aboutsummaryrefslogtreecommitdiff
path: root/lib/libc
Commit message (Collapse)AuthorAgeFilesLines
* libc/locale: Fix races between localeconv(3) and setlocale(3)Mark Johnston5 days3-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | Each locale embeds a lazily initialized lconv which is populated by localeconv(3) and localeconv_l(3). When setlocale(3) updates the global locale, the lconv needs to be (lazily) reinitialized. To signal this, we set flag variables in the locale structure. There are two problems: - The flags are set before the locale is fully updated, so a concurrent localeconv() call can observe partially initialized locale data. - No barriers ensure that localeconv() observes a fully initialized locale if a flag is set. So, move the flag update appropriately, and use acq/rel barriers to provide some synchronization. Note that this is inadequate in the face of multiple concurrent calls to setlocale(3), but this is not expected to work regardless. Thanks to Henry Hu <henry.hu.sh@gmail.com> for providing a test case demonstrating the race. PR: 258360 MFC after: 3 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31899
* procctl(2): Add PROC_WXMAP_CTL/STATUSKonstantin Belousov5 days1-1/+63
| | | | | | | | | | | It allows to override kern.elf{32,64}.allow_wx on per-process basis. In particular, it makes it possible to run binaries without PT_GNU_STACK and without elfctl note while allow_wx = 0. Reviewed by: brooks, emaste, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31779
* tzcode: Implement timezone change detectionEdward Tomasz Napierala10 days1-0/+4
| | | | | | | | | | | | Implement optional timezone change detection for local time libc functions. This is disabled by default; set WITH_DETECT_TZ_CHANGES to build it. Reviewed By: imp Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. X-NetApp-PR: #47 Differential Revision: https://reviews.freebsd.org/D30183
* libc: Fix build on case-insensitive file systemsJessica Clarke13 days2-1/+1
| | | | | | | | | | | | | | | | | | | | | | On case-insensitive file systems (most likely to be seen on macOS, where it is the default), _Fork.o for the new POSIX _Fork function conflicts with _fork.o for the PSEUDO file. This results in non-determinsitic behaviour in terms of which ends up being present; if _Fork.o wins then the build fails to link libc.so due to missing __sys_fork, and if _fork.o wins then libc silently fails to include the implementation of _Fork. A similar issue occurred in the past for C99's _Exit conflicting with exit(2) and was fixed in cb1cb6a2a83f, so this adds a fix based on that. As a longer-term solution it might be better to instead make the generated files use a different prefix that's less likely to conflict with other things (such as __sys_foo.o given they always contain that) but that's a rather more invasive change. Fixes: 49ad342cc10c ("Add _Fork()") Reviewed by: kib MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D31895
* Export _mmap and __sys_mmap from libc.soAlex Richardson13 days1-0/+2
| | | | | | | | | | Unlike the other syscalls these two symbols were missing from the version script. I noticed this while looking into the compiler-rt runtime libraries for CHERI. Reviewed by: brooks Obtained from: https://github.com/CTSRD-CHERI/cheribsd/pull/1063 MFC after: 3 days
* mprotect.2: Improve the description of protBrooks Davis2021-09-071-8/+15
| | | | | | | | | | | The new wording for standard flags is losely based on the POSIX description. Make it clearer that PROT_MAX() is a local extension. Reviewed by: alc, mckusick, imp, kib, markj Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D31777
* kqueue.2: Document the fact that EVFILT_READ can be used on kqueuesMark Johnston2021-09-071-1/+5
| | | | | | | Reviewed by: bcr, kib MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31864
* mprotect.2: Remove legacy BSD textBrooks Davis2021-09-031-6/+1
| | | | | | | | | | | | | | | | This text dates to the BSD 4.4 import and is misleading. The mprotect syscall acts on page granularity and breaks up mappings as required to do so. Note that with the addition of non-transparent superpages (aka largepages) the size of a page at a given address may vary. This commit does not attempt to address the lack of documentation of this feature. Sponsored by: DARPA Reviewed by: alc, mckusick, imp, kib, markj Differential Revision: https://reviews.freebsd.org/D31776
* getdelim(3): Fix losing data on [EAGAIN]Bryan Drewery2021-09-022-3/+223
| | | | | | | | | | | | | | Currently when an [EAGAIN] is encountered we return a partial result that does not contain the delimeter. On the next (successful) read we were returning the next part of the line without the preceding string from the first failed call. Fix this by using the same mechanism as ungetc(3) does. For the buffered case we could simply set fp->_r and fp->_p back to their values before sappend() is ran but for simplicity ungetc(3) is done in there as well. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D31687
* Symbol.map: Remove an extra space before _ForkKa Ho Ng2021-09-021-1/+1
| | | | | | Make it consistent with all other entries. Sponsored by: The FreeBSD Foundation
* Fix null pointer subtraction in mergesort()Dimitry Andric2021-08-271-5/+1
| | | | | | | | | | | | | | | | | Clang 13 produces the following warning for this function: lib/libc/stdlib/merge.c:137:41: error: performing pointer subtraction with a null pointer has undefined behavior [-Werror,-Wnull-pointer-subtraction] if (!(size % ISIZE) && !(((char *)base - (char *)0) % ISIZE)) ^ ~~~~~~~~~ This is meant to check whether the size and base parameters are aligned to the size of an int, so use our __is_aligned() macro instead. Also remove the comment that indicated this "stupid subtraction" was done to pacify some ancient and unknown Cray compiler, and which has been there since the BSD 4.4 Lite Lib Sources were imported. MFC after: 3 days
* libc/posix1e: Add acl_extended_file_np() function.Gleb Popov2021-08-274-0/+187
| | | | | | Reviewed by: kib, debdrup, gbe Approved by: kib Differential Revision: https://reviews.freebsd.org/D28255
* libc/posix1e: Add acl_equiv_mode_np() function.Gleb Popov2021-08-274-0/+199
| | | | | | Reviewed by: kib, debdrup, gbe Approved by: kib Differential Revision: https://reviews.freebsd.org/D28255
* libc/posix1e: Add acl_cmp_np() function.Gleb Popov2021-08-275-2/+141
| | | | | | Reviewed by: kib, debdrup, gbe Approved by: kib Differential Revision: https://reviews.freebsd.org/D28255
* libc/posix1e: Add acl_from_mode_np() function.Gleb Popov2021-08-274-0/+216
| | | | | | Reviewed by: kib, debdrup, gbe Approved by: kib Differential Revision: https://reviews.freebsd.org/D28255
* fspacectl(2): Changes on rmsr.r_offset's minimum value returnedKa Ho Ng2021-08-251-5/+4
| | | | | | | | | | | | | rmsr.r_offset now is set to rqsr.r_offset plus the number of bytes zeroed before hitting the end-of-file. After this change rmsr.r_offset no longer contains the EOF when the requested operation range is completely beyond the end-of-file. Instead in such case rmsr.r_offset is equal to rqsr.r_offset. Callers can obtain the number of bytes zeroed by subtracting rqsr.r_offset from rmsr.r_offset. Sponsored by: The FreeBSD Foundation Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D31677
* memcpy.3: remove BUGS section allowing overlapping stringsEd Maste2021-08-241-16/+0
| | | | | | | | | | | | | | | The removed text claimed that memcpy is implemented using bcopy and thus strings may overlap. Use of bcopy is an implementation detail that is no longer true, even if the implementation (on some archs) does allow overlap. In any case behaviour is undefined per the C standard if memcpy is called with overlapping objects, and this man page already claimed that src and dst may not overlap. Reviewed by: kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31192
* fspacectl(2): Clarifies the return valuesKa Ho Ng2021-08-241-5/+22
| | | | | | | | | | | | | | | | | | | | | | | | rmacklem@ spotted two things in the system call: - Upon returning from a successful operation, vop_stddeallocate can update rmsr.r_offset to a value greater than file size. This behavior, although being harmless, can be confusing. - The EINVAL return value for rqsr.r_offset + rqsr.r_len > OFF_MAX is undocumented. This commit has the following changes: - vop_stddeallocate and shm_deallocate to bound the the affected area further by the file size. - The EINVAL case for rqsr.r_offset + rqsr.r_len > OFF_MAX is documented. - The fspacectl(2), vn_deallocate(9) and VOP_DEALLOCATE(9)'s return len is explicitly documented the be the value 0, and the return offset is restricted to be the smallest of off + len and current file size suggested by kib@. This semantic allows callers to interact better with potential file size growth after the call. Sponsored by: The FreeBSD Foundation Reviewed by: imp, kib Differential Revision: https://reviews.freebsd.org/D31604
* Fix aio_readv(2), aio_writev(2) with SIGEV_THREAD.Thomas Munro2021-08-221-0/+2
| | | | | | | | | | Add missing wrapper code to librt for these new functions so that SIGEV_THREAD works. Without machinery to convert it to SIGEV_THREAD_ID, you got EINVAL. Reviewed by: asomers MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D31618
* lio_listio(2): Allow LIO_READV and LIO_WRITEV.Thomas Munro2021-08-221-1/+15
| | | | | | | | | | | | | Allow multiple vector IOs to be started with one system call. aio_readv() and aio_writev() already used these opcodes under the covers. This commit makes them available to user space. Being non-standard extensions, they're only visible if __BSD_VISIBLE is defined, like the functions. Reviewed by: asomers, kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D31627
* rpc(3): Correct a few common typos in source code commentsGordon Bergling2021-08-222-4/+4
| | | | | | | | - s/therfore/therefor/ - s/activte/active/ Obtained from: NetBSD MFC after: 3 days
* libc tls: use TLS_DTV_OFFSET defined by rtld.hKonstantin Belousov2021-08-161-8/+2
| | | | | | Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31541
* rtld: Remove calculate_tls_endFangrui Song2021-08-161-8/+0
| | | | | | | | | | | Variant I architectures use off and Variant II ones use size + off. Define TLS_VARIANT_I/TLS_VARIANT_II symbols similarly to how libc handles it. Reviewed by: kib MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31539 Differential revision: https://reviews.freebsd.org/D31541
* libc: vDSO timekeeping: Add pvclock supportAdam Fenn2021-08-141-0/+62
| | | | | | | | | | Add support for 'VDSO_TH_ALGO_X86_PVCLK'; add vDSO-based timekeeping for devices that support the KVM/XEN paravirtual clock API. Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D31418
* Fix a common typo in source code commentsGordon Bergling2021-08-141-2/+2
| | | | | | - s/aligment/alignment/ MFC after: 5 days
* _Exit(3): document implementationKonstantin Belousov2021-08-081-6/+14
| | | | | | | | | | | | | | Remove a useless note about unlinking temporary files, they are unlinked in tmpfile(3) [1]. Add a note about __cxa_atexit(). Explain exactly what are the FreeBSD implementation differences between exit() and _Exit(). Noted by: markj [1] Reviewed by: emaste, markj Sponsored by: The FreeBSD Foundation MFC after: 3 days Differential revision: https://reviews.freebsd.org/D31425
* fork(2): comment about doubtful use of stdio and exit(3) in exampleKonstantin Belousov2021-08-081-1/+18
| | | | | | | | | | Add fflush(stdout) as the common idiom. Explain the need to use exit() but advise against it. Reviewed by: emaste, markj Sponsored by: The FreeBSD Foundation MFC after: 3 days Differential revision: https://reviews.freebsd.org/D31425
* Fix pathconf.2 documentation errorKa Ho Ng2021-08-061-4/+5
| | | | | | | | | _PC_MIN_HOLE_SIZE and _PC_DEALLOC_PRESENT were mixed somehow before this fix. Sponsored by: The FreeBSD Foundation Reviewed by: delphij Differential Revision: https://reviews.freebsd.org/D31436
* fork.2: correct minor typo in manpage.Ceri Davies2021-08-051-1/+1
|
* Add fspacectl(2), vn_deallocate(9) and VOP_DEALLOCATE(9).Ka Ho Ng2021-08-054-0/+194
| | | | | | | | | | | | | | | | | | | | | | fspacectl(2) is a system call to provide space management support to userspace applications. VOP_DEALLOCATE(9) is a VOP call to perform the deallocation. vn_deallocate(9) is a public KPI for kmods' use. The purpose of proposing a new system call, a KPI and a VOP call is to allow bhyve or other hypervisor monitors to emulate the behavior of SCSI UNMAP/NVMe DEALLOCATE on a plain file. fspacectl(2) comprises of cmd and flags parameters to specify the space management operation to be performed. Currently cmd has to be SPACECTL_DEALLOC, and flags has to be 0. fo_fspacectl is added to fileops. VOP_DEALLOCATE(9) is added as a new VOP call. A trivial implementation of VOP_DEALLOCATE(9) is provided. Sponsored by: The FreeBSD Foundation Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D28347
* Add _Fork()Konstantin Belousov2021-08-034-4/+124
| | | | | | | | | | | | | | | | | | | | | Current POSIX standard requires fork() to be async-signal safe. Neither our implementation, nor implementations in other operating systems are, and practically it is impossible to make fork() async-signal safe without too much efforts. Also, that would put undue requirement that all atfork handlers should be async-signal safe as well, which contradicts its main use. As result, Austin Group dropped the requirement, and added a new function _Fork() that should be async-signal safe, but it does not call atfork handlers. Basically, _Fork() can be implemented as a raw syscall. Release of glibc 2.34 added _Fork(), do the same for FreeBSD. Clarify threading behavior for fork() in the manpage. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D31378
* StyleKonstantin Belousov2021-08-031-2/+2
| | | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31378
* libc: Disable ASAN for certain string functionsAlex Richardson2021-08-021-0/+9
| | | | | | | | | | They deliberately read out-of-bounds values to avoid byte-by-byte loads and check multiple bytes at once. While this will work on x86, it is flagged as an out-of-bounds read with ASAN, so we have to disable instrumentation here. This also causes bounds errors for CHERI, so in CheriBSD we use implementations that avoid OOB reads. Differential Revision: https://reviews.freebsd.org/D31045
* Don't instrument the rdtsc ifunc when building with ASAN/UBSANAlex Richardson2021-08-021-0/+8
| | | | | | | | The ifunc resolver is called before the sanitizer runtime is initialized, so any instrumentation results in an immediate crash. Reviewed By: kib Differential Revision: https://reviews.freebsd.org/D31046
* tools/build: Don't redefine open() for the linux bootstrapAlex Richardson2021-08-021-0/+6
| | | | | | | | | | | This is needed to bootstrap llvm-tblgen on Linux since LLVM calls `::open(...)` which does not work if open is a statement macro. Also stop defining O_SHLOCK/O_EXLOCK and update the only bootstrap tools user of those flags to deal with missing definitions. Reviewed By: jrtc27 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D31226
* Correct section reference for examples in RFC3542Tom Jones2021-08-011-2/+2
| | | | | | Reviewed by: bz, network MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D26272
* clock_gettime: Add Linux aliases for CLOCK_*Warner Losh2021-07-301-1/+14
| | | | | | | | | | | | | Linux standardized what we call CLOCK_{REALTIME,MONOTONIC}_FAST as CLOCK_{REALTIME,MONOTONIC}_COARSE. In addition, Linux spells CLOCK_UPTIME as CLOCK_BOOTTIME. Add aliases to time.h and document these new aliases in clock_gettime(2). Reviewed by: vangyzen, kib (prior), dchagin (prior) Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D30988
* x86 __vdso_gettc: add O_CLOEXEC flag to openKonstantin Belousov2021-07-291-2/+2
| | | | | | | | | | of the /dev/hpet and /dev/hv_tsc devices, to not leak internal libc filedescriptors on exec. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31344
* libc/locale: Use O_CLOEXEC when opening locale tablesMark Johnston2021-07-292-2/+2
| | | | | | Reviewed by: kib MFC after: 1 week Sponsored by: The FreeBSD Foundation
* libc qsort(3): Eliminate ambiguous sign comparisonConrad Meyer2021-07-292-1/+8
| | | | | | | | | | | | | | | | The left side of the MIN() expression is the (signed) result of pointer subtraction (ptrdiff_t). The right hand side is the also the (signed) result of pointer subtraction, additionally subtracting the element size ('es'), which is unsigned size_t. This coerces the right-hand expression into an unsigned value. MIN(signed, unsigned) triggers -Wsign-compare. Sorting elements of size greater than SSIZE_MAX is nonsensical, so we can instead treat the element size as ssize_t, leaving the right-hand result the same signedness as the left. Reviewed by: arichardson, kib Differential Revision: https://reviews.freebsd.org/D31292
* socket: Implement SO_RERRORRoy Marples2021-07-281-1/+9
| | | | | | | | | | | | | | | | | | SO_RERROR indicates that receive buffer overflows should be handled as errors. Historically receive buffer overflows have been ignored and programs could not tell if they missed messages or messages had been truncated because of overflows. Since programs historically do not expect to get receive overflow errors, this behavior is not the default. This is really really important for programs that use route(4) to keep in sync with the system. If we loose a message then we need to reload the full system state, otherwise the behaviour from that point is undefined and can lead to chasing bogus bug reports. Reviewed by: philip (network), kbowling (transport), gbe (manpages) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D26652
* Fix race between first rand(3) calls with _once().Alexander Motin2021-07-211-4/+5
| | | | | | | | | | | Before this patch there was a chance for thread that called rand(3) slightly later to see rand3_state already allocated, but not yet initialized. While this API is not expected to be thread-safe, it is not expected to crash. ztest on 64-thread system reproduced it reliably for me. Submitted by: avg@ MFC after: 1 month
* Revert "Fix race between first rand(3) calls."Alexander Motin2021-07-211-7/+2
| | | | | | | | It is going to be reimplemented with _once(). This reverts commit 28d70deaafa62c5d1602de5272c0aad0fcca8aff. MFC after: 1 month
* Fix race between first rand(3) calls.Alexander Motin2021-07-201-2/+7
| | | | | | | | | | Before this patch there was a chance for thread that called rand(3) slightly later to see rand3_state already allocated, but not yet initialized. While this API is not expected to be thread-safe, it is not expected to crash. ztest on 64-thread system reproduced it reliably for me. MFC after: 1 month
* kenv: allow listing of static kernel environmentsKyle Evans2021-07-191-3/+21
| | | | | | | | | | The early environment is typically cleared, so these new options need the PRESERVE_EARLY_KENV kernel config(8) option. These environments are reported as missing by kenv(1) if the option is not present in the running kernel. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D30835
* Pass the syscall number to capsicum permission-denied signalsDavid Chisnall2021-07-161-0/+10
| | | | | | | | | | | | | | | | | | The syscall number is stored in the same register as the syscall return on amd64 (and possibly other architectures) and so it is impossible to recover in the signal handler after the call has returned. This small tweak delivers it in the `si_value` field of the signal, which is sufficient to catch capability violations and emulate them with a call to a more-privileged process in the signal handler. This reapplies 3a522ba1bc852c3d4660a4fa32e4a94999d09a47 with a fix for the static assertion failure on i386. Approved by: markj (mentor) Reviewed by: kib, bcr (manpages) Differential Revision: https://reviews.freebsd.org/D29185
* libc: Use the initial-exec TLS modelMark Johnston2021-07-161-0/+7
| | | | | | | | | | | | | | | | | This permits more efficient accesses of thread-local variables, which are heavily used at least by jemalloc and locale-aware code. Note that on amd64 and i386, jemalloc's thread-local variables already have their TLS model overridden by defining JEMALLOC_TLS_MODEL. For now the change is applied only to tested platforms, but should in principle be enabled everywhere. PR: 255840 Suggested by: jrtc27 Reviewed by: kib MFC after: 2 months Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31070
* libc: add mempcpy(3) and wmempcpy(3)Konstantin Belousov2021-07-156-9/+114
| | | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31180
* Create namespace for the symbols added during 14-CURRENT cycle.Konstantin Belousov2021-07-151-1/+4
| | | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31180
* Revert "Pass the syscall number to capsicum permission-denied signals"David Chisnall2021-07-101-10/+0
| | | | | | This broke the i386 build. This reverts commit 3a522ba1bc852c3d4660a4fa32e4a94999d09a47.