summaryrefslogtreecommitdiffstats
path: root/lib/libc (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Inroduce malloc_conceal() and calloc_conceal(). Similar to theirotto2019-05-105-201/+225
| | | | | counterparts but return memory in pages marked MAP_CONCEAL and on free() freezero() is actually called.
* Delete support for military timezones in %z (A-I and K-Y).schwarze2019-05-102-34/+4
| | | | | | | | | | | They were originally defined in one way, then RFC822 erroneously redefined them the opposite way, then RFC5322 said they can no longer be used reliably. So return NULL like FreeBSD, DragonFly, glibc, and musl do. Issue reported by Hiltjo Posthuma <hiltjo at codemadness dot org>. Deletion suggested by tedu@ and deraadt@. Feedback and OK on the patch from tedu@.
* Apply retpoline protection to the indirect call to the thread startfuncguenther2019-05-101-2/+7
| | | | ok mortimer@
* Document KERN_PFSTATUSclaudio2019-05-091-2/+7
|
* add an extra m where needed. spotted by Kent Watsentedu2019-05-071-4/+4
|
* sync the description of bufcachepercent; ok deraadtjmc2019-05-051-2/+2
|
* kern.bufcachepercent is actually for dma-reachable memory.deraadt2019-05-051-4/+3
| | | | While here, stop describing the default (wrong place to be so specific)
* basic macro cleanup; from Fabio Scotoni <fabio at esse dot ch>schwarze2019-05-031-68/+79
|
* Fix a comparison in open_memstream not to confuse when a negativeyasuoka2019-05-021-3/+3
| | | | | | value is given for the off. found by nagasaka at IIJ. ok deraadt
* Undo changes to tmpfile.c r1.5.martijn2019-04-262-26/+5
| | | | | | | | | | | | Doing the fchown call causes pledge("tmppath") to be insufficient and the the umask dance may cause race-conditions in multithreaded applications. Also POSIX states the following nowadays: implementations may restrict the permissions, either by clearing the file mode bits or setting them to the value S_IRUSR | S_IWUSR. Encouraging words from tedu@ Standards verification and OK millert@
* missing dots after ".%P pp"; the case of btree(3) wasschwarze2019-04-231-8/+6
| | | | | reported by Fabio Scotoni <fabio at esse dot ch>; also garbage collect one .Tn while here
* adjust another bufcachepercent defaultanton2019-04-211-3/+3
|
* describe EIO failure state. noted by Maximilian Lorlackstedu2019-04-181-2/+12
|
* Restrict which filesystems are available for swap. This rules outvisa2019-04-021-2/+6
| | | | | | obvious misconfigurations that cannot work. OK mpi@ tedu@
* Compile with -gdwarf-4 to suppress wrnings about DWARF2 in assembly codekettenis2019-04-011-1/+4
| | | | | | that includes retguard code. ok mortimer@
* Add retguard macros to setjmp/longjmp on amd64. Knocks out some usefulmortimer2019-03-303-21/+33
| | | | | | gadgets from libc. ok deraadt@, kettenis@
* Copy categories outside "mask" from "oldloc" to the new locale object.schwarze2019-03-292-19/+31
| | | | | | | | | | | | | | | | While POSIX appears to allow the old behaviour of ignoring "oldloc", Ted and Karl convinced me that is a bug in the spec and the Austin group almost certainly intended to require the new behaviour. Anyway, compatibility strongly suggests the new behaviour because most (or maybe even all?) other systems do not ignore "oldloc", and some software appears to depend on the copying from "oldloc" to the new locale. Issue analyzed and reported by Karl Williamson <public at khwilliamson dot com> with support from the Perl 5 community. This final diff is similar to two earlier diffs from Ted, but handles invalid input in a mode robust way. OK tedu@.
* adjtime(2): set EINVAL if delta overflows 64 bits of microseconds.cheloha2019-03-261-3/+13
| | | | | | | | | | | | | | | | No other (known) BSD-derived adjtime(2) implementation checks for overflow when converting delta into its final denomination of fractional seconds. This is peculiar, as the call originates in 4.3BSD. However, glibc, uclibc, and (to an extent) musl /do/ check the input and set EINVAL if it exceeds a certain bound, so we'll just use the errno that they use to be consistent with extant practice. Prompted by the comment kettenis@ left when we switched to storing the adjustment in an int64_t like ~5 years ago (kern_time.c,v 1.87). Positive feedback from deraadt@, manpage bits ok jmc@, no code complaints from otto@ or tedu@.
* fix copy pasto: flag -> atflags; ok deraadt@ jca@ millert@anton2019-03-251-4/+4
|
* BUGS goes last;jmc2019-03-241-7/+6
|
* Document the fact that readlink(2) can bypass restrictions as neededbeck2019-03-241-2/+10
| | | | | by realpath(3). This will go away post 6.5. ok deraadt@
* In the incredibly unbelievable circumstance where _rs_init() fails toderaadt2019-03-241-2/+2
| | | | | | | | | allocate pages, don't call abort() because of corefile data leakage concerns, but simply _exit(). The reasoning is _rs_init() will only fail if someone finds a way to apply specific pressure against this failure point, for the purpose of leaking information into a core which they can read. We don't need a corefile in this instance to debug that. So take this "lever" away from whoever in the future wants to do that.
* Remove useless secure_path(3) calls.millert2019-03-232-25/+12
| | | | | | There is no point in checking permissions of files in root-owned directories. If it even was a problem, secure_path(3) suffers from unsolvable TOCTOU issues. OK deraadt@
* Reference permissions in the canonical plural.rob2019-03-211-3/+3
| | | | ok jmc@
* escape backslashes;schwarze2019-03-201-3/+3
| | | | patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
* Document MAP_CONCEAL. Prompted by jmc@. ok otto@ schwarze@.cheloha2019-03-171-3/+6
|
* Remove FBSDID.kevlo2019-03-1511-53/+11
| | | | ok deraadt@
* remove a sentence that was once helpful when dirname.3 and basename.3benno2019-03-081-3/+3
| | | | | shared one manpage. ok florian@
* talk about IPv4 and IPv6 in a more symmetrical wayschwarze2019-03-031-4/+4
| | | | | and avoid an anachronistic wording found by deraadt@; joint work with deraadt@
* tweak the previous two commits:schwarze2019-03-031-3/+3
| | | | | a Internet address -> an Internet address and sort SEE ALSO
* Just called the Internet nowderaadt2019-03-031-3/+3
|
* in vdprintf(), no need to use the file locking mecanism when usingsemarie2019-03-031-2/+2
| | | | | | | fflush() as the variable is stack based (no possible concurrent access). call directly __sflush() ok visa@ deraadt@
* Consume one leading space with %e iff givenkn2019-02-212-7/+10
| | | | | | | | | Since strftime(3)'s %e conversion specification preceeds single digits by a blank, do the converse here to allow safe data round trips through these functions with the same format string. Positive feedback tedu deraadt, OK millert jca
* New futex(2) based rwlock implementation based on the mutex code.mpi2019-02-131-1/+12
| | | | | | | | | This implementation reduces contention because threads no longer need to spin calling sched_yield(2) before going to sleep. Tested by many, thanks! ok visa@, pirofti@
* KNF.mpi2019-02-131-2/+2
| | | | Pointed out by pirofti@ while reviewing my rwlock impl. based on this one.
* Allow SO_PEERCRED to be called on sockets created with socketpair.martijn2019-02-131-4/+5
| | | | OK claudio@ and jca@
* Xr the byteorder funcs; from tim kuijstenjmc2019-02-131-3/+4
|
* Add lock stack trace saving for witness(4).visa2019-02-071-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This lets witness(4) save a stack trace on each lock acquisition. The saved traces can be viewed in ddb(4) when showing the currently held locks, which may help when debugging incorrect locking. Sample output: ddb{0}> show all locks Process 63836 (rm) thread 0xffff8000221e52c8 (435004) exclusive rrwlock inode r = 0 (0xfffffd8119a092c0) locked @ /usr/src/sys/ufs/ufs/ufs_vnops.c:1547 #0 witness_lock+0x419 #1 _rw_enter+0x2bb #2 _rrw_enter+0x42 #3 VOP_LOCK+0x3f #4 vn_lock+0x36 #5 vfs_lookup+0xa1 #6 namei+0x2b3 #7 dounlinkat+0x85 #8 syscall+0x338 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff81e6a5f0) locked @ /usr/src/sys/arch/amd64/amd64/intr.c:525 #0 witness_lock+0x419 #1 syscall+0x2b6 #2 Xsyscall+0x128 The saving adds overhead, so it is not enabled by default. It can be taken into use by setting sysctl kern.witness.locktrace=1 at runtime or by defining WITNESS_LOCKTRACE in the kernel configuration. Feedback and OK anton@
* Add manpage for timer* macros, actually document timespec* macros.cheloha2019-02-071-91/+3
| | | | | | | | | | | | | | We use these all over the tree so they ought to be documented on a separate page; move them out of getitimer.2 into timeradd.3. While moving, clean up the language and markup here and there. Still needs to be added to share/man/man3/Makefile, pending any further cleanup in-tree. With input from schwarze@, jmc@, and millert@. "looks great" deraadt@, "(ok)" jmc@, ok tedu@, "we'll spruce it up in-tree" schwarze@
* Fix typo in last commit.millert2019-02-051-2/+2
|
* Avoid an out of bounds read when regcomp() is passed a bad expression.millert2019-02-051-1/+5
| | | | | | | | When an invalid regular expression is passed, seterr() is called which sets p->error to the appropriate error code and sets p->next and p->end to nuls[]. However, p->next is decremented in the default case in p_ere_exp() and p_simp_re() which makes it point to one byte before nuls[]. From FreeBSD. OK tedu@ deraadt@
* Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX.millert2019-02-043-26/+25
| | | | This requires a libc major version bump. OK deraadt@
* Remove unused <assert.h> header.mpi2019-01-291-2/+1
|
* There's no point in asserting that a pointer is not NULL beforempi2019-01-291-3/+1
| | | | | | dereferencing it. ok kettenis@, visa@
* Add a dedicated sysctl(2) node for witness(4).visa2019-01-291-4/+15
| | | | | | | | The new node contains the subsystem's main control variable, kern.witness.watch. It is aliased by the old name, kern.witnesswatch. The alias will be removed in the future. OK anton@ mpi@
* I am retiring my old email address; replace it with my OpenBSD one.millert2019-01-2541-100/+100
|
* strptime(3): Disallow double leap second.cheloha2019-01-221-2/+2
| | | | | | | | | | POSIX allows for one extra second in a minute, i.e. "23:59:60", so that leap seconds can be parsed. They don't allow for *two* extra seconds, i.e. "23:59:61", though. Typo introduced in NetBSD lib/libc/time/strptime.c,v1.3. ok krw@ bcook@ tedu@
* sort sections, and add a missing verb to the EXAMPLES text;jmc2019-01-221-24/+24
|
* Wrap long lineotto2019-01-221-4/+4
|
* Point people to ipcomp(4) instead of ipsecctl(8) forajacoutot2019-01-221-3/+3
| | | | | | net.inet.ipcomp.enable. ok deraadt@ bluhm@