18528 Commits

Author SHA1 Message Date
Allan Jude
9f67bd210a Add explicit_bzero() to libstand, and switch GELIBoot to using it
Make sure sensitive memory is properly cleared when finished with it

Reviewed by:	Eric McCorkle <eric@metricspace.net>
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9798
2017-03-31 00:04:32 +00:00
Tycho Nightingale
a4ba650262 Reorder includes to placate MIPS build.
Reported by:	markj
Sponsored by:	Dell EMC Isilon
2017-03-30 20:42:16 +00:00
Toomas Soome
cb83812c70 Remove OLD_NFSV2 from loader and libstand
We have parallel NFSv2 and NFSv3 reader implementations, only configurable at
build time, defaulting to v3. Remove v2.

Reviewed by:	allanjude
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D10206
2017-03-30 19:32:25 +00:00
Tycho Nightingale
86be94fca3 Add support for capturing 'struct ptrace_lwpinfo' for signals
resulting in a process dumping core in the corefile.

Also extend procstat to view select members of 'struct ptrace_lwpinfo'
from the contents of the note.

Sponsored by:	Dell EMC Isilon
2017-03-30 18:21:36 +00:00
Konstantin Belousov
9851b3400a Implement the memset_s(3) function as specified by the C11 ISO/IEC
9899:2011 Appendix K 3.7.4.1.

Other needed supporting types, defines and constraint_handler
infrastructure is added as specified in the C11 spec.

Submitted by:	Tom Rix <trix@juniper.net>
Sponsored by:	Juniper Networks
Discussed with:	ed
MFC after:	3 weeks
Differential revision:	https://reviews.freebsd.org/D9903
Differential revision:	https://reviews.freebsd.org/D10161
2017-03-30 04:57:26 +00:00
Ed Maste
e3e9c656c9 libc: remove use of archaic __P() macro
Sponsored by:	The FreeBSD Foundation
2017-03-30 01:03:07 +00:00
Enji Cooper
33193da27e Fix up r316081 by using nitems(cam_errbuf) instead of sizeof(cam_errbuf)
Part of my original reasoning as far as converting the snprintf
calls was to permit switching over from char[] to wchar_t[] in the
future, as well as futureproof in case cam_errbuf's size was ever
changed.

Unfortunately, my approach was bugged because it conflated the
number of items with the size of the buffer, instead of the number of
elements being a fixed size != 1 byte.

Use nitems(..) instead which counts the quantity of items of a specific
type, as opposed to an unqualified sizeof(..) (which assumes that the
number of characters is equal to the buffer size).

MFC after:	2 months
Noted by:	cem
Sponsored by:	Dell EMC Isilon
2017-03-29 08:38:31 +00:00
Enji Cooper
c9bac21cc9 libcam: use __func__ instead of hardcoding the function name as func_name
MFC after:	3 days
Tested with:	`cam_device_copy(NULL, NULL)` // ;)..
Sponsored by:	Dell EMC Isilon
2017-03-28 22:32:11 +00:00
Enji Cooper
b0a39ef04d Apply r315689 to lib/libgcc_s as well to unbreak the gcc xtoolchain build
lib/libgcc_s consumes lib/libcompiler_rt/Makefile*. The NO_WERROR.gcc in
lib/libcompiler_rt/Makefile doesn't seem to have made a difference in being
able to build this, so sprinkle NO_WERROR.gcc here as well.

MFC after:	3 days
Reported by:	Jenkins (FreeBSD-head-amd64-gcc)
Tested with:	amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Sponsored by:	Dell EMC Isilon
2017-03-28 19:01:01 +00:00
Enji Cooper
10f81a9b3b lib/libkvm: start adding basic tests for kvm(3)
- kvm_close: add a testcase to verify support for errno = EINVAL / -1
  (see D10065) when kd == NULL is provided to the libcall.
- kvm_geterr:
-- Add a negative testcase for kd == NULL returning "" (see D10022).
-- Add two positive testcases:
--- test the error case using kvm_write on a O_RDONLY descriptor.
--- test the "no error" case using kvm_read(3) and kvm_nlist(3) as
    helper routines and by injecting a bogus error message via
    _kvm_err (an internal API) _kvm_err was used as there isn't a
    formalized way to clear the error output, and because
    kvm_nlist always returns ENOENT with the NULL terminator today.
- kvm_open, kvm_open2:
-- Add some basic negative tests for kvm_open(3) and kvm_open2(3).
   Testing positive cases with a specific
   `corefile`/`execfile`/`resolver` requires more work and would require
   user intervention today in order to reliably test this out.

Reviewed by:	markj
MFC after:	2 months
Sponsored by:	Dell EMC Isilon
Differential Revision:	D10024
2017-03-28 17:37:49 +00:00
Martin Matuska
a7f7e457db MFV r316083,316094:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
- constify variables in several places
- unify platform ACL code in a single source file
- fix unused variable if compiling on FreeBSD without NFSv4 ACL support

MFC after:	3 days
X-MFC-with:	315636, 315876
2017-03-28 10:39:17 +00:00
Enji Cooper
7b7820a8e4 Use sizeof(cam_errbuf) instead of CAM_ERRBUF_SIZE in snprintf calls
Reindent snprintf calls' arguments to match style(9) guidelines with
respect to indentation.

MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-03-28 08:24:16 +00:00
Enji Cooper
81321d0a4f Fix some localized style(9) issues and reword CAM_ERRBUF_SIZE description
The CAM_ERRBUF_SIZE description rewording fixes a typo by proxy.

MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-03-28 08:19:51 +00:00
Adrian Chadd
f906f2025b [private] add libevent1 and sqlite3 include files for our private libraries.
This, like including ucl private headers, is useful for writing new base
system tools.  Yes, anyone using these libraries shouldn't assume ABI
compatibility.

Reviewed by:	bdrewery, bapt
Differential Revision:	https://reviews.freebsd.org/D10123
2017-03-27 22:34:43 +00:00
Robert Watson
5e386598a6 Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
  query it, allowing to set the kernel's maximum audit queue length.
- Add support to push a mapping between audit event names and event numbers
  into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
  auditon(2) operations.
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
  system calls including those for asynchronous I/O, thread management, SCTP,
  jails, multi-FIB support, and misc. POSIX interfaces such as
  posix_fallocate(2) and posix_fadvise(2).
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
  run sandboxed.
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).

Many thanks to Christian Brueffer for producing the OpenBSM release and
importing/tagging it in the vendor branch.  This release will allow improved
auditing of a range of new FreeBSD functionality, as well as non-traditional
events (e.g., fine-grained I/O auditing) not required by the Orange Book or
Common Criteria.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, AFRL
MFC after:	3 weeks
2017-03-26 21:14:49 +00:00
Michal Meloun
6fc9f4dbc8 Preserve VFP state across signal delivery.
We don't have enouch space to store full VFP context within mcontext
stucture. Due to this:
 - follow i386/amd64 way and store VFP state outside of the mcontext_t
   but point to it. Use the size of VFP state structure as an 'magic'
   indicator of the saved VFP state presence.
 - teach set_mcontext() about this external storage.
 - for signal delivery, store VFP state to expanded 'struct sigframe'.

Submited by:	Andrew Gierth (initial version)
PR:		217611
MFC after:	2 weeks
2017-03-26 08:36:56 +00:00
Michal Meloun
dfe5f22fd7 Cleanup structures related to VFP and/or mcontext_t.
- in mcontext_t, rename newer used 'union __vfp' to equaly sized 'mc_spare'.
  Space allocated by 'union __vfp' is too small and cannot hold full
  VFP context.
- move structures defined in fp.h to more appropriate headers.
- remove all unused VFP structures.

MFC after:	2 weeks
2017-03-24 11:46:49 +00:00
Martin Matuska
e46d471413 MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with:	315636
2017-03-24 00:02:12 +00:00
Robert Watson
9612674f64 In libcasper, prefer to send a function index or service name over the IPC
channel to a zygote process, rather than sending a function pointer or
service pointer.  This avoids transfering pointers between address spaces,
which while robust in this case (due to the zygote being forked() from the
parent) is not generally a good idea, especially in the presence of
increasingly popular control-flow integrity and pointer protection
mitigation schemes.  With this change, ping(8) and other sandboxed tools
using libcasper for DNS resolution now work on architectures with tagged
memory again.

Reviewed by:	oshogbo
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2017-03-23 14:35:21 +00:00
Warner Losh
d780e0595c Fix a coverity-discovered NULL pointer dereference.
*** CID 1372598:  Null pointer dereferences  (FORWARD_NULL)
/lib/libefivar/efivar-dp-parse.c: 3612 in UefiDevicePathLibConvertTextToDeviceNode()
   Dereferencing null pointer "FromText".

When ported from Tiano core, I commented this out with an ifdef. That
was in error because we're supposed to fallback to a filepath when
nothing else patches. Instead, restore the original code, but fix
DevPathFromTextFilePath to cope with the conversion to narrow
strings. Also, fix the off-by-one error in the size of the memory it
allocates.

The off by one error is documented in Tiano core bug
https://bugzilla.tianocore.org/show_bug.cgi?id=441

CID: 1372598
Sponsored by: Netflix
2017-03-23 02:30:57 +00:00
Warner Losh
8af6a2c64e Define StrCmp in a funky was to be bug-compatible with EDK2 code.
Paper over a coverity issue:

*** CID 1372592:  API usage errors  (BAD_COMPARE)
/lib/libefivar/efivar-dp-parse.c: 2723 in DevPathFromTextiSCSI()
   Truncating the result of "strcmp" to "unsigned short" may cause it
   to be misinterpreted as 0. Note that "strcmp" may return an integer
   besides -1, 0, or 1.

We do this by making StrCmp return either 0 or 1 for equal or
not-equal.  There's a bug in the DevPathFromTextiSCSI cast of the
return value and this workaround will fix it without breaking other
users of StrCmp (all of which test for == 0).

https://bugzilla.tianocore.org/show_bug.cgi?id=440 has been filed
upstream to log this issue.

CID: 1372592
Sponsored by: Netflix
2017-03-23 02:30:52 +00:00
Warner Losh
62fd382c43 Simplify the code a little.
Submitted by: rppokala
Sponsored by: Netflix
2017-03-22 20:51:52 +00:00
Enji Cooper
c25e946c34 Unbreak world by adding sys/stat.h for stat(2)
X-MFC with:	r315733
Reported by:	O. Hartmann <ohartmann@walstatt.org>
Sponsored by:	Dell EMC Isilon
2017-03-22 19:23:13 +00:00
Enji Cooper
eea7b35fb9 style(9): sort #includes
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-22 19:17:13 +00:00
Warner Losh
37b5835028 Impelemnt ttys onifexists in init.
Implement a new init(8) option in /etc/ttys. If this option is present
on the entry in /etc/ttys, the entry will be active if and only if it
exists.  If the name starts with a '/', it will be considered an
absolute path. If not, it will be a path relative to /dev.

This allows one to turn off video console getty that aren't present
(while running a getty on them even when they aren't the system
console). Likewise with serial ports.

It differs from onifconsole in only requiring the device exist rather
than it be listed as one of the system consoles.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D10037
2017-03-22 19:00:41 +00:00
Mark Johnston
643fc6b26f Add initializations missed in r315728.
X-MFC With:	r315728
2017-03-22 18:33:29 +00:00
Mark Johnston
8440c5e621 Avoid accessing an uninitialized variable when vfork() fails.
Reported by:	Miles Ohlrich <miles.ohlrich@isilon.com>
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-22 18:31:44 +00:00
Mark Johnston
48da4e2024 Avoid double-closing an fd if elf_begin() fails.
Reported by:	Miles Ohlrich <miles.ohlrich@isilon.com>
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-22 18:14:55 +00:00
Conrad Meyer
0a8ff54eb1 scandir: Fix NULL dereference, uninitialized value use in error case
If opendir succeeds but malloc fails, numitems was used uninitialized in
error handling under the 'fail' label.  If it happened to have a non-zero
value, the NULL 'names' was dereferenced.

Reported by:	Coverity
CIDs:		1329566, 1372625
Sponsored by:	Dell EMC Isilon
2017-03-22 17:37:47 +00:00
Dag-Erling Smørgrav
3869fb7832 Add options to capture stdout and / or stderr and pass the output on
to the user.  There is currently no buffering, so the result may be
somewhat unpredictable if the conversation function adds a newline,
like openpam_ttyconv() does.

Clean up and simplify the environment handling code, which triggered
an inexplicable bug on some systems.

MFC after:	2 weeks
2017-03-22 13:16:04 +00:00
Enji Cooper
25e76a1d57 libkvm: bump WARNS to 6 after recent commits done to resolve warnings issues
MFC after:	1 month
Tested with:	make tinderbox; clang 4.0.0 (amd64), gcc 4.2.1/6.3.0 (amd64)
Sponsored by:	Dell EMC Isilon
2017-03-22 02:44:39 +00:00
Enji Cooper
881b0edb8f libkvm: fix warning issues post-r291406
- Fix -Wunused warnings with *_native detection handlers by marking `kd`
  __unused, except with arm/mips, where a slightly more complicated scheme
  is required to handle the native case vs the non-native case.
- Fix -Wmissing-variable-declarations warnings by marking struct kvm_arch
  objects static.

Differential Revision:	D10071
MFC after:	1 week
Reviewed by:	vangyzen
Tested with:	WIP test code (D10024) // kgdb7121 (i386 crash/kernel on amd64)
Sponsored by:	Dell EMC Isilon
2017-03-22 02:42:00 +00:00
Eric van Gyzen
16fe28bb9f clock_gettime.2: add some clock IDs
Add the CLOCK_PROCESS_CPUTIME_ID and CLOCK_THREAD_CPUTIME_ID clock_id
values to the clock_gettime(2) man page.  Reformat the excessively
long paragraph (sentence!) into a tag list.

Reported by:	jilles in https://reviews.freebsd.org/D10020
MFC after:	3 days
Sponsored by:	Dell EMC
2017-03-22 00:50:36 +00:00
Dimitry Andric
d006dde2fd Gcc has incompatible internal declarations for __divtc3 and __multc3 as
defined in compiler-rt, but it has no option to silence its warning, so
make gcc warnings for libcompiler_rt non-fatal.

Noticed by:	lwhsu
MFC after:	3 days
2017-03-21 21:07:37 +00:00
Enji Cooper
0f5425a4fc kvm_write: fix -Wcast-qual warning in pointer arithmetic argument
Cast buf to `const char *` when doing arithmetic operation to match
`cp`'s type [1].

Differential Revision:	D10082
MFC after:	1 week
Reviewed by:	cem (earlier diff), vangyzen
Submitted by:	cem [1]
Sponsored by:	Dell EMC Isilon
2017-03-21 20:48:36 +00:00
Enji Cooper
279e2af5d1 Document sbuf_hexdump(9) in just sbuf(9)
- Remove duplicate references to sbuf_hexdump(9) from hexdump(3).
  sbuf_hexdump(9) already pointed back to hexdump(3) for implementation
  details.
- Refer to sbuf_hexdump(9) instead of sbuf(9) for completeness

MFC after:	1 week
Reviewed by:	vangyzen (earlier diff)
Sponsored by:	Dell EMC Isilon
Differential Revision:	D9912
2017-03-21 19:10:07 +00:00
Enji Cooper
7d0a282a12 kvm_geterr: handle kd == NULL in a deterministic/graceful manner
Return a NUL string instead of just working by accident with kvm_geterr(3)
when MALLOC_PRODUCTION is disabled (I didn't confirm the MALLOC_PRODUCTION
being enabled path).

Document the new explicit return behavior for kvm_geterr(3), as well
as the previous implicit behavior, i.e., the buffer attached to
returned via kvm_geterr(3) would be empty if a previous error hadn't been
stored in `kd`.

Differential Revision:	D10022
MFC after:	1 week
Reviewed by:	vangyzen
Sponsored by:	Dell EMC Isilon
2017-03-21 19:02:17 +00:00
Gleb Smirnoff
cc65eb4e79 Hide struct inpcb, struct tcpcb from the userland.
This is a painful change, but it is needed.  On the one hand, we avoid
modifying them, and this slows down some ideas, on the other hand we still
eventually modify them and tools like netstat(1) never work on next version of
FreeBSD.  We maintain a ton of spares in them, and we already got some ifdef
hell at the end of tcpcb.

Details:
- Hide struct inpcb, struct tcpcb under _KERNEL || _WANT_FOO.
- Make struct xinpcb, struct xtcpcb pure API structures, not including
  kernel structures inpcb and tcpcb inside.  Export into these structures
  the fields from inpcb and tcpcb that are known to be used, and put there
  a ton of spare space.
- Make kernel and userland utilities compilable after these changes.
- Bump __FreeBSD_version.

Reviewed by:	rrs, gnn
Differential Revision:	D10018
2017-03-21 06:39:49 +00:00
Toomas Soome
c1e968fb62 loader: verify the value from dhcp.interface-mtu and use snprintf to set mtu
Since the uset can set dhcp.interface-mtu, we need to try to validate the
value. So we verify if the conversion to int is successful and we will not
allow to set value greater than max IPv4 packet size.

Also use snprintf for safety.

Reviewed by:	allanjude, bapt
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D8492
2017-03-20 22:20:17 +00:00
Toomas Soome
7404367b95 libstand: verify value provided by nfs.read_size
Implement simple value check and feedback.

Reviewed by:	allanjude, rpokala
Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D8491
2017-03-20 19:16:28 +00:00
Enji Cooper
54fc00f7f9 Handle kd == NULL gracefully with kvm_close(3)
Don't segfault in kvm_close(3) if provided a NULL pointer. Instead, return
-1 and set errno to EINVAL.

Document this new behavior explicitly.

MFC after:	1 week
Reviewed by:	vangyzen
Sponsored by:	Dell EMC Isilon
Differential Revision:	D10065
2017-03-20 18:28:22 +00:00
Eric van Gyzen
f5b9907c86 Port the getaddrinfo(1) utility from NetBSD
Submitted by:	Lohith Bellad <lohithbsd@gmail.com>
Reviewed by:	hiren (earlier rev), ae
Obtained from:	NetBSD
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D9365
2017-03-20 16:44:55 +00:00
Enji Cooper
4056f95699 libcam: NULL out freed ccb.cdm.matches and ccb.cdm.patterns pointers
This is being done to avoid potential double frees with the values.

Differential Revision:	D9970
MFC after:	1 week
Reviewed by:	imp
Sponsored by:	Dell EMC Isilon
2017-03-20 16:30:02 +00:00
Martin Matuska
4657548d18 MFV r315633, 315635:
Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
  PR 867 (bsdcpio): show numeric uid/gid when names are not found
  PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
  PR 880 (pax): Fix handling of "size" pax header keyword
  PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
  OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
  Break ACL read/write code into platform-specific source files
  Unbreak static dependency on libbz2

MFC after:	1 week
2017-03-20 13:02:27 +00:00
Enji Cooper
fd752a71ce Don't build/install lib/libc/io_test anymore
The failing test requires the zh_TW.Big5 locale, which is no longer
installed as of r315568.

Add a note/pointer just in case someone considers re-adding it.

Reported by:	Jenkins
Sponsored by:	Dell EMC Isilon
2017-03-20 03:50:22 +00:00
Xin LI
73065ae826 Make space style consistent with earlier entries.
X-MFC with:	r315526
2017-03-20 03:47:15 +00:00
Enji Cooper
4937896a10 kvm_close(3): return error instead of blindly returning 0
`error` is the accumulated error from previous close(2) calls.

This bug has been present since the libcall's import from 4.4BSD
Lite (r1573).

MFC after:	1 week
Noticed by:	vangyzen (D10022)
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
2017-03-20 02:47:28 +00:00
Enji Cooper
3eb11185a6 kvm_open2(3): remove '*' when describing addr argument for resolver
As noted by vangyzen, with a similar issue in D10022, the pointer portion of
the .Fa macro call is unnecessary, so remove the '*'.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-20 01:19:04 +00:00
Enji Cooper
f72823da48 Remove a commented out line before kvm_getprocs(3)
The commented out return value for kvm_getprocs(3) was misleading -- the
uncommented line is correct.

No content change

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-19 23:04:58 +00:00
Eric van Gyzen
3f8455b090 Add clock_nanosleep()
Add a clock_nanosleep() syscall, as specified by POSIX.
Make nanosleep() a wrapper around it.

Attach the clock_nanosleep test from NetBSD. Adjust it for the
FreeBSD behavior of updating rmtp only when interrupted by a signal.
I believe this to be POSIX-compliant, since POSIX mentions the rmtp
parameter only in the paragraph about EINTR. This is also what
Linux does. (NetBSD updates rmtp unconditionally.)

Copy the whole nanosleep.2 man page from NetBSD because it is complete
and closely resembles the POSIX description. Edit, polish, and reword it
a bit, being sure to keep any relevant text from the FreeBSD page.

Reviewed by:	kib, ngie, jilles
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D10020
2017-03-19 00:51:12 +00:00