 Remove the advertising clause from the Regents of the University of
California's license, per the letter dated July 22, 1999.
2013-05-28 21:05:06 +00:00
Ed Maste
3fb3b97c4d Renumber clauses to reduce diffs to other versions
NetBSD, OpenBSD, and Android's Bionic number the clauses 1 through 3,
so follow suit to make comparison easier.
2013-05-28 20:57:40 +00:00
Ed Maste
921ca2fd11 Remove the advertising clause from the Regents of the University of
California's license, per the letter dated July 22, 1999.
2013-05-28 20:37:48 +00:00
Konstantin Belousov
55a1911ef2 The getcontext() from the __fillcontextx() call in the
check_deferred_signal() returns twice, since handle_signal() emulates
the return from the normal signal handler by sigreturn(2)ing the
passed context.  Second return is performed on the destroyed stack
frame, because __fillcontextx() has already returned.  This causes
undefined and bad behaviour, usually the victim thread gets SIGSEGV.

Avoid nested frame and the need to return from it by doing direct call
to getcontext() in the check_deferred_signal() and using a new private
libc helper __fillcontextx2() to complement the context with the
extended CPU state if the deferred signal is still present.

The __fillcontextx() is now unused, but is kept to allow older
libthr.so to be used with the new libc.

Mark __fillcontextx() as returning twice [1].

Reported by:	pgj
Pointy hat to:	kib
Discussed with:	dim
Tested by:	pgj, dim
Suggested by:	jilles [1]
MFC after:	1 week
2013-05-28 04:54:16 +00:00
Jilles Tjoelker
24f3b0bcd0 cap_rights_limit(2): CAP_ACCEPT also permits accept4(2). 2013-05-27 21:37:19 +00:00
Marcel Moolenaar
9dfba391d6 Make the malloc(3) family of functions weak and make their non-weak
implementations visible for use by applications. The functions $F that
are now weak symbols are:
	allocm, calloc, dallocm, free, malloc, malloc_usable_size,
	nallocm, posix_memalign, rallocm, realloc, sallocm

The non-weak implementations of $F are exported as __$F.

Submitted by:	stevek@juniper.net
Reviewed by:	jasone@, kib@
Approved by:	jasone@ (jemalloc)
Obtained from:	juniper Networks, Inc
2013-05-25 18:59:11 +00:00
Jilles Tjoelker
0bbacb9c66 sigreturn(2): Remove ancient compatibility warning about 4.2BSD.
The HISTORY subsection still says that sigreturn() was added in 4.3BSD.
2013-05-25 13:59:40 +00:00
Ed Schouten
a6f45121b5 Make some tiny improvements to iconv_open().
- Remove an unneeded variable.
- Fix whitespace bugs.
- Fix typoes in comment.
- Improve string handling a bit. Don't handroll strstr() and don't
  terminate a strdup()'ed string. Instead, simply strndup() the part we
  need.
2013-05-25 12:13:54 +00:00
Ed Schouten
907b803190 Only call free() on something we allocated.
If we were already provided a struct _citrus_iconv (e.g. through
iconv_open_into()), we should not call free() in case io_init_context()
fails. Instead, call it on the pointer of the allocated object, which
will be NULL in case of iconv_open_into().
2013-05-25 12:11:20 +00:00
Ed Schouten
b94c7c3e21 Let iconv build on -HEAD properly.
- Add NO_WMISSING_VARIABLE_DECLARATIONS where we use Yacc/Lex.
- Add variable declarations where possible.
- Add missing static keyword.
2013-05-23 18:07:01 +00:00
Ed Schouten
8ed7462feb Update manpages for r250887.
Remove the lists of unneeded header files.

Requested by:	eadler
2013-05-21 21:39:18 +00:00
Ed Schouten
50c77c6e8b Add <uchar.h>.
The <uchar.h> header, part of C11, adds a small number of utility
functions for 16/32-bit "universal" characters, which may or may not be
UTF-16/32. As our wchar_t is already ISO 10646, simply add light-weight
wrappers around wcrtomb() and mbrtowc().

While there, also add (non-yet-standard) _l functions, similar to the
ones we already have for the other locale-dependent functions.

Reviewed by:	theraven
2013-05-21 19:59:37 +00:00
Julian Elischer
956e8eee53 Update the setfib man page to reflect recent changes. 2013-05-20 20:47:40 +00:00
Jilles Tjoelker
e9dec7758d popen(): Add 'e' mode character to set close-on-exec on the new fd.
If 'e' is used, the kernel must support the recently added pipe2() system
call.

The use of pipe2() with O_CLOEXEC also fixes race conditions between
concurrent popen() calls from different threads, even if the close-on-exec
flag on the fd of the returned FILE is later cleared (because popen() closes
all file descriptors from earlier popen() calls in the child process).
Therefore, this approach should be used in all cases when pipe2() can be
assumed present.

The old version of popen() rejects "re" and "we" but treats "r+e" like "r+".
2013-05-20 17:31:18 +00:00
Hiren Panchasara
3627fbff6c Fix a typo: It should be "strtoll" and not "stroll".
PR:	178642
Reported by:	Michael Galassi (michaelgalassi@gmail.com)
Approved by:	sbruno (mentor)
MFC after:	1 week
2013-05-14 20:25:07 +00:00
Eitan Adler
a164074fc4 Fix several typos
PR:		kern/176054
Submitted by:	Christoph Mallon <christoph.mallon@gmx.de>
MFC after:	3 days
2013-05-12 16:43:26 +00:00
Sergey Kandaurov
b6dd17329c Typo. 2013-05-12 05:54:58 +00:00
Jilles Tjoelker
38cf77de66 posix_spawn_file_actions_adddup2(3): Document difference with dup2().
The ability to clear a file descriptor's close-on-exec flag via
posix_spawn_file_actions_adddup2() is in fact proposed in Austin Group issue
#411.

MFC after:	1 week
2013-05-09 21:29:13 +00:00
Jilles Tjoelker
39e499a8d2 posix_spawn_file_actions_addopen(3): Correct error for bad file descriptor.
As per POSIX.1-2008, posix_spawn_file_actions_add* return [EBADF] if a file
descriptor is negative, not [EINVAL]. The bug was only in the manual page;
the code is correct.

MFC after:	1 week
2013-05-09 16:42:01 +00:00
Jilles Tjoelker
ae4c676c55 wordexp(): Simplify code by deferring work to sh. 2013-05-09 11:43:45 +00:00
Sergey Kandaurov
e0906c9a0d POSIX 1003.1-2008: add ENOTRECOVERABLE, EOWNERDEAD errnos. 2013-05-04 19:07:22 +00:00
Sergey Kandaurov
424b842a5d Document that the return type is different from 1003.1-2008.
MFC after:	1 week
2013-05-04 17:21:44 +00:00
Sergey Kandaurov
4f79ce7b4c mdoc: missing comma in .Dd macro. 2013-05-04 17:06:47 +00:00
Sergey Kandaurov
c951cd462f Add entry for errno ECAPMODE.
MFC after:	3 days
2013-05-04 12:57:21 +00:00
Jung-uk Kim
a7880d59c9 Improve compatibility with recent flex from flex.sourceforge.net. 2013-05-03 23:51:32 +00:00
Sergey Kandaurov
67ff590b9e Also, add a missing period. 2013-05-03 13:27:13 +00:00
Sergey Kandaurov
cc7a693fa7 Remove an extra comma. 2013-05-03 12:45:45 +00:00
Sergey Kandaurov
88bbbe88d7 Remove the STANDARDS section.
querylocale is not part of IEEE Std 1003.1-2008.

MFC after:	3 days
2013-05-03 12:42:43 +00:00
Jilles Tjoelker
ed5987bd08 accept(2), pipe(2): Fix .Dd. 2013-05-01 22:47:47 +00:00
Jilles Tjoelker
dc570d5e56 Add pipe2() system call.
The pipe2() function is similar to pipe() but allows setting FD_CLOEXEC and
O_NONBLOCK (on both sides) as part of the function.

If p points to two writable ints, pipe2(p, 0) is equivalent to pipe(p).

If the pointer is not valid, behaviour differs: pipe2() writes into the
array from the kernel like socketpair() does, while pipe() writes into the
array from an architecture-specific assembler wrapper.

Reviewed by:	kan, kib
2013-05-01 22:42:42 +00:00