Commit Graph

1450 Commits

Author SHA1 Message Date
dougb
29c48cd31f Document that flock can return ENOLCK 2011-11-10 06:20:18 +00:00
jhb
78c075174e Add the posix_fadvise(2) system call. It is somewhat similar to
madvise(2) except that it operates on a file descriptor instead of a
memory region.  It is currently only supported on regular files.

Just as with madvise(2), the advice given to posix_fadvise(2) can be
divided into two types.  The first type provide hints about data access
patterns and are used in the file read and write routines to modify the
I/O flags passed down to VOP_READ() and VOP_WRITE().  These modes are
thus filesystem independent.  Note that to ease implementation (and
since this API is only advisory anyway), only a single non-normal
range is allowed per file descriptor.

The second type of hints are used to hint to the OS that data will or
will not be used.  These hints are implemented via a new VOP_ADVISE().
A default implementation is provided which does nothing for the WILLNEED
request and attempts to move any clean pages to the cache page queue for
the DONTNEED request.  This latter case required two other changes.
First, a new V_CLEANONLY flag was added to vinvalbuf().  This requests
vinvalbuf() to only flush clean buffers for the vnode from the buffer
cache and to not remove any backing pages from the vnode.  This is
used to ensure clean pages are not wired into the buffer cache before
attempting to move them to the cache page queue.  The second change adds
a new vm_object_page_cache() method.  This method is somewhat similar to
vm_object_page_remove() except that instead of freeing each page in the
specified range, it attempts to move clean pages to the cache queue if
possible.

To preserve the ABI of struct file, the f_cdevpriv pointer is now reused
in a union to point to the currently active advice region if one is
present for regular files.

Reviewed by:	jilles, kib, arch@
Approved by:	re (kib)
MFC after:	1 month
2011-11-04 04:02:50 +00:00
pluknet
c8a358b279 Fix typo in timer_getoverrun cross-reference.
MFC after:	3 days
2011-10-26 14:26:10 +00:00
des
9b8d9b3ed1 Add a new trace point, KTRFAC_CAPFAIL, which traces capability check
failures.  It is included in the default set for ktrace(1) and kdump(1).
2011-10-11 20:37:10 +00:00
des
71b88d2a56 Line up the struct declaration (yes, I know this isn't what it looks
like in the header file)
2011-10-09 10:58:58 +00:00
des
8f48698d32 Document some not-so-recently added trace points.
MFC after:	1 week
2011-10-09 10:55:15 +00:00
kib
e2b10ad687 Remove no longer needed BUGS section.
MFC after:	1 month
2011-10-06 17:35:38 +00:00
kib
9fc0ff740a Remove no longer valid statement about ARM.
MFC after:	1 month
2011-10-04 13:15:12 +00:00
kib
a9e2c1ebfb Clarify the behaviour of sigwait() on signal interruption, and note
the difference between sigwait() and sigtimedwait()/sigwaitinfo().

Approved by:	re (bz)
2011-08-25 10:00:38 +00:00
jonathan
5ecd1c9d40 Add experimental support for process descriptors
A "process descriptor" file descriptor is used to manage processes
without using the PID namespace. This is required for Capsicum's
Capability Mode, where the PID namespace is unavailable.

New system calls pdfork(2) and pdkill(2) offer the functional equivalents
of fork(2) and kill(2). pdgetpid(2) allows querying the PID of the remote
process for debugging purposes. The currently-unimplemented pdwait(2) will,
in the future, allow querying rusage/exit status. In the interim, poll(2)
may be used to check (and wait for) process termination.

When a process is referenced by a process descriptor, it does not issue
SIGCHLD to the parent, making it suitable for use in libraries---a common
scenario when using library compartmentalisation from within large
applications (such as web browsers). Some observers may note a similarity
to Mach task ports; process descriptors provide a subset of this behaviour,
but in a UNIX style.

This feature is enabled by "options PROCDESC", but as with several other
Capsicum kernel features, is not enabled by default in GENERIC 9.0.

Reviewed by: jhb, kib
Approved by: re (kib), mentor (rwatson)
Sponsored by: Google Inc
2011-08-18 22:51:30 +00:00
rwatson
0920e246c6 Cross-reference cap_new(2) from dup(2), as they have similar functionality.
Approved by:	re (kib)
2011-08-14 12:41:44 +00:00
jonathan
f77ff62fcd Add cap_new(2) and cap_getrights(2) symbols to libc.
These system calls have already been implemented in the kernel; now we
hook up libc symbols so userspace can drive them.

Approved by: re (kib), mentor (rwatson)
Sponsored by: Google Inc
2011-07-20 13:29:39 +00:00
kib
9ddcdc3611 Document RFTSIGZMB. Fix spelling of SIGCHLD. Note that signals are
delivered, not returned.

MFC after:	1 week
2011-07-12 20:38:42 +00:00
obrien
c0a3f38f33 Note how wait(3) is implemented. 2011-06-18 00:53:51 +00:00
jilles
3ee406db52 mq_setattr(2): Add missing const to man page.
The declaration in the header file is correct.

MFC after:	1 week
2011-05-17 21:03:34 +00:00
pluknet
d1dccbde28 Update sticky(7) cross references.
PR:		docs/124468
X-MFC with:	r218998
2011-05-13 16:29:57 +00:00
gjb
af070d163b - Clarification on kld_file_stat.size
- While here, remove a few C comments that don't seem to contribute
  anything additional to the man page.

PR:		146047
Submitted by:	arundel
MFC after:	3 days
2011-04-23 20:59:58 +00:00
mdf
9c9a32d97b Add the posix_fallocate(2) syscall. The default implementation in
vop_stdallocate() is filesystem agnostic and will run as slow as a
read/write loop in userspace; however, it serves to correctly
implement the functionality for filesystems that do not implement a
VOP_ALLOCATE.

Note that __FreeBSD_version was already bumped today to 900036 for any
ports which would like to use this function.

Also reserve space in the syscall table for posix_fadvise(2).

Reviewed by:	-arch (previous version)
2011-04-18 16:32:22 +00:00
jilles
413a619804 getfh(2): Add xrefs for fhopen(2), open(2), stat(2).
MFC after:	1 week
2011-04-14 22:06:11 +00:00
kib
2e921d1b1b Fix mdoc errors.
Submitted by:	ru
MFC after:	3 days
2011-04-01 19:57:27 +00:00
trasz
d5fad1aac8 Expose the rctl(2) API in libc. 2011-03-30 18:08:31 +00:00
kib
4dc12088a1 Document O_CLOEXEC.
Reviewed by:	jhb
MFC after:	1 week
2011-03-25 14:01:18 +00:00
marcel
70f17b3a42 When building libc with the syscall compatibility, don't also generate the
syscall assembly files. This results in conflicting dependencies and can
cause unexpected results for parallel builds. This is because the .c file
and the .S file both generate the same .o file.

Submitted by:	Simon Gerraty <sjg@juniper.net>
Sponsored by:	Juniper Networks
2011-03-17 04:40:37 +00:00
jilles
b7fd4888f8 rfork(2): Discourage rfork_thread-like approaches.
Calling rfork_thread(3) does not interoperate with pthreads and global state
is not properly protected.

Remove the BUGS section suggesting LinuxThreads entirely. With the current
pthread library libthr, all threads are kernel-level entities so there seems
little reason to use LinuxThreads.
2011-03-15 23:51:47 +00:00
rwatson
e7e662134b Move cap_enter(2) and cap_getmode(2) symbols from FBSD_1.1 to FBSD_1.2.
Suggested by:	kib
Obtained from:	Capsicum Project
Sponsored by:	Google
MFC after:	3 months
2011-03-12 12:10:17 +00:00
trasz
fb78109e59 Move getloginclass(2) and setloginclass(2) to FBSD_1.2, where they should've
been added in the first place.
2011-03-06 08:55:36 +00:00
trasz
3212fe1acf Add FBSD_1.2; syscalls added in 9-CURRENT are supposed to go there.
Suggested by:	kib
2011-03-06 08:52:59 +00:00
trasz
d9bca0ab24 Add manual page for getloginclass(2) and setloginclass(2). 2011-03-06 08:35:50 +00:00
trasz
62f6a13e39 Add two new system calls, setloginclass(2) and getloginclass(2). This makes
it possible for the kernel to track login class the process is assigned to,
which is required for RCTL.  This change also make setusercontext(3) call
setloginclass(2) and makes it possible to retrieve current login class using
id(1).

Reviewed by:	kib (as part of a larger patch)
2011-03-05 12:40:35 +00:00
rwatson
817c148c9f Make cap_new(2) and cap_getmode(2) symbols from libc public so applications
can link against them.  Add man pages for the new system calls, with one
errant forward reference to changes not yet present in FreeBSD, but soon
will be.

Reviewed by:	anderson
Obtained from:	Capsicum Project
Sponsored by:	Google, Inc.
Discussed with:	benl, kris, pjd
MFC after:	3 months
2011-03-03 11:31:08 +00:00
rwatson
698cb59fd5 Add description of ECAPMODE to errno(2) man page.
Discussed with: anderson
Obtained from:  Capsicum Project
Sponsored by:   Google, Inc.
MFC after:      3 months
2011-03-03 11:29:48 +00:00
pluknet
3061aea0d2 Remove sysctl vm.max_proc_mmap used to protect from KVA space exhaustion.
As it was pointed out by Alan Cox, that no longer serves its purpose with
the modern UMA allocator compared to the old one used in 4.x days.

The removal of sysctl eliminates max_proc_mmap type overflow leading to
the broken mmap(2) seen with large amount of physical memory on arches
with factually unbound KVA space (such as amd64).  It was found that
slightly less than 256GB of physmem was enough to trigger the overflow.

Reviewed by:	alc, kib
Approved by:	avg (mentor)
MFC after:	2 months
2011-02-24 09:22:56 +00:00
kib
736c72ab1a Emit .note.GNU-stack for the syscall stubs generated by libc only on
architectures that support this .note. In particular, do not unneccessary
emit the notes on ia64 and sparc64, which ABI require non-executable stacks.

Tested by:	marcel
2011-01-25 21:06:49 +00:00
kib
de1b195cba Document PT_FLAG_FORKED, PT_FOLLOW_FORK, pl_tdname and pl_child_pid.
MFC after:	2 weeks
2011-01-25 11:02:12 +00:00
jilles
54c963102e getgroups(2): Remove mention of <sys/param.h> and refer to sysconf(3).
Because {NGROUPS_MAX} may become variable, its value should be obtained
using sysconf(3). If a #define is used anyway, it should be obtained by
including <limits.h> as that is in POSIX like getgroups(2) itself is.
<sys/param.h> is not in POSIX.

MFC after:	1 week
2011-01-21 22:15:17 +00:00
jilles
38afc28719 mknod(2): The required include is <sys/stat.h>, not <unistd.h>.
This is what SUSv4 requires, and also the only thing that works if strict
standards compliance is requested or mknodat() is needed.

PR:		standards/123688
Submitted by:	gcooper
MFC after:	1 week
2011-01-16 21:59:50 +00:00
kib
a7db50394e Emit .note.GNU-stack for the syscall stubs generated by libc. 2011-01-07 14:28:54 +00:00
brucec
9f49796567 Sort cross references by section.
Reported by: pluknet
2010-12-18 10:09:07 +00:00
brucec
308eeb2d64 Update shmget(2) with POSIX access permissions and remove non-standard SHM_R,
SHM_W and machine/param.h.
2010-12-17 21:10:08 +00:00
luigi
d5e8d236f4 This commit implements the SO_USER_COOKIE socket option, which lets
you tag a socket with an uint32_t value. The cookie can then be
used by the kernel for various purposes, e.g. setting the skipto
rule or pipe number in ipfw (this is the reason SO_USER_COOKIE has
been implemented; however there is nothing ipfw-specific in its
implementation).

The ipfw-related code that uses the optopn will be committed separately.

This change adds a field to 'struct socket', but the struct is not
part of any driver or userland-visible ABI so the change should be
harmless.

See the discussion at
http://lists.freebsd.org/pipermail/freebsd-ipfw/2009-October/004001.html

Idea and code from Paul Joe, small modifications and manpage
changes by myself.

Submitted by:	Paul Joe
MFC after:	1 week
2010-11-12 13:02:26 +00:00
jh
06e9f5ed89 - Note that non-superusers are not allowed to set the SF_ARCHIVED
flag. [1]
- Note that also fchflags(2) will return EPERM for attempts to set or
  unset the SF_SNAPSHOT flag.

Submitted by:	Garrett Cooper [1]
MFC after:	1 week
2010-10-29 15:03:29 +00:00
uqs
62105f8979 mdoc: make pages render with mandoc
It's a bit more pedantic regarding .Bl list elements. This has an added
benefit of unbreaking the ipfw(8) manpage, where groff was silently
skipping one list element.
2010-10-21 12:27:13 +00:00
jamie
0f098ddf66 Remove a section that went to jail(8), and fix a small grammar error. 2010-10-20 21:19:36 +00:00
rpaulo
501752af9c Clang related fixes:
* When calling syslog(), pass a format string.
* Define YY_NO_INPUT on nslexer.l

Submitted by:	Norberto Lopes <nlopes.ml at gmail.com>
2010-10-13 16:57:06 +00:00
uqs
8ae3afcfad mdoc: drop redundant .Pp and .LP calls
They have no effect when coming in pairs, or before .Bl/.Bd
2010-10-08 12:40:16 +00:00
alc
524cb00f17 Fix exec_imgact_shell()'s handling of two error cases: (1) Previously, if
the first line of a script exceeded MAXSHELLCMDLEN characters, then
exec_imgact_shell() silently truncated the line and passed on the truncated
interpreter name or argument.  Now, exec_imgact_shell() will fail and return
ENOEXEC, which is the commonly used errno among Unix variants for this type
of error. (2) Previously, exec_imgact_shell()'s check on the length of the
interpreter's name was ineffective.  In other words, exec_imgact_shell()
could not possibly fail and return ENAMETOOLONG.  The reason being that the
length of the interpreter name had to exceed MAXSHELLCMDLEN characters in
order that ENAMETOOLONG be returned.  But, the search for the end of the
interpreter name stops after at most MAXSHELLCMDLEN - 2 characters are
scanned.  (In the end, this particular error is eventually discovered
outside of exec_imgact_shell() and ENAMETOOLONG is returned.  So, the real
effect of this second change is that the error is detected earlier, in
exec_imgact_shell().)

Update the definition of MAXINTERP to the actual limit on the size of
the interpreter name that has been in effect since r142453 (from
2005).

In collaboration with: kib
2010-09-21 16:24:51 +00:00
gjb
b008f7b64b Bump dates in dbopen(3) and cpuset_getaffinity(2) from r212441 and
r212438, repectively.

Approved by:	keramida (mentor)
MFC after:	1 week
2010-09-12 14:04:05 +00:00
gjb
3ec13fa002 Add EINVAL to list of possible return values for cpuset_getaffinity(2).
PR:		149978
Submitted by:	gcooper
Patch by:	gcooper
Approved by:	keramida (mentor)
MFC after:	1 week
2010-09-10 23:15:05 +00:00
davidxu
e129c18a83 Because POSIX does not allow EINTR to be returned from sigwait(),
add a wrapper for it in libc and rework the code in libthr, the
system call still can return EINTR, we keep this feature.

Discussed on: thread
Reviewed by:  jilles
2010-09-10 01:47:37 +00:00
gjb
7e9f743010 Add ECONNRESET to list of possible errors in connect(2).
PR:		148683
Submitted by:	Gennady Proskurin <gpr at mail dot ru>
Approved by:	keramida (mentor)
MFC after:	1 week
2010-09-06 21:39:54 +00:00
kib
ee1046e859 Use NULL instead of 0 for pointer in example.
MFC after:	3 days
2010-08-29 16:38:08 +00:00
alc
115cb6b29f Add the MAP_PREFAULT_READ option to mmap(2).
Reviewed by:	jhb, kib
2010-08-28 16:57:07 +00:00
brucec
76d7244728 Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
2010-08-28 16:32:01 +00:00
imp
a34c7e0187 Powerpc is special here. powerpc and powerpc64 use different ABIs, so
their implementations aren't in the same files.  Introduce LIBC_ARCH
and use that in preference to MACHINE_CPUARCH.  Tested by amd64 and
powerpc64 builds (thanks nathanw@)
2010-08-24 20:54:43 +00:00
kib
b9202ef929 Remove extra FreeBSD tag.
MFC after:	3 days
2010-08-24 13:02:22 +00:00
kib
ccc2cef693 Move the __stack_chk_fail_local@FBSD_1.0 compat symbol definition into
the separate .o for libc_pic.a. This prevents rtld from making the
symbol global.

Putting the stack_protector_compat.c into the public domain acknowledged
by kan.

Reviewed by:	kan
MFC after:	2 weeks
2010-08-24 12:58:54 +00:00
imp
c3a399c4ba MFtbemd:
Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.
2010-08-23 22:24:11 +00:00
kib
5a79777b44 Use aux vector to get values for SSP canary, pagesize, pagesizes array,
number of host CPUs and osreldate.

This eliminates the last sysctl(2) calls from the dynamically linked image
startup.

No objections from:	kan
Tested by:	marius (sparc64)
MFC after:	1 month
2010-08-17 09:13:26 +00:00
joel
dd1fff9bcb Fix typos, spelling, formatting and mdoc mistakes found by Nobuyuki while
translating these manual pages.  Minor corrections by me.

Submitted by:	Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
2010-08-16 15:18:30 +00:00
joel
f4e8725880 Fix typos and spelling mistakes. 2010-08-06 14:33:42 +00:00
joel
52dbc8b634 Spelling fixes. 2010-08-02 16:01:45 +00:00
uqs
c2a17de64b Fix a couple of typos.
PR:		docs/148891
Submitted by:	olgeni
MFC after:	1 week
2010-07-30 11:58:18 +00:00
trasz
67e30607a0 Update mlockall(2) to mention that it's superuser-only syscall, just
like the mlock(2) manual page says.  Update mlock(2) to say that hitting
RLIMIT_MEMLOCK results in ENOMEM, not EAGAIN.

MFC after:	1 month
2010-07-27 20:34:37 +00:00
kib
ea23c5a7f9 Document pl_siginfo and PT_FLAG_SI for PT_LWPINFO.
MFC after:	1 month
2010-07-10 14:31:44 +00:00
pjd
fbe6dd82e6 Just like in case of setgroups(2), for getgroups(2) also advice including
sys/param.h instead of sys/types.h so we get NGROUPS_MAX and NGROUPS
definitions.
2010-06-26 21:44:05 +00:00
uqs
20ca4043bb mdoc: remove literal tabs where they don't belong 2010-06-08 16:48:59 +00:00
cperciva
c8612ee587 Change the current working directory to be inside the jail created by
the jail(8) command. [10:04]

Fix a one-NUL-byte buffer overflow in libopie. [10:05]

Correctly sanity-check a buffer length in nfs mount. [10:06]

Approved by:	so (cperciva)
Approved by:	re (kensmith)
Security:	FreeBSD-SA-10:04.jail
Security:	FreeBSD-SA-10:05.opie
Security:	FreeBSD-SA-10:06.nfsclient
2010-05-27 03:15:04 +00:00
kib
f3e521941d Improve the documentation for PT_LWPINFO. Note that some features are
not implemented on MIPS and ARM.

MFC after:	1 month
2010-05-24 17:23:14 +00:00
uqs
1ab3783e1a mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the
bottom of the manpages and order them consistently.

GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.

Found by:	mdocml lint run
Reviewed by:	ru
2010-05-13 12:07:55 +00:00
brueffer
13e644c236 Document FIONREAD, FIONWRITE and FIONSPACE.
Obtained from:	NetBSD
Submitted by:	emaste
MFC after:	1 week
2010-05-11 17:02:12 +00:00
jilles
0f4a2250a0 sigprocmask(2): pthread_sigmask(3) must be used in threaded processes.
Although libthr's pthread_sigmask() just calls sigprocmask() and this is
unlikely to change, mention this POSIX requirement on applications.

MFC after:	1 week
2010-05-07 20:46:22 +00:00
mckusick
e95ff34dac Merger of the quota64 project into head.
This joint work of Dag-Erling Smørgrav and myself updates the
FFS quota system to support both traditional 32-bit and new 64-bit
quotas (for those of you who want to put 2+Tb quotas on your users).

By default quotas are not compiled into the kernel. To include them
in your kernel configuration you need to specify:

options         QUOTA                   # Enable FFS quotas

If you are already running with the current 32-bit quotas, they
should continue to work just as they have in the past. If you
wish to convert to using 64-bit quotas, use `quotacheck -c 64';
if you wish to revert from 64-bit quotas back to 32-bit quotas,
use `quotacheck -c 32'.

There is a new library of functions to simplify the use of the
quota system, do `man quotafile' for details. If your application
is currently using the quotactl(2), it is highly recommended that
you convert your application to use the quotafile interface.
Note that existing binaries will continue to work.

Special thanks to John Kozubik of rsync.net for getting me
interested in pursuing 64-bit quota support and for funding
part of my development time on this project.
2010-05-07 00:41:12 +00:00
jilles
37abb66e2f Update xrefs from 4.3BSD to modern signal functions in various man pages.
sigvec(2) references have been updated to sigaction(2), sigsetmask(2) and
sigblock(2) to sigprocmask(2), sigpause(2) to sigsuspend(2).

Some legacy man pages still refer to them, that is OK.
2010-05-06 22:49:54 +00:00
jilles
b8933dba5f sigaltstack(2): document some modernizations:
* un-document 'struct sigaltstack' tag for stack_t as this is BSD-specific;
  this doesn't seem useful enough to document as such
* alternate stacks are per thread, not per process
* update error codes to what the kernel does and POSIX requires

MFC after:	1 week
2010-05-06 22:06:14 +00:00
mckusick
b25e55dcc5 Final update to current version of head in preparation for reintegration. 2010-05-06 17:37:23 +00:00
kib
ed01716047 Document RUSAGE_THREAD.
Reviewed by:	bde
MFC after:	1 week
2010-05-04 06:01:25 +00:00
mckusick
3a0f5972a0 Update to current version of head. 2010-04-28 05:33:59 +00:00
jilles
53d6a79d5b unlinkat(2): unlinkat(AT_REMOVEDIR) fails with ENOTEMPTY like rmdir()
for non-empty directories.

POSIX permits both ENOTEMPTY and EEXIST, but we use the clearer ENOTEMPTY,
following BSD tradition.

MFC after:	1 week
2010-04-25 13:55:52 +00:00
kib
5df7b59b8b Revert r206649.
Simplify the presented declaration of struct sigaction, noting the
caveat in the text. Real layout of the structure and exposed
implementation namespace only obfuscates the usage.

Submitted by:	bde
MFC after:	3 days
2010-04-18 18:23:11 +00:00
kib
0531c74881 Still reference struct __sigaction with clarification when this form
of argument declaration is needed.

Discussed with:	bde
MFC after:	3 days
2010-04-15 08:32:50 +00:00
kib
d1b7d24e6f Align the declaration for sa_sigaction with POSIX.
MFC after:	3 days
2010-04-13 08:56:03 +00:00
ed
b8861cbb49 Don't forget to bump the date in the man page. 2010-03-28 13:40:13 +00:00
ed
4f08ecd7ed Rename st_*timespec fields to st_*tim for POSIX 2008 compliance.
A nice thing about POSIX 2008 is that it finally standardizes a way to
obtain file access/modification/change times in sub-second precision,
namely using struct timespec, which we already have for a very long
time. Unfortunately POSIX uses different names.

This commit adds compatibility macros, so existing code should still
build properly. Also change all source code in the kernel to work
without any of the compatibility macros. This makes it all a less
ambiguous.

I am also renaming st_birthtime to st_birthtim, even though it was a
local extension anyway. It seems Cygwin also has a st_birthtim.
2010-03-28 13:13:22 +00:00
jhb
399c01844a Reject attempts to create a MAP_ANON mapping with a non-zero offset.
PR:		kern/71258
Submitted by:	Alexander Best
MFC after:	2 weeks
2010-03-23 21:08:07 +00:00
ed
6156503467 Actually make O_DIRECTORY work.
According to POSIX open() must return ENOTDIR when the path name does
not refer to a path name. Change vn_open() to respect this flag. This
also simplifies the Linuxolator a bit.
2010-03-21 20:43:23 +00:00
mckusick
f63b97928b Debugging nits found while testing the new 64-bit quota code. 2010-03-16 06:12:30 +00:00
joel
82b1c5f931 The NetBSD Foundation has granted permission to remove clause 3 and 4 from
their software.

Obtained from:	NetBSD
2010-03-02 17:20:04 +00:00
phk
41471022dc Mention EISDIR as a possible errno. 2010-02-17 09:11:21 +00:00
marcel
59fa82c67c o Add support for COMPAT_IA32.
o  Incorporate review comments:
   -  Properly reference and lock the map
   -  Take into account that the VM map can change inbetween requests
   -  Add the fileid and fsid attributes

Credits: kib@
Reviewed by: kib@
2010-02-11 18:00:53 +00:00
marcel
764ce56ace Add PT_VM_TIMESTAMP and PT_VM_ENTRY so that the tracing process can
obtain the memory map of the traced process. PT_VM_TIMESTAMP can be
used to check if the memory map changed since the last time to avoid
iterating over all the VM entries unnecesarily.

MFC after:	1 month
2010-02-09 05:52:35 +00:00
rwatson
f403000d39 You must include fcntl.h (in practice) to be able to do anything useful
with shm_open(2), as otherwise the O_ flags are undefined.

MFC after:	3 days
2010-01-29 10:32:01 +00:00
trasz
85c20ff770 Add information about when nmount(2) was introduced. 2010-01-26 17:21:25 +00:00
pjd
9fe217e541 The waitpid(2) function needs neither sys/time.h nor sys/resource.h. 2010-01-20 22:26:36 +00:00
brueffer
197dc264ae Miscellaneous mdoc, spelling and inconsistency fixes.
PR:		142573, 142576 (mostly)
Submitted by:	brucec
MFC after:	1 week
2010-01-12 21:45:03 +00:00
delphij
6761d75fb4 Add a set of manual pages for pthread[_attr]_[sg]etaffinity(3).
Reviewed by:	davidxu
MFC after:	2 weeks
2010-01-09 12:31:11 +00:00
kib
c80db57072 Further fix grammar.
Suggested by:	alc
MFC after:	3 days
2010-01-07 21:14:46 +00:00
brueffer
ad6b20aa0f Fix a typo and bump date for the previous commit. 2010-01-07 21:08:22 +00:00
kib
fe8ccb0bf3 Give some information on SF_MNOWAIT flag.
MFC after:	3 days
2010-01-07 13:31:00 +00:00
brooks
a5cc24440b The devices that supported EVFILT_NETDEV kqueue filters were removed in
r195175.  Remove all definitions, documentation, and usage.

fifo_misc.c:
	Remove all kqueue tests as fifo_io.c performs all those that
	would have remained.

Reviewed by:	rwatson
MFC after:	3 weeks
X-MFC note:	don't change vlan_link_state() function signature
2009-12-31 20:29:58 +00:00
kib
04f9b92f28 Document _FAST and _PRECISE clocks.
Submitted by:	Valentin Nechayev <netch segfault kiev ua>
MFC after:	3 days
2009-12-29 15:58:10 +00:00
kib
fb28939ce7 Document CLOCK_SECOND, add cross-reference from time(3) to clock_gettime(2).
Based on submission by:	pluknet gmail com
MFC after:	3 days
2009-12-29 14:29:08 +00:00
jilles
2a4bb5bd52 cpuset(2): fix a typo and a markup error in the man page
MFC after:	1 week
2009-12-15 21:02:29 +00:00
ed
06fcc20479 Fix many "function declaration isn't a prototype" warnings in libc.
I've only fixed code that seems to be written by `us'. There are still
many warnings like this present in resolv/, rpc/, stdtime/ and yp/.
2009-12-05 19:31:38 +00:00
keramida
60a1c9a909 Describe what setpgid(2) does when pgid=0. The text has been
copied from NetBSD's manpage, and it also matches the behavior
described by the Open Group's online copy of setpgid.2 at
http://www.opengroup.org/onlinepubs/009695399/functions/setpgid.html

Obtained from:	NetBSD
Submitted by:	Petros Barbayiannis <petrosbarbayiannis@yahoo.gr>
MFC after:	1 week
2009-12-01 06:12:31 +00:00
brueffer
2e85514520 Remove a note about vfork(4) going to be eliminated, it's here to stay.
Submitted by:	kib
MFC after:	1 week
2009-11-13 13:26:27 +00:00
brueffer
a9f932df0f Improved the manpage description. The committed wording
was provided by jhb.

PR:		140528
Submitted by:	Chris Petrik <chris@officialunix.com>
Discussed with:	remko, jhb and the submitter
MFC after:	1 week
2009-11-13 13:13:35 +00:00
ed
b38978f790 Add MAP_ANONYMOUS.
Many operating systems also provide MAP_ANONYMOUS. It's not hard to
support this ourselves, we'd better add it to make it more likely for
applications to work out of the box.

Reviewed by:	alc (mman.h)
2009-11-06 07:17:31 +00:00
cperciva
32be6002c2 Attempt to reduce accidental foot-shooting by pointing out that
accept(2)ed sockets do not necessarily inherit O_NONBLOCK from
listening sockets on non-FreeBSD platforms.

Feet shot:	cperciva
MFC after:	1 month
2009-11-02 07:21:13 +00:00
kib
8d44ea1c45 Move pselect(3) man page to section 2.
Noted by:	jhb
MFC after:	1 month
2009-10-28 11:14:32 +00:00
kib
08e5013938 Current pselect(3) is implemented in usermode and thus vulnerable to
well-known race condition, which elimination was the reason for the
function appearance in first place. If sigmask supplied as argument to
pselect() enables a signal, the signal might be delivered before thread
called select(2), causing lost wakeup. Reimplement pselect() in kernel,
making change of sigmask and sleep atomic.

Since signal shall be delivered to the usermode, but sigmask restored,
set TDP_OLDMASK and save old mask in td_oldsigmask. The TDP_OLDMASK
should be cleared by ast() in case signal was not gelivered during
syscall execution.

Reviewed by:	davidxu
Tested by:	pho
MFC after:	1 month
2009-10-27 10:55:34 +00:00
jilles
874a086f97 Make openat(2) a cancellation point.
This is required by POSIX and matches open(2).

Reviewed by:	kib, jhb
MFC after:	1 month
2009-10-11 20:19:45 +00:00
kib
fc26689658 In nanosleep(2), note that the calling thread is put to sleep, not the
whole process. Also explicitely name the parameter that specifies
sleep interval.
2009-10-11 16:23:11 +00:00
das
e4ab3f2320 Document errno codes added in r144530. 2009-10-11 00:08:55 +00:00
rwatson
466473bd42 Add a new errno, ENOTCAPABLE, to be returned when a process requests an
operation on a file descriptor that is not authorized by the descriptor's
capability flags.

MFC after:	1 month
Sponsored by:	Google
2009-10-07 20:20:51 +00:00
delphij
79f2f8c774 Add two new fcntls to enable/disable read-ahead:
- F_READAHEAD: specify the amount for sequential access.  The amount is
   specified in bytes and is rounded up to nearest block size.
 - F_RDAHEAD: Darwin compatible version that use 128KB as the sequential
   access size.

A third argument of zero disables the read-ahead behavior.

Please note that the read-ahead amount is also constrainted by sysctl
variable, vfs.read_max, which may need to be raised in order to better
utilize this feature.

Thanks Igor Sysoev for proposing the feature and submitting the original
version, and kib@ for his valuable comments.

Submitted by:	Igor Sysoev <is rambler-co ru>
Reviewed by:	kib@
MFC after:	1 month
2009-09-28 16:59:47 +00:00
brueffer
2100141d0b Fix setfib(1) section number.
PR:		133765
Submitted by:	Konstantin Zolotukhin <erebus@gorodok.net>
MFC after:	3 days
2009-09-18 14:17:00 +00:00
kan
74dba11aaa Make libc.a provide __stack_chk_fail_local weak alias. This is
needed to satisfy static libraries that are compiled with -fpic
and linked into static binary afterwards. Several libraries in
gcc are examples of such static libs.
2009-09-17 13:21:53 +00:00
sson
95d4e7d075 Add EV_RECEIPT to kevents.
EV_RECEIPT is useful to disambiguating error conditions when multiple
events structures are passed to kevent(2).  The error code is returned
in the data field and EV_ERROR is set.

Approved by:	rwatson (co-mentor)
2009-09-16 03:49:54 +00:00
sson
a386443e51 Add the EV_DISPATCH flag to kevents.
When the EV_DISPATCH flag is used the event source will be disabled
immediately after the delivery of an event.   This is similar to the
EV_ONESHOT flag but it doesn't delete the event.

Approved by:	rwatson (co-mentor)
2009-09-16 03:37:39 +00:00
sson
7cb0718a03 Add EVFILT_USER to kevents.
Add user events support to kernel events which are not associated with any
kernel mechanism but are triggered by user level code.  This is useful for
adding user level events to an event handler that may also be monitoring
kernel events.

Approved by:	rwatson (co-mentor)
2009-09-16 03:30:12 +00:00
pjd
e62171fc99 Synchornize description in manual page with strerror() output. 2009-09-06 07:22:09 +00:00
alc
5c4797878d Eliminate a stale paragraph from the BUGS section. This "bug" was
eliminated in r195693.

Approved by:	re (kensmith)
2009-07-26 06:38:56 +00:00
jilles
22843955a8 Correct AT_SYMLINK_FOLLOW flag name in linkat(2) man page.
Approved by:	re (kib), ed (mentor)
2009-07-19 16:48:25 +00:00
kan
ef443476d9 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
jhb
d81f73fcb5 - Change mmap() to fail requests with EINVAL that pass a length of 0. This
behavior is mandated by POSIX.
- Do not fail requests that pass a length greater than SSIZE_MAX
  (such as > 2GB on 32-bit platforms).  The 'len' parameter is actually
  an unsigned 'size_t' so negative values don't really make sense.

Submitted by:	Alexander Best  alexbestms at math.uni-muenster.de
Reviewed by:	alc
Approved by:	re (kib)
MFC after:	1 week
2009-07-14 19:45:36 +00:00
trasz
1f46aed53d Move msg{snd,recv,get,ctl} manual pages from section 3 to 2.
Approved by:	re (kib)
2009-07-13 12:53:43 +00:00
trasz
09784497a2 There is an optimization in chmod(1), that makes it not to call chmod(2)
if the new file mode is the same as it was before; however, this
optimization must be disabled for filesystems that support NFSv4 ACLs.
Chmod uses pathconf(2) to determine whether this is the case - however,
pathconf(2) always follows symbolic links, while the 'chmod -h' doesn't.

This change adds lpathconf(3) to make it possible to solve that problem
in a clean way.

Reviewed by:	rwatson (earlier version)
Approved by:	re (kib)
2009-07-08 15:23:18 +00:00
pjd
fb7ddfc9fe - Don't suggest opening file for writing in preparation for fexecve(2).
- execve(2)/fexecve(2) won't return ETXTBSY if file is open for reading.

Approved by:	re (kib)
2009-07-05 20:20:09 +00:00
trasz
666e7ae4b7 Make it clear where to look for for protocol-specific socket options.
Reviewed by:	rwatson
Approved by:	re (kib)
2009-06-30 20:53:56 +00:00
kib
8eb4412c3f Make the structure definitions in the man pages match the real code, and
remove no longer valid caution.

Approved by:	re (kensmith)
2009-06-29 18:54:17 +00:00
kan
a3faeb1b41 Back out previous revision until better tested fix is ready.
Approved by: re (impliciti, by approving previos check-in)
2009-06-29 01:33:59 +00:00
kan
f780ef8f19 Eliminate .text relocations in shared libraries compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC generates
local calls to this function which result in absolute relocations put into
position-independent code segment, making dynamic loader do extra work everys
time given shared library is being relocated and making affected text pages
non-shareable.

Reviewed by:        kib
Approved by:        re (kensmith)
2009-06-28 23:51:39 +00:00
trasz
860d8cee97 Bump manual page timestamps. 2009-06-25 12:53:50 +00:00
trasz
ff27511233 Add NFSv4 ACL support to libc.
This adds the following functions to the acl(3) API: acl_add_flag_np,
acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np,
acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np,
acl_set_extended_np, acl_set_flagset_np, acl_to_text_np, acl_is_trivial_np,
acl_strip_np, acl_get_brand_np.  Most of them are similar to what Darwin
does.  There are no backward-incompatible changes.

Approved by:    rwatson@
2009-06-25 12:46:59 +00:00
jhb
6f52fe78fb Change the ABI of some of the structures used by the SYSV IPC API:
- The uid/cuid members of struct ipc_perm are now uid_t instead of unsigned
  short.
- The gid/cgid members of struct ipc_perm are now gid_t instead of unsigned
  short.
- The mode member of struct ipc_perm is now mode_t instead of unsigned short
  (this is merely a style bug).
- The rather dubious padding fields for ABI compat with SV/I386 have been
  removed from struct msqid_ds and struct semid_ds.
- The shm_segsz member of struct shmid_ds is now a size_t instead of an
  int.  This removes the need for the shm_bsegsz member in struct
  shmid_kernel and should allow for complete support of SYSV SHM regions
  >= 2GB.
- The shm_nattch member of struct shmid_ds is now an int instead of a
  short.
- The shm_internal member of struct shmid_ds is now gone.  The internal
  VM object pointer for SHM regions has been moved into struct
  shmid_kernel.
- The existing __semctl(), msgctl(), and shmctl() system call entries are
  now marked COMPAT7 and new versions of those system calls which support
  the new ABI are now present.
- The new system calls are assigned to the FBSD-1.1 version in libc.  The
  FBSD-1.0 symbols in libc now refer to the old COMPAT7 system calls.
- A simplistic framework for tagging system calls with compatibility
  symbol versions has been added to libc.  Version tags are added to
  system calls by adding an appropriate __sym_compat() entry to
  src/lib/libc/incldue/compat.h. [1]

PR:		kern/16195 kern/113218 bin/129855
Reviewed by:	arch@, rwatson
Discussed with:	kan, kib [1]
2009-06-24 21:10:52 +00:00
kib
e91d5cfe69 Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
jamie
eeafb36508 Add a limit for child jails via the "children.cur" and "children.max"
parameters.  This replaces the simple "allow.jails" permission.

Approved by:	bz (mentor)
2009-06-23 20:35:51 +00:00
brooks
da4e70cf9a In preparation for raising NGROUPS and NGROUPS_MAX, change base
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically.  Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).

This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.

In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups().  In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.

Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages.  We do not yet support a dynamic NGROUPS, but we
may in the future.

MFC after:	2 weeks
2009-06-19 15:58:24 +00:00
jhb
55cc3fe596 Retire the unused stub for the nfsclnt() system call. 2009-06-17 18:52:42 +00:00
ed
675236a73e Add revoke(1).
While hacking on TTY code, I often miss a small utility to revoke my own
(pseudo-)terminals. This small utility is just a small wrapper around
the revoke(2) call, so you can destroy your very own login sessions.

Approved by:	re
2009-06-15 21:52:27 +00:00
jhb
447d980cd0 Add a new 'void closefrom(int lowfd)' system call. When called, it closes
any open file descriptors >= 'lowfd'.  It is largely identical to the same
function on other operating systems such as Solaris, DFly, NetBSD, and
OpenBSD.  One difference from other *BSD is that this closefrom() does not
fail with any errors.  In practice, while the manpages for NetBSD and
OpenBSD claim that they return EINTR, they ignore internal errors from
close() and never return EINTR.  DFly does return EINTR, but for the common
use case (closing fd's prior to execve()), the caller really wants all
fd's closed and returning EINTR just forces callers to call closefrom() in
a loop until it stops failing.

Note that this implementation of closefrom(2) does not make any effort to
resolve userland races with open(2) in other threads.  As such, it is not
multithread safe.

Submitted by:	rwatson (initial version)
Reviewed by:	rwatson
MFC after:	2 weeks
2009-06-15 20:38:55 +00:00
pjd
eb2d64c1bd Document EINVAL for bind(2).
Reviewed by:	rwatson
Obtained from:	SuSv3
2009-06-01 09:32:12 +00:00
jamie
a013e0afcb Add hierarchical jails. A jail may further virtualize its environment
by creating a child jail, which is visible to that jail and to any
parent jails.  Child jails may be restricted more than their parents,
but never less.  Jail names reflect this hierarchy, being MIB-style
dot-separated strings.

Every thread now points to a jail, the default being prison0, which
contains information about the physical system.  Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().

Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings.  The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.

Approved by:	bz (mentor)
2009-05-27 14:11:23 +00:00
jamie
453b86f943 Introduce the extensible jail framework, using the same "name=value"
interface as nmount(2).  Three new system calls are added:
* jail_set, to create jails and change the parameters of existing jails.
  This replaces jail(2).
* jail_get, to read the parameters of existing jails.  This replaces the
  security.jail.list sysctl.
* jail_remove to kill off a jail's processes and remove the jail.
Most jail parameters may now be changed after creation, and jails may be
set to exist without any attached processes.  The current jail(2) system
call still exists, though it is now a stub to jail_set(2).

Approved by:	bz (mentor)
2009-04-29 21:14:15 +00:00
jamie
e730a094f4 With the permission of phk@ change the license on remaining jail code
to a 2 clause BSD license.

Approved by:	phk
Approved by:	bz (mentor)
2009-04-29 16:02:52 +00:00
brueffer
ecbce5102d Correct the information about when the respective functionality first
appeared in FreeBSD.

PR:		133785
Submitted by:	Ulrich Spoerlein <uqs@spoerlein.net>
MFC after:	3 days
2009-04-23 08:37:56 +00:00
rwatson
f74f97223a Sort man page cross references by section, no need for a comma after the
last cross reference.

MFC after:	3 days
2009-04-13 18:32:26 +00:00
jhb
2ac9846671 Properly update the shm_open/shm_unlink symbol versioning metadata after
these functions were moved into the kernel:
- Move the version entries from gen/ to sys/.  Since the ABI of the actual
  routines did not change, I'm still exporting them as FBSD 1.0 on purpose.
- Add FBSD-private versions for the _ and __sys_ variants.
2009-04-02 15:53:29 +00:00
dds
f8bd382c24 Document missing requests. 2009-03-27 11:03:02 +00:00
kib
9d2aa84a7a Hopefully, improve the grammar and wording in the changes to shmctl(2)
manpage and UPDATING entry 20090302.

UPDATING changes suggested by bf2006a yahoo com.
man page corrections by bde.
2009-03-05 12:04:42 +00:00