Test case to check if an implementation of memset correctly
handles the value passed being wider than a byte
Approved by: emaste
Reviewed By: fuz (GSoC mentor), emaste
Sponsored by: Google LLC (GSoC 2024)
Differential Revision: https://reviews.freebsd.org/D45738
The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45686
Notably sanity check indices passed to the FD_*() macros against the
size of the fd_set itself.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45685
Check both the buffer size of the iov object itself, as well as that
of each indidvidually io base.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45684
That is to say, fortify getrandom(2).
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45683
This includes all of the w*() equivalents to str*()/mem*() implemented
in more or less the same way. For these ones, we'll just use
header-only implementations from the start to stop further cluttering
the libc symbol table.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45682
The immediately obvious and attractive targets from <stdlib.h> are
arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal
much else of interest.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45681
For poll/ppoll we just need to bounds-check the poll array that we're
about to write out to.
Reviewed by: kib, markj (earlier version)
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45680
ssp/ssp.h needed some improvements:
- `len` isn't always a size_t, it may need casted
- In some cases we may want to use a len that isn't specified as a
parameter (e.g., L_ctermid), so __ssp_redirect() should be more
flexible.
- In other cases we may want additional checking, so pull all of the
declaration bits out of __ssp_redirect_raw() so that some functions
can implement the body themselves.
strlcat/strlcpy should be the last of the fortified functions that get
their own __*_chk symbols, and these cases are only done to be
consistent with the rest of the str*() set.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45679
Switch away from pointer arithmetic to provide more obvious semantics
for checking overlap on pointer ranges. This lets us remove some casts
that need not exist and removes some possible fragility in its use.
While we're here, check for overflow just in case; sometimes we use a
caller-supplied size if __builtin_object_size(3) can't deduce the buffer
size, and we should fail the check if the size is nonsensical for the
provided buffers.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
The _FORTIFY_SOURCE tests will be generated by a lua script to avoid a
lot of redundancy in writing these tests. For each function that we're
fortifying, the plan is to test at least the following three scenarios:
- Writing up to one byte before the end of the buffer,
- Writing up to the end of the buffer,
- Writing one byte past the end of the buffer
The buffer is shoved into a struct on the stack to guarantee a stack
layout in which we have a valid byte after the buffer so that level 2
fortification will trip and we can have confidence that it wasn't some
other stack/memory protection instead.
The generated tests are divided roughly into which header we're
attributing them to so that we can parallelize the build -- the full set
is a bit over 9000 lines of C and takes 11s to build on the hardware
that I'm testing on if it's a single monolothic file.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45678
We'll be using it in some upcoming definitions in headers, so move it
back now but slap a warning on it. Our upcoming uses will all be inside
of inline functions, so we're not overly concerned about double
evaluation immediately.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45677
ZFS' libspl needs to be made aware that we have strlcat(3) and
strlcpy(3) to avoid some more complicated declaration duplication, so
go ahead and define these HAVE_ macros now.
libprocstat has to define `_KERNEL` and include kernel headers in order
to get what it wants, but this results in sys/cdefs.h being included too
late and we pick up the build breaking version of the __RENAME
definition. Just explicitly include sys/cdefs.h earlier rather than
disabling _FORTIFY_SOURCE. The zfs/ subdir only builds an object that
holds some structures and sizes, so just disable _FORTIFY_SOURCE there
entirely rather than trying to move #define _KERNEL into the file..
While we're here, make sure that we disable _FORTIFY_SOURCE in the
bootloader because we don't have the symbol renaming support today to do
it as cleanly as we'd like. ssp/ssp.h needs to be pulled into the libsa
environment so that other bits can understand that ssp is disabled in
the consistent __SSP_FORTIFY_LEVEL way that we try to do.
Reviewed by: allanjude (previous version), markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45676
We just need to check we are building for arm.
Reviewed by: manu, emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45644
This patch introduces userspace library support for the bnxt_re RoCE driver.
The library can be linked with RDMA applications such as perftest and rping.
The RoCE traffic has been tested with the rping and perftest utility.
Reviewed by: imp, kib, sumit.saxena@broadcom.com
Approved by: imp
Differential revision: https://reviews.freebsd.org/D45729
The call to memcpy() meant to cause plt resolution in _thr_rtld_init()
was getting optimized by the compiler. Tell the compiler not to use its
builtins in thr_rtld.c. We could avoid just the memcpy builtin but
disabling all will be more robust against future changes.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D45891
Use a constant input operand instead of a bogus memory reference to tell
the compiler about offsetof(struct tcb, tcb_thread) in the gs segment.
Otherwise gcc complains if we tell it we are reading memory offset 0x8.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D45829
Use a constant input operand instead of a bogus memory reference to tell
the compiler about offsetof(struct tcb, tcb_thread) in the fs segment.
Otherwise gcc complains if we tell it we are reading memory offset 0x10.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D45828
When CLOCK_BOOTTIME was made an alias for CLOCK_MONOTONIC, the man page
wasn't updated. Update to include the changed semantics (it was to be
better compatible with Linux). Clarify the details of these clocks.
Provide a reference to the UTC standard, and a clarifying remark
about leap second encoding (fun fact: POSIX provides no unique
value for these, nor definitive values to use).
Sponsored by: Netflix
Add CLOCK_UPTIME and CLOCK_BOOTTIME options and a quick pointer
to clock_gettime(2) for a better definition of these values.
Reviewed-by: imp (small tweaks and added Xr)
Pull-Request: https://github.com/freebsd/freebsd-src/pull/1302
We are not 100% compatible with 1.0.16, but implement some
functionality from that version that is required by certain ports.
PR: 277799
PR: 279555 (exp-run)
Event: Kitchener-Waterloo Hackathon 202406
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45514
Ahead of including inline in __always_inline, move __always_inline to
where inline goes.
Reviewed by: imp, kib, olce
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D45710
Remove support for old gcc versions by unconditionally defining
__MATH_BUILTIN_RELOPS and __MATH_BUILTIN_CONSTANTS. Per kib's request,
don't #undef those so it's easier to understand what the builtins are
doing.
Reviewed by: brooks
Differential Revision: https://reviews.freebsd.org/D45655
Sponsored by: Netflix
Armv6 is being removed from the treem and the comment applies to armv7.
Reviewed by: manu, imp, emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45645
Match the "U" in RFSPAWN's value (1U<<31) (and "u" for completeness).
Reject kernel-only RFPPWAIT to avoid a duplicate entry.
Reviewed by: imp, markj
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D45597
This reverts commit 1a968da448.
I was mistakenly looking at the version strings in the CVS attic
but the function was moved to libc/stdio where it matches the
current string.
This change introduced a test failure, so revert until that can be
addressed.
This reverts commit 888796ade2.
PR: 277783
Reported by: rlibby
Sponsored by: The FreeBSD Foundation
There's no reason why the virstor chunk size needs to relate to MAXPHYS.
Remove it. Instead, just make sure that the chunk size is a multiple of
the sector size.
Reviewed by: imp
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D45518
During the initial label of a virstor device, write out the allocation
map in chunks if it is large (> 1 MB) in order to avoid large mallocs.
Even though the kernel virstor geom may still do a large malloc to
represent the allocation map, this may still be useful to avoid a
ulimit.
Reviewed by: markj
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D45517
See 8164d511d6 ("libc/tests: Fix installation without MK_TOOLCHAIN")
for some background. Here we should really be testing MK_CLANG instead,
since that's what gates compilation of libclang_rt.
Fixes: 8164d511d6 ("libc/tests: Fix installation without MK_TOOLCHAIN")