When collation support was brought in, the second and third
arguments in __collate_range_cmp() were changed from int to
wchar_t, breaking the ABI. Change them to a "char" type which
makes more sense and keeps the ABI compatible.
Also introduce __wcollate_range_cmp() which does work with wide
characters. This function is used only internally in libc so
we don't export it. Use the new function in glob(3), fnmatch(3),
and regexec(3).
PR: 179721
Suggested by: ache. jilles
MFC after: 3 weeks (perhaps partial only)
Add some missing errno values to thr_new(2) and pthread_create(3).
In particular, EDEADLK was not documented in the latter.
While I'm here, improve some English and cross-references.
Reviewed by: kib
Sponsored by: Dell Inc.
Differential Revision: https://reviews.freebsd.org/D6663
It appears "sorted" may have not been implemented. Sorted or not,
we always follow the same action so simplify the code.
Leave a note for future generations.
CID: 1347084
Add text to thr_exit(2) and thr_new(2) discouraging their use in
applications since calling these in a process with libthr loaded will
confuse libthr and is likely to cause hangs or crashes.
The thr_kill2(2) call is not used by libthr and may be useful in special
applications.
The other calls can be used in applications but it should not be necessary.
The last argument of dbm_open() should be a mode_t according to POSIX;
not an int.
Reviewed by: pfg, kib
Differential Revision: https://reviews.freebsd.org/D6650
According to POSIX, it should use void *, not char *. Unfortunately, the
dsize field also has the wrong type. It should be size_t. I'm not going
to change that, as that will break the ABI.
Reviewed by: pfg
Differential Revision: https://reviews.freebsd.org/D6647
POSIX 2008 added the psignal() function which has already been part of
the BSDs for a long time. The only difference is, the POSIX version uses
an 'int' for the signal number, unlike our version which uses an
'unsigned int'. Fix up the function to use an 'int'. This should not
affect the ABI.
reading hard.
2) Instead of doing range transformation in each and every function here,
do it single time directly in do_rand(). One "mod" operation overhead is not
a big deal, but the code looks nicer and possible future functions additions
or PRNG change do not miss range transformations neither have unneeded ones.
3) Use POSIX argument types for visible functions (cosmetic).
MFC after: 1 week
harder.
2) ACM paper require seed to be in [1, 2^31-2] range, so use the same range
shifting as already done for rand(3). Also protect srandomdev() + TYPE_0 case
(non default) from negative seeds.
3) Don't check for valid "type" range in setstate(), it is always valid as
calculated. Instead add a check that rear pointer not exceeed end pointer.
MFC after: 1 week
Though the buffer used by l64a() is initialized with null bytes,
repetetive calls may end up having trailing garbage of previous
invocations because we don't end up terminating the string.
Instead of importing NetBSD's fix, use this opportunity to simplify this
function dramatically, for example by just storing the Base64 character
set in a string. There is also no need to do the bitmasking, as we can
just use the proper integer type from <stdint.h>.
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D6511
Change the behavior of when REG_STARTEND is combined with REG_NOTBOL.
From the original posting[1]:
"Enable the assumption that pmatch[0].rm_so is a continuation offset
to a string and allows us to do a proper assessment of the character
in regards to it's word position ('^' or '\<'), without risking going
into unallocated memory."
This change makes us similar to how glibc handles REG_STARTEND |
REG_NOTBOL, and is closely related to a soon-to-land fix to sed.
Special thanks to Martijn van Duren and Ingo Schwarze for working
out some consistent behaviour.
Differential Revision: https://reviews.freebsd.org/D6257
Taken from: openbsd-tech 2016-05-24 [1] (Martijn van Duren)
Relnotes: yes
MFC after: 1 month
I accidentally glossed over the fact that tmp is manipulated via strchr, so
if we tried to free `tmp` after r300385, it would have crashed.
Create a separate pointer (tmp2) to track the original allocation of `tmp`,
and free `tmp2` if `p->nc_lookups` can't be malloced
MFC after: 4 days
X-MFC with: r300385
Reported by: Coverity
CID: 1356026
Sponsored by: EMC / Isilon Storage Division
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
Differential Revision: https://reviews.freebsd.org/D6495
MFC after: 1 week
Reported by: Coverity
CID: 1038776
Reviewed by: markj, pfgj
Sponsored by: EMC / Isilon Storage Division
returning NULL:
"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a null pointer shall
be returned.
Although some implementations of random() have written messages to
standard error, such implementations do not conform to POSIX.1-2008."
2) Move error detections earlier to prevent state modifying.
MFC after: 1 week
If the buffer couldn't be adequately resized to accomodate an additional "\n",
it would leak resultbuf by breaking from the loop early
MFC after: 2 weeks
Reported by: Coverity
CID: 1016702
Sponsored by: EMC / Isilon Storage Division
was NULL
This would theoretically happen if the netconfig protocol family and protocol
semantics were never matched.
MFC after: 2 weeks
Reported by: Coverity
CID: 978179
Sponsored by: EMC / Isilon Storage Division
This mutes a false positive with cppcheck, but also helps eliminate future
potential issues with this variable
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
Fix some rather complex regex issues found on OpenBSD as part of some
ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but the
bugs were confirmed by running a port of FreeBSD's regex under OpenBSD's
malloc. Huge thanks to Ingo for confirming the behavior.
Taken from: Ingo Schwarze (through openbsd-tech 2016-05-15)
MFC after: 1 week
Specification, Version 2, but marked as legacy, and have been removed from
later specifications. After 12 years it is time to remove them from new
architectures when the main use for sbrk is an invalid method to attempt
to find how much memory has been allocated from malloc.
There are a few places in the tree that still call sbrk, however they are
not used on arm64. They will need to be fixed to cross build from arm64,
but these will be fixed in a follow up commit.
Old copies of binutils from ports called into sbrk, however this has been
fixed around 6 weeks ago. It is advised to update binutils on arm64 before
installing a world that includes this change.
Reviewed by: brooks, emaste
Obtained from: brooks
Relnotes: yes
Sponsored by: ABT Systems Ltd
Differential Revision: https://reviews.freebsd.org/D6464
intention of the POSIX IEEE Std 1003.1TM-2008/Cor 1-2013.
A robust mutex is guaranteed to be cleared by the system upon either
thread or process owner termination while the mutex is held. The next
mutex locker is then notified about inconsistent mutex state and can
execute (or abandon) corrective actions.
The patch mostly consists of small changes here and there, adding
neccessary checks for the inconsistent and abandoned conditions into
existing paths. Additionally, the thread exit handler was extended to
iterate over the userspace-maintained list of owned robust mutexes,
unlocking and marking as terminated each of them.
The list of owned robust mutexes cannot be maintained atomically
synchronous with the mutex lock state (it is possible in kernel, but
is too expensive). Instead, for the duration of lock or unlock
operation, the current mutex is remembered in a special slot that is
also checked by the kernel at thread termination.
Kernel must be aware about the per-thread location of the heads of
robust mutex lists and the current active mutex slot. When a thread
touches a robust mutex for the first time, a new umtx op syscall is
issued which informs about location of lists heads.
The umtx sleep queues for PP and PI mutexes are split between
non-robust and robust.
Somewhat unrelated changes in the patch:
1. Style.
2. The fix for proper tdfind() call use in umtxq_sleep_pi() for shared
pi mutexes.
3. Removal of the userspace struct pthread_mutex m_owner field.
4. The sysctl kern.ipc.umtx_vnode_persistent is added, which controls
the lifetime of the shared mutex associated with a vnode' page.
Reviewed by: jilles (previous version, supposedly the objection was fixed)
Discussed with: brooks, Martin Simmons <martin@lispworks.com> (some aspects)
Tested by: pho
Sponsored by: The FreeBSD Foundation
convname and dst are guaranteed to be non-NULL by iconv_open(3).
src is an array. Remove these tests for NULL pointers.
While I'm here, eliminate a strlcpy with a correct but suspicious-looking
calculation for the third parameter (i.e. not a simple sizeof).
Compare the strings in-place instead of copying.
Found by: bdrewery
Found by: Coverity
CID: 1130050, 1130056
MFC after: 3 days
Sponsored by: Dell Inc.
Differential Revision: https://reviews.freebsd.org/D6338
- Use fgetln instead of fgets; localize complexity related to fgetln(3)
inside the loop.
- Skip over blank lines.
- Skip over lines (properly) that start with a "#"
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
h_aliases is a NULL-terminated rather than fixed-length array. nitems() is not
a valid way to determine its end; instead, check for NULL.
Reported by: Coverity
CID: 1346578
Sponsored by: EMC / Isilon Storage Division
Although usually small, values produced by nitems() are unsigned.
Unsign inxdeing variables related to nitems() macros to avoid
signed vs. unsigned comparisons.
after r298107
Summary of changes:
- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
namespacing is kept with FILES appropriately, and that this shouldn't need
to be repeated if the namespace changes -- only the definition of PACKAGE
needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
`tests`. In the event we get to the point where things can be split up
enough in the base system, it would make more sense to group the tests
with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)
Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.
MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
While there, order EVFILT_VNODE notes descriptions alphabetically.
Based on submission, and tested by: Vladimir Kondratyev <wulf@cicgroup.ru>
MFC after: 2 weeks
the monitored directory as the result of rename(2) operation. The
renames staying in the directory are not reported.
Submitted by: Vladimir Kondratyev <wulf@cicgroup.ru>
MFC after: 2 weeks
a basic usage example. Although it is an
untypical example for the use of kqueue, it is
better than nothing and should get people started.
PR: 196844
Submitted by: fernando.apesteguia@gmail.com
Reviewed by: kib
Approved by: kib
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D6082
In matcher() we used an integer to index nsub of type size_t.
In print() we used an integer to index nstates of type sopno,
typedef'd long.
In both cases the indexes never take negative values.
Match the types to avoid any error.
MFC after: 5 days
According to style(9):
> normally, include <sys/types.h> OR <sys/param.h>, but not both.
(<sys/param.h> already includes <sys/types.h> when LOCORE is not defined).
We have an nitems() macro in the <sys/param.h> header that is
convenient to re-use as it makes things easier to read.
Given that it is available already without adding additional
headers and other parts of libc already use it, extend a bit
more its use.
When symver is in use these are hidden because they're not listed in
the Symbol.map. Add an explicit .hidden so they are also hidden in the
WITHOUT_SYMVER case.
Reviewed by: andrew
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5775
In r103767 the kern.ps_strings sysctl was added as the preferred way to
locate the ps_strings struct and is available in any FreeBSD release
supported within the last decade.
Reviewed by: kib
While here also cleanup some surrounding code; particularly
drop some malloc() casts.
Found with devel/coccinelle.
Reviewed by: bde (previous version - all new bugs are mine)
This fixes a major performance regression when reading db files such as
the pw database during a 'pkg install'.
MFC after: 1 week
Tested by: bapt
Reviewed by: bapt
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D5868
-fsanitize does not seem to work when a --sysroot is specified and there
is no <sysroot>/usr/lib/clang/3.8.0/lib/freebsd/libclang_rt.ubsan_standalone-*.a.
Sponsored by: EMC / Isilon Storage Division
MK_TOOLCHAIN==no disables building and installing of pic archives.
c_pic.a is still needed for rtld though so force it to build in lib/libc
and link directly to the objdir version of it for rtld.
Somehow this has been broken since r148725.
Sponsored by: EMC / Isilon Storage Division
i386 stopped exporting .cerror in r240152, and likewise for amd64 in
r240178. It is not used by other libraries on any platform, so apply
the same change to the remaining architectures.
Reviewed by: jhibbits, jilles
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5774
They are not used anywhere else in the base system and are an internal
implementation detail that does not need to be exposed.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5728
First, update the return types of aio_return() and aio_waitcomplete() to
ssize_t.
POSIX requires aio_return() to return a ssize_t so that it can represent
all return values from read() and write(). aio_waitcomplete() should use
ssize_t for the same reason.
aio_return() has used ssize_t in <aio.h> since r31620 but the manpage and
system call entry were not updated. aio_waitcomplete() has always
returned int.
Note that this does not require new system call stubs as this is
effectively only an API change in how the compiler interprets the return
value.
Second, allow aio_nbytes values up to IOSIZE_MAX instead of just INT_MAX.
aio_read/write should now honor the same length limits as normal read/write.
Third, use longs instead of ints in the aio_return() and aio_waitcomplete()
system call functions so that the 64-bit size_t in the in-kernel aiocb
isn't truncated to 32-bits before being copied out to userland or
being returned.
Finally, a simple test has been added to verify the bounds checking on the
maximum read size from a file.
These entries should have never been present since they only exist for
compat with FreeBSD 6.x (and older) binaries. This was missed in r296572.
Technically this breaks the ABI by removing versioned symbols. However,
no binaries should be linked against these symbols. No release has
shipped with a header that contained a prototype for these functions.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D5615
Further to r240152 (i386) and r240178 (amd64), hide the .cerror symbol
so that it is not exported if symbol versioning is not in use. Without
this change WITHOUT_SYMVER libc contains .text relocations for .cerror,
as described in LLVM PR 26813 (http://llvm.org/pr26813).
This is a no-op for the regular build as the symbol version script
already controls .cerror visibility.
PR: 207712
Submitted by: Rafael Espíndola
Reviewed by: jilles, kib
Differential Revision: https://reviews.freebsd.org/D5571
There is also a small portability crutch, also present in NetBSD,
to allow compiling on a system that doesn't define O_CLOEXEC.
Approved by: rpaulo (mentor)
Obtained from: NetBSD (r1.17, r1.18)
Differential Revision: https://reviews.freebsd.org/D5549
Avoid casting gymnastics that lead to pointer aliasing by introducing an
inline function as done in NetBSD (but without #if0'd WIP code).
Obtained from: NetBSD (CVS Rev. 1.24, 1.25)
According to POSIX, The mbtowc() function shall fail if:
[EILSEQ] An invalid character sequence is detected.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D5496
Obtained from: OpenBSD (Ingo Schwarze)
MFC after: 1 month
Add missing Symbol.map entry for __aligned_alloc.
Add weak-->strong symbol binding for
{malloc_stats_print,mallctl,mallctlnametomib,mallctlbymib} -->
{__malloc_stats_print,__mallctl,__mallctlnametomib,__mallctlbymib}. These
bindings complete the set necessary to allow applications to replace all
malloc-related symbols.
The rest of the manpage already referenced 'dstsize' but did not rename
the variable in the prototype in r257646.
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.
Sponsored by: EMC / Isilon Storage Division
make sure the changes are on disk. The people at pfSense noticed that
it didn't always make it to the disk soon enough with soft updates.
Differential Revision: https://reviews.freebsd.org/D5186
Reviewed by: garga, vangyzen, bapt, se
MFC after: 1 week
documented and easy to miss.
At the same time, it's pretty important for anyone who is trying to use
SEEK_HOLE/SEEK_DATA in real app. Try to bridge that gap by making that
description more pronounced and also document how it affects failure codes.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D5162
In such cases return ENOMEM. This is a limitation of our
implementation, alternatively you may consider getline(3).
Differential Revision: https://reviews.freebsd.org/D442 (Partial)
Obtained from: Apple Inc. (Libc 997.90.3)
Relnotes: yes
POSIX.1-2008 requires that successful completion simply return a
non-negative integer. We have regularly returned a constant value.
Another, equally valid, implementation convention implies returning
the number of bytes written.
Adopt this last convention to be in line with what Apple's libc
does. POSIX also explicitly notes:
Note that this implementation convention cannot be adhered to for strings
longer than {INT_MAX} bytes as the value would not be representable in the
return type of the function. For backwards-compatibility, implementations
can return the number of bytes for strings of up to {INT_MAX} bytes, and
return {INT_MAX} for all longer strings.
Developers shouldn't depend specifically on either convention but
the change may help port software from Apple.
Differential Revision: https://reviews.freebsd.org/D442 (Partial)
Obtained from: Apple Inc. (Libc 997.90.3 with changes)
Relnotes: yes
do not participate in the global symbols namespace, but rtld locks are
still replaced and functions are interposed. In particular,
__pthread_map_stacks_exec is resolved to the libc version. If a
library is loaded later, which requires adjustment of the stack
protection mode, rtld calls into libc __pthread_map_stacks_exec due to
the symbols scope. The libc version might recurse into binder and
recursively acquire rtld bind lock, causing the hang.
Make libc __pthread_map_stacks_exec() interposed, which synchronizes
rtld locks and version of the stack exec hook when libthr loaded,
regardless of the symbol scope control or symbol resolution order.
The __pthread_map_stacks_exec() symbol is removed from the private
version in libthr since libc symbol now operates correctly in presence
of libthr.
Reported and tested by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
the constraints on what needs to be installed in a specific to
maintain consistency during upgrades.
Create a new clibs package containing libraries that are needed
as a bare minimum for consistency.
With much help and input from: kib
Sponsored by: The FreeBSD Foundation
time ago, but for some reason it was not. Basically, without this change
dlopen(3)'ing an empty .so file would just cause application to dump core
with SIGSEGV.
Make sure the file has enough data for at least the ELF header before
mmap'ing it.
Add a test case to check that dlopen an empty file return an error.
There were a separate discussion as to whether it should be SIGBUS
instead when you try to access region mapped from an empty file,
but it's definitely SIGSEGV now, so if anyone want to check that please
be my guest.
Reviewed by: mjg, cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D5112
wraps sendmsg(2) and recvmsg(2) into batch send and receive operation.
The goal of this implementation is only to provide API compatibility
with Linux.
The cancellation behaviour of the functions is not quite right, but
due to relative rare use of cancellation it is considered acceptable
comparing with the complexity of the correct implementation. If
functions are reimplemented as syscalls, the fix would come almost
trivial. The direct use of the syscall trampolines instead of libc
wrappers for sendmsg(2) and recvmsg(2) is to avoid data loss on
cancellation.
Submitted by: Boris Astardzhiev <boris.astardzhiev@gmail.com>
Discussed with: jilles (cancellation behaviour)
MFC after: 1 month
This avoids reproducing the lex logic which had dependencies set wrong
and used an intermediate file for modifying the YY_BUF_SIZE.
This has only been possible since flex 2.5.37 was imported in r250873,
which uses #ifndef YY_BUF_SIZE.
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
nslexer.o depends on nsparser.h, which is already added by bsd.lib.mk
and .depend.
This reverts r237402.
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
intended behaviour in its man page. Simplify tty_drain() to match.
Don't call ttydevsw methods in tty_flush() if the device is gone
since we now sometimes call it then.
The flushing was supposed to be implemented by passing the FNONBLOCK
flag to VOP_CLOSE() for revoke(). The tty driver is one of the few
that can block in close and was one of the fewer that knew about this.
This almost worked in FreeBSD-1 and similarly in Net/2. These
versions only almost worked because there was and is considerable
confusion between IO_NDELAY and FNONBLOCK (aka O_NONBLOCK). IO_NDELAY
is only valid for VOP_READ() and VOP_WRITE(). For other VOPs it has
the same value as O_SHLOCK. But since vfs_subr.c and tty.c
consistently used the wrong flag and the O_SHLOCK flag is rarely set,
this mostly worked. It also gave the feature than applications could
get the non-blocking close by abusing O_SHLOCK.
This was first broken then fixed in 1995. I changed only the tty
driver to use FNONBLOCK, as a hack to get non-blocking via the normal
flag FNONBLOCK for last closes. I didn't know about revoke()'s use
of IO_NDELAY or change it to be consistent, so revoke() was broken.
Then I changed revoke() to match.
This was next broken in 1997 then fixed in 1998. Importing Lite2 made
the flags inconsistent again by undoing the fix only in vfs_subr.c.
This was next broken in 2008 by replacing everything in tty.c and not
checking any flags in last close. Other bugs in draining limited the
resulting unbounded waits to drain in some cases.
It is now possible to fix this better using the new FREVOKE flag.
Just restore flushing for revoke() for now. Don't restore or undo any
hacks for ordinary last closes yet. But remove dead code in the
1-second relative timeout (r272789). This did extra work to extend
the buggy draining for revoke() for as long as possible. The 1-second
timeout made this not very long by usually flushing after 1 second.
Submitted by: bde
MFC after: 2 weeks
by application closing its stdin (i.e. STDIN_FILENO) prior to
calling readpassphrase WITHOUT setting RPP_STDIN. What happens
then is that the readpassphrase would open /dev/tty, and since
file descriptors are reused, the call would return first unused
fd, which is 0 which is also STDIN_FILENO. Then due to the usage
of "input != STDIN_FILENO" in the code to do its logic, that
would result in noecho flags not set on that file descriptor,
which was original issue I've been trying to fix.
In addition to that, the readpassphrase() would leak file
descriptor on its way out, so fix that one as well.
This problem can be tested with:
$ ssh-add - < /tmp/myprivate.key
The password will not be hidden as it should and ktrace will
show:
53326 ssh-add CALL open(0x80142443c,0x100002<O_RDWR|O_CLOEXEC>,<unused>0x165f030)
53326 ssh-add NAMI "/dev/tty"
53326 ssh-add RET open 0
53326 ssh-add CALL sigprocmask(SIG_SETMASK,0x802eb1324,0x7fffffffd5e0)
53326 ssh-add RET sigprocmask 0
53326 ssh-add CALL sigaction(SIGALRM,0x7fffffffd630,0x7fffffffd610)
Instead of:
57690 ssh-add CALL open(0x80142443c,0x100002<O_RDWR|O_CLOEXEC>,<unused>0x165f030)
57690 ssh-add NAMI "/dev/tty"
57690 ssh-add RET open 4
57690 ssh-add CALL ioctl(0x4,TIOCGETA,0x7fffffffd860)
57690 ssh-add RET ioctl 0
57690 ssh-add CALL ioctl(0x4,TIOCSETAF,0x7fffffffd680)
57690 ssh-add RET ioctl 0
57690 ssh-add CALL sigprocmask(SIG_SETMASK,0x802eb1324,0x7fffffffd620)
57690 ssh-add RET sigprocmask 0
57690 ssh-add CALL sigaction(SIGALRM,0x7fffffffd670,0x7fffffffd650)
For the case when the key is read from the file.
Technically this can also be workaround'ed at the application side
by not closing the STDIN_FILENO in the first place, but readpassphrase(3)
doesn't need to make any assumptions about that. Plus the file descriptor
leak confirms that this is an oversight, rather than a deliberate behaviour.
MFC after: 1 week
This bug could be reproduced easily by calling sem_open() with O_CREAT |
O_EXCL on a semaphore that is already open in the process. The struct
sem_nameinfo would be freed while still in sem_list and later calls to
sem_open() or sem_close() could access freed memory.
PR: 206396
MFC after: 5 days
All gmon want's is a region of memory without the overhead of malloc().
Just mapping some pages with mmap is an easy way to accomplish this.
Approved by: jhb, cem, emaste
Obtained from: CheriBSD (bf33e1e70b368ababde74aa3ac70d108c8a52c69)
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D5005
The PSEUDO* macros should not declare <syscall>, only _<syscall> and
__sys_<syscall>. This was causing the interposing C wrappers to be
ignored due to link order.
Reviewed by: kib
Obtained from: CheriBSD (4e8e13c90fc6a80e1520de44a6864cfd78b3b56d)
MFC after: 1 week
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D4097
tdelete() is supposed to return the address of the parent node that has
been deleted. We already keep track of this node in the loop between
lines 94-107. The GO_LEFT()/GO_RIGHT() macros are used later on as well,
so we must make sure not to change it to something else.
terminated.
If this buffer is adjacent to an unmapped page or a version of C with
bounds checked is used this may result in a crash.
PR: 206178
Submitted by: Alexander Cherepanov <cherepan@mccme.ru>
MFC after: 1 week
terminated.
If this buffer is adjacent to an unmapped page or a version of C with
bounds checked is used this may result in a crash.
PR: 206177
Submitted by: Alexander Cherepanov <cherepan@mccme.ru>
MFC after: 1 week
* Fix __FreeBSD_version check.
* Update history section in man page.
An MFC of this commit to stable/10 will allow using the new system calls
instead of the fallback.
MFC after: 3 days
This fixes the potential NULL pointer dereference properly, and also fixes
memory leaks encountered in the process of iterating through `*rp`.
MFC after: 1 week
Found by: Valgrind
Reported by: Dan Roberts <dan.roberts@isilon.com>
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
__rpcbind_is_up(..) if getnetconfig(3) is partly successful in allocating
resources, but not completely successful by moving the endnetconfig(3) call
up before we return from the function if nconf == NULL.
MFC after: 1 week
Reported by: Coverity
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
In the event that the getconfig(3) call in svcunix_create is partly successful,
some of the netconfig(3) resources allocated might be leaked if the call returns
NULL as endnetconfig(3) wasn't called explicitly in that case. Ensure that the
resources are fully cleaned up by going to the `done` label, which will call
endnetconfig(3) for us.
MFC after: 1 week
Reported by: Coverity
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
up to now.
The new sendfile is the code that Netflix uses to send their multiple tens
of gigabits of data per second. The new implementation features asynchronous
I/O, when I/O operations are launched, but not awaited to be complete. An
explanation of why such behavior is beneficial compared to old one is
going to be too long for a commit message, so we will skip it here.
Additional features of new syscall are extra flags, which provide an
application more control over data sent. The SF_NOCACHE flag tells
kernel that data shouldn't be cached after it was sent. The SF_READAHEAD()
macro allows to specify readahead size in pages.
The new syscalls is a drop in replacement. No modifications are required
to applications. One can take nginx binary for stable/10 and run it
successfully on head. Although SF_NODISKIO lost its original sense, as now
sendfile doesn't block, and now means something completely different (tm),
using the new sendfile the old way is absolutely safe.
Celebrates: Netflix global launch!
Sponsored by: Nginx, Inc.
Sponsored by: Netflix
Relnotes: yes
Set _PATH_DEFPATH to
/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin. This is the
path in the default class in the default /etc/login.conf,
excluding ~/bin which would not be expanded properly in a string
constant.
For normal logins, _PATH_DEFPATH is overridden by /etc/login.conf,
~/.login_conf or shell startup files. _PATH_DEFPATH is still used as a
default by execlp(), execvp(), posix_spawnp() and sh if PATH is not set, and
by cron. Especially the latter is a common trap (most recently in PR
204813).
PR: 204813
Reviewed by: secteam (delphij), alfred
aligned on a int64_t boundary. However, when we allocate the array of
these structures, we use ALIGNBYTES which defaults to sizeof(int) on
arm, i386 and others. The i386 stuff can handle unaligned accesses
seemlessly. However, arm cannot. Take this into account when creating
the array of FILEs, and add some comments about why.
Differential Revision: https://reviews.freebsd.org/D4708
(CLOCK_REALTIME case) system calls is non negative.
This commit hides a kernel panic in atrtc_settime() as the clock_ts_to_ct()
does not properly convert negative tv_sec.
ps. in my opinion clock_ts_to_ct() should be rewritten to properly handle
negative tv_sec values.
Differential Revision: https://reviews.freebsd.org/D4714
Reviewed by: kib
MFC after: 1 week
Traditionally the hcreate() function creates a hash table that uses
chaining, using a fixed user-provided size. The problem with this
approach is that this often either wastes memory (table too big) or
yields bad performance (table too small). For applications it may not
always be easy to estimate the right hash table size. A fixed number
only increases performance compared to a linked list by a constant
factor.
This problem can be solved easily by dynamically resizing the hash
table. If the size of the hash table is at least doubled, this has no
negative on the running time complexity. If a dynamically sized hash
table is used, we can also switch to using open addressing instead of
chaining, which has the advantage of just using a single allocation for
the entire table, instead of allocating many small objects.
Finally, a problem with the existing implementation is that its
deterministic algorithm for hashing makes it possible to come up with
fixed patterns to trigger an excessive number of collisions. We can
easily solve this by using FNV-1a as a hashing algorithm in combination
with a randomly generated offset basis.
Measurements have shown that this implementation is about 20-25% faster
than the existing implementation (even if the existing implementation is
given an excessive number of buckets). Though it allocates more memory
through malloc() than the old implementation (between 4-8 pointers per
used entry instead of 3), process memory use is similar to the old
implementation as if the estimated size was underestimated by a factor
10. This is due to the fact that malloc() needs to perform less
bookkeeping.
Reviewed by: jilles, pfg
Obtained from: https://github.com/NuxiNL/cloudlibc
Differential Revision: https://reviews.freebsd.org/D4644
POSIX requires for the c99 compiler.
(In fact, our c99(1) already ignores -lxnet; but our make(1) doesn't set
${CC} correctly, and our cc(1) treats xnet like any other library.)
Reviewed by: kib
450 seconds
This is required on slower network connections, and on older releases
(stable/10 seems to be slower as far as name resolution goes.. not sure
why yet).
Remove an outdated comment in the Makefile from when I was working on
this code over a year ago on github
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
i386 is the only current FreeBSD architecture that ever used a.out
format.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D4687
The existing implementations of POSIX tsearch() and tdelete() don't
attempt to perform any balancing at all. Testing reveals that inserting
100k nodes into a tree sequentially takes approximately one minute on my
system.
Though most other BSDs also don't use any balanced tree internally, C
libraries like glibc and musl do provide better implementations. glibc
uses a red-black tree and musl uses an AVL tree.
Red-black trees have the advantage over AVL trees that they only require
O(1) rotations after insertion and deletion, but have the disadvantage
that the tree has a maximum depth of 2*log2(n) instead of 1.44*log2(n).
My take is that it's better to focus on having a lower maximum depth,
for the reason that in the case of tsearch() the invocation of the
comparator likely dominates the running time.
This change replaces the tsearch() and tdelete() functions by versions
that create an AVL tree. Compared to musl's implementation, this version
is different in two different ways:
- We don't keep track of heights; just balances. This is sufficient.
This has the advantage that it reduces the number of nodes that are
being accessed. Storing heights requires us to also access all of the
siblings along the path.
- Don't use any recursion at all. We know that the tree cannot 2^64
elements in size, so the height of the tree can never be larger than
96. Use a 128-bit bitmask to keep track of the path that is computed.
This allows us to iterate over the same path twice, meaning we can
apply rotations from top to bottom.
Inserting 100k nodes into a tree now only takes 0.015 seconds. Insertion
seems to be twice as fast as glibc, whereas deletion has about the same
performance. Unlike glibc, it uses a fixed amount of memory.
I also experimented with both recursive and iterative bottom-up
implementations of the same algorithm. This iterative top-down version
performs similar to the recursive bottom-up version in terms of speed
and code size.
For some reason, the iterative bottom-up algorithm was actually 30%
faster for deletion, but has a quadratic memory complexity to keep track
of all the parent pointers.
Reviewed by: jilles
Obtained from: https://github.com/NuxiNL/cloudlibc
Differential Revision: https://reviews.freebsd.org/D4412
Depending on system configuration and parameters, clock_gettime() and
gettimeofday() may not be system calls. If so, passing an invalid pointer
will cause a signal and not an [EFAULT] error.
From a standards perspective, this is OK since passing an invalid pointer is
undefined behaviour.
MFC after: 1 week
lib/libc/tests/nss
- Convert the testcases to ATF
- Do some style(9) cleanups:
-- Sort headers
-- Apply indentation fixes
-- Remove superfluous parentheses
- Explicitly print out debug printfs for use with `kyua {debug,report}`; for
items that were overly noisy, they've been put behind #ifdef DEBUG
conditionals
- Fix some format strings
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
system call information such as system call arguments. Initially this
will consist of pulling duplicated code out of truss and kdump though it
may prove useful for other utilities in the future.
This commit moves the shared utrace(2) record parser out of kdump into
the library and updates kdump and truss to use it. One difference from
the previous version is that the library version treats unknown events
that start with the "RTLD" signature as unknown events. This simplifies
the interface and allows the consumer to decide how to handle all
non-recognized events. Instead, this function only generates a string
description for known malloc() and RTLD records.
Reviewed by: bdrewery
Differential Revision: https://reviews.freebsd.org/D4537
In r289315, I added new fields to res_state. This broke binary
backward compatibility. It also broke some ports (and possibly
other code) by requiring the definition of time_t and struct timespec.
Fix these problems by moving the new fields into __res_state_ext.
Suggested by: ume
Reviewed by: ume
MFC after: 3 days
Sponsored by: Dell Inc.
Differential Revision: https://reviews.freebsd.org/D4472
RISC-V is a new ISA designed to support computer research and education, and
is now become a standard open architecture for industry implementations.
This is a minimal set of changes required to run 'make kernel-toolchain'
using external (GNU) toolchain.
The FreeBSD/RISC-V project home: https://wiki.freebsd.org/riscv.
Reviewed by: andrew, bdrewery, emaste, imp
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
Differential Revision: https://reviews.freebsd.org/D4445
When accepting a connection on underlying tcp socket rpc vc
transporter fails to populate local address. This change rectifies
this problem by modifying rendezvous_request() to fill out the xptr
structure member with appropriate information.
Submitted by: Alex Burlyga <alex.burlyga.ietf@gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D4206
clock_gettime(2) on ARMv7 and ARMv8 systems which have architectural
generic timer hardware. It is similar how the RDTSC timer is used in
userspace on x86.
Fix a permission problem where generic timer access from EL0 (or
userspace on v7) was not properly initialized on APs.
For ARMv7, mark the stack non-executable. The shared page is added for
all arms (including ARMv8 64bit), and the signal trampoline code is
moved to the page.
Reviewed by: andrew
Discussed with: emaste, mmel
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D4209
The normal LIBADD is ssp_nonshared. This also had a DPADD on LIBSSP which
does not actually exist, it is blank.
Sponsored by: EMC / Isilon Storage Division
- Create automatically generated include header for split.c
main.c:
- Use function definitions from debug.ih and split.ih instead of externs
Sponsored by: EMC / Isilon Storage Division
This is so that 'make depend' is not a required build step in these
files.
DPSRCS is overall unneeded. DPSRCS already contains SRCS, so anything
which can safely be in SRCS should be. DPSRCS is mostly just a way to
generate files that should not be linked into the final PROG/LIB. For
headers and grammars it is safe for them to be in SRCS since they will
be excluded during linking and installation.
The only remaining uses of DPSRCS are for generating .c or .o files that
must be built before 'make depend' can run 'mkdep' on the SRCS c files
list. A semi-proper example is in tests/sys/kern/acct/Makefile where a
checked-in .c file has an #include on a generated .c file. The
generated .c file should not be linked into the final PROG though since
it is #include'd. The more proper way here is just to build/link it in
though without DPSRCS. Another example is in sys/modules/linux/Makefile
where a shell script runs to parse a DPSRCS .o file that should not be
linked into the module. Beyond those, the need for DPSRCS is largely
unneeded, redundant, and forces 'make depend' to be ran. Generally,
these Makefiles should avoid the need for DPSRCS and define proper
dependencies for their files as well.
An example of an improper usage and why this matters is in usr.bin/netstat.
nl_defs.h was only in DPSRCS and so was not generated during 'make all',
but only during 'make depend'. The files including it lacked proper
depenencies on it, which forced running 'make depend' to workaround that
bug. The 'make depend' target should mostly be used for incremental build
help, not to produce a working build. This specific example was broken in
the meta build until r287905 since it does not run 'make depend'.
The gnu/lib/libreadline/readline case is fine since bsd.lib.mk has 'OBJS:
SRCS:M*.h' when there is no .depend file.
Sponsored by: EMC / Isilon Storage Division
MFC after: 1 week
Tracking these leads to situations where meta mode will consider the
file to be out of date if /bin/sh or /bin/ln are newer than the source
file. There's no reason for meta mode to do this as make is already
handling the rebuild dependency fine.
Sponsored by: EMC / Isilon Storage Division