Commit Graph

17710 Commits

Author SHA1 Message Date
Xin LI
854023f054 Add timingsafe_bcmp and timingsafe_memcmp.
Obtained from:	OpenBSD
Reviewed by:	trasz
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D7280
2016-08-14 23:38:50 +00:00
Adrian Chadd
cb916ce754 [mips] convert over =v to =r for the inline assembly.
Later gcc and clang have deprecated =v (which maps to a specific temp
register) and instead we should just use =r to have the assembler
(hopefully!) save/restore things appropriately after choosing
a register.

Tested:

* AR9344 SoC, with userreg support
* AR9331 SoC, with no userreg support

Sponsored by:	Sponsored by: DARPA, AFRL (MIPS TLS user register work)
2016-08-14 19:04:37 +00:00
Martin Matuska
cfa49a9b0b MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after:	3 days
2016-08-14 09:26:10 +00:00
Enji Cooper
8b8a0b8883 Initialize ai to NULL and test for ai with type-appropriate values
Depending on the address family and ai_flags containing AI_V4MAPPED,
it might not do a proper DNS lookup on the provided DNS address

Convert some `ai` boolean true/false checks to NULL/non-NULL while here.

MFC after:	1 week
PR:		211790
Reported by:	Herbie.Robinson@stratus.com
Sponsored by:	EMC / Isilon Storage Division
2016-08-13 02:05:06 +00:00
Enji Cooper
04ee829f13 Increase timeout from 10 minutes to 20 minutes for all tests
On particular slow networks, it can (on average) take longer to
resolve hosts to IP* addresses. 20 minutes seemed reasonable for
my work network

This will be solved in a more meaningful way (if possible) using
concurrency in the near future

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-08-13 01:49:11 +00:00
Konstantin Belousov
f214036e99 Move defines common between rtld and libsysdecode into the header,
instead of copying inline into sources.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2016-08-12 19:31:41 +00:00
Konstantin Belousov
68e9b1e8e1 Decode 32bit utrace records on the 64bit host.
Suppose that ktrace is performed on 32bit binary running on 64bit
host.  In this case, the kernel records are 64bit, while utrace
records from rtld and malloc are 32bit.  Make kdump useful to see
decoded utrace data in that case.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2016-08-12 07:54:59 +00:00
Ed Schouten
e2f6816100 Reimplement dirname(3) to be thread-safe.
Now that we've updated the prototypes of the basename(3) and dirname(3)
functions to conform to POSIX, let's go ahead and reimplement dirname(3)
in such a way that it's thread-safe, but also guaranteed to succeed. C
libraries like glibc, musl and the one that's part of Solaris already
follow such an approach.

Move the existing implementation to another source file,
freebsd11_dirname.c to keep existing users of the API that pass in a
constant string happy, using symbol versioning.

Put a new version of the function in dirname.c, obtained from CloudABI's
C library. This version scans through the pathname string from left to
right, normalizing it, while discarding the last pathname component.

Reviewed by:	emaste, jilles
Differential Revision:	https://reviews.freebsd.org/D7355
2016-08-12 07:03:58 +00:00
Ed Schouten
5f521d7ba7 Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision:	https://reviews.freebsd.org/D7306
2016-08-10 15:16:28 +00:00
John Baldwin
2a7f2aec96 Remove obsolete manpage that is not currently installed. 2016-08-09 22:10:40 +00:00
Pedro F. Giffuni
e49b19c64b libpcap: replace comma with semicolon when pertinent.
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.

Detected with devel/coccinelle following a hint from DragonFlyBSD.

MFC after:	1 month
2016-08-09 19:44:33 +00:00
Pedro F. Giffuni
8e60fa95cb libc/rpc: replace comma with semicolon when pertinent.
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.

Detected with devel/coccinelle following a hint from DragonFlyBSD.

MFC after:	1 month
2016-08-09 19:20:53 +00:00
Bryan Drewery
2af16ec8f2 Revert r298434 which should be fixed by r301287, r301394, and r301403.
PR:	208703, 208963
2016-08-08 17:59:59 +00:00
Adrian Chadd
b812fe4d6b [mips] add support for using the MIPS user register for TLS data.
This work, originally from Stacey Son, uses the MIPS UserReg for
reading the TLS data, and will fall back to the normal syscall path
when it isn't supported.

This code dynamically patches cpu_switch() to bypass the UserReg
instruction so to avoid generating a machine exception.

Thanks to sson for the original work, and to Dan Nelson for
bringing it to date and testing it on MIPS32 with me.

Tested:

* mips64 (sson)
* mips74k (dnelson_1901@yahoo.com) - AR9344 SoC, UserReg support
* mips24k (adrian) - AR9331 SoC, no UserReg support

Obtained from:	sson, dnelson_1901@yahoo.com
2016-08-07 01:29:55 +00:00
Konstantin Belousov
b585cd3e2c Add __cxa_thread_atexit(3) API implementation.
This is the backing feature to implement C++11 thread storage duration
specified by the thread_local keyword.  A destructor for given
thread-local object is registered to be executed at the thread
termination time using __cxa_thread_atexit().  Libc calls the
__cxa_thread_calls_dtors() during exit(3), before finalizers and
atexit functions, and libthr calls the function at the thread
termination time, after the stack unwinding and thread-specific key
destruction.

There are several uncertainties in the API which lacks a formal
specification.  Among them:
- is it allowed to register destructors during destructing;
	we allow, but limiting the nesting level.  If too many iterations
	detected, a diagnostic is issued to stderr and thread forcibly
	terminates for now.
- how to handle destructors which belong to an unloading dso;
	for now, we ignore destructor calls for such entries, and
	issue a diagnostic.  Linux does prevent dso unload until all
	threads with destructors from the dso terminated.
It is supposed that the diagnostics allow to detect real-world
applications relying on the above details and possibly adjust
our implementation.  Right now the choices were to provide the slim
API (but that rarely stands the practice test).

Tests are added to check generic functionality and to specify some of
the above implementation choices.

Submitted by:	Mahdi Mokhtari <mokhi64_gmail.com>
Reviewed by:	theraven
Discussed with:	dim (detection of -std=c++11 supoort for tests)
Sponsored by:	The FreeBSD Foundation (my involvement)
MFC after:	2 weeks
Differential revisions:	https://reviews.freebsd.org/D7224,
    https://reviews.freebsd.org/D7427
2016-08-06 13:32:40 +00:00
Konstantin Belousov
c3bbb3be4e Create namespace for the symbols added during 12-CURRENT cycle.
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-08-06 13:28:58 +00:00
Sergey Kandaurov
18ac59f431 Grammar fixes. 2016-08-04 11:38:53 +00:00
Sergey Kandaurov
eb6a434243 mdoc: The .Fn function. 2016-08-04 11:22:51 +00:00
Andrey A. Chernov
20e37fa8ca Although the code amount is not big, move POSIX error processing into
two sepatate functions to make glob(3) code less obscure and more simple.
There is no needs to make them inline since it is error path which supposed
to not happes often.
2016-08-03 09:09:34 +00:00
Ed Schouten
a813fdc6c3 mprotect(): Change prototype to comply to POSIX.
Our mprotect() function seems to take a "const void *" address to the
pages whose permissions need to be adjusted. POSIX uses "void *". Simply
stick to the POSIX one to prevent us from writing unportable code.

PR:		211423 (exp-run)
Tested by:	antoine@ (Thanks!)
2016-08-03 06:33:04 +00:00
Bryan Drewery
a8d890b4fb Add link for getnetgrent_r(3).
MFC after:	3 days
Sponsored by:	EMC / Isilon Storage Division
2016-08-02 23:46:32 +00:00
Conrad Meyer
ce601a2676 proc_init: Fix a few memory leaks of 'phdl'
In the normal case and correct failure cases, the 'phdl' pointer is passed to
callers to use or clean up as needed.  However, some failure cases returned
early, failing to export the phdl pointer.

This was introduced in the restructuring of r303533.

Reported by:	Coverity
CID:		1361070
Reviewed by:	markj
Sponsored by:	EMC / Isilon Storage Division
2016-08-02 18:13:50 +00:00
Ed Schouten
9c24291370 Fix up setgrent(3) to have a POSIX-compliant prototype.
Just like with freelocale(3), I haven't been able to find any piece of
code that actually makes use of this function's return value, both in
base and in ports. The reason for this is that FreeBSD seems to be the
only operating system to have such a prototype. This is why I'm deciding
to not use symbol versioning for this.

It does seem that the pw(8) utility depends on the function's typing and
already had a switch in place to toggle between the FreeBSD and POSIX
variant of this function. Clean this up by always expecting the POSIX
variant.

There is also a single port that has a couple of local declarations of
setgrent(3) that need to be patched up. This is in the process of being
fixed.

PR:		211394 (exp-run)
2016-07-31 08:05:15 +00:00
Andrey A. Chernov
000b8f832a In addition to prev. commit. Since potentially glob2() can return error
without setting errno, restore errno before its call.
2016-07-31 02:28:50 +00:00
Andrey A. Chernov
869eb80c16 Both C99 and POSIX directly prohibits any standard function to set errno
to 0. Breaking this rule in 2001 NetBSD hack was imported which attempts
to workaround very limited glob() return codes amount. Use POSIX-compatible
workaround now with E2BIG which can't comes from other functions used
instead of prohibited 0.
2016-07-31 01:14:06 +00:00
Andrey A. Chernov
15cb786674 Rework r303074 case 4. Don't immediatelly skip directory entries which
cause MAXPATHLEN exceeded. Process them first through gl_errfunc() and
GLOB_ERR.
2016-07-30 03:11:54 +00:00
Mark Johnston
4808a67805 libproc: Add proc_getmodel().
This is used by libdtrace to determine the data model of target processes.
This allows for the creation of pid provider probes in 32-bit processes on
amd64.

MFC after:	1 month
2016-07-30 03:09:23 +00:00
Mark Johnston
700244a246 Add descriptions for fields in struct proc_handle.
Remove the unused kq field and some unnecessary includes.

MFC after:	1 month
2016-07-30 03:07:14 +00:00
Mark Johnston
a7e13d50fe librtld_db: Use the auxv to figure out where to look up loader symbols.
Previously, librtld_db just hardcoded /libexec/ld-elf.so, which isn't
correct for processes that aren't using the native ABI. With this change,
librtld_db can be used to inspect non-native processes; in particular,
dtrace -c now works for 32-bit executables on amd64.

MFC after:	1 month
2016-07-30 03:05:23 +00:00
Andrey A. Chernov
e04d8562b6 Reset errno for readdirfunc() before contunue. 2016-07-30 02:09:11 +00:00
Baptiste Daroussin
999c1fd64b Remove usage of _WITH_DPRINTF 2016-07-30 01:16:06 +00:00
Baptiste Daroussin
04f36dc654 Remove last traces of _WITH_GETLINE 2016-07-30 01:13:54 +00:00
Baptiste Daroussin
dd47921eac Remove _WITH_GETLINE and _WITH_DPRINTF guards
When adding getline(3) and dprintf(3) into libc, those guards were added
to prevent breaking too many ports.

7 years later the ports tree have been fixed, it is time to remove this
FreeBSDism

While here remove the extra parenthesis surrounding dprintf(3)
2016-07-30 01:00:16 +00:00
Ed Schouten
718fe473dd Change the return type of freelocale(3) to void.
Our version of this function currently returns an integer indicating
failure or success, whereas POSIX specifies that this function has no
return value. It returns void. Patch up the header, sources and man page
to use the right type. While there, use the opportunity to simplify the
body of this function.

Theoretically speaking, this change breaks the ABI of this function.
That said, I have yet to find any code that makes use of freelocale()'s
return value. I couldn't find any of it in the base system, nor did an
exp-run reveal any breakage caused by this change.

PR:		211394 (exp-run)
2016-07-29 17:18:47 +00:00
Ed Schouten
329ecc7f94 Mention that basename(3) and dirname(3) will change in the future.
Update the existing manual pages for basename(3) and dirname(3) to
mention that in future versions of FreeBSD, these functions will no
longer use internal buffers for storing the results.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D7356
2016-07-29 16:25:09 +00:00
John Baldwin
57fe078650 Note that not all optional ptrace events use SIGTRAP.
New child processes attached due to PTRACE_FORK use SIGSTOP instead of
SIGTRAP.  All other ptrace events use SIGTRAP.
2016-07-28 20:51:29 +00:00
Ed Schouten
938809f941 Fix up prototypes of basename(3) and dirname(3) to comply to POSIX.
POSIX allows these functions to be implemented in a way that the
resulting string is stored in the input buffer. Though some may find
this annoying, this has the advantage that it makes it possible to
implement this function in a thread-safe way. It also means that they
can be implemented in a way that they work for paths of arbitrary
length, as the output string of these functions is never longer than
max(1, len(input)).

Portable code already needs to be written with this in mind, so in my
opinion it makes very little sense to allow the existing behaviour.
Prevent the base system from falling back to this by switching over to
POSIX prototypes.

I'm not going to bump the __FreeBSD_version for this. The reason is that
it's possible to account for this change in a portable way, without
depending on a specific version of FreeBSD. An exp-run was done some
time ago. As far as I know, all regressions as a result of this have
already been fixed.

I'll give this change some time to settle. In the long run I want to
replace our copies by ones that are thread-safe and don't depend on
PATH_MAX/MAXPATHLEN.
2016-07-28 16:20:27 +00:00
Ed Schouten
d9c4cd2fbc Change the return type of msgrcv() to ssize_t as required by POSIX.
It looks like the msgrcv() system call is already written in such a way
that the size is internally computed as a size_t and written into all of
td_retval[0]. This means that it is effectively already returning
ssize_t. It's just that the userspace prototype doesn't match up.
2016-07-28 12:22:01 +00:00
Ed Schouten
b4a395a41b Add NI_NUMERICSCOPE.
POSIX also declares NI_NUMERICSCOPE, which makes getnameinfo() return a
numerical scope identifier. The interesting thing is that support for
this is already present in code, but #ifdef disabled. Expose this
functionality by placing a definition for it in <netdb.h>.

While there, remove references to NI_WITHSCOPEID, as that got removed 11
years ago.
2016-07-28 10:05:41 +00:00
Konstantin Belousov
bf890e4877 Remove empty initializer for the once facility. It was not needed
since r179417.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2016-07-27 15:14:11 +00:00
Ed Schouten
8de6c26711 Fix typing of srandom() and initstate().
POSIX requires that these functions have an unsigned int for their first
argument; not an unsigned long.

My reasoning is that we can safely change these functions without
breaking the ABI. As far as I know, our supported architectures either
use registers for passing function arguments that are at least as big as
long (e.g., amd64), or int and long are of the same size (e.g., i386).

Reviewed by:	ache
Differential Revision:	https://reviews.freebsd.org/D6644
2016-07-26 20:11:29 +00:00
Andrey A. Chernov
a5ab035dd7 1) POSIX defines well when GLOB_NOMATCH or original pattern
(instead) should be returned, so we can't return GLOB_NOMATCH blindly
just because we dislike something in the pattern.

2) Remove extra condition.
2016-07-23 03:49:02 +00:00
Andrey A. Chernov
09264d7448 1) We need the original pattern (in the next round of changes) not only in
case it fully constructed, but for half-constructed too, so have no
other choice to pass original pattern from glob() down to globextend()
instead of attempt to reconstruct I implement previously.

2) Instead of copy&paste the same big enough code, make function for it:
globfinal().
2016-07-23 01:21:58 +00:00
John Baldwin
9c20dc9963 Add more documentation regarding unsafe AIO requests.
The asynchronous I/O changes made previously result in different
behavior out of the box. Previously all AIO requests failed with
ENOSYS / SIGSYS unless aio.ko was explicitly loaded. Now, some AIO
requests complete and others ("unsafe" requests) fail with EOPNOTSUPP.

Reword the introductory paragraph in aio(4) to add a general
description of AIO before describing the vfs.aio.enable_unsafe sysctl.

Remove the ENOSYS error description from aio_fsync(2), aio_read(2),
and aio_write(2) and replace it with a description of EOPNOTSUPP.

Remove the ENOSYS error description from aio_mlock(2).

Log a message to the system log the first time a process requests an
"unsafe" AIO request that fails with EOPNOTSUPP. This is modeled on
the log message used for processes using the legacy pty devices.

Reviewed by:	kib (earlier version)
MFC after:	1 week
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D7151
2016-07-21 22:49:47 +00:00
Ed Maste
60a4cd8411 libmd: strip local absolute symbols (to link with lld)
Old versions of gas produce an invalid section index. That is ignored by
old versions of ld, but prevents a link with lld.

Submitted by:	Rafael Ávila de Espíndola (earlier version)
Reviewed by:	allanjude
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6789
2016-07-21 18:47:51 +00:00
Andrey A. Chernov
bd7a98506c 1) GLOB_BRACE was somewhat broken. First it repeatedly calls glob0() in
globexp1() recursive calls, but glob0() was not supposed to be called
repeatedly in the original code. It finalize results by possible adding
original pattern for no match case, may return GLOB_NOMATCH error and
by sorting all things. Original pattern adding or GLOB_NOMATCH error
can happens each time glob0() called repeatedly, and sorting happens
for one item only, all things are never sorted. Second, f.e. "a{a"
pattern does not match "a{a" file but match "a" file instead
(just one example, there are many). Third, some errors (f.e. for limits
or overflow) can be ignored by GLOB_BRACE code because it forces return (0).
Add non-finalizing flag to glob0() and make globexp0() wrapper around
recursively called globexp1() to finalize things like glob0() does.
Reorganize braces code to work correctly.

2) Don't allow MB_CUR_MAX * strlen overallocation hits GLOB_LIMIT_STRING
(ARG_MAX) limit, use final string length, not malloced space for it.

3) Revive DEBUG-ifdefed section.
2016-07-21 12:53:36 +00:00
Niclas Zeising
2dc6ff9b9d Change wording to use function rather than system call in the description
as well.

Reviewed by:	brooks
MFC after:	5 days
2016-07-20 18:16:58 +00:00
Brooks Davis
a0a2a8b563 Update to reflect the fact that pipe() is a wrapper around the pipe2()
system call.

Reviewed by:	jhb, wblock
MFC after:	5 days
Sponsored by:	DAPRA, AFRL
Differential Revision:	https://reviews.freebsd.org/D6948
2016-07-20 18:02:07 +00:00
Andrey A. Chernov
7455a07a9f In addition to r303074 case 1, search for protected L'/' too in globtilde() 2016-07-20 12:46:21 +00:00
Andrey A. Chernov
aed721ec51 1) Per POSIX (and glibc) GLOB_NOCHECK should return original pattern,
unmodified, if no matches found. But our original code strips all '\'
returning it. Rewrite the code to allow to reconstruct exact the
original pattern with backslashes for this case.

2) Prevent to use truncated pattern if MAXPATHLEN exceeded, return
GLOB_NOMATCH instead.

3) Fix few end loop conditions filling Char arrays with mbrtowc(),
MB_CUR_MAX is unneeded in two places and condition is less by one
in other place.

4) Prevent to use truncated filenames match if MAXPATHLEN exceeded,
skip such directory entries.

5) Don't end *pathend with L'/' in glob3() if limit is reached, this
change will be not visible since error is returned.

6) If error happens in (*readdirfunc)(), do the same GLOB_ABORTED
processing as for g_opendir() as POSIX requires.
2016-07-20 07:30:44 +00:00