diff options
Diffstat (limited to 'lib/libc/sys')
68 files changed, 935 insertions, 266 deletions
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc index 1915c55..008180a 100644 --- a/lib/libc/sys/Makefile.inc +++ b/lib/libc/sys/Makefile.inc @@ -2,7 +2,7 @@ # $FreeBSD$ # sys sources -.PATH: ${.CURDIR}/${MACHINE_ARCH}/sys ${.CURDIR}/sys +.PATH: ${.CURDIR}/${LIBC_ARCH}/sys ${.CURDIR}/sys # Include the generated makefile containing the *complete* list # of syscall names in MIASM. @@ -13,16 +13,20 @@ # MDASM names override the default syscall names in MIASM. # NOASM will prevent the default syscall code from being generated. # -.if exists(${.CURDIR}/${MACHINE_ARCH}/sys/Makefile.inc) -.include "${.CURDIR}/${MACHINE_ARCH}/sys/Makefile.inc" -.endif +.sinclude "${.CURDIR}/${LIBC_ARCH}/sys/Makefile.inc" # Sources common to both syscall interfaces: -SRCS+= stack_protector.c __error.c +SRCS+= stack_protector.c stack_protector_compat.c __error.c .if !defined(WITHOUT_SYSCALL_COMPAT) -SRCS+= fcntl.c ftruncate.c lseek.c mmap.c pread.c pwrite.c truncate.c +SYSCALL_COMPAT_SRCS= fcntl.c ftruncate.c lseek.c mmap.c pread.c \ + pwrite.c truncate.c +SRCS+= ${SYSCALL_COMPAT_SRCS} +NOASM+= ${SYSCALL_COMPAT_SRCS:S/.c/.o/} PSEUDO+= _fcntl.o .endif +SRCS+= sigwait.c +NOASM+= sigwait.o +PSEUDO+= _sigwait.o # Add machine dependent asm sources: SRCS+=${MDASM} @@ -52,26 +56,35 @@ SYM_MAPS+= ${.CURDIR}/sys/Symbol.map # Generated files CLEANFILES+= ${SASM} ${SPSEUDO} +.if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" || \ + ${MACHINE_CPUARCH} == "powerpc" +NOTE_GNU_STACK='\t.section .note.GNU-stack,"",%%progbits\n' +.else +NOTE_GNU_STACK='' +.endif + ${SASM}: printf '#include "compat.h"\n' > ${.TARGET} printf '#include "SYS.h"\nRSYSCALL(${.PREFIX})\n' >> ${.TARGET} + printf ${NOTE_GNU_STACK} >>${.TARGET} ${SPSEUDO}: printf '#include "compat.h"\n' > ${.TARGET} printf '#include "SYS.h"\nPSEUDO(${.PREFIX:S/_//})\n' \ >> ${.TARGET} + printf ${NOTE_GNU_STACK} >>${.TARGET} MAN+= abort2.2 accept.2 access.2 acct.2 adjtime.2 \ aio_cancel.2 aio_error.2 aio_read.2 aio_return.2 \ aio_suspend.2 aio_waitcomplete.2 aio_write.2 \ - bind.2 brk.2 chdir.2 chflags.2 \ + bind.2 brk.2 cap_enter.2 chdir.2 chflags.2 \ chmod.2 chown.2 chroot.2 clock_gettime.2 close.2 closefrom.2 \ connect.2 cpuset.2 cpuset_getaffinity.2 dup.2 execve.2 _exit.2 \ extattr_get_file.2 fcntl.2 fhopen.2 flock.2 fork.2 fsync.2 \ getdirentries.2 getdtablesize.2 \ getfh.2 getfsstat.2 getgid.2 getgroups.2 getitimer.2 getlogin.2 \ - getpeername.2 getpgrp.2 getpid.2 getpriority.2 getrlimit.2 \ - getrusage.2 getsid.2 getsockname.2 \ + getloginclass.2 getpeername.2 getpgrp.2 getpid.2 getpriority.2 \ + getrlimit.2 getrusage.2 getsid.2 getsockname.2 \ getsockopt.2 gettimeofday.2 getuid.2 \ intro.2 ioctl.2 issetugid.2 jail.2 kenv.2 kill.2 \ kldfind.2 kldfirstmod.2 kldload.2 kldnext.2 kldstat.2 kldsym.2 \ @@ -83,7 +96,7 @@ MAN+= abort2.2 accept.2 access.2 acct.2 adjtime.2 \ mq_setattr.2 \ msgctl.2 msgget.2 msgrcv.2 msgsnd.2 \ msync.2 munmap.2 nanosleep.2 nfssvc.2 ntp_adjtime.2 open.2 \ - pathconf.2 pipe.2 poll.2 posix_openpt.2 profil.2 \ + pathconf.2 pipe.2 poll.2 posix_fallocate.2 posix_openpt.2 profil.2 \ pselect.2 ptrace.2 quotactl.2 \ read.2 readlink.2 reboot.2 recv.2 rename.2 revoke.2 rfork.2 rmdir.2 \ rtprio.2 @@ -105,6 +118,7 @@ MAN+= sctp_generic_recvmsg.2 sctp_generic_sendmsg.2 sctp_peeloff.2 \ MLINKS+=access.2 eaccess.2 access.2 faccessat.2 MLINKS+=brk.2 sbrk.2 +MLINKS+=cap_enter.2 cap_getmode.2 MLINKS+=chdir.2 fchdir.2 MLINKS+=chflags.2 fchflags.2 chflags.2 lchflags.2 MLINKS+=chmod.2 fchmod.2 chmod.2 fchmodat.2 chmod.2 lchmod.2 @@ -133,6 +147,7 @@ MLINKS+=getgid.2 getegid.2 MLINKS+=getitimer.2 setitimer.2 MLINKS+=getlogin.2 getlogin_r.3 MLINKS+=getlogin.2 setlogin.2 +MLINKS+=getloginclass.2 setloginclass.2 MLINKS+=getpgrp.2 getpgid.2 MLINKS+=getpid.2 getppid.2 MLINKS+=getpriority.2 setpriority.2 diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map index ce6f32a..cd31f24 100644 --- a/lib/libc/sys/Symbol.map +++ b/lib/libc/sys/Symbol.map @@ -360,6 +360,19 @@ FBSD_1.1 { unlinkat; }; +FBSD_1.2 { + cap_enter; + cap_getmode; + getloginclass; + posix_fallocate; + rctl_get_racct; + rctl_get_rules; + rctl_get_limits; + rctl_add_rule; + rctl_remove_rule; + setloginclass; +}; + FBSDprivate_1.0 { ___acl_aclcheck_fd; __sys___acl_aclcheck_fd; @@ -919,6 +932,7 @@ FBSDprivate_1.0 { _sigtimedwait; __sys_sigtimedwait; _sigwait; + __sigwait; __sys_sigwait; _sigwaitinfo; __sys_sigwaitinfo; diff --git a/lib/libc/sys/access.2 b/lib/libc/sys/access.2 index 0cd3c6f..65b8fb6 100644 --- a/lib/libc/sys/access.2 +++ b/lib/libc/sys/access.2 @@ -188,6 +188,27 @@ is neither .Dv AT_FDCWD nor a file descriptor associated with a directory. .El +.Sh SEE ALSO +.Xr chmod 2 , +.Xr intro 2 , +.Xr stat 2 +.Sh STANDARDS +The +.Fn access +system call is expected to conform to +.St -p1003.1-90 . +The +.Fn faccessat +system call follows The Open Group Extended API Set 2 specification. +.Sh HISTORY +The +.Fn access +function appeared in +.At v7 . +The +.Fn faccessat +system call appeared in +.Fx 8.0 . .Sh SECURITY CONSIDERATIONS The .Fn access @@ -212,24 +233,3 @@ of the st_mode bits that the application might not understand -- e.g. in the case of AFS). It also allows a cheaper file existence test than .Xr stat 2 . -.Sh SEE ALSO -.Xr chmod 2 , -.Xr intro 2 , -.Xr stat 2 -.Sh STANDARDS -The -.Fn access -system call is expected to conform to -.St -p1003.1-90 . -The -.Fn faccessat -system call follows The Open Group Extended API Set 2 specification. -.Sh HISTORY -The -.Fn access -function appeared in -.At v7 . -The -.Fn faccessat -system call appeared in -.Fx 8.0 . diff --git a/lib/libc/sys/aio_read.2 b/lib/libc/sys/aio_read.2 index 2c78040..ddf4f76 100644 --- a/lib/libc/sys/aio_read.2 +++ b/lib/libc/sys/aio_read.2 @@ -136,7 +136,6 @@ system call must be called, and will return -1, and must be called to determine the actual value that would have been returned in .Va errno . -.Pp .Bl -tag -width Er .It Bq Er EBADF The diff --git a/lib/libc/sys/aio_write.2 b/lib/libc/sys/aio_write.2 index dd1e0f5..291fd71 100644 --- a/lib/libc/sys/aio_write.2 +++ b/lib/libc/sys/aio_write.2 @@ -140,7 +140,6 @@ system call must be called, and will return -1, and must be called to determine the actual value that would have been returned in .Va errno . -.Pp .Bl -tag -width Er .It Bq Er EBADF The diff --git a/lib/libc/sys/cap_enter.2 b/lib/libc/sys/cap_enter.2 new file mode 100644 index 0000000..83b4739 --- /dev/null +++ b/lib/libc/sys/cap_enter.2 @@ -0,0 +1,101 @@ +.\" +.\" Copyright (c) 2008-2009 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd June 11, 2009 +.Dt CAP_ENTER 2 +.Os +.Sh NAME +.Nm cap_enter , +.Nm cap_getmode +.Nd Capability mode system calls +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/capability.h +.Ft int +.Fn cap_enter "void" +.Ft int +.Fn cap_getmode "u_int *modep" +.Sh DESCRIPTION +.Fn cap_enter +places the current process into capability mode, a mode of execution in which +processes may only issue system calls operating on file descriptors or +reading limited global system state. +Access to global name spaces, such as file system or IPC name spaces, is +prevented. +If the process is already in a capability mode sandbox, the system call is a +no-op. +Future process descendants create with +.Xr fork 2 +or +.Xr pdfork 2 +will be placed in capability mode from inception. +.Pp +When combined with capabilities created with +.Xr cap_new 2 , +.Fn cap_enter +may be used to create kernel-enforced sandboxes in which +appropriately-crafted applications or application components may be run. +.Pp +.Fn cap_getmode +returns a flag indicating whether or not the process is in a capability mode +sandbox. +.Sh CAVEAT +Creating effecive process sandboxes is a tricky process that involves +identifying the least possible rights required by the process and then +passing those rights into the process in a safe manner. +See the CAVEAT +section of +.Xr cap_new 2 +for why this is particularly tricky with UNIX file descriptors as the +canonical representation of a right. +Consumers of +.Fn cap_enter +should also be aware of other inherited rights, such as access to VM +resources, memory contents, and other process properties that should be +considered. +It is advisable to use +.Xr fexecve 2 +to create a runtime environment inside the sandbox that has as few implicitly +acquired rights as possible. +.Sh RETURN VALUES +.Rv -std cap_enter cap_getmode +.Sh SEE ALSO +.Xr cap_new 2 , +.Xr fexecve 2 +.Sh HISTORY +Support for capabilities and capabilities mode was developed as part of the +.Tn TrustedBSD +Project. +.Sh AUTHORS +These functions and the capability facility were created by +.An "Robert N. M. Watson" +at the University of Cambridge Computer Laboratory with support from a grant +from Google, Inc. diff --git a/lib/libc/sys/chflags.2 b/lib/libc/sys/chflags.2 index 7780427..79f2fe0 100644 --- a/lib/libc/sys/chflags.2 +++ b/lib/libc/sys/chflags.2 @@ -28,7 +28,7 @@ .\" @(#)chflags.2 8.3 (Berkeley) 5/2/95 .\" $FreeBSD$ .\" -.Dd May 16, 2006 +.Dd Oct 29, 2010 .Dt CHFLAGS 2 .Os .Sh NAME @@ -155,7 +155,7 @@ is set and the user is either not the super-user or securelevel is greater than 0. .It Bq Er EPERM A non-super-user tries to set one of -.Dv SF_IMMUTABLE , SF_APPEND , +.Dv SF_ARCHIVED , SF_IMMUTABLE , SF_APPEND , or .Dv SF_NOUNLINK . .It Bq Er EPERM @@ -200,9 +200,13 @@ is set and the user is either not the super-user or securelevel is greater than 0. .It Bq Er EPERM A non-super-user tries to set one of -.Dv SF_IMMUTABLE , SF_APPEND , +.Dv SF_ARCHIVED , SF_IMMUTABLE , SF_APPEND , or .Dv SF_NOUNLINK . +.It Bq Er EPERM +User tries to set or remove the +.Dv SF_SNAPSHOT +flag. .It Bq Er EROFS The file resides on a read-only file system. .It Bq Er EIO diff --git a/lib/libc/sys/chmod.2 b/lib/libc/sys/chmod.2 index 3547aec..997df88e 100644 --- a/lib/libc/sys/chmod.2 +++ b/lib/libc/sys/chmod.2 @@ -161,7 +161,7 @@ The sticky bit may be set by any user on a directory which the user owns or has appropriate permissions. For more details of the properties of the sticky bit, see -.Xr sticky 8 . +.Xr sticky 7 . .Pp If mode ISUID (set UID) is set on a directory, and the MNT_SUIDDIR option was used in the mount of the file system, @@ -289,7 +289,7 @@ nor a file descriptor associated with a directory. .Xr chown 2 , .Xr open 2 , .Xr stat 2 , -.Xr sticky 8 +.Xr sticky 7 .Sh STANDARDS The .Fn chmod diff --git a/lib/libc/sys/clock_gettime.2 b/lib/libc/sys/clock_gettime.2 index a2fa624..583cc8f 100644 --- a/lib/libc/sys/clock_gettime.2 +++ b/lib/libc/sys/clock_gettime.2 @@ -102,7 +102,6 @@ The structure pointed to by is defined in .In sys/timespec.h as: -.Pp .Bd -literal struct timespec { time_t tv_sec; /* seconds */ diff --git a/lib/libc/sys/connect.2 b/lib/libc/sys/connect.2 index c673a83..ac019e8 100644 --- a/lib/libc/sys/connect.2 +++ b/lib/libc/sys/connect.2 @@ -28,7 +28,7 @@ .\" @(#)connect.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd August 16, 2006 +.Dd September 5, 2010 .Dt CONNECT 2 .Os .Sh NAME @@ -95,6 +95,8 @@ The socket is already connected. Connection establishment timed out without establishing a connection. .It Bq Er ECONNREFUSED The attempt to connect was forcefully rejected. +.It Bq Er ECONNRESET +The connection was reset by the remote host. .It Bq Er ENETUNREACH The network is not reachable from this host. .It Bq Er EHOSTUNREACH diff --git a/lib/libc/sys/cpuset_getaffinity.2 b/lib/libc/sys/cpuset_getaffinity.2 index c8b272f..5c75b92 100644 --- a/lib/libc/sys/cpuset_getaffinity.2 +++ b/lib/libc/sys/cpuset_getaffinity.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 8, 2010 +.Dd September 10, 2010 .Dt CPUSET 2 .Os .Sh NAME @@ -121,6 +121,12 @@ The or .Fa which argument was not a valid value. +.It Bq Er EINVAL +The +.Fa mask +argument specified when calling +.Fn cpuset_setaffinity +was not a valid value. .It Bq Er EDEADLK The .Fn cpuset_setaffinity diff --git a/lib/libc/sys/execve.2 b/lib/libc/sys/execve.2 index cdd4197..991495c 100644 --- a/lib/libc/sys/execve.2 +++ b/lib/libc/sys/execve.2 @@ -28,7 +28,7 @@ .\" @(#)execve.2 8.5 (Berkeley) 6/1/94 .\" $FreeBSD$ .\" -.Dd April 10, 2008 +.Dd September 21, 2010 .Dt EXECVE 2 .Os .Sh NAME @@ -189,8 +189,8 @@ the calling process: .It interval timers Ta see Xr getitimer 2 .It resource limits Ta see Xr getrlimit 2 .It file mode mask Ta see Xr umask 2 -.It signal mask Ta see Xr sigvec 2 , -.Xr sigsetmask 2 +.It signal mask Ta see Xr sigaction 2 , +.Xr sigprocmask 2 .El .Pp When a program is executed as a result of an @@ -256,9 +256,11 @@ A component of the path prefix is not a directory. .It Bq Er ENAMETOOLONG A component of a pathname exceeded 255 characters, or an entire path name exceeded 1023 characters. -.It Bq Er ENAMETOOLONG -When invoking an interpreted script, the interpreter name -exceeds +.It Bq Er ENOEXEC +When invoking an interpreted script, the length of the first line, +inclusive of the +.Sy \&#! +prefix and terminating newline, exceeds .Dv MAXSHELLCMDLEN characters. .It Bq Er ENOENT @@ -313,30 +315,6 @@ The .Fa fd argument is not a valid file descriptor open for executing. .El -.Sh CAVEATS -If a program is -.Em setuid -to a non-super-user, but is executed when -the real -.Em uid -is ``root'', then the program has some of the powers -of a super-user as well. -.Pp -When executing an interpreted program through -.Fn fexecve , -kernel supplies -.Pa /dev/fd/n -as a second argument to the interpreter, -where -.Ar n -is the file descriptor passed in the -.Fa fd -argument to -.Fn fexecve . -For this construction to work correctly, the -.Xr fdescfs 5 -filesystem shall be mounted on -.Pa /dev/fd . .Sh SEE ALSO .Xr ktrace 1 , .Xr _exit 2 , @@ -373,3 +351,27 @@ The .Fn fexecve system call appeared in .Fx 8.0 . +.Sh CAVEATS +If a program is +.Em setuid +to a non-super-user, but is executed when +the real +.Em uid +is ``root'', then the program has some of the powers +of a super-user as well. +.Pp +When executing an interpreted program through +.Fn fexecve , +kernel supplies +.Pa /dev/fd/n +as a second argument to the interpreter, +where +.Ar n +is the file descriptor passed in the +.Fa fd +argument to +.Fn fexecve . +For this construction to work correctly, the +.Xr fdescfs 5 +filesystem shall be mounted on +.Pa /dev/fd . diff --git a/lib/libc/sys/fcntl.2 b/lib/libc/sys/fcntl.2 index 250cef4..a801b60 100644 --- a/lib/libc/sys/fcntl.2 +++ b/lib/libc/sys/fcntl.2 @@ -618,7 +618,7 @@ for the reasons as stated in .Xr flock 2 , .Xr getdtablesize 2 , .Xr open 2 , -.Xr sigvec 2 , +.Xr sigaction 2 , .Xr lockf 3 , .Xr tcgetpgrp 3 , .Xr tcsetpgrp 3 diff --git a/lib/libc/sys/flock.2 b/lib/libc/sys/flock.2 index 4ad8525..93f1f66 100644 --- a/lib/libc/sys/flock.2 +++ b/lib/libc/sys/flock.2 @@ -38,10 +38,10 @@ .Lb libc .Sh SYNOPSIS .In sys/file.h -.Fd "#define LOCK_SH 0x01 /* shared file lock */" -.Fd "#define LOCK_EX 0x02 /* exclusive file lock */" -.Fd "#define LOCK_NB 0x04 /* do not block when locking */" -.Fd "#define LOCK_UN 0x08 /* unlock file */" +.Fd "#define LOCK_SH 0x01 /* shared file lock */" +.Fd "#define LOCK_EX 0x02 /* exclusive file lock */" +.Fd "#define LOCK_NB 0x04 /* do not block when locking */" +.Fd "#define LOCK_UN 0x08 /* unlock file */" .Ft int .Fn flock "int fd" "int operation" .Sh DESCRIPTION diff --git a/lib/libc/sys/getfh.2 b/lib/libc/sys/getfh.2 index 1488196..b44d4af 100644 --- a/lib/libc/sys/getfh.2 +++ b/lib/libc/sys/getfh.2 @@ -28,7 +28,7 @@ .\" @(#)getfh.2 8.1 (Berkeley) 6/9/93 .\" $FreeBSD$ .\" -.Dd April 6, 2004 +.Dd April 14, 2011 .Dt GETFH 2 .Os .Sh NAME @@ -69,7 +69,7 @@ These system calls are restricted to the superuser. The .Fn getfh and -.Fn lgetfgh +.Fn lgetfh system calls fail if one or more of the following are true: .Bl -tag -width Er @@ -104,6 +104,10 @@ An .Tn I/O error occurred while reading from or writing to the file system. .El +.Sh SEE ALSO +.Xr fhopen 2 , +.Xr open 2 , +.Xr stat 2 .Sh HISTORY The .Fn getfh diff --git a/lib/libc/sys/getgroups.2 b/lib/libc/sys/getgroups.2 index 4fd8fee..66238a1 100644 --- a/lib/libc/sys/getgroups.2 +++ b/lib/libc/sys/getgroups.2 @@ -28,7 +28,7 @@ .\" @(#)getgroups.2 8.2 (Berkeley) 4/16/94 .\" $FreeBSD$ .\" -.Dd March 5, 1999 +.Dd January 21, 2011 .Dt GETGROUPS 2 .Os .Sh NAME @@ -37,7 +37,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/types.h .In unistd.h .Ft int .Fn getgroups "int gidsetlen" "gid_t *gidset" @@ -66,6 +65,12 @@ is zero, returns the number of supplementary group IDs associated with the calling process without modifying the array pointed to by .Fa gidset . +.Pp +The value of +.Dv {NGROUPS_MAX} +should be obtained using +.Xr sysconf 3 +to avoid hard-coding it into the executable. .Sh RETURN VALUES A successful call returns the number of groups in the group set. A value of -1 indicates that an error occurred, and the error @@ -88,7 +93,8 @@ an invalid address. .El .Sh SEE ALSO .Xr setgroups 2 , -.Xr initgroups 3 +.Xr initgroups 3 , +.Xr sysconf 3 .Sh STANDARDS The .Fn getgroups diff --git a/lib/libc/sys/getitimer.2 b/lib/libc/sys/getitimer.2 index 260f8f0..539dea6 100644 --- a/lib/libc/sys/getitimer.2 +++ b/lib/libc/sys/getitimer.2 @@ -39,9 +39,9 @@ .Lb libc .Sh SYNOPSIS .In sys/time.h -.Fd "#define ITIMER_REAL 0" -.Fd "#define ITIMER_VIRTUAL 1" -.Fd "#define ITIMER_PROF 2" +.Fd "#define ITIMER_REAL 0" +.Fd "#define ITIMER_VIRTUAL 1" +.Fd "#define ITIMER_PROF 2" .Ft int .Fn getitimer "int which" "struct itimerval *value" .Ft int @@ -171,7 +171,7 @@ to be handled. .Sh SEE ALSO .Xr gettimeofday 2 , .Xr select 2 , -.Xr sigvec 2 , +.Xr sigaction 2 , .Xr clocks 7 .Sh HISTORY The diff --git a/lib/libc/sys/getloginclass.2 b/lib/libc/sys/getloginclass.2 new file mode 100644 index 0000000..6817330 --- /dev/null +++ b/lib/libc/sys/getloginclass.2 @@ -0,0 +1,97 @@ +.\"- +.\" Copyright (c) 2011 Edward Tomasz Napierala +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 6, 2011 +.Dt GETLOGINCLASS 2 +.Os +.Sh NAME +.Nm getloginclass , +.Nm setloginclass +.Nd get/set login class +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In unistd.h +.Ft int +.Fn getloginclass "char *name" "size_t len" +.Ft int +.Fn setloginclass "const char *name" +.Sh DESCRIPTION +The +.Fn getloginclass +routine returns the login class name associated with the calling process, +as previously set by +.Fn setloginclass . +The caller must provide the buffer +.Fa name +with length +.Fa len +bytes to hold the result. +The buffer should be at least +.Dv MAXLOGNAME +bytes in length. +.Pp +The +.Fn setloginclass +system call sets the login class of the calling process to +.Fa name . +This system call is restricted to the super-user, and is normally used +only when a new session is being created on behalf of the named user +(for example, at login time, or when a remote shell is invoked). +Processes inherit login class from their parents. +.Sh RETURN VALUES +.Rv -std +.Sh ERRORS +The following errors may be returned by these calls: +.Bl -tag -width Er +.It Bq Er EFAULT +The +.Fa name +argument gave an invalid address. +.It Bq Er EINVAL +The +.Fa name +argument pointed to a string that was too long. +Login class names are limited to +.Dv MAXLOGNAME +(from +.In sys/param.h ) +characters, currently 17 including null. +.It Bq Er EPERM +The caller tried to set the login class and was not the super-user. +.It Bq Er ENAMETOOLONG +The size of the buffer is smaller than the result to be returned. +.El +.Sh SEE ALSO +.Xr setusercontext 3 +.Sh HISTORY +The +.Fn getloginclass +and +.Fn setloginclass +system calls first appeared in +.Fx 9.0 . diff --git a/lib/libc/sys/getpriority.2 b/lib/libc/sys/getpriority.2 index 28d1f14..ae70f5f 100644 --- a/lib/libc/sys/getpriority.2 +++ b/lib/libc/sys/getpriority.2 @@ -129,10 +129,10 @@ or .Dv PRIO_USER . .El .Pp -.Bl -tag -width Er In addition to the errors indicated above, .Fn setpriority will fail if: +.Bl -tag -width Er .It Bq Er EPERM A process was located, but neither its effective nor real user ID matched the effective user ID of the caller. diff --git a/lib/libc/sys/getrlimit.2 b/lib/libc/sys/getrlimit.2 index 48feea0..35198bc 100644 --- a/lib/libc/sys/getrlimit.2 +++ b/lib/libc/sys/getrlimit.2 @@ -193,7 +193,7 @@ raised the maximum limit value, and the caller is not the super-user. .Xr quota 1 , .Xr quotactl 2 , .Xr sigaltstack 2 , -.Xr sigvec 2 , +.Xr sigaction 2 , .Xr sysctl 3 , .Xr ulimit 3 .Sh HISTORY diff --git a/lib/libc/sys/getrusage.2 b/lib/libc/sys/getrusage.2 index bdf5d45..45ded18 100644 --- a/lib/libc/sys/getrusage.2 +++ b/lib/libc/sys/getrusage.2 @@ -28,7 +28,7 @@ .\" @(#)getrusage.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd May 1, 2010 .Dt GETRUSAGE 2 .Os .Sh NAME @@ -40,8 +40,9 @@ .In sys/types.h .In sys/time.h .In sys/resource.h -.Fd "#define RUSAGE_SELF 0" -.Fd "#define RUSAGE_CHILDREN -1" +.Fd "#define RUSAGE_SELF 0" +.Fd "#define RUSAGE_CHILDREN -1" +.Fd "#define RUSAGE_THREAD 1" .Ft int .Fn getrusage "int who" "struct rusage *rusage" .Sh DESCRIPTION @@ -49,11 +50,12 @@ The .Fn getrusage system call returns information describing the resources utilized by the current -process, or all its terminated child processes. +thread, the current process, or all its terminated child processes. The .Fa who argument is either -.Dv RUSAGE_SELF +.Dv RUSAGE_THREAD , +.Dv RUSAGE_SELF , or .Dv RUSAGE_CHILDREN . The buffer to which @@ -175,6 +177,10 @@ The .Fn getrusage system call appeared in .Bx 4.2 . +The +.Dv RUSAGE_THREAD +facility first appeared in +.Fx 8.1 . .Sh BUGS There is no way to obtain information about a child process that has not yet terminated. diff --git a/lib/libc/sys/getsockopt.2 b/lib/libc/sys/getsockopt.2 index d3472d0..7370b6b 100644 --- a/lib/libc/sys/getsockopt.2 +++ b/lib/libc/sys/getsockopt.2 @@ -184,15 +184,18 @@ The following options are recognized in .It Dv SO_LISTENQLIMIT Ta "get backlog limit of the socket (get only)" .It Dv SO_LISTENQLEN Ta "get complete queue length of the socket (get only)" .It Dv SO_LISTENINCQLEN Ta "get incomplete queue length of the socket (get only)" +.It Dv SO_USER_COOKIE Ta "set the 'so_user_cookie' value for the socket (uint32_t, set only)" .El .Pp .Dv SO_DEBUG enables debugging in the underlying protocol modules. +.Pp .Dv SO_REUSEADDR indicates that the rules used in validating addresses supplied in a .Xr bind 2 system call should allow reuse of local addresses. +.Pp .Dv SO_REUSEPORT allows completely duplicate bindings by multiple processes if they all set @@ -200,6 +203,7 @@ if they all set before binding the port. This option permits multiple instances of a program to each receive UDP/IP multicast or broadcast datagrams destined for the bound port. +.Pp .Dv SO_KEEPALIVE enables the periodic transmission of messages on a connected socket. @@ -208,6 +212,7 @@ connected party fail to respond to these messages, the connection is considered broken and processes using the socket are notified via a .Dv SIGPIPE signal when attempting to send data. +.Pp .Dv SO_DONTROUTE indicates that outgoing messages should bypass the standard routing facilities. @@ -244,6 +249,7 @@ The option requests permission to send broadcast datagrams on the socket. Broadcast was a privileged operation in earlier versions of the system. +.Pp With protocols that support out-of-band data, the .Dv SO_OOBINLINE option @@ -256,6 +262,7 @@ calls without the .Dv MSG_OOB flag. Some protocols always behave as if this option is set. +.Pp .Dv SO_SNDBUF and .Dv SO_RCVBUF @@ -285,6 +292,7 @@ only if the low water mark amount could be processed. The default value for .Dv SO_SNDLOWAT is set to a convenient size for network efficiency, often 1024. +.Pp .Dv SO_RCVLOWAT is an option to set the minimum count for input operations. In general, receive calls will block until any (non-zero) amount of data @@ -317,6 +325,7 @@ In the current implementation, this timer is restarted each time additional data are delivered to the protocol, implying that the limit applies to output portions ranging in size from the low water mark to the high water mark for output. +.Pp .Dv SO_RCVTIMEO is an option to set a timeout value for input operations. It accepts a @@ -338,6 +347,15 @@ The value must be from 0 to one less than the number returned from the sysctl .Em net.fibs . .Pp +.Dv SO_USER_COOKIE +can be used to set the uint32_t so_user_cookie field in the socket. +The value is an uint32_t, and can be used in the kernel code that +manipulates traffic related to the socket. +The default value for the field is 0. +As an example, the value can be used as the skipto target or +pipe number in +.Nm ipfw/dummynet . +.Pp .Dv SO_ACCEPTFILTER places an .Xr accept_filter 9 diff --git a/lib/libc/sys/gettimeofday.2 b/lib/libc/sys/gettimeofday.2 index 9ffd0b3..23cc059 100644 --- a/lib/libc/sys/gettimeofday.2 +++ b/lib/libc/sys/gettimeofday.2 @@ -75,7 +75,6 @@ and are defined in .In sys/time.h as: -.Pp .Bd -literal struct timeval { time_t tv_sec; /* seconds */ diff --git a/lib/libc/sys/intro.2 b/lib/libc/sys/intro.2 index e5ff9df..1a22ea2 100644 --- a/lib/libc/sys/intro.2 +++ b/lib/libc/sys/intro.2 @@ -467,6 +467,8 @@ A device or socket encountered an unrecoverable protocol error. .It Er 93 ENOTCAPABLE Em "Capabilities insufficient" . An operation on a capability file descriptor requires greater privilege than the capability allows. +.It Er 94 ECAPMODE Em "Not permitted in capability mode" . +The system call or operation is not permitted for capability mode processes. .El .Sh DEFINITIONS .Bl -tag -width Ds diff --git a/lib/libc/sys/ioctl.2 b/lib/libc/sys/ioctl.2 index 57d50c2..bab7b47 100644 --- a/lib/libc/sys/ioctl.2 +++ b/lib/libc/sys/ioctl.2 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 14, 2007 +.Dd May 11, 2010 .Dt IOCTL 2 .Os .Sh NAME @@ -80,6 +80,30 @@ Macros and defines used in specifying an ioctl .Fa request are located in the file .In sys/ioctl.h . +.Sh GENERIC IOCTLS +Some generic ioctls are not implemented for all types of file +descriptors. +These include: +.Bl -tag -width "xxxxxx" +.It Dv FIONREAD int +Get the number of bytes that are immediately available for reading. +.It Dv FIONWRITE int +Get the number of bytes in the descriptor's send queue. +These bytes are data which has been written to the descriptor but +which are being held by the kernel for further processing. +The nature of the required processing depends on the underlying device. +For TCP sockets, these bytes have not yet been acknowledged by the +other side of the connection. +.It Dv FIONSPACE int +Get the free space in the descriptor's send queue. +This value is the size of the send queue minus the number of bytes +being held in the queue. +Note: while this value represents the number of bytes that may be +added to the queue, other resource limitations may cause a write +not larger than the send queue's space to be blocked. +One such limitation would be a lack of network buffers for a write +to a network connection. +.El .Sh RETURN VALUES If an error has occurred, a value of -1 is returned and .Va errno diff --git a/lib/libc/sys/jail.2 b/lib/libc/sys/jail.2 index 2e14f0d..bf6218c 100644 --- a/lib/libc/sys/jail.2 +++ b/lib/libc/sys/jail.2 @@ -89,7 +89,7 @@ from the inside of the prison. The .Dq Li jailname pointer is an optional name that can be assigned to the jail -for example for managment purposes. +for example for management purposes. .Pp The .Dq Li ip4s diff --git a/lib/libc/sys/kldstat.2 b/lib/libc/sys/kldstat.2 index eb09a23..7a48296 100644 --- a/lib/libc/sys/kldstat.2 +++ b/lib/libc/sys/kldstat.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 3, 1999 +.Dd April 23, 2011 .Dt KLDSTAT 2 .Os .Sh NAME @@ -51,12 +51,11 @@ struct kld_file_stat { char name[MAXPATHLEN]; int refs; int id; - caddr_t address; /* load address */ - size_t size; /* size in bytes */ + caddr_t address; + size_t size; char pathname[MAXPATHLEN]; }; .Ed -.Pp .Bl -tag -width XXXaddress .It version This field is set to the size of the structure mentioned above by the code @@ -77,7 +76,7 @@ The id of the file specified in .It address The load address of the kld file. .It size -The size of the file. +The amount of memory in bytes allocated by the file. .It pathname The full name of the file referred to by .Fa fileid , @@ -129,6 +128,6 @@ The interface first appeared in .Fx 3.0 . .Sh BUGS -The pathname many not be accurate if the file system mounts have +The pathname may not be accurate if the file system mounts have changed since the module was loaded, or if this function is called within a chrooted environment. diff --git a/lib/libc/sys/kldsym.2 b/lib/libc/sys/kldsym.2 index acd6fcd..917a92a 100644 --- a/lib/libc/sys/kldsym.2 +++ b/lib/libc/sys/kldsym.2 @@ -55,7 +55,6 @@ implemented is The .Fa data argument is of the following structure: -.Pp .Bd -literal -offset indent struct kld_sym_lookup { int version; /* sizeof(struct kld_sym_lookup) */ diff --git a/lib/libc/sys/kqueue.2 b/lib/libc/sys/kqueue.2 index 326632d..a1b6177 100644 --- a/lib/libc/sys/kqueue.2 +++ b/lib/libc/sys/kqueue.2 @@ -251,7 +251,6 @@ Takes a descriptor as the identifier, and returns whenever there is data available to read. The behavior of the filter is slightly different depending on the descriptor type. -.Pp .Bl -tag -width 2n .It Sockets Sockets which have previously been passed to @@ -445,7 +444,7 @@ contains the events which triggered the filter. .It Dv EVFILT_USER Establishes a user event identified by .Va ident -which is not assosicated with any kernel mechanism but is triggered by +which is not associated with any kernel mechanism but is triggered by user level code. The lower 24 bits of the .Va fflags diff --git a/lib/libc/sys/mknod.2 b/lib/libc/sys/mknod.2 index 0fc8771..a406068 100644 --- a/lib/libc/sys/mknod.2 +++ b/lib/libc/sys/mknod.2 @@ -28,7 +28,7 @@ .\" @(#)mknod.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd April 10, 2008 +.Dd January 16, 2011 .Dt MKNOD 2 .Os .Sh NAME @@ -38,7 +38,7 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In unistd.h +.In sys/stat.h .Ft int .Fn mknod "const char *path" "mode_t mode" "dev_t dev" .Ft int diff --git a/lib/libc/sys/mlock.2 b/lib/libc/sys/mlock.2 index 0c05b7b..ed9c15a 100644 --- a/lib/libc/sys/mlock.2 +++ b/lib/libc/sys/mlock.2 @@ -28,7 +28,7 @@ .\" @(#)mlock.2 8.2 (Berkeley) 12/11/93 .\" $FreeBSD$ .\" -.Dd August 10, 2004 +.Dd July 27, 2010 .Dt MLOCK 2 .Os .Sh NAME @@ -116,11 +116,12 @@ The caller is not the super-user. .It Bq Er EINVAL The address given is not page aligned or the length is negative. .It Bq Er EAGAIN -Locking the indicated range would exceed either the system or per-process -limit for locked memory. +Locking the indicated range would exceed the system limit for locked memory. .It Bq Er ENOMEM Some portion of the indicated address range is not allocated. There was an error faulting/mapping a page. +Locking the indicated range would exceed the per-process limit for locked +memory. .El The .Fn munlock diff --git a/lib/libc/sys/mlockall.2 b/lib/libc/sys/mlockall.2 index d09ce27..54ae23e 100644 --- a/lib/libc/sys/mlockall.2 +++ b/lib/libc/sys/mlockall.2 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 12, 1999 +.Dd July 27, 2010 .Dt MLOCKALL 2 .Os .Sh NAME @@ -72,6 +72,8 @@ limit and the per-process .Dv RLIMIT_MEMLOCK resource limit. .Pp +These calls are only available to the super-user. +.Pp The .Fn munlockall call unlocks any locked memory regions in the process address space. diff --git a/lib/libc/sys/mmap.2 b/lib/libc/sys/mmap.2 index 4849973..5e0c226 100644 --- a/lib/libc/sys/mmap.2 +++ b/lib/libc/sys/mmap.2 @@ -28,7 +28,7 @@ .\" @(#)mmap.2 8.4 (Berkeley) 5/11/95 .\" $FreeBSD$ .\" -.Dd November 6, 2009 +.Dd August 28, 2010 .Dt MMAP 2 .Os .Sh NAME @@ -105,7 +105,7 @@ The file descriptor used for creating must be \-1. The .Fa offset -argument is ignored. +argument must be 0. .\".It Dv MAP_FILE .\"Mapped from a regular file or character-special device memory. .It Dv MAP_ANONYMOUS @@ -211,6 +211,19 @@ implements a coherent file system buffer cache. However, it may be used to associate dirty VM pages with file system buffers and thus cause them to be flushed to physical media sooner rather than later. +.It Dv MAP_PREFAULT_READ +Immediately update the calling process's lowest-level virtual address +translation structures, such as its page table, so that every memory +resident page within the region is mapped for read access. +Ordinarily these structures are updated lazily. +The effect of this option is to eliminate any soft faults that would +otherwise occur on the initial read accesses to the region. +Although this option does not preclude +.Fa prot +from including +.Dv PROT_WRITE , +it does not eliminate soft faults on the initial write accesses to the +region. .It Dv MAP_PRIVATE Modifications are private. .It Dv MAP_SHARED @@ -316,6 +329,11 @@ was equal to zero. was specified and the .Fa fd argument was not -1. +.It Bq Er EINVAL +.Dv MAP_ANON +was specified and the +.Fa offset +argument was not 0. .It Bq Er ENODEV .Dv MAP_ANON has not been specified and @@ -328,9 +346,6 @@ was specified and the argument was not available. .Dv MAP_ANON was specified and insufficient memory was available. -The system has reached the per-process mmap limit specified in the -.Va vm.max_proc_mmap -sysctl. .El .Sh SEE ALSO .Xr madvise 2 , diff --git a/lib/libc/sys/modstat.2 b/lib/libc/sys/modstat.2 index 439cce7..5f106b4 100644 --- a/lib/libc/sys/modstat.2 +++ b/lib/libc/sys/modstat.2 @@ -60,7 +60,6 @@ typedef union modspecific { u_long ulongval; } modspecific_t; .Ed -.Pp .Bl -tag -width XXXaddress .It version This field is set to the size of the structure mentioned above by the code diff --git a/lib/libc/sys/mount.2 b/lib/libc/sys/mount.2 index b65c1b6..57ad428 100644 --- a/lib/libc/sys/mount.2 +++ b/lib/libc/sys/mount.2 @@ -107,7 +107,7 @@ This restriction can be removed by setting the .Va vfs.usermount .Xr sysctl 8 variable -to a non-zero value. +to a non-zero value; see the BUGS section for more information. .Pp The following .Fa flags @@ -374,3 +374,10 @@ system call first appeared in .Fx 5.0 . .Sh BUGS Some of the error codes need translation to more obvious messages. +.Pp +Allowing untrusted users to mount arbitrary media, e.g. by enabling +.Va vfs.usermount , +should not be considered safe. +Most file systems in +.Fx +were not built to safeguard against malicious devices. diff --git a/lib/libc/sys/mq_close.2 b/lib/libc/sys/mq_close.2 index de45edd..f9ec062 100644 --- a/lib/libc/sys/mq_close.2 +++ b/lib/libc/sys/mq_close.2 @@ -102,4 +102,4 @@ Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at - http://www.opengroup.org/unix/online.html. +http://www.opengroup.org/unix/online.html. diff --git a/lib/libc/sys/mq_getattr.2 b/lib/libc/sys/mq_getattr.2 index 1403418..77253fc 100644 --- a/lib/libc/sys/mq_getattr.2 +++ b/lib/libc/sys/mq_getattr.2 @@ -124,4 +124,4 @@ Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at - http://www.opengroup.org/unix/online.html. +http://www.opengroup.org/unix/online.html. diff --git a/lib/libc/sys/mq_notify.2 b/lib/libc/sys/mq_notify.2 index 5bed088..1e3a5ad 100644 --- a/lib/libc/sys/mq_notify.2 +++ b/lib/libc/sys/mq_notify.2 @@ -148,4 +148,4 @@ Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at - http://www.opengroup.org/unix/online.html. +http://www.opengroup.org/unix/online.html. diff --git a/lib/libc/sys/mq_open.2 b/lib/libc/sys/mq_open.2 index 3b30423..5acc59b 100644 --- a/lib/libc/sys/mq_open.2 +++ b/lib/libc/sys/mq_open.2 @@ -320,4 +320,4 @@ Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at - http://www.opengroup.org/unix/online.html. +http://www.opengroup.org/unix/online.html. diff --git a/lib/libc/sys/mq_receive.2 b/lib/libc/sys/mq_receive.2 index 2bbabab..730636b 100644 --- a/lib/libc/sys/mq_receive.2 +++ b/lib/libc/sys/mq_receive.2 @@ -214,4 +214,4 @@ Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at - http://www.opengroup.org/unix/online.html. +http://www.opengroup.org/unix/online.html. diff --git a/lib/libc/sys/mq_send.2 b/lib/libc/sys/mq_send.2 index 6d93a15..6f18b90 100644 --- a/lib/libc/sys/mq_send.2 +++ b/lib/libc/sys/mq_send.2 @@ -233,4 +233,4 @@ Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at - http://www.opengroup.org/unix/online.html. +http://www.opengroup.org/unix/online.html. diff --git a/lib/libc/sys/mq_setattr.2 b/lib/libc/sys/mq_setattr.2 index e1974b4..79e523d 100644 --- a/lib/libc/sys/mq_setattr.2 +++ b/lib/libc/sys/mq_setattr.2 @@ -37,7 +37,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 29, 2005 +.Dd May 17, 2011 .Dt MQ_SETATTR 2 .Os .Sh NAME @@ -50,7 +50,7 @@ .Ft int .Fo mq_setattr .Fa "mqd_t mqdes" -.Fa "struct mq_attr *restrict mqstat" +.Fa "const struct mq_attr *restrict mqstat" .Fa "struct mq_attr *restrict omqstat" .Fc .Sh DESCRIPTION @@ -120,4 +120,4 @@ Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at - http://www.opengroup.org/unix/online.html. +http://www.opengroup.org/unix/online.html. diff --git a/lib/libc/sys/ntp_adjtime.2 b/lib/libc/sys/ntp_adjtime.2 index 65ff8a3..8ce78e7 100644 --- a/lib/libc/sys/ntp_adjtime.2 +++ b/lib/libc/sys/ntp_adjtime.2 @@ -284,7 +284,7 @@ At the end of the day, second 23:59:59 will be skipped. .It TIME_OOP Leap second in progress. .It TIME_WAIT -Leap second has occurred within the last few seconds.. +Leap second has occurred within the last few seconds. .It TIME_ERROR Clock not synchronized. .El diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2 index 3a5979f..041f9dc 100644 --- a/lib/libc/sys/open.2 +++ b/lib/libc/sys/open.2 @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd February 28, 2009 +.Dd March 25, 2011 .Dt OPEN 2 .Os .Sh NAME @@ -117,6 +117,8 @@ O_SYNC synchronous writes O_NOFOLLOW do not follow symlinks O_NOCTTY don't assign controlling terminal O_TTY_INIT restore default terminal attributes +O_DIRECTORY error if file is not a directory +O_CLOEXEC set FD_CLOEXEC upon open .Ed .Pp Opening a file with @@ -222,6 +224,19 @@ The initial call to on a TTY will always restore default terminal attributes on .Fx . .Pp +.Dv O_DIRECTORY +may be used to ensure the resulting file descriptor refers to a +directory. +This flag can be used to prevent applications with elevated privileges +from opening files which are even unsafe to open with +.Dv O_RDONLY , +such as device nodes. +.Pp +.Dv O_CLOEXEC +may be used to set +.Dv FD_CLOEXEC +flag for the newly returned file descriptor. +.Pp If successful, .Fn open returns a non-negative integer, termed a file descriptor. @@ -232,12 +247,17 @@ file is set to the beginning of the file. When a new file is created it is given the group of the directory which contains it. .Pp -The new descriptor is set to remain open across +Unless +.Dv O_CLOEXEC +flag was specified, +the new descriptor is set to remain open across .Xr execve 2 system calls; see -.Xr close 2 +.Xr close 2 , +.Xr fcntl 2 and -.Xr fcntl 2 . +.Dv O_CLOEXEC +description. .Pp The system imposes a limit on the number of file descriptors open simultaneously by one process. @@ -287,9 +307,9 @@ created has its immutable flag set, see the .Xr chflags 2 manual page for more information. .It Bq Er EPERM -.Dv The named file has its immutable flag set and the file is to be modified. +The named file has its immutable flag set and the file is to be modified. .It Bq Er EPERM -.Dv The named file has its append-only flag set, the file is to be modified, and +The named file has its append-only flag set, the file is to be modified, and .Dv O_TRUNC is specified or .Dv O_APPEND @@ -395,7 +415,7 @@ of .Dv O_WRONLY , .Dv O_RDWR and -.Dv O_EXEC. +.Dv O_EXEC . .It Bq Eq EBADF The .Fa path @@ -413,6 +433,9 @@ argument is not an absolute path and is neither .Dv AT_FDCWD nor a file descriptor associated with a directory. +.It Bq Eq ENOTDIR +.Dv O_DIRECTORY +is specified and the file is not a directory. .El .Sh SEE ALSO .Xr chmod 2 , diff --git a/lib/libc/sys/pathconf.2 b/lib/libc/sys/pathconf.2 index 495bc65..3cfcdbc 100644 --- a/lib/libc/sys/pathconf.2 +++ b/lib/libc/sys/pathconf.2 @@ -89,7 +89,6 @@ returns information about the file the link references. The available values are as follows: .Pp .Bl -tag -width 6n -.Pp .It Li _PC_LINK_MAX The maximum file link count. .It Li _PC_MAX_CANON @@ -234,11 +233,11 @@ Too many symbolic links were encountered in translating the pathname. An I/O error occurred while reading from or writing to the file system. .El .Pp -.Bl -tag -width Er The .Fn fpathconf system call will fail if: +.Bl -tag -width Er .It Bq Er EBADF The .Fa fd diff --git a/lib/libc/sys/posix_fallocate.2 b/lib/libc/sys/posix_fallocate.2 new file mode 100644 index 0000000..f7cbd49 --- /dev/null +++ b/lib/libc/sys/posix_fallocate.2 @@ -0,0 +1,146 @@ +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)open.2 8.2 (Berkeley) 11/16/93 +.\" $FreeBSD$ +.\" +.Dd April 13, 2011 +.Dt POSIX_FALLOCATE 2 +.Os +.Sh NAME +.Nm posix_fallocate +.Nd pre-allocate storage for a range in a file +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In fcntl.h +.Ft int +.Fn posix_fallocate "int fd" "off_t offset" "off_t len" +.Sh DESCRIPTION +Required storage for the range +.Fa offset +to +.Fa offset + +.Fa len +in the file referenced by +.Fa fd +is guarateed to be allocated upon successful return. +That is, if +.Fn posix_fallocate +returns successfully, subsequent writes to the specified file data +will not fail due to lack of free space on the file system storage +media. +Any existing file data in the specified range is unmodified. +If +.Fa offset + +.Fa len +is beyond the current file size, then +.Fn posix_fallocate +will adjust the file size to +.Fa offset + +.Fa len . +Otherwise, the file size will not be changed. +.Pp +Space allocated by +.Fn posix_fallocate +will be freed by a successful call to +.Xr creat 2 +or +.Xr open 2 +that truncates the size of the file. +Space allocated via +.Fn posix_fallocate +may be freed by a successful call to +.Xr ftruncate 2 +that reduces the file size to a size smaller than +.Fa offset + +.Fa len . +.Pp +.Sh RETURN VALUES +If successful, +.Fn posix_fallocate +returns zero. +It returns -1 on failure, and sets +.Va errno +to indicate the error. +.Sh ERRORS +Possible failure conditions: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid file descriptor. +.It Bq Er EBADF +The +.Fa fd +argument references a file that was opened without write permission. +.It Bq Er EFBIG +The value of +.Fa offset + +.Fa len +is greater than the maximum file size. +.It Bq Er EINTR +A signal was caught during execution. +.It Bq Er EINVAL +The +.Fa len +argument was zero or the +.Fa offset +argument was less than zero. +.It Bq Er EIO +An I/O error occurred while reading from or writing to a file system. +.It Bq Er ENODEV +The +.Fa fd +argument does not refer to a regular file. +.It Bq Er ENOSPC +There is insufficient free space remaining on the file system storage +media. +.It Bq Er ESPIPE +The +.Fa fd +argument is associated with a pipe or FIFO. +.El +.Sh SEE ALSO +.Xr creat 2 , +.Xr ftruncate 2 , +.Xr open 2 , +.Xr unlink 2 +.Sh STANDARDS +The +.Fn posix_fallocate +system call conforms to +.St -p1003.1-2004 . +.Sh HISTORY +The +.Fn posix_fallocate +function appeared in +.Fx 9.0 . +.Sh AUTHORS +.Fn posix_fallocate +and this manual page were initially written by +.An Matthew Fleming Aq mdf@FreeBSD.org . diff --git a/lib/libc/sys/ptrace.2 b/lib/libc/sys/ptrace.2 index 8265fb6..1b23c9b 100644 --- a/lib/libc/sys/ptrace.2 +++ b/lib/libc/sys/ptrace.2 @@ -2,7 +2,7 @@ .\" $NetBSD: ptrace.2,v 1.2 1995/02/27 12:35:37 cgd Exp $ .\" .\" This file is in the public domain. -.Dd February 11, 2010 +.Dd January 23, 2011 .Dt PTRACE 2 .Os .Sh NAME @@ -289,8 +289,14 @@ argument specifies a pointer to a which is defined as follows: .Bd -literal struct ptrace_lwpinfo { - lwpid_t pl_lwpid; /* LWP described. */ - int pl_event; /* Event received. */ + lwpid_t pl_lwpid; + int pl_event; + int pl_flags; + sigset_t pl_sigmask; + sigset_t pl_siglist; + siginfo_t pl_siginfo; + char pl_tdname[MAXCOMLEN + 1]; + int pl_child_pid; }; .Ed .Pp @@ -298,6 +304,83 @@ The .Fa data argument is to be set to the size of the structure known to the caller. This allows the structure to grow without affecting older programs. +.Pp +The fields in the +.Vt "struct ptrace_lwpinfo" +have the following meaning: +.Bl -tag -width indent -compact +.It pl_lwpid +LWP id of the thread +.It pl_event +Event that caused the stop. +Currently defined events are +.Bl -tag -width indent -compact +.It PL_EVENT_NONE +No reason given +.It PL_EVENT_SIGNAL +Thread stopped due to the pending signal +.El +.It pl_flags +Flags that specify additional details about observed stop. +Currently defined flags are: +.Bl -tag -width indent -compact +.It PL_FLAG_SCE +The thread stopped due to system call entry, right after the kernel is entered. +The debugger may examine syscall arguments that are stored in memory and +registers according to the ABI of the current process, and modify them, +if needed. +.It PL_FLAG_SCX +The thread is stopped immediately before syscall is returning to the usermode. +The debugger may examine system call return values in the ABI-defined registers +and/or memory. +.It PL_FLAG_EXEC +When +.Dv PL_FLAG_SCX +is set, this flag may be additionally specified to inform that the +program being executed by debuggee process has been changed by successful +execution of a system call from the +.Fn execve 2 +family. +.It PL_FLAG_SI +Indicates that +.Va pl_siginfo +member of +.Vt "struct ptrace_lwpinfo" +contains valid information. +.It PL_FLAG_FORKED +Indicates that the process is returning from a call to +.Fn fork 2 +that created a new child process. +The process identifier of the new process is available in the +.Va pl_child_pid +member of +.Vt "struct ptrace_lwpinfo" . +.El +.It pl_sigmask +The current signal mask of the LWP +.It pl_siglist +The current pending set of signals for the LWP. +Note that signals that are delivered to the process would not appear +on an LWP siglist until the thread is selected for delivery. +.It pl_siginfo +The siginfo that accompanies the signal pending. +Only valid for +.Dv PL_EVENT_SIGNAL +stop when +.Dv PL_FLAG_SI +is set in +.Va pl_flags . +.It pl_tdname +The name of the thread. +.It pl_child_pid +The process identifier of the new child process. +Only valid for a +.Dv PL_EVENT_SIGNAL +stop when +.Dv PL_FLAG_FORKED +is set in +.Va pl_flags . +.El .It PT_GETNUMLWPS This request returns the number of kernel threads associated with the traced process. @@ -327,6 +410,21 @@ This request will trace the specified process on each system call exit. .It PT_SYSCALL This request will trace the specified process on each system call entry and exit. +.It PT_FOLLOW_FORK +This request controls tracing for new child processes of a traced process. +If +.Fa data +is non-zero, +then new child processes will enable tracing and stop before executing their +first instruction. +If +.Fa data +is zero, then new child processes will execute without tracing enabled. +By default, tracing is not enabled for new child processes. +Child processes do not inherit this property. +The traced process will set the +.Dv PL_FLAG_FORKED +flag upon exit from a system call that creates a new process. .It PT_VM_TIMESTAMP This request returns the generation number or timestamp of the memory map of the traced process as the return value from @@ -501,3 +599,11 @@ The .Fn ptrace function appeared in .At v7 . +.Sh BUGS +The +.Dv PL_FLAG_FORKED , +.Dv PL_FLAG_SCE , +.Dv PL_FLAG_SCX +and +.Dv PL_FLAG_EXEC +are not implemented for MIPS and ARM architectures. diff --git a/lib/libc/sys/quotactl.2 b/lib/libc/sys/quotactl.2 index 4b4dca5..ff3cb4b 100644 --- a/lib/libc/sys/quotactl.2 +++ b/lib/libc/sys/quotactl.2 @@ -84,7 +84,7 @@ and group identifiers (GRPQUOTA). The .Dq ufs specific commands are: -.Bl -tag -width Q_QUOTAOFFxx +.Bl -tag -width Q_GETQUOTASIZEx .It Dv Q_QUOTAON Enable disk quotas for the file system specified by .Fa path . @@ -110,6 +110,17 @@ and .Fa id arguments are unused. Only the super-user may turn quotas off. +.It Dv Q_GETQUOTASIZE +Get the wordsize used to represent the quotas for the user or group +(as determined by the command type). +Possible values are 32 for the old-style quota file +and 64 for the new-style quota file. +The +.Fa addr +argument is a pointer to an integer into which the size is stored. +The identifier +.Fa id +is not used. .It Dv Q_GETQUOTA Get disk quota limits and current usage for the user or group (as determined by the command type) with identifier @@ -177,9 +188,11 @@ The argument or the command type is invalid. In -.Dv Q_GETQUOTA -and +.Dv Q_GETQUOTASIZE , +.Dv Q_GETQUOTA , .Dv Q_SETQUOTA , +and +.Dv Q_SETUSE , quotas are not currently enabled for this file system. .Pp The @@ -208,7 +221,8 @@ Too many symbolic links were encountered in translating a pathname. .It Bq Er EROFS In .Dv Q_QUOTAON , -the quota file resides on a read-only file system. +either the file system on which quotas are to be enabled is mounted read-only +or the quota file resides on a read-only file system. .It Bq Er EIO An .Tn I/O diff --git a/lib/libc/sys/recv.2 b/lib/libc/sys/recv.2 index e45863e..66f311f 100644 --- a/lib/libc/sys/recv.2 +++ b/lib/libc/sys/recv.2 @@ -165,7 +165,6 @@ system call uses a structure to minimize the number of directly supplied arguments. This structure has the following form, as defined in .In sys/socket.h : -.Pp .Bd -literal struct msghdr { void *msg_name; /* optional address */ @@ -242,7 +241,6 @@ should be a structure of type which is defined in .In sys/socket.h as follows: -.Pp .Bd -literal struct cmsgcred { pid_t cmcred_pid; /* PID of sending process */ diff --git a/lib/libc/sys/rfork.2 b/lib/libc/sys/rfork.2 index c0f264a..f1ae14b 100644 --- a/lib/libc/sys/rfork.2 +++ b/lib/libc/sys/rfork.2 @@ -5,7 +5,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 14, 2007 +.Dd March 15, 2011 .Dt RFORK 2 .Os .Sh NAME @@ -80,6 +80,7 @@ the new process to run on the provided stack. See .Xr rfork_thread 3 for information. +Note that a lot of code will not run correctly in such an environment. .It Dv RFSIGSHARE If set, the kernel will force sharing the sigacts structure between the child and the parent. @@ -171,24 +172,9 @@ There is insufficient swap space for the new process. .Xr intro 2 , .Xr minherit 2 , .Xr vfork 2 , +.Xr pthread_create 3 , .Xr rfork_thread 3 .Sh HISTORY The .Fn rfork function first appeared in Plan9. -.Sh BUGS -.Fx -does not yet implement a native -.Fn clone -library call, and the current pthreads implementation does not use -.Fn rfork -with RFMEM. -A native port of the linux threads library, -.Pa /usr/ports/devel/linuxthreads , -contains a working -.Fn clone -call that utilizes RFMEM. -The -.Xr rfork_thread 3 -function can often be used instead of -.Fn clone . diff --git a/lib/libc/sys/sched_setscheduler.2 b/lib/libc/sys/sched_setscheduler.2 index 21b34e0..3e7c42b 100644 --- a/lib/libc/sys/sched_setscheduler.2 +++ b/lib/libc/sys/sched_setscheduler.2 @@ -95,7 +95,6 @@ The .Vt sched_param structure is defined in .Fa <sched.h> : -.Pp .Bd -literal -offset indent struct sched_param { int sched_priority; /* scheduling priority */ diff --git a/lib/libc/sys/sctp_peeloff.2 b/lib/libc/sys/sctp_peeloff.2 index c513afa..d94f280 100644 --- a/lib/libc/sys/sctp_peeloff.2 +++ b/lib/libc/sys/sctp_peeloff.2 @@ -50,7 +50,7 @@ The .Fn sctp_peeloff system call attempts detach the association specified by .Fa id -into its own seperate socket. +into its own separate socket. .Pp .Sh RETURN VALUES The call returns -1 on failure and the new socket descriptor diff --git a/lib/libc/sys/semop.2 b/lib/libc/sys/semop.2 index 86200ee..a08f65e 100644 --- a/lib/libc/sys/semop.2 +++ b/lib/libc/sys/semop.2 @@ -222,7 +222,7 @@ When a process exits, either voluntarily or involuntarily, the adjust on exit value for each semaphore is added to the semaphore's value. This can -be used to insure that a resource is released if a process terminates +be used to ensure that a resource is released if a process terminates unexpectedly. .Sh RETURN VALUES .Rv -std semop diff --git a/lib/libc/sys/setuid.2 b/lib/libc/sys/setuid.2 index 78e4ab8..4bb4a68 100644 --- a/lib/libc/sys/setuid.2 +++ b/lib/libc/sys/setuid.2 @@ -124,39 +124,6 @@ The system calls will fail if: The user is not the super user and the ID specified is not the real, effective ID, or saved ID. .El -.Sh SECURITY CONSIDERATIONS -Read and write permissions to files are determined upon a call to -.Xr open 2 . -Once a file descriptor is open, dropping privilege does not affect -the process's read/write permissions, even if the user ID specified -has no read or write permissions to the file. -These files normally remain open in any new process executed, -resulting in a user being able to read or modify -potentially sensitive data. -.Pp -To prevent these files from remaining open after an -.Xr exec 3 -call, be sure to set the close-on-exec flag is set: -.Bd -literal -void -pseudocode(void) -{ - int fd; - /* ... */ - - fd = open("/path/to/sensitive/data", O_RDWR); - if (fd == -1) - err(1, "open"); - - /* - * Set close-on-exec flag; see fcntl(2) for more information. - */ - if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) - err(1, "fcntl(F_SETFD)"); - /* ... */ - execve(path, argv, environ); -} -.Ed .Sh SEE ALSO .Xr getgid 2 , .Xr getuid 2 , @@ -191,3 +158,36 @@ and .Fn setgid functions appeared in .At v7 . +.Sh SECURITY CONSIDERATIONS +Read and write permissions to files are determined upon a call to +.Xr open 2 . +Once a file descriptor is open, dropping privilege does not affect +the process's read/write permissions, even if the user ID specified +has no read or write permissions to the file. +These files normally remain open in any new process executed, +resulting in a user being able to read or modify +potentially sensitive data. +.Pp +To prevent these files from remaining open after an +.Xr exec 3 +call, be sure to set the close-on-exec flag is set: +.Bd -literal +void +pseudocode(void) +{ + int fd; + /* ... */ + + fd = open("/path/to/sensitive/data", O_RDWR); + if (fd == -1) + err(1, "open"); + + /* + * Set close-on-exec flag; see fcntl(2) for more information. + */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) + err(1, "fcntl(F_SETFD)"); + /* ... */ + execve(path, argv, environ); +} +.Ed diff --git a/lib/libc/sys/shm_open.2 b/lib/libc/sys/shm_open.2 index a586fe3..a2fa502 100644 --- a/lib/libc/sys/shm_open.2 +++ b/lib/libc/sys/shm_open.2 @@ -231,7 +231,7 @@ is specified and the named shared memory object does not exist. .Dv O_CREAT and .Dv O_EXCL -are specified and the named shared memory object dies exist. +are specified and the named shared memory object does exist. .It Bq Er EACCES The required permissions (for reading or reading and writing) are denied. .El diff --git a/lib/libc/sys/shmat.2 b/lib/libc/sys/shmat.2 index 8fe340c..fd1db93 100644 --- a/lib/libc/sys/shmat.2 +++ b/lib/libc/sys/shmat.2 @@ -35,7 +35,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In machine/param.h .In sys/types.h .In sys/ipc.h .In sys/shm.h diff --git a/lib/libc/sys/shmctl.2 b/lib/libc/sys/shmctl.2 index d3299af..98ddf13 100644 --- a/lib/libc/sys/shmctl.2 +++ b/lib/libc/sys/shmctl.2 @@ -34,7 +34,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In machine/param.h .In sys/types.h .In sys/ipc.h .In sys/shm.h diff --git a/lib/libc/sys/shmget.2 b/lib/libc/sys/shmget.2 index e7fd6d1..3094345 100644 --- a/lib/libc/sys/shmget.2 +++ b/lib/libc/sys/shmget.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 3, 1995 +.Dd December 17, 2010 .Dt SHMGET 2 .Os .Sh NAME @@ -34,7 +34,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In machine/param.h .In sys/types.h .In sys/ipc.h .In sys/shm.h @@ -80,17 +79,17 @@ the following constants into the .Fa flag argument: .Bl -tag -width XSHM_WXX6XXX -.It Dv SHM_R -Read access for user. -.It Dv SHM_W -Write access for user. -.It Dv ( SHM_R>>3 ) +.It Dv S_IRUSR +Read access for owner. +.It Dv S_IWUSR +Write access for owner. +.It Dv S_IRGRP Read access for group. -.It Dv ( SHM_W>>3 ) +.It Dv S_IWGRP Write access for group. -.It Dv ( SHM_R>>6 ) +.It Dv S_IROTH Read access for other. -.It Dv ( SHM_W>>6 ) +.It Dv S_IWOTH Write access for other. .El .\" @@ -143,4 +142,5 @@ already exists. .Xr shmat 2 , .Xr shmctl 2 , .Xr shmdt 2 , +.Xr stat 2 , .Xr ftok 3 diff --git a/lib/libc/sys/sigaction.2 b/lib/libc/sys/sigaction.2 index 4c4f18f..47b3a72 100644 --- a/lib/libc/sys/sigaction.2 +++ b/lib/libc/sys/sigaction.2 @@ -28,7 +28,7 @@ .\" From: @(#)sigaction.2 8.2 (Berkeley) 4/3/94 .\" $FreeBSD$ .\" -.Dd June 7, 2004 +.Dd April 18, 2010 .Dt SIGACTION 2 .Os .Sh NAME @@ -40,16 +40,11 @@ .In signal.h .Bd -literal struct sigaction { - union { - void (*__sa_handler)(int); - void (*__sa_sigaction)(int, struct __siginfo *, void *); - } __sigaction_u; /* signal handler */ + void (*sa_handler)(int); + void (*sa_sigaction)(int, siginfo_t *, void *); int sa_flags; /* see signal options below */ sigset_t sa_mask; /* signal mask to apply */ }; - -#define sa_handler __sigaction_u.__sa_handler -#define sa_sigaction __sigaction_u.__sa_sigaction .Ed .Ft int .Fo sigaction @@ -148,6 +143,16 @@ If is non-zero, the previous handling information for the signal is returned to the user. .Pp +The above declaration of +.Vt "struct sigaction" +is not literal. +It is provided only to list the accessible members. +See +.In sys/signal.h +for the actual definition. +In particular, the storage occupied by sa_handler and sa_sigaction overlaps, +and an application can not use both simultaneously. +.Pp Once a signal handler is installed, it normally remains installed until another .Fn sigaction @@ -604,13 +609,9 @@ or .Xr kill 2 , .Xr ptrace 2 , .Xr sigaltstack 2 , -.Xr sigblock 2 , -.Xr sigpause 2 , .Xr sigpending 2 , .Xr sigprocmask 2 , -.Xr sigsetmask 2 , .Xr sigsuspend 2 , -.Xr sigvec 2 , .Xr wait 2 , .Xr fpsetmask 3 , .Xr setjmp 3 , diff --git a/lib/libc/sys/sigaltstack.2 b/lib/libc/sys/sigaltstack.2 index da6877e..d9cb273 100644 --- a/lib/libc/sys/sigaltstack.2 +++ b/lib/libc/sys/sigaltstack.2 @@ -28,7 +28,7 @@ .\" @(#)sigaltstack.2 8.2 (Berkeley) 5/1/95 .\" $FreeBSD$ .\" -.Dd May 1, 1995 +.Dd May 6, 2010 .Dt SIGALTSTACK 2 .Os .Sh NAME @@ -39,7 +39,7 @@ .Sh SYNOPSIS .In signal.h .Bd -literal -typedef struct sigaltstack { +typedef struct { char *ss_sp; size_t ss_size; int ss_flags; @@ -51,25 +51,25 @@ typedef struct sigaltstack { The .Fn sigaltstack system call -allows users to define an alternate stack on which signals -are to be processed. +allows defining an alternate stack on which signals +are to be processed for the current thread. If .Fa ss is non-zero, it specifies a pointer to and the size of a .Em "signal stack" -on which to deliver signals, -and tells the system if the process is currently executing -on that stack. +on which to deliver signals. When a signal's action indicates its handler should execute on the signal stack (specified with a .Xr sigaction 2 system call), the system checks to see -if the process is currently executing on that stack. -If the process is not currently executing on the signal stack, +if the thread is currently executing on that stack. +If the thread is not currently executing on the signal stack, the system arranges a switch to the signal stack for the duration of the signal handler's execution. .Pp +An active stack cannot be modified. +.Pp If .Dv SS_DISABLE is set in @@ -78,12 +78,6 @@ is set in and .Fa ss_size are ignored and the signal stack will be disabled. -Trying to disable an active stack will cause -.Fn sigaltstack -to return -1 with -.Va errno -set to -.Er EINVAL . A disabled stack will cause all signals to be taken on the regular user stack. If the stack is later re-enabled then all signals that were specified @@ -96,7 +90,7 @@ The .Fa ss_flags field will contain the value .Dv SS_ONSTACK -if the process is currently on a signal stack and +if the thread is currently on a signal stack and .Dv SS_DISABLE if the signal stack is currently disabled. .Sh NOTES @@ -110,7 +104,7 @@ if ((sigstk.ss_sp = malloc(SIGSTKSZ)) == NULL) /* error return */ sigstk.ss_size = SIGSTKSZ; sigstk.ss_flags = 0; -if (sigaltstack(&sigstk,0) < 0) +if (sigaltstack(&sigstk, NULL) < 0) perror("sigaltstack"); .Ed An alternative approach is provided for programs with signal handlers @@ -146,8 +140,12 @@ or .Fa oss points to memory that is not a valid part of the process address space. +.It Bq Er EPERM +An attempt was made to modify an active stack. .It Bq Er EINVAL -An attempt was made to disable an active stack. +The +.Fa ss_flags +field was invalid. .It Bq Er ENOMEM Size of alternate stack area is less than or equal to .Dv MINSIGSTKSZ . diff --git a/lib/libc/sys/sigprocmask.2 b/lib/libc/sys/sigprocmask.2 index ef555a4..f7c8335 100644 --- a/lib/libc/sys/sigprocmask.2 +++ b/lib/libc/sys/sigprocmask.2 @@ -28,7 +28,7 @@ .\" @(#)sigprocmask.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd May 7, 2010 .Dt SIGPROCMASK 2 .Os .Sh NAME @@ -96,6 +96,11 @@ quietly disallows or .Dv SIGSTOP to be blocked. +.Pp +In threaded applications, +.Xr pthread_sigmask 3 +must be used instead of +.Fn sigprocmask . .Sh RETURN VALUES .Rv -std sigprocmask .Sh ERRORS @@ -116,6 +121,7 @@ has a value other than those listed here. .Xr sigpending 2 , .Xr sigsuspend 2 , .Xr fpsetmask 3 , +.Xr pthread_sigmask 3 , .Xr sigsetops 3 .Sh STANDARDS The diff --git a/lib/libc/sys/sigreturn.2 b/lib/libc/sys/sigreturn.2 index a022470..02d75a8 100644 --- a/lib/libc/sys/sigreturn.2 +++ b/lib/libc/sys/sigreturn.2 @@ -83,7 +83,7 @@ The process status longword is invalid or would improperly raise the privilege level of the process. .El .Sh SEE ALSO -.Xr sigvec 2 , +.Xr sigaction 2 , .Xr setjmp 3 , .Xr ucontext 3 .Sh HISTORY diff --git a/lib/libc/sys/sigwait.c b/lib/libc/sys/sigwait.c new file mode 100644 index 0000000..2fdffdd --- /dev/null +++ b/lib/libc/sys/sigwait.c @@ -0,0 +1,46 @@ +/*- + * Copyright (c) 2010 davidxu@freebsd.org + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <errno.h> +#include <signal.h> + +int __sys_sigwait(const sigset_t * restrict, int * restrict); + +__weak_reference(__sigwait, sigwait); + +int +__sigwait(const sigset_t * restrict set, int * restrict sig) +{ + int ret; + + /* POSIX does not allow EINTR to be returned */ + do { + ret = __sys_sigwait(set, sig); + } while (ret == EINTR); + return (ret); +} diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/sys/stack_protector.c index 14c20eb..ed7d635 100644 --- a/lib/libc/sys/stack_protector.c +++ b/lib/libc/sys/stack_protector.c @@ -1,4 +1,3 @@ -/* $FreeBSD$ */ /* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ /* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ /* @@ -34,10 +33,13 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/sysctl.h> #include <sys/types.h> +#include <errno.h> +#include <link.h> #include <signal.h> #include <string.h> #include <syslog.h> #include <unistd.h> +#include "libc_private.h" extern int __sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen); @@ -54,9 +56,14 @@ __guard_setup(void) { int mib[2]; size_t len; + int error; if (__stack_chk_guard[0] != 0) return; + error = _elf_aux_info(AT_CANARY, __stack_chk_guard, + sizeof(__stack_chk_guard)); + if (error == 0 && __stack_chk_guard[0] != 0) + return; mib[0] = CTL_KERN; mib[1] = KERN_ARND; @@ -85,7 +92,7 @@ __fail(const char *msg) (void)sigprocmask(SIG_BLOCK, &mask, NULL); /* This may fail on a chroot jail... */ - syslog(LOG_CRIT, msg); + syslog(LOG_CRIT, "%s", msg); (void)memset(&sa, 0, sizeof(sa)); (void)sigemptyset(&sa.sa_mask); @@ -108,8 +115,6 @@ __chk_fail(void) __fail("buffer overflow detected; terminated"); } -#ifdef PIC -__sym_compat(__stack_chk_fail_local, __stack_chk_fail, FBSD_1.0); -#else +#ifndef PIC __weak_reference(__stack_chk_fail, __stack_chk_fail_local); #endif diff --git a/lib/libc/sys/stack_protector_compat.c b/lib/libc/sys/stack_protector_compat.c new file mode 100644 index 0000000..cacb863 --- /dev/null +++ b/lib/libc/sys/stack_protector_compat.c @@ -0,0 +1,20 @@ +/* + * Written by Alexander Kabaev <kan@FreeBSD.org> + * The file is in public domain. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +void __stack_chk_fail(void); + +#ifdef PIC +void +__stack_chk_fail_local_hidden(void) +{ + + __stack_chk_fail(); +} + +__sym_compat(__stack_chk_fail_local, __stack_chk_fail_local_hidden, FBSD_1.0); +#endif diff --git a/lib/libc/sys/stat.2 b/lib/libc/sys/stat.2 index 3085ef0..7f6d533 100644 --- a/lib/libc/sys/stat.2 +++ b/lib/libc/sys/stat.2 @@ -28,7 +28,7 @@ .\" @(#)stat.2 8.4 (Berkeley) 5/1/95 .\" $FreeBSD$ .\" -.Dd April 10, 2008 +.Dd March 28, 2010 .Dt STAT 2 .Os .Sh NAME @@ -149,8 +149,8 @@ fields together identify the file uniquely within the system. The time-related fields of .Vt "struct stat" are as follows: -.Bl -tag -width ".Va st_birthtime" -.It Va st_atime +.Bl -tag -width ".Va st_birthtim" +.It Va st_atim Time when file data last accessed. Changed by the .Xr mknod 2 , @@ -159,7 +159,7 @@ Changed by the and .Xr readv 2 system calls. -.It Va st_mtime +.It Va st_mtim Time when file data last modified. Changed by the .Xr mkdir 2 , @@ -170,7 +170,7 @@ Changed by the and .Xr writev 2 system calls. -.It Va st_ctime +.It Va st_ctim Time when file status was last changed (inode data modification). Changed by the .Xr chflags 2 , @@ -191,18 +191,24 @@ Changed by the and .Xr writev 2 system calls. -.It Va st_birthtime +.It Va st_birthtim Time when the inode was created. .El .Pp -If -.Dv _POSIX_SOURCE -is not defined, the time-related fields are defined as: +The following time-related macros are defined for compatibility: .Bd -literal +#define st_atime st_atim.tv_sec +#define st_mtime st_mtim.tv_sec +#define st_ctime st_ctim.tv_sec +#ifndef _POSIX_SOURCE +#define st_birthtime st_birthtim.tv_sec +#endif + #ifndef _POSIX_SOURCE -#define st_atime st_atimespec.tv_sec -#define st_mtime st_mtimespec.tv_sec -#define st_ctime st_ctimespec.tv_sec +#define st_atimespec st_atim +#define st_mtimespec st_mtim +#define st_ctimespec st_ctim +#define st_birthtimespec st_birthtim #endif .Ed .Pp @@ -339,10 +345,10 @@ represented correctly in the structure pointed to by .Fa sb . .El .Pp -.Bl -tag -width Er The .Fn fstat system call will fail if: +.Bl -tag -width Er .It Bq Er EBADF The .Fa fd @@ -395,8 +401,8 @@ nor a file descriptor associated with a directory. .Xr fhstat 2 , .Xr statfs 2 , .Xr utimes 2 , -.Xr symlink 7 , -.Xr sticky 8 +.Xr sticky 7 , +.Xr symlink 7 .Sh STANDARDS The .Fn stat diff --git a/lib/libc/sys/unlink.2 b/lib/libc/sys/unlink.2 index 141f3d3..bb27085 100644 --- a/lib/libc/sys/unlink.2 +++ b/lib/libc/sys/unlink.2 @@ -28,7 +28,7 @@ .\" @(#)unlink.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd April 10, 2008 +.Dd April 25, 2010 .Dt UNLINK 2 .Os .Sh NAME @@ -167,7 +167,7 @@ argument does not specify an absolute path and the argument is neither .Dv AT_FDCWD nor a valid file descriptor open for searching. -.It Bq Er EEXIST +.It Bq Er ENOTEMPTY The .Fa flag parameter has the diff --git a/lib/libc/sys/vfork.2 b/lib/libc/sys/vfork.2 index 3cd3368..1cfaa61 100644 --- a/lib/libc/sys/vfork.2 +++ b/lib/libc/sys/vfork.2 @@ -104,7 +104,7 @@ Same as for .Xr _exit 2 , .Xr fork 2 , .Xr rfork 2 , -.Xr sigvec 2 , +.Xr sigaction 2 , .Xr wait 2 , .Xr exit 3 .Sh HISTORY |
