Commit Graph

1171 Commits

Author SHA1 Message Date
simonb 4e9c90673d Disable the larger/faster code path. While the optimised code path was
indeed quicker, it nonetheless failed to actually fill all the requested
memory with the specified value much of the time if a non-aligned start
address was used.
2021-04-17 05:57:11 +00:00
dholland 53166c520a arm bswap32: fix fatal typo in thumb code (PR 55854) 2020-12-11 09:02:33 +00:00
dholland 3818c9a287 arm bswap32: Improve the comments showing the byte flow.
It's confusing to use 1-4 for bytes 1-4 and then 0 for literal zero,
so use a-d for bytes 1-4.
2020-12-09 02:46:57 +00:00
skrll e3ee4da69b Use the correct barriers - all of membar_{sync,producer,consumer} have
less scope than before.

LGTM from riastradh
2020-10-13 21:22:12 +00:00
skrll cfd51b63e1 Remove memory barriers from the atomic ops macros in the same way as was
done for the other atomic ops earlier.
2020-10-13 21:17:35 +00:00
skrll 058bd28709 Define _ARM_ARCH_8 when __ARM_ARCH_8A (no trailing double underscore) as
it is defined by gcc.

__ARM_ARCH_8A__ (with trailing double underscore) seems to be a typo (or
maybe historical)
2020-10-11 16:22:02 +00:00
skrll 7cbf2902dd Comment nit 2020-10-07 07:31:47 +00:00
jakllsch aeb04dceb1 Re-do previous aarch64eb strlen fix more simply and correctly. 2020-09-09 14:49:27 +00:00
mrg ebde11d941 make some prototypes match the builtin properly. GCC 9 complains
with the old version, GCC 8 is happy with this version.

tested on sparc.
2020-09-07 00:52:19 +00:00
jakllsch ea3caf96e6 Fix a broken corner case of strlen()/strnlen() on aarch64eb
Previously a string such as "\x1\x1\x1\x1\x1\x1\x1" would count as
0 instead of 7 on BE.
2020-09-05 20:24:43 +00:00
jakllsch d0f28ec00a Remove unused assembly source files 2020-09-03 16:45:49 +00:00
jakllsch 835e43960b Fix typo/pasteo in aarch64 clzdi2() END() 2020-09-02 15:43:06 +00:00
skrll e16659bb50 Part I of ad@'s performance improvements for aarch64
- Remove memory barriers from the atomic ops.  I don't understand why those
  are there.  Is it some architectural thing, or for a CPU bug, or just
  over-caution maybe?  They're not needed for correctness.

- Have unlikely conditional branches go forwards to help the static branch
  predictor.
2020-08-12 12:59:57 +00:00
skrll 76b3785162 More SYNC centralisation 2020-08-10 14:37:38 +00:00
skrll bf8d907e75 Centralise SYNC/BDSYNC in asm.h and introduce a new LLCSCSYNC and use it
before any ll/sc sequences.

Define LLSCSYNC as syncw; syncw for cnMIPS - issue two as early cnMIPS
has errat{um,a} that means the first can fail.
2020-08-06 10:00:20 +00:00
skrll 6d4375e1ca Trailing whitespace 2020-08-01 09:26:49 +00:00
christos d3ce6b6028 Fix lint 2020-06-20 00:16:50 +00:00
christos 3df41e0b22 remove error(1) comments 2020-06-15 00:46:00 +00:00
christos ad3c244aa9 add/fix linted comments 2020-06-14 21:31:01 +00:00
christos e0cecd8234 Fix incorrect type (found by lint), and add linted comments for the
long long -> long (uintmax_t on LP64)
2020-06-14 21:28:58 +00:00
thorpej 6620d0c742 Change previous to only apply when building with clang. 2020-06-12 00:02:26 +00:00
joerg 3c4ddcbfa9 Unbreak clang builds by removing questionable linker warning sections
trggered all over the place.
2020-06-11 22:25:44 +00:00
thorpej f2709a687f Fix a paste-o that caused prop_data_create_copy() to be intolerant
of creating empty data objects.  Fixes t_ifconfig::ifconfig_description
unit test.
2020-06-08 21:31:56 +00:00
thorpej bde2909f86 Update for proplib(3) API changes. 2020-06-06 22:28:07 +00:00
thorpej b1bbd8163d Correct a deprecation warning. 2020-06-06 22:23:31 +00:00
thorpej a792b8435e Improvements to the problib(3) API:
==> Provide a much more complete set of setters and getters for different
    value types in the prop_array_util(3) and prop_dictionary_util(3)
    functions.

==> Overhaul the prop_data(3), prop_number(3), and prop_string(3) APIs
    to be easier to use and less awkwardly named,  Deprecate the old
    awkward names, and produce link-time warnings when they are referenced.

==> Deprecate mutable prop_data(3) and prop_string(3) objects.  The old
    APIs that support them still exist, but will now produce link-time
    warnings when used.

==> When the new prop_string(3) API is used, strings are internally
    de-duplicated as a memory footprint optimization.

==> Provide a rich set of bounds-checked gettter functions in and a
    corresponding set of convenience setters in the prop_number(3) API.

==> Add a new prop_bool_value(3) function that is equivalent to
    prop_bool_true(3), but aligned with the new "value" routines in
    prop_data(3), prop_string(3), and prop_number(3).
2020-06-06 21:25:59 +00:00
rin 9769066979 Fix typo in comment. 2020-05-31 12:37:07 +00:00
rin 3a564f248f Add m68k assembler version of __muldi3().
This is intended for 68060:
  - GCC does not emit __muldi3() for 68020-40, that have 32 * 32 --> 64 mulul
  - mulsl (and moveml), used in this code, are not implemented for 68010

In comparison with that from compiler_rt, this version saves:
  - 12% of processing time
  - 12 bytes of stack
  - 50 bytes of code size
Also, slightly faster, memory saving, and smaller than libgcc version.

By examining with evcnt(9), __muldi3() is invoked more than 1000 times per
sec by kernel, which should justify to introduce assembler version of this
function.
2020-05-31 11:43:37 +00:00
riastradh 00fb1a3a30 Merge updates from upstream to reduce stack usage of SHA3_Selftest. 2020-05-30 18:40:28 +00:00
martin 8be1e866ab PR 55239: initialize all RAS sections for non-MP configurations 2020-05-15 15:20:40 +00:00
msaitoh 8012ca3f0e Remove extra semicolon. 2020-05-14 08:34:17 +00:00
maxv 712bef211f Use the hotpatch framework when patching _atomic_cas_64. 2020-05-01 08:32:50 +00:00
riastradh 5084c1b50f Rewrite entropy subsystem.
Primary goals:

1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.

Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources.  Hardware RNG devices should have hardware-specific
health tests.  For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug.  Not all hardware RNGs are
necessarily designed to produce exactly uniform output.

ENTROPY POOL

- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
  kludge as the cryptographic primitive.

- `Entropy depletion' is available for testing purposes with a sysctl
  knob kern.entropy.depletion; otherwise it is disabled, and once the
  system reaches full entropy it is assumed to stay there as far as
  modern cryptography is concerned.

- No `entropy estimation' based on sample values.  Such `entropy
  estimation' is a contradiction in terms, dishonest to users, and a
  potential source of side channels.  It is the responsibility of the
  driver author to study the entropy of the process that generates
  the samples.

- Per-CPU gathering pools avoid contention on a global queue.

- Entropy is occasionally consolidated into global pool -- as soon as
  it's ready, if we've never reached full entropy, and with a rate
  limit afterward.  Operators can force consolidation now by running
  sysctl -w kern.entropy.consolidate=1.

- rndsink(9) API has been replaced by an epoch counter which changes
  whenever entropy is consolidated into the global pool.
  . Usage: Cache entropy_epoch() when you seed.  If entropy_epoch()
    has changed when you're about to use whatever you seeded, reseed.
  . Epoch is never zero, so initialize cache to 0 if you want to reseed
    on first use.
  . Epoch is -1 iff we have never reached full entropy -- in other
    words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
    but it is better if you check for changes rather than for -1, so
    that if the system estimated its own entropy incorrectly, entropy
    consolidation has the opportunity to prevent future compromise.

- Sysctls and event counters provide operator visibility into what's
  happening:
  . kern.entropy.needed - bits of entropy short of full entropy
  . kern.entropy.pending - bits known to be pending in per-CPU pools,
    can be consolidated with sysctl -w kern.entropy.consolidate=1
  . kern.entropy.epoch - number of times consolidation has happened,
    never 0, and -1 iff we have never reached full entropy

CPRNG_STRONG

- A cprng_strong instance is now a collection of per-CPU NIST
  Hash_DRBGs.  There are only two in the system: user_cprng for
  /dev/urandom and sysctl kern.?random, and kern_cprng for kernel
  users which may need to operate in interrupt context up to IPL_VM.

  (Calling cprng_strong in interrupt context does not strike me as a
  particularly good idea, so I added an event counter to see whether
  anything actually does.)

- Event counters provide operator visibility into when reseeding
  happens.

INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)

- Unwired for now; will be rewired in a subsequent commit.
2020-04-30 03:28:18 +00:00
maxv 129e4c2b33 Use the hotpatch framework for LFENCE/MFENCE. 2020-04-26 14:49:17 +00:00
maxv f012eec2fe Remove unused argument in macro. 2020-04-26 13:59:44 +00:00
maxv e18b0a4638 Remove unused. 2020-04-26 13:54:02 +00:00
maxv 88b0d179cd Drop the hardcoded array, use the hotpatch section. 2020-04-26 13:37:14 +00:00
bouyer c24c993fe4 Merge the bouyer-xenpvh branch, bringing in Xen PV drivers support under HVM
guests in GENERIC.
Xen support can be disabled at runtime with
boot -c
disable hypervisor
2020-04-25 15:26:16 +00:00
rin 27f1060c62 Restrict usage of m68k assembler versions of {,u}divsi3 and {,u}divsi3 to
kernel and bootloader for 68010.

They requires a special calling convention to udivsi3, and cannot to be
mixed up in normal routines provided by libgcc or compiler_rt. Although,
there's no problem for using them in a controlled situation, i.e., kernel
and standalone programs.

Note that this does not affect at all m68k ports other than sun2, since
codes generated by gcc do not call these routines.

Assembler files are moved from common/lib/libc/arch/m68k/gen to
sys/lib/libkern/arch/m68k in order not to be compiled in libc.

Revert hack introduced to lib/libc/compiler_rt/Makefile.inc rev 1.37:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/compiler_rt/Makefile.inc#rev1.37

Proposed on port-sun2@ with no response...
(Again, this does not affect m68k ports other than sun2.)
http://mail-index.netbsd.org/port-sun2/2020/03/10/msg000102.html
2020-04-22 11:28:56 +00:00
ryo adc5085fcd Fixed to not use the "br" instruction. Branch Target Identification (BTI) doesn't like "br".
requested by maxv@
2020-04-11 05:12:52 +00:00
ad 5ff779fe83 Match the naming convention in the file. 2020-04-11 01:46:47 +00:00
ad f1ed81b8fc PR kern/54979 (radixtree might misbehave if ENOMEM)
- radix_tree_insert_node(): if the insert failed due to ENOMEM, roll back
  any updates made to the tree.

- radix_tree_grow(): either succeed or fail, never make partial adjustments
  to the tree.

- radix_tree_await_memory(): allocate & free the maximum possible number of
  nodes required by any insertion.
2020-04-10 23:43:05 +00:00
ad 5e0de1ec0e Rename radix_tree_node_clean_p() to radix_tree_node_sum() and have it return
the computed sum.  Use to replace any_children_tagmask().  Simpler & faster.
2020-04-10 21:56:41 +00:00
skrll a6a8f0073d Fix KASAN build on aarch64 2020-04-07 08:07:58 +00:00
wiz 81e8a3b48e Teach dk(4) about ZFS.
"looks ok" mlelstv
2020-03-30 08:36:09 +00:00
rin 880f104786 For kernel, rename ffs to __ffssi2 rather than having a weak symbol.
This enables us to load modules depended to __ffssi2.

It is difficult to deal with weak symbols consistently in in-kernel
linker. See explanation by pgoyette on tech-kern:

    http://mail-index.netbsd.org/tech-kern/2020/03/09/msg026148.html

Also, we do not currently provide ffs(9) as a kernel routine.
2020-03-10 08:15:44 +00:00
rin ee127cc58e Add missing END() for coldfire. 2020-03-09 13:36:10 +00:00
skrll 7680719e6b Give the thumb atomic ops a chance of working 2020-03-09 11:21:54 +00:00
rin da092eb7d2 Remove wrong comment (copy-paste from somewhere);
__mulsi3 does not depend on __udivsi3.
2020-03-09 08:29:11 +00:00
kamil 7f5eec67a9 Add support for alignment_assumptions in uubsan
Cherry-pick from FreeBSD:

From 7c1bc5ffc2fa68ddc76e5ea8a3a1a6fdfeee57f0 Mon Sep 17 00:00:00 2001
From: andrew <andrew@FreeBSD.org>
Date: Tue, 28 May 2019 09:12:15 +0000
Subject: [PATCH] Teach the kernel KUBSAN runtime about alignment_assumption

This checks the alignment of a given pointer is sufficient for the
requested alignment asked for. This fixes the build with a recent
llvm/clang.

Sponsored by:	DARPA, AFRL
2020-03-08 21:35:03 +00:00
rin fd255ae543 Implement workaround for IBM405 Errata 77 (aka CPU_210), where
interrupted stwcx. may errantly write data to memory:

    https://elinux.org/images/1/1d/Ppc405gp-errata.pdf

This is because stwcx. is split into two pieces in the pipeline.

We need to
(1) insert dcbt before every stwcx. instruction, as well as
(2) insert sync before every rfi/rfci instruction.

It is unclear which processors are affected, but according to Linux,
all 405-based cores up until 405GPR and 405EP are affected:

    https://github.com/torvalds/linux/blob/master/arch/powerpc/platforms/40x/Kconfig#L140

For kernel, this workaround can be restricted to affected processors.
However, for kernel modules and userland, we have to enable it for all
32bit powerpc archs in order to share common binaries as before.

Proposed on port-powerpc:

    http://mail-index.netbsd.org/port-powerpc/2020/02/21/msg003583.html
2020-03-01 23:23:36 +00:00
fox 819b6be2db common/lib/libc/stdlib: Fix possible signed integer overflow.
common/lib/libc/stdlib/random.c:482:6 can result in signed integer overflow.

This bug was reported by UBSan runs.

The change has been tested using the following program to generate random numbers
in both the old and the new library and can be used to verify the correctness of the
library after the change.

#include <stdio.h>
#include <stdlib.h>

#define COUNT 1000 * 1000

int
main(void)
{
        int i;
        FILE *fp = fopen("numbers.txt", "w");

        srandom(0xdeadbeef);

        for(i = 0; i < COUNT; i++) {
                fprintf(fp, "%ld\n", random());
        }

        fclose(fp);

        return 0;
}

Reviewed by: riastradh@ , kamil@
2020-02-22 14:47:29 +00:00
ad e7cb9801ce Some boot blocks too big now, only compare in big chunks if !_STANDALONE. 2020-01-29 09:18:26 +00:00
ad 81d0e040cc gang_lookup_scan(): if a dense scan and the first sibling doesn't match,
the scan is finished.
2020-01-28 22:20:45 +00:00
ad e4d889e5b3 Add a radix_tree_await_memory(), for kernel use. 2020-01-28 16:33:34 +00:00
ad 038210787f Drop the alignment check if __NO_STRICT_ALIGNMENT (x86, m68k, vax). 2020-01-27 22:22:03 +00:00
ad 42a88f8ef1 bcmp() / memcmp(): compare in uintptr_t sized chunks when it's easy to. 2020-01-27 22:13:39 +00:00
ad 78780d1e41 x86 uses the C versions of bcmp() and memcmp() now. 2020-01-27 22:09:21 +00:00
ad 6c03ec4c5b Back out previous, it's broken. 2020-01-16 09:23:43 +00:00
ad 198cbac382 Rewrite bcmp() & memcmp() to not use REP CMPS. Seems about 5-10x faster for
small strings on modern hardware.
2020-01-15 10:56:49 +00:00
para 0041cdea95 initialize radix_tree_node_cache with PR_LARGECACHE
this increases the cache groups from 15 to 63 items in order
to reduce traffic between pool cache layers
this is the same as for other highly frequented pool caches as the pvpool and anonpool
2020-01-12 20:00:41 +00:00
skrll 79fe88a4f8 Trailing whitespace 2020-01-06 13:21:18 +00:00
ad 6ee4781f70 proc_compare(): weed out zombies before doing anything else. From skrll@. 2020-01-06 11:16:35 +00:00
christos a340b0e513 Formalize that the printf formats should be uintmax_t so we can
uniformly use 'j' in the user-provided formatting strings instead
of depending on _LP64 to use 'll' or 'l' (and the PRI macros). The
alternative is to parse the printf format manually to determine
which modifier to apply which would make this transparent to the
user (they could still always use '%u' or '%x'), but that's too
painful.
2019-12-06 19:36:21 +00:00
ad b8255b9f0e Fix warning that appears when compiling in kernel. 2019-12-05 19:03:39 +00:00
ad 9afd1ce310 Delete the counter from "struct radix_tree_node", and in the one place we
need a non-zero check, substitute with a deterministic bitwise OR of all
values in the node.  The structure then becomes cache line aligned.

For each node we now need only touch 2 cache lines instead of 3, which makes
all the operations faster (measured), amortises the cost of not having a
counter, and will avoid intra-pool-page false sharing on MP.
2019-12-05 18:50:41 +00:00
ad 0558f52127 Merge radixtree changes from yamt-pagecache. 2019-12-05 18:32:25 +00:00
roy 8569e6d26f Make it easier to use strtoi and strtou in downsteam applications
without the need to define HAVE_NBTOOL_CONFIG_H and yet allow -Wundef
not to log any warnings.
2019-11-28 12:33:23 +00:00
kamil 0b65214dd3 uubsan: Implement function_type_mismatch_v1
RTTI is not supported by micro-UBSan (by design) and this is now a stub
handler.
2019-11-01 14:54:07 +00:00
kamil aeb81341f9 uubsan: Handle implicit_conversion 2019-10-30 00:13:46 +00:00
maya a11c5ab81a Remove htonll and ntohll as symbols from aarch64 libc.
Other architectures do not define them, and so we don't provide a
function declaration in any header.

This means a package may detect it with a link-test and then fail
due to the missing declaration, like sysutils/collectd currently does.

Done this way as aarch64 has not had a release yet. Discussed with releng.
2019-10-12 09:22:36 +00:00
mrg 8c38a0de66 workaround a GCC 8 warning:
- code that will be unreachable on platforms with
  sizeof(double) != sizeof(unsigned long) triggered an valid out
  of bounds warning.  avoid the error by using sizeof ul.
- also assert that the sizes are the same if entering here.

both from kamil@.
2019-10-04 12:12:47 +00:00
skrll a58be5d164 Traiing whitespace. 2019-09-16 12:40:40 +00:00
skrll 2ce102b5b1 __sync_{,x}or_and_fetch_8 should return new value... make it so. 2019-09-15 14:55:04 +00:00
skrll 8453e2f7da __sync_or_and_fetch_8 should return new value... make it do that. 2019-09-15 11:14:15 +00:00
kamil 1a5f018b01 Enhance the support of LLVM sanitizers
Define _REENTRANT for MKSANITIZER build. This is needed for at least stdio
code. This caused new build issued with duplicated symbols in few places
and rump kernel code picking different code paths borrowed from libc.
Handle all this in one go.

Add bsd.sanitizer.mk to share common code used by programs and libraries.

Switch from realall to beforeinstall target in .syms files. This is more
reliable in MKSANITIZER.
2019-08-27 22:48:53 +00:00
para 50fe1a8b2a add now required includes for memcpy prototypes analogue to other hash functions
(fix the build)
2019-08-20 15:17:02 +00:00
riastradh 23d950dc47 Fix byte order bug in murmurhash and pacify sanitizers. 2019-08-20 12:33:26 +00:00
joerg 3dbc6e4c72 ARMv6KZ has been misspelled by GCC since forever, but clang only
provides the correct name. Support both.
2019-08-02 12:07:24 +00:00
kamil f8310280bd Introduce UBSAN_ALWAYS_FATAL in micro-UBSan
UBSAN_ALWAYS_FATAL is a CPP option to mark all reports fatal always.
2019-06-17 18:55:37 +00:00
christos 7b60fbecff PR/54300: Andreas Gustafsson: Remove useless case. should fix
lib/libutil/t_snprintb test regression on sparc
2019-06-17 17:03:58 +00:00
christos bf1be5afae get rid of caddr_t 2019-06-16 16:01:44 +00:00
hannken c7814b62be Make XDR usable from kernel or module.
No user visible changes intended.
2019-06-05 16:25:43 +00:00
hannken 6f60c4f99e Move the basic part of XDR to common/include/rpc and common/lib/libc/rpc.
No functional change intended.
2019-06-04 15:07:55 +00:00
maxv 5bd7eba201 Misc changes in RISC-V. Start changing the memory layout, too. 2019-06-01 12:42:27 +00:00
maxv dedb2f3a2d Fix bug, the computation of cpuset_nentries was incorrect, we must do +1
to be able to address the last 32 bits.

On a machine with 80 CPUs, this caused "cpuctl identify >64" to return
garbage.
2019-05-11 11:53:55 +00:00
skrll 6e867a675a toolify
PR/54182: Cross-building on Linux fails in rb.c
2019-05-09 10:56:24 +00:00
thorpej 88c316691b Use posix_madvise() rather than the legacy madvise() call, and
wrapp the calls in #ifdef for the advice we're giving.  Should
address reports of host tool build issues.
2019-05-08 04:34:33 +00:00
thorpej 8319f966d5 Fix building libprop as a host tool library on platforms that don't have
the Matt Thomas rbtree:

- Include rb.c in libnbcompat, and provide a nbcompat sys/rbtree.h
  header.
- Make sure libprop's source file include prop_object_impl.h before
  anything else, and pull in nbtool_config.h from there.

Tested by simulating such a host system by renaming the host's
<sys/rbtree.h> out of the way (which reproduced the build failure)
and verifying that the host-tool installboot contained the rb_*
functions in its own .text segment.
2019-05-08 02:25:50 +00:00
kre 63e182f423 snprintb(3) says that, in the new(?) Torek format, all fields specs end with \0
The F spec is one of those, it should be terminated with \0 just like all
the others (irrelevant that it has no extra data to delimit).

Fix <sys/mman.h> to define the snprintb() format string correctly (include
the missing \0's).   Fix the copy of that definition included into
snprintb(3) to match the updated mman.h version (ride the date bump
from the day before yesterday .. this is the same change, just corrected).

Undo the previous snprintb.c change ("off by one" fix) which was an
attempt to make the broken mman.h usage work (and did, but not the way
it should be done).   Also, after using the new * format (instead of only
when something has already matched) skip the associated data so we don't
attempt to interpret it as more field specifiers.  This func needs lots of TLC!

Fix the ATF tests for snprintb() to not assume that F format is really
exactly like f format, and has data after the field specifier.  It doesn't.
Add several more tests (including testing the '*' field operator
recently added).
2019-04-29 07:55:38 +00:00
christos c650b5f27f Fix an off-by-one in the F modifier that ended up skipping the first : or =
entry, and add a * specifier for a "default case".
2019-04-27 17:45:28 +00:00
mrg cee1dacaf3 add missing atomic_and_16_nv_cas.c atomic_and_8_nv_cas.c. 2019-04-17 07:40:34 +00:00
mrg 5a9be18c46 add missing aliases for _atomic_cas_32_ni and atomic_cas_uint_ni. 2019-04-17 07:35:38 +00:00
jmcneill 0d57af0fd1 Fix typo: __aebi_memset -> __aeabi_memset 2019-03-30 10:18:03 +00:00
roy 18d2bd2e00 rbtree: Add a define to mark function arguments as unused for non debug
This allows rbtree to be used outside of NetBSD without any compile
warnings and removes the need for the lint comment.
2019-03-08 09:14:54 +00:00
isaki ae06bb460e Fix return value. or_and_fetch should return new value. 2019-03-01 09:57:32 +00:00
isaki 3bbf8c07ee Add missing alias for __atomic_fetch_nand_N.
XXX I'm not sure why does llvm/sparc call __atomic instead of
    __sync though.
XXX atomic_*_cas.c should be more symmetric...
2019-03-01 06:14:52 +00:00
isaki acd53d24e1 Add missing atomic_and_{8,16}_nv_cas.c for __sync_and_and_fetch_{1,2}.
XXX why is not only atomic_and_* symmetric unlike the others?
    (in common/lib/libc/atomic/)
2019-02-28 02:35:37 +00:00
rin 8cef165a13 Export atomic_cas_32_ni in a similar manner to its 64-bit counterpart.
Compile test only, but seems trivial enough for me.

Fix build error due to test/lib/libc/atomic/t_atomic_cas.

Note that mips32 does not use atomic_cas.S.
2019-02-20 05:25:12 +00:00
martin 6899bcaca3 Add atomic_cas_64_ni alias 2019-02-19 18:17:45 +00:00
rin e73f820d2b Sort STRONG_ALIAS's in the same manner as ATOMIC_OP_ALIAS's.
No functional changes.
2019-02-19 12:51:44 +00:00
rin 9121ca69a2 Export _atomic_cas_64 as atomic_cas_64_ni.
Note that _atomic_cas_64 is already exported as atomic_cas_{ulong,prt}_ni.

Fix build error of test/lib/atomic/t_atomic_cas, which is successfully
passed on RPI3B+ now.
2019-02-19 12:47:36 +00:00
martin b79193cac1 Add some atomic_cas_64_ni aliases 2019-02-18 11:22:56 +00:00
isaki ec9c813c13 Add missing export of atomic_or_64 (since rev1.1). 2019-02-17 07:34:44 +00:00
kamil 075cfd7e0e Fix kUBSan build with GCC7
Add missing __unreachable() and FALLTHROUGH keywords.

Reported by <Akul Pillai>
2019-02-13 17:17:02 +00:00
ryo 3f09074d57 - atomic_*_{8,16}_nv() must return a new value, not an old value.
- use "dmb sy" for atomic_*{8,16}_nv() in the same way as atomic_*{32,64}_nv().
2019-02-08 06:56:56 +00:00
ryo 706088913a fix atomic_sub_*(). it was (delta - *ptr), should be (*ptr - delta).
changing shared macro doesn't effect other atomic_ops because
(*ptr [+|^] delta) and (delta [+|^] *ptr) have same result.

atomic_sub_*() haven't used because non standard API?
2019-02-06 05:33:14 +00:00
mrg da4bf28d55 - use __unreachable() and move 'break's around to increase consistency
and correctness

ok kamil@
2019-02-04 22:07:41 +00:00
mrg f5f53dd6ab add support to detect the 3 vmware GPT partition types:
- VMKcore (dump partition)
- VMFS
- VMware reserved

this enables vmkcore partitions for netbsd swap or dump, as well
as naming all of them.
2018-11-06 04:04:33 +00:00
christos 1689d3d9a9 use postincrement, like the patch
XXX: pullup-8
2018-10-15 19:32:48 +00:00
christos 124c823126 Avoid out-of-bounds reads
https://www.openwall.com/lists/musl/2017/06/29/6
XXX: pullup-8
2018-10-15 18:37:19 +00:00
jdolecek bcc384fdef remove M_CANFAIL flag for malloc(9) - it was completely ignored, so had
actually no effect
2018-10-14 17:37:40 +00:00
christos 4496cdcb87 toolify. 2018-08-16 12:03:10 +00:00
christos 143603fad0 Add nbotool stuff. 2018-08-11 16:25:32 +00:00
kamil a36fdb1010 Try to fix the evbppc-powerpc64 build
Avoid "comparison between signed and unsigned integer expressions" on
Big-Endian hosts.
2018-08-03 16:31:04 +00:00
kamil 7adf6ec6dd Register a new directory in common/lib/libc/misc
Registe misc/ with ubsan.c.
2018-08-03 03:35:17 +00:00
kamil aee9a63f2a Tidy up the comment in ubsan.c
As noted, style has no impact on the comparison of a similar code.
This version is a reimplementation from scratch with no code and no
algirithm (whenever possible) reuse.

Public symbols and struct layout must be kept in sync with the code
generation part. It casues violation of the style like with long filenames.

My previous comment was 'too perfect' and could trigger some unnecessary
attention.
2018-08-03 03:12:32 +00:00
kamil 9aff107674 Import micro-UBSan (ubsan.c)
This is a reimplementation of the Undefined Behavior Sanitizer with the
following properties:
 - pure and clean-room C implementation,
 - no -fsanitize=vpts support, as it requires RTTI support and C++
   low-level routies to validate whether C++ objects are compatible
 - designed to be used inside libc and known as uUBSan or user-UBSan
 - designed to be shared with kernel and known as kUBSan or kernel-UBSan
 - designed to be usable with ATF tests as a standalone runtime,
   reachable without any MK* switches
 - designed to be safer for hardening as it does not have side effects on
   executables like writing to a selected location on demand
 - controllable with environment variable LIBC_UBSAN with options:
   * a - abort on report
   * A - do not abort on a report (unless a failure is unrecoverable)
   * e - output report to stderr
   * E - do not output report on stderr
   * l - output report on syslog (LOG_DEBUG | LOG_USER)
   * L - do not output report on syslog
   * o - output report on stdout
   * O - do not output report on stdout
   The default options are: "AeLO".
 - compatible with Clang (3.8, 7.x) and GCC (6.x) code generation
 - all handlers (except =vptr) from Clang/LLVM up to 7svn are supported

Tested with Clang amd64+i386 and GCC amd64+i386.
2018-08-03 02:05:43 +00:00
ryo 82b677e373 strnlen(s, (size_t)-1) returned -1. it must return the length of s. 2018-08-01 17:09:26 +00:00
kamil 38a0dc974f Avoid undefined behavior in snprintb.c
Do not change the signedness bit with a left shift operation.
Switch to unsigned integer to prevent this.

snprintb.c:178:17, left shift of 1 by 31 places cannot be represented in type 'int'

Detected with micro-UBSan in the user mode.
2018-07-26 00:33:26 +00:00
kamil 4fb9e183e5 Avoid undefined behavior in an inet_addr.c
Do not change the signedness bit with a left shift operation.
Cast to unsigned integer to prevent this.

inet_addr.c:218:20, left shift of 131 by 24 places cannot be represented in type 'int'

Detected with micro-UBSan in the user mode.
2018-07-26 00:20:41 +00:00
kamil 4581cca75c Avoid undefined behavior in an cpuset.c
Do not change the signedness bit with a left shift operation.
Switch to unsigned integer to prevent this.

cpuset.c:112:18, left shift of 1 by 31 places cannot be represented in type 'int'

Detected with micro-UBSan in the user mode.
2018-07-26 00:13:19 +00:00
bouyer efd0e73e34 On Xen, always alias _atomic_cas_64 to _atomic_cas_cx8. AFAIK Xen doesn't
support CPUs that don't support cx8.
i386 XENPAE_DOMU boots again.
2018-07-18 13:39:36 +00:00
ryo 6c83813761 avoid reading from out of range that may cause access fault. 2018-07-09 06:07:06 +00:00
christos 3aee54a15e switch to FreeBSD's memmem (faster) 2018-07-08 17:53:12 +00:00
martin 23e81d3280 Complete previous by complteley removing the _DIAGASSERT from memmove -
the accidental left over from previous fired on all legitimate calls
and caused PR bin/52986 and PR lib/52987.
2018-02-12 11:14:15 +00:00
mrg 240c43e6ba - remove two more _DIAGASSERT() checks against not NULL for functions
with arguments with nonnull attributes.  in two cases, leave
  code behind that should set defaults to "(null)".
2018-02-06 09:28:48 +00:00
skrll b07568df9e Working / new versions from Ryo Shimizu 2018-02-04 21:52:16 +00:00
mrg 51502cf62d updates for GCC 6.4:
- remove many _DIAGASSERT() checks against not NULL for functions
  with arguments with nonnull attributes.  (probably more to come,
  the set between x86 and sparc us disjoint.)

- port libsanitizer's GetPcSpBp() to sparc, sparc64 and amd64.
2018-02-04 20:22:17 +00:00
mrg 8fdd01b3ee fixes for GCC 6:
- -Wstrict-prototypes is not available for C++, so don't try to
  ignore it for C++.
- remove many _DIAGASSERT() checks against not NULL for functions
  with arguments with nonnull attributes.  in two cases, leave
  code behind that should set defaults to "(null)".
- use -Wno-error=frame-address for i386 mcount, as it seems valid
  to assume the caller will have a frame.fair
2018-02-04 01:13:45 +00:00
kamil c5b83981a9 Add bunch of missing includes of namespace.h in libc
The NetBSD Standard C Library uses internally some of its functions with
a mangled symbol name, usually "_symbol". The internal functions shall not
use the global (public) symbols.

This change eliminates usage of the global changes of the following symbols:
 - strlcat -> _strlcat
 - sysconf -> __sysconf
 - closedir -> _closedir
 - fparseln -> _fparseln
 - kill -> _kill
 - mkstemp -> _mkstemp
 - reallocarr -> _reallocarr
 - strcasecmp -> _strcasecmp
 - strncasecmp -> _strncasecmp
 - strptime -> _strptime
 - strtok_r -> _strtok_r
 - sysctl -> _sysctl
 - dlopen -> __dlopen
 - dlclose -> __dlclose
 - dlsym -> __dlsym

Sponsored by <The NetBSD Foundation>
2018-01-04 20:57:28 +00:00
riastradh 969998948d Import SHA-3 code into libc and libkern.
No new public symbols in libc, but publishing the symbols is a simple
matter if/when we decide to do so.

Proposed on tech-kern and tech-userlevel with no objections:

https://mail-index.NetBSD.org/tech-kern/2017/11/11/msg022581.html
https://mail-index.NetBSD.org/tech-userlevel/2017/11/11/msg010968.html
2017-11-30 05:47:24 +00:00
tsutsui 6dd94d2a84 Restore a local change (in rev1.4) that was lost on zlib 1.12.10 merge.
The rev 1.4 changelog:
> Disable a sanity check output buffer != NULL in _STANDALONE case.
> Some kernels are loaded at address 0x0 by bootloaders and
> output buffer address could be zero in such case.
>
> Fixes "read text" errors on loading install floppy of NetBSD/news68k 4.0,
> reported by KIYOHARA Takashi on port-news68k.

This problem may also affect other m68k ports which use a gzipped install
kernel and kernel text address located at PA 0x0.

Should be pulled up to netbsd-8.
2017-11-12 07:55:05 +00:00
wiz aa4b308c77 Simplify, and comment out xrefs to non-existing pages. 2017-10-23 00:59:44 +00:00
abhinav bc341be216 Remove comma after last Nm entry in the NAME section 2017-10-22 15:34:13 +00:00
ryo 40a86c4b50 doesn't work new format 'F' with a strings of length 1, or a string beginning with 'F' 2017-10-14 18:41:41 +00:00
ryo 782b3eac39 * aarch64/memset.S didn't work! fixed some bugs.
* maximum size of DCZID_EL0:BS (2048) supported.
2017-08-29 15:00:23 +00:00
ryo f8d7b48458 aarch64/strlen.S didn't work. fixed some bugs. 2017-08-22 06:45:07 +00:00
joerg d88dcd0fdc Fix ISO C compliance: strtol of "0xX" should give the largest valid
numeric prefix, which is 0.
2017-07-06 21:08:44 +00:00
skrll 1c01928083 Comment alignment. No functional change. 2017-04-13 07:49:52 +00:00
njoly 656b88f2b5 Fix commas in NAME section. 2017-03-07 19:10:07 +00:00
joerg 6fbd2a0be4 Switch from __ABICALLS__ to __mips_abicalls like upstream GCC does in
the generic MIPS target logic.
2017-02-25 21:16:50 +00:00
abhinav b9a7c39267 Add entry for prop_ingest in the NAME section. 2017-02-12 16:18:48 +00:00
abhinav 3ed54b8d62 Use .Fn to refer a function name instead of Nm.
Also, use Xr to refer problib(3) in the HISTORY section instead of Nm.

While parsing the man pages, any .Nm occurrence gets replaced by the
value specified in the NAME section. Referencing individual function
names with .Nm was causing makemandb(8) to replicate the complete
NAME section for every such occurrence. This was leading to an
ugly looking snippet in apropos(1)'s output when searched for
any of these man pages.
2017-02-12 16:00:53 +00:00
pgoyette accf810fc9 Add the *_size() variants to the .Nm list so it will be found by
apropos(1).

While here, reorder the function lists to improve readability.
2017-02-05 00:47:33 +00:00
wiz 4cb81f1b9d Use just the right amount of commas. 2017-02-04 23:32:43 +00:00
christos 0d0d359801 call the proper size functions 2017-01-29 02:29:06 +00:00
christos fc9eacac98 missing brace 2017-01-29 02:07:57 +00:00
christos b87b6dbc49 fix args 2017-01-29 02:07:44 +00:00
pgoyette 7a4cf709e4 Update for the new *_size() functions recently added. Mention the
implicit size limit (128KB) for the functions which do not take an
explicit limit argument.
2017-01-29 01:38:02 +00:00