Closing stdin/stdout/stderr is often a bad idea as a future open()
can end up with its fd. Leave it open and limit it to no rights
instead.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D7984
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7954
This is not actually documented or even implied in style(9). Make the change
to match convention. Someone should document this convention in style(9).
Reported by: jhb
Sponsored by: EMC Dell Isilon
This is a nice and trivial program for sandboxing. One input file, one
output file.
Reviewed by: pfg
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7920
This is a straightforward single input, single output program for
capsicum.
Reviewed by: bapt
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7928
stdio uses fstat and the TIOCGETA ioctl. Also collapse the
cap_rights_limit and new cap_ioctls_limit calls into one if statement.
Errors here are not actionable by the user and distinguishing stdout
from stderr doesn't really have value.
Reported by: kib
Reviewed by: allanjude, bapt
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7944
if getcwd fails: just ignore it and do not try to adding to the list of possible
path where to find the files.
if fdopen fails, warn and return NULL the rest of the code knows how to deal
with it
Reported by: oshogbo
As a trick to be able to access all files passed in arguments (readonly) within
the sandbox we first open the root directory, then consider all files as
relative to this file descriptor.
This might be improved once casper add supports for filesystem.
MFC after: 1 month
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7936
errx() prefixes the error string with argv[0] so including "login: "
in the string is redundant. Also remove a superfluous newline.
Sponsored by: The FreeBSD Foundation
The first argument of calloc(3) should be an ordinal type, and the
second a size: split a multiplication to make better use of calloc(3)
and detect overflows.
Do some other re-ordering and style fixes while here.
MFC after: 3 weeks
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
Reviewed by: allanjude, cem, kib
Obtained from: anonymous gist
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7619
process. We don't *quite* pull that number out of our backside, as
the actual number is difficult to determine without modifying the VM
system to report it, but it's still useful to get an idea of what's
going on when a machine unexpectedly starts swapping.
MFC after: 1 week
Use this to control inclusion of the libllvm functionality required
by lld. Enable by default on arm64 and amd64, the two platforms where
lld is most usable for testing.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7713
(On RISC-V MK_CXX is in BROKEN_OPTIONS, so users remains skipped there.)
Reviewed by: bdrewery
Differential Revision: https://reviews.freebsd.org/D7725
to -32768 when it is used as an argument to mp_itom(), in both libtelnet
and newkey. This code has been wrong since r26238 (!), so after almost
20 years it is rather useless to try to correct it.
MFC after: 1 week
* Bootstrap llvm-tblgen and clang-tblgen with a minimal llvm static
library, that has no other dependencies.
* Roll up all separate llvm libraries into one big static libllvm.
* Similar for all separate clang and lldb static libraries.
* For all these libraries, generate their .inc files only once.
* Link all llvm tools (including extra) against the big libllvm.
* Link clang and clang-format against the big libllvm and libclang.
* Link lldb against the big libllvm, libclang and liblldb.
N.B.: This is work in progress, some details may still be missing.
It also heavily depends on bsd.*.mk's support for SRCS and DPSRCS with
relative pathnames, which apparently does not always work as expected.
For building llvm, clang and lldb though, it seems to work just fine.
The main idea behind this restructuring is maintainability and build
peformance. The previous large number of very small libraries, each
with their own generated files and dependencies was slow to traverse
and hard to understand.
Possible future improvements:
* Only build certain targets, e.g. for most regular users having just
one target will be fine. This will shave off some build time.
* Building the big llvm, clang and lldb libraries as shared (private)
libraries.
* Adding other components from the LLVM project, such as lld.
It's not necessarily intuitive that the variables to query contain TRUSTEDBSD
in the prefix. Add non-TRUSTEDBSD prefixed knobs for querying things like
"_PC_ACL_NFS4".
MFC after: 1 week
Relnotes: yes
Reviewed by: wollman
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7618
Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
Reviewed by: emaste, ed, oshogbo, delphij
Approved by: so
MFC after: 3 days
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D7358
Decouple the send and receive limits on the amount of data in a single
iSCSI PDU. MaxRecvDataSegmentLength is declarative, not negotiated, and
is direction-specific so there is no reason for both ends to limit
themselves to the same min(initiator, target) value in both directions.
Allow iSCSI drivers to report their send, receive, first burst, and max
burst limits explicitly instead of using hardcoded values or trying to
derive all of them from the receive limit (which was the only limit
reported by the drivers prior to this change).
Display the send and receive limits separately in the userspace iSCSI
utilities.
Reviewed by: jpaetzel@ (earlier version), trasz@
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D7279
The TRUSTEDBSD prefix was chosen for consistency with the other
related `_PC_ACL*` prefixed variables.
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
This allows shell programs to programmatically determine whether
or not a filesystem supports sparse files
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.
Reviewed by: oshogbo
No objection: cperciva
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7610
Coverity correctly reported that it's impossible for /comparison/ to be 0
here, because the only way for the for loop to end is by /comparison/
being < 0.
Fortunately the consequences of this bug weren't severe; for duplicated
entries in the typedef names file it would unnecessarily duplicate strings
with strdup(), but pointers to those would replace existing ones. So this
was a memory leak at worst.
CID: 1361477
Obtained from: Piotr Stephaniak
Shift the responsibility of allocating memory for the string duplicate
from the caller (set_option, add_typedefs_from_file) to the callee
(add_typename) as it has more knowledge about when the duplication
actually needs to occur.
Taken from: Piotr Stefaniak
Now that we've switched over to using the vDSO on CloudABI, it becomes a
lot easier for us to phase out old features. System call numbering is no
longer something that's part of the ABI. It's fully based on names. As
long as the numbering used by the kernel and the vDSO is consistent
(which it always is), it's all right.
Let's put this to the test by removing a system call (thread_tcb_set())
that's already unused for quite some time now, but was only left intact
to serve as a placeholder. Sync in the new system call table that uses
alphabetic sorting of system calls.
Obtained from: https://github.com/NuxiNL/cloudabi
add the new "-d" flag from D1626.
The man page will be updated in a subsequent commit.
Submitted by: will (earlier version)
Reviewed by: ken
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D1626
It was unlinking the target even though it uses rename(2) which already
effectively does that. -S is intended to not unlink(2) the target first.
MFC after: 1 week
Reviewed by: jhb
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7452
With both of these flags, the backup was created via rename(dest, backup)
followed by rename(tmp, dest). This left the destination file missing
for a moment which contradicts the point of -S.
This fixes a race with installworld where PRECIOUSPROG and PRECIOUSLIB
files (which use -S for installation) would briefly be missing. In the
case of installing rtld with parallel installworld it could render an
error due to not having rtld present to run install/cp in another
process.
Reported by: jhb
Reviewed by: jhb
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7451
This is a minor nit after r289391 made all installations to a directory always
end in a trailing '/'.
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
removing CFLAGS+= -static
`CFLAGS+= -static` was a carryover from pre-r289195 with
usr.bin/tar/test/Makefile that should have been specified in LDFLAGS
There doesn't seem to be an apparent need for static compilation
of the test binaries.
Differential Revision: https://reviews.freebsd.org/D7430
MFC after: 1 week
Obtained-from: opBSD (418a491eed20d2603ddd1f1bd92c2c0d95094002)
Submitted by: op
Sponsored by: EMC / Isilon Storage Division
2 extra options not available neither on other BSD nor in GNU sdiff:
--diff-pid and --pipe-fd were present in the SoC code, none were usable
Just remove it
Add -sac (space after cast) and -nsac options.
These control whether space character is put after a cast operator or not.
Default is -nsac.
Add -U option for providing a file containing list of types.
This is needed for properly deciding which asterisks denote unary
operation and which denote binary.
These come from PostgreSQL.
Reference:
84b00e3d4649c52cf383
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
trussinfo->curthread must be initialized before calling enter_syscall(),
it is used by t->proc->abi->fetch_args().
Without that truss is segfaulting and the attached program also crash.
Submitted by: Nikita Kozlov (nikita@gandi.net)
Reviewed by: jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D7399
or "+" (these are invalid, because there is no preceding operand).
When bsdgrep attempts to emulate GNU grep in discarding and ignoring the
invalid ? or + operators, some later logic in tre_compile_fast() goes
beyond the end of the buffer, leading to a crash.
Fix this by bailing out, and reporting a bad pattern instead.
Reported by: Steve Kargl
MFC after: 1 week
While big, the change was meant to have no effect on behavior and instead
so far we have found two regressions: one in the etcupdate tests and
another one in the games/openttd port[1].
Revert to a known working state. We will likely have to split the patch in
functional parts before bringing back the changes.
PR: 195929
Reported by: danfe, madpilot [1]
For now maintain the local style in this file.
Reviewed by: jilles
Reference:
9099a9f17b
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
clang-analyzer complained that eqin() sets file-scoped pointer param_start
to point into char buffer defined in scan_profile(), and once
scan_profile() exits, param_start is a "dangling reference". param_start
was never used afterwards, but it's cleaner to move it to set_option()
which is the only branch where param_start is needed.
Reference:
ab0e44e5da
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
It's pr_comment.c that should decide whether to put a "star comment
continuation" or not. This duplicates code a bit, but it simplifies
pr_comment() at the same time since pr_comment() no longer has to "signal"
whether a star continuation is needed or not.
This change requires indent(1) to not wrap comment lines that lack a blank
character, but I think it's for the better if you look at cases when that
happens (mostly long URIs and file system paths, which arguably shouldn't
be wrapped).
It also fixes two bugs:
1. Cases where asterisk is a part of the comment's content (like in "*we*
are the champions") and happens to appear at the beginning of the line,
misleading dump_line() into thinking that this is part of the star comment
continuation, leading to misalignment.
2. Cases where blank starred lines had three too many characters on the
line when wrapped.
Reference:
3b41ee78aa
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
After a blank line was printed (to separate paragraphs in comments), the
next line was sometimes wrapped to the column at which the previous
non-empty line ended. The fix is to reset the last blank pointer (last_bl)
on newline.
References:
345663c07a
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
Modify count_spaces() to take a third parameter "end" that will make the
function return when the end is reached. This lets the caller pass a
pointer to non nul-terminated sequence of characters. Rename
count_spaces() to count_spaces_until() and reinstate count_spaces(), this
time based on count_spaces_until().
Use count_spaces_until() to recalculate current column when going through
a comment just before the fragment which decides if current line of the
comment should be wrapped. This move simplifies this code by eliminating
the need for keeping the column counter up to date every time e_com is
advanced and also reduces spread of code that has to know how many columns
a tab will produce.
Deduplicate code that decided if a comment needs a blank line at the top.
References:
d9fa3b481527185b4b33
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
The original indent(1) described unix-style comments as similar to box
comments, except the first non-blank character on each line is lined up
with the '*' of the "/*" which appears on a line by itself.
The code has been turned off for ages and -sc/-nsc make it even
less relevant.
Reference:
89c5fe2c56
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
'\n' was specifically added to -e arguments prior to r303047. Restore
historical behavior which in turn fixes usr.sbin/etcupdate/preworld_test:main .
The fix is being committed to address the issue in the short term and may be
iterated upon as noted in bug 211399
Discussed with: mi, pfg
Differential Revision: https://reviews.freebsd.org/D7368
PR: 195929, 211399 [*]
MFC after: 18 days
X-MFC with: r303047
Reported by: Jenkins
Sponsored by: EMC / Isilon Storage Division
Also increase the stack size still keeping a conservative value of 256.
This is based on a similar changes done for PostgreSQL which instead
uses a stack size of 1000.
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak (with changes)
This fixes a very visible issue that may be hidden by some indent.pro
settings as in the example from FreeBSD's /usr/share.
From Piotr's log:
____
To prevent losing tabs from indentation in declarations, FreeBSD indent's
r125624 added code for the most common case when it's an identifier that
is indented, but didn't do anything with the original code that did the
same for any other cases. The other cases are: lparens (function pointer
declaration), asterisks (pointer declaration), stray semicolons, and
commas leading identifiers instead of trailing them.
Use the code added in r125624 (and improved in later commits) to write a
new function indent_declaration() and use it in all places that meant to
indent declarations. In order to indent only once per line, reuse existing
ps.dumped_decl_indent variable that was only used when formatting for
troff (-troff) until now.
____
Reference:
ddd263db2a
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Submitted by: Piotr Stefaniak
strchr(3) returns a pointer not a boolean.
Attempt to make the style somewhat more ocnsistent with what indent
had before recent changes.
Pointed out by: bde
Remove the excessive braces from r303485 and align the comments to the
right as done in the rest of the code. This is not nice but there is no
clear way to make it nice (and KNF).
Pointed out by: bde
Actually this just brings back r303487 with the correct commit log.
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Obtained from: Piotr Stefaniak
This piece of code removed tabs and space characters from after colons
that follow labels by decrementing the e_lab (end of label) "pointer"
which is later used to calculate the width of the string that fprintf()
puts into "output". But pad_output() gets the length from the actual
string, so it miscalculated what the current column is.
Fixed by putting a string terminator at the e_lab "pointer".
Differential Revision: https://reviews.freebsd.org/D6966
(Partial)
Obtained from: Piotr Stefaniak
indent(1) simply wasn't taught that "else" may be followed by a comment
without any opening brace anywhere on the line, so it was very confused
in such cases.
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Obtained from: Piotr Stefaniak
last_bl is a char pointer that tracks the last blank character in a
comment, which is used for wrapping long comment lines. Since the
underlying array may be reallocated, make sure last_bl is up to date when
that happens.
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Obtained from: Piotr Stefaniak
dump_line() requires s_code to be a string, because it will call count_spaces().
Differential Revision: https://reviews.freebsd.org/D6966 (Partial)
Obtained from: Piotr Stefaniak
Pull a copy of the filename string before calling basename(). Change the
loop to not return on its own, so we can put a free() statement at the
bottom.
POSIX allows these functions to modify their input buffer, so that they
have storage for the return value. Pull copies of the filename before
calling these utility functions.
which is more efficient.
Note that for now we do not create a separate library for libdivsufsort
because it's not used anywhere else.
Obtained from: Chromium
MFC after: 2 months
A follow-up to r303099, D7255. Basically, apply the exact same change, with
the exact same rationale, to gcore. gcore's elfcore.c is largely a clone of
the kernel imgact_elf coredump facility.
Reviewed by: emaste (earlier version, not substantially different)
Requested by: jhb
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7265
When threads were added to the kernel, the pr_pid member of the
NT_PRSTATUS note was repurposed to store LWP IDs instead of process
IDs. However, the process ID was no longer recorded in core dumps.
This change adds a pr_pid field to prpsinfo (NT_PRSINFO). Rather than
bumping the prpsinfo version number, note parsers can use the note's
payload size to determine if pr_pid is present.
Reviewed by: kib, emaste (older version)
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D7117
This fixes a bug with link local addresses. This will require and
upcoming change in the kernel to bring SCTP to the same behaviour
as UDP and TCP.
MFC after: 3 days
with the corresponding entry in the table header.
r295136 increased the value width from 14 to 32 without the corresponding
change to the table header. This commit adds the change to the table
header width.
MFC after: 3 days
Fill in pr_psargs in the NT_PRSINFO ELF core dump note with command
line arguments.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D7116
Instead of changing the whole course to another POSIX-permitted way
for consistency and uniformity I decide to completely ignore missing
regex fucntionality and focus on fixing bugs in what we have now,
too many small obstacles we have choicing other way, counting ports.
Corresponding libc changes are backed out in r302824.
- Use varargs properly
- Use pid_t
- Better handling of error conditions on forked jobs.
- Some prototype and warning cleanups.
Obtained from: NetBSD (some originaly from OpenBSD)
Generally the first argument in calloc is supposed to stand for a count
and the second for a size. Try to make that consistent. While here,
attempt to make some use of the overflow detection capability in
calloc(3).
remove collation support for a-z ranges here too.
It was implemented for single byte locales only in any case.
2) Reduce [Cc]flag loop to WCHAR_MAX, WINT_MAX here includes WEOF which is
not a character.
3) Optimize [Cc]flag case: don't repeatedly add the last character of
string2 to squeeze cset when string2 reach its EOS state.
4) Reflect in the manpage that [=equiv=] is implemented for single
byte locales only.
Found by the Debian reproducible builds effort -- Debian bug 830259.
Reported by: Reiner Herrmann <reiner@reiner-h.de>
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
The time in the output files was ahead by 3 hours on i386. Fix the incorrect
offset.
Differential Revision: https://reviews.freebsd.org/D7079 (as part of a larger diff)
MFC after: 1 week
PR: 210329
Reported by: asomers
Approved by: re (gjb)
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
obtained output from lastcomm instead of just printing out a summary, e.g.
"they differed".
This will make failures with results more apparent when running kyua debug,
kyua report-html, etc.
Differential Revision: https://reviews.freebsd.org/D7079 (as part of a larger diff)
MFC after: 1 week
Approved by: re (gjb)
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
usr.bin/lastcom/tests/Makefile
usr.sbin/sa/tests/Makefile
Set allow_architectures appropriately. These tests depend on golden
files that must be generated for each architecture, and haven't yet
been generated for all of them.
PR: 210566
PR: 204154
Reviewed by: ngie
Approved by: re (gjb)
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6960