18951 Commits

Author SHA1 Message Date
emaste
5d14c78c8e allow posix_fallocate in capability mode
posix_fallocate is logically equivalent to writing zero blocks to the
desired file size and there is no reason to prevent calling it in
capability mode. posix_fallocate already checked for the CAP_WRITE
right, so we merely need to list it in capabilities.conf.

Reviewed by:	allanjude
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D12640
2017-10-12 15:45:53 +00:00
imp
640ae38df0 Move lib/libstand to sys/boot/libsa
Move the sources to sys/boot. Make adjustments related to the
move. Kill LIBSTAND_SRC since it's no longer needed.

Sponsored by: Netflix
2017-10-12 14:56:28 +00:00
imp
941c14fcba Add $FreeBSD$ to ancient sources that it's missing from.
Sponsored by: Netflix
2017-10-12 14:53:25 +00:00
imp
352b8c9173 Disconnect libstand from the build.
Remove libstand from the src/lib build. Remove LIBSTAND from
bsd.libnames.mk. Add affected files to the obsolete files list.

Sponsored by: Netflix
2017-10-09 22:12:57 +00:00
trasz
4462f97f62 capsicum_helpers: Add EVENT to default stdio rights set
Without it, calling caph_limit_stdio(3) breaks Irssi.

Reviewed by:	oshogbo
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12622
2017-10-08 17:29:43 +00:00
imp
c5ddd11381 Support armv7 builds for userland
Make armv7 as a new MACHINE_ARCH.

Copy all the places we do armv6 and add armv7 as basically an
alias. clang appears to generate code for armv7 by default. armv7 hard
float isn't supported by the the in-tree gcc, so it hasn't been
updated to have a new default.

Support armv7 as a new valid MACHINE_ARCH (and by extension
TARGET_ARCH).

Add armv7 to the universe build.

Differential Revision: https://reviews.freebsd.org/D12010
2017-10-05 23:01:33 +00:00
hselasky
a1144014f8 Add support for new cuse(3) error code, CUSE_ERR_NO_DEVICE.
This error code is useful when emulating Linux input event
devices from userspace.

PR:			218626
Submitted by:		jan.kokemueller@gmail.com
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2017-10-05 16:42:02 +00:00
bjk
9eddd5d91f mdoc style: start new sentence on new line 2017-10-04 12:58:30 +00:00
cy
0540e9667e Fix typo.
Reported by:	se
2017-10-04 09:54:59 +00:00
cy
39ad51ea1e Clarify the wording describing the stayopen flag.
MFC after:	1 week
2017-10-04 06:06:22 +00:00
brooks
67ff9a5216 Remove an unneeded and incorrect memset().
On Variant I TLS architectures (aarch64, arm, mips, powerpc, and riscv)
the __libc_allocate_tls function allocates thread local storage memory
with calloc(). It then copies initialization data over the portions with
non-zero initial values. Before this change it would then pointlessly
zero the already zeroed remainder of the storage. Unfortunately the
calculation was wrong and it would zero TLS_TCB_SIZE (2*sizeof(void *))
additional bytes.

In practice, this overflow only matters if the TLS segment is sized such
that calloc() allocates a less than TLS_TCB_SIZE extra memory. Even
then, the likely result will be zeroing part of the next bucket. This
coupled with the impact being confined to Tier II platforms means there
will be no security advisory for this issue.

Reviewed by:	kib, dfr
Discussed with:	security-officer (delphij)
MFC after:	1 week
Found by:	CHERI
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12547
2017-10-03 22:57:19 +00:00
trasz
533491cf99 Make procstat(1) recognize process descriptors, so that it shows
"P" instead of "?" in "procstat -af" output. Note that there are
still a few more DTYPE_* kinds we don't decode yet.

Reported by:	rwatson
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D12426
2017-10-03 11:45:24 +00:00
ru
567ae72107 Fixed description of msg_name/msg_namelen in recvmsg(). 2017-10-03 11:13:25 +00:00
glebius
7168fac388 Hide struct socket and struct unpcb from the userland.
Violators may define _WANT_SOCKET and _WANT_UNPCB respectively and
are not guaranteed for stability of the structures.  The violators
list is the the usual one: libprocstat(3) and netstat(1) internally
and lsof in ports.

In struct xunpcb remove the inclusion of kernel structure and add
a bunch of spare fields.  The xsocket already has socket not included,
but add there spares as well.  Embed xsockbuf into xsocket.

Sort declarations in sys/socketvar.h to separate kernel only from
userland available ones.

PR:		221820 (exp-run)
2017-10-02 23:29:56 +00:00
mizhka
cc1f74e813 [libthr] revert change of visibility of _thread_keytable to unbreak debugger
Fix regression by r318539. The sysutils/pstack uses library libthread_db to
read information about threads state. The function pt_ta_new makes lookup of
several key symbols including _thread_keytable. But r318539 mades this field
static. It causes silent ignore of libthr library by pstack and as result
sysutils/pstack doesn't output any thread information.

This fix changes this field back to non-static.

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D11738
2017-10-02 20:33:16 +00:00
mm
b2f0376b45 MFV r324145,324147:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #905: Support for Zstandard read and write filters
  PR #922: Avoid overflow when reading corrupt cpio archive
  Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
  OSS-Fuzz 2936: Place a limit on the mtree line length
  OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
  OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)

MFC after:	1 week
Security:	CVE-2017-14166, CVE-2017-14502
2017-10-01 00:40:23 +00:00
bdrewery
3f9dafbc2b __setrunelocale: Fix asprintf(3) failure not returning an error.
Also fix the style of the asprintf(3) call in __collate_load_tables_l().
Both of these lines were modified away from snprintf(3) during the
import from DragonFly/Illumos.

Reviewed by:	jilles (briefly over shoulder)
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-09-29 16:30:50 +00:00
cem
6a49c4a2ea capsicum_helpers: Add SEEK to default stdio rights set
PR:		219173
Sponsored by:	Dell EMC Isilon
2017-09-25 19:33:32 +00:00
mckusick
4c3c44cdd8 Continuing efforts to provide hardening of FFS, this change adds a
check hash to cylinder groups. If a check hash fails when a cylinder
group is read, no further allocations are attempted in that cylinder
group until it has been fixed by fsck. This avoids a class of
filesystem panics related to corrupted cylinder group maps. The
hash is done using crc32c.

Check hases are added only to UFS2 and not to UFS1 as UFS1 is primarily
used in embedded systems with small memories and low-powered processors
which need as light-weight a filesystem as possible.

Specifics of the changes:

sys/sys/buf.h:
    Add BX_FSPRIV to reserve a set of eight b_xflags that may be used
    by individual filesystems for their own purpose. Their specific
    definitions are found in the header files for each filesystem
    that uses them. Also add fields to struct buf as noted below.

sys/kern/vfs_bio.c:
    It is only necessary to compute a check hash for a cylinder
    group when it is actually read from disk. When calling bread,
    you do not know whether the buffer was found in the cache or
    read. So a new flag (GB_CKHASH) and a pointer to a function to
    perform the hash has been added to breadn_flags to say that the
    function should be called to calculate a hash if the data has
    been read. The check hash is placed in b_ckhash and the B_CKHASH
    flag is set to indicate that a read was done and a check hash
    calculated. Though a rather elaborate mechanism, it should
    also work for check hashing other metadata in the future. A
    kernel internal API change was to change breada into a static
    fucntion and add flags and a function pointer to a check-hash
    function.

sys/ufs/ffs/fs.h:
    Add flags for types of check hashes; stored in a new word in the
    superblock. Define corresponding BX_ flags for the different types
    of check hashes. Add a check hash word in the cylinder group.

sys/ufs/ffs/ffs_alloc.c:
    In ffs_getcg do the dance with breadn_flags to get a check hash and
    if one is provided, check it.

sys/ufs/ffs/ffs_vfsops.c:
    Copy across the BX_FFSTYPES flags in background writes.
    Update the check hash when writing out buffers that need them.

sys/ufs/ffs/ffs_snapshot.c:
    Recompute check hash when updating snapshot cylinder groups.

sys/libkern/crc32.c:
lib/libufs/Makefile:
lib/libufs/libufs.h:
lib/libufs/cgroup.c:
    Include libkern/crc32.c in libufs and use it to compute check
    hashes when updating cylinder groups.

Four utilities are affected:

sbin/newfs/mkfs.c:
    Add the check hashes when building the cylinder groups.

sbin/fsck_ffs/fsck.h:
sbin/fsck_ffs/fsutil.c:
    Verify and update check hashes when checking and writing cylinder groups.

sbin/fsck_ffs/pass5.c:
    Offer to add check hashes to existing filesystems.
    Precompute check hashes when rebuilding cylinder group
    (although this will be done when it is written in fsutil.c
    it is necessary to do it early before comparing with the old
    cylinder group)

sbin/dumpfs/dumpfs.c
    Print out the new check hash flag(s)

sbin/fsdb/Makefile:
    Needs to add libufs now used by pass5.c imported from fsck_ffs.

Reviewed by: kib
Tested by: Peter Holm (pho)
2017-09-22 12:45:15 +00:00
oshogbo
0e3fd3e4f5 Remove redundant initialization. Don't use variable - just return the value.
Make scan-build happy by casting to 'void *' instead of 'void **'.

Submitted by:	pjd@
MFC after:	1 month
Found by:	scan-build and cppcheck
Sponsored by:	Wheel Systems
2017-09-21 10:00:16 +00:00
gordon
8166f0a416 MFV r323678: file 5.32
Approved by:	emaste (mentor)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D12400
2017-09-17 19:14:38 +00:00
emaste
007c856ab0 libsysdecode: report invalid cap_rights_t
Previously we'd have an assertion failure in cap_rights_is_set if
sysdecode_cap_rights is called with an invalid cap_rights_t, so test for
validity first.

PR:		222258
Reviewed by:	cem
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D12391
2017-09-17 14:03:54 +00:00
emaste
e7f9540c57 rename(2): document capability mode errors
Reviewed by:	allanjude
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D12339
2017-09-15 20:12:38 +00:00
emaste
ef0d618050 open(2): update ENOTCAPABLE description for .. lookups
After r308212 Capsicum permits .. lookups in capability mode, as long as
path component traversal does not escape the directory corresponding to
the provided file descriptor.

We should add a description of the vfs.lookup_cap_dotdot and
vfs.lookup_cap_dotdot_nonlocal sysctls, perhaps as a cross-reference to
capsicum(4). I intend to look at that soon.

Reviewed by:	bjk, cem, kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D12343
2017-09-15 20:05:55 +00:00
pfg
e12d536434 libedit: raise the warning level to 3.
NetBSD has the warning level to 5 but that actually triggers -Wcast-qual.
2017-09-14 19:50:07 +00:00
kib
e916723903 Silently handle freeaddrinfo(NULL) for compatibility with code which
works on other OSes.  Also avoid unnecessary NULL check, free(NULL) is
valid.

Reviewed by:	bjk (man page), hrs, hselasky, ume
Sponsored by:	Mellanox Technologies
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D12354
2017-09-14 19:18:24 +00:00
jhb
eadebd68d1 Add ptrace operations to fetch and store VFP registers.
Reviewed by:	mmel, kib
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D12294
2017-09-14 15:03:43 +00:00
pfg
8b9ca7cc8f libedit: add missing bracket.
We never hit this because we always build with widechar support.

Reported by:	cognet
MFC after:	3 days
2017-09-13 16:13:14 +00:00
imp
fe47a5f058 Minor fixes to edge cases in efi_get_next_variable_name
Fix allocating more memory for the names (unlikely to be needed, but
still best to get right) to ask for the length the kernel told use we
needed, not the old length of the variable. Mind the proper NUL that
we add in the space we allocate. Free the old name string before we
allcoate a new one to limit what we leak to the last one (free passed
in name for the last one in the list), and detect the last one by rv
!= 0 and errno == ENOENT, rather then just the former to avoid false
positives if errno happens to be ENOENT on entry.

Sponsored by: Netflix
2017-09-13 04:32:23 +00:00
tsoome
29ac4b37c7 libstand: tftp_open() can leak pkt on error
The memory can be leaked if we will have pkt set and will get an error
during tftp_open() processing.

Differential Revision:	https://reviews.freebsd.org/D12202
2017-09-12 13:51:18 +00:00
cem
231b5e6b30 libgeom: Remove redundant and duplicated code
In g_open(), g_device_path_open().

No functional change.

Sponsored by:	Dell EMC Isilon
2017-09-08 15:44:52 +00:00
theraven
daa30798d5 Document some invariants for the XLC_ enum.
These can't be reordered without breaking other code.  Document that and add
some static asserts to ensure that anyone who tries gets build failures.
2017-09-07 17:51:35 +00:00
imp
18f0e7a9b6 Implement efidp_size
efidp_size will return the size, in bytes, of a EFI device path
structure. This is a convenience wrapper in the same style as the
other linux routines. It's implemented by GetDevicePathSize from EDK2
we already needed for other things.

Sponsored by: Netflix
2017-09-07 07:30:14 +00:00
dim
c9fdfda4f3 Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
5.0.0 release (upstream r312559).

Release notes for llvm, clang and lld will be available here soon:
<http://releases.llvm.org/5.0.0/docs/ReleaseNotes.html>
<http://releases.llvm.org/5.0.0/tools/clang/docs/ReleaseNotes.html>
<http://releases.llvm.org/5.0.0/tools/lld/docs/ReleaseNotes.html>

Relnotes:	yes
MFC after:	1 month
X-MFC-with:	r321369
2017-09-06 21:21:13 +00:00
kib
3e6224e523 Skylake server core PMC support for hwpmc(4).
Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
Hardware provided by:	Intel
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D12221
2017-09-06 17:19:48 +00:00
kib
054181069c Minor style changes to make forthcoming code stand out less.
Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
X-Differential revision:	https://reviews.freebsd.org/D12221
2017-09-06 17:14:23 +00:00
markj
896c46065a Avoid keeping a dangling pointer when the mappings array is resized.
Sponsored by:	Dell EMC Isilon
2017-09-06 16:24:34 +00:00
rlibby
da1419e8f5 libefivar: -fno-strict-aliasing
Avoid dealing with some code that uses type-punned pointers.

See D12210 and D12211 for more background.

Reviewed by:	imp
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12219
2017-09-04 18:59:44 +00:00
jhb
7735433fd2 Decode pathconf() names, *at() flags, and sysarch() numbers in libsysdecode.
Move tables that were previously in truss over to libsysdecode.  truss
output is unchanged, but kdump has been updated to decode these fields.
In addition, sysdecode_sysarch_number() should support all platforms
whereas the old table in truss only supported x86.
2017-09-04 05:34:36 +00:00
dim
31c8df9a8a Upgrade our copies of clang, llvm, lldb and compiler-rt to r312293 from
the upstream release_50 branch.  This corresponds to 5.0.0 rc4.

As of this version, the cad/stepcode port should now compile in a more
reasonable time on i386 (see bug 221836 for more information).

PR:		221836
MFC after:	2 months
X-MFC-with:	r321369
2017-09-01 18:53:36 +00:00
tsoome
aff42a2416 libstand: nfs_readlink() should return proper return code
The nfs_readlink() is returning constant 0 instead of variable.

Reviewed by:	avg
Differential Revision:	https://reviews.freebsd.org/D12201
2017-09-01 16:40:12 +00:00
imp
9d81eeca1d Fix parsing File() nodes in device paths.
o Add File to the mUefiDevicePathLibDevPathFromTextTable table so we
  don't include 'File()' in the supposed path name. This happens because
  of a possible misfeature in the EDK2 code where any path that's not
  recognized is treated as a File() node.
o Convert utf8 input into ucs2 output rather than just copying the
  utf8 and hoping for the best (no good comes from that).
o Remove bogus comment about needing to add 1. The dummy array already
  is length 1, so that's included in sizeof the struct, so there's no
  need to add it.

Sponsored by: Netflix
2017-08-31 15:53:47 +00:00
imp
6acd73c21f Fix printing File() nodes in device paths.
Device paths encoded into the FILEPATH_DEVICE_PATH are UCS2 not
ASCII/UTF8. Convert to utf8 and print that when printing File
paths. Also, since File may be at the end of a long device path,
output File() around the path so it doesn't just show up as random
nodes that might accidentally match real node paths names and cause
errors.
2017-08-31 15:53:27 +00:00
jhb
9d9338ffa9 Don't include GNU object attributes when building with clang.
LLVM's MIPS assembler parser does not understand the GNU as
'.gnu_attribute' keyword.  This could be re-enabled if LLVM is updated
in the future.  The desired floating point ABI is already described in
the .MIPS.abiflags section.

Reviewed by:	emaste
Sponsored by:	DARPA / AFRL
2017-08-30 19:19:31 +00:00
dim
190dc1f5bf Follow-up to r323001: if the actually selected CPUTYPE is capable of
SSE2 instructions, we can use them.

Suggested by:	jkim
PR:		221733
MFC after:	1 week
X-MFC-With:	r323001
2017-08-30 07:05:29 +00:00
rlibby
77c4ecfe11 lib/msun: add more csqrt unit tests for precision and overflow
Reviewed by:	bde
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
2017-08-29 22:37:24 +00:00
rlibby
965d0458ac lib/msun: avoid referring to broken LDBL_MAX
LDBL_MAX is broken on i386:
https://lists.freebsd.org/pipermail/freebsd-numerics/2012-September/000288.html

Gcc has produced +Infinity for LDBL_MAX on i386 and amd64 with -m32
for some time, and newer versions of gcc are now warning that the
"floating constant exceeds range of 'long double'".  Avoid this by
referring to proxy values instead.

Reviewed by:	bde
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
2017-08-29 22:32:29 +00:00
dim
860be99e46 In compiler-rt, a few assembler implementations for i386 floating point
conversion functions use SSE2 instructions, but these are not guarded by
#ifdef __SSE2__, and there is no implementation using general purpose
registers.  For these functions, use the generic C variants instead,
otherwise they will cause SIGILL on older processors.

Reported by:	bsdpr@phoe.frmug.org
PR:		221733
MFC after:	1 week
2017-08-29 21:45:00 +00:00
pfg
ff804a52d6 libc: minor indent(1) cleanups.
Illumos and Schillix is adopting some of the locale code and our style(9)
sometimes matches the Solaris cstyle, so the changes are also useful as a
way to reduce diffs.

No functional change.

Discussed with: Joerg Schilling
MFC after:	1 week
2017-08-26 16:11:21 +00:00
ngie
10f7d285ad Revert r321457
It doesn't fail after ^/head@r322855 (the releng_50 clang merge).

PR:	220989
MFC after:	2 months
MFC with:	r321369, r322855
2017-08-26 06:44:50 +00:00