summaryrefslogtreecommitdiffstats
path: root/lib/libc/sys (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gettimeofday, settimeofday(2): limit timezone supportcheloha2019-09-041-31/+31
| | | | | | | | | | | | | | | | | | | | | | For gettimeofday(2), always copy out an empty timezone struct. For settimeofday(2), still copyin(9) the struct but ignore the contents. In gettimeofday(2)'s case we have not changed the original BSD semantics: the kernel only tracks UTC time without an offset for DST, so a zeroed timezone struct is the correct thing to return to the caller. Future work could move these out into libc as stubs for clock_gettime and clock_settime(2). But, definitely a "later" thing, given that we are in beta. Update the manpage to de-emphasize the timezone parameters for these syscalls. Discussed with tedu@, deraadt@, millert@, kettenis@, yasuoka@, jca@, and guenther@. Tested by job@. Ports input from jca@ and sthen@. Manpage input from jca@. ok jca@ deraadt@
* sysctl(2): add kern.utc_offset: successor to the DST/TIMEZONE options(4)cheloha2019-08-211-1/+18
| | | | | | | | | | | | | | | | | | | | | The DST and TIMEZONE options(4) are incompatible with KARL, so we need some other way to compensate for an RTC running with a known offset. Enter kern.utc_offset, an offset in minutes East of UTC. TIMEZONE has always been minutes West, but this is inconsistent with how everyone else talks about timezones, hence the flip. TIMEZONE has the advantage of being compiled into the binary. Our new sysctl(2) has no such luck, so it needs to be set as early as possible in boot, from sysctl.conf(5), so we can correct the kernel clock from the RTC's local time to UTC before daemons like ntpd(8) and cron(8) start. To encourage this, kern.utc_offset is made immutable after the securelevel(7) is raised to 1. Prompted by yasuoka@. Discussed with deraadt@, kettenis@, yasuoka@. Additional testing by yasuoka@. ok deraadt@, yasuoka@
* Remove support for semantically opace interface identifiers (RFC 7217)florian2019-08-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | for IPv6 link local addresses. Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort. RFC 7721 lists 4 weaknesses: 3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too. 3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means. People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
* Document ip.arpq and remove ip, ip6 and mpls ifq.denis2019-08-111-45/+27
| | | | ok deraadt@
* No specific called "exec(3)", so move primary manpage to a name whichderaadt2019-08-113-10/+10
| | | | | | | | does exist -- execv(3). Still call this a family but without "Nm". Adjust Xr in various pages to refer to the precise function used rather than the family, in most cases the semantics of execve(2) are being referenced, so change the Xr. ok jmc
* correct mispellings of EACCES; from Kris Katterjohnderaadt2019-07-292-6/+6
|
* Basic macro cleanup, mostly .Nm -> .Fn because .Nm is not a thingschwarze2019-07-251-11/+13
| | | | in section 2 and 3; bluhm@ drew my attention to this.
* basic macro cleanupschwarze2019-07-251-41/+41
|
* Show unveil(2) violators in lastcomm(1) output and daily mail.bluhm2019-07-251-2/+8
| | | | input Janne Johansson, schwarze@; OK deraadt@ millert@
* implement SO_DOMAIN and SO_PROTOCOL so that the domain and the protocolrobert2019-07-221-3/+15
| | | | | | | | can also be retrieved with getsockopt(3) it looks like these will also be in the next issue of posix: http://austingroupbugs.net/view.php?id=840#c2263 ok claudio@, sthen@
* obvious bugfix: if the queue is removed while message transmission isschwarze2019-07-182-4/+4
| | | | | blocked, POSIX requires EIDRM rather than EINVAL, and that's what our implementation does and what the ERRORS section already says, too
* add STANDARDS, improve HISTORY, and basic macro cleanup:schwarze2019-07-183-54/+75
| | | | use .Vt for struct names and and .Fa for struct fields
* State that mtype < 1 causes EINVAL as required by POSIXschwarze2019-07-181-12/+22
| | | | | | | | and as implemented by OpenBSD since sysv_msg.c rev. 1.35. Diff from Moritz Buhl <mbuhl at moritzbuhl dot de> requested by bluhm@. While here, add STANDARDS, improve HISTORY, and use the customary .Fa for struct fields rather than .Va.
* Get rid of an old convention of wrapping preprocessor constants in curlyanton2019-07-083-10/+10
| | | | | | braces. no objection from jmc@ and schwarze@
* kevent(2): remove 24hr timeout limitcheloha2019-07-011-7/+2
| | | | | | | | | | As with nanosleep(2), poll(2), and select(2), here we can chip away at the timespec until it's empty. This lets us support the full range of the timespec regardless of the kernel's HZ. Update the manpage accordingly. ok visa@
* Use the same text for EOPNOTSUPP as we do in fcntl(2) and lockf(3).millert2019-06-251-3/+5
| | | | | In fcntl(2) and lockf(3) the error is EINVAL but the condition is the same. OK anton@
* add missing RETURN VALUES section;schwarze2019-06-241-2/+4
| | | | also checked that POSIX requires exactly this behaviour
* sockatmark(3), recv(2), getsockopt(2), and connect(2) return specificallyderaadt2019-06-201-4/+4
| | | | | -1 to mark failure, not arbitrary values < 0. I believe manual pages should follow the described contract precisely and accurately.
* Note closefrom(2)'s origins in Solaris 9.cheloha2019-05-311-3/+3
| | | | | | Manpage input from jmc@ and schwarze@, archaeological input from schwarze@. ok schwarze@
* Enable the use of the kernel __realpath() system call in the libc wrapper.beck2019-05-281-2/+2
| | | | | | | | For now, this also still uses the existing realpath implmentation and emits a syslog if we see differening results. Once we have run with that for a little while we will remove the old code ok deraadt@
* Tweak "RETURN VALUES" sections to mention setting errno, as so manykrw2019-05-262-9/+18
| | | | | | | other man pages do. ok schwarze@ guenther@ on socket(2). "Similar" tweak on accept(2) requested by guenther@.
* Document KERN_PFSTATUSclaudio2019-05-091-2/+7
|
* add an extra m where needed. spotted by Kent Watsentedu2019-05-071-4/+4
|
* sync the description of bufcachepercent; ok deraadtjmc2019-05-051-2/+2
|
* kern.bufcachepercent is actually for dma-reachable memory.deraadt2019-05-051-4/+3
| | | | While here, stop describing the default (wrong place to be so specific)
* basic macro cleanup; from Fabio Scotoni <fabio at esse dot ch>schwarze2019-05-031-68/+79
|
* adjust another bufcachepercent defaultanton2019-04-211-3/+3
|
* describe EIO failure state. noted by Maximilian Lorlackstedu2019-04-181-2/+12
|
* Restrict which filesystems are available for swap. This rules outvisa2019-04-021-2/+6
| | | | | | obvious misconfigurations that cannot work. OK mpi@ tedu@
* adjtime(2): set EINVAL if delta overflows 64 bits of microseconds.cheloha2019-03-261-3/+13
| | | | | | | | | | | | | | | | No other (known) BSD-derived adjtime(2) implementation checks for overflow when converting delta into its final denomination of fractional seconds. This is peculiar, as the call originates in 4.3BSD. However, glibc, uclibc, and (to an extent) musl /do/ check the input and set EINVAL if it exceeds a certain bound, so we'll just use the errno that they use to be consistent with extant practice. Prompted by the comment kettenis@ left when we switched to storing the adjustment in an int64_t like ~5 years ago (kern_time.c,v 1.87). Positive feedback from deraadt@, manpage bits ok jmc@, no code complaints from otto@ or tedu@.
* fix copy pasto: flag -> atflags; ok deraadt@ jca@ millert@anton2019-03-251-4/+4
|
* BUGS goes last;jmc2019-03-241-7/+6
|
* Document the fact that readlink(2) can bypass restrictions as neededbeck2019-03-241-2/+10
| | | | | by realpath(3). This will go away post 6.5. ok deraadt@
* Reference permissions in the canonical plural.rob2019-03-211-3/+3
| | | | ok jmc@
* Document MAP_CONCEAL. Prompted by jmc@. ok otto@ schwarze@.cheloha2019-03-171-3/+6
|
* talk about IPv4 and IPv6 in a more symmetrical wayschwarze2019-03-031-4/+4
| | | | | and avoid an anachronistic wording found by deraadt@; joint work with deraadt@
* Allow SO_PEERCRED to be called on sockets created with socketpair.martijn2019-02-131-4/+5
| | | | OK claudio@ and jca@
* Add lock stack trace saving for witness(4).visa2019-02-071-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This lets witness(4) save a stack trace on each lock acquisition. The saved traces can be viewed in ddb(4) when showing the currently held locks, which may help when debugging incorrect locking. Sample output: ddb{0}> show all locks Process 63836 (rm) thread 0xffff8000221e52c8 (435004) exclusive rrwlock inode r = 0 (0xfffffd8119a092c0) locked @ /usr/src/sys/ufs/ufs/ufs_vnops.c:1547 #0 witness_lock+0x419 #1 _rw_enter+0x2bb #2 _rrw_enter+0x42 #3 VOP_LOCK+0x3f #4 vn_lock+0x36 #5 vfs_lookup+0xa1 #6 namei+0x2b3 #7 dounlinkat+0x85 #8 syscall+0x338 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff81e6a5f0) locked @ /usr/src/sys/arch/amd64/amd64/intr.c:525 #0 witness_lock+0x419 #1 syscall+0x2b6 #2 Xsyscall+0x128 The saving adds overhead, so it is not enabled by default. It can be taken into use by setting sysctl kern.witness.locktrace=1 at runtime or by defining WITNESS_LOCKTRACE in the kernel configuration. Feedback and OK anton@
* Add manpage for timer* macros, actually document timespec* macros.cheloha2019-02-071-91/+3
| | | | | | | | | | | | | | We use these all over the tree so they ought to be documented on a separate page; move them out of getitimer.2 into timeradd.3. While moving, clean up the language and markup here and there. Still needs to be added to share/man/man3/Makefile, pending any further cleanup in-tree. With input from schwarze@, jmc@, and millert@. "looks great" deraadt@, "(ok)" jmc@, ok tedu@, "we'll spruce it up in-tree" schwarze@
* Add a dedicated sysctl(2) node for witness(4).visa2019-01-291-4/+15
| | | | | | | | The new node contains the subsystem's main control variable, kern.witness.watch. It is aliased by the old name, kern.witnesswatch. The alias will be removed in the future. OK anton@ mpi@
* Point people to ipcomp(4) instead of ipsecctl(8) forajacoutot2019-01-221-3/+3
| | | | | | net.inet.ipcomp.enable. ok deraadt@ bluhm@
* Document 'video' promise.landry2019-01-211-2/+27
| | | | looks fine to jmc@
* correct the RETURN VALUES of the macros, document the HISTORY ofschwarze2019-01-201-9/+37
| | | | | the macros, and simplify one wording; OK millert@, tweak and OK jmc@
* sys/time.h: new macros: timerisvalid() and timespecisvalid().cheloha2019-01-181-2/+10
| | | | | | | | | | | Make it less likely you miss a zero when typing out 100000 or 100000000. Document them in getitimer.2 for the masses. These may be of use in library code as well as the kernel. Comparable inline functions exist in Linux but are not available to userspace like these. "OK." deraadt@
* minor tweaks:schwarze2019-01-181-9/+17
| | | | | | * correctly mark up NULL * avoid gratuitous future tense * replace one wrong .Nm macro
* Adjust EINVAL wording: tv_nsec cannot be 1 billion, either.cheloha2019-01-181-3/+4
|
* futex(2): validate relative timeout before sleeping.cheloha2019-01-181-2/+7
| | | | | | | | Linux does validation. Document this new failure case as an EINVAL, like Linux. "stop waiting" deraadt
* adjtime(2), settimeofday(2), clock_settime(2): validate inputcheloha2019-01-182-6/+15
| | | | | | | | | Add documentation for the new EINVAL cases for adjtime(2) and settimeofday(2). adjtime.2 docs ok schwarze@, settimeofday(2)/clock_settime(2) stuff ok tedu@, "stop waiting" deraadt@
* mincore() is a relic from the past, exposing physical machine informationderaadt2019-01-1110-93/+19
| | | | | | | about shared resources which no program should see. only a few pieces of software use it, generally poorly thought out. they are being fixed, so mincore() can be deleted. ok guenther tedu jca sthen, others
* getsockopt(2) recv(2) rmdir(2) and send(2) were present and implementedjsg2019-01-114-12/+12
| | | | | | in 4.1c ok schwarze@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.