Define _REENTRANT for MKSANITIZER build. This is needed for at least stdio
code. This caused new build issued with duplicated symbols in few places
and rump kernel code picking different code paths borrowed from libc.
Handle all this in one go.
Add bsd.sanitizer.mk to share common code used by programs and libraries.
Switch from realall to beforeinstall target in .syms files. This is more
reliable in MKSANITIZER.
C99, Sec. 7.19.6.1 `The fprintf function', paragraph 13, p. 281:
(Recommended practice)
For e, E, f, F, g, and G conversions, if the number of significant
decimal digits is at most DECIMAL_DIG, then the result should be
correctly rounded. If the number of significant decimal digits is
more than DECIMAL_DIG but the source value is exactly
representable with DECIMAL_DIG digits, then the result should be
an exact representation with trailing zeros. Otherwise, the
source value is bounded by two adjacent decimal strings L < U,
both having DECIMAL_DIG significant idgits; the value of the
resultant decimal string D should satisfy L <= D <= U, _with the
extra stipulation that the error should have a correct sign for
the current rounding direction_. [emphasis added]
The gdtoa code base already supports respecting the floating-point
rounding mode, as long as we compile it with Honor_FLT_ROUNDS
defined. However, for this to work, fegetround must be available in
libc, which it is not currently -- the fenv logic is in libm.
Fortunately, we don't have to move all of fenv from libm to libc --
programs that do not link against libm don't have fesetround, so the
rounding mode is always the default (barring asm shenanigans that
bypass the API -- tough). So use a weak reference to fegetround; by
default, assume FE_TONEAREST if it is not defined.
zic's new -b option supports a way to control data bloat and to
test for year-2038 bugs in software that reads TZif files.
'zic -b fat' and 'zic -b slim' generate larger and smaller output;
for example, changing from fat to slim shrinks the Europe/London
file from 3648 to 1599 bytes, saving about 56%. Fat and slim
files represent the same set of timestamps and use the same TZif
format as documented in tzfile(5) and in Internet RFC 8536.
Fat format attempts to work around bugs or incompatibilities in
older software, notably software that mishandles 64-bit TZif data
or uses obsolete TZ strings like "EET-2EEST" that lack DST rules.
Slim format is more efficient and does not work around 64-bit bugs
or obsolete TZ strings. Currently zic defaults to fat format
unless you compile with -DZIC_BLOAT_DEFAULT=\"slim\"; this
out-of-the-box default is intended to change in future releases
as the buggy software often mishandles timestamps anyway.
zic no longer treats a set of rules ending in 2037 specially.
Previously, zic assumed that such a ruleset meant that future
timestamps could not be predicted, and therefore omitted a
POSIX-like TZ string in the TZif output. The old behavior is no
longer needed for current tzdata, and caused problems with newlib
when used with older tzdata (reported by David Gauchard).
zic no longer generates some artifact transitions. For example,
Europe/London no longer has a no-op transition in January 1996.
Introduce two new ptrace() requests: PT_GETXSTATE and PT_SETXSTATE,
that provide access to the extended (and extensible) set of FPU
registers on amd64 and i386. At the moment, this covers AVX (YMM)
and AVX-512 (ZMM, opmask) registers. It can be easily extended
to cover further register types without breaking backwards
compatibility.
PT_GETXSTATE issues the XSAVE instruction with all kernel-supported
extended components enabled. The data is copied into 'struct xstate'
(which -- unlike the XSAVE area itself -- has stable format
and offsets).
PT_SETXSTATE issues the XRSTOR instruction to restore the register
values from user-provided 'struct xstate'. The function replaces only
the specific XSAVE components that are listed in 'xs_rfbm' field,
making it possible to issue partial updates.
Both syscalls take a 'struct iovec' pointer rather than a direct
argument. This requires the caller to explicitly specify the buffer
size. As a result, existing code will continue to work correctly
when the structure is extended (performing partial reads/updates).
mknod with mode & S_IFIFO and dev=0 shall behave like mkfifo.
Update the documentation to reflect this state.
Add ATF tests.
This is an in-kernel implementation as typically user-space programs use
mkfifo(2) directly, however whenever there is need to bypass libc (like in
valgrind) then portable POSIX software calls the mknod syscall.
Noted on tech-kern@ by Greg Troxel.
(Unclear why they were different, it was only the comments that
differed)
Add a comment describing why the generic version works for both 80-bit
and 128-bit double.
This fixes:
env TZ=Australia/Melbourne date
printing
Thu Apr 18 03:32:32 LMT 2019
instead of:
Thu Apr 18 03:32:32 AEST 2019
XXX: To be strictly correct, the tzgetname() call should probably take a time
reference point in order to return the appropriate zone name for the time
given.
The types array can have 0 elements (i.e. timecnt == 0), but the ttis array
needs to have one element (typecnt >= 1). Need to revisit and take into
account the types array.
then we try the non-dst name and finally we just print ??? if that did not
work. This is not needed to handle the "TZ= date" case which was crashing
before because the default timezone was not consistently initialized, but
should handle any timezone now.
Changes to code
zic now has an -r option to limit the time range of output data.
For example, 'zic -r @1000000000' limits the output data to
timestamps starting 1000000000 seconds after the Epoch.
This helps shrink output size and can be useful for applications
not needing the full timestamp history, such as TZDIST truncation;
see Internet RFC 8536 section 5.1. (Inspired by a feature request
from Christopher Wong, helped along by bug reports from Wong and
from Tim Parenti.)
Changes to documentation
Mention Internet RFC 8536 (February 2019), which documents TZif.
tz-link.html now cites tzdata-meta
<https://tzdata-meta.timtimeonline.com/>.
When auto scaling, and the buffer is bigger than big enough
for the biggest possible number, don't try and calculate
the max value that will fit in the buffer - that calc
will overflow (guaranteed) and is useless, the value
we're formatting cannot possibly be bigger. So simply
use the unscaled value (the raw number).
While here, also avoid returning values that are larger
than the buffer len ... while it would be nice to be able
to find out how big the buffer should be so the data will
fit, the interface doesn't really allow that (the buffer
length passed in controls the scaling - at least when
auto scaling) and the code already does "return -1" when
it detects the buffer length is too small, even before
it works out how much would have been needed. So, rather
than returning a value > len (while truncating the result
to fit in len ... all courtesy of snprintf()) return -1
in this case as well.
Also, allow suffix==NULL (meaning "") - there's no reason
not to, and requiring users to pass in an explicit "" is
not useful.
to the pthread tsd implementation when the main thread is created.
This corrects a problem where a process created keys before libpthread
was loaded (either from the libc constructor or because libpthread
was dlopened later). This fixes a problem with jemalloc which creates
keys in the constructor.
suffer from the same issue, since we don't decrement p->next, like
FreeBSD does because we don't have multibyte support (yet). We
choose to do this so we can fail faster and more predictably.
Here's the original FreeBSD message:
When passed the invalid regular expression "a**", the error is
eventually detected and seterr() is called. It sets p->error
appropriatly and p->next and p->end to nuls which is a never used char
nuls[10] which is zeros due to .bss initialization. Unfortunatly,
p_ere_exp() and p_simp_re() both have fall through cases where they set
the error, decrement p->next and access it which means a read from what
ever .bss variable comes before nuls.
Found with regex_test:repet_multi and CHERI bounds checking.
Reviewed by: ngie, pfg, emaste
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D10541
The bug is an out-of-bounds read detected with address sanitizer that
happens when 'sp' in p_b_coll_elems() includes NUL byte[s], e.g. if it's
equal to "GS\x00". In that case len will be equal to 4, and the
strncmp(cp->name, sp, len) call will succeed when cp->name is "GS" but the
cp->name[len] == '\0' comparison will cause the read to go out-of-bounds.
Checking the length using strlen() instead eliminates the issue.
The bug was found in LLVM with oss-fuzz:
https://reviews.llvm.org/D39380
Briefly:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01.
Changes to future timestamps
Due to a change in government, São Tomé and Príncipe switches back
from +01 to +00 on 2019-01-01 at 02:00. (Thanks to Vadim
Nasardinov and Michael Deckers.)
Release 2018h - 2018-12-23 17:59:32 -0800
Briefly:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21.
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move.
Metlakatla, Alaska observes PST this winter only.
Guess Morocco will continue to adjust clocks around Ramadan.
Add predictions for Iran from 2038 through 2090.
Changes to future timestamps
Guess that Morocco will continue to fall back just before and
spring forward just after Ramadan, the practice since 2012.
(Thanks to Maamar Abdelkader.) This means Morocco will observe
negative DST during Ramadan in main and vanguard formats, and in
rearguard format it stays in the +00 timezone and observes
ordinary DST in all months other than Ramadan. As before, extend
this guesswork to the year 2037. As a consequence, Morocco is
scheduled to observe three DST transitions in some Gregorian years
(e.g., 2033) due to the mismatch between the Gregorian and Islamic
calendars.
The table of exact transitions for Iranian DST has been extended.
It formerly cut off before the year 2038 in a nod to 32-bit time_t.
It now cuts off before 2091 as there is doubt about how the Persian
calendar will treat 2091. This change predicts DST transitions in
2038-9, 2042-3, and 2046-7 to occur one day later than previously
predicted. As before, post-cutoff transitions are approximated.
Changes to past and future timestamps
Qyzylorda (aka Kyzylorda) oblast in Kazakhstan moved from +06 to
+05 on 2018-12-21. This is a zone split as Qostanay (aka
Kostanay) did not switch, so create a zone Asia/Qostanay.
Metlakatla moved from Alaska to Pacific standard time on 2018-11-04.
It did not change clocks that day and remains on -08 this winter.
(Thanks to Ryan Stanley.) It will revert to the usual Alaska
rules next spring, so this change affects only timestamps
from 2018-11-04 through 2019-03-10.
Change to past timestamps
Kwajalein's 1993-08-20 transition from -12 to +12 was at 24:00,
not 00:00. I transcribed the time incorrectly from Shanks.
(Thanks to Phake Nick.)
Nauru's 1979 transition was on 02-10 at 02:00, not 05-01 at 00:00.
(Thanks to Phake Nick.)
Guam observed DST irregularly from 1959 through 1977.
(Thanks to Phake Nick.)
Hong Kong observed DST in 1941 starting 06-15 (not 04-01), then on
10-01 changed standard time to +08:30 (not +08). Its transition
back to +08 after WWII was on 1945-09-15, not the previous day.
Its 1904-10-30 change took effect at 01:00 +08 (not 00:00 LMT).
(Thanks to Phake Nick, Steve Allen, and Joseph Myers.) Also,
its 1952 fallback was on 11-02 (not 10-25).
This release contains many changes to timestamps before 1946 due
to Japanese possession or occupation of Pacific/Chuuk,
Pacific/Guam, Pacific/Kosrae, Pacific/Kwajalein, Pacific/Majuro,
Pacific/Nauru, Pacific/Palau, and Pacific/Pohnpei.
(Thanks to Phake Nick.)
Assume that the Spanish East Indies was like the Philippines and
observed American time until the end of 1844. This affects
Pacific/Chuuk, Pacific/Kosrae, Pacific/Palau, and Pacific/Pohnpei.
Changes to past tm_isdst flags
For the recent Morocco change, the tm_isdst flag should be 1 from
2018-10-27 00:00 to 2018-10-28 03:00. (Thanks to Michael Deckers.)
Give a URL to the official decree. (Thanks to Matt Johnson.)
This causes e.g. "ssh nosuchname" to print "No address associated with
hostname", which is correct, rather than "hostname nor servname
provided, or not known", which is not.
While libgcc adapts its float128 data structure to the endianness of
the architecture, the softfloat code in libc didn't. With both of
them handling the same values, softfloat must follow the toolchain.
OK: riastradh
The original implementation in OpenBSD returns "invalid" and avoids reading
the input string. The replaced behavior was interpreting the input string
ignoring the invalid arguments.
For some reason, fabs lives in libc, not in libm, and our tests now
detect when fabs or fabsl is missing from libm. For those ports that
sometimes have long double and sometimes don't, make it conditional.
Still missing: fabs _and_ fabsl on ia64. Need help from an itanium
wizard! Other portmasters: Please take a look and see if I missed
any ports that might have long double where this alias will not work.
receive overflow errors re-instating the default behavior to
silently ignore them as before 2018-03-19.
- Introduce a new kern.sooptions sysctl to control the default
behavior of socket options. Setting this to 0x4000 (SO_RERROR),
turns on receive overflow error reporting for all sockets.
- Change dhcpcd to turn on SO_RERROR on all its sockets.
As discussed in tech-net.
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to documentation
tzfile.5 has new sections on interoperability issues.
Changes to code
zic now always generates TZif files where time type 0 is used for
timestamps before the first transition. This simplifies the
reading of TZif files and should not affect behavior of existing
TZif readers because the same set of time types is used; only
their internal indexes may have changed. This affects only the
legacy zones EST5EDT, CST6CDT, MST7MDT, PST8PDT, CET, MET, and
EET, which previously used nonzero types for these timestamps.
Because of the type 0 change, zic no longer outputs a dummy
transition at time -2**59 (before the Big Bang), as clients should
no longer need this to handle historical timestamps correctly.
This reverts a change introduced in 2013d and shrinks most TZif
files by a few bytes.
zic now supports negative time-of-day in Rule and Leap lines, e.g.,
"Rule X min max - Apr lastSun -6:00 1:00 -" means the transition
occurs at 18:00 on the Saturday before the last Sunday in April.
This behavior was documented in 2018a but the code did not
entirely match the documentation.
localtime.c no longer requires at least one time type in TZif
files that lack transitions or have a POSIX-style TZ string. This
future-proofs the code against possible future extensions to the
format that would allow TZif files with POSIX-style TZ strings and
without transitions or time types.
A read-access subscript error in localtime.c has been fixed.
It could occur only in TZif files with timecnt == 0, something that
does not happen in practice now but could happen in future versions.
localtime.c no longer ignores TZif POSIX-style TZ strings that
specify only standard time. Instead, these TZ strings now
override the default time type for timestamps after the last
transition (or for all time stamps if there are no transitions),
just as DST strings specifying DST have always done.
leapseconds.awk now outputs "#updated" and "#expires" comments,
and supports leap seconds at the ends of months other than June
and December. (Inspired by suggestions from Chris Woodbury.)
Changes to documentation
New restrictions: A Rule name must start with a character that
is neither an ASCII digit nor "-" nor "+", and an unquoted name
should not use characters in the set "!$%&'()*,/:;<=>?@[\]^`{|}~".
The latter restriction makes room for future extensions (a
possibility noted by Tom Lane).
tzfile.5 now documents what time types apply before the first and
after the last transition, if any.
Documentation now uses the spelling "timezone" for a TZ setting
that determines timestamp history, and "time zone" for a
geographic region currently sharing the same standard time.
The name "TZif" is now used for the tz binary data format.
tz-link.htm now mentions the A0 TimeZone Migration utilities.
(Thanks to Aldrin Martoq for the link.)
This man-page first appeared before porting all the features to NetBSD and
actually Pad ones were never ported. Keeping it in the documentation is
misleading and actually caused bugs in handling of these functions in 3rd
party software.
there is no need to copy the path into the output buffer, it is already
there....
All this has to change to become compat with a forthcoming POSIX update.
Under the condition of MKLIBCSANITIZER==yes link ubsan.c into libc.
This is a clean-room reimplementation from scratch of the Undefined
Behavior runtime called micro-UBSan (or uBSan - user-UBSan).
Do not change the signedness bit with a left shift operation.
Cast to unsigned integer to prevent this.
ftok.c:56:10, left shift of 123456789 by 24 places cannot be represented in type 'int'
ftok.c:56:10, left shift of 4160 by 24 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
Do not change the signedness bit with a left shift operation.
Switch to unsigned integer to prevent this in the LAST_FRAG symbol.
xdr_rec.c:559:39, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:572:26, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:573:25, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:632:37, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:711:32, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:722:28, left shift of 1 by 31 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
Change the type of shifted value to unsigned to prevent altering the
signedness bit.
jemalloc.c:1707:14, left shift of 1 by 31 places cannot be represented in type 'int'
jemalloc.c:1724:15, left shift of 1 by 31 places cannot be represented in type 'int'
jemalloc.c:1840:28, left shift of 1 by 31 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
This change:
* Removes "options PERFCTRS", the associated includes, and the associated
ifdefs. In doing so, it removes several XXXSMPs in the MI code, which is
good.
* Removes the PMC code of ARM XSCALE.
* Removes all the pmc.h files. They were all empty, except for ARM XSCALE.
* Reorders the x86 PMC code not to rely on the legacy pmc.h file. The
definitions are put in sysarch.h.
* Removes the kern/sys_pmc.c file, and along with it, the sys_pmc_control
and sys_pmc_get_info syscalls. They are marked as OBSOL in kern,
netbsd32 and rump.
* Removes the pmc_evid_t and pmc_ctr_t types.
* Removes all the associated man pages. The sets are marked as obsolete.
Unportable left shift reported with MKSANITIZER=yes USE_SANITIZER=undefined:
# nm /usr/lib/libc.so|grep sanit
/public/src.git/lib/libc/citrus/modules/citrus_mapper_std.c:173:8: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Sponsored by <The NetBSD Foundation>
Changes to code
zic now accepts subsecond precision in expressions like
00:19:32.13, which is approximately the legal time of the
Netherlands from 1835 to 1937. However, because it is
questionable whether the few recorded uses of non-integer offsets
had subsecond precision in practice, there are no plans for tzdata
to use this feature. (Thanks to Steve Allen for pointing out
the limitations of historical data in this area.)
The code is a bit more portable to MS-Windows. Installers can
compile with -DRESERVE_STD_EXT_IDS on MS-Windows platforms that
reserve identifiers like 'localtime'. (Thanks to Manuela
Friedrich).
Changes to documentation and commentary
theory.html now outlines tzdb's extensions to POSIX's model for
civil time, and has a section "POSIX features no longer needed"
that lists POSIX API components that are now vestigial.
(From suggestions by Steve Summit.) It also better distinguishes
time zones from tz regions. (From a suggestion by Guy Harris.)
Commentary is now more consistent about using the phrase "daylight
saving time", to match the C name tm_isdst. Daylight saving time
need not occur in summer, and need not have a positive offset from
standard time.
Commentary about historical transitions in Uruguay has been expanded
with links to many relevant legal documents.
(Thanks to Tim Parenti.)
Commentary now uses some non-ASCII characters with Unicode value
less than U+0100, as they can be useful and should work even with
older editors such as XEmacs.
Add support for tracing vfork(2) events in the context of ptrace(2).
This API covers other frontends to fork1(9) like posix_spawn(2) or clone(2),
if they cause parent to wait for exec(2) or exit(2) of the child.
Changes:
- Add new argument to sigswitch() determining whether we need to acquire
the proc_lock or whether it's already held.
- Refactor fork1(9) for fork(2) and vfork(2)-like events.
Call sigswitch() from fork(1) for forking or vforking parent, instead of
emitting kpsignal(9). We need to emit the signal and suspend the parent,
returning to user and relock proc_lock.
- Add missing prototype for proc_stop_done() in kern_sig.c.
- Make sigswitch a public function accessible from other kernel code
including <sys/signalvar.h>.
- Remove an entry about unimplemented PTRACE_VFORK in the ptrace(2) man page.
- Permin PTRACE_VFORK in the ptrace(2) frontend for userland.
- Remove expected failure for unimplemented PTRACE_VFORK tests in the ATF
ptrace(2) test-suite.
- Relax signal routing constraints under a debugger for a vfork(2)ed child.
This intended to protect from signaling a parent of a vfork(2)ed child that
called PT_TRACE_ME, but wrongly misrouted other signals in vfork(2)
use-cases.
Add XXX comments about still existing problems and future enhancements:
- correct vfork(2) + PT_TRACE_ME handling.
- fork1(2) handling of scenarios when a process is collected in valid but
rare cases.
All ATF ptrace(2) fork[1-8] and vfork[1-8] tests pass.
Fix PR kern/51630 by Kamil Rytarowski (myself).
Sponsored by <The NetBSD Foundation>
sevan