vs. the comment documented "If we are working with a privileged socket,
then take only one attempt". Make the code match.
Furthermore, critical privileged applications that [over] log a vast amount
can look like a DoS to this code. Given it's unlikely the single reattempted
send() will succeeded, avoid usurping the scheduler in a library API for a
single non-critical facility in critical applications.
Obtained from: Juniper Networks
Discussed with: glebius
than silently failing and returning success.
Without this, code calls pthread_once(), receives a return value of
success, and thinks that the passed function has been called.
Approved by: dim (mentor)
not disabled in the usual way (by adding it to __DEFAULT_NO_OPTIONS in
share/mk/bsd.own.mk), and because the test for MK_LIBCPLUSPLUS in
Makefile.inc1 was incorrect.
Pointy hat to: dim
MK_LIBCPLUSPLUS=yes to enable). This is a work-in-progress. It works for
me, but is not guaranteed to work for anyone else and may eat your dog.
To build C++ using libc++, add -stdlib=libc++ to your CXX and LD flags.
Bug reports welcome, bug fixes even more welcome...
Approved by: dim (mentor)
system calls to provide feed-forward clock management capabilities to
userspace processes. ffclock_getcounter() returns the current value of the
kernel's feed-forward clock counter. ffclock_getestimate() returns the current
feed-forward clock parameter estimates and ffclock_setestimate() updates the
feed-forward clock parameter estimates.
- Document the syscalls in the ffclock.2 man page.
- Regenerate the script-derived syscall related files.
Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.
For more information, see http://www.synclab.org/radclock/
Submitted by: Julien Ridoux (jridoux at unimelb edu au)
is unencrypted. This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.
To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.
MFC after: 1 week
Noticed by: Guy Helmer <guy.helmer@palisadesystems.com>
load of _l suffixed versions of various standard library functions that use
the global locale, making them take an explicit locale parameter. Also
adds support for per-thread locales. This work was funded by the FreeBSD
Foundation.
Please test any code you have that uses the C standard locale functions!
Reviewed by: das (gdtoa changes)
Approved by: dim (mentor)
allow the built-in operations to be redefined, at least not without
excessive force).
Instead, just disable LLVM's support for atomic operations for now.
Nothing in either clang or the tablegen tools currently depends on it.
This still allows users of head built before r198344 to upgrade to
top-of-head seamlessly.
change here is to ensure that when a process forks after arc4random
is seeded, the parent and child don't observe the same random sequence.
OpenBSD's fix introduces some additional overhead in the form of a
getpid() call. This could be improved upon, e.g., by setting a flag
in fork(), if it proves to be a problem.
This was discussed with secteam (simon, csjp, rwatson) in 2008, shortly
prior to my going out of town and forgetting all about it. The conclusion
was that the problem with forks is worrisome, but it doesn't appear to
have introduced an actual vulnerability for any known programs.
The only significant remaining difference between our arc4random and
OpenBSD's is in how we seed the generator in arc4_stir().
OpenBSD's version (r1.22). While some of our style changes were
indeed small improvements, being able to easily track functionality
changes in OpenBSD seems more useful.
Also fix style bugs in the FreeBSD-specific parts of this file.
No functional changes, as verified with md5.
Some header file parts of this patch were taken from a patch submitted
by Maya Erez <merez@codeaurora.org> to the LibUSB developers list.
MFC after: 1 week
Some consumers of PAM remove the /dev/ component (i.e. login), while
others don't (i.e. su). We must ensure that the /dev/ component is
removed to ensure that the utmpx entries properly work with tools such
as w(1).
Discussed with: des
MFC after: 1 week
to be gcc's default before r198344, calls to atomic builtins will not be
expanded inline. Instead, they will be generated as calls to external
functions (e.g. __sync_fetch_and_add_N), leading to linking errors later
on.
Put in a seatbelt that disables use of atomic builtins in libstdc++ and
llvm, when tuning specifically for the real i386 CPU. This does not
protect against all possible issues, but it is better than nothing.
This variable was added in r82352 back in 2001, but even then it didn't
have any use. Because it's not marked static, the C compiler won't
complain about it.
Discussed with: des
The size passed to strlcat() must depend on the input length, not the
output length. Because the input and output buffers are equal in size,
the resulting binary does not change at all.
madvise(2) except that it operates on a file descriptor instead of a
memory region. It is currently only supported on regular files.
Just as with madvise(2), the advice given to posix_fadvise(2) can be
divided into two types. The first type provide hints about data access
patterns and are used in the file read and write routines to modify the
I/O flags passed down to VOP_READ() and VOP_WRITE(). These modes are
thus filesystem independent. Note that to ease implementation (and
since this API is only advisory anyway), only a single non-normal
range is allowed per file descriptor.
The second type of hints are used to hint to the OS that data will or
will not be used. These hints are implemented via a new VOP_ADVISE().
A default implementation is provided which does nothing for the WILLNEED
request and attempts to move any clean pages to the cache page queue for
the DONTNEED request. This latter case required two other changes.
First, a new V_CLEANONLY flag was added to vinvalbuf(). This requests
vinvalbuf() to only flush clean buffers for the vnode from the buffer
cache and to not remove any backing pages from the vnode. This is
used to ensure clean pages are not wired into the buffer cache before
attempting to move them to the cache page queue. The second change adds
a new vm_object_page_cache() method. This method is somewhat similar to
vm_object_page_remove() except that instead of freeing each page in the
specified range, it attempts to move clean pages to the cache queue if
possible.
To preserve the ABI of struct file, the f_cdevpriv pointer is now reused
in a union to point to the currently active advice region if one is
present for regular files.
Reviewed by: jilles, kib, arch@
Approved by: re (kib)
MFC after: 1 month
the word alignment, some versions of gcc do require 16-byte alignment.
Make sure the stack is 16-byte aligned before calling a subroutine.
Inspired by: PR amd64/162214
MFC after: 1 week
as it is required by amd64 ABI. Add a comment for the places were
the stack is accidentally properly aligned already.
PR: amd64/162214
Submitted by: yamayan <yamayan kbh biglobe ne jp>
MFC after: 1 week
When booting the system, truncate the utx.active file, but do write the
BOOT_TIME record into it afterwards. This allows one to obtain the boot
time of the system as follows:
struct utmpx u1 = { .ut_type = BOOT_TIME }, *u2;
setutxent();
u2 = getutxid(&u1);
Now, the boot time is stored in u2->ut_tv, just like on Linux and other
systems.
We don't open the utx.active file with O_EXLOCK. It's rather unlikely
that other applications use this database at the same time and I want to
prevent the possibility of deadlocks in init(8).
Discussed with: pluknet
working MI one. The MI one only needs to be overridden on machines
with non-IEEE754 arithmetic. (The last supported one was the VAX.)
It can also be overridden if someone comes up with a faster one that
actually passes the regression tests -- but this is harder than it sounds.
- Handle cases where exp(x) would overflow, but ccosh(x) ~= exp(x) / 2
shouldn't.
- Use the ccosh(x) ~= exp(x) / 2 approximation to simplify the calculation
when x is large.
Similarly for csinh(). Also fixed the return value of csinh(-Inf +- 0i).
exp(x) scaled down by some factor, and the challenge is doing this
accurately when exp(x) would overflow. This change replaces all of
the tricks we've been using with common __ldexp_exp() and
__ldexp_cexp() routines that handle all the scaling.
bde plans to improve on this further by moving the guts of exp() into
k_exp.c and handling the scaling in a more direct manner. But the
current approach is simple and adequate for now.
As the underlying block is 4KB if the PMC throughput is low the measurement
will be reported on the next tick. pmcstat(8) use the modified flush API to
reclaim current buffer before displaying next top.
MFC after: 1 month
library," since complex.h, tgmath.h, and fenv.h are also part of the
math library. Replace the outdated sentence with some references to
the other parts.
and the caller requested other process' PID by passing non-NULL pidptr
argument, we will wait at most 100ms for the PID to show up in the file and if
it won't, we will store -1 in *pidptr.
From now on, pidfile_open() function never sets errno to EAGAIN on failure.
In collaboration with: des
MFC after: 1 week
- Rename __kernel_log() to k_log1p().
- Move some of the work that was previously done in the kernel log into
the callers. This enables further refactoring to improve accuracy or
speed, although I don't recall the details.
- Use extra precision when adding the final scaling term, which improves
accuracy.
- Describe and work around compiler problems that break some of the
multiprecision calculations.
A fix for a small bug is also included:
- Add a special case for log*(1). This is needed to ensure that log*(1) == +0
instead of -0, even when the rounding mode is FE_DOWNWARD.
Submitted by: bde
no longer "fast" on sparc64. (It really wasn't to begin with, since
the old implementation was using long doubles, and long doubles are
emulated in software on sparc64.)
round-to-nearest mode when the result, rounded to twice machine
precision, was exactly halfway between two machine-precision
values. The essence of the fix is to simulate a "sticky bit" in
the pathological cases, which is how hardware implementations
break the ties.
MFC after: 1 month
libusb_dev_kernel_driver_active() works. In case of
libusb20 the manpage was wrong and in case of
libusb10 the implementation was wrong.
Submitted by: Kai Wang
MFC after: 3 days
fenv.h that are currently inlined.
The definitions are provided in fenv.c via 'extern inline'
declaractions. This assumes the compiler handles 'extern inline' as
specified in C99, which has been true under FreeBSD since 8.0.
The goal is to eventually remove the 'static' keyword from the inline
definitions in fenv.h, so that non-inlined references all wind up
pointing to the same external definition like they're supposed to.
I am deferring the second step to provide a window where
newly-compiled apps will still link against old math libraries.
(This isn't supported, but there's no need to cause undue breakage.)
Reviewed by: stefanf, bde
Even though POSIX allows us to return simply /dev/tty as a pathname
identifying the controlling terminal of the running process, it is nicer
if this function were actually useful, by returning the actual pathname
of the controlling terminal.
Implement ctermid() by using the kern.devname sysctl to resolve the
actual name of /dev/tty. Don't use devname(3), since it may return bogus
strings like #C:0x123.
As of FreeBSD 6, devices can only be opened through devfs. These device
nodes don't have major and minor numbers anymore. The st_rdev field in
struct stat is simply based a copy of st_ino.
Simply display device numbers as hexadecimal, using "%#jx". This is
allowed by POSIX, since it explicitly states things like the following
(example taken from ls(1)):
"If the file is a character special or block special file, the
size of the file may be replaced with implementation-defined
information associated with the device in question."
This makes the output of these commands more compact. For example, ls(1)
now uses approximately four columns less. While there, simplify the
column length calculation from ls(1) by calling snprintf() with a NULL
buffer.
Don't be afraid; if needed one can still obtain individual major/minor
numbers using stat(1).
Import the rest of HID improvements from the branch:
- improve report descriptor parser in libusbhid to handle several kinds of
reports same time;
- add to the libusbhid API two functions wrapping respective kernel IOCTLs
for reading and writing reports;
- tune uhid IOCTL interface to allow reading and writing arbitrary report,
when multiple supported by the device;
- teach usbhidctl to set output and feature reports;
- make usbhidaction support all the same item names as bhidctl.
Sponsored by: iXsystems, inc.
1. Allow the caller to select active mode.
2. Fix the envar logic so it *always* overrides the caller's flags.
3. Document the change from active to passive.
conversion, conversion must fail and errno must be set to E2BIG.
PR: standards/160673
Submitted by: Henning Petersen <henning.petersen@t-online.de>
Reviewed by: pluknet
Approved by: re (kib), delphij (mentor)
ISO images with tar.
Vendor revision 3648 (merge of 3647):
Additional fix to issue 168 because the change of r3642 was not sufficient.
- Make sure "CL" entry appear after its "RE" entry which the "CL" entry
should be connected with.
- Give consideration to the case that the top level "RE" entry has
already been exposed outside before its tree.
Approved by: re (kib)
Obtained from: libarchive (release/2.8, svn rev 3648)
MFC after: 3 days
Upstream revision 3645 (merge of 3642):
Change the mechanism handling a rr_moved directory,
which is Rockridge extension that can exceed the limitation of
a maximum directory depth of ISO 9660.
- Stop reading all entries at a time.
- Connect "CL" entry to "RE" entry dynamically, which "CL" and "RE"
have information to rebuild a full directory tree.
- Tweak some related tests since we use Headsort for re-ordering
entries and it cannot make a steady order when the keies of
the entries are the same.
http://code.google.com/p/libarchive/issues/detail?id=168
Reviewed by: kientzle
Approved by: re (kib)
Obtained from: libarchive (release/2.8, svn rev 3645)
MFC after: 3 days
A "process descriptor" file descriptor is used to manage processes
without using the PID namespace. This is required for Capsicum's
Capability Mode, where the PID namespace is unavailable.
New system calls pdfork(2) and pdkill(2) offer the functional equivalents
of fork(2) and kill(2). pdgetpid(2) allows querying the PID of the remote
process for debugging purposes. The currently-unimplemented pdwait(2) will,
in the future, allow querying rusage/exit status. In the interim, poll(2)
may be used to check (and wait for) process termination.
When a process is referenced by a process descriptor, it does not issue
SIGCHLD to the parent, making it suitable for use in libraries---a common
scenario when using library compartmentalisation from within large
applications (such as web browsers). Some observers may note a similarity
to Mach task ports; process descriptors provide a subset of this behaviour,
but in a UNIX style.
This feature is enabled by "options PROCDESC", but as with several other
Capsicum kernel features, is not enabled by default in GENERIC 9.0.
Reviewed by: jhb, kib
Approved by: re (kib), mentor (rwatson)
Sponsored by: Google Inc
capability mode and capabilities.
Right now no attempt is made to unwrap capabilities when operating on
a crashdump, so further refinement is required.
Approved by: re (bz)
Sponsored by: Google Inc
Partial merge of 2431 from trunk: Retry writes on EINTR.
This should fix the SIGINT handler in bsdtar.
Note: The rest of r2431 can't be merged, since it interacts
with a big write-side rearchitecture.
PR: bin/149409
Reviewed by: kientzle
Approved by: re (kib)
MFC after: 3 days
in order to account for LP64 targets when cross-debugging on ILP32,
allowing r224683 to compile on ILP32.
Note that thr_p{read,write}_{long,ptr}() still incorrectly use the size
of the respective types on the host rather than that on the target when
accessing the target address space which still needs to be fixed. This
means that r224683 alone may not be sufficient to solve the problem it's
intended to fix when cross-debugging.
Approved by: re (hrs)
violated ECMA-119 (ISO9660): allow reserved4 to be 0x20 in PVD.
This allows tar to read FreeBSD distribution ISO images created
with makefs prior to NetBSD bin/45217 bugfix (up to 9.0-BETA1).
In addition, merge following important bugfixes from
libarchive's release/2.8 branch:
Revision 2812:
Merge 2811 from trunk: Don't try to verify that compression-level=0
produces larger results than the default compression, since this isn't
true for all versions of liblzma.
Revision 2817:
Merge 2814 from trunk: Fix Issue 121 (mtree parser error)
http://code.google.com/p/libarchive/issues/detail?id=121
Revision 2820:
Fix issue 119.
Change the file location check that a file location does not exceed
volume block. New one is that a file content does not exceed volume
block(end of an ISO image). It is better than previous check even
if the issue did not happen.
While reading an ISO image generated by an older version of mkisofs
utility, a file location indicates the end the ISO image if its file
size is zero and it is the last file of all files of the ISO image,
so it is possible that the location value is the same as the number
of the total block of the ISO image.
http://code.google.com/p/libarchive/issues/detail?id=119
Revision 2955:
Issue 134: Fix libarchive 2.8 crashing in archive_write_finish() when
the open has failed and we're trying to write Zip format.
http://code.google.com/p/libarchive/issues/detail?id=134
Revision 2958:
Followup on Issue 134:
1) Port test_open_failure to libarchive 2.8 branch to test
the problem reported in Issue 134.
This test also shows that archive_read_open() sometimes
fails to report open errors correctly.
2) Fix the bug in archive_read.c
3) Comment out the tests that close functions are invoked
promptly when open fails; that's fully fixed in libarchive 3.0,
but I don't think it's worth fixing here.
Revision 3484:
Use uintmax_t with %ju
Revision 3487:
Fix issue 163.
Correctly allocate enough memory for a input buffer saved.
http://code.google.com/p/libarchive/issues/detail?id=163
Revision 3542:
Merge 2516, 2536 from trunk: Allow path table offset values of
0 and 18, which are used by some ISO writers.
Reviewed by: kientzle
Approved by: re (kib)
MFC after: 3 days
Accessing it as an int causes failure on big-endian LP64, i.e. mips64be,
powerpc64 and sparc64.
Reviewed by: marcel
Approved by: re (kib)
MFC after: 1 week
o get the physical address and size of the PBVM page table. This
can be found in the bootinfo structure, of which the physical
address is recorded as the ELF entry point.
o translate region 4 virtual addresses to physical addresses using
the PBVM page table.
In _kvm_kvatop() make the distinction between physical address and
core file offset a little clearer to avoid confusion. To further
enhance readability, always store the translated address into pa
so that it's obvious how the translation from va to pa happened.
Approved by: re (blanket)
* Decouple the path supervision using a separate HB timer per path.
* Add support for potentially failed state.
* Bring back RTO.min to 1 second.
* Accept packets on IP-addresses already announced via an ASCONF
* While there: do some cleanups.
Approved by: re@
MFC after: 2 months.
proc_attach always frees any struct proc_handle data
that it allocates, but that is supposed to be done
only in error conditions.
PR: bin/158431
Approved by: re (kib)
MFC after: 1 week
dynamic memory allocation to hold per-CPU memory types data (sized to
mp_maxid for UMA, and to mp_maxcpus for malloc to match the kernel).
That fixes libmemstat with arbitrary large MAXCPU values and therefore
eliminates MEMSTAT_ERROR_TOOMANYCPUS error type.
Reviewed by: jhb
Approved by: re (kib)
- Fix usbhidctl and usbhidaction to handle HID devices with multiple
report ids, such as multimedia keyboards.
- Add collection type and report id to the `usbhidctl -r` output. They
are important for proper device understanding and debugging.
- Fix usbhidaction tool to properly handle items having report_count
more then 1.
Approved by: re (kib)
MFC after: 2 weeks
These system calls have already been implemented in the kernel; now we
hook up libc symbols so userspace can drive them.
Approved by: re (kib), mentor (rwatson)
Sponsored by: Google Inc
-g, by reverting r219139. The LLVM PR referenced in that revision was
fixed in the mean time, and we imported a clang snapshot soon
afterwards, so the temporary workaround of disabling clang's integrated
assembler is no longer needed.
In this particular case, using e.g. DEBUG_FLAGS=-g causes clang to
output certain directives into assembly that our version of GNU as
chokes on.
Reported by: dougb
Approved by: re (kib)
This includes a structural change regarding atomic ops. Previously they
were enabled on all platforms unless we had knowledge that they did not
work. However both work performed by marius@ on sparc64 and the fact that
the 9.8.x branch is fussier in this area has demonstrated that this is
not a safe approach. So I've modified a patch provided by marius to
enable them for i386, amd64, and ia64 only.
- Clamp the string length to 255 bytes when getting
the interface description.
- Clamp data request length to 65535 bytes when doing
control requests.
MFC after: 3 days
Formerly, in this case an error was returned but the pid was also returned
to the application, requiring the application to use unspecified behaviour
(the returned pid in error situations) to avoid zombies.
Now, reap the zombie and do not return the pid.
MFC after: 2 weeks
In C90, NULL is guaranteed to be declared in <stddef.h> and also in
<string.h>. Though the correct way to define NULL in FreeBSD is to
include <sys/_null.h>, other parts of libstand still require <string.h>
to build; therefore, we keep <string.h> in stand.h and add a note about
this;
- Removing no longer used 'Prototype' definition. Quote from bde@:
'Cruft related to getting incomplete struct declarations within
prototypes forward-declared before the structs. It doesn't mean
"prototype" but only part of a prototype-related hack. No longer
used.'
- Replacing iaddr_t with uintptr_t;
- Removing use of long double to determine alignment. Use a fixed 16 byte
alignment instead;
Reviewed by: bde
Obtained from: DragonFlyBSD (partially)
MFC after: 1 month
this fix only applies to zalloc.c, the other part of libstand such like
qdivrem.c still gives compilation warnings on sparc64 tinderbox builds;
therefore, WARNS level isn't changed for now.
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Reviewed by: bde
mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.
Remove them and replace their usage with custom pc_cpuid magic (as,
atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and
pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).
This change is not targeted for MFC because of struct pcpu members
removal and dependency by cpumask_t retirement.
MD review by: marcel, marius, alc
Tested by: pluknet
MD testing by: marcel, marius, gonzo, andreast
about the parent USB device:
- libusb20_dev_get_parent_address
- libusb20_dev_get_parent_port
- Rename libusb20_compat01.c into libusb01.c
MFC after: 3 days
(1) Coding style changes.
(2) If the server does not acknowledge any blocksize option,
revert to the default blocksize of 512 bytes.
(3) Send ACK if the first packet happens to be the last packet.
(4) Do not accept blocksize greater than what was requested.
(5) Drop any unwanted OACK received if a tftp transfer is already
in progress.
(6) Terminate incomplete transfers with a special no-error ERROR packet.
Otherwise we rely on the tftp server to time out, which it does
eventually, after re-sending the last packet several times and spamming
the system log about it every time. This idea is borrowed from the
PXE client, which does exactly that.
Submitted by: Alexander Kabaev <kan@FreeBSD.org>
Reviewed and Tested by: Santhanakrishnan Balraj <sbalraj at juniper dot net>
If a file is mapped with with MAP_PRIVATE, no write permission is required
and changes do not end up in the file. Therefore, tools like fuser and fstat
should not show the file as open for writing.
The protection as displayed by procstat -v still includes write in this
case, and shows 'C' for copy-on-write.
o Set TP using inline assembly to avoid dead code elimination.
o Eliminate _tcb.
Merge from r161840:
Stylize: avoid using a global register variable.
Merge from r157461:
Simplify _get_curthread() and _tcb_ctor because libc and rtld now
already allocate thread pointer space in tls block for initial thread.
Merge from r177853:
Replace function _umtx_op with _umtx_op_err, the later function directly
returns errno, because errno can be mucked by user's signal handler and
most of pthread api heavily depends on errno to be correct, this change
should improve stability of the thread library.
MFC after: 1 week
