Commit Graph

124 Commits

Author SHA1 Message Date
Kyle Evans
69112cca60 getlogin_r: fix the type of len
getlogin_r is specified by POSIX to to take a size_t len, not int. Fix our
version to do the same, bump the symbol version due to ABI change and
provide compat.

This was reported to break compilation of Ruby 2.8.

Some discussion about the necessity of the ABI compat did take place in the
review. While many 64-bit platforms would likely be passing it in a 64-bit
register and zero-extended and thus, not notice ABI breakage, some do
sign-extend (e.g. mips).

PR:		247102
Submitted by:	Bertram Scharpf <software@bertram-scharpf.de> (original)
Submitted by:	cem (ABI compat)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D26335
2020-09-09 18:07:13 +00:00
Kyle Evans
472ced39ef Implement a close_range(2) syscall
close_range(min, max, flags) allows for a range of descriptors to be
closed. The Python folk have indicated that they would much prefer this
interface to closefrom(2), as the case may be that they/someone have special
fds dup'd to higher in the range and they can't necessarily closefrom(min)
because they don't want to hit the upper range, but relocating them to lower
isn't necessarily feasible.

sys_closefrom has been rewritten to use kern_close_range() using ~0U to
indicate closing to the end of the range. This was chosen rather than
requiring callers of kern_close_range() to hold FILEDESC_SLOCK across the
call to kern_close_range for simplicity.

The flags argument of close_range(2) is currently unused, so any flags set
is currently EINVAL. It was added to the interface in Linux so that future
flags could be added for, e.g., "halt on first error" and things of this
nature.

This patch is based on a syscall of the same design that is expected to be
merged into Linux.

Reviewed by:	kib, markj, vangyzen (all slightly earlier revisions)
Differential Revision:	https://reviews.freebsd.org/D21627
2020-04-12 21:23:19 +00:00
Kyle Evans
979b4b3495 Mark rfork(2) as __returns_twice
rfork is not generally a built-in that would be recognized as behaving like
vfork/fork; provide the hint.
2020-01-22 20:53:25 +00:00
Kyle Evans
727b66b6d9 <unistd.h>: remove redundant __BSD_VISIBLE
This bit is already inside of a larger __BSD_VISIBLE block.

Reported by:	vangyzen
2019-12-15 01:26:57 +00:00
Rick Macklem
6639e9bc31 Add an entry for copy_file_range(2) to unistd.h.
copy_file_range(2) is a Linux compatible syscall created by r350315.

Reviewed by:	kib, asomers
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D20584
2019-07-25 06:10:44 +00:00
Mariusz Zaborski
a1304030b8 Introduce funlinkat syscall that always us to check if we are removing
the file associated with the given file descriptor.

Reviewed by:	kib, asomers
Reviewed by:	cem, jilles, brooks (they reviewed previous version)
Discussed with:	pjd, and many others
Differential Revision:	https://reviews.freebsd.org/D14567
2019-04-06 09:34:26 +00:00
Konstantin Belousov
f4a5a0b8ac Add a missed chunk r335939.
Noted by:	David Carlier
MFC after:	9 days
Differential revision:	https://reviews.freebsd.org/D16178
2018-07-08 15:48:47 +00:00
Conrad Meyer
e9ac27430c Implement getrandom(2) and getentropy(3)
The general idea here is to provide userspace programs with well-defined
sources of entropy, in a fashion that doesn't require opening a new file
descriptor (ulimits) or accessing paths (/dev/urandom may be restricted
by chroot or capsicum).

getrandom(2) is the more general API, and comes from the Linux world.
Since our urandom and random devices are identical, the GRND_RANDOM flag
is ignored.

getentropy(3) is added as a compatibility shim for the OpenBSD API.

truss(1) support is included.

Tests for both system calls are provided.  Coverage is believed to be at
least as comprehensive as LTP getrandom(2) test coverage.  Additionally,
instructions for running the LTP tests directly against FreeBSD are provided
in the "Test Plan" section of the Differential revision linked below.  (They
pass, of course.)

PR:		194204
Reported by:	David CARLIER <david.carlier AT hardenedbsd.org>
Discussed with:	cperciva, delphij, jhb, markj
Relnotes:	maybe
Differential Revision:	https://reviews.freebsd.org/D14500
2018-03-21 01:15:45 +00:00
Pedro F. Giffuni
2321c47418 include: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:45:28 +00:00
Ed Schouten
1a466ddc79 Remove setkey(), encrypt(), des_setkey() and des_cipher().
The setkey() and encrypt() functions are part of XSI, not the POSIX base
definitions. There is no strict requirement for us to provide these,
especially if we're only going to keep these around as undocumented
stubs. The same holds for des_setkey() and des_cipher().

Instead of providing functions that only generate warnings when linking,
simply disallow linking against them. The impact of this is relatively
low. It only causes two leaf ports to break. I'll see what I can do to
help out to get those fixed.

PR:		211626
2016-10-03 18:20:58 +00:00
Konstantin Belousov
295af703a0 Add an implementation of fdatasync(2).
The syscall is a trivial wrapper around new VOP_FDATASYNC(), sharing
code with fsync(2).  For all filesystems, this commit provides the
implementation which delegates the work of VOP_FDATASYNC() to
VOP_FSYNC().  This is functionally correct but not efficient.

This is not yet POSIX-compliant implementation, because it does not
ensure that queued AIO requests are completed before returning.

Reviewed by:	mckusick
Discussed with:	avg (ZFS), jhb (AIO part)
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D7471
2016-08-15 19:08:51 +00:00
Ed Schouten
5f521d7ba7 Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision:	https://reviews.freebsd.org/D7306
2016-08-10 15:16:28 +00:00
Konstantin Belousov
1bdbd70599 Implement process-shared locks support for libthr.so.3, without
breaking the ABI.  Special value is stored in the lock pointer to
indicate shared lock, and offline page in the shared memory is
allocated to store the actual lock.

Reviewed by:	vangyzen (previous version)
Discussed with:	deischen, emaste, jhb, rwatson,
	Martin Simmons <martin@lispworks.com>
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
2016-02-28 17:52:33 +00:00
Pedro F. Giffuni
96a8bf8fbf Rename __sentinel to __null_sentinel
GCC 5 uses a conflicting __sentinel definition in include/c++/bits/stl_algo.h

Reported by:	matteo
2015-11-05 14:55:58 +00:00
Pedro F. Giffuni
5d0bef91b7 Use the __sentinel attribute.
Start using the gcc sentinel attribute, which can be used to
mark varargs function that need a NULL pointer to mark argument
termination, like execl(3).

Relnotes:	yes
2015-07-08 16:21:10 +00:00
Pedro F. Giffuni
749cd43178 unistd: drop argument names from setpgrp(3) prototype.
They are useless and don't match the style of the header.
While here adjust the comment with tabs.

Suggested by:	kevinlo
2014-09-19 18:13:56 +00:00
Pedro F. Giffuni
d9446691c8 unistd: move setpgrp(2) to the __BSD_VISIBLE section
Our setpgrp(2) differs from the specified by POSIX, which
only has one argument, and is only meant for compatibility
with BSD.

Reference:
http://pubs.opengroup.org/onlinepubs/009695399/functions/setpgrp.html

Pointed-out in:	openbsd-tech (2014-09-16)
MFC after:	6 weeks
2014-09-18 17:18:42 +00:00
Jilles Tjoelker
448f5f73dc include: Remove checks for __BSD_VISIBLE where redundant with __XSI_VISIBLE
or __POSIX_VISIBLE.

Whenever <sys/cdefs.h> sets __BSD_VISIBLE to non-zero, it also sets
__POSIX_VISIBLE and __XSI_VISIBLE to the newest version supported.

No functional change is intended.
2014-05-11 13:48:21 +00:00
Jilles Tjoelker
67560dcfb5 Add dup3(), based on F_DUP2FD and F_DUP2FD_CLOEXEC fcntls.
I removed functionality not proposed for POSIX in Austin group issue #411.
A man page (my own) and test cases will follow in later commits.

PR:		176233
Submitted by:	Jukka Ukkonen
2013-08-16 13:10:30 +00:00
Jilles Tjoelker
dc570d5e56 Add pipe2() system call.
The pipe2() function is similar to pipe() but allows setting FD_CLOEXEC and
O_NONBLOCK (on both sides) as part of the function.

If p points to two writable ints, pipe2(p, 0) is equivalent to pipe(p).

If the pointer is not valid, behaviour differs: pipe2() writes into the
array from the kernel like socketpair() does, while pipe() writes into the
array from an architecture-specific assembler wrapper.

Reviewed by:	kan, kib
2013-05-01 22:42:42 +00:00
David Xu
c80e6375ea Process CPU-Time Clocks option is supported, define _POSIX_CPUTIME. 2012-09-10 05:09:39 +00:00
Dimitry Andric
460378bf13 Add a convenience macro for the returns_twice attribute, and apply it to
the prototypes of the appropriate functions (getcontext, savectx,
setjmp, sigsetjmp and vfork).

MFC after:	2 weeks
2012-04-29 11:04:31 +00:00
Colin Percival
3e65b9c6e6 Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam
2011-12-23 15:00:37 +00:00
Edward Tomasz Napierala
2bfc50bc4f Add two new system calls, setloginclass(2) and getloginclass(2). This makes
it possible for the kernel to track login class the process is assigned to,
which is required for RCTL.  This change also make setusercontext(3) call
setloginclass(2) and makes it possible to retrieve current login class using
id(1).

Reviewed by:	kib (as part of a larger patch)
2011-03-05 12:40:35 +00:00
Ulrich Spörlein
091c4c86d1 rpc.lockd(8) WARNS cleanup
- Provide function prototype for nlm_syscall
- Don't assign a variable from the stack to a global var[1]
- Remove unused vars

Found by:	clang static analyser [1]
Reviewed by:	dfr
2010-12-20 21:12:18 +00:00
David Xu
b67cc292dc Add sysctl kern.sched.cpusetsize to export the size of kernel cpuset,
also add sysconf() key _SC_CPUSET_SIZE to get sysctl value.

Submitted by: gcooper
2010-10-29 13:31:10 +00:00
Kevin Lo
ee1cd8fe2a Style: tabs after #define 2010-08-11 09:29:33 +00:00
Warner Losh
f2556687c6 Remove the Berkeley clause 3's.
Add a few $FreeBSD$
2010-02-16 19:39:50 +00:00
Ed Schouten
88b69f52ee Phase out ttyslot(3).
The ttyslot() function was originally part for SUSv1, marked LEGACY in
SUSv2 and removed later on. This function only makes sense when using
utmp(5), because it was used to determine the offset of the record for
the controlling TTY. It makes little sense to keep it here, because the
new utmpx file format doesn't index based on TTY slots.
2010-01-14 05:35:32 +00:00
Edward Tomasz Napierala
c38898116a There is an optimization in chmod(1), that makes it not to call chmod(2)
if the new file mode is the same as it was before; however, this
optimization must be disabled for filesystems that support NFSv4 ACLs.
Chmod uses pathconf(2) to determine whether this is the case - however,
pathconf(2) always follows symbolic links, while the 'chmod -h' doesn't.

This change adds lpathconf(3) to make it possible to solve that problem
in a clean way.

Reviewed by:	rwatson (earlier version)
Approved by:	re (kib)
2009-07-08 15:23:18 +00:00
John Baldwin
c4f16b69e1 Add a new 'void closefrom(int lowfd)' system call. When called, it closes
any open file descriptors >= 'lowfd'.  It is largely identical to the same
function on other operating systems such as Solaris, DFly, NetBSD, and
OpenBSD.  One difference from other *BSD is that this closefrom() does not
fail with any errors.  In practice, while the manpages for NetBSD and
OpenBSD claim that they return EINTR, they ignore internal errors from
close() and never return EINTR.  DFly does return EINTR, but for the common
use case (closing fd's prior to execve()), the caller really wants all
fd's closed and returning EINTR just forces callers to call closefrom() in
a loop until it stops failing.

Note that this implementation of closefrom(2) does not make any effort to
resolve userland races with open(2) in other threads.  As such, it is not
multithread safe.

Submitted by:	rwatson (initial version)
Reviewed by:	rwatson
MFC after:	2 weeks
2009-06-15 20:38:55 +00:00
David Schultz
cc4603df21 Various namespace cleanups, including exposing fchmod() and fchmodat()
in the POSIX namespace, and hiding eaccess() and setproctitle().
Also move mknodat() from unistd.h to sys/stat.h where it belongs.
The *at() syscalls are only in CURRENT, so this shouldn't cause
problems.
2009-03-14 19:11:08 +00:00
David Schultz
b2aa672ecd - Add getsid, fchdir, getpgid, lchown, pread, pwrite, truncate,
*at, and fexecve to the POSIX.1-2008 namespace.
- Remove getwd, ualarm, usleep, and vfork from the XSI namespace.
- Remove mkdtemp from the POSIX.1-2008 namespace (should be in stdlib.h).
2009-03-04 03:32:28 +00:00
Peter Wemm
a718c0c3bc Move getosreldate(3) prototype from the machine generated <osreldate.h>
to <unistd.h> in the BSD section.

Suggested by:	kib
2008-09-26 19:23:22 +00:00
David Xu
1b2bb4a55f posix_spawn() is supported, set _POSIX_SPAWN to 200212L. 2008-07-08 03:08:32 +00:00
Ed Schouten
c605eea952 Turn execvpe() into an internal libc routine.
Adding exevpe() has caused some ports to break. Even though execvpe() is
a useful routine, it does not conform to any standards.

This patch is a little bit different from the patch sent to the mailing
list. I forgot to remove execvpe from the Symbol.map (which does not
seem to miscompile libc, though).

Reviewed by:	davidxu
Approved by:	philip
2008-06-23 05:22:06 +00:00
David Xu
947aa542e9 Add POSIX routines called posix_spawn() and posix_spawnp(), which
can be used as replacements for exec/fork in a lot of cases. This
change also added execvpe() which allows environment variable
PATH to be used for searching executable file, it is used for
implementing posix_spawnp().

PR: standards/122051
2008-06-17 06:26:29 +00:00
Konstantin Belousov
196afaa91c Add the restrict qualifiers to the pointer arguments of the readlinkat. 2008-04-10 12:13:56 +00:00
Konstantin Belousov
914c696304 Correct the prototype for the faccessat().
Reported by:	ru
2008-04-01 10:49:06 +00:00
Konstantin Belousov
ba2983e5b3 Add the libc glue and headers definitions for the *at() syscalls.
Based on the submission by rdivacky,
	sponsored by Google Summer of Code 2007
Reviewed by:	rwatson, rdivacky
Tested by:	pho
2008-03-31 12:14:04 +00:00
Ruslan Ermilov
a059c409c2 Added the "restrict" type-qualifier to the readlink() prototype. 2008-02-26 20:33:52 +00:00
Ruslan Ermilov
5f56182b6f Change readlink(2)'s return type and type of the last argument
to match POSIX.

Prodded by:	Alexey Lyashkov
2008-02-12 20:09:04 +00:00
David Xu
0248203e2b _POSIX_THREAD_CPUTIME is now supported. 2008-01-18 08:48:32 +00:00
John Baldwin
ce309a2f26 Add a feature_present(3) function which checks to see if a named kernel
feature is present by checking the kern.features sysctl MIB.

MFC after:	1 week
2008-01-10 22:11:21 +00:00
Pawel Jakub Dawidek
143943aa35 Forgot to commit this file: add definition for _SC_PHYS_PAGES. 2006-12-14 21:42:03 +00:00
David Xu
ea8fe575cd barrier and spin_lock had already been implemented in libpthread and
libthr for a long time, set both _POSIX_BARRIERS and _POSIX_SPIN_LOCKS
to 200112L.
2005-12-02 02:36:13 +00:00
Xin LI
8dcb56dc78 Provide more POSIX-complaint ttyname_r(3) interface[1], which is slightly
different from what has been offered in libc_r (the one spotted in the
original PR which is found in libthr has already been removed by David's
commit, which is rev. 1.44 of lib/libthr/thread/thr_private.h):
	- Use POSIX standard prototype for ttyname_r, which is,
		int ttyname_r(int, char *, size_t);
	  Instead of:
	  	char *ttyname_r(int, char *, size_t);
	  This is to conform IEEE Std 1003.1, 2004 Edition [1].
	- Since we need to use standard errno for return code, include
	  errno.h in ttyname.c
	- Update ttyname(3) implementation according to reflect the API
	  change.
	- Document new ttyname_r(3) behavior
	- Since we already make use of a thread local storage for
	  ttyname(3), remove the BUGS section.
	- Remove conflicting ttyname_r related declarations found in libc_r.

Hopefully this change should not have changed the API/ABI, as the ttyname_r
symbol was never introduced before the last unistd.h change which happens a
couple of days before.

[1] http://www.opengroup.org/onlinepubs/009695399/functions/ttyname.html

Requested by:	Tom McLaughlin <tmclaugh sdf lonestar org>
Through PR:	threads/76938
Patched by:	Craig Rodrigues <rodrigc crodrigues org> (with minor changes)
Prompted by:	mezz@
2005-05-13 16:27:30 +00:00
Xin LI
f73fd5bd75 Connect MLINKS for ttyname_r(3), and add prototype into unistd.h. 2005-05-11 14:07:25 +00:00
David Schultz
3eea66586b - Declare mknod in stat.h (in addition to unistd.h), as per XSI.
- Use blksize_t and blkcnt_t in struct stat.
- Hide non-standard fields in stat.h when !__BSD_VISIBLE.
- Add restrict qualifiers in stat.h.
2005-03-22 01:19:18 +00:00
Tom Rhodes
2f5cde3c64 According to the information on:
http://www.opengroup.org/onlinepubs/009695399/functions/swab.html
the prototype for swab() should be in <unistd.h> and not in <string.h>.
Move it, and update to match SUS.  Leave the prototype in string.h for
now, for backwards compat.

PR:		74751
Submitted by:	Craig Rodrigues <rodrigc@crodrigues.org>
Discussed with:	das
2004-12-10 15:24:40 +00:00