This method is more sandbox-friendly and also should be faster as only
one syscall is needed instead of three.
In case of an error fall back to the old method.
Reviewed by: simon, gleb
MFC after: 2 weeks
clock_gettime(2) functions if supported. The speedup seen in
microbenchmarks is in range 4x-7x depending on the hardware.
Only amd64 and i386 architectures are supported. Libc uses rdtsc and
kernel data to calculate current time, if enabled by kernel.
Hopefully, this code is going to migrate into vdso in some future.
Discussed with: bde
Reviewed by: jhb
Tested by: flo
MFC after: 1 month
string buffer for each linelist l_line into one large string. Since
linelists parsed out during the previous passes store the pointers to
previously allocated l_lines, the reallocation caused undefined
behaviour on accessing the buffers, and quite deterministic fault on
freeing them (in mountd(8) startup).
This fixes reading of netgroup(5) file which contains more then one
netgroup.
Discussed with: ghelmer
MFC after: 3 days
avoid creating bad entries in the grp list as a result of memory allocation
failures while building new entries.
PR: bin/83340
Reviewed by: delphij (prior version of patch)
Introduce dirfd() libc exported symbol replacing macro with same name,
preserve _dirfd() macro for internal use.
Replace dirp->dd_fd with dirfd() call. Avoid using dirfd as variable
name to prevent shadowing global symbol.
Sponsored by: Google Summer Of Code 2011
prior to 3.0.0 release). This fixes several bugs related to memory
initialization.
Mangle __jemalloc_a0{malloc,calloc,free}() just like all the other
library-internal symbols in jemalloc, and adjust the tls allocation code
in libc to use the mangled names.
prior to 3.0.0 release) as contrib/jemalloc, and integrate it into libc.
The code being imported by this commit diverged from
lib/libc/stdlib/malloc.c in March 2010, which means that a portion of
the jemalloc 1.0.0 ChangeLog entries are relevant, as are the entries
for all subsequent releases.
is already open in this process.
If the named semaphore is already open, sem_open() only increments a
reference count and did not take the flags into account (which otherwise
happens by passing them to open()). Add an extra check for O_CREAT|O_EXCL.
PR: kern/166706
Reviewed by: davidxu
MFC after: 10 days
application destroys semaphore after sem_wait returns. Just enter
kernel to wake up sleeping threads, only update _has_waiters if
it is safe. While here, check if the value exceed SEM_VALUE_MAX and
return EOVERFLOW if this is true.
Because the utmpx interface is generally not required to be thread-safe,
but it is nice to have, if easy to do so. Therefore don't make a mess
out of the code and only use it if __NO_TLS is not defined.
no waiters, we still increase and decrease count in user mode without
entering kernel, once there is a waiter, sem_post will enter kernel to
increase count and wake thread up, this is atomicy and allow us to
gracefully destroy semaphore after sem_wait returned.
pathnames.
With the current API (no *at functions), FTS_NOCHDIR requires that the
fts_accpath start with the original path passed to fts_open(); therefore,
the depth that can be reached is limited by the {PATH_MAX} constraint on
this pathname.
MFC after: 1 week
- Fix TLS allocation for Variant I: both rtld and libc allocators
assume that tls_static_space includes space for TLS structure.
So increment calculated static size by the size of it.
syscall. Before r5958, seekdir() was called for its side effect of
freeing memory allocated by opendir() for rewinddir(), but that revision
added _reclaim_telldir() that frees all memory allocated by telldir()
calls, making this call redundant.
This introduces a slight change. If an application duplicated the descriptor
obtained through dirfd(), it can no longer rely on file position to be
reset to the start of file after a call to closedir(). It's believed to
be safe because neither POSIX, nor any other OS I've tested (NetBSD, Linux,
OS X) rewind the file offset pointer on closedir().
Reported by: Igor Sysoev
They were made excessive in r205424 by opening with O_DIRECTORY.
Also eliminated the fcntl() call used to set FD_CLOEXEC by opening
with O_CLOEXEC.
(fdopendir() still checks that the passed descriptor is a directory,
and sets FD_CLOEXEC on it.)
Reviewed by: ed
according to POSIX document, the clock ID may be dynamically allocated,
it unlikely will be in 64K forever. To make it future compatible, we
pack all timeout information into a new structure called _umtx_time, and
use fourth argument as a size indication, a zero means it is old code
using timespec as timeout value, but the new structure also includes flags
and a clock ID, so the size argument is different than before, and it is
non-zero. With this change, it is possible that a thread can sleep
on any supported clock, though current kernel code does not have such a
POSIX clock driver system.
initialize the cache of the system information as it was done for the
dynamic libc. This removes several sysctls from the static binary
startup.
Use the aux vector to fill the single struct dl_phdr_info describing
the static binary itself, to implement dl_iterate_phdr(3) for the
static binaries. [1]
Based on the submission by: John Marino <draco marino st> [1]
Tested by: flo (sparc64)
MFC after: 2 weeks
The reasoning behind this, is that if we are consistent in our
documentation about the uint*_t stuff, people will be less tempted to
write new code that uses the non-standard types.
I am not going to bump the man page dates, as these changes can be
considered style nits. The meaning of the man pages is unaffected.
MFC after: 1 month
At first, I added a utility called utxrm(8) to remove stale entries from
the user accounting database. It seems there are cases in which we need
to perform different operations on the database as well. Simply rename
utxrm(8) to utx(8) and place the old code under the "rm" command.
In addition to "rm", this tool supports "boot" and "shutdown", which are
going to be used by an rc-script which I am going to commit separately.
If the utmpx database gets updated while an application is reading it,
there is a chance the reading application processes partially
overwritten entries. To solve this, make sure we always read a multiple
of sizeof(struct futx) at a time.
MFC after: 2 weeks
on extended and extensible structs if_msghdrl and ifa_msghdrl. This
will allow us to extend both the msghdrl structs and eventually if_data
in the future without breaking the ABI.
Bump __FreeBSD_version to allow ports to more easily detect the new API.
Reviewed by: glebius, brooks
MFC after: 3 days
fit into existing mcontext_t.
On i386 and amd64 do return the extended FPU states using
getcontextx(3). For other architectures, getcontextx(3) returns the
same information as getcontext(2).
Tested by: pho
MFC after: 1 month
The wtmpcvt(1) utility converts wtmp files to the new format used by
utmpx(3). Now that HEAD has been branched to stable/9 and 9.0 is
released, there is no need for it in HEAD.
MFC after: never
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.
This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
lib/libc/gen/strtofflags.c became const, but gcc did not warn about
assigning its members to non-const pointers. Clang warned about this
with:
lib/libc/gen/strtofflags.c:98:12: error: assigning to 'char *' from 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types]
for (sp = mapping[i].invert ? mapping[i].name :
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reviewed by: jilles
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
vs. the comment documented "If we are working with a privileged socket,
then take only one attempt". Make the code match.
Furthermore, critical privileged applications that [over] log a vast amount
can look like a DoS to this code. Given it's unlikely the single reattempted
send() will succeeded, avoid usurping the scheduler in a library API for a
single non-critical facility in critical applications.
Obtained from: Juniper Networks
Discussed with: glebius
than silently failing and returning success.
Without this, code calls pthread_once(), receives a return value of
success, and thinks that the passed function has been called.
Approved by: dim (mentor)
load of _l suffixed versions of various standard library functions that use
the global locale, making them take an explicit locale parameter. Also
adds support for per-thread locales. This work was funded by the FreeBSD
Foundation.
Please test any code you have that uses the C standard locale functions!
Reviewed by: das (gdtoa changes)
Approved by: dim (mentor)
change here is to ensure that when a process forks after arc4random
is seeded, the parent and child don't observe the same random sequence.
OpenBSD's fix introduces some additional overhead in the form of a
getpid() call. This could be improved upon, e.g., by setting a flag
in fork(), if it proves to be a problem.
This was discussed with secteam (simon, csjp, rwatson) in 2008, shortly
prior to my going out of town and forgetting all about it. The conclusion
was that the problem with forks is worrisome, but it doesn't appear to
have introduced an actual vulnerability for any known programs.
The only significant remaining difference between our arc4random and
OpenBSD's is in how we seed the generator in arc4_stir().
OpenBSD's version (r1.22). While some of our style changes were
indeed small improvements, being able to easily track functionality
changes in OpenBSD seems more useful.
Also fix style bugs in the FreeBSD-specific parts of this file.
No functional changes, as verified with md5.
When booting the system, truncate the utx.active file, but do write the
BOOT_TIME record into it afterwards. This allows one to obtain the boot
time of the system as follows:
struct utmpx u1 = { .ut_type = BOOT_TIME }, *u2;
setutxent();
u2 = getutxid(&u1);
Now, the boot time is stored in u2->ut_tv, just like on Linux and other
systems.
We don't open the utx.active file with O_EXLOCK. It's rather unlikely
that other applications use this database at the same time and I want to
prevent the possibility of deadlocks in init(8).
Discussed with: pluknet
working MI one. The MI one only needs to be overridden on machines
with non-IEEE754 arithmetic. (The last supported one was the VAX.)
It can also be overridden if someone comes up with a faster one that
actually passes the regression tests -- but this is harder than it sounds.
Even though POSIX allows us to return simply /dev/tty as a pathname
identifying the controlling terminal of the running process, it is nicer
if this function were actually useful, by returning the actual pathname
of the controlling terminal.
Implement ctermid() by using the kern.devname sysctl to resolve the
actual name of /dev/tty. Don't use devname(3), since it may return bogus
strings like #C:0x123.
As of FreeBSD 6, devices can only be opened through devfs. These device
nodes don't have major and minor numbers anymore. The st_rdev field in
struct stat is simply based a copy of st_ino.
Simply display device numbers as hexadecimal, using "%#jx". This is
allowed by POSIX, since it explicitly states things like the following
(example taken from ls(1)):
"If the file is a character special or block special file, the
size of the file may be replaced with implementation-defined
information associated with the device in question."
This makes the output of these commands more compact. For example, ls(1)
now uses approximately four columns less. While there, simplify the
column length calculation from ls(1) by calling snprintf() with a NULL
buffer.
Don't be afraid; if needed one can still obtain individual major/minor
numbers using stat(1).
Formerly, in this case an error was returned but the pid was also returned
to the application, requiring the application to use unspecified behaviour
(the returned pid in error situations) to avoid zombies.
Now, reap the zombie and do not return the pid.
MFC after: 2 weeks
As noted in Austin Group issue #370 (an interpretation has been issued),
failing posix_spawn() because an fd specified with
posix_spawn_file_actions_addclose() is not open is unnecessarily harsh, and
there are existing implementations that do not fail posix_spawn() for this
reason.
Reviewed by: ed
MFC after: 10 days
Of course, strerror_r() may still fail with ERANGE.
Although the POSIX specification said this could fail with EINVAL and
doing this likely indicates invalid use of errno, most other
implementations permitted it, various POSIX testsuites require it to
work (matching the older sys_errlist array) and apparently some
applications depend on it.
PR: standards/151316
MFC after: 1 week
The "FTS_NOSTAT" option can avoid a lot of calls to stat(2) if it knows that a
directory could not possibly have subdirectories. This is decided by looking at
the link count: a subdirectory would increment its parent's link count by
virtue of its own ".." entry. This assumption only holds for UFS-like
filesystems that implement links and directories this way, so we must punt for
others.
It looks like ZFS is a UFS-like file system, as the above also holds for ZFS.
Add ZFS to the list of file systems that allow for such optimization.
MFC after: 1 month
Most of the ports I broke when I imported utmpx, were simple management
utilities for the utmp database, allowing you to add/remove entries
manually.
Add a small tool called utxrm(8), which allows you to remove an entry
from the utmpx database by hand. This is useful when a login daemon
crashes or fails to remove the entry during shutdown.
This matches the constants from <signal.h> with 'SIG' removed, which POSIX
requires kill and trap to accept and 'kill -l' to write.
'kill -l', 'trap', 'trap -l' output is now upper case.
In Turkish locales, signal names with an upper case 'I' are now accepted,
while signal names with a lower case 'i' are no longer accepted, and the
output of 'killall -l' now contains proper capital 'I' without dot instead
of a dotted capital 'I'.
I've noticed various terminal emulators that need to obtain a sane
default termios structure use very complex `hacks'. Even though POSIX
doesn't provide any functionality for this, extend our termios API with
cfmakesane(3), which is similar to the commonly supported cfmakeraw(3),
except that it fills the termios structure with sane defaults.
Change all code in our base system to use this function, instead of
depending on <sys/ttydefaults.h> to provide TTYDEF_*.
Instead of only returning NULL when the entry is invalid and can't be
matched against the current database, also return it when it cannot open
the log files properly.
for them, two functions _pthread_cancel_enter and _pthread_cancel_leave
are added to let thread enter and leave a cancellation point, it also
makes it possible that other functions can be cancellation points in
libraries without having to be rewritten in libthr.
their implementations aren't in the same files. Introduce LIBC_ARCH
and use that in preference to MACHINE_CPUARCH. Tested by amd64 and
powerpc64 builds (thanks nathanw@)
atexit and __cxa_atexit handlers that are either installed by unloaded
dso, or points to the functions provided by the dso.
Use _rtld_addr_phdr to locate segment information from the address of
private variable belonging to the dso, supplied by crtstuff.c. Provide
utility function __elf_phdr_match_addr to do the match of address against
dso executable segment.
Call back into libthr from __cxa_finalize using weak
__pthread_cxa_finalize symbol to remove any atfork handler which
function points into unloaded object.
The rtld needs private __pthread_cxa_finalize symbol to not require
resolution of the weak undefined symbol at initialization time. This
cannot work, since rtld is relocated before sym_zero is set up.
Idea by: kan
Reviewed by: kan (previous version)
MFC after: 3 weeks
number of host CPUs and osreldate.
This eliminates the last sysctl(2) calls from the dynamically linked image
startup.
No objections from: kan
Tested by: marius (sparc64)
MFC after: 1 month
quirks for weak-symbol handling. Text symbols require also marking weak
the special dot-symbol associated with the function, and data symbols
require that you not do that. To fix this, provide a hacked
__weak_reference for powerpc64, and define a new __weak_reference_data
for the single weak data symbol in base.
Revert after: binutils 2.17 import
Obtained from: projects/ppc64
bottom of the manpages and order them consistently.
GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.
Found by: mdocml lint run
Reviewed by: ru
this type conversion is the high bits which were used to indicate if a
special character was a literal or special were dropped. As a result, all
special character were treated as special, even if they were supposed to
be literals.
Reviewed by: gad@
Approved by: mentor (wes@)
sigvec(2) references have been updated to sigaction(2), sigsetmask(2) and
sigblock(2) to sigprocmask(2), sigpause(2) to sigsuspend(2).
Some legacy man pages still refer to them, that is OK.
Also add xrefs for confstr(3) (as sysconf(3) but for strings) and kvm(3)
(which is a more convenient way to access some of the variables).
PR: 116480
MFC after: 1 week
POSIX permits but does not require checking access on the current and parent
directories.
Because various programs do not like it if getcwd(3) fails, it seems best
to avoid checking access as much as possible. There are various reports in
GNATS about this (search for getcwd).
Our getcwd(3) implementation first queries the kernel for the pathname
directly, which does not check any permissions but sometimes fails, and then
falls back to reading all parent directories for the names.
PR: standards/44425
MFC after: 2 weeks
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
Be explicit and use the general bracketing form plus symbols which are
to be interpreted mathematically in this case.
Complaint by: mdocml
Reviewed by: ru
Approved by: philip, ed (mentors)
The `name' and `newp' arguments can be marked const, because the buffers
they refer to are never changed. While there, perform some other
cleanups:
- Remove K&R from sysctl.c.
- Implement sysctlbyname() using sysctlnametomib() to prevent
duplication of an undocumented kernel interface.
- Fix some whitespace nits.
It seems the prototypes are now in sync with NetBSD as well.
This bug in the man page has gone unnoticed for over 15 years!
PR: docs/143461
Submitted by: Jeremy Huddleston jeremyhu apple.com
Approved by: ed (mentor, implicit)
MFC after: 1 week
- Make sure the mode argument is either a character or a block device.
- Use S_IS*() instead of checking S_IF*-flags by hand.
- Don't use kern.devname when the argument is already NODEV.
- Always call snprintf with the proper amount of arguments corresponding
with the format.
- Perform some whitespace fixes. Tabs instead of 4 spaces, missing space
for return statement.
- Remove unneeded includes.
When we had utmp(5), we had to list all the psuedo-terminals in ttys(5)
to make ttyslot(3) function properly. Now that pututxline(3) deals with
slot allocation internally (not based on TTY names), we don't need to
list all the TTYs on the system in ttys(5) to make user accounting work
properly.
This patch removes all the entries from the /etc/ttys files, but also
the pts(4) entries that were appended implicitly, which was added in
r154838.
I've noticed many applications do a bad job at timekeeping, for several
reasons:
- Applications like screen(1) don't update time records when restoring
the old user login record.
- Many applications only set ut_tv.tv_sec, not ut_tv.tv_usec.
This causes many problems for tools such as ac(8), which require the
timestamps to be properly ordered. This is why I've decided to let the
utmpx code obtain valid timestamps itself.
I've discussed this issue with the Austin Group and it will be fixed in
future revisions of the specification. The issue was that ut_line fields
weren't supposed to be valid for LOGIN_PROCESS entries, while
getutxline() would try to match these records anyway.
They also agreed on our way of implementing pututxline() without
getutxid() (which other operating systems also do), but unfortunately
they disagreed with our way of replacing DEAD_PROCESS entries, which is
a pity. The current specification allows the utmpx database to become
infinitely big over time.
See also: http://austingroupbugs.net/view.php?id=213#c378
It makes hardly any sense to expose a symbol which should only be
provided for binary compatibility, but it seems we don't have a lot of
choice here. There are many autoconf scripts out there that try to
create a binary that links against the old symbol to see whether
uname(3) is present. These scripts fail to detect uname(3) now.
It should be noted that the behaviour we implement is not against the
standards:
| The following shall be declared as a function and may also be defined
| as a macro:
|
| int uname(struct utsname *);
POSIX 2008 and XSI 7require strcoll() for opendir() is not true.
I can't find such requirement in POSIX 2008 and XSI 7.
So, back out that part of my commit, returning old strcmp(), and remove
this misleading comment.
It also matches now how our 'ls' works for years.
b) Remove comment expressed 2 fears:
1) One just simple describe how strcoll() works in _any_ context,
not for directories only. Are we plan to remove strcoll() from everything
just because it is little more complex than strcmp()? I doubt, and
directories give nothing different here. Moreover, strcoll() used
in 'ls' for years and nobody complaints yet.
2) Plain wrong statement about undefined strcoll() behaviour. strcoll()
always gives predictable results, falling back to strcmp() on any
trouble, see strcoll(3).
No objections from -current list discussion.
- Massively reduce BSS usage. Let futx_to_utx() dynamically allocate the
structure. There is only a very small amount of applications out there
that needs to use the utmpx database. Wasting 1 KB on unused
structures makes little sense.
- Just let getutxid() search for matching ut_id's for any *PROCESS-type.
This makes the code a bit more future-proof.
- Fix a POSIX-mistake: when reading POSIX and the OpenSolaris
implementation, getutxline() must return USER_PROCESS and
LOGIN_PROCESS records whose ut_lines match. When reading POSIX, it
seems LOGIN_PROCESS should not use ut_line at the first place. I have
reported this issue.
After comparing how other systems deal with utmp/utmpx, I noticed many
systems don't even care about ttyslot(3) anymore, since utmpx doesn't
use TTY slots anyway. We don't provide any tools to access old utmp
files anymore, so there is no use in letting applications write to a
proper offset within the utmp file.
Just let ttyslot(3) always return 0, which seems to be the default
behaviour on operating systems like Linux as well.
Nowadays uname(3) is an inline function around __xuname(3). Prevent
linkage of new binaries against this compatibility function, similar to
what I did with ttyslot(3).
This utility allows users to convert their wtmp databases to the new
format. It makes no sense for users to keep their wtmp log files if they
are unable to view them.
It basically copies ut_line into ut_id as well. This makes it possible
for last(1) and ac(8) to match login records with their corresponding
logout record.
I forgot to cast the size_t's back to off_t before negating them,
causing all sorts of artifacts where the log files would grow to 2^32 -
197 bytes.
Reported by: ume
Even though we use __sym_compat(), we should list the symbol in
Symbol.map.
ttyslot() is now listed as follows, which seems to do the right thing:
| Symbol table '.dynsym' contains 2755 entries:
| Num: Value Size Type Bind Vis Ndx Name
| 613: 00000000000477b0 121 FUNC GLOBAL DEFAULT 10 ttyslot@FBSD_1.0
Reported by: kib
Phase out ttyslot(3).
The ttyslot() function was originally part for SUSv1, marked LEGACY in
SUSv2 and removed later on. This function only makes sense when using
utmp(5), because it was used to determine the offset of the record for
the controlling TTY. It makes little sense to keep it here, because the
new utmpx file format doesn't index based on TTY slots.
The ttyslot() function was originally part for SUSv1, marked LEGACY in
SUSv2 and removed later on. This function only makes sense when using
utmp(5), because it was used to determine the offset of the record for
the controlling TTY. It makes little sense to keep it here, because the
new utmpx file format doesn't index based on TTY slots.
The utmpx interface is the standardized interface of the user accounting
database. The standard only defines a subset of the functions that were
present in System V-like systems.
I'd like to highlight some of the traits my implementation has:
- The standard allows the on-disk format to be different than the
in-memory representation (struct utmpx). Most operating systems don't
do this, but we do. This allows us to keep our ABI more stable, while
giving us the opportunity to modify the on-disk format. It also allows
us to use a common file format across different architectures (i.e.
byte ordering).
- Our implementation of pututxline() also updates wtmp and lastlog (now
called utx.log and utx.lastlogin). This means the databases are more
likely to be in sync.
- Care must be taken that our implementation discard any fields that are
not applicable. For example, our DEAD_PROCESS records do not hold a
TTY name. Just a time stamp, a record identifier and a process
identifier. It also guarantees that strings (ut_host, ut_line and
ut_user) are null terminated. ut_id is obviously not null terminated,
because it's not a string.
- The API and its behaviour should be conformant to POSIX, but there may
be things that slightly deviate from the standard. This implementation
uses separate file descriptors when writing to the log files. It also
doesn't use getutxid() to search for a field to overwrite. It uses an
allocation strategy similar to getutxid(), but prevents DEAD_PROCESS
records from accumulating.
Make sure libulog doesn't overwrite the manpages shipped with our C
library. Also keep the symbol list in Symbol.map sorted.
I'll bump __FreeBSD_version later this evening. I first want to convert
everything to <utmpx.h> and get rid of <utmp.h>.
alphasort-like interface to the comparision function required by
qsort() and qsort_r().
For opendir() thunk and alphasort(), comment on why we deviated from
POSIX by using strcmp() instead of strcoll().
Requested and reviewed by: bde
MFC after: 2 weeks
now type sema_t is a structure which can be put in a shared memory area,
and multiple processes can operate it concurrently.
User can either use mmap(MAP_SHARED) + sem_init(pshared=1) or use sem_open()
to initialize a shared semaphore.
Named semaphore uses file system and is located in /tmp directory, and its
file name is prefixed with 'SEMD', so now it is chroot or jail friendly.
In simplist cases, both for named and un-named semaphore, userland code
does not have to enter kernel to reduce/increase semaphore's count.
The semaphore is designed to be crash-safe, it means even if an application
is crashed in the middle of operating semaphore, the semaphore state is
still safely recovered by later use, there is no waiter counter maintained
by userland code.
The main semaphore code is in libc and libthr only has some necessary stubs,
this makes it possible that a non-threaded application can use semaphore
without linking to thread library.
Old semaphore implementation is kept libc to maintain binary compatibility.
The kernel ksem API is no longer used in the new implemenation.
Discussed on: threads@
Std 1003.1-2008. Both Linux and Solaris conforms to the new definitions,
so we better follow too (older glibc used old BSDish alphasort prototype
and corresponding type of the comparision function for scandir). While
there, change the definitions of the functions to ANSI C and fix several
style issues nearby.
Remove requirement for "sys/types.h" include for functions from manpage.
POSIX also requires that alphasort(3) sorts as if strcoll(3) was used,
but leave the strcmp(3) call in the function for now.
Adapt in-tree callers of scandir(3) to new declaration. The fact that
select_sections() from catman(1) could modify supplied struct dirent is
a bug.
PR: standards/142255
MFC after: 2 weeks
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.
PR: 137213
Submitted by: Eygene Ryabinkin (initial version)
MFC after: 1 month
The maximum length of a username has nothing to do with the size of the
username in the utmp files. Use MAXLOGNAME, which is defined as 17
(UT_USERSIZE + 1).
The entries in the argv array are not const themselves, but sometimes we
want to fill in const values. Just make the array const and use
__DECONST() to make it const for the execve()-call itself.
Also convert the only K&R prototype to ANSI.
execvPe() is called by _execvpe(), which we added to implement
posix_spawnp(). We just took execvP() and added the envp argument.
Unfortunately we forgot to change the implementation to use envp over
environ.
This fixes the following piece of code:
| char * const arg[2] = { "env", NULL };
| char * const env[2] = { "FOO=BAR", NULL };
| posix_spawnp(NULL, "/usr/bin/env", NULL, NULL, arg, env);
MFC after: 2 weeks
FTS_NOCHDIR option is used. fts_build() could strip a trailing slash
from path name in post-order visit if a path pointing to an empty
directory was given for fts_open().
PR: bin/133907, kern/134513
Reviewed by: das
Approved by: trasz (mentor)
MFC after: 1 month
a feature that libstdc++ depends on to simulate the behavior of libc's
internal '__isthreaded' variable. One benefit of this is that _libc_once()
is now private to _once_stub.c.
Requested by: kan
with the additional property that it is safe for routines in libc to use
in both single-threaded and multi-threaded processes. Multi-threaded
processes use the pthread_once() implementation from the threading library
while single-threaded processes use a simplified "stub" version internal
to libc. The libc stub-version of pthread_once() now also uses the
simplified "stub" version as well instead of being a nop.
Reviewed by: deischen, Matthew Fleming @ Isilon
Suggested by: alc
MFC after: 1 week
well-known race condition, which elimination was the reason for the
function appearance in first place. If sigmask supplied as argument to
pselect() enables a signal, the signal might be delivered before thread
called select(2), causing lost wakeup. Reimplement pselect() in kernel,
making change of sigmask and sleep atomic.
Since signal shall be delivered to the usermode, but sigmask restored,
set TDP_OLDMASK and save old mask in td_oldsigmask. The TDP_OLDMASK
should be cleared by ast() in case signal was not gelivered during
syscall execution.
Reviewed by: davidxu
Tested by: pho
MFC after: 1 month
* retry various system calls on EINTR
* retry the rest after a short read (common if there is more than about 1K
of output)
* block SIGCHLD like system(3) does (note that this does not and cannot
work fully in threaded programs, they will need to be careful with wait
functions)
PR: 90580
MFC after: 1 month
one path. When the list is empty (contain only a NULL pointer), return
EINVAL instead of pretending to succeed, which will cause a NULL pointer
deference in a later fts_read() call.
Noticed by: Christoph Mallon (via rdivacky@)
MFC after: 2 weeks
the type argument. This is known to fix some pthread_mutexattr_settype()
invocations, especially when it comes to pulseaudio.
Approved by: kib
deischen (threads)
MFC after: 3 days
other than the current system-wide size (32-bits) has been updated so
for now just cautiously turn the check off. While here fix the check
for IDs being too large which doesn't work due to type mis-matches.
Reviewed by: jhb (previous version)
Approved by: re (kib)
MFC after: 1 month (type mis-match fixes only)
- The uid/cuid members of struct ipc_perm are now uid_t instead of unsigned
short.
- The gid/cgid members of struct ipc_perm are now gid_t instead of unsigned
short.
- The mode member of struct ipc_perm is now mode_t instead of unsigned short
(this is merely a style bug).
- The rather dubious padding fields for ABI compat with SV/I386 have been
removed from struct msqid_ds and struct semid_ds.
- The shm_segsz member of struct shmid_ds is now a size_t instead of an
int. This removes the need for the shm_bsegsz member in struct
shmid_kernel and should allow for complete support of SYSV SHM regions
>= 2GB.
- The shm_nattch member of struct shmid_ds is now an int instead of a
short.
- The shm_internal member of struct shmid_ds is now gone. The internal
VM object pointer for SHM regions has been moved into struct
shmid_kernel.
- The existing __semctl(), msgctl(), and shmctl() system call entries are
now marked COMPAT7 and new versions of those system calls which support
the new ABI are now present.
- The new system calls are assigned to the FBSD-1.1 version in libc. The
FBSD-1.0 symbols in libc now refer to the old COMPAT7 system calls.
- A simplistic framework for tagging system calls with compatibility
symbol versions has been added to libc. Version tags are added to
system calls by adding an appropriate __sym_compat() entry to
src/lib/libc/incldue/compat.h. [1]
PR: kern/16195 kern/113218 bin/129855
Reviewed by: arch@, rwatson
Discussed with: kan, kib [1]
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically. Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).
This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.
In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups(). In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.
Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we
may in the future.
MFC after: 2 weeks
Last year I added SLIST_REMOVE_NEXT and STAILQ_REMOVE_NEXT, to remove
entries behind an element in the list, using O(1) time. I recently
discovered NetBSD also has a similar macro, called SLIST_REMOVE_AFTER.
In my opinion this approach is a lot better:
- It doesn't have the unused first argument of the list pointer. I added
this, mainly because OpenBSD also had it.
- The _AFTER suffix makes a lot more sense, because it is related to
SLIST_INSERT_AFTER. _NEXT is only used to iterate through the list.
The reason why I want to rename this now, is to make sure we don't
release a major version with the badly named macros.
the length by evaluating the value from the copy, cbuf instead. This
fixes a crash caused by previous commit (use-after-free)
Submitted by: Dimitry Andric <dimitry andric com>
Pointy hat to: delphij
The entire world seems to use the non-standard TIOCSCTTY ioctl to make a
TTY a controlling terminal of a session. Even though tcsetsid(3) is also
non-standard, I think it's a lot better to use in our own source code,
mainly because it's similar to tcsetpgrp(), tcgetpgrp() and tcgetsid().
I stole the idea from QNX. They do it the other way around; their
TIOCSCTTY is just a wrapper around tcsetsid(). tcsetsid() then calls
into an IPC framework.
dlfunc() called dlsym() to do the work, and dlsym() determines the dso
that originating the call by the return address. Due to this, dlfunc()
operated as if the caller is always the libc.
To fix this, move the dlfunc() to rtld, where it can call the internal
implementation of dlsym, and still correctly fetch return address.
Provide usual weak stub for the symbol from libc for static binaries.
dlfunc is put to FBSD_1.0 symver namespace in the ld.so export to
override dlfunc@FBSD_1.0 weak symbol, exported by libc.
Reported, analyzed and tested by: Tijl Coosemans <tijl ulyssis org>
PR: standards/133339
Reviewed by: kan
these functions were moved into the kernel:
- Move the version entries from gen/ to sys/. Since the ABI of the actual
routines did not change, I'm still exporting them as FBSD 1.0 on purpose.
- Add FBSD-private versions for the _ and __sys_ variants.
When calling setttyent() after calling endttyent(), pts_valid will never
be set to 1, because the readdir()-loop will likely never vind a pts
that has a higher number than before.
Simplify the code by removing pts_valid. We'll just set maxpts to -1
when we don't have a valid count yet.
It seems ttyslot() calls rindex(), to strip the device name to the last
slash, but this is obviously invalid. /dev/pts/0 should be stripped
until pts/0. Because /etc/ttys only supports TTY names in /dev/, just
strip this piece of the pathname.
A more elegant way of obtaining a name of a character device by its file
descriptor on FreeBSD, is to use the FIODGNAME ioctl. Because a valid
file descriptor implies a file descriptor is visible in /dev, it will
always resolve a valid device name.
I'm adding a more friendly wrapper for this ioctl, called fdevname(). It
is a lot easier to use than devname() and also has better error
handling. When a device name cannot be resolved, it will just return
NULL instead of a generated device name that makes no sense.
Discussed with: kib
Threading library calls _pre before the fork, allowing the rtld to
lock itself to ensure that other threads of the process are out of
dynamic linker. _post releases the locks.
This allows the rtld to have consistent state in the child. Although
child may legitimately call only async-safe functions, the call may
need plt relocation resolution, and this requires working rtld.
Reported and debugging help by: rink
Reviewed by: kan, davidxu
MFC after: 1 month (anyway, not before 7.1 is out)
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
I believe this is not a valid C99 construct. Use directly calculated
offsets into the supplied buffer, using specified members length,
to fill appropriate structure.
Either use sysctl, or copy the value of the UNAME_x environment
variable, instead of unconditionally doing sysctl, and then
overriding a returned value with user-specified one.
Noted and tested by: rdivacky
Update referenced example to include unistd.h per manpage.
Update example to be more style(9)-ish, silence warnings and add
FreeBSD id to the source file.
review by secteam@ for the reasons mentioned below.
1) Rename /dev/urandom to /dev/random since urandom marked as
XXX Deprecated
alias in /sys/dev/random/randomdev.c
(this is our naming convention and no review by secteam@ required)
2) Set rs_stired flag after forced initialization to prevent
double stearing.
(this is already in OpenBSD, i.e. they don't have double stearing.
It means that this change matches their code path and no additional
secteam@ review required)
Submitted by: Thorsten Glaser <tg@mirbsd.de> (2)
to this commit, "env BLOCKSIZE=4X df" prints not only "4X: unknown
blocksize" as expected, but sometimes also "maximum blocksize is 1G"
and "minimum blocksize is 512" depending on what happened to be on
the stack.
Found by: LLVM/Clang Static Checker
assumed to be reviewd by them):
Stir directly from the kernel PRNG, without taking less random pid & time
bytes too (when it is possible).
The difference with OpenBSD code is that they have KERN_ARND sysctl for
that task, while we need to read /dev/random
