Use boolean evaluation of :M matches and a single if statement.
Reviewed by: imp, kib
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42915
(cherry picked from commit fc0288993cdad8a559fcd2c2166cf95f1fa43745)
For architectures where vfork.S was named Ovfork.S this was needed, but
it was always pointless here as an entry in either MDASM or NOASM is
equivalent.
Reviewed by: kib
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42914
(cherry picked from commit ec27c0bb3eea73be4db6cd2f275db6c516e12d00)
While this has been Ovfork.S forever on i386 it differs from other
syscalls that require wrappers for no obvious reason so fix that.
Reviewed by: kib
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42909
(cherry picked from commit 0ea469bcd548d29bbbc970325e4fa851d0e4c022)
The actual implementation of sbrk(2) is on top of the undocumented
break(2) system call. On powerpc* this means we don't build _sbrk and
__sys_sbrk which were neither used nor exposed for linkage. Otherwise
it is a no-op.
The addition to lib/libc/sys/Makefile.inc is a direct commit to
stable/14 in lieu of merging the removal of the sbrk and sstk syscalls.
(cherry picked from commit 7893419d492c40ca82b68fca3dcc0f5f7047d39b)
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43159
Conceptually very similar to timingsafe_bcmp(), but with comparison
logic inspired by Elijah Stone's fancy memcmp. A baseline (SSE)
implementation was omitted this time as I was not able to get it to
perform adequately. Best I got was 8% over the scalar version for
long inputs, but slower for short inputs.
Sponsored by: The FreeBSD Foundation
Approved by: security (cperciva)
Inspired by: https://github.com/moon-chilled/fancy-memcmp
Differential Revision: https://reviews.freebsd.org/D41696
(cherry picked from commit 5048c1b85506c5e0f441ee7dd98dd8d96d0a4a24)
Very straightforward and similar to memcmp(3). The code has
been written to use only instructions specified as having
data operand independent timing by Intel.
Sponsored by: The FreeBSD Foundation
Approved by: security (cperciva)
Differential Revision: https://reviews.freebsd.org/D41673
(cherry picked from commit 76c2b331bcd9f73c5c8c43a06e328fa0c7b8c39a)
When matching against a set of 17--32 characters, strcspn() uses two
invocations of PCMPISTRI to match against the first 16 characters
of the set and then the remaining characters. If a match was found in
the first half of the set, the code originally immediately returned
that match. However, it is possible for a match in the second half of
the set to occur earlier in the vector, leading to that match being
overlooked.
Fix the code by checking if there is a match in the second half of the
set and taking the earlier of the two matches.
The correctness of the function has been verified with extended unit
tests and test runs against the glibc test suite.
Approved by: mjg (implicit, via IRC)
MFC after: 1 week
MFC to: stable/14
(cherry picked from commit c91cd7d03a9dee649ba3a1b9b4014df9de111bb8)
This new unit test verifies that if there are multiple
matches, the first match is returned, ignoring later
matches.
Approved by: mjg (blanket, via IRC)
MFC after: 1 week
MFC to: stable/14
(cherry picked from commit a0ecf2224ea35d029d33541878f0eee42f5fd84f)
The four functions more or less perform the same operation.
Reuse the same unit test with slight changes so we can cover
them all. Constant-time operation is not verified for the
timingsafe_* functions.
Sponsored by: The FreeBSD Foundation
Approved by: ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D41528
(cherry picked from commit c6cc06d465a98270ef734ffec7c9012ec3a1bd17)
Extend the tests to permit loading an external memcmp function
and testing it over using the libc version. This was added by the
example of other tests in the test suite doing the same thing and
helped tremendously in development.
This change was originally part of D41442 but was taken out to
permit separate review as extrapolated from @ngie's request in
D41349.
Sponsored by: FreeBSD Foundation
Approved by: ngie
Differential Revision: https://reviews.freebsd.org/D41528
(cherry picked from commit b166580681e3af173ec368656019d02ba1cc55ad)
This changeset add a new set of tests that comprehensively test strcmp() on
various alignments of the input. This made it easy to smoke out many
exciting new bugs in the new SSE strcmp() implementation from D41971.
MFC after: 1 week
Reviewed by: ngie
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41970
(cherry picked from commit b49596de2622a51e5673ba2c0b3718cd88a2aa41)
Rather than calling calloc() to allocate space for a page size array to
pass to getpagesizes(), just follow the getpagesizes() implementation
and allocate MAXPAGESIZES elements on the stack. This avoids the need
for the allocation.
While this does mean that a new libc is required to take advantage of a
new huge page size, that was already true due to getpagesizes() using a
static buffer of MAXPAGESIZES elements.
Reviewed by: kevans, imp, emaste
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42710
(cherry picked from commit c96772227b7dfcaf4eec4d07acb5c916643aca3a)
Due to memfd_create(3)'s construction of a path to pass to shm_open2(2),
it has a much larger than typical dependency footprint for a system
call wrapper (the list currently includes calloc, memset, sprintf, and
strlen). As such, split it off into its own file under libc/gen to
lighten libc/sys's dependency list.
Reviewed by: kevans, imp, emaste
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42709
(cherry picked from commit c3207e2d2554c8e36f9cf5950f8cd52a19fedfd5)
These wide char support files were copied from the previous versions
with expanded $FreeBSD$ strings in #if 0 blocks. Remove them and the
scssid definitions in the same #if 0 blocks.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D42688
(cherry picked from commit 9fc0ff9d85b1497b45a4c6d74e0bc7eea9dcf37b)
All supported architectures have shared page support so remove this
unused stub.
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D42619
(cherry picked from commit 500bf0592cf1de1d26369efe3877d812f724f5c0)
fabs, __infinity, and __nan are universally implemented so declare them
in gen/Symbol.map.
We would also include __flt_rounds, but it's under FBSD_1.3 on arm so
until that's gone we're stuck with it. Likewise, everyone but i386
implements fp[gs]etmask.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D42618
(cherry picked from commit c7045186819dbc64c3f005cb1138a1948868cf5a)
Declare makecontext() and __makecontext() symbols centrally as they are
always implemented.
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D42617
(cherry picked from commit 5d79b5445e12873b316a04de352d12a02bfe2d53)
These symbols are universally exposed and documented so declare them
centrally. Double- and triple-underscore versions exist on some
platforms, but leave those alone for now.
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D42616
(cherry picked from commit 1c656143be734de4b1e1bac27c0c48ef4d974510)
These are implemented by net/ntoh.c via headers and compiler intrinsics
so declare them in net/Symbol.map.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D42615
(cherry picked from commit ff3a9d8e2909692c73ce9f9279cac2f15848b3f4)
All architectures necessarily implement _exit(2) and vfork(2) so
declare them in sys/Symbol.map.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D42614
(cherry picked from commit e4a1800f06884dc00931f55d0fa8cd9ce473a83e)
This was part of a libkse and libpthread transition aide when libc
gained symbol versions in e62165c8b0
(March 2006). The code that cared about this macro was removed in
commit 00fb440c1a (May 2007) when symbol
versioning was enabled by default and libthr became the default
threading library. For unknown reasons, it stayed in libc (which
seemingly never used it) and seems to have been copied to liblzma and
libz.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D42613
(cherry picked from commit e3e9c205ff54aac287309e03a808d9e9ec5c49eb)
These were left over from $FreeBSD$ removal.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42612
(cherry picked from commit 1ca63a8219b88b752b064d19bd3428c61dbcf1f9)
Remove stray blank lines left over from $FreeBSD$ removal as well as
some CVS-era (perhaps pre-repocopy) version comments.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42611
(cherry picked from commit b73eace889f1db518a7b0b3372351e0cbf550085)
* Combine dg_fd_locks and dg_cv into one array.
* Similarly for vc_fd_locks and vc_cv
* Turn some macros into inline functions
This is a mostly cosmetic change to make refactoring these strutures in
a future commit easier.
Sponsored by: Axcient
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D42597
(cherry picked from commit a5c2f4e939430f0048136c39fb9fa6093d401905)
lib/libc/rpc: switch the per-fd structs in clnt_{dg,vc}.c to RB Trees
This saves oodles of memory, especially when "ulimit -n" is large. It
also prevents a buffer overflow if getrlimit should fail.
Also replace per-fd condvars with mutexes to simplify the code.
PR: 274968
Sponsored by: Axcient
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D42597
(cherry picked from commit 24938f9311c9c9acc1ce747f4e6a088c2dbc967d)
These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Keep those.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42385
(cherry picked from commit 559a218c9b257775fb249b67945fe4a05b7a6b9f)
The memcpy() function first appeared in AT&T System V UNIX and was
reimplemented for 4.3BSD-Tahoe. The mempcpy() function first appeared in
FreeBSD 13.1.
PR: 272227
Differential Revision: https://reviews.freebsd.org/D42630
(cherry picked from commit 8c8ffe541eabb23e21ddffb534ecda7ac6d7e04a)
The argument 's' of getpeerid(3) must be a connected UNIX-domain socket,
so document it.
PR: 248614
Differential Revision: https://reviews.freebsd.org/D42629
(cherry picked from commit fa9f74220146233b7224da7c94870540dc39ae68)
Two additional stdio changes followed 86a16ada1e and need to be
reverted as part of the fflush fix.
This reverts commit 6e13794fbe.
This reverts commit bafaa70b6f.
Fixes: d09a3bf72c0b ("fflush: correct buffer handling in __sflush")
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42491
(cherry picked from commit 4e0e01bf6511c28212d7dff94fe131a502e13026)
Approved by: so
errno.h was added in 44cf1e5eb4, which has been reverted.
Fixes: d09a3bf72c0b ("fflush: correct buffer handling in __sflush")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 418f026bd5a5084c1c4e2e91ad38051f6caa928c)
Approved by: so
This fixes CVE-2014-8611 correctly.
The commit that purported to fix CVE-2014-8611 (805288c2f0) only hid
it behind another bug. Two later commits, 86a16ada1e and
44cf1e5eb4, attempted to address this new bug but mostly just confused
the issue. This commit rolls back the three previous changes and fixes
CVE-2014-8611 correctly.
The key to understanding the bug (and the fix) is that `_w` has
different meanings for different stream modes. If the stream is
unbuffered, it is always zero. If the stream is fully buffered, it is
the amount of space remaining in the buffer (equal to the buffer size
when the buffer is empty and zero when the buffer is full). If the
stream is line-buffered, it is a negative number reflecting the amount
of data in the buffer (zero when the buffer is empty and negative buffer
size when the buffer is full).
At the heart of `fflush()`, we call the stream's write function in a
loop, where `t` represents the return value from the last call and `n`
the amount of data that remains to be written. When the write function
fails, we need to move the unwritten data to the top of the buffer
(unless nothing was written) and adjust `_p` (which points to the next
free location in the buffer) and `_w` accordingly. These variables have
already been set to the values they should have after a successful
flush, so instead of adjusting them down to reflect what was written,
we're adjusting them up to reflect what remains.
The bug was that while `_p` was always adjusted, we only adjusted `_w`
if the stream was fully buffered. The fix is to also adjust `_w` for
line-buffered streams. Everything else is just noise.
Fixes: 805288c2f0
Fixes: 86a16ada1e
Fixes: 44cf1e5eb4
Sponsored by: Klara, Inc.
(cherry picked from commit d09a3bf72c0b5f1779c52269671872368c99f02a)
Approved by: so
It is clearer to avoid reusing temporary variables for different
purposes.
Sponsored by: Klara, Inc.
(cherry picked from commit 1f90b4edffe815aebb35e74b79e10593b31f6b75)
These do not use __FBSDID but instead use bare char arrays.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D41957
(cherry picked from commit eba230afba4932f02a1ca44efc797cf7499a5cb0)
POSIX has accepted a proposal[1] to add glibc-compatible ptsname_r. It
indicates an error by returning the error number, rather than returning
-1 and setting errno. Update RETURN VALUES in ptsname_r's man page now
to encourage folks to test that the return value != 0 rather than == -1.
[1] https://www.austingroupbugs.net/bug_view_page.php?bug_id=508
Reported by: Collin Funk
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42204
(cherry picked from commit a5ed6a815e38d6c622cd97a6020592ded579cf7a)
The man page had `kern.ktrace.geniosize` but the sysctl node contains an
underscore.
PR: 274274
Reported by: Ivan Rozhuk
Sponsored by: The FreeBSD Foundation
(cherry picked from commit a572dfa1bfe00cec93b27d8848ca49562cab5e3c)
Compiler memory barriers do not prevent the CPU from executing the code
out of order. Switch to C11 atomics. This also lets us get rid of the
mutex; instead, loop until the compare_exchange succeeds.
While here, change the return value of at_quick_exit() on failure to
the more traditional -1, matching atexit().
Sponsored by: Klara, Inc.
Reviewed by: Olivier Certner, kevans, kib
Differential Revision: https://reviews.freebsd.org/D41936
(cherry picked from commit 1dc3abb052430279e47c8922d22b30922adcf0f6)
libc: Add a rudimentary test for quick_exit(3).
Sponsored by: Klara, Inc.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D41937
(cherry picked from commit c7dd4601aeebbc1bbe131cbe6747476c124b47fe)
- cast GETNEXT to unsigned where it is being promoted to int to prevent
sign-extension (really it would have been better for PEEK*() and
GETNEXT() to return unsigned char; this would have removed a ton of
(uch) casts, but it is too intrusive for now).
- fix an isalpha that should have been iswalpha
PR: 264275, 274032
Reviewed by: kevans, eugen (previous version)
Obtained from: NetBSD
(cherry picked from commit 3fb80f1476c7776f04ba7ef6d08397cef6abcfb0)
This extends the strcspn() unit tests to catch mistakes in the
implementation that only appear when a mismatch occurs in a certain
position of the string against a certain position of the set.
See also: 52d4a4d4e0dedc72bc33082a3f84c2d0fd6f2cbb
Sponsored by: The FreeBSD Foundation
Approved by: imp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D41821
(cherry picked from commit 601fd768cfd599518f7f9d30592763d1279d336d)
When memcmp(a, b, len) (or equally, bcmp) is called with a phony length
such that a + len < a, the code would malfunction and not compare the
two buffers correctly. While such arguments are illegal (buffers do not
wrap around the end of the address space), it is neverthless conceivable
that people try things like memcmp(a, b, SIZE_MAX) to compare a and b
until the first mismatch, in the knowledge that such a mismatch exists,
expecting memcmp() to stop comparing somewhere around the mismatch.
While memcmp() is usually written to confirm to this assumption, no
version of ISO/IEC 9899 guarantees this behaviour (in contrast to
memchr() for which it is).
Neverthless it appears sensible to at least not grossly misbehave on
phony lengths. This change hardens memcmp() against this case by
comparing at least until the end of the address space if a + len
overflows a 64 bit integer.
Sponsored by: The FreeBSD Foundation
Approved by: mjg (blanket, via IRC)
See also: b2618b651b28fd29e62a4e285f5be09ea30a85d4
MFC after: 1 week
(cherry picked from commit 953b93cf24d8871c62416c9bcfca935f1f1853b6)
