Commit Graph

866 Commits

Author SHA1 Message Date
Konstantin Belousov
85a0ddfd0b Add a resource limit for the total number of kqueues available to the
user.  Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.

Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process.  Limit
allows administrator to prevent the abuse.

This is kernel-mode side of the change, with the user-mode enabling
commit following.

Reported and tested by:	pho
Discussed with:	jmg
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2013-10-21 16:46:12 +00:00
Jilles Tjoelker
bab2982266 sh: Remove one syscall when waiting for a foreground job.
The getpgrp() call is unnecessary: if there is no job control then the
result was not used at all and if there is job control then we are not a
subshell and our process group ID is equal to our process ID (rootpid).
2013-10-18 12:35:12 +00:00
Jilles Tjoelker
2935c4cc5e sh: Make return return from the closest function or dot script.
Formerly, return always returned from a function if it was called from a
function, even if there was a closer dot script. This was for compatibility
with the Bourne shell which only allowed returning from functions.

Other modern shells and POSIX return from the function or the dot script,
whichever is closest.

Git 1.8.4's rebase --continue depends on the POSIX behaviour.

Reported by:	Christoph Mallon, avg
2013-09-04 22:10:16 +00:00
Jilles Tjoelker
b823fb59f1 sh: Fix race condition with signals and wait or set -T.
The change in r238888 was incomplete. It was still possible for a trapped
signal to arrive before the shell went to sleep (sigsuspend()) because a
check was missing or because the signal arrived before in_waitcmd was set.

On SMP, this bug sometimes caused the builtins/wait4.0 test to take 1 second
to execute; it then might or might not fail. On UP, the test almost always
failed.
2013-09-02 21:57:46 +00:00
Jilles Tjoelker
32187151d8 sh: Simplify list() in the parser.
The erflag argument was only used by old-style (``) command substitutions.
We can remove it and handle the special case in the command substitution
code.
2013-08-30 20:50:28 +00:00
Jilles Tjoelker
510739cc24 sh: Separate out nbinary allocation into a function. 2013-08-30 20:37:52 +00:00
Jilles Tjoelker
47752ed647 sh: Use makename() where possible. 2013-08-30 20:13:33 +00:00
Jilles Tjoelker
6ab99f87b7 sh: Add a function for the case where one token is required in the parse. 2013-08-30 13:25:15 +00:00
Jilles Tjoelker
65519ccb4d sh: Recognize "--" as end of options in type builtin.
This implementation makes minimal changes: command names starting with "-"
(other than "--") can still be queried normally.
2013-08-30 12:09:59 +00:00
Jilles Tjoelker
f52924b480 sh: Cast -1 to pointer rather than pointer to variable of wrong type.
NEOF needs to be a non-null pointer distinct from valid union node pointers.
It is not dereferenced.

The new NEOF is much like SIG_ERR except that it is an object pointer
instead of a function pointer.

The variable tokpushback can now be static.
2013-08-30 10:45:02 +00:00
Jilles Tjoelker
71828da5ff sh: Recognize "--" as end of options in alias builtin.
Aliases starting with "-" (which are non-POSIX) will need to be preceded by
an alias not starting with "-" or the newly added "--".
2013-08-25 11:42:53 +00:00
Jilles Tjoelker
3cfb11c41a sh: Disallow empty simple commands.
As per POSIX, a simple command must have at least one redirection,
assignment word or command word.

These occured in rare cases such as  eval "f()" .

The extension of allowing no commands inside { }, if, while, for, etc.
remains.
2013-08-25 10:57:48 +00:00
Jilles Tjoelker
7e6e930d1e sh: Reject ++ and -- in arithmetic.
POSIX does not require ++ and -- in arithmetic. It is probably more useful
to reject them than to treat ++x and --x as x silently.

Note that the behaviour of increment and decrement can be obtained via
(x+=1), ((x+=1)-1), (x-=1) and ((x-=1)+1).

PR:		bin/176444
2013-08-24 20:06:00 +00:00
Jilles Tjoelker
7cb5a0d863 sh: Do not prematurely discard stopped jobs in a wait builtin.
If a job is specified to 'wait', wait for it to complete. Formerly, in
interactive mode, the job was deleted if it stopped.

If no jobs are specified in interactive mode, 'wait' still waits for all jobs
to complete or stop.

In non-interactive mode, WUNTRACED is not passed to wait3() so stopped jobs
are not detected.

PR:		bin/181435
2013-08-24 09:57:32 +00:00
Jilles Tjoelker
9bb8ccd642 sh: Remove unnecessary reset functions.
These are already handled by exception handlers.
2013-08-16 20:24:41 +00:00
Jilles Tjoelker
f0ef49bbf4 sh: Recognize "--" as end of options in bg/fg/jobid builtins. 2013-08-16 13:56:43 +00:00
Jilles Tjoelker
056fd329b9 sh: Recognize "--" as end of options in local builtin. 2013-08-14 21:59:48 +00:00
Jilles Tjoelker
adc2e8dfb4 sh: Allow a lone redirection before '|', ';;' or ';&'.
Example: </dev/null | :

PR:		181240
MFC after:	1 week
2013-08-14 19:34:13 +00:00
Jilles Tjoelker
b6dda50adc sh: Remove an incorrect comment. 2013-07-25 20:50:35 +00:00
Jilles Tjoelker
0bdd387178 sh: Remove #define MKINIT.
MKINIT only served for the removed mkinit. Many variables can be static now.
2013-07-25 19:48:15 +00:00
Jilles Tjoelker
338b821b0f sh: Remove mkinit.
Replace the RESET blocks with regular functions and a reset() function that
calls them all.

This code generation tool is unusual and does not appear to provide much
benefit. I do not think isolating the knowledge about which modules need to
be reset is worth an almost 500-line build tool and wider scope for
variables used by the reset functions.

Also, relying on reset functions is often wrong: the cleanup should be done
in exception handlers so that no stale state remains after 'command eval'
and the like.
2013-07-25 15:08:41 +00:00
Jilles Tjoelker
f85336594c sh: Remove output.c's reset() handler.
These cleanup operations are not needed because they are already performed
after an optimized command substitution (whether there was an error or not).
2013-07-25 13:09:17 +00:00
Jilles Tjoelker
fd7d6d8a29 sh: Do not read from stdin if an error occurs during -i -c cmd.
Although using -i with -c does not seem very useful, it seems inappropriate
to read commands from the terminal in this case.

Side effect: if the -s -c extension is used and the -s option is turned off
using 'set +s' during the interactive part, the shell now exits after an
error or interrupt. Note that POSIX only specifies -s as option to sh, not
to set.

See also Austin Group issue #718.
2013-07-12 15:29:41 +00:00
Jilles Tjoelker
42580a3efa sh: Do not close(-1) if pipe() fails. 2013-06-28 21:47:08 +00:00
Jilles Tjoelker
0c35cec686 sh(1): A subshell environment has its own rlimits (ulimit).
This has always been the case and is intended (just like cd).

This matches Austin group issue #706.
2013-06-14 22:06:18 +00:00
Jilles Tjoelker
bd76c6b83f sh(1): Document new features in wait builtin.
PR:		176916
2013-06-05 19:54:28 +00:00
Jilles Tjoelker
79b1d31887 sh: Return status 127 for unknown jobs in wait builtin.
This is required by POSIX, at least for pids that are not known child
processes.

Other problems with job specifications still cause wait to abort with
exit status 2.

PR:		176916
2013-06-05 19:40:52 +00:00
Jilles Tjoelker
a4099656c3 sh: Allow multiple operands in wait builtin.
This is only part of the PR; the behaviour for unknown/invalid pids/jobs
remains unchanged (aborts the builtin with status 2).

PR:		176916
Submitted by:	Vadim Goncharov
2013-06-05 19:08:22 +00:00
Jilles Tjoelker
336e0c87fa sh: Remove linked list of stack marks.
The linked list of stack marks may cause problems if the allocation stack is
used between an exception and a higher-level popstackmark(), as it may then
touch a stack mark that is local to a function which has returned.

Also, the adjustment compares to a pointer passed to realloc(), which is
undefined behaviour.

Instead of adjusting stack marks when reallocating stack blocks, ensure that
such an adjustment is never necessary by fixing a small piece of memory in
place at a stack mark. This also simplifies the code.

To avoid the problems reported in bin/175922, it remains necessary to call
setstackmark() after popstackmark() if the stack mark remains in use.
2013-05-11 20:51:00 +00:00
Eitan Adler
6c7d832824 Fix two typos
Reviewed by:	jilles
2013-05-09 21:29:16 +00:00
Jilles Tjoelker
5aa6dfda1c sh: Use O_CLOEXEC and F_DUPFD_CLOEXEC instead of separate fcntl() call. 2013-05-05 10:51:40 +00:00
Jilles Tjoelker
c4539460e3 sh: Improve error handling in read builtin:
* If read -t times out, return status as if interrupted by SIGALRM
  (formerly 1).
* If a trapped signal interrupts read, return status 128+sig (formerly 1).
* If [EINTR] occurs but there is no trap, retry the read (for example
  because of a SIGWINCH in interactive mode).
* If a read error occurs, write an error message and return status 2.

As before, a variable assignment error returns 2 and discards the remaining
data read.
2013-05-03 15:28:31 +00:00
Jilles Tjoelker
58c73bab93 sh: Don't consider jobs -s/-p as reporting the status of jobs.
This ensures that something like j=$(jobs -p) does not prevent any
status from being written to the terminal.
2013-04-27 14:07:25 +00:00
Joel Dahl
1ca3beb91f Document a few expansions for the $PS1 and $PS2 environmental variables.
PR:		173410
Submitted by:	Derek Wood <ddwood@outlook.com>
Reviewed by:	jilles
2013-04-21 19:55:38 +00:00
Jilles Tjoelker
6e0f89a4b4 sh: Don't modify exit status when break/continue/return passes !.
This matches what would happen if  ! P  were to be replaced with
if P; then false; else true; fi.

Example:
  f() { ! return 0; }; f
2013-04-12 15:19:35 +00:00
Jilles Tjoelker
7d919c164d sh: Add const to nodesavestr(). 2013-04-07 16:28:36 +00:00
Jilles Tjoelker
c6a453a430 sh: Write as much into the heredoc pipe as possible, to avoid forking.
Use non-blocking I/O to write as much as the pipe will accept (often 64K,
but it can be as little as 4K), avoiding the need for the ugly PIPESIZE
constant. If PIPESIZE was set too high, a deadlock would occur.
2013-04-02 21:34:38 +00:00
Jilles Tjoelker
46c6b52dfb sh: Fix various compiler warnings.
It now passes WARNS=7 with clang on i386.

GCC 4.2.1 does not understand setjmp() properly so will always trigger
-Wuninitialized. I will not add the volatile keywords to suppress this.
2013-04-01 17:18:22 +00:00
Joel Dahl
5127efa399 Minor mdoc fix. 2013-03-29 08:12:09 +00:00
Jilles Tjoelker
54ccc8b588 sh(1): Mention possible ambiguities with $(( and ((.
In some other shells, things like $((a);(b)) are command substitutions.

Also, there are shells that have an extension ((ARITH)) that evaluates an
arithmetic expression and returns status 1 if the result is zero, 0
otherwise. This extension may lead to ambiguity with two subshells starting
in sequence.
2013-03-24 22:48:45 +00:00
Jilles Tjoelker
d70ad6f2d0 sh: Recognize "--" and explicitly reject options in wait builtin.
If syntactically invalid job identifiers are to be taken as jobs that exited
with status 127, this should not apply to options, so that we can add
options later if need be.
2013-03-15 20:29:31 +00:00
Jilles Tjoelker
3fe1119f98 sh: When executing a trap, keep exit status along with evalskip.
This ensures 'return' in a trap returns the correct status to the caller.

If evalskip is not set or if it is overridden by a previous evalskip, keep
the old behaviour of restoring the exit status from before the trap.
2013-03-03 17:33:59 +00:00
Jilles Tjoelker
25e0f0f577 sh: If a SIGINT or SIGQUIT interrupts "wait", return status 128+sig. 2013-02-23 22:50:57 +00:00
Jilles Tjoelker
e9e9223546 sh: Fix a crash with the stackmark code.
If a stack mark is set while the current stack block is empty, the stack
block may move later on (because of realloc()) and the stack mark needs to
be updated. This updating does not happen after popstackmark() has been
called; therefore, call setstackmark() again if the stack mark is still
being used.

For some reason, this only affects a few users. I cannot reproduce it. The
situation seems quite rare as well because an empty stack block would
usually be freed (by popstackmark()) before execution reaches a
setstackmark() call.

PR:		175922
Tested by:	KT Sin
2013-02-19 23:46:51 +00:00
Jilles Tjoelker
1767d529f2 sh: Simplify mksyntax and make it fit for cross-compiling.
Now it outputs fixed files, which use constants provided by the C standard
library to determine appropriate values for the target machine.

Before, mksyntax inspected the host machine which resulted in subtle
breakage if e.g. char is signed on the host and unsigned on the target such
as when cross-compiling on x86 for ARM.

Tested using -funsigned-char on amd64. Compiling build-tools without it and
sh itself with it causes various tests to fail without this change but not
with this change. With consistent -funsigned-char, tests pass with or
without this change.

The mksyntax program could be removed and syntax.c and syntax.h committed to
the repository.

Submitted by:	Christoph Mallon
MFC after:	2 weeks
2013-02-07 22:42:33 +00:00
Jilles Tjoelker
eb64a9137b sh: Fix a comment. 2013-02-07 21:24:10 +00:00
Xin LI
5be97e72e6 Catch TRACE parameters up with r238888. This change is only needed when
debugging is enabled.
2013-02-07 19:00:54 +00:00
Jilles Tjoelker
eaf7719957 sh: Do not test for digit_contig in mksyntax.
ISO/IEC 9899:1999 (E) 5.2.1p3 guarantees that the values of the characters
0123456789 are contiguous.

The generated syntax.c and syntax.h remain the same.

Submitted by:	Christoph Mallon
2013-02-05 22:54:09 +00:00
Jilles Tjoelker
4dc6bdd3e7 sh: Expand here documents in the current process.
Expand here documents at the same point other redirections are expanded but
use a non-fork subshell environment (like simple command substitutions) for
compatibility. Substitition errors result in an empty here document like
before.

As a result, a fork is avoided for short (<4K) expanded here documents.

Unexpanded here documents (with quoted end marker after <<) are not affected
by this change. They already only forked when >4K.

Side effects:
* Order of expansion is slightly different.
* Slow expansions are not executed in parallel with the redirected command.
* A non-fork subshell environment is subtly different from a forked process.
2013-02-03 15:54:57 +00:00
Jilles Tjoelker
58570ac4a5 sh: Prefer our character classification functions to <ctype.h>. 2013-01-31 22:10:57 +00:00