Commit Graph

9514 Commits

Author SHA1 Message Date
Mateusz Piotrowski
4073917408 strftime.3: Fix a typo and use St for standards
MFC after:	1 week
2022-02-07 15:14:47 +01:00
Stefan Eßer
9535d9f104 libc: add helper furnction to set sysctl() user.* variables
Testing had revealed that trying to retrieve the user.localbase
variable into to small a buffer would return the correct error code,
but would not fill the available buffer space with a partial result.

A partial result is of no use, but this is still a violation of the
documented behavior, which has been fixed in the previous commit to
this function.

I just checked the code for "user.cs_path" and found that it had the
same issue.

Instead of fixing the logic for each user.* sysctl string variable
individually, this commit adds a helper function set_user_str() that
implements the semantics specified in the sysctl() man page.

It is currently only used for "user.cs_path" and "user.localbase",
but it will offer a significant simplification when further such
variables will be added (as I intend to do).

MFC after:	3 days
2022-02-05 13:33:53 +01:00
Stefan Eßer
e11ad014d1 libc: return partial sysctl() result if buffer is too small
Testing of a new feature revealed that calling sysctl() to retrieve
the value of the user.localbase variable passing too low a buffer size
could leave the result buffer unchanged.

The behavior in the normal case of a sufficiently large buffer was
correct.

All known callers pass a sufficiently large buffer and have thus not
been affected by this issue. If a non-default value had been assigned
to this variable, the result was as documented, too.

Fix the function to fill the buffer with a partial result, if the
passed in buffer size is too low to hold the full result.

MFC after:	3 days
2022-02-04 13:44:20 +01:00
Konstantin Belousov
529575be27 lnumeric.c: replace some space*8 by tabs
Reported by:	brooks
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2022-02-03 20:56:03 +02:00
Konstantin Belousov
ef061a2e29 __ctype_load(): check for calloc() failure
Noted and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:04:00 +02:00
Konstantin Belousov
87151b60e0 __numeric_load(): check for calloc() failure
Noted and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:03:52 +02:00
Konstantin Belousov
1aa669c5f9 libc/locale/lnumeric.c: minor style
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:03:44 +02:00
Konstantin Belousov
4d3b84f67c __monetary_load(): check for calloc() failure
Noted and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:03:35 +02:00
Konstantin Belousov
0fed1e6f18 libc/locale/lmonetary.c: minor style
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:03:29 +02:00
Konstantin Belousov
bc9ce839f9 __messages_load(): check for calloc() failure
Noted and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:03:24 +02:00
Konstantin Belousov
5b7e92d48f libc/locale/lmessages.c: minor style
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:03:17 +02:00
Konstantin Belousov
b8ad908ad9 __collate_load(): check for calloc failure
Noted and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:03:07 +02:00
Konstantin Belousov
a8be061167 libc/locale/collate.c: minor style
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:02:59 +02:00
Konstantin Belousov
7bf532c9d4 xlocale.c: only call init_key() when locale was successfully allocated
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:02:59 +02:00
Konstantin Belousov
b68522308d xlocale.c: check for allocation failure
PR:	261679
Reported by:	phil.stone@gmx.com
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:02:58 +02:00
Konstantin Belousov
fcdf9d7de5 xlocale.c:init_key(): do not ignore errors from pthread_key_create()
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:02:58 +02:00
Konstantin Belousov
aaa6fa65a6 libc/locale/xlocale.c: minor style
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34140
2022-02-03 03:02:58 +02:00
Warner Losh
356deeb2e7 kyua/qemu: When running in qemu, don't teset sendfile
qemu's bsd-user doesn't implement sendfile, so just skip those tests
that use it.

Sponsored by:		Netflix
2022-02-02 14:27:51 -07:00
Konstantin Belousov
72d5dedfa6 stdio: add test for 86a16ada1e: fflush() handling of errors
PR:	76398
Reviewed by:	emaste, markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34044
2022-01-28 01:09:47 +02:00
Kyle Evans
c9afc7680f tests: fix posix_spawnp_enoexec_fallback_null_argv0
This test was written because execvp was found to improperly handle the
argc == 0 case when it falls back from an ENOEXEC.  We could probably
mostly revert it now, but let's just fix the test for the time being and
circle back later to decide if we want to simplify execvp.  The test
will likely remain either way just to make sure execvp isn't working
around the newly enforced restriction with the fallback.

Fixes:	301cb491ea ("execvp: fix up the ENOEXEC fallback")
Reported by:	jenkins via lwhsu@
2022-01-27 11:22:49 -06:00
Andrew Turner
548a2ec49b Add PT_GETREGSET
This adds the PT_GETREGSET and PT_SETREGSET ptrace types. These can be
used to access all the registers from a specified core dump note type.
The NT_PRSTATUS and NT_FPREGSET notes are initially supported. Other
machine-dependant types are expected to be added in the future.

The ptrace addr points to a struct iovec pointing at memory to hold the
registers along with its length. On success the length in the iovec is
updated to tell userspace the actual length the kernel wrote or, if the
base address is NULL, the length the kernel would have written.

Because the data field is an int the arguments are backwards when
compared to the Linux PTRACE_GETREGSET call.

Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19831
2022-01-27 11:40:34 +00:00
Kyle Evans
773fa8cd13 execve: disallow argc == 0
The manpage has contained the following verbiage on the matter for just
under 31 years:

"At least one argument must be present in the array"

Previous to this version, it had been prefaced with the weakening phrase
"By convention."

Carry through and document it the rest of the way.  Allowing argc == 0
has been a source of security issues in the past, and it's hard to
imagine a valid use-case for allowing it.  Toss back EINVAL if we ended
up not copying in any args for *execve().

The manpage change can be considered "Obtained from: OpenBSD"

Reviewed by:	emaste, kib, markj (all previous version)
Differential Revision:	https://reviews.freebsd.org/D34045
2022-01-26 13:40:27 -06:00
Konstantin Belousov
86a16ada1e __sflush(): on write error, if nothing was written, reset FILE state back
otherwise the data is just dropped.  Check for current position equal to
the buffer base at the entry of the function; if not equal, setvbuf()
was done from the write method and it is not our business to override
the decision.

PR:	76398
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D34007
2022-01-25 17:26:05 +02:00
John Baldwin
b943d31594 Include the correct header for pdfork()'s prototype.
Reviewed by:	kib, markj
Obtained from:	CheriBSD
Sponsored by:	The University of Cambridge, Google Inc.
Differential Revision:	https://reviews.freebsd.org/D33988
2022-01-24 09:52:12 -08:00
Ed Maste
6f6fbfa3a8 Remove quotes around Makefile .error/.warn/.info strings
The text after .error et al is emitted verbatim.

Reviewed by:	sjg
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33904
2022-01-22 14:03:07 -05:00
Konstantin Belousov
a393644ecb ptrace(2): document policies affecting access to the facility
Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D33986
2022-01-22 19:36:56 +02:00
Konstantin Belousov
7406ec4ea9 kqueue(2): Add note about format of the data for NOTE_EXIT
Noted by:	Dave Baukus <daveb@spectralogic.com>
PR:	261346
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2022-01-20 00:37:25 +02:00
Ed Maste
2e9bc9d144 libc: correct SPDX tag on strstr.c
It was obtained from musl, and is MIT licensed.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2022-01-16 11:56:28 -05:00
Ed Maste
c6750f07b4 libc: fix misleading comment in strstr
Obtained from:	musl c53e9b239418
2022-01-16 11:52:29 -05:00
Stefan Eßer
10af8e45a8 fread.c: fix undefined behavior
A case of undefined behavior in __fread() has been detected by UBSAN
and reported by Mark Millard:

/usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying
zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior in
/usr/main-src/lib/libc/stdio/fread.c:133:10

While being benign (the NULL pointer is later passed to memcpy() with
a length argument of 0), this issue causes in the order of 600 Kyua
test cases to fail on systems running a world built with WITH_UBSAN
and WITH_ASAN.

The undefined behavior can be prevented by skipping operations that
have no effect for r == 0. Mark Millard has suggested to only skip
this code segment if fp->_p == NULL, but I have verified that for the
case of r == 0 no further argument checking is performed on the
addresses passed to memcpy() and thus no bugs are hidden from the
sanitizers due to the simpler condition chosen.

Reported by:	Mark Millard (marklmi@yahoo.com)
Tested by:	Mark Millard (marklmi@yahoo.com)
Differential Revision:	https://reviews.freebsd.org/D33903
MFC after:	2 weeks
2022-01-16 00:43:56 +01:00
Stefan Eßer
d106f982a5 qsort.c: prevent undefined behavior
Mark Milliard has detected a case of undefined behavior with the LLVM
UBSAN. The mandoc program called qsort with a==NULL and n==0, which is
allowed by the POSIX standard. The qsort() in FreeBSD did not attempt
to perform any accesses using the passed pointer for n==0, but it did
add an offset to the pointer value, which is undefined behavior in
case of a NULL pointer. This operation has no adverse effects on any
achitecture supported by FreeBSD, but could be caught in more strict
environments.

After some discussion in the freebsd-current mail list, it was
concluded that the case of a==NULL and n!=0 should still be caught by
UBSAN (or cause a program abort due to an illegal access) in order to
not hide errors in programs incorrectly invoking qsort().

Only the the case of a==NULL and n==0 should be fixed to not perform
the undefined operation on a NULL pointer.

This commit makes qsort() exit before reaching the point of
potentially undefined behvior for the case n==0, but does not test
the value of a, since the result will not depend on whether this
pointer is NULL or an actual pointer to an array if n==0.

The issue found by Mark Milliard in the whatis command has been
reported to the upstream (OpenBSD) and has already been patched
there.

MFC after:	1 week
2022-01-13 11:09:38 +01:00
Warner Losh
479ef15dfd libc: Teak comment about mips
Remove mips from the list of machines using TLS variant I and reformat
paragraph. No functional change intended.

Sponsored by:		Netflix
2022-01-10 10:15:15 -07:00
Konstantin Belousov
6d06bc688e libc clnt_com_create: relock rpcsoc_lock earlier when port is obtained from portmapper
Otherwise on mapper failure we goto error handler which expect
rpscoc_lock owned, but we do not.

PR:	261051
Reported by:	RyanCai <ryancaicse@gmail.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2022-01-09 07:36:06 +02:00
Konstantin Belousov
d9cacbf4b0 sched_get/setaffinity(): try to be more compatible with Linux
in handling the cpuset sizes different from sizeof(cpuset_t).

For both cases, cpuset size shorter than sizeof(cpuset_t) results
in EINVAL on Linux.

For sched_getaffinity(), be more permissive and accept cpuset size
larger than our cpuset_t, by clipping the syscall argument and zeroing
the rest of the output buffer.  For sched_setaffinity(), we should allow
shorter cpusets than current ABI size, again zeroing the rest of the bits.

With this change, python os.sched_get/setaffinity functions work.

Reported by:	se
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2022-01-03 04:31:40 +02:00
Dmitry Wagin
881059955a libc: Some enhancements to syslog(3)
This is a re-application of commit
2d82b47a5b, which was reverted since it
broke with syslog daemons that don't adjust the /dev/log recv buffer
size.  Now that the default is large enough to accomodate 8KB messages,
restore support for large messages.

PR:		260126
2021-12-31 12:57:01 -05:00
Warner Losh
8ff32ab58e mips: remove libc
Remove mips specific libc code and build infrasturcture.

Sponsored by:		Netflix
2021-12-31 00:14:53 -07:00
Stefan Eßer
e2650af157 Make CPU_SET macros compliant with other implementations
The introduction of <sched.h> improved compatibility with some 3rd
party software, but caused the configure scripts of some ports to
assume that they were run in a GLIBC compatible environment.

Parts of sched.h were made conditional on -D_WITH_CPU_SET_T being
added to ports, but there still were compatibility issues due to
invalid assumptions made in autoconfigure scripts.

The differences between the FreeBSD version of macros like CPU_AND,
CPU_OR, etc. and the GLIBC versions was in the number of arguments:
FreeBSD used a 2-address scheme (one source argument is also used as
the destination of the operation), while GLIBC uses a 3-adderess
scheme (2 source operands and a separately passed destination).

The GLIBC scheme provides a super-set of the functionality of the
FreeBSD macros, since it does not prevent passing the same variable
as source and destination arguments. In code that wanted to preserve
both source arguments, the FreeBSD macros required a temporary copy of
one of the source arguments.

This patch set allows to unconditionally provide functions and macros
expected by 3rd party software written for GLIBC based systems, but
breaks builds of externally maintained sources that use any of the
following macros: CPU_AND, CPU_ANDNOT, CPU_OR, CPU_XOR.

One contributed driver (contrib/ofed/libmlx5) has been patched to
support both the old and the new CPU_OR signatures. If this commit
is merged to -STABLE, the version test will have to be extended to
cover more ranges.

Ports that have added -D_WITH_CPU_SET_T to build on -CURRENT do
no longer require that option.

The FreeBSD version has been bumped to 1400046 to reflect this
incompatible change.

Reviewed by:	kib
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D33451
2021-12-30 12:20:32 +01:00
Alexander Motin
62ed2d0152 libc: Fix build with -DNS_REREAD_CONF.
MFC after:	3 days
2021-12-29 17:01:05 -05:00
Kirk McKusick
1fa68dae46 Clarify the description of the EINTEGRITY error in intro(2).
Requested by: pauamma_gundo.com
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D18765
2021-12-28 16:39:46 -08:00
Ed Maste
5bc2e6e227 getfh: clarify that it is a privileged operation
Reviewed by:	kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33629
2021-12-23 11:54:43 -05:00
Jessica Clarke
0aa8b18bc9 libc: Fix regexec when sizeof(char *) > sizeof(long)
The states macro is the type for engine.c to use, with states1 being a
local macro for regexec to use to determine whether it can use the small
matcher or not (by comparing nstates and 8*sizeof(states1)). However,
macro bodies are expanded in the context of their use, and so when
regexec uses states1 it uses the current value of states, which is left
over as char * from the large version (or, really, the multi-byte one,
but that reuses large's states). For all supported architectures in
FreeBSD, the two have the same size, and so this confusion is harmless.
However, for architectures like CHERI where that is not the case (or
Windows's LLP64 as discovered by LLVM and fixed in 2010 in 2e071faed8e2)
and sizeof(char *) is bigger than sizeof(long) regexec will erroneously
try to use the small matcher when nstates is between sizeof(long) and
sizeof(char *) (i.e. between 64 and 128 on CHERI, or 32 and 64 on LLP64)
and end up overflowing the number of bits in the underlying long if it
ever uses those high states. On weirder architectures where sizeof(long)
is greater than sizeof(char *) this also fixes it to not fall back on
the large matcher prematurely, but such architectures are likely limited
to the embedded space, if they exist at all.

Fix this by swapping round states and states1, so that states1 is
defined directly as being long and states is an alias for it for the
small matcher case.

Found by:	CHERI
2021-12-23 16:38:10 +00:00
Jessica Clarke
6d5297569e libc: Fix "harmless" iconv one-byte overread
Checking there are still bytes left must be done before dereferencing
the pointer, not the other way round. This is harmless on traditional
architectures since the result will immediately be thrown away, and all
callers are in separate translation units so there is no potential for
optimising based on this out-of-bounds read. However, on CHERI, pointers
are bounded, and so this will trap if fed a string that does not have a
NUL within the first len bytes.

Found by:	CHERI
Reviewed by:	brooks
2021-12-21 22:47:38 +00:00
Math Ieu
caacda7a3e sched_get/setaffinity(3): pid 0 should designate current process
while FreeBSD' native sched_get/setaffinity use pid -1 for this.

PR:	260487
MFC after:	1 week
2021-12-17 07:31:09 +02:00
Florian Walpen
a9545eede4 Add idle priority scheduling privilege group to MAC/priority
Add an idletime user group that allows non-root users to run processes
with idle scheduling priority. Privileges are granted by a MAC policy in
the mac_priority module. For this purpose, the kernel privilege
PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change).

Deprecate the system wide sysctl(8) knob
security.bsd.unprivileged_idprio which lets any user run idle priority
processes, regardless of context. While the knob is still working, it is
marked as deprecated in the description and in the man pages.

MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D33338
2021-12-10 04:54:48 +02:00
John Baldwin
ae67737a4c libc: Remove _get_tp() and _set_tp().
Their uses have been replaced by _tcb_get() and _tcb_set() from
<machine/tls.h>.

Reviewed by:	kib, jrtc27
Sponsored by:	The University of Cambridge, Google Inc.
Differential Revision:	https://reviews.freebsd.org/D33354
2021-12-09 13:23:26 -08:00
John Baldwin
8bcdb144eb TLS: Use <machine/tls.h> for libc and rtld.
- Include <machine/tls.h> in MD rtld_machdep.h headers.

- Remove local definitions of TLS_* constants from rtld_machdep.h
  headers and libc using the values from <machine/tls.h> instead.

- Use _tcb_set() instead of inlined versions in MD
  allocate_initial_tls() routines in rtld.  The one exception is amd64
  whose _tcb_set() invokes the amd64_set_fsbase ifunc.  rtld cannot
  use ifuncs, so amd64 inlines the logic to optionally write to fsbase
  directly.

- Use _tcb_set() instead of _set_tp() in libc.

- Use '&_tcb_get()->tcb_dtv' instead of _get_tp() in both rtld and libc.
  This permits removing _get_tp.c from rtld.

- Use TLS_TCB_SIZE and TLS_TCB_ALIGN with allocate_tls() in MD
  allocate_initial_tls() routines in rtld.

Reviewed by:	kib, jrtc27 (earlier version)
Differential Revision:	https://reviews.freebsd.org/D33353
2021-12-09 13:23:05 -08:00
John Baldwin
4c2f5bfbfa libc: Fix the alignment of the TCB to match rtld for several architectures.
- Use 16 byte alignment rather than 8 for aarch64, powerpc64, and RISC-V.

- Use 8 byte alignment rather than 4 for 32-bit arm, mips, and powerpc.

I suspect that mips64 should be using 16 byte alignment, but both libc
and rtld currently use 8 byte alignment.

Reviewed by:	kib, jrtc27
Sponsored by:	The University of Cambridge, Google Inc.
Differential Revision:	https://reviews.freebsd.org/D33350
2021-12-09 13:16:57 -08:00
John Baldwin
9952b82b39 mips _libc_get_static_tls_base: Narrow scope of #ifdef.
Reviewed by:	kib, emaste, jrtc27
Sponsored by:	The University of Cambridge, Google Inc.
Differential Revision:	https://reviews.freebsd.org/D33348
2021-12-09 13:16:34 -08:00
Konstantin Belousov
9f0fea5d03 Document new variant of swapoff(2)
Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D33343
2021-12-09 02:48:53 +02:00
Konstantin Belousov
5346570276 swapoff: add one more variant of the syscall
Requested and reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D33343
2021-12-09 02:48:46 +02:00