Historically we exposed _getlogin as a private symbol on a per-arch basis
(except on aarch64 and riscv) for no obvious reason. We now need to
expose it for libc's use so remove the special case from
makesyscalls.lua and expose it in the generated syscalls.map.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D44116
Rather than having PSEUDO be a list of object files when all consumers
want syscall names or source files, make it a list of bare syscall
names like INTERPOSED (which is built on PSEUDO).
Improve document of variables developers can set.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D44108
Consolidate in preparation for further cleanup.
Also relocate the sole NOASM entry.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D44107
Every PSEUDO entry (_foo.o) has a corresponding NOASM entry (foo.o) to
suppress its addition to ASM. Check PSEUDO instead when adding entries
to ASM. No functional change.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D44106
It's a thin wrapper on cap_getmode() implemented in libc, not a system
call so the symbol should have been exposed by libc/gen/Symbol.map
alongside the implementation.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D44110
Otherwise on success it ontain the return value of asprintf.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Fixes: 2d2950c889 ("pam_xdg: Check asprintf return value")
This ensure that the XDG_RUNTIME_DIR is always created and the environment
variable is present which is a must for any wayland user (at least).
The only "cost" of it is a directory is created and unused.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D44012
Sponsored by: Beckhoff Automation GmbH & Co. KG
This is a module to setup the XDG directories and environment variables.
For now the only usage is to have a XDG_RUNTIME_DIR environment setup at
user login.
All other environment variable have a default fallback so no need to export
them in this module.
The directory is created according to the XDG Base directory specification.
The default base directory is /var/run/xdg/<username> but can be configured
using the runtime_dir=<dir> module option.
According to the spec the directory *must* not survive a reboot so adding
var_run_enable="YES" to rc.conf is highly recommanded.
Reviewed by: des, pauamma (manpages)
Differential Revision: https://reviews.freebsd.org/D44011
Sponsored by: Beckhoff Automation GmbH & Co. KG
Despite looking trivial, it requires proper split of exports from libsys
and libc, proper filtering work in rtld, and operational libsys.
Reviewed by: emaste, imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44075
Move functions back to libc/gen sources; they are only versioned from
libc and not libsys.
Access libsys interposing slots using __libsys_interposing_slot()
instead of direct __libsys_interposing array dereference, which cannot
work from libc.
Reported by: glebius
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D44042
so that libc/libthr do not preempt libsys symbols, esp. errno-related.
The issue is, if libsys is linked with DT_BIND_NOW flag, and then loaded
as filter, rtld tries to relocate its PLT symbols immediately, not as
filter. There, during symbol lookup, rtld finds filtering symbols in
libc, and since libc is in loading filters mode, the resolution stops
there. The end result is that libsys links to libc.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D44027
Before, the 'errno' itself was defined in libc and was referenced by
libsys, causing undesired dependency.
Reviewed by: brooks, imp
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D43985
that existed in auxv.c, use simple bool gate instead. This leaves a
small window if two threads try to call _elf_aux_info(3) simultaneously.
The situation is safe because auxv parsing is really idempotent. The
parsed data is the same, and we store atomic types (int/long/ptr) so
double-init does not matter.
Reviewed by: brooks, imp
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D43985
To allow gcc -m32 to work, link libc and libthr with --rpath-/usr/lib32.
When called with -m32, gcc is currently unable to communicate to
the bfd linker that it should look in /usr/lib32 to resolve needed (as
opposed to explicitly linked) libraries so we need to provide a hint.
See also: https://sourceware.org/bugzilla/show_bug.cgi?id=31395
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43910
Continue to filter the public interface (elf_aux_info()), but entierly
relocate the private interfaces (_elf_aux_info(),
__init_elf_aux_vector(), and __elf_aux_vector) to libsys.
This ensures that rtld updates the correct (only) copy of
__elf_aux_vector. After 968a18975a
updates were confused and __getosreldate was failing, causing
the system to fall back to compat compat12 syscalls in some cases.
Return to explicitly linking libc to libsys and link libthr with libc
and libsys (in that order).
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43910
Commit de6feefdb7 limited the amount of debuginfo generated for clang
and other llvm-related executables. This was done to save disk space and
memory during building, but it makes debugging any of these executables
much harder.
Add a new src.conf(5) setting, WITH_LLVM_FULL_DEBUGINFO, to generate
full debuginfo instead. This is off by default, but could for example be
enabled for release builds or snapshots, so llvm executables are easier
to debug.
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43839
Add lua bindings to hashing functions. sha256 is available. sha256.new
craetes a new object. sha256.update updates the digest. sha256.digest
returns the digest as a binary string and resets the
context. sha256.hexdigest returns the digest as a string of hex digits
and then resets the cotnext.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43872
Capability rights passed to cap_rights_* are not simple bitmaks and
cannot be ORed together in general (although it will work for certain
subsets of rights).
PR: 277057
Fixes: faaf43b2a7 ("fileargs: add tests")
Sponsored by: The FreeBSD Foundation
By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.
If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of
module_verbose=0
VE_VEBOSE=0
is sufficient to make the loader almost totally silent.
When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd
Also add better debugging output for is_verified and add_verify_status.
vectx handle compressed modules
When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.
Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc. This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.
Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)
interp.c: restrict interactive input
Apply the same restrictions to interactive input as for
unverified conf and hints files.
Use version.veriexec when LOADER_VERIEXEC is yes
Reviewed by: kevans
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43810
We have BASEPATH defined.
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Reviewed by: dev_submerge.ch, markj
Differential Revision: https://reviews.freebsd.org/D43812
This reverts commit 470f9f13de.
I need more time to figure out how to make this work correctly with
incremental builds, which it currently miserably fails on.
There is no reason anymore to not build these as PIE. Unfortunately
bsd.lib.mk does not allow for building _only_ PIE static libraries, so
lib/clang/Makefile.inc needs a kludge to work around that issue.
MFC after: 1 week
and use the current file offset instead.
Requested by: Vinícius dos Santos Oliveira <vini.ipsmaker@gmail.com>
Reviewed by: jhb
Discussed with: asomers
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43448
In initial hacking I'd bluntly disabled manpage installation in libsys,
then later disabled them for libc, but forgot to fix the former leading
to no syscall manapages.
PR: 276887
Reported by: Martin Birgmeier <d8zNeCFG@aon.at>
The allows gcc + GNU ld to link programs with -m32 -pthread without
erroring out due to _umtx_op_err being undefined (unless -lsys is added
to the link command.
We now always link _umtx_op_err into libthr (not just when it's static)
and filter it with libsys so we call that implementation. The dynamic
implementations (at least the assembly ones) should likely become stubs
as a further refinement.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43783
We need to use libsys.so.7 so that we can work without /usr and because
we're bound a specific ABI.
Reported by: jtrc27, kib
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43772
At runtime, when rtld loads libc it will also load libsys. For each
symbol that is present in both, the libsys one will override the libc
one. It continues to be the case that program need only link against
libc (usually implicitly). The linkage to libsys is automatic.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
Declare in sys/umtx.h and implement in libsys. Explicitly link libthr
with libsys.
When building libthr static include _umtx_op_err so we don't break static
linkage with -lpthread.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
libsys provides the FreeBSD kernel interface (auxargs, system calls,
vdso). It can be linked directly for programs using a non-standard
libc and will later be linked as a filter library to libc providing
the actual system call implementation.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
We now export all _ and __sys_ prefixed syscalls stubs from libc and
libsys so that libsys can replace them.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
This is part of the interface to the kernel and some syscall wrappers
depend on it so move it there.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
auxv support requires _once(), but we don't want the libsys version
stomping on the libc version should they diverge in the future. We
could rename it entierly, but for now just hook it in via Makefile.sys.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
rfork_thread(3) is assembly that makes syscalls directly and uses
cerror so it belongs in libsys.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
libc/<arch>/sys/Makefile.inc -> libsys/<arch>/Makefile.sys.
Require that libsys/<arch>/Makefile.sys exist. At least for current
archtiectures, it's not possible for an architecture to not have and MD
syscall bits.
powerpcspe/Makefile.sys's structure means it had to be modified when moved
so rename detection won't work, but it has trivial contents so the
history is unimportant.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
These system call wrappers call interposed system calls in fairly
trivial ways. Move them over to libsys so all __libsys_interposer
consumers end up in libsys.
Also move recvmmsg and sendmmsg as they are documented with recv and
send.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
Remove core system call implementations and documentation to lib/libsys
and lib/libsys/<arch> from lib/libc/sys and lib/libc/<arch>/<sys>.
Update paths to allow libc to find them in their new home.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
System calls or their wrappers are now interposed by
__libsys_interposing with purely libc entries remaining in
__libc_interposing.
Use __libsys_interposing_slot in libthr to update __libsys_interposing,
but also make __libc_interposing_slot fall back to
__libsys_interposing_slot so an out of date libc has a chance of working
during updates.
Reviewed by: kib, emaste, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
If the caller didn't use jailparam_import() to fetch the parameter
value, an attempt to export it will trigger a segfault. Make it a bit
easier to figure out what's happening in this situation.
PR: 276809
Reviewed by: jamie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43732
The way the __fp_type_select macro uses the _Generic expression causes
gcc to throw a warning on valid code if the -Wconversion flag is used.
For example, consider the following program:
#include <math.h>
int main()
{
double x = 1.0;
isnan(x);
return 0;
}
which throws a warning:
$ gcc -Wconversion a.c
a.c:5:15: warning: conversion from 'double' to 'float' may change value [-Wfloat-conversion]
5 | isnan(x);
| ^
This happens because the functions are invoked inside of the _Generic.
Looking at the example of _Generic in the C11 specification, one sees
that the parameters are outside of the _Generic expression (see page 79
here: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf).
Reference: https://stackoverflow.com/a/68309379
Signed-off-by: Martin Oliveira <martin.oliveira@eideticom.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/841
Add missing documentation for sctp_sendv(3) and sctp_recvv(3).
Add a note that sctp_send(3), sctp_sendx(3) and sctp_recvmsg(3) are
deprecated by RFC 6458.
Add a STANDARDS section to all functions specified in RFC 6458 to
indicate their standards conformance.
MFC after: 2 weeks
Reviewed by: imp, bcr, kp, tuexen
Pull Request: https://github.com/freebsd/freebsd-src/pull/965
computejumps() moves g->charjump to a position relativ to the value of
CHAR_MIN. As such, g->charjump doesn't necessarily point to the address
actually allocated. While regfree() takes that into account, the low
memory handling in regcomp_internal() doesn't. Fix that by free'ing
the actually allocated address, as in regfree().
MFC After: 2 weeks
Reviewed by: imp,jrtc27
Pull Request: https://github.com/freebsd/freebsd-src/pull/692
Add _SYSCALL_BODY() macro which invokes the syscall via _SYCALL() and
calls cerror as required. Use to implement PSEUDO() and RSYSCALL().
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43058
Otherwise the lock upgrade performed by rtld's load_filtees() can result
in infinite recursion, wherein:
1. _rtld_bind() acquires the bind read lock,
2. the source DSO's filtees haven't been loaded yet, so the lock upgrade
in load_filtees() cause rtld to jump to _rtld_bind() and release the
bind lock,
3. _thr_rtld_lock_release() calls _thr_ast(), which calls thr_wake(),
which hasn't been resolved yet,
4. _rtld_bind() acquires the bind read lock in order to resolve
thr_wake(),
5. ...
See the linked pull request for an instance of this problem arising with
libsys. That particular instance is also worked around by commit
e7951d0b04.
Reported by: brooks
Reviewed by: kib
Pull Request: https://github.com/freebsd/freebsd-src/pull/908
MFC after: 1 week
Sponsored by: Innovate UK
__FreeBSD_version is recorded in *crt1.o and crti.o via crtbrand.o. Add
an explicit dependency to pick up __FreeBSD_version bumps.
Additional changes are required to fully plumb *crt1.o dependencies
through the build.
Reported by: bapt
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43417
This is an implementation detail which is likely to become irrelevant in
the future, as we move to not resetting the priority if the
corresponding capability is not present in the configuration file
('/etc/login.conf').
GitHub's code search and Google show no use of this public constant, and
it doesn't exist in OpenBSD and NetBSD.
So, remove this definition and its sole use in-tree.
PR: 276570 (exp-run)
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43609
This public constant has not been used in-tree since 1997 (this was
noticed while working on previous commit "setusercontext(): umask: Set
it only once (in the common case)").
Since it was an implementation detail and GitHub's code search and
Google show no use of this symbol today, simply remove it.
PR: 276570 (exp-run)
Reviewed by: emaste, kib (earlier version, then part of D40344)
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43608
Setting the process priority is done only when the current process'
effective UID corresponds to that for which context is to be set.
Consequently, setting priority is done with appropriate credentials and
will fail if the target user tries to raise it unduly via his
'~/.login_conf'.
PR: 271751
Reviewed by: kib, Andrew Gierth <andrew_tao173.riddles.org.uk>
Approved by: emaste (mentor)
MFC after: 3 days
Relnotes: yes
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40352
It indicates to the login.conf machinery (setusercontext() /
setclasscontext()) to leave priority alone, effectively inheriting it
from the parent process.
PR: 271749
Reviewed by: emaste, yuripv
Approved by: emaste (mentor)
MFC after: 3 days
Relnotes: yes
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40690
In preparation for setting priorities from '~/.login_conf' and to ease
reading of setusercontext().
No functional change.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40350
Priority is reset to 0 if not explicitly specified.
While here, be more explicit about what "Initial priority (nice) level"
means and document that it is possible to set real-time or idle class'
priorities with this capability.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40689
Polish the syslog messages to contain readily useful information.
Behavior of capability 'priority' is inconsistent with what is done for
all other contexts: 'umask', 'cpumask', resource limits, etc., where an
absence of capability means to inherit the value. It is currently
preserved for compatibility, but is subject to change on a future major
release.
Reviewed by: emaste, kib (older version)
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40349
Column "Notes" in fact only contains default values for capabilities, so
make this clear by renaming it to "Default".
Add a small introductory text mentioning it, and what an absence of
default value means (inheritance).
PR: 271748
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40347
Remove indentation by inverting the big 'if (lc)' and using 'return'.
Use explicit binary operators to produce booleans.
Reviewed by: emaste, kib, dchagin
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40346
'inherit' explicitly indicates that the umask should not be changed.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Relnotes: yes
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40687
The umask is simply left unchanged if no explicit value is specified in
the login class capabilities database.
PR: 271747
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40345
Simplify the code and make it more coherent (umask was the only context
setting not modified by setlogincontext() directly).
Preserve the current behavior of not changing the umask if none is
specified in the login class capabilities database, but without the
superfluous umask() dance. (The only exception to this is that
a special value no user is likely to input in the database now stands
for no specification.)
If some user has a 'umask' override in its '~/.login_conf', the umask
will still be set twice as before (as is the case for all other context
settings overriden in '~/.login_conf').
Log a warning in case of an invalid umask specification.
This change makes it apparent that the value of LOGIN_DEFUMASK doesn't
matter. It will be removed in a subsequent commit.
PR: 271747
Reviewed by: emaste, kib (earlier version)
Approved by: emaste
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40344
and move the BUGS paragraph about dirfd permissions into STANDARDS
section, noting that we provide POSIX-mandated implementation.
Reviewed by: emaste, kevans
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D43652
When a temporary/bootonce boot environment is renamed, we need to also
update the bootenv nvlist on-disk to reflect the new name. Additionally,
when a temporary/bootonce boot environment is destroyed, we also need to
clear out the on-disk state.
Reviewed by: kevans
Approved by: kp
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43591
The code in this file runs before the sanitizer can initialize its
shadow map.
Fixes: ad2fac552c ("lib/libc/amd64: add archlevel-based simd dispatch framework")
This is another part of fixing the WITH_ASAN build. Some additional
source files had to be added to libllvm and liblldb, since the ASan
instrumentation causes symbols in those files to be referenced.
Reported by: markj
PR: 276597
MFC after: 3 days
We have s_fabs.c, but fabs(3) is already provided by libc due to
historical reasons, so it is not compiled into libm. When the linker
does not use --undefined-version, this leads to a complaint about the
symbol being nonexistent, so remove it from Symbol.map.
While here, adjust the comment about some functions being supplied by
libc: while it is true that all these are indeed in libc, libm still
includes its own versions of frexp(3), isnan(3), isnanf(3), and
isnanl(3).
Reported by: Steve Kargl <sgk@troutmask.apl.washington.edu>
MFC after: 3 days
The section INTERNET ADDRESSES describes the acceptance of dotted
values with varying number of parts in multiple bases. This applies
to inet_aton and inet_addr, but not to inet_pton. Clarify this
section by listing the functions to which this applies. Move the
description of what inet_pton accepts into this section from STANDARDS,
where it is easily missed. Rename the section to clarify that it
applies only to IPv4. (inet_pton also works with IPv6.)
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D43537
In the errno list, add an explicit note and reference to the note in the
STANDARDS section.
When O_NOFOLLOW is specified and the target is a symbolic link FreeBSD
sets errno to a value different than that specified by POSIX. Commit
295159dfa3 added a note to this effect, but I missed it when reading
through the list of errno values.
PR: 214633
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43618
Unlike Linux, we do provide libc wrapper. All definitions and
prototypes are available from <unistd.h>
Tested by: manu
Reviewed by: brooks, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43518
Move ncurses_dll.h to GENHDRS to start with; it's been generated from
ncurses_dll.h.in for years, so it's not actually in a different category
than all of the other GENHDRS. Slap an .ORDER on it to ensure that we
build ncurses_dll.h and curses.h before any *.c gets compiled.
This should sufficiently address a build race seen downstream where
ncurses_dll.h is present but not yet populated.
Reviewed by: bapt
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D43540
It was exposed (under FBSDprivate_1.0) for forward compatability in
threading libraries in 2008 by commit cd7d66a21f. The last consumer
was removed in 2015 by commit 8495e8b1e9. I missed this among the _
and __sys_ symbols in commit e2417a21a0.
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D43408
Put declerations of _ and __sys_ prefixed stubs at the top and
everything else at the bottom. Sort the bottom list with sort(1).
This paves the way to generate the syscall symbol list.
Reviewed by: kib
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43386
Add _SYSCALL_BODY() macro which invokes the syscall via _SYCALL() and
calls cerror as required. Use to implement PSEUDO() and RSYSCALL().
Reviewed by: jhibbits
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43323
Similarly as in the previous commit, using calloc() instead of malloc()
is useless here in the regular case since the subsequent call to
cpuset_getaffinify() is going to completely fill the allocated memory.
However, there is an additional complication. This function tries to
allocate memory to hold the cpuset if it previously wasn't, and does so
before the thread lock is acquired, which can fail on a bad thread ID.
In this case, it is necessary to deallocate the memory allocated in this
function so that the attributes object appears unmodified to the caller
when an error is returned. Without this, a subsequent call to
pthread_attr_getaffinity_np() would expose uninitialized memory (not
a security problem per se, since it comes from the same process) instead
of returning a full mask as it would before the failing call to
pthread_attr_get_np(). So the caller would be able to notice a change
in the state of the attributes object even if pthread_attr_get_np()
reported failure, which would be quite surprising. A similar problem
that could occur on failure of cpuset_setaffinity() has been fixed.
Finally, we shall always report memory allocation failure. This already
goes for pthread_attr_init(), so, if for nothing else, just be
consistent.
Reviewed by: emaste, kib
Approved by: emaste (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43329
Add _SYSCALL_BODY() macro which invokes the syscall via _SYCALL() and
calls cerror as required. Use to implement PSEUDO() and RSYSCALL().
Reviewed by: jhibbits
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43322
Using calloc() instead of malloc() is useless here since the allocated
memory is to be wholly crushed by the memcpy() call that follows.
Suggested by: kib
Reviewed by: emaste, kib
Approved by: emaste (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D43328
The change of argument for sizeof() (from a type to an object) is to be
consistent with the change done for the malloc() code just above in the
preceding commit touching this file.
Consider bit flags as integers and test whether they are set with an
explicit comparison with 0.
Use an explicit flag value (PTHREAD_SCOPE_SYSTEM) in place of a variable
that has this value at point of substitution.
All other changes are straightforward.
Suggested by: kib
Reviewed by: kib
Approved by: emaste (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D43327
Add a required include to resolv.h for sockaddr_in. This should reduce
patching required when porting code written with Linux or NetBSD in mind.
PR: 182466
MFC after: 1 week
Introduce pfctl_add_rule_h(), which takes a pfctl_handle rather than a
file descriptor (which it didn't use). This means that library users can
open the handle while they're running as root, but later drop privileges
and still add rules to pf.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Consumers of libpfctl can (and in future, should) open a handle. This
handle is an opaque object which contains the /dev/pf file descriptor
and a netlink handle. This means that libpfctl users can open the handle
as root, then drop privileges and still access pf.
Already add the handle to pfctl_startstop() and pfctl_get_creatorids()
as these are new in main, and not present on stable branches. Other
calls will have handle-enabled alternatives implemented in subsequent
commits.
Sponsored by: Rubicon Communications, LLC ("Netgate")
On first read, POSIX may seem ambiguous about the return code for some
scheduling-related pthread functions on invalid arguments. But a more
thorough reading and a bit of standards archeology strongly suggests
that this case should be handled by EINVAL and that ENOTSUP is reserved
for implementations providing only part of the functionality required by
the POSIX option POSIX_PRIORITY_SCHEDULING (e.g., if an implementation
doesn't support SCHED_FIFO, it should return ENOTSUP on a call to, e.g.,
sched_setscheduler() with 'policy' SCHED_FIFO).
This reading is supported by the second sentence of the very definition
of ENOTSUP, as worded in CAE/XSI Issue 5 and POSIX Issue 6: "The
implementation does not support this feature of the Realtime Feature
Group.", and the fact that an additional ENOTSUP case was added to
pthread_setschedparam() in Issue 6, which introduces SCHED_SPORADIC,
saying that pthread_setschedparam() may return it when attempting to
dynamically switch to SCHED_SPORADIC on systems that doesn't support
that.
glibc, illumos and NetBSD also support that reading by always returning
EINVAL, and OpenBSD as well, since it always returns EINVAL but the
corresponding code has a comment suggesting returning ENOTSUP for
SCHED_FIFO and SCHED_RR, which it effectively doesn't support.
Additionally, always returning EINVAL fixes inconsistencies where EINVAL
would be returned on some out-of-range values and ENOTSUP on others.
Reviewed by: markj
Approved by: markj (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43006
You can't return 0 and not write the mode if mode_p is non-NULL. That
violates the API contract and in common usage leaves stack trash in
*mode_p.
The acl_equiv_mode_test test passed by accident.
Reviewed by: kevans, markj
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43278
PR#273962 reported that copy_file_range(2) did not work
on shared memory objects and returned EINVAL.
Although the reporter felt this was incorrect, it is what
the Linux copy_file_range(2) syscall does.
Since there was no collective agreement that the FreeBSD
semantics should be changed to no longer be Linux compatible,
copy_file_range(2) still works on regular files only.
This man page update clarifies that. If, someday, copy_file_range(2)
is changed to support non-regular files, then the man page will
need to be updated to reflect that.
PR: 273962
Reviewed by: karels, pauamma_gundo.com (manpages)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43227
Upstream has made more clang runtime libraries available for more
architectures, so add them. To make this easier, split up subdir lists
into functional parts (asan, tsan, etc), and put each architecture into
its own .if block.
Effectively, this adds the following libraries for aarch64: asan, cfi,
fuzzer, msan, safestack, stats, tsan, ubsan, xray.
PR: 262706
MFC after: 3 days
The scalar implementation is fairly simplistic and only performs
slightly better than the generic C implementation. It could be
improved by using the same algorithm as for memchr, but it would
have been a lot more complicated.
The baseline implementation is similar to timingsafe_memcmp. It's
slightly slower than memchr() due to the more complicated main
loop, but I don't think that can be significantly improved.
Tested by: developers@, exp-run
Approved by: mjg
MFC after: 1 month
MFC to: stable/14
PR: 275785
Differential Revision: https://reviews.freebsd.org/D42925
The "values" test case is specifically crafted to detect the off-by-one
error previous discovered in the scalar strchrnul implementation.
Tested by: developers@, exp-run
Approved by: mjg
MFC after: 1 month
MFC to: stable/14
PR: 275785
Differential Revision: https://reviews.freebsd.org/D42925
POSIX.1-2004 and the upcoming C23 agree that memccpy()'s arguments
are restrict qualified and must not overlap. In 2002, restrict
qualifiers were added to <string.h>'s declaration of the function.
Make things official and document that the arguments must not
overlap.
See also: 61b60edfd3
Approved by: kib
MFC after: 1 month
MFC to: stable/14