|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| | Both FreeBSD and NetBSD have this behavior.  OK deraadt@ | 
| | 
| 
| 
| | ok schwarze@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | UNIX System V mention it.  Only do so in manual pages with a
pre-existing HISTORY section.
Prompted by the comparison of System V and BSD commands and interfaces
in Sun's "System V Enhancements Overview" document.
checked against manuals on bitsavers, TUHS archive and CSRG archive CDs
ok jmc@ schwarze@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | following page(s) we've been first mquery()ing for it, mmapp()ing
w/o MAP_FIXED if available, and then munmap()ing if there was a
race.  Instead, just try it directly with
mmap(MAP_FIXED | __MAP_NOREPLACE)
tested in snaps for weeks
ok deraadt@ | 
| | 
| 
| 
| 
| 
| 
| | This got broken when system.c was converted from signal(3) to sigaction(2).
Also add SIGINT and SIGQUIT to the set of blocked signals and unblock
them in the parent after the signal handlers are installed.
Based on a diff from Leon Fischer.  OK deraadt@ | 
| | 
| 
| 
| 
| 
| 
| | jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@ | 
| | 
| 
| 
| | ok jmc@ schwarze@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | in size. This cache is indexed by size (in # of pages), so it is
very quick to check.  Some programs allocate and deallocate larger
allocations in a frantic way.  Accomodate those programs by also
keeping a cache of regions between 128k and 2M, in a cache of variable
sized regions.
Tested by many in snaps; ok deraadt@ | 
| | 
| 
| 
| | ok jmc@ sthen@ millert@ | 
| | 
| 
| 
| 
| 
| | from uwe@netbsd -r1.22
ok millert | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | lsearch(3) is really just lfind(3) with an additional branch to append
the key if lfind(3) fails.  If we get rid of the underlying
linear_base() function and move the search portion into lfind(3) and
the key-copying portion into lsearch(3) we get smaller and simpler
code.
Misc. notes:
- We do not need to keep the historical comment about errno.  lsearch(3)
  is pure computation and does not set errno.  That's really all you
  need to know.  The specification reserves no errors, either.
- We are using lfind(3) internally now, so it switches from
  PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs
  DEF_WEAK in stdlib/lsearch.c.
With advice from guenther@ on symbol housekeeping in libc.
Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2
ok millert@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | If the key overlaps the end of the array, memcpy(3) mutates the key
and copies a corrupted value into the end of the array.
If we use memmove(3) instead we at least end up with a clean copy of
the key at the end of the array.  This is closer to the intended
behavior.
With input from millert@ and deraadt@.
Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2
ok millert@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The "lim" variable needs to be a size_t to match nmemb, otherwise we
get undefined behavior when nmemb exceeds INT_MAX.
Prompted by a blog post by Joshua Bloch:
https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html
Fixed by Chris Torek a long time ago:
https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup
ok millert@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | 3rd (variadic) mode_t parameter is irrelevant.  Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk.  They could all be 0xdeafbeef.
ok millert | 
| | 
| 
| 
| | ok mpi@ deraadt@ | 
| | 
| 
| 
| 
| 
| 
| | A tiny realpath(3) wrapper to make a porter's life easier.
Feedback kettenis deraadt cheloha sthen
OK cheloha martijn deraadt | 
| | 
| 
| 
| 
| 
| 
| | This matches the documented behavior more obviously and ensures that
these aren't optimized away, although this is unlikely.
Discussed with deraadt and otto | 
| | 
| 
| 
| 
| 
| | * mention that the *optionp input string will be modified
* clarify that the array of tokens is expected to be NULL-terminated
OK millert@ tb@, and the first half of STANDARDS also OK jmc@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| | of pages anymore, but also cache larger regions; ok tb@ | 
| | 
| 
| 
| 
| 
| 
| | getpagesize() will only return positive numbers (there is no negative
page size system) and it can not fail.
Should fix some compiler warnings seen in -portable projects.
OK otto@ | 
| | 
| 
| 
| 
| | regions of a given size.  In snaps for a while, committing since
no issues were reported and a wider audience is good.  ok deraadt@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | write 8 bytes at the time by using a uint64_t pointer. For an
allocation a max of 4 such uint64_t's are written spread over the
allocation. For pages sized and larger, the first page is junked in
such a way.
- Delayed free of a small chunk checks the corresponiding way.
- Pages ending up in the cache are validated upon unmapping or re-use.
In snaps for a while | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | use cases, so explain the situation a bit more.  Since the 80's, I estimate
around 5 algorithm changes, so any chosen seed is unrepeatable UB.
+The deterministic sequence algorithm changed a number of times since
+original development, is underspecified, and should not be relied upon to
+remain consistent between platforms and over time.
ok jmc kettenis | 
| | |  | 
| | 
| 
| 
| | ok guenther tb millert | 
| | 
| 
| 
| 
| | So redo previous commit properly:
Use random value for canary bytes; ok tb@. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | shaving off into the cache but unamp them. Pages in the cache get
re-used and then a future grow of the first allocation will be
hampered. Also make realloc a no-op for small shrinkage.
ok deraadt@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The bug, present since 4.4BSD, was that a trailing dash in an option
group, when the dash is not permitted as an option letter, resulted
in the whole option group being returned as an argument, even though
the previous option in the group was already parsed as an option:
OPTS=abc ./getopt-test -a- -c arg  ===>>  OPT(a)ARG(-a-)ARG(-c)ARG(arg).
Instead, treat the dash as an invalid option and continue parsing
options:  ===>>  OPT(a)ERR(?-)OPT(c)ARG(arg).
The undesirable behaviour was that allowing the dash as an option
letter only allowed isolated dashes ("-") and trailing dashes in
groups ("-a-"), but neither middle dashes in groups ("-a-b"), even
though that already partially worked in 4.4BSD, nor leading dashes
in groups ("--a"), even though that works on all other BSDs and on
glibc.  Also, while POSIX does not require that the dash can be
used as an option letter at all, arguably, it encourages that letters
either be fully supported or not supported at all.  It is dubious
whether supporting an option letter in some positions but not in
others can be considered conforming.
This patch makes OpenBSD behaviour identical to FreeBSD and NetBSD,
improves compatibility with glibc (except that glibc does not support
isolated "-"), improves compatibility with DragonFly (except that
DragonFly is buggy when the dash option letter can take an optional
argument but that argument is not present), improves compatibility
with Illumos and Solaris 11 (except those do not support "-" and
mishandle "--a"), and restores 4.4BSD behaviour for "-a-b".  In no
respect i'm aware of is compatibility with any other systems reduced.
For the full rationale, see my mail to tech@
on 30 Mar 2020 14:26:41 +0200.
Part of the problem was originally reported by an anonymous coward
on tech@ on 12 Mar 2020 03:40:24 +0200, additional analysis was
contributed by martijn@, and then the OP sent the final version of
the patch i'm now committing on 17 Mar 2020 19:17:56 +0200.
No licensing problem here because after the commit, the file does
not contain a single word written by the OP.  Also, the OP told me
in private mail that he intends to publish the patch under the ISC
license already contained in the file and that he wishes to be known
by the pseudonym "0xef967c36".
OK martijn@, and no objection when shown on tech@,
but commit delayed to stay clear of the release. | 
| | 
| 
| 
| 
| 
| 
| | queue -> list; mention "intrusive"; element -> member at one place;
delete a bogus remark that maybe referred to a long-gone
implementation in VAX assembly code.
Much more could be improved, but i don't want to waste too much time here. | 
| | 
| 
| 
| 
| 
| | ok schwarze
kill a Tn while here... | 
| | 
| 
| 
| | OK schwarze@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Starting from "Combined Table of Contents" in Doug McIlroy's
"A Research UNIX Reader" a table of which edition manuals appeared in.
Checked against manuals from bitsavers/TUHS and source from TUHS where
available.
Ingo points out there are cases where something is included but not
documented until a later release.
bcd(6)		v6	v7
printf(3)	v2	v4
abort(3)	v5	v6
system(3)	v6	v7
fmod(3)		v5	v6
ok schwarze@ | 
| | 
| 
| 
| 
| | at the first non-option argument.
I had to read source code to figure it out. | 
| | 
| 
| 
| 
| 
| | From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd
"fix however you feel best!" jmc | 
| | 
| 
| 
| 
| | behavior.
noticed by hshoexer@; OK beck@ | 
| | 
| 
| 
| | Prompted by guenther@ | 
| | 
| 
| 
| | ok guenther jmc | 
| | 
| 
| 
| 
| 
| 
| 
| | requiring it (sftp-server).
Remove the /exists///// behaviour from here.  The /nonexistant
behaviour remains in the kernel and needs to be shot next.
There may be ports fallout, but we doubt it.
ok beck djm | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | have a different calling convention than the standard function...as seen
in kdump output.
ok deraadt@ schwarze@ | 
| | 
| 
| 
| 
| 
| | value < 0.  errno is only updated in this case.  Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future. | 
| | 
| 
| 
| 
| 
| | on error, so checking for -1 only is potentially non-portable.
Also mention that the C89 standard does not require errno to be set.
OK deraadt@ millert@ | 
| | 
| 
| 
| 
| 
| 
| 
| | code.  We now user the simple userland wrapper on top of __realpath(2).
The non-POSIX behaviour still remains, that is the next component to fix.
From a diff by beck, but I managed to chainsaw it a bit further.  Tested
in snaps for a couple of days.
ok beck | 
| | |  | 
| | 
| 
| 
| 
| 
| | it is a thin wrapper over the syscall __readlink(2).  Improve the list
of possible errors.
ok millert beck jmc | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | _csu_finish() to _libc_preinit(), which is an .init_array function
in shared libc (and mark it INITFIRST) or a .preinit_array function
in static libc, grabbing the _dl_cb callback there from ld.so.  Then
in _csu_finish(), invoke the dl_clean_boot() callback to free ld.so's
startup bits before main() gets control.
Other cleanups this permits:
 - move various startup structures into .data.rel.ro
 - the dl* stubs in libc can be strong and call the callbacks provided
   via _dl_cb
 - no longer need to conditionalize dlctl() calls on presence of _DYNAMIC
original concept and full diff ok kettenis@
ok deraadt@ | 
| | 
| 
| 
| 
| | checks userland-parsing vs kernel parsing, we are hoping to spot another
bug.. |