The rpc(3) itself was not designed with multithreading in mind, but we can
actually achieve some parallelism without modifying the library and the
framework. This transport will allow to process RPCs in threads, with
some hacks on the application side (documented in code). We make
reentrable only one method - SVC_REPLY(). Reading and parsing of incoming
calls is still done synchronously. But the actual processing of the calls
can be offloaded to a thread, and once finished the thread can safely
execute svc_sendreply() and the reply would be sent with the correct xid.
Differential Revision: https://reviews.freebsd.org/D48569
To be used by NFS related daemons that provide RPC services to the kernel.
Some implementation details inside the new svc_nl.c.
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D48550
This shall be the official transport to connect kernel side RPC clients
to userland side RPC servers. All current kernel side clients that
hijack unix(4) sockets will be converted to it. Some implementation
details are available inside new clnt_nl.c.
The complementary RPC server over netlink(4) coming in next commit.
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D48549
GETENTROPY_MAX should be defined in limits.h. EINVAL is the return
value for buflen > GETENTROPY_MAX.
PR: 282783
Reviewed by: markj, asomers, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47689
The kernel has had a version of this since
c79cee7136 ("kernel: provide panicky version of __unreachable"), and
userland can benefit from the same. __unreachable is largely
inadequate because it's *not* an assertion of any sort, so we're not
really alerted to a problem that we could've anticipated.
Reviewed by: emaste, imp, jhb, olce
Differential Revision: https://reviews.freebsd.org/D48077
Aborting ATIO while its CTIOs are in progress makes impossible to
handle their completions, making them stuck forever. Detect this
case by checking ctcnt counter and if so instead of aborting just
mark the ATIO as dead to block any new CTIOs. It is not perfect
since the task id can not be reused for some more time, but not
as bad as the task stuck forever.
MFC after: 1 week
Note in the manpage that the 2024 edition finally added ppoll(), and
also add the appropriate declarations for the correct versions of
_POSIX_C_SOURCE (via __POSIX_VISIBLE).
Differential Revision: https://reviews.freebsd.org/D48043
Note in the manpage that the 2024 edition finally added ppoll(), and
also add the appropriate declarations for the correct versions of
_POSIX_C_SOURCE.
Differential Revision: https://reviews.freebsd.org/D48043
C23 has incoporated a small number of POSIX functions, so these
should be exposed for C23, regardless of POSIX.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D47856
This is similar to chroot(2), but takes a file descriptor instead
of path. Same syscall exists in NetBSD and Solaris. It is part of a larger
patch to make absolute pathnames usable in Capsicum mode, but should
be useful in other contexts too.
Reviewed By: brooks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D41564
xdr_void() should have type xdrproc_t, make it so.
PR: 280514
Reviewed by: brooks, dim
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47340
When soft updates began being enabled by default that change carried
over to mdmfs(8) which does not want or need them. This fix ensures
that they are only enabled in mdmfs(8) when requested with the -U flag.
Reported by: Ivan Rozhuk
Tested by: Ivan Rozhuk
PR: 279308
MFC after: 1 week
This is how the other typedefs for rsize_t handle it (in <stddef.h>,
<stdlib.h>, and <string.h>). In particular, we shouldn't have any
rsize_t if a C environment earlier C11 was requested.
This reapplies b35f0aa495, chasing c25e55bcf8, fixing ports build
failures following b35f0aa495 without c25e55bcf8.
PR: 281768
Sponsored by: Tarsnap Backup Inc.
Signed-off-by: Graham Percival
These were supposed to match the visibility of the system's declaration,
but this one was overlooked. Fix it now so that `rsize_t` can be hidden
appropriately.
Reported by: Shawn Webb (and now others)
This is a production release to fix three bugs, none of which
affects well formed scripts on FreeBSD:
The first bug is that bc/dc will exit on macOS when the terminal
is resized.
The second bug is that an array, which should only be a function
parameter, was accepted as part of larger expressions.
The third bug is that the value stack for dc was cleared on any error.
However, this is not how other dc behave. To bring dc more in line
with other implementations, this behavior was changed. This change is
why this version is a new major version.
(cherry picked from commit 54d20d67e2af28d948ce2df13feb039fa10900fc)
MFC after: 3 days
The definitions in _stdint.h has some complications around visibility
that _limits.h does not have. Switch to __SIZE_T_MAX to avoid those.
This fixes the devel/gperf, devel/glib20 and math/mpfr builds with
_FORTIFY_SOURCE enabled to unlock a large fraction of the ports tree to
build.
Reported by: Shawn Webb (HardenedBSD)
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
This mirrors ppoll's visibility in sys/poll.h and fixes a build issue
with some _POSIX_C_SOURCE requests due to missing the sigset_t typedef.
Reported by: eduardo
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
This was missed in b8730c11a3 ("include: ssp: fix the build [...]"),
but <ssp/wchar.h> also had a bare `inline` in use. Swap it over to
__ssp_inline as well.
Reported by: netchild
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
GCC emits a warning about shadowing a builtin with our mempcpy
declaration, so switch it to using the same model as memcpy() and
use the apparently-existing __builtin___mempcpy_chk().
Reviewed by: kib (earlier version), markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45976
`inline` isn't always a keyword, so we should be using __ssp_inline
as we do everywhere else in the _FORTIFY_SOURCE support. Variable
declarations in a loop initializer are also not always supported, so
declare any loop vars in advance.
Reviewed by: kib (earlier version), markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45976
The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45686
Check both the buffer size of the iov object itself, as well as that
of each indidvidually io base.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45684
That is to say, fortify getrandom(2).
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45683
This includes all of the w*() equivalents to str*()/mem*() implemented
in more or less the same way. For these ones, we'll just use
header-only implementations from the start to stop further cluttering
the libc symbol table.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45682
The immediately obvious and attractive targets from <stdlib.h> are
arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal
much else of interest.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45681
For poll/ppoll we just need to bounds-check the poll array that we're
about to write out to.
Reviewed by: kib, markj (earlier version)
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45680
ssp/ssp.h needed some improvements:
- `len` isn't always a size_t, it may need casted
- In some cases we may want to use a len that isn't specified as a
parameter (e.g., L_ctermid), so __ssp_redirect() should be more
flexible.
- In other cases we may want additional checking, so pull all of the
declaration bits out of __ssp_redirect_raw() so that some functions
can implement the body themselves.
strlcat/strlcpy should be the last of the fortified functions that get
their own __*_chk symbols, and these cases are only done to be
consistent with the rest of the str*() set.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45679
Switch away from pointer arithmetic to provide more obvious semantics
for checking overlap on pointer ranges. This lets us remove some casts
that need not exist and removes some possible fragility in its use.
While we're here, check for overflow just in case; sometimes we use a
caller-supplied size if __builtin_object_size(3) can't deduce the buffer
size, and we should fail the check if the size is nonsensical for the
provided buffers.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
We'll be using it in some upcoming definitions in headers, so move it
back now but slap a warning on it. Our upcoming uses will all be inside
of inline functions, so we're not overly concerned about double
evaluation immediately.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45677
TinyC doesn't support the .symver assembler directive. Add a generic way
to signal this and use that not to define __sym_() macros that use
it. Only use the __sym_* macros in headers when they are defined (which
currently is only for the qsort_r compat code. Not supporting this for
tcc is fine: It's an edge case for legacy binaries / code anyway which
isn't relevant to tinyc.
Sponsored by: Netflix
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D45651
This non-standard type is unused in the base system (__ct_rune_t or
__rune_t are used instead) and ports. It has been around as long as our
current source repo, but we have avoided using it. In sys/_types.h
where the __*rune_t typedefs are defined, the following appears in a
comment:
NOTE: rune_t is not covered by ANSI nor other standards, and should
not be instantiated outside of lib/libc/locale. Use wchar_t.
The definition of this unused type meant we gratutiously differed from
standards compliant stddef.h/stdlib.h.
PR: 279357 (exp-run by antoine)
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D45426
It's a stupid warning, but some ports enable it by default and were
already defining _FORTIFY_SOURCE, thus exposing the new macros
immediately. This at least fixes the libfido2 build, perhaps others as
well.
While we're here, fix a fresh build of stand w/ FORTIFY_SOURCE enabled
by not pulling in the ssp headers if _STANDALONE is defined. We do not
have runtime support in libsa as of the time of writing.
Reported by: netchild
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Most of these were fixed when rebasing the patch forward, but this one
seems to have been missed.
Reported by: marck
Fixes: be04fec426 ("Import _FORTIFY_SOURCE implementation [...]")
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
Notably:
- libc needs to #undef some of the macros from ssp/* for underlying
implementations
- ssp/* wants a __RENAME() macro (snatched more or less from NetBSD)
There's some extra hinkiness included for read(), since libc spells it
as "_read" while the rest of the world spells it "read."
Reviewed by: imp, ngie
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32307
