Commit Graph

7341 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
6f62d278e8 - Add manual pages for capability rights (rights(4)), cap_rights_init(3)
family of functions and cap_rights_get(3) function.
- Update remaining Capsicum-related manual pages.

Reviewed by:	bdrewery
MFC after:	3 days
2013-11-04 14:10:22 +00:00
Jilles Tjoelker
1947c8a6d1 kqueue: Change error for kqueues rlimit from EMFILE to ENOMEM and document
this error condition in the kqueue(2) manual page.

Discussed with:	kib
2013-11-03 23:06:24 +00:00
Peter Wemm
912ce912e1 Remove the WITH_LIBICONV_COMPAT hack that seems to do more harm than
good.  This caused libc to spoof the ports libiconv namespace and
provide a colliding libiconv.so.3 to fool rtld.  This should have
been removed some time ago.
2013-11-03 19:04:57 +00:00
Konstantin Belousov
85a0ddfd0b Add a resource limit for the total number of kqueues available to the
user.  Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.

Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process.  Limit
allows administrator to prevent the abuse.

This is kernel-mode side of the change, with the user-mode enabling
commit following.

Reported and tested by:	pho
Discussed with:	jmg
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2013-10-21 16:46:12 +00:00
Xin LI
5e9a119cd6 Drop cm_lock before calling mapper_close, which in turn could call
_citrus_mapper_close again and result in a deadlock otherwise.

This is similar to NetBSD PR/24023 (fixed in their r1.5 of this file).

PR:		bin/182994
Submitted by:	Fabian Keil <fk fabiankeil de>
MFC after:	3 days
2013-10-21 07:58:37 +00:00
Jilles Tjoelker
0b89df4a57 syslog: Use SOCK_CLOEXEC instead of separate fcntl() call. 2013-10-20 21:04:44 +00:00
Jilles Tjoelker
02804449a2 popen(): Try to prevent inappropriate fd passing even if 'e' is not used.
Even though not all race conditions can be fixed if the 'e' option is not
used, still fix some race conditions using pipe2():

* Prevent both ends of the pipe from leaking to a concurrent popen().

* Prevent the child process's end of the pipe from leaking to any concurrent
  fork and exec.

This change also simplifies the code.
2013-10-20 20:50:17 +00:00
Gleb Smirnoff
a173916590 Make getutxent(3) more robust against bad utx.log files. Whenever we read
zeroes, don't stop processing the file, but read until its end or valid
data.

In collaboration with:	ed
2013-10-15 13:32:01 +00:00
Jilles Tjoelker
0f49c96cfc accept(2): Update portability note for accept4().
The accept(2) man page warns that O_NONBLOCK and other properties on the
new socket may vary across implementations. However, this issue only
applies to accept() and not to accept4(). On the other hand, accept4()
is not commonly available yet.

Reported by:	pluknet
Reviewed by:	bjk
Approved by:	re (kib)
2013-10-01 21:17:18 +00:00
Joel Dahl
828378a6d3 Minor mdoc improvements.
Approved by:	re (blanket)
2013-09-19 19:43:38 +00:00
John Baldwin
55648840de Extend the support for exempting processes from being killed when swap is
exhausted.
- Add a new protect(1) command that can be used to set or revoke protection
  from arbitrary processes.  Similar to ktrace it can apply a change to all
  existing descendants of a process as well as future descendants.
- Add a new procctl(2) system call that provides a generic interface for
  control operations on processes (as opposed to the debugger-specific
  operations provided by ptrace(2)).  procctl(2) uses a combination of
  idtype_t and an id to identify the set of processes on which to operate
  similar to wait6().
- Add a PROC_SPROTECT control operation to manage the protection status
  of a set of processes.  MADV_PROTECT still works for backwards
  compatability.
- Add a p_flag2 to struct proc (and a corresponding ki_flag2 to kinfo_proc)
  the first bit of which is used to track if P_PROTECT should be inherited
  by new child processes.

Reviewed by:	kib, jilles (earlier version)
Approved by:	re (delphij)
MFC after:	1 month
2013-09-19 18:53:42 +00:00
Michael Tuexen
10e6d832d5 Remove an unused variable and fix a memory leak in sctp_connectx().
Approved by:	re (gjb)
MFC after:	3 days
2013-09-19 06:19:24 +00:00
Bryan Drewery
c36029e6dc Consistently reference file descriptors as "fd". 55 other manpages
used "fd", while these used "d" and "filedes".

MFC after:	1 week
Approved by:	gjb
Approved by:	re (delphij)
2013-09-12 00:53:38 +00:00
John Baldwin
edb572a38c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use
an address in the first 2GB of the process's address space.  This flag should
have the same semantics as the same flag on Linux.

To facilitate this, add a new parameter to vm_map_find() that specifies an
optional maximum virtual address.  While here, fix several callers of
vm_map_find() to use a VMFS_* constant for the findspace argument instead of
TRUE and FALSE.

Reviewed by:	alc
Approved by:	re (kib)
2013-09-09 18:11:59 +00:00
Andrew Turner
0a10f22a30 On ARM EABI double precision floating point values are stored in the
endian the CPU is in, i.e. little-endian on most ARM cores.

This allows ARMv4 and ARMv5 boards to boot with the ARM EABI.
2013-09-07 14:04:10 +00:00
Jilles Tjoelker
550ac4a8e8 wait(2): Add some possible caveats to standards section. 2013-09-07 11:41:52 +00:00
Jilles Tjoelker
d4c612c3b8 libc: Make resolver sockets close-on-exec (SOCK_CLOEXEC).
Although the resolver's sockets are exposed to applications via res_state,
I do not expect them to pass the sockets across execve().
2013-09-06 23:49:54 +00:00
Jilles Tjoelker
7253197882 libc: Use SOCK_CLOEXEC for various internal file descriptors.
This change avoids undesirably passing some internal file descriptors to a
process created (fork+exec) by another thread.

Kernel support for SOCK_CLOEXEC was added in r248534, March 19, 2013.
2013-09-06 21:02:06 +00:00
Jilles Tjoelker
ef70de180c libc/stdio: Allow fopen/freopen modes in any order (except initial r/w/a).
Austin Group issue #411 requires 'e' to be accepted before and after 'x',
and encourages accepting the characters in any order, except the initial
'r', 'w' or 'a'.

Given that glibc accepts the characters after r/w/a in any order and that
diagnosing this problem may be hard, change our libc to behave that way as
well.
2013-09-06 13:47:16 +00:00
David Chisnall
b49c0d5878 Fix the namespace pollution caused by iconv.h including stdbool.h
This broke any C89 ports that defined bool themselves, including things
like gcc, gtk, and so on.
2013-09-06 09:46:44 +00:00
Jilles Tjoelker
75b1cda430 Update some signal man pages for multithreading. 2013-09-06 09:08:40 +00:00
Pawel Jakub Dawidek
7008be5bd7 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
Robert Watson
c03da59ae8 Document SIGLIBRT in signal(3); take a stab at the signal description as
the original committer didn't provide one.

MFC after:	3 days
2013-09-03 08:19:06 +00:00
Jilles Tjoelker
865ca149dc system(): Restore behaviour for SIGINT and SIGQUIT.
As mentioned in r16117 and the book "Advanced Programming in the Unix
Environment" by W. Richard Stevens, we should ignore SIGINT and SIGQUIT
before forking, since it is not guaranteed that the parent process starts
running soon enough.

To avoid calling sigaction() in the vforked child, instead block SIGINT and
SIGQUIT before vfork() and keep the sigaction() to ignore after vfork(). The
FreeBSD kernel discards ignored signals, even if they are blocked;
therefore, it is not necessary to unblock SIGINT and SIGQUIT earlier.
2013-09-01 19:59:54 +00:00
Jilles Tjoelker
e73151eb82 libc: Always use our own copy of sys_errlist and sys_nerr (.so only).
This ensures strerror() and friends continue to work correctly even if a
(non-PIE) executable linked against an older libc imports sys_errlist (which
causes sys_errlist to refer to the executable's copy with a size fixed when
that executable was linked).

The executable's use of sys_errlist remains broken because it uses the
current value of sys_nerr and may access past the bounds of the array.

Different from the message "Using sys_errlist from executables is not
ABI-stable" on freebsd-arch, this change does not affect the static library.
There seems no reason to prevent overriding the error messages in the static
library.
2013-08-31 22:32:42 +00:00
Robert Watson
7b223d2286 Xref capsicum(4) and procdesc(4) from pdfork(2).
Suggested by:	sbruno
MFC after:	3 days
2013-08-28 20:00:25 +00:00
Jilles Tjoelker
f6d7148dc3 wordexp(): Avoid leaking the pipe file descriptors to a parallel fork/exec.
This uses the new pipe2() system call added on May 1 (r250159).
2013-08-27 21:47:01 +00:00
Jilles Tjoelker
442542b86c libc: Access some unexported variables more efficiently (related to stdio). 2013-08-23 14:23:54 +00:00
Jilles Tjoelker
a93705b06e libc: Make various internal file descriptors from fopen() close-on-exec. 2013-08-23 13:59:47 +00:00
Joel Dahl
4d5c7c633b Remove EOL whitespace. 2013-08-22 16:02:20 +00:00
Kenneth D. Merry
7da1a731c6 Expand the use of stat(2) flags to allow storing some Windows/DOS
and CIFS file attributes as BSD stat(2) flags.

This work is intended to be compatible with ZFS, the Solaris CIFS
server's interaction with ZFS, somewhat compatible with MacOS X,
and of course compatible with Windows.

The Windows attributes that are implemented were chosen based on
the attributes that ZFS already supports.

The summary of the flags is as follows:

UF_SYSTEM:	Command line name: "system" or "usystem"
		ZFS name: XAT_SYSTEM, ZFS_SYSTEM
		Windows: FILE_ATTRIBUTE_SYSTEM

		This flag means that the file is used by the
		operating system.  FreeBSD does not enforce any
		special handling when this flag is set.

UF_SPARSE:	Command line name: "sparse" or "usparse"
		ZFS name: XAT_SPARSE, ZFS_SPARSE
		Windows: FILE_ATTRIBUTE_SPARSE_FILE

		This flag means that the file is sparse.  Although
		ZFS may modify this in some situations, there is
		not generally any special handling for this flag.

UF_OFFLINE:	Command line name: "offline" or "uoffline"
		ZFS name: XAT_OFFLINE, ZFS_OFFLINE
		Windows: FILE_ATTRIBUTE_OFFLINE

		This flag means that the file has been moved to
		offline storage.  FreeBSD does not have any special
		handling for this flag.

UF_REPARSE:	Command line name: "reparse" or "ureparse"
		ZFS name: XAT_REPARSE, ZFS_REPARSE
		Windows: FILE_ATTRIBUTE_REPARSE_POINT

		This flag means that the file is a Windows reparse
		point.  ZFS has special handling code for reparse
		points, but we don't currently have the other
		supporting infrastructure for them.

UF_HIDDEN:	Command line name: "hidden" or "uhidden"
		ZFS name: XAT_HIDDEN, ZFS_HIDDEN
		Windows: FILE_ATTRIBUTE_HIDDEN

		This flag means that the file may be excluded from
		a directory listing if the application honors it.
		FreeBSD has no special handling for this flag.

		The name and bit definition for UF_HIDDEN are
		identical to the definition in MacOS X.

UF_READONLY:	Command line name: "urdonly", "rdonly", "readonly"
		ZFS name: XAT_READONLY, ZFS_READONLY
		Windows: FILE_ATTRIBUTE_READONLY

		This flag means that the file may not written or
		appended, but its attributes may be changed.

		ZFS currently enforces this flag, but Illumos
		developers have discussed disabling enforcement.

		The behavior of this flag is different than MacOS X.
		MacOS X uses UF_IMMUTABLE to represent the DOS
		readonly permission, but that flag has a stronger
		meaning than the semantics of DOS readonly permissions.

UF_ARCHIVE:	Command line name: "uarch", "uarchive"
		ZFS_NAME: XAT_ARCHIVE, ZFS_ARCHIVE
		Windows name: FILE_ATTRIBUTE_ARCHIVE

		The UF_ARCHIVED flag means that the file has changed and
		needs to be archived.  The meaning is same as
		the Windows FILE_ATTRIBUTE_ARCHIVE attribute, and
		the ZFS XAT_ARCHIVE and ZFS_ARCHIVE attribute.

		msdosfs and ZFS have special handling for this flag.
		i.e. they will set it when the file changes.

sys/param.h:		Bump __FreeBSD_version to 1000047 for the
			addition of new stat(2) flags.

chflags.1:		Document the new command line flag names
			(e.g. "system", "hidden") available to the
			user.

ls.1:			Reference chflags(1) for a list of file flags
			and their meanings.

strtofflags.c:		Implement the mapping between the new
			command line flag names and new stat(2)
			flags.

chflags.2:		Document all of the new stat(2) flags, and
			explain the intended behavior in a little
			more detail.  Explain how they map to
			Windows file attributes.

			Different filesystems behave differently
			with respect to flags, so warn the
			application developer to take care when
			using them.

zfs_vnops.c:		Add support for getting and setting the
			UF_ARCHIVE, UF_READONLY, UF_SYSTEM, UF_HIDDEN,
			UF_REPARSE, UF_OFFLINE, and UF_SPARSE flags.

			All of these flags are implemented using
			attributes that ZFS already supports, so
			the on-disk format has not changed.

			ZFS currently doesn't allow setting the
			UF_REPARSE flag, and we don't really have
			the other infrastructure to support reparse
			points.

msdosfs_denode.c,
msdosfs_vnops.c:	Add support for getting and setting
			UF_HIDDEN, UF_SYSTEM and UF_READONLY
			in MSDOSFS.

			It supported SF_ARCHIVED, but this has been
			changed to be UF_ARCHIVE, which has the same
			semantics as the DOS archive attribute instead
			of inverse semantics like SF_ARCHIVED.

			After discussion with Bruce Evans, change
			several things in the msdosfs behavior:

			Use UF_READONLY to indicate whether a file
			is writeable instead of file permissions, but
			don't actually enforce it.

			Refuse to change attributes on the root
			directory, because it is special in FAT
			filesystems, but allow most other attribute
			changes on directories.

			Don't set the archive attribute on a directory
			when its modification time is updated.
			Windows and DOS don't set the archive attribute
			in that scenario, so we are now bug-for-bug
			compatible.

smbfs_node.c,
smbfs_vnops.c:		Add support for UF_HIDDEN, UF_SYSTEM,
			UF_READONLY and UF_ARCHIVE in SMBFS.

			This is similar to changes that Apple has
			made in their version of SMBFS (as of
			smb-583.8, posted on opensource.apple.com),
			but not quite the same.

			We map SMB_FA_READONLY to UF_READONLY,
			because UF_READONLY is intended to match
			the semantics of the DOS readonly flag.
			The MacOS X code maps both UF_IMMUTABLE
			and SF_IMMUTABLE to SMB_FA_READONLY, but
			the immutable flags have stronger meaning
			than the DOS readonly bit.

stat.h:			Add definitions for UF_SYSTEM, UF_SPARSE,
			UF_OFFLINE, UF_REPARSE, UF_ARCHIVE, UF_READONLY
			and UF_HIDDEN.

			The definition of UF_HIDDEN is the same as
			the MacOS X definition.

			Add commented-out definitions of
			UF_COMPRESSED and UF_TRACKED.  They are
			defined in MacOS X (as of 10.8.2), but we
			do not implement them (yet).

ufs_vnops.c:		Add support for getting and setting
			UF_ARCHIVE, UF_HIDDEN, UF_OFFLINE, UF_READONLY,
			UF_REPARSE, UF_SPARSE, and UF_SYSTEM in UFS.
			Alphabetize the flags that are supported.

			These new flags are only stored, UFS does
			not take any action if the flag is set.

Sponsored by:	Spectra Logic
Reviewed by:	bde (earlier version)
2013-08-21 23:04:48 +00:00
Pawel Jakub Dawidek
50079a51bb Implement fdclosedir(3) function, which is equivalent to the closedir(3)
function, but returns directory file descriptor instead of closing it.

Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by:	Google Summer of Code 2013
2013-08-18 20:11:34 +00:00
Pawel Jakub Dawidek
a8717658d3 Remove redundant space. 2013-08-18 20:06:35 +00:00
Jilles Tjoelker
7b22b8da2f dup3(3): Replace copyright notice.
Although I copied dup(2) to create dup3(3), I removed almost all the
non-boilerplate, so dup3(3) is copyright me.

Reported by:	bjk
2013-08-18 13:25:18 +00:00
Pawel Jakub Dawidek
0237ec97ff Consistently use 'af' as an argument name for address family.
Now both gethostbyname2(3) and gethostbyaddr(3) use the same argument name.
The same argument name is also used in implementations of those functions.
2013-08-18 10:38:59 +00:00
Pawel Jakub Dawidek
c65779d460 Make example more correct (errstr is a pointer, not boolean). 2013-08-18 10:33:46 +00:00
Jilles Tjoelker
0f3a4d8051 libc: Access _logname_valid more efficiently.
The variable _logname_valid is not exported via the version script;
therefore, change C and i386/amd64 assembler code to remove indirection
(which allowed interposition). This makes the code slightly smaller and
faster.

Also, remove #define PIC_GOT from i386/amd64 in !PIC mode. Without PIC,
there is no place containing the address of each variable, so there is no
possible definition for PIC_GOT.
2013-08-17 19:24:58 +00:00
Pawel Jakub Dawidek
fe0670cfb3 Correct function name and return value. 2013-08-17 14:55:31 +00:00
John Baldwin
5aa60b6f21 Add new mmap(2) flags to permit applications to request specific virtual
address alignment of mappings.
- MAP_ALIGNED(n) requests a mapping aligned on a boundary of (1 << n).
  Requests for n >= number of bits in a pointer or less than the size of
  a page fail with EINVAL.  This matches the API provided by NetBSD.
- MAP_ALIGNED_SUPER is a special case of MAP_ALIGNED.  It can be used
  to optimize the chances of using large pages.  By default it will align
  the mapping on a large page boundary (the system is free to choose any
  large page size to align to that seems best for the mapping request).
  However, if the object being mapped is already using large pages, then
  it will align the virtual mapping to match the existing large pages in
  the object instead.
- Internally, VMFS_ALIGNED_SPACE is now renamed to VMFS_SUPER_SPACE, and
  VMFS_ALIGNED_SPACE(n) is repurposed for specifying a specific alignment.
  MAP_ALIGNED(n) maps to using VMFS_ALIGNED_SPACE(n), while
  MAP_ALIGNED_SUPER maps to VMFS_SUPER_SPACE.
- mmap() of a device object now uses VMFS_OPTIMAL_SPACE rather than
  explicitly using VMFS_SUPER_SPACE.  All device objects are forced to
  use a specific color on creation, so VMFS_OPTIMAL_SPACE is effectively
  equivalent.

Reviewed by:	alc
MFC after:	1 month
2013-08-16 21:13:55 +00:00
Jilles Tjoelker
fdafa7840f pselect(2): Add xref to sigsuspend(2). 2013-08-16 14:06:29 +00:00
Jilles Tjoelker
5219e2caba Add man page dup3(3). 2013-08-16 13:16:27 +00:00
Jilles Tjoelker
67560dcfb5 Add dup3(), based on F_DUP2FD and F_DUP2FD_CLOEXEC fcntls.
I removed functionality not proposed for POSIX in Austin group issue #411.
A man page (my own) and test cases will follow in later commits.

PR:		176233
Submitted by:	Jukka Ukkonen
2013-08-16 13:10:30 +00:00
Jilles Tjoelker
f57087b21c sigsuspend(2): Add xrefs to pselect(2) and sigwait-alikes. 2013-08-15 22:33:27 +00:00
Jilles Tjoelker
88d961f32e libc: Use O_CLOEXEC when writing gmon files (cc -pg). 2013-08-13 21:45:48 +00:00
Peter Wemm
7d1ffcb72a vfork(2) was listed as deprecated in 1994 (r1573) and was the false
reports of its impending demise were removed in 2009 (r199257).

However, in 1996 (r16117) system(3) was switched from vfork(2) to
fork(2) based partly on this.  Switch back to vfork(2).  This has a
dramatic effect in cases of extreme mmap use - such as excessive
abuse (500+) of shared libraries.

popen(3) has used vfork(2) for a while.  vfork(2) isn't going anywhere.
2013-08-13 20:38:55 +00:00
Jilles Tjoelker
89521d4108 db: Use O_CLOEXEC instead of separate fcntl() call. 2013-08-13 19:20:50 +00:00
Peter Wemm
60c412bb16 Expose _citrus_bcs_trunc_rws_len for libintl's use.
Submitted by:	Jan Beich <jbeich@tormail.org>
2013-08-13 18:14:53 +00:00
Peter Wemm
0ff204bbd1 The iconv in libc did two things - implement the standard APIs, the GNU
extensions and also tried to be link time compatible with ports libiconv.
This splits that functionality and enables the parts that shouldn't
interfere with the port by default.

WITH_ICONV (now on by default) - adds iconv.h, iconv_open(3) etc.
WITH_LIBICONV_COMPAT (off by default) adds the libiconv_open etc API, linker
symbols and even a stub libiconv.so.3 that are good enough to be able
to 'pkg delete -f libiconv' on a running system and reasonably expect it
to work.

I have tortured many machines over the last few days to try and reduce
the possibilities of foot-shooting as much as I can.  I've successfully
recompiled to enable and disable the libiconv_compat modes, ports that use
libiconv alongside system iconv etc.  If you don't enable the
WITH_LIBICONV_COMPAT switch, they don't share symbol space.

This is an extension of behavior on other system.  iconv(3) is a standard
libc interface and libiconv port expects to be able to run alongside it on
systems that have it.

Bumped osreldate.
2013-08-13 07:15:01 +00:00
Jilles Tjoelker
46d71747f6 db/hash: Use O_CLOEXEC instead of separate fcntl() call.
In particular, a hash db is used by getpwnam() and getpwuid().

MFC after:	1 week
2013-08-11 15:38:48 +00:00
Jilles Tjoelker
65ba8dff5f Add mkostemp() and mkostemps().
These are like mkstemp() and mkstemps() but allow passing open(2) flags like
O_CLOEXEC.
2013-08-09 17:24:23 +00:00
Andrey A. Chernov
c08f11b07c According to POSIX \ in the fnmatch(3) pattern should escape
any character including '\0', but our version replace escaped '\0'
with '\\'.
I.e. fnmatch("\\", "\\", 0) should not match while fnmatch("\\", "", 0)
should (Linux and NetBSD does the same). Was vice versa.

PR:     181129
MFC after:      1 week
2013-08-08 09:04:02 +00:00
Peter Wemm
f9562c1748 Our libc iconv (unlike gnu iconv and the citrus code in NetBSD) has a
bypass mode when src == dst.  Unfortunately, there are tools in ports
that pass byte streams through iconv to determine if the encodings
are valid.  eg: gettext-0.18.3+.

Disable the optimization and behave like the other implementations.
2013-08-08 01:53:27 +00:00
Andriy Gapon
a29cc9a34b Revert r253748,253749
This WIP should not have been committed yet.

Pointyhat to:	avg
2013-07-28 18:44:17 +00:00
Andriy Gapon
c722ec3a51 remove needless inclusion of machine/cpu.h in userland
MFC after:	21 days
2013-07-28 18:35:43 +00:00
Andrey Zonov
20dd2f38dc Remove define and documentation for vm_pageout_algorithm missed in r253587 2013-07-26 02:00:06 +00:00
John Baldwin
513bfc4fe2 Enhance the description of NOTE_TRACK:
- NOTE_TRACK has never triggered a NOTE_TRACK event from the parent pid.
  If NOTE_FORK is set, the listener will get a NOTE_FORK event from
  the parent pid, but not a separate NOTE_TRACK event.
- Explicitly note that the event added to monitor the child process
  preserves the fflags from the original event.
- Move the description of NOTE_TRACKERR under NOTE_TRACK as it is not a
  bit for the user to set (which is what this list pupports to be).
  Also, explicitly note that if an error occurs, the NOTE_CHILD event
  will not be generated.

MFC after:	1 week
2013-07-25 19:34:24 +00:00
Jilles Tjoelker
8d0f6b5fc2 wordexp(): Fix syntax validation for backslashes in single-quotes. 2013-07-23 21:09:26 +00:00
Ed Maste
4e1d691281 Document EINVAL error return from PT_LWPINFO 2013-07-22 18:18:21 +00:00
Andrew Turner
f44fbb4c13 Teach siglongjmp about the VFP version of the setjmp buffer.
This fixes a bug where a call to sigsetjmp followed by siglongjmp may fail
when run on a machine with VFP enabled.
2013-07-21 12:47:33 +00:00
Andriy Gapon
22423fd8a0 [fix to r253380] __setenv: be explicit about placing '=' after name
This should a regression introduced in r253380 if malloc'ed memory
happens to have '=' at the right place.

Reported by:	ache
Pointyhat to:	me (avg)
MFC after:	1 day
X-MFC with:	r253380
2013-07-17 08:45:27 +00:00
Andriy Gapon
e488ee55bc libc: name passed into __setenv is not necessarily NUL-terminated
That's particularly true when __setenv is called from __merge_environ.

MFC after:	4 days
2013-07-16 07:26:46 +00:00
Hiroki Sato
0c919b730c Fix mdoc syntax.
Pointed out by:	joeld
2013-07-13 08:17:55 +00:00
Jens Schweikhardt
db081af109 Typo corrected. 2013-07-12 17:37:05 +00:00
Marius Strobl
85338755c1 Prefix the alias macros for members of struct __mcontext with an underscore
in order to avoid a clash in the net80211 code.
2013-07-12 14:24:52 +00:00
Hiroki Sato
4825b1e098 Add a leaf node CTL_NET.PF_ROUTE.0.AF.NET_RT_DUMP.0.FIB. This returns
routing table with the specified FIB number, not td->td_proc->p_fibnum.
2013-07-12 12:36:12 +00:00
Michael Tuexen
b71f585303 Fix the handling of SCTP_CURRENT_ASSOC and SCTP_ALL_ASSOC in
sctp_opt_info().

MFC after: 3 days
2013-07-09 19:12:47 +00:00
Michael Tuexen
7c9b649294 Fix a bug where SCTP_ENABLE_STREAM_RESET is not handled by
sctp_opt_info().

MFC after: 3 days
2013-07-09 19:04:19 +00:00
Hiroki Sato
4e4f91b817 Update references. 2013-07-09 08:23:43 +00:00
Jilles Tjoelker
fc0bd00fb5 mktemp(3): Add standards section. Prefer standard header.
mktemp(), mkstemp() and mkdtemp() are available in standard <stdlib.h> and
also in <unistd.h>. Encourage use of the former by listing it in the
synopsis.
2013-07-05 20:24:50 +00:00
Andrey A. Chernov
61762e7dbc Style fix noted by bde@ 2013-07-04 12:35:39 +00:00
Andrey A. Chernov
7d815fd551 After fixing ranges restore POSIX requirement: rand() call without
srand() must be the same as srand(1); rand();
(yet one increment)
2013-07-04 00:02:10 +00:00
Andrey A. Chernov
df5c65e22a In addition to prev. commit, for repeated rand_r(3) calls don't forget
to compensate back at the end incremented at the start internal
state.

MFC after:      2 weeks
2013-07-03 23:27:04 +00:00
Andrey A. Chernov
476d9314d6 1) POSIX requires rand(3) return values to be in the [0, RAND_MAX] range,
but ACM formula we use have internal state (and return value) in the
[1, 0x7ffffffe] range, so our RAND_MAX (0x7fffffff) is never reached
because it is off by one, zero is not reached too.

Correct both RAND_MAX and rand(3) return value, shifting last one
to the 0 by 1 subtracted, resulting POSIXed [0, 0x7ffffffd(=new RAND_MAX)]
range.

2) Add a checks for not overflowing on too big seeds. It may happens on
the machines, where sizeof(unsigned int) > 32 bits.

Reviewed by:    bde [1]
MFC after:      2 weeks
2013-07-03 21:21:54 +00:00
Peter Wemm
ff0b75b897 Make it clear that there are three separate internal locks. 2013-07-03 18:35:21 +00:00
Peter Wemm
7900abff04 As a followup to r252547, propate const down the call stack. 2013-07-03 18:27:45 +00:00
Peter Wemm
19dfd82d81 Replace the #define for "iconv" so it is for the function name instead of
a macro with parameters.  Remove a __DECONST hack and add consts instead
for gnu libiconv API compatability.  This makes it work with things like
devel/boost-libs that expects to use "iconv" as though it were a pointer.
2013-07-03 07:03:19 +00:00
Peter Wemm
7c5cb6be8c If strdup failed, don't try and free the wrong thing. 2013-07-01 08:38:31 +00:00
Peter Wemm
3d4b80da4e __weak_alias() doesn't exist on FreeBSD. Use __weak_reference();
Expose iconv functions as weak symbols as well as their internal
remapped #define names.  This is necessary for autoconf compatability -
on Linux it appears that #include <iconv.h> isn't a link time
prerequisite for their version that's built into glibc.

Initialize the pthread rwlock.  Note that upstream has three
separate locks.  The file-local static lock appears intentional.

I'm using this as a ports-compatible compile-time substitute for
converters/libiconv on one of my personal machines.
2013-07-01 08:06:26 +00:00
Jilles Tjoelker
61c2a6184e libc: Access _sigintr more efficiently.
The variable _sigintr is not exported via the version script; therefore,
tell the compiler that no indirection (to allow interposition) is needed.
2013-06-30 20:51:15 +00:00
Ed Maste
580b4d185b Renumber clauses to reduce diffs to other versions
NetBSD, OpenBSD, and Android's Bionic number the clauses 1 through 3,
so follow suit to make comparison easier.
2013-06-13 00:19:30 +00:00
Jeremie Le Hen
54f82841d5 Turn libc.so into an ld script rather than a symlink pointing to the
real shared object and libssp_nonshared.a.

This was the last showstopper that prevented from enabling SSP for ports
by default.  portmgr@ performed a buildworld which showed no significant
breakage with this patch.

Details:

On i386 for PIC objects, gcc uses the __stack_chk_fail_local hidden
symbol instead of calling __stack_chk_fail directly [1].  This happen
not only with our gcc-4.2.1 but also with the latest gcc-4.8.  If you
want the very nasty details, see [2].

OTOH the problem doesn't exist on other architectures.  It also doesn't
exist with Clang as the latter will somehow manage to create the
function in the object file at compile time (contrary to only
referencing it through a symbol that will be brought in at link time).

In a perfect world, when an object file is compiled with
-fstack-protector, it will be linked into a binary or a DSO with this
same flag as well, so GCC will add libssp_nonshared.a to the linker
command-line.  Unfortunately, we don't control softwares in ports and we
may have such broken DSO.  This is the whole point of this patch.

You can reproduce the problem on i386 by compiling a source file into an
object file with "-fstack-protector-all -fPIE" and linking it
into a binary without "-fstack-protector".

This ld script automatically proposes libssp_nonshared.a along with the
real libc DSO to the linker.  It is important to understand that the
object file contained in this library will be pulled in the resulting
binary _only if_ the linker notices one of its symbols is needed (i.e.
one of the SSP symbol is missing).

A theorical performance impact could be when compiling, but my testing
showed less than 0.1% of difference.

[1] For 32-bit code gcc saves the PIC register setup by using
    __stack_chk_fail_local hidden function instead of calling
    __stack_chk_fail directly.  See comment line 19460 in:
    src/contrib/gcc/config/i386/i386.c

[2] When compiling a source file to an object file, if you use something
    which is external to the compilation unit, GCC doesn't know yet if
    this symbol will be inside or outside the DSO.  So it expects the
    worst case and routes the symbol through the GOT, which means
    additional space and extra relocation for rtld(1).

    Declaring a symbol has hidden tells GCC to use the optimal route (no
    GOT), but on the other hand this means the symbol has to be provided
    in the same DSO (namely libssp_nonshared.a).

    On i386, GCC actually uses an hidden symbol for SSP in PIC objects
    to save PIC register setup, as said in [1].

PR:		ports/138228
PR:		ports/168010
Reviewed by:	kib, kan
2013-06-12 21:12:05 +00:00
Jilles Tjoelker
42cb36d269 Make recv() and send() cancellation points, as required by POSIX.
Call the recvfrom() and sendto() functions overridden by libthr instead of
the _recvfrom() and _sendto() versions that are not cancellation points.
2013-06-09 14:31:59 +00:00
Joel Dahl
2a82581d9b Minor mdoc fixes. 2013-06-09 07:15:43 +00:00
Jilles Tjoelker
172886a93e sigaction(2): Document various non-POSIX functions as async-signal safe. 2013-06-08 13:45:43 +00:00
Gleb Smirnoff
6160e12c10 Add new system call - aio_mlock(). The name speaks for itself. It allows
to perform the mlock(2) operation, which can consume a lot of time, under
control of aio(4).

Reviewed by:	kib, jilles
Sponsored by:	Nginx, Inc.
2013-06-08 13:27:57 +00:00
Andrew Turner
8e03dd5926 Finish pulling in the NetBSD setjmp/longjmp updates on ARM.
Store/restore the VFP registers in setjmp/longjmp on ARM EABI if VFP is
enabled in the kernel. It checks the hw.floatingpoint sysctl to see if
floating-point is available and uses this to determine if it should store
them. If it does it uses a different magic value so longjmp is able to know
if it should load them.
2013-06-07 22:01:06 +00:00
Andrew Turner
4e75169f43 Include machine/setjmp.h to get the definition of _JB_MAGIC__SETJMP. This
allows us to remove it from the ARM copy of machine/asm.h.
2013-06-07 21:13:28 +00:00
Ed Maste
371df6c6ad Switch to 2-clause license and standard text
Approved by:	bms@
2013-06-06 21:09:27 +00:00
Andrew Turner
d2d3491d5a Remove part of the NetBSD longjmp code that was not ready to be merged. 2013-06-05 07:37:45 +00:00
Andrew Turner
8ed717de58 Start to merge the updated ARM NetBSD setjump/longjmp functions. To begin
with merge the functions but leave out the code to save/load the VFP
registers as that requires other changes to ensure the VFP is enabled
first.

This removes storing the old fpa registers. These were never fully
supported, and the only user of this code I can find have moved to newer
CPUs which use a VFP.
2013-06-04 19:47:26 +00:00
Joel Dahl
580dbd6574 mdoc: convert .Fd to .In, which is much nicer. 2013-06-04 07:37:06 +00:00
Ed Schouten
49111f0092 Add libiconv based versions of *c16*() and *c32*().
I initially thought wchar_t was locale independent, but this seems to be
only the case on Linux. This means that we cannot depend on the *wc*()
routines to implement *c16*() and *c32*(). Instead, use the Citrus
libiconv that is part of libc.

I'll see if there is anything I can do to make the existing functions
somewhat useful in case the system is built without libiconv in the
nearby future. If not, I'll simply remove the broken implementations.

Reviewed by:	jilles, gabor
2013-06-03 17:17:56 +00:00
Ed Maste
acbbd07aca Switch to 2-clause license
Approved by:	bms@
2013-06-03 12:43:09 +00:00
Jilles Tjoelker
4b08438c22 dup(2): Clarify return value, in particular of dup2(). 2013-05-31 22:09:31 +00:00
Jilles Tjoelker
4e3f0e45cf sigaction(2): *at system calls are async-signal safe. 2013-05-31 21:31:38 +00:00
Jilles Tjoelker
f8732c7fc3 sigaction(2): Extend description of async-signal safe functions:
* Improve description when unsafe functions are unsafe.
* Add various safe functions from POSIX.1-2008 and Austin Group issue #692.
2013-05-31 21:25:51 +00:00
Jilles Tjoelker
0bbe34c35d fork(2): Add information about fork() in multi-threaded processes.
There is nothing about pthread_atfork(3) or extensions like calling
malloc(3) in the child process as this may be unreliable or broken.
2013-05-31 20:46:08 +00:00
Jilles Tjoelker
45100a722a fork(2): #include <sys/types.h> is not needed. 2013-05-31 14:48:37 +00:00
Ed Maste
9eafd63574 Remove clause 3 and 4 from TNF licenses
Per the NetBSD Foundation statement
  Third parties are encouraged to change the license on any files which
  have a 4-clause license contributed to the NetBSD Foundation to a
  2-clause license.
2013-05-29 01:54:10 +00:00
Ed Maste
e2e9c35fa4 Remove the advertising clause from the Regents of the University of
California's license, per the letter dated July 22, 1999.
2013-05-28 21:05:06 +00:00
Ed Maste
3fb3b97c4d Renumber clauses to reduce diffs to other versions
NetBSD, OpenBSD, and Android's Bionic number the clauses 1 through 3,
so follow suit to make comparison easier.
2013-05-28 20:57:40 +00:00
Ed Maste
921ca2fd11 Remove the advertising clause from the Regents of the University of
California's license, per the letter dated July 22, 1999.
2013-05-28 20:37:48 +00:00
Konstantin Belousov
55a1911ef2 The getcontext() from the __fillcontextx() call in the
check_deferred_signal() returns twice, since handle_signal() emulates
the return from the normal signal handler by sigreturn(2)ing the
passed context.  Second return is performed on the destroyed stack
frame, because __fillcontextx() has already returned.  This causes
undefined and bad behaviour, usually the victim thread gets SIGSEGV.

Avoid nested frame and the need to return from it by doing direct call
to getcontext() in the check_deferred_signal() and using a new private
libc helper __fillcontextx2() to complement the context with the
extended CPU state if the deferred signal is still present.

The __fillcontextx() is now unused, but is kept to allow older
libthr.so to be used with the new libc.

Mark __fillcontextx() as returning twice [1].

Reported by:	pgj
Pointy hat to:	kib
Discussed with:	dim
Tested by:	pgj, dim
Suggested by:	jilles [1]
MFC after:	1 week
2013-05-28 04:54:16 +00:00
Jilles Tjoelker
24f3b0bcd0 cap_rights_limit(2): CAP_ACCEPT also permits accept4(2). 2013-05-27 21:37:19 +00:00
Marcel Moolenaar
9dfba391d6 Make the malloc(3) family of functions weak and make their non-weak
implementations visible for use by applications. The functions $F that
are now weak symbols are:
	allocm, calloc, dallocm, free, malloc, malloc_usable_size,
	nallocm, posix_memalign, rallocm, realloc, sallocm

The non-weak implementations of $F are exported as __$F.

Submitted by:	stevek@juniper.net
Reviewed by:	jasone@, kib@
Approved by:	jasone@ (jemalloc)
Obtained from:	juniper Networks, Inc
2013-05-25 18:59:11 +00:00
Jilles Tjoelker
0bbacb9c66 sigreturn(2): Remove ancient compatibility warning about 4.2BSD.
The HISTORY subsection still says that sigreturn() was added in 4.3BSD.
2013-05-25 13:59:40 +00:00
Ed Schouten
a6f45121b5 Make some tiny improvements to iconv_open().
- Remove an unneeded variable.
- Fix whitespace bugs.
- Fix typoes in comment.
- Improve string handling a bit. Don't handroll strstr() and don't
  terminate a strdup()'ed string. Instead, simply strndup() the part we
  need.
2013-05-25 12:13:54 +00:00
Ed Schouten
907b803190 Only call free() on something we allocated.
If we were already provided a struct _citrus_iconv (e.g. through
iconv_open_into()), we should not call free() in case io_init_context()
fails. Instead, call it on the pointer of the allocated object, which
will be NULL in case of iconv_open_into().
2013-05-25 12:11:20 +00:00
Ed Schouten
b94c7c3e21 Let iconv build on -HEAD properly.
- Add NO_WMISSING_VARIABLE_DECLARATIONS where we use Yacc/Lex.
- Add variable declarations where possible.
- Add missing static keyword.
2013-05-23 18:07:01 +00:00
Ed Schouten
8ed7462feb Update manpages for r250887.
Remove the lists of unneeded header files.

Requested by:	eadler
2013-05-21 21:39:18 +00:00
Ed Schouten
50c77c6e8b Add <uchar.h>.
The <uchar.h> header, part of C11, adds a small number of utility
functions for 16/32-bit "universal" characters, which may or may not be
UTF-16/32. As our wchar_t is already ISO 10646, simply add light-weight
wrappers around wcrtomb() and mbrtowc().

While there, also add (non-yet-standard) _l functions, similar to the
ones we already have for the other locale-dependent functions.

Reviewed by:	theraven
2013-05-21 19:59:37 +00:00
Julian Elischer
956e8eee53 Update the setfib man page to reflect recent changes. 2013-05-20 20:47:40 +00:00
Jilles Tjoelker
e9dec7758d popen(): Add 'e' mode character to set close-on-exec on the new fd.
If 'e' is used, the kernel must support the recently added pipe2() system
call.

The use of pipe2() with O_CLOEXEC also fixes race conditions between
concurrent popen() calls from different threads, even if the close-on-exec
flag on the fd of the returned FILE is later cleared (because popen() closes
all file descriptors from earlier popen() calls in the child process).
Therefore, this approach should be used in all cases when pipe2() can be
assumed present.

The old version of popen() rejects "re" and "we" but treats "r+e" like "r+".
2013-05-20 17:31:18 +00:00
Hiren Panchasara
3627fbff6c Fix a typo: It should be "strtoll" and not "stroll".
PR:	178642
Reported by:	Michael Galassi (michaelgalassi@gmail.com)
Approved by:	sbruno (mentor)
MFC after:	1 week
2013-05-14 20:25:07 +00:00
Eitan Adler
a164074fc4 Fix several typos
PR:		kern/176054
Submitted by:	Christoph Mallon <christoph.mallon@gmx.de>
MFC after:	3 days
2013-05-12 16:43:26 +00:00
Sergey Kandaurov
b6dd17329c Typo. 2013-05-12 05:54:58 +00:00
Jilles Tjoelker
38cf77de66 posix_spawn_file_actions_adddup2(3): Document difference with dup2().
The ability to clear a file descriptor's close-on-exec flag via
posix_spawn_file_actions_adddup2() is in fact proposed in Austin Group issue
#411.

MFC after:	1 week
2013-05-09 21:29:13 +00:00
Jilles Tjoelker
39e499a8d2 posix_spawn_file_actions_addopen(3): Correct error for bad file descriptor.
As per POSIX.1-2008, posix_spawn_file_actions_add* return [EBADF] if a file
descriptor is negative, not [EINVAL]. The bug was only in the manual page;
the code is correct.

MFC after:	1 week
2013-05-09 16:42:01 +00:00
Jilles Tjoelker
ae4c676c55 wordexp(): Simplify code by deferring work to sh. 2013-05-09 11:43:45 +00:00
Sergey Kandaurov
e0906c9a0d POSIX 1003.1-2008: add ENOTRECOVERABLE, EOWNERDEAD errnos. 2013-05-04 19:07:22 +00:00
Sergey Kandaurov
424b842a5d Document that the return type is different from 1003.1-2008.
MFC after:	1 week
2013-05-04 17:21:44 +00:00
Sergey Kandaurov
4f79ce7b4c mdoc: missing comma in .Dd macro. 2013-05-04 17:06:47 +00:00
Sergey Kandaurov
c951cd462f Add entry for errno ECAPMODE.
MFC after:	3 days
2013-05-04 12:57:21 +00:00
Jung-uk Kim
a7880d59c9 Improve compatibility with recent flex from flex.sourceforge.net. 2013-05-03 23:51:32 +00:00
Sergey Kandaurov
67ff590b9e Also, add a missing period. 2013-05-03 13:27:13 +00:00
Sergey Kandaurov
cc7a693fa7 Remove an extra comma. 2013-05-03 12:45:45 +00:00
Sergey Kandaurov
88bbbe88d7 Remove the STANDARDS section.
querylocale is not part of IEEE Std 1003.1-2008.

MFC after:	3 days
2013-05-03 12:42:43 +00:00
Jilles Tjoelker
ed5987bd08 accept(2), pipe(2): Fix .Dd. 2013-05-01 22:47:47 +00:00
Jilles Tjoelker
dc570d5e56 Add pipe2() system call.
The pipe2() function is similar to pipe() but allows setting FD_CLOEXEC and
O_NONBLOCK (on both sides) as part of the function.

If p points to two writable ints, pipe2(p, 0) is equivalent to pipe(p).

If the pointer is not valid, behaviour differs: pipe2() writes into the
array from the kernel like socketpair() does, while pipe() writes into the
array from an architecture-specific assembler wrapper.

Reviewed by:	kan, kib
2013-05-01 22:42:42 +00:00
Jilles Tjoelker
da7d2afb6d Add accept4() system call.
The accept4() function, compared to accept(), allows setting the new file
descriptor atomically close-on-exec and explicitly controlling the
non-blocking status on the new socket. (Note that the latter point means
that accept() is not equivalent to any form of accept4().)

The linuxulator's accept4 implementation leaves a race window where the new
file descriptor is not close-on-exec because it calls sys_accept(). This
implementation leaves no such race window (by using falloc() flags). The
linuxulator could be fixed and simplified by using the new code.

Like accept(), accept4() is async-signal-safe, a cancellation point and
permitted in capability mode.
2013-05-01 20:10:21 +00:00
Jilles Tjoelker
3143f63a23 intro(2): Fix some errors in ENFILE and EMFILE descriptions.
MFC after:	1 week
2013-04-27 11:55:23 +00:00
Jilles Tjoelker
34d0fed913 sysconf(3): Correct the description of _SC_OPEN_MAX.
Reported by:	bde
MFC after:	1 week
2013-04-26 21:43:42 +00:00
Jilles Tjoelker
e160aec9a5 getdtablesize(2): Describe what this function actually does.
getdtablesize() returns the limit on new file descriptors; this says nothing
about existing descriptors.

MFC after:	1 week
2013-04-24 21:24:35 +00:00
Ed Maste
5a6307cf42 Convert libc/stdio from K&R to ANSI C
And add '__restrict' where it appeared in the header prototypes
2013-04-23 14:36:44 +00:00
Ed Maste
1d8053c5c0 Renumber clauses to reduce diffs to other versions
NetBSD, OpenBSD, and Android's Bionic all number the clauses 1 through 3,
so follow suit to make comparison easier.

Acked-by: imp@
2013-04-23 13:33:13 +00:00
Eitan Adler
d001beb260 - sl_find does not modify 'name'
- make the prototype of sl_find match NetBSD

Reviewed by:	jilles
Approved by:	cperciva (mentor)
MFC After:	3 days
2013-04-23 13:03:03 +00:00
Eitan Adler
240f872cb8 Switch from K&R prototypes to modern C
Reviewed by:	jilles
Approved by:	cperciva (mentor)
MFC After:	3 days
2013-04-23 13:03:01 +00:00
Sergey Kandaurov
89bbe1496d Keep up with negative addrlen check removal in r249649. 2013-04-22 09:18:50 +00:00
Jilles Tjoelker
2cd19a510a dup(2): Remove incorrect sentence about getdtablesize().
There are no getdtablesize() bounds on the file descriptor to be duplicated;
it only has to be open. If the RLIMIT_NOFILE rlimit was decreased after
opening the file descriptor, it may be greater than or equal to
getdtablesize() but still valid.

MFC after:	1 week
2013-04-21 19:42:04 +00:00
Joel Dahl
15f764dd19 Add example.
PR:		177025
Submitted by:	Fernando <fernando.apesteguia@gmail.com>
Reviewed by:	theraven
2013-04-21 10:30:19 +00:00
Joel Dahl
cd088fc43a Remove cross-references to nonexistent CPU_SET(3) manpage.
Also fix cpu_getaffinity(2) document title.

PR:		176317
Submitted by:	brucec
2013-04-21 06:46:41 +00:00
Jilles Tjoelker
00e080be77 pututxline: Don't set errno=0 in subfunctions.
The functions utx_active_add(), utx_active_remove(), utx_lastlogin_add() and
utx_log_add() set errno to 0 if they are successful. This not only violates
POSIX if pututxline() is successful, but may also overwrite a valid error
with 0 if, for example, utx_lastlogin_add() fails while utx_log_add()
succeeds.

Reviewed by:	ed
2013-04-17 21:08:15 +00:00
Gabor Kovesdan
ab3f6b347e - Correct mispellings of the word occurrence
Submitted by:	Christoph Mallon <christoph.mallon@gmx.de> (via private mail)
2013-04-17 11:40:10 +00:00
Joel Dahl
9adbae037d mdoc: remove superfluous paragraph macro. 2013-04-16 20:31:15 +00:00
John Baldwin
8916af883c - Document that sem_wait() can fail with EINTR if it is interrupted by a
signal.
- Fix the old ksem implementation for POSIX semaphores to not restart
  sem_wait() or sem_timedwait() if interrupted by a signal.

MFC after:	1 week
2013-04-16 20:26:31 +00:00
Jilles Tjoelker
c9e57bf8be libc: Fix typo in French translation.
PR:		kern/177704
Submitted by:	martymac
MFC after:	1 week
2013-04-14 11:44:47 +00:00
Ed Maste
b4c19408e9 Spelling correction 2013-04-11 20:15:37 +00:00
Ed Maste
b4fc4a4c72 Remove unused atomic header 2013-04-11 12:49:42 +00:00
Michael Tuexen
7f15a8dff2 Remove the number of addresses restriction from sctp_connectx().
Remove unused code.
While there, do some cleanup of the code.

MFC after: 1 week
2013-04-10 11:26:30 +00:00
George V. Neville-Neil
599c412493 Correct the returned message lengths for timeval and bintime control
messages (SO_BINTIME, SO_TIMEVAL).

Obtained from:	phk
2013-04-05 18:09:43 +00:00
Xin LI
12a6865090 Replace access to /dev/random with the kernel pseudo-random number
source sysctl(KERN_ARND) and remove the fallback code.

Obtained from:	OpenBSD
Reviewed by:	secteam
MFC after:	1 month
2013-04-02 23:41:20 +00:00
Matthew D Fleming
e324bf91e8 Fix return type of extattr_set_* and fix rmextattr(8) utility.
extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*.  Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after:	1 week
2013-04-02 05:30:41 +00:00
Jilles Tjoelker
70d41b5846 wordexp(): Remove wrong IFS usage.
Words in shell script are separated by spaces or tabs independent of the
value of IFS. The value of IFS is only relevant for the result of
substitutions. Therefore, there should be a space between 'wordexp' and the
words to be expanded, not an IFS character.

Paranoia might dictate that the shell ignore IFS from the environment (even
though our sh currently uses it), so do not depend on it in the new test
case.
2013-04-01 20:50:07 +00:00
Jilles Tjoelker
86bca8fb51 btowc(3), isblank(3): Correct prototypes for _l variants.
MFC after:	1 week
2013-03-27 21:31:40 +00:00
Jilles Tjoelker
de9dcfba06 accept(2): Mention inheritance of O_ASYNC and signal destination.
While almost nobody uses O_ASYNC, and rightly so, the inheritance of the
related properties across accept() is a portability issue like the
inheritance of O_NONBLOCK.
2013-03-26 22:46:56 +00:00
Dimitry Andric
7e4de3c228 Compile contrib/tzcode/stdtime/localtime.c with -fwrapv, since it relies
on signed integer overflow wrapping.  Otherwise mktime(3) and timegm(3)
can hang, in case the timestamp passed in struct tm is not representable
in a time_t.  Specifically, any timestamp after 2038-01-19 03:14:07, in
combination with a 32-bit time_t.

Note that it would be better to change the code to not rely on undefined
behaviour, but it is contributed code, and it is not entirely trivial to
fix the issue properly.

MFC after:	3 days
2013-03-24 01:35:37 +00:00
Pawel Jakub Dawidek
2883fbd521 Document chflagsat(2).
Obtained from:	jilles
2013-03-21 23:05:44 +00:00
Pawel Jakub Dawidek
e948704e4b Implement chflagsat(2) system call, similar to fchmodat(2), but operates on
file flags.

Reviewed by:	kib, jilles
Sponsored by:	The FreeBSD Foundation
2013-03-21 22:59:01 +00:00
Pawel Jakub Dawidek
b4b2596b97 - Make 'flags' argument to chflags(2), fchflags(2) and lchflags(2) of type
u_long. Before this change it was of type int for syscalls, but prototypes
  in sys/stat.h and documentation for chflags(2) and fchflags(2) (but not
  for lchflags(2)) stated that it was u_long. Now some related functions
  use u_long type for flags (strtofflags(3), fflagstostr(3)).
- Make path argument of type 'const char *' for consistency.

Discussed on:	arch
Sponsored by:	The FreeBSD Foundation
2013-03-21 22:44:33 +00:00
Jilles Tjoelker
46f10cc265 Allow O_CLOEXEC in posix_openpt() flags.
PR:		kern/162374
Reviewed by:	ed
2013-03-21 21:39:15 +00:00
Jilles Tjoelker
c2e3c52e0d Implement SOCK_CLOEXEC, SOCK_NONBLOCK and MSG_CMSG_CLOEXEC.
This change allows creating file descriptors with close-on-exec set in some
situations. SOCK_CLOEXEC and SOCK_NONBLOCK can be OR'ed in socket() and
socketpair()'s type parameter, and MSG_CMSG_CLOEXEC to recvmsg() makes file
descriptors (SCM_RIGHTS) atomically close-on-exec.

The numerical values for SOCK_CLOEXEC and SOCK_NONBLOCK are as in NetBSD.
MSG_CMSG_CLOEXEC is the first free bit for MSG_*.

The SOCK_* flags are not passed to MAC because this may cause incorrect
failures and can be done later via fcntl() anyway. On the other hand, audit
is expected to cope with the new flags.

For MSG_CMSG_CLOEXEC, unp_externalize() is extended to take a flags
argument.

Reviewed by:	kib
2013-03-19 20:58:17 +00:00
Gleb Smirnoff
8863cc408c There are actually two different cases when mlock(2) returns
ENOMEM. Clarify this, taking text from SUS.

Reviewed by:	kib
2013-03-19 05:44:25 +00:00
Kevin Lo
da5dfd565f Add restrict keyword to realpath manpage. 2013-03-18 01:22:28 +00:00
Pawel Jakub Dawidek
136cbf84ef Add a note to the HISTORY section about lchflags(2) being introduced in
FreeBSD 5.0.
2013-03-16 22:44:14 +00:00
Brooks Davis
778c12a624 Update to the latest (un)vis(3) sources from NetBSD. This adds
multibyte support[0] and the new functions strenvisx and strsenvisx.

Add MLINKS for vis(3) functions add by this and the initial import from
NetBSD[1].

PR:		bin/166364, bin/175418
Submitted by:	"J.R. Oldroyd" <fbsd@opal.com>[0]
		stefanf[1]
Obtained from:	NetBSD
MFC after:	2 weeks
2013-03-14 23:51:47 +00:00
Jilles Tjoelker
37aafc3318 libc: Avoid SIGPIPE when nscd closes the connection unexpectedly.
It is almost always a bug if nscd closes the connection unexpectedly but
programs should not be killed with SIGPIPE for it.

Reviewed by:	bushman
Tested by:	Jan Beich
MFC after:	1 week
2013-03-13 18:38:18 +00:00
Sergey Kandaurov
5fc3f0cad0 Link getcontextx(3) to getcontext(3).
Reviewed by:	kib
MFC after:	1 week
2013-03-13 18:19:33 +00:00
Sergey Kandaurov
be63e70370 Add the getcontextx prototype to SYNOPSIS.
Reviewed by:	kib
MFC after:	1 week
2013-03-13 18:18:16 +00:00
Niclas Zeising
0e7919f704 Create a symlink from strchrnul.3 to strchr.3.
This was forgotten in the initial commit of strchrnul()

Approved by:	theraven
2013-03-06 19:59:42 +00:00
Pawel Jakub Dawidek
7493f24ee6 - Implement two new system calls:
int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
	int connectat(int fd, int s, const struct sockaddr *name, socklen_t namelen);

  which allow to bind and connect respectively to a UNIX domain socket with a
  path relative to the directory associated with the given file descriptor 'fd'.

- Add manual pages for the new syscalls.

- Make the new syscalls available for processes in capability mode sandbox.

- Add capability rights CAP_BINDAT and CAP_CONNECTAT that has to be present on
  the directory descriptor for the syscalls to work.

- Update audit(4) to support those two new syscalls and to handle path
  in sockaddr_un structure relative to the given directory descriptor.

- Update procstat(1) to recognize the new capability rights.

- Document the new capability rights in cap_rights_limit(2).

Sponsored by:	The FreeBSD Foundation
Discussed with:	rwatson, jilles, kib, des
2013-03-02 21:11:30 +00:00
Joel Dahl
fdf25068b7 mdoc: remove superfluous paragraph macro. 2013-03-02 06:55:55 +00:00
Pawel Jakub Dawidek
2609222ab4 Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor
  has set of its own capability rights.

- The cap_new(2) system call is left, but it is no longer documented and
  should not be used in new code.

- The new syscall cap_rights_limit(2) should be used instead of
  cap_new(2), which limits capability rights of the given descriptor
  without creating a new one.

- The cap_getrights(2) syscall is renamed to cap_rights_get(2).

- If CAP_IOCTL capability right is present we can further reduce allowed
  ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
  ioctls can be retrived with cap_ioctls_get(2) syscall.

- If CAP_FCNTL capability right is present we can further reduce fcntls
  that can be used with the new cap_fcntls_limit(2) syscall and retrive
  them with cap_fcntls_get(2).

- To support ioctl and fcntl white-listing the filedesc structure was
  heavly modified.

- The audit subsystem, kdump and procstat tools were updated to
  recognize new syscalls.

- Capability rights were revised and eventhough I tried hard to provide
  backward API and ABI compatibility there are some incompatible changes
  that are described in detail below:

	CAP_CREATE old behaviour:
	- Allow for openat(2)+O_CREAT.
	- Allow for linkat(2).
	- Allow for symlinkat(2).
	CAP_CREATE new behaviour:
	- Allow for openat(2)+O_CREAT.

	Added CAP_LINKAT:
	- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
	- Allow to be target for renameat(2).

	Added CAP_SYMLINKAT:
	- Allow for symlinkat(2).

	Removed CAP_DELETE. Old behaviour:
	- Allow for unlinkat(2) when removing non-directory object.
	- Allow to be source for renameat(2).

	Removed CAP_RMDIR. Old behaviour:
	- Allow for unlinkat(2) when removing directory.

	Added CAP_RENAMEAT:
	- Required for source directory for the renameat(2) syscall.

	Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
	- Allow for unlinkat(2) on any object.
	- Required if target of renameat(2) exists and will be removed by this
	  call.

	Removed CAP_MAPEXEC.

	CAP_MMAP old behaviour:
	- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
	  PROT_WRITE.
	CAP_MMAP new behaviour:
	- Allow for mmap(2)+PROT_NONE.

	Added CAP_MMAP_R:
	- Allow for mmap(PROT_READ).
	Added CAP_MMAP_W:
	- Allow for mmap(PROT_WRITE).
	Added CAP_MMAP_X:
	- Allow for mmap(PROT_EXEC).
	Added CAP_MMAP_RW:
	- Allow for mmap(PROT_READ | PROT_WRITE).
	Added CAP_MMAP_RX:
	- Allow for mmap(PROT_READ | PROT_EXEC).
	Added CAP_MMAP_WX:
	- Allow for mmap(PROT_WRITE | PROT_EXEC).
	Added CAP_MMAP_RWX:
	- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).

	Renamed CAP_MKDIR to CAP_MKDIRAT.
	Renamed CAP_MKFIFO to CAP_MKFIFOAT.
	Renamed CAP_MKNODE to CAP_MKNODEAT.

	CAP_READ old behaviour:
	- Allow pread(2).
	- Disallow read(2), readv(2) (if there is no CAP_SEEK).
	CAP_READ new behaviour:
	- Allow read(2), readv(2).
	- Disallow pread(2) (CAP_SEEK was also required).

	CAP_WRITE old behaviour:
	- Allow pwrite(2).
	- Disallow write(2), writev(2) (if there is no CAP_SEEK).
	CAP_WRITE new behaviour:
	- Allow write(2), writev(2).
	- Disallow pwrite(2) (CAP_SEEK was also required).

	Added convinient defines:

	#define	CAP_PREAD		(CAP_SEEK | CAP_READ)
	#define	CAP_PWRITE		(CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_R		(CAP_MMAP | CAP_SEEK | CAP_READ)
	#define	CAP_MMAP_W		(CAP_MMAP | CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_X		(CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
	#define	CAP_MMAP_RW		(CAP_MMAP_R | CAP_MMAP_W)
	#define	CAP_MMAP_RX		(CAP_MMAP_R | CAP_MMAP_X)
	#define	CAP_MMAP_WX		(CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_MMAP_RWX		(CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_RECV		CAP_READ
	#define	CAP_SEND		CAP_WRITE

	#define	CAP_SOCK_CLIENT \
		(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
		 CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
	#define	CAP_SOCK_SERVER \
		(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
		 CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
		 CAP_SETSOCKOPT | CAP_SHUTDOWN)

	Added defines for backward API compatibility:

	#define	CAP_MAPEXEC		CAP_MMAP_X
	#define	CAP_DELETE		CAP_UNLINKAT
	#define	CAP_MKDIR		CAP_MKDIRAT
	#define	CAP_RMDIR		CAP_UNLINKAT
	#define	CAP_MKFIFO		CAP_MKFIFOAT
	#define	CAP_MKNOD		CAP_MKNODAT
	#define	CAP_SOCK_ALL		(CAP_SOCK_CLIENT | CAP_SOCK_SERVER)

Sponsored by:	The FreeBSD Foundation
Reviewed by:	Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with:	rwatson, benl, jonathan
ABI compatibility discussed with:	kib
2013-03-02 00:53:12 +00:00
Pawel Jakub Dawidek
d6f122f4fb Provide cap_sandboxed(3) function, which is a wrapper around cap_getmode(2)
system call, which has a nice property - it never fails, so it is a bit
easier to use. If there is no support for capability mode in the kernel
the function will return false (not in a sandbox). If the kernel is compiled
with the support for capability mode, the function will return true or false
depending if the calling process is in the capability mode sandbox or not
respectively.

Sponsored by:	The FreeBSD Foundation
2013-03-02 00:11:27 +00:00
Xin LI
d0ebccde13 Fix assignment of maximum bounadary.
Submitted by:	Sascha Wildner <saw online de>
Obtained from:	DragonFly rev fd39c81ba220f7ad6e4dc9b30d45e828cf58a1ad
MFC after:	2 weeks
2013-03-01 23:26:13 +00:00
Kevin Lo
5ee7403731 Assign the len field of the netbuf structure to the current length of
a sockaddr.

Obtained from:	NetBSD
2013-03-01 15:45:57 +00:00
Joel Dahl
1046c6427e mdoc: add missing El. 2013-02-27 20:09:25 +00:00
John Baldwin
9240031ac6 Add an implementation of open_memstream() and open_wmemstream(). These
routines provide write-only stdio FILE objects that store their data in a
dynamically allocated buffer.  They are a string builder interface somewhat
akin to a completely dynamic sbuf.

Reviewed by:	bde, jilles (earlier versions)
MFC after:	1 month
2013-02-27 19:50:46 +00:00
Jilles Tjoelker
c6344d08bb libc/opendir: Improve behaviour of union uniquifier:
* Reopen the directory using openat(fd, ".", ...) instead of opening the
  pathname again. This fixes a race condition where the meaning of the
  pathname changes and allows a reopen with fdopendir().
* Always reopen the directory for union stacks, not only when DTF_REWIND
  is passed. Applications should be able to fchdir(dirfd(dir)) and
  *at(dirfd(dir), ...). DTF_REWIND now does nothing.
2013-02-24 20:53:32 +00:00
Giorgos Keramidas
b3d4294f3a Now that qsort(3) has a sample comparison function, point to that
example from bsearch(3) too, so that we don't have to duplicate
the example code in both places.

PR:		docs/176197
Reviewed by:	stefanf
Approved by:	remko (mentor), gjb (mentor)
MFC after:	1 week
2013-02-23 12:31:52 +00:00
Joel Dahl
954349a63c Sort sections. 2013-02-20 19:05:13 +00:00
Giorgos Keramidas
302318d549 Various improvements to the qsort(3) usage example:
- Remove unused #include.
- Do not cast away const.
- Use the canonical idiom to compare two numbers.
- Use proper type for sizes, i.e. size_t instead of int.
- Correct indentation.
- Simplify printf("\n") to puts("").
- Use return instead of exit() in main().

Submitted by:	Christoph Mallon, christoph.mallon at gmx.de
Approved by:	gjb (mentor)
Reviewed by:	stefanf
MFC after:	1 week
2013-02-20 18:31:55 +00:00
Giorgos Keramidas
8ce3e01e09 Add a sample program that shows how a custom comparison function and
qsort(3) can work together to sort an array of integers.

PR:             docs/176197
Submitted by:   Fernando, fapesteguia at opensistemas.com
Approved by:    gjb (mentor)
MFC after:      1 week
2013-02-19 23:57:39 +00:00
Jilles Tjoelker
5a9ecb5bb2 setbuf(3): Restore a BUGS section about setbuf().
The brokenness of setbuf() is not specific to 4.2BSD and 4.3BSD but inherent
in the API definition.

Reported by:	bde
2013-02-18 22:47:59 +00:00
David Xu
17001e0b94 Make more code be protected by internal mutex, and now it is fork-safe, in
error case, the file exclusive lock is now released as soon as possible,
in previous code, child process can still hold the exclusive lock.
2013-02-17 02:52:42 +00:00
Pawel Jakub Dawidek
1f2ce2a086 Put one file per line so it is easier to read diffs against those files. 2013-02-16 22:21:46 +00:00
David Xu
a9c09aee21 Simplify code by using flag O_EXLOCK.
PR: kern/175674
2013-02-16 06:07:07 +00:00
Jilles Tjoelker
f108ef834e setbuf(3): Remove bugs section about ancient versions of BSD. 2013-02-15 10:44:07 +00:00
Niclas Zeising
d3087c8fe0 Change examples to be consistent with what style(9) says.
Approved by:	joel (mentor)
MFC After:	2 weeks
2013-02-14 21:29:55 +00:00
Niclas Zeising
d902844bbd Add strchrnul(), a GNU function similar to strchr(), except that it returns
a pointer to the end of the string, rather than NULL, if the character was
not found.

Approved by:	theraven
2013-02-13 15:46:33 +00:00
Ian Lepore
74938cbb7f Make the F_READAHEAD option to fcntl(2) work as documented: a value of zero
now disables read-ahead.  It used to effectively restore the system default
readahead hueristic if it had been changed; a negative value now restores
the default.

Reviewed by:	kib
2013-02-13 15:09:16 +00:00
Andrew Turner
b27ca6313e When clang builds libc it may insert calls to __aeabi_* functions. Normally
this is not a problem as they are resolved by libgcc. The exception is for
the __aeabi_mem* functions. These call back into libc to the appropriate
function. This causes issues for static binaries as we only link against
libc once so there is no way for it to call into libgcc and back.

The fix for this is to include these symbols in libc but keep them hidden
so binaries use the libgcc version.
2013-02-12 06:04:51 +00:00
Jilles Tjoelker
ad7d20c921 fts: Use O_DIRECTORY when opening name that might be changed by attacker.
There are uncommon cases where fts_safe_changedir() may be called with a
non-NULL name that is not "..". Do not block or worse if an attacker put (a
(symlink to) a fifo or device where a directory used to be.

MFC after:	1 week
2013-02-10 23:09:15 +00:00
Michael Tuexen
4224e03ae7 Improve code style. No functional change.
MFC after: 3 days
2013-02-10 19:21:17 +00:00
Jilles Tjoelker
08851ea288 sigqueue(2): Fix typo (EEPERM -> EPERM).
MFC after:	3 days
2013-02-10 13:20:23 +00:00
Eitan Adler
4b3d880203 Fix logic inversion.
PR:		docs/174966
Submitted by:	Christian Ullrich <chris+freebsd@chrullrich.net>
Approved by:	bcr (mentor)
2013-02-09 17:13:51 +00:00
Joel Dahl
1848dd2aec mdoc: Remove EOL whitespace. 2013-02-09 07:01:05 +00:00
Konstantin Belousov
2ee83a16c0 Document the detail of interaction between vfork and PT_TRACEME.
MFC after:	2 weeks
2013-02-07 15:36:24 +00:00
Konstantin Belousov
9be7626dee Document the ERESTART translation to EINTR for devfs nodes.
Based on the submission by:	jilles
MFC after:	2 weeks
2013-02-07 15:11:43 +00:00
Pietro Cerutti
71796d333c - Fix more style(9)-related issues (copyright header, spaces after function
names, unnecessary casts)
- Change type of boolean variable from char to bool

Suggested by:	jhb, zont, jmallett
Reviewed by:	cognet
Approved by:	cognet
2013-02-01 13:04:06 +00:00
Pietro Cerutti
646b68f04d - Remove underscores from the internal structure name, as it doesn't collide
with the user's namespace.

- Correct size and position variables type from long to size_t.

- Do not set errno to ENOMEM on malloc failure, as malloc already does so.

- Implement the concept of "buffer data length", which mandates what SEEK_END
  refers to and the allowed extent for a read.

- Use NULL as read-callback if the buffer is opened in write-only mode.
  Conversely, use NULL as write-callback when opened in read-only mode.

- Implement the handling of the ``b'' character in the mode argument. A binary
  buffer differs from a text buffer (default mode if ``b'' is omitted) in that
  NULL bytes are never appended to writes and that the "buffer data length"
  equals to the size of the buffer.

- Remove shall from the man page. Use indicative instead. Also, specify that
  the ``b'' flag does not conform with POSIX but is supported by glibc.

- Update the regression test so that the ``b'' functionality and the "buffer
  data length" concepts are tested.

- Minor style(9) corrections.

Suggested by:	jilles
Reviewed by:	cognet
Approved by:	cognet
2013-01-31 16:39:50 +00:00