| Age | Commit message (Collapse) | Author |
|---|
|
OK claudio@ visa@
|
|
broke pthreads on hppa. Reverting. Ok deraadt@
|
|
|
|
the routing domain we are currently in. Otherwise we might end up with
address families that are not available in the current rdomain but in
others since getifaddrs(3) gives us all interface addresses in the
system.
Clue-bat & OK claudio, input & OK eric, OK kn
|
|
|
|
too small in the AF_INET6 case.
Spotted by Brad House (brad AT brad-house.com) with the c-ares
regression test.
The man page says
Caution: The dst field should be zeroed before calling inet_net_pton() as
the function will only fill the number of bytes necessary to encode the
network number in network byte order.
Which seems to suggest that the function should work if the passed in
storage is big enough to hold the prefix, which might be smaller than
sizeof(in6_addr).
Input & OK tb
|
|
The global "tickadj" variable is a remnant of the old NTP adjustment
code we used in the kernel before the current timecounter subsystem
was imported from FreeBSD circa 2004 or 2005.
Fifteen years hence it is completely vestigial and we can remove it.
We probably should have removed it long ago but I guess it slipped
through the cracks. FreeBSD removed it in 2002:
https://cgit.freebsd.org/src/commit/?id=e1d970f1811e5e1e9c912c032acdcec6521b2a6d
NetBSD and DragonflyBSD can probably remove it, too.
We export tickadj via the kern.clockrate sysctl(2), so update sysctl.2
and sysctl(8) accordingly. Hypothetically this change could break
someone's sysctl(8) parsing script. I don't think that's very likely.
ok mvs@
|
|
Previously, this code was passing string constants to functions that did
not declare their parameters as const. After this patch, the functions now
declare that they do not modify these arguments, making it safe to pass
string constants. Fixes -Wincompatible-pointer-types-discards-qualifiers.
From Adam Barth <abarth google com>
ok millert
|
|
sleep(3) does not call nanosleep(2) if seconds is zero. This is bad.
As a simplified interface to nanosleep(2), sleep(3) should delegate
all decisions about whether or not to yield the CPU to nanosleep(2).
This patch removes the nanosleep(2) bypass from sleep(3).
This means that this code:
sleep(0);
will block for up to 1 tick, just like the equivalent nanosleep(2) call.
Neither FreeBSD nor NetBSD bypass nanosleep(2) in the zero case, so
this commit brings our sleep(3) closer to theirs in behavior.
As an added bonus, sleep(3) will now *always* appear in a ktrace(1) as
a call to nanosleep(2).
ok millert@
|
|
- setting up asr in single thread mode and then starting threads using asr
would lead to multiple threads sharing the same resolver.
- destruction of a thread that has been using asr would leak data.
Problem originally reported by Alexey Sokolov and Uli Schlachter.
ok kettenis@
|
|
OK schwarze@, jmc@, deraadt@
|
|
quintuple negation into one with a simple negation.
From miod, ok millert
|
|
comments that they will evaluate their arguments multiple times.
From miod, ok millert
|
|
From miod@, OK tb@
|
|
Changing it from ((condition) || function call) to an if() wrapped
in a do/while is easier to read and more stylistically consistent.
The seterr() function no longer needs to return a value.
From miod@, OK tb@
|
|
From miod@, OK tb@
|
|
Also, the temporary array in nonnewline() can be made static const.
From miod@, OK tb@
|
|
before accessing anything in ifa_addr.
ok claudio@
|
|
"count" bytes available in an array of char "start" and "end" both point
to.
This is fine, unless "start + count" goes beyond the last element of the
array. In this case, pedantic interpretation of the C standard makes
the comparison of such a pointer against "end" undefined, and optimizers
from hell will happily remove as much code as possible because of this.
An example of this occurs in regcomp.c's bothcases(), which defines
bracket[3], sets "next" to "bracket" and "end" to "bracket + 2". Then it
invokes p_bracket(), which starts with "if (p->next + 5 < p->end)"...
Because bothcases() and p_bracket() are static functions in regcomp.c,
there is a real risk of miscompilation if aggressive inlining happens.
The following diff rewrites the "start + count < end" constructs into
"end - start > count". Assuming "end" and "start" are always pointing in
the array (such as "bracket[3]" above), "end - start" is well-defined
and can be compared without trouble.
As a bonus, MORE2() implies MORE() therefore SEETWO() can be simplified
a bit.
from miod, ok millert
|
|
return value to avoid a redundant strlen() call.
from miod, ok millert
|
|
dealing with it. This code was incomplete anyway.
from miod, ok millert
|
|
from miod, ok millert
|
|
With help/input from jmc@ and kn@.
ok jmc@
|
|
an OOR2 operator. Also includes a regress test for the issue.
From FreeBSD via miod@
|
|
Fix a memory leak when no entry is matched.
ok florian
|
|
our i386 compiler does not generate SSE instructions by default,
it is not strictly necessary to save MXCSR content between setjmp(3)
and longjmp(3). We do not want to end supporting such old processors
now. Remove the stmxcsr and ldmxcsr instructions from libc.
reported by Johan Huldtgren; OK jsg@ kettenis@
|
|
it. There is enough space in jmp_buf to save MXCSR and CW register.
Idea taken from amd64. This fixes regress/lib/libc/setjmp-fpu .
OK kettenis@
|
|
i386 libc. The assembler code is more readable than with magic
numbers. This brings i386 in line with amd64. No change in object
file.
OK kettenis@
|
|
|
|
From Boudewijn Dijkstra
|
|
This changes RETGUARD_SETUP(ffs) to RETGUARD_SETUP(ffs, %r11, %r12)
and RETGUARD_CHECK(ffs) to RETGUARD_CHECK(ffs, %r11, %r12)
to show that r11 and r12 are in use between setup and check, and to
pick registers other than r11 and r12 in some kernel functions.
ok mortimer@ deraadt@
|
|
|
|
Adjust variable declaration in disklabel to match.
ok millert@ deraadt@
|
|
-width ".Dv BOB" -> -width "BOB"
although they are not errors, they are misleading and probably should
not get pasted around
|
|
or pseudo terminals (visa);
ok mpi visa
|
|
ok deraadt@
|
|
|
|
Largely considered attack surface nowadays. The benefit provided by %n
is completely overshadowed by the risk.
New uses of %n don't seem to be entering the C ecosystem, as static
tools flag them. And everyone points fingers at those people....
The list of programs (and libraries) which use %n is therefore finite
and shrinking. Most of the %n use comes out of the GNU ecosystem.
jca@ has convinced gnulib to fix their code (so we need to wait for
software including gnulib to make new releases).
A few libraries have moved ahead of us and become more strict. Some n
longer permit %n (for instance, andriod bionic). Others log the occurance.
Some log and abort if the output location is W|X (MacOS).
Our base tree is clean. The ports tree contains a handful during
build time, and unknown count (more) during runtime.
We would like to abort programs on any occurance of %n. Or we could
be like MacOS, aborting for W|X pages (but would need a system call
which can check that condition, and that introduces addressspace
knowledge we don't want attackers to know, and may be a poor tradeoff).
For now, we can syslog, to increase awareness, and involve more people
in the greater community to remove %n uses.
[If %n is at the end, use the *printf return value. If it occurs in
the middle, split the printf calls into multiples]
Hopefully one day, we can just abort() when %n happens. Help us get
there?
ok jca, plus naddy for ports team
|
|
Add retguard to some, but not all, asm functions in libc. Edit SYS.h
in libc to remove the PREFIX macros and add SYSENTRY (more like
aarch64 and powerpc64), so we can insert RETGUARD_SETUP after
SYSENTRY. Some .S files in this commit don't get retguard, but do
stop using the old prefix macros.
Tested by deraadt@, who put this diff in a macppc snap.
|
|
The clock_gettime.2 page is clumsy. It will be easier to use if it is
reorganized to emphasize clock_gettime(2), a general and widely used
interface, over clock_settime(2), a special-purpose and rarely used
interface.
While doing that I found a bunch of other things I wanted to tweak
or improve:
- Simplify the NAME summary. No need to mention "calibration" or "date".
- "now", "res", and "clock" are better argument names than "tp"
and "clock_id".
- The CLOCK_* list is a bunch of fragments. Rewrite the list to
make it easier to understand what the clocks represent and how
they behave.
- Mention clock_settime(2) *after* the list of clocks. Almost nobody
needs to use it. It shouldn't lead the page alongside clock_gettime(2).
- Drop the adjtime(2) reference. We could mention it in a CAVEATS
section but it definitely doesn't belong here in the DESCRIPTION.
- Drop the useless init(8) reference.
- Add a bunch of EXAMPLES demonstrating how to actually use each clock.
- Clean up the ERRORS.
- Update the cross references.
- Add a HISTORY for the interfaces and each clock.
High-level structural ideas from jmc@ and schwarze@. Edited by jmc@.
ok jmc@, probably ok schwarze@
|
|
floating-point control modes are properly restored by longjmp(3).
ok guenther@
|
|
Both functions take a non-const parameter. Implementations may modify
the passed string, even though ours do not.
ok stsp@ deraadt@ millert@
|
|
OK deraadt@
|
|
ok deraadt@
|
|
("permanently undefined")
ok deraadt@ kettenis@
|
|
ok mortimer
|
|
are properly restored by longjmp(3).
|
|
ok deraadt@
|
|
Put a hard-trap instruction after the syscall instruction.
ok kettenis mortimer
|
|
calls are guarded. Adapt the first few hand-written functions to this
model (a few remain)
ok kettenis mortimer
|
