Merge remote-tracking branch 'origin/stable/11' into devel-11

6 files changed, 374 insertions, 17 deletions

diff --git a/lib/libc/stdtime/strptime.c b/lib/libc/stdtime/strptime.c
index 2be6358..89703ec 100644
--- a/lib/libc/stdtime/strptime.c
+++ b/lib/libc/stdtime/strptime.c
@@ -301,10 +301,11 @@ label:
 			 * XXX This is bogus if parsed before hour-related
 			 * specifiers.
 			 */
+			if (tm->tm_hour > 12)
+				return (NULL);
+
 			len = strlen(tptr->am);
 			if (strncasecmp_l(buf, tptr->am, len, locale) == 0) {
-				if (tm->tm_hour > 12)
-					return (NULL);
 				if (tm->tm_hour == 12)
 					tm->tm_hour = 0;
 				buf += len;
@@ -313,8 +314,6 @@ label:
 
 			len = strlen(tptr->pm);
 			if (strncasecmp_l(buf, tptr->pm, len, locale) == 0) {
-				if (tm->tm_hour > 12)
-					return (NULL);
 				if (tm->tm_hour != 12)
 					tm->tm_hour += 12;
 				buf += len;
@@ -374,15 +373,17 @@ label:
 
 			break;
 
+		case 'u':
 		case 'w':
 			if (!isdigit_l((unsigned char)*buf, locale))
 				return (NULL);
 
-			i = *buf - '0';
-			if (i > 6)
+			i = *buf++ - '0';
+			if (i < 0 || i > 7 || (c == 'u' && i < 1) ||
+			    (c == 'w' && i > 6))
 				return (NULL);
 
-			tm->tm_wday = i;
+			tm->tm_wday = i % 7;
 			flags |= FLAG_WDAY;
 
 			break;
@@ -581,10 +582,16 @@ label:
 					i *= 10;
 					i += *buf - '0';
 					buf++;
+				} else if (len == 2) {
+					i *= 100;
+					break;
 				} else
 					return (NULL);
 			}
 
+			if (i > 1400 || (sign == -1 && i > 1200) ||
+			    (i % 100) >= 60)
+				return (NULL);
 			tm->tm_hour -= sign * (i / 100);
 			tm->tm_min  -= sign * (i % 100);
 			*GMTp = 1;
@@ -609,17 +616,28 @@ label:
 			    TM_YEAR_BASE)][tm->tm_mon] + (tm->tm_mday - 1);
 			flags |= FLAG_YDAY;
 		} else if (day_offset != -1) {
+			int tmpwday, tmpyday, fwo;
+
+			fwo = first_wday_of(tm->tm_year + TM_YEAR_BASE);
+			/* No incomplete week (week 0). */
+			if (week_offset == 0 && fwo == day_offset)
+				return (NULL);
+
 			/* Set the date to the first Sunday (or Monday)
 			 * of the specified week of the year.
 			 */
-			if (!(flags & FLAG_WDAY)) {
-				tm->tm_wday = day_offset;
-				flags |= FLAG_WDAY;
+			tmpwday = (flags & FLAG_WDAY) ? tm->tm_wday :
+			    day_offset;
+			tmpyday = (7 - fwo + day_offset) % 7 +
+			    (week_offset - 1) * 7 +
+			    (tmpwday - day_offset + 7) % 7;
+			/* Impossible yday for incomplete week (week 0). */
+			if (tmpyday < 0) {
+				if (flags & FLAG_WDAY)
+					return (NULL);
+				tmpyday = 0;
 			}
-			tm->tm_yday = (7 -
-			    first_wday_of(tm->tm_year + TM_YEAR_BASE) +
-			    day_offset) % 7 + (week_offset - 1) * 7 +
-			    tm->tm_wday - day_offset;
+			tm->tm_yday = tmpyday;
 			flags |= FLAG_YDAY;
 		}
 	}
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index 3b04acc..623216c 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -311,6 +311,8 @@ MAN+=	sctp_generic_recvmsg.2 \
 	thr_new.2 \
 	thr_self.2 \
 	thr_set_name.2 \
+	thr_suspend.2 \
+	thr_wake.2 \
 	timer_create.2 \
 	timer_delete.2 \
 	timer_settime.2 \
diff --git a/lib/libc/sys/cap_enter.2 b/lib/libc/sys/cap_enter.2
index 807d7ed..03be524 100644
--- a/lib/libc/sys/cap_enter.2
+++ b/lib/libc/sys/cap_enter.2
@@ -28,7 +28,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 27, 2014
+.Dd September 27, 2016
 .Dt CAP_ENTER 2
 .Os
 .Sh NAME
@@ -69,6 +69,34 @@ appropriately-crafted applications or application components may be run.
 .Fn cap_getmode
 returns a flag indicating whether or not the process is in a capability mode
 sandbox.
+.Sh RUN-TIME SETTINGS
+If the
+.Dv kern.trap_enocap
+sysctl MIB is set to a non-zero value, then for any process executing in a
+capability mode sandbox, any syscall which results in either an
+.Er ENOTCAPABLE
+or
+.Er ECAPMODE
+error also generates the synchronous
+.Dv SIGTRAP
+signal to the thread on the syscall return.
+On signal delivery, the
+.Va si_errno
+member of the
+.Fa siginfo
+signal handler parameter is set to the syscall error value,
+and the
+.Va si_code
+member is set to
+.Dv TRAP_CAP .
+.Pp
+See also the
+.Dv PROC_TRAPCAP_CTL
+and
+.Dv PROC_TRAPCAP_STATUS
+operations of the
+.Xr procctl 2
+function for similar per-process functionality.
 .Sh CAVEAT
 Creating effective process sandboxes is a tricky process that involves
 identifying the least possible rights required by the process and then
@@ -111,6 +139,8 @@ points outside the process's allocated address space.
 .Xr cap_fcntls_limit 2 ,
 .Xr cap_ioctls_limit 2 ,
 .Xr cap_rights_limit 2 ,
+.Xr procctl 2 ,
+.Xr sysctl 2 ,
 .Xr fexecve 2 ,
 .Xr cap_sandboxed 3 ,
 .Xr capsicum 4
diff --git a/lib/libc/sys/procctl.2 b/lib/libc/sys/procctl.2
index 88dcfd3..da73fb0 100644
--- a/lib/libc/sys/procctl.2
+++ b/lib/libc/sys/procctl.2
@@ -29,7 +29,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 21, 2015
+.Dd September 27, 2016
 .Dt PROCCTL 2
 .Os
 .Sh NAME
@@ -71,7 +71,7 @@ The control request to perform is specified by the
 .Fa cmd
 argument.
 The following commands are supported:
-.Bl -tag -width "PROC_REAP_GETPIDS"
+.Bl -tag -width "Dv PROC_TRAPCAP_STATUS"
 .It Dv PROC_SPROTECT
 Set process protection state.
 This is used to mark a process as protected from being killed if the system
@@ -327,6 +327,67 @@ is set to 0.
 If a debugger is attached,
 .Fa data
 is set to the pid of the debugger process.
+.It Dv PROC_TRAPCAP_CTL
+Controls the capability mode sandbox actions for the specified
+sandboxed processes,
+on a return from any syscall which gives either a
+.Er ENOTCAPABLE
+or
+.Er ECAPMODE
+error.
+If the control is enabled, such errors from the syscalls cause
+delivery of the synchronous
+.Dv SIGTRAP
+signal to the thread immediately before returning from the syscalls.
+.Pp
+Possible values for the
+.Fa data
+argument are:
+.Bl -tag -width "Dv PROC_TRAPCAP_CTL_DISABLE"
+.It Dv PROC_TRAPCAP_CTL_ENABLE
+Enable the
+.Dv SIGTRAP
+signal delivery on capability mode access violations.
+The enabled mode is inherited by the children of the process,
+and is kept after
+.Xr fexecve 2
+calls.
+.It Dv PROC_TRAPCAP_CTL_DISABLE
+Disable the signal delivery on capability mode access violations.
+Note that the global sysctl
+.Dv kern.trap_enocap
+might still cause the signal to be delivered.
+See
+.Xr capsicum 4 .
+.El
+.Pp
+On signal delivery, the
+.Va si_errno
+member of the
+.Fa siginfo
+signal handler parameter is set to the syscall error value,
+and the
+.Va si_code
+member is set to
+.Dv TRAP_CAP .
+.Pp
+See
+.Xr capsicum 4
+for more information about the capability mode.
+.It Dv PROC_TRAPCAP_STATUS
+Return the current status of signalling capability mode access
+violations for the specified process.
+The integer value pointed to by the
+.Fa data
+argument is set to the
+.Dv PROC_TRAPCAP_CTL_ENABLE
+value if the process control enables signal delivery, and to
+.Dv PROC_TRAPCAP_CTL_DISABLE
+otherwise.
+.Pp
+See the note about sysctl
+.Dv kern.trap_enocap
+above, which gives independent global control of signal delivery.
 .El
 .Sh NOTES
 Disabling tracing on a process should not be considered a security
@@ -420,14 +481,18 @@ The value of the integer
 .Fa data
 parameter for the
 .Dv PROC_TRACE_CTL
+or
+.Dv PROC_TRAPCAP_CTL
 request is invalid.
 .El
 .Sh SEE ALSO
 .Xr dtrace 1 ,
+.Xr cap_enter 2,
 .Xr kill 2 ,
 .Xr ktrace 2 ,
 .Xr ptrace 2 ,
 .Xr wait 2 ,
+.Xr capsicum 4 ,
 .Xr hwpmc 4 ,
 .Xr init 8
 .Sh HISTORY
diff --git a/lib/libc/sys/thr_suspend.2 b/lib/libc/sys/thr_suspend.2
new file mode 100644
index 0000000..b470d18
--- /dev/null
+++ b/lib/libc/sys/thr_suspend.2
@@ -0,0 +1,130 @@
+.\" Copyright (c) 2016 The FreeBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation was written by
+.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship
+.\" from the FreeBSD Foundation.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd September 23, 2016
+.Dt THR_SUSPEND 2
+.Os
+.Sh NAME
+.Nm thr_suspend
+.Nd suspend the calling thread
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/thr.h
+.Ft int
+.Fn thr_suspend "struct timespec *timeout"
+.Sh DESCRIPTION
+.Bf -symbolic
+This function is intended for implementing threading.
+Normal applications should use
+.Xr pthread_cond_timedwait 3
+together with
+.Xr pthread_cond_broadcast 3
+for typical safe suspension with cooperation of the thread
+being suspended, or
+.Xr pthread_suspend_np 3
+and
+.Xr pthread_resume_np 3
+in some specific situations, instead.
+.Ef
+.Pp
+The
+.Fn thr_suspend
+system call puts the calling thread in a suspended state, where it is
+not eligible for CPU time.
+This state is exited by another thread calling
+.Xr thr_wake 2 ,
+when the time interval specified by
+.Fa timeout
+has elapsed,
+or by the delivery of a signal to the suspended thread.
+.Pp
+If the
+.Fa timeout
+argument is
+.Dv NULL ,
+the suspended state can be only terminated by explicit
+.Fn thr_wake
+or signal.
+.Pp
+If a wake from
+.Xr thr_wake 2
+was delivered before the
+.Nm
+call, the thread is not put into a suspended state.
+Instead, the call
+returns immediately without an error.
+.Pp
+If a thread previously called
+.Xr thr_wake 2
+with its own thread identifier, which resulted in setting the internal kernel
+flag to immediately abort interruptible sleeps with an
+.Er EINTR
+error
+.Po
+see
+.Xr thr_wake 2
+.Pc ,
+the flag is cleared.
+As with
+.Xr thr_wake 2
+called from another thread, the next
+.Nm
+call does not result in suspension.
+.Pp
+.Sh RETURN VALUES
+.Rv -std thr_suspend
+.Sh ERRORS
+The
+.Fn thr_suspend
+operation returns the following errors:
+.Bl -tag -width Er
+.It Bq Er EFAULT
+The memory pointed to by the
+.Fa timeout
+argument is not valid.
+.It Bq Er ETIMEDOUT
+The specified timeout expired.
+.It Bq Er ETIMEDOUT
+The
+.Fa timeout
+argument specified a zero time interval.
+.It Bq Er EINTR
+The sleep was interrupted by a signal.
+.El
+.Sh SEE ALSO
+.Xr ps 1 ,
+.Xr thr_wake 2 ,
+.Xr pthread_resume_np 3 ,
+.Xr pthread_suspend_np 3
+.Sh STANDARDS
+The
+.Fn thr_suspend
+system call is non-standard.
diff --git a/lib/libc/sys/thr_wake.2 b/lib/libc/sys/thr_wake.2
new file mode 100644
index 0000000..59df7d2
--- /dev/null
+++ b/lib/libc/sys/thr_wake.2
@@ -0,0 +1,112 @@
+.\" Copyright (c) 2016 The FreeBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation was written by
+.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship
+.\" from the FreeBSD Foundation.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd September 23, 2016
+.Dt THR_WAKE 2
+.Os
+.Sh NAME
+.Nm thr_wake
+.Nd wake up the suspended thread
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/thr.h
+.Ft int
+.Fn thr_wake "long id"
+.Sh DESCRIPTION
+.Bf -symbolic
+This function is intended for implementing threading.
+Normal applications should use
+.Xr pthread_cond_timedwait 3
+together with
+.Xr pthread_cond_broadcast 3
+for typical safe suspension with cooperation of the thread
+being suspended, or
+.Xr pthread_suspend_np 3
+and
+.Xr pthread_resume_np 3
+in some specific situations, instead.
+.Ef
+.Pp
+Passing the thread identifier of the calling thread
+.Po
+see
+.Xr thr_self 2
+.Pc
+to
+.Fn thr_wake
+sets a thread's flag to cause the next signal-interruptible sleep
+of that thread in the kernel to fail immediately with the
+.Er EINTR
+error.
+The flag is cleared by an interruptible sleep attempt or by a call to
+.Xr thr_suspend 2.
+This is used by the system threading library to implement cancellation.
+.Pp
+If
+.Fa id
+is not equal to the current thread identifier, the specified thread is
+woken up if suspended by the
+.Xr thr_suspend
+system call.
+If the thread is not suspended at the time of the
+.Nm
+call, the wake is remembered and the next attempt of the thread to
+suspend itself with the
+.Xr thr_suspend 2
+results in immediate return with success.
+Only one wake is remembered.
+.Sh RETURN VALUES
+.Rv -std thr_wake
+.Sh ERRORS
+The
+.Fn thr_wake
+operation returns these errors:
+.Bl -tag -width Er
+.It Bq Er ESRCH
+The specified thread was not found or does not belong to the process
+of the calling thread.
+.El
+.Sh SEE ALSO
+.Xr ps 1 ,
+.Xr thr_self 2
+.Xr thr_suspend 2 ,
+.Xr pthread_cancel 3 ,
+.Xr pthread_resume_np 3 ,
+.Xr pthread_suspend_np 3
+.Sh STANDARDS
+The
+.Fn thr_suspend
+system call is non-standard and is used by
+.Lb libthr
+to implement
+.St -p1003.1-2001
+.Xr pthread 3
+functionality.