Commit Graph

20654 Commits

Author SHA1 Message Date
Conrad Meyer
510b01833e random(3): Abstract routines into _r versions on explicit state
The existing APIs simply pass the implicit global state to the _r variants.

No functional change.

Note that these routines are not exported from libc and are not intended to be
exported.  If someone wished to export them from libc (which I would
discourage), they should first be modified to match the inconsistent parameter
type / order of the glibc public interfaces of the same names.

I know Ravi will ask, so: the eventual goal of this series is to replace
rand(3) with the implementation from random(3) (D23290).  However, I'd like to
wait a bit longer on that one to see if more feedback emerges.

Reviewed by:	kevans, markm
Differential Revision:	https://reviews.freebsd.org/D23289
2020-01-24 01:39:29 +00:00
Conrad Meyer
7382fafe45 random(3): Abstract state into a single context object
No functional change.

Reviewed by:	kevans, markm
Differential Revision:	https://reviews.freebsd.org/D23288
2020-01-24 01:32:16 +00:00
Brandon Bergren
0a90eb9f2f [PowerPC] libc backwards compatibility shim for auxv change
As part of the FreeBSD powerpc* flag day (1300070), the auxv numbering was
changed to match every other platform.

See D20799 for more details on that change.

While the kernel and rtld were adapted, libc was not, so old dynamic
binaries broke for reasons other than the ABI change on powerpc64.

Since it's possible to support nearly everything regarding old binaries by
adding compatibility code to libc (as besides rtld, it is the main point
where auxv is digested), we might as well provide compatibility code.

The only unhandled case remaining should be "new format libraries that call
elf_aux_info() which are dynamically linked to by old-format binaries",
which should be quite rare.

Reviewed by:	jhibbits
Sponsored by:	Tag1 Consulting, Inc.
Differential Revision:	https://reviews.freebsd.org/D23096
2020-01-22 02:06:34 +00:00
Kyle Evans
a1fa478b1c posix_spawn: mark error as volatile
In the case of an error, the RFSPAWN'd thread will write back to psa->error
with the correct exit code. Mark this as volatile as the return value is
being actively dorked up for erroneous exits on !x86.

This fixes the following tests, tested on aarch64 (only under qemu, at the
moment):

- posix_spawn/spawn_test:t_spawn_missing
- posix_spawn/spawn_test:t_spawn_nonexec
- posix_spawn/spawn_test:t_spawn_zero

Reported by:	mikael
MFC after:	3 days
2020-01-21 22:02:53 +00:00
Brooks Davis
b02706324a Correct a misleading indent.
This dates to before the beginning of our repo and was found clang 10.

MFC after:	3 days
Sponsored by:	DARPA
2020-01-21 16:31:08 +00:00
Conrad Meyer
825a73c36f random.3: Some minor improvements to wording/clarity 2020-01-20 23:44:10 +00:00
Conrad Meyer
6ee287b9c2 libc: Delete unused rand.c ifdef TEST code 2020-01-20 23:43:47 +00:00
Conrad Meyer
ae39ed868b qsort.3: Bump Dd and note that Annex K is optional 2020-01-20 18:43:10 +00:00
Edward Tomasz Napierala
6507380fb9 Add qsort_r(3) regression test.
MFC after:	2 weeks
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D23206
2020-01-20 11:45:18 +00:00
Edward Tomasz Napierala
0d2fabfc04 Add qsort_s(3). Apart from the constraints, it also makes it easier
to port software written for Linux variant of qsort_r(3).

Reviewed by:	kib, arichardson
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D23174
2020-01-20 11:40:07 +00:00
Kyle Evans
c7a19fd70a libbe: use the new zfs_mount_at()
More background is available in r356876, but this new interface is more
portable across ZFS implementations and cleaner for what libbe is attempting
to achieve anyways.

MFC after:	3 days
2020-01-19 02:48:56 +00:00
Mateusz Guzik
909107075c libc: fix build after r356830
Apparently building with 'cd lib/libc; make all install' is not the same
as buildworld.

Reported by:	Michael Butler
2020-01-17 15:45:39 +00:00
Mateusz Guzik
d3cc535474 vfs: provide F_ISUNIONSTACK as a kludge for libc
Prior to introduction of this op libc's readdir would call fstatfs(2), in
effect unnecessarily copying kilobytes of data just to check fs name and a
mount flag.

Reviewed by:	kib (previous version)
Differential Revision:	https://reviews.freebsd.org/D23162
2020-01-17 14:42:25 +00:00
Mateusz Guzik
360af171b3 libc: assume no union stack if fstatfs fails in readdir
The failure is not really expected, but should it happen it's better to
get some data.

Suggested by:	kib
2020-01-17 14:40:09 +00:00
Leandro Lupori
e16c18650c [PPC64] memcpy/memmove/bcopy optimization
For copies shorter than 512 bytes, the data is copied using plain
ld/std instructions.
For 512 bytes or more, the copy is done in 3 phases:

Phase 1: copy from the src buffer until it's aligned at a 16-byte boundary
Phase 2: copy as many aligned 64-byte blocks from the src buffer as possible
Phase 3: copy the remaining data, if any

In phase 2, this code uses VSX instructions when available. Otherwise,
it uses ldx/stdx.

Submitted by:	Luis Pires <lffpires_ruabrasil.org> (original version)
Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D15118
2020-01-15 20:25:52 +00:00
Leandro Lupori
181e35008c [PPC64] strncpy optimization
Assembly optimization of strncpy for PowerPC64, using double words
instead of bytes to copy strings.

Submitted by:	Leonardo Bianconi <leonardo.bianconi_eldorado.org.br> (original version)
Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D15369
2020-01-15 19:53:03 +00:00
Leandro Lupori
075fb85f09 [PPC64] strcpy optimization
Assembly optimization of strcpy for PowerPC64, using double words
instead of bytes to copy strings.

Submitted by:	Leonardo Bianconi <leonardo.bianconi_eldorado.org.br> (original version)
Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D15368
2020-01-15 19:46:01 +00:00
Kyle Evans
4b50c45172 Revert r353140: Re-add ALLOW_MIPS_SHARED_TEXTREL, sprinkle it around
arichardson has an actual fix for the same issue that this was working
around; given that we don't build with llvm today, go ahead and revert the
workaround in advance.
2020-01-14 17:50:13 +00:00
Cy Schubert
6692aa840c Unbound's config.h is manually maintained, using a ./configure produced
config.h as a guide. In practice contributed software maintains a copy
of config.h within its build directory tree containing its Makefile.
usr.sbin/unbound is the home for its config.h.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D22983
2020-01-13 06:55:31 +00:00
Conrad Meyer
86def3dcd6 getrandom(2): Add Linux GRND_INSECURE API flag
Treat it as a synonym for GRND_NONBLOCK.  The reasoning is this:

We have two choices for handling Linux's GRND_INSECURE API flag.

1. We could ignore it completely (like GRND_RANDOM).  However, this might
produce the surprising result of GRND_INSECURE requests blocking, when the
Linux API does not block.

2. Alternatively, we could treat GRND_INSECURE requests as requests for
GRND_NONBLOCk.  Here, the surprising result for Linux programs is that
invocations with unseeded random(4) will produce EAGAIN, rather than
garbage.

Honoring the flag in the way Linux does seems fraught.  If we actually use
the output of a random(4) implementation prior to seeding, we leak some
entropy (in an information theory and also practical sense) from what will
be the initial seed to attackers (or allow attackers to arbitrary DoS
initial seeding, if we don't leak).  This seems unacceptable -- it defeats
the purpose of blocking on initial seeding.

Secondary to that concern, before seeding we may have arbitrarily little
entropy collected; producing output from zero or a handful of entropy bits
does not seem particularly useful to userspace.

If userspace can accept garbage, insecure, non-random bytes, they can create
their own insecure garbage with srandom(time(NULL)) or similar.  Any program
which would be satisfied with a 3-bit key CTR stream has no need for CSPRNG
bytes.  So asking the kernel to produce such an output from the secure
getrandom(2) API seems inane.

For now, we've elected to emulate GRND_INSECURE as an alternative spelling
of GRND_NONBLOCK (2).  Consider this API not-quite stable for now.  We
guarantee it will never block.  But we will attempt to monitor actual port
uptake of this bizarre API and may revise our plans for the unseeded
behavior (prior stable/13 branching).

Approved by:	csprng(markm), manpages(bcr)
See also:	https://lwn.net/ml/linux-kernel/cover.1577088521.git.luto@kernel.org/
See also:	https://lwn.net/ml/linux-kernel/20200107204400.GH3619@mit.edu/
Differential Revision:	https://reviews.freebsd.org/D23130
2020-01-12 20:47:38 +00:00
Mark Johnston
57e642365b libc: Fix a few bugs in the xlocale collation code.
- Fix checks for mmap() failures. [1]
- Set the "map" and "maplen" fields of struct xlocale_collate so that
  the table destructor actually does something.
- Free an already-mapped collation file before loading a new one into
  the global table.
- Harmonize the prototype and definition of __collate_load_tables_l() by
  adding the "static" qualifier to the latter.

PR:		243195
Reported by:	cem [1]
Reviewed by:	cem, yuripv
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23109
2020-01-09 20:49:26 +00:00
Kyle Evans
2856d85ecb posix_fallocate: push vnop implementation into the fileop layer
This opens the door for other descriptor types to implement
posix_fallocate(2) as needed.

Reviewed by:	kib, bcr (manpages)
Differential Revision:	https://reviews.freebsd.org/D23042
2020-01-08 19:05:32 +00:00
Brandon Bergren
6f5bc35d94 [PowerPC] Fix libllvmminimal build when building from powerpc64 ELFv1.
When bootstrapping on powerpc64 ELFv1, it is necessary to use binutils
ld.bfd from ports for the bootstrap, as this is the only modern linker for
ELFv1 host tools.

As binutils ld.bfd is rather strict in its handling of undefined symbols,
it is necessary to pull in Support/Atomic.cpp to avoid an undefined symbol.

Reviewed by:	dim, emaste
Sponsored by:	Tag1 Consulting, Inc.
Differential Revision:	https://reviews.freebsd.org/D23072
2020-01-07 22:45:02 +00:00
Mark Johnston
accd6aa25e libjail: Handle an error from reallocarray() when trimming the buffer.
There is no API guarantee that realloc() will not fail when the buffer
is shrinking.  Handle it by simply returning the untrimmed buffer.
While this is unlikely to ever happen in practice, it seems worth
handling just to silence static analyzer warnings.

PR:		243106
Submitted by:	Hans Christian Woithe <chwoithe@yahoo.com>
MFC after:	1 week
2020-01-07 21:44:27 +00:00
Mateusz Guzik
630cb9c554 procstat: read lo_name instead of now removed v_tag 2020-01-07 05:33:33 +00:00
Kyle Evans
a33774adb3 Update libssp paths in various Makefile.depend* files
I've been advised that the model that uses these are fairly resilient, but
we do know the proper path to use (or remove, in the case of ^/targets/...),
so go ahead and update them to reflect that.
2020-01-06 18:15:55 +00:00
Kyle Evans
0e4ea7835e libssp: fix FORTIFY_SOURCE stub declarations
The LSB 4.1 that I referenced omitted the varargs, and I failed to catch it.
The __vsnprintf_chk error was from just downright misreading the page. GCC6
caught all of these, but I had only tested GCC4.2.

X-MFC-With:	r356356
2020-01-04 22:05:00 +00:00
Kyle Evans
cd0d51baaa Provide libssp based on libc
For libssp.so, rebuild stack_protector.c with FORTIFY_SOURCE stubs that just
abort built into it.

For libssp_nonshared.a, steal stack_protector_compat.c from
^/lib/libc/secure and massage it to maintain that __stack_chk_fail_local
is a hidden symbol.

libssp is now built unconditionally regardless of {WITH,WITHOUT}_SSP in the
build environment, and the gcclibs version has been disconnected from the
build in favor of this one.

PR:		242950 (exp-run)
Reviewed by:	kib, emaste, pfg, Oliver Pinter (earlier version)
Also discussed with:	kan
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22943
2020-01-04 20:19:25 +00:00
Kyle Evans
a34e99eee6 ssp: knock out some trivial warnings that come up with WARNS=6
A future commit will rebuild this as part of libssp. The exact warnings are
fairly trivially fixed:
- No previous declaration for __stack_chk_guard
- idx is the wrong type, nitems yields a size_t
- Casting away volatile on the tmp_stack_chk_guard directly is a no-no.

Reviewed by:	kib, emaste, pfg, Oliver Pinter (earlier version)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D22943
2020-01-04 20:07:11 +00:00
Jeff Roberson
8b987a7769 Use per-domain keg locks. This provides both a lock and separate space
accounting for each NUMA domain.  Independent keg domain locks are important
with cross-domain frees.  Hashed zones are non-numa and use a single keg
lock to protect the hash table.

Reviewed by:	markj, rlibby
Differential Revision:	https://reviews.freebsd.org/D22829
2020-01-04 03:30:08 +00:00
Kyle Evans
f65136d23a mips !o32: fix csu build
Pointy hat to:	kevans
2020-01-03 20:01:36 +00:00
Kyle Evans
ea7868016d mips: csu: fix compilation w/ LLVM
GCC issues the warning, but with LLVM it is fatal- no matching .cprestore
with .cpload. Reserve some place on the stack and and add the proper
.cprestore to pair it with.

nop added in the !o32 branch to fill out delay slot instruction, just in
case.

Reviewed by:	arichardson
Differential Revision:	https://reviews.freebsd.org/D21697
2020-01-03 19:59:42 +00:00
Kyle Evans
990beb037d capsicum_helpers: split stream cap bits out of caph_limit_stream()
The goal here is to make it so applications can take the rights one would
normally get by calling caph_limit_stream() on a descriptor and build on
them as needed.

The tentatively planned use-case is an application that takes a socket and
hooks it up to std{err,out,in} for a fork()d child. It may be feasible to
apply limitations to such descriptors as long as it's a superset of those
normally applied to stdio.

Reviewed by:	markj, oshobo (prior version; sans manpage addition)
Differential Revision:	https://reviews.freebsd.org/D22993
2020-01-02 23:07:45 +00:00
Kyle Evans
8f5c6c31ae libbe(3): promote dependent clones when destroying an environment
When removing a boot environment iterate over the dependents and process the
snapshots by grabbing any clones. Promote the clones we found and then
remove the target environment.

This fixes the ability to destroy a boot environment when it has been used
to spawn one or more other boot environments.

PR:		242592
Submitted by:	Wes Maag <jwmaag gmail com> (with changes by myself)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D22953
2020-01-02 18:46:33 +00:00
Martin Matuska
79085fd3b9 MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
  Issue #351: Refactor and implement private state logic for write filters
  PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
  PR #1255: zip writer - don't append unused NUL for directories
  PR #1260: Fix sparse file offset overflow on 32-bit systems
  PR #1263: UNICODE filename support for reading lha/lzh format
  Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
  PR #1288: Add the "xattrhdr" option to pax write options
  PR #1295: 7z reader - fix reading archives with digests in PackInfo
  PR #1296: RAR5 reader - verify window size for multivolume archives
  PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
  Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
  OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
  Fix possible off-by-one when dealing with readlink(2)

MFC after:	2 weeks
2019-12-31 00:05:06 +00:00
Alexander Motin
86c06ff886 Remove GEOM_SCHED class and gsched tool.
This code was not actively maintained since it was introduced 10 years ago.
It lacks support for many later GEOM features, such as direct dispatch,
unmapped I/O, stripesize/stripeoffset, resize, etc.  Plus it is the only
remaining use of GEOM nstart/nend request counters, used there to implement
live insertion/removal, questionable by itself.  Plus, as number of people
commented, GEOM is not the best place for I/O scheduler, since it has
limited information about layers both above and below it, required for
efficient scheduling.  Plus with the modern shift to SSDs there is just no
more significant need for this kind of scheduling.

Approved by:	imp, phk, luigi
Relnotes:	yes
2019-12-29 21:16:03 +00:00
Pawel Biernacki
150b9e85b6 sysctlbyname(2): Remove temporary compatibility layer
Remove temporary compatibility layer introduced in r351729. More that 3 months
should be enough for everybody who runs HEAD to upgrade to the new kernel
already.

Reviewed by:	imp, mjg (mentor)
Approved by:	mjg (mentor)
Differential Revision:	https://reviews.freebsd.org/D22958
2019-12-29 17:19:57 +00:00
Mariusz Zaborski
645532a448 gnop: change the "count until fail" option
Change the "count_until_fail" option of gnop, now it enables the failing
rating instead of setting them to 100%.

The original patch introduced the new flag, which sets the fail/rate to 100%
after N requests. In some cases, we don't want to have 100% of failure
probabilities. We want to start failing at some point.
For example, on the early stage, we may like to allow some read/writes requests
before having some requests delayed - when we try to mount the partition,
or when we are trying to import the pool.
Another case may be to check how scrub in ZFS will behave on different stages.

This allows us to cover more cases.
The previous behavior still may be configured.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D22632
2019-12-29 15:47:37 +00:00
Mariusz Zaborski
80e63e0a90 gnop: allow to change the name of created device
Thanks to this option we can create more then one gnop provider from
single provider. This may be useful for temporary labeling some data
on the disk.

Reviewed by:	markj, allanjude, bcr
Differential Revision:	https://reviews.freebsd.org/D22304
2019-12-29 15:40:02 +00:00
Pedro F. Giffuni
ece7a5e984 arm/ffs.S: remove stale comment.
We already use the CLZ instruction.

Discussed with: andrew
2019-12-28 02:11:41 +00:00
Hans Petter Selasky
34b0ca243f Implement new libusb v2.0 API function, libusb20_dev_get_stats().
This function is useful when debugging USB device issues.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2019-12-27 20:35:12 +00:00
Pedro F. Giffuni
afced35c1d msun: drop clause 3 from the Berkeley license.
Per the University California Regents letter, drop the so-called
"advertisement" clause.

Discussed with:	bde, kargl (2017)
Differential Revision:	https://reviews.freebsd.org/D22928
2019-12-27 01:11:26 +00:00
Justin Hibbits
7b6b882fe4 [PowerPC] enable atomic.c in compiler_rt and do not check and forces
lock/lock_free decisions in compiled time

Summary:
Enables atomic.c in compiler_rt and forces clang to not emit a call for runtime
decision about lock/lock_free.  At compiling time, if clang can't decide if
atomic operation can be lock free, it emits calls to external functions  like
`__atomic_is_lock_free`, `__c11_atomic_is_lock_free` and
`__atomic_always_lock_free`, postponing decision to a runtime check.  According
to LLVM code documentation, the mechanism exists due to differences between
x86_64 processors that can't be decided at runtime.

On PowerPC and PowerPCSPE (32 bits), we already know in advance it can't be lock
free, so we force the decision at compile time and avoid having to implement it
in an external library.

This patch was made after 32 bit users testing the PowePC32 bit ISO reported
llvm could not be compiled with in-base llvm due to `__atomic_load8` not
implemented.

Submitted by:	alfredo.junior_eldorado.org.br
Reviewed by:	jhibbits, dim

Differential Revision:	https://reviews.freebsd.org/D22549
2019-12-26 23:06:28 +00:00
Jeff Roberson
376b1ba394 Optimize fast path allocations by storing bucket headers in the per-cpu
cache area.  This allows us to check on bucket space for all per-cpu
buckets with a single cacheline access and fewer branches.

Reviewed by:	markj, rlibby
Differential Revision:	https://reviews.freebsd.org/D22825
2019-12-25 20:50:53 +00:00
Conrad Meyer
f3ea8d846a gpart(8): ms-basic-data is used for exFAT on GPT
Be explicit about it; the first mention of exFAT is for the MBR type 'ntfs',
and the reader must work back from there to the GPT type and infer that a
reference to MBR ntfs type means ms-basic-data is canonical for exFAT.

(It'd also be great if gpart had convenient aliases that did the right
thing for the partition scheme, such as 'ntfs' => ms-basic-data on GPT
schemes or 'exfat' => 'ntfs' in MBR schemes.  The tool is also bad about
providing user-meaningful reasons for EINVAL failures.)
2019-12-24 01:47:08 +00:00
Dimitry Andric
c14a5a8800 Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
9.0.1 final release c1a0a213378a458fbea1a5c77b315c7dce08fd05.

Release notes for llvm, clang, lld and libc++ 9.0.1 will become
available here:

https://releases.llvm.org/9.0.1/docs/ReleaseNotes.html
https://releases.llvm.org/9.0.1/tools/clang/docs/ReleaseNotes.html
https://releases.llvm.org/9.0.1/tools/lld/docs/ReleaseNotes.html
https://releases.llvm.org/9.0.1/projects/libcxx/docs/ReleaseNotes.html

PR:		240629
MFC after:	1 month
2019-12-22 11:50:44 +00:00
Cy Schubert
57e22627f9 MFV r353141 (by phillip):
Update libpcap from 1.9.0 to 1.9.1.

MFC after:	2 weeks
2019-12-21 21:01:03 +00:00
Ryan Libby
47ce20aef1 libdevdctl: g++9 avoid Wdeprecated-copy
g++9 now warns about having defined an assignment operator but using the
default copy constructor, or vice versa.  Avoid the issue in libdevdctl
by just using the default assignment operator too.

Reviewed by:	asomers, dim
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D22887
2019-12-21 02:44:26 +00:00
Simon J. Gerraty
0e47020f7f Avoid unused vars when VE_ECDSA_HASH_AGAIN undefined
Reviewed by:	emaste
MFC after:	1 week
2019-12-20 21:56:28 +00:00
Dimitry Andric
0b57cec536 Move all sources from the llvm project into contrib/llvm-project.
This uses the new layout of the upstream repository, which was recently
migrated to GitHub, and converted into a "monorepo".  That is, most of
the earlier separate sub-projects with their own branches and tags were
consolidated into one top-level directory, and are now branched and
tagged together.

Updating the vendor area to match this layout is next.
2019-12-20 19:53:05 +00:00