The implementation is from NetBSD, with the addition of feature test macros
for readlink. glibc also wraps the following functions:
confstr, getdomainname, getgroups, gethostname, getlogin_r, getwd, pread,
readlinkat, ttyname_r.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
The Object Size Checking (-D_FORTIFY_SOURCE=*) functionality provides
wrappers around functions suspectible to buffer overflows. While
independent from Stack Smashing Protection (-fstack-protector*), they
are often used and implemented together.
While GCC also provides an implementation in libssp, it is completely
broken (CVE-2016-4973, RHBZ#1324759) and seemingly unfixable, as there
is no reliable way for a preprocessor macro to trigger a link flag.
Therefore, adding this here is necessary to make it work.
Note that this does require building gcc with --disable-libssp and
gcc_cv_libc_provides_ssp=yes.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
Since commit 8128f5482f2b1889e2336488e9d45a33c9972d11, we have all the
non-tracing functions listed in posixoptions(7). The tracing functions
are gated by their own option, and are obsolecent anyway.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
Difference to Linux: We can't create files which don't show up
in the filesystem due to OS restrictions. As a kludge, make a
(half-hearted) attempt to hide the file in the filesystem.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In order to avoid the year 2038 problem, define time_t to a signed
integer with at least 64-bits. The type for time_t can be forced to
long with the --enable-newlib-long-time_t configure option or with the
_USE_LONG_TIME_T system configuration define.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
This reverts most of commit 979d467ff6e39ee5c52cf1aac7a6c9c63058141c.
We cannot avoid some bareword attributes until clang is fixed to
properly support __-decorated attributes; see this bug:
https://bugs.llvm.org/show_bug.cgi?id=34319
The macros in question expand to the empty string under gcc, so
only compilation under clang is affected, and since clang has the
bug, the obvious solution is to roll back the changes, and document
the issue.
Signed-off-by: Eric Blake <eblake@redhat.com>
Always use the __-decorated form of an attribute name in public
headers, as the bareword form is in the user's namespace, and we
don't want compilation to break just because the user defines the
bareword to mean something else.
Signed-off-by: Eric Blake <eblake@redhat.com>
This fixes commit f70aad3de4d845f8b720010a2f8817db842d81e8 as well as some
other functions which were never properly guarded.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
In Newlib, the stdio streams are defined to thread-specific pointers
_reent::_stdin, _reent::_stdout and _reent::_stderr. In case
_REENT_SMALL is not defined, then these pointers are initialized via
_REENT_INIT_PTR() or _REENT_INIT_PTR_ZEROED() to thread-specific FILE
objects provided via _reent::__sf[3]. There are two problems with this
(at least in case of RTEMS).
(1) The thread-specific FILE objects are closed by _reclaim_reent().
This leads to problems with language run-time libraries that provide
wrappers to the C/POSIX stdio streams (e.g. C++ and Ada), since they
use the thread-specific FILE objects of the initialization thread. In
case the initialization thread is deleted, then they use freed memory.
(2) Since thread-specific FILE objects are used with a common output
device via file descriptors 0, 1 and 2, the locking at FILE object level
cannot ensure atomicity of the output, e.g. a call to printf().
Introduce a new Newlib configuration option _REENT_GLOBAL_STDIO_STREAMS
to enable the use of global stdio FILE objects.
As a side-effect this reduces the size of struct _reent by more than
50%.
The _REENT_GLOBAL_STDIO_STREAMS should not be used without
_STDIO_CLOSE_PER_REENT_STD_STREAMS.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Commit 8a3b3bb4d7224d419cc1a4af60ccf7e70edc876b changed the guard on
some functions from _POSIX_THREADS to __POSIX_VISIBLE. As a consequence,
some use of siginfo_t and pthread_t became visible under configurations
where _POSIX_THREADS is unset but __POSIX_VISIBLE is. Build then fails
because the definition of those types are still unavailable.
This commit make those type definition visible for __POSIX_VISIBLE
configurations. This requires moving the siginfo_t definition out of the
RTEMS specific definitions in sys/signal.h while still guarding it
against cygwin case.
There are two common sigpause variants, both of which take an int argument.
If you request _XOPEN_SOURCE or _GNU_SOURCE, you get the System V version,
which removes the given signal from the process's signal mask; otherwise
you get the BSD version, which sets the process's signal mask to the given
value.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
Split the QUEUE_MACRO_DEBUG into QUEUE_MACRO_DEBUG_TRACE and
QUEUE_MACRO_DEBUG_TRASH.
Add the debug macrso QMD_IS_TRASHED() and QMD_SLIST_CHECK_PREVPTR().
Document these in queue.3.
Reviewed by: emaste
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D3984
Add two new macros, SLIST_CONCAT and LIST_CONCAT. Note in both the
queue.h header file and in the queue.3 manual page that they are O(n) so
should be used only in low-usage paths with short lists (otherwise an
STAILQ or TAILQ should be used).
Reviewed by: kib
Make the system queue header file fully usable within C++ programs by
adding macros to define class lists.
This change is backwards compatible for all use within C and C++
programs. Only C++ programs will have added support to use the queue
macros within classes. Previously the queue macros could only be used
within structures.
The queue.3 manual page has been updated to describe the new
functionality and some alphabetic sorting has been done while
at it.
Differential Revision: https://reviews.freebsd.org/D2745
PR: 200827 (exp-run)
MFC after: 2 weeks
Add new FOREACH_FROM variants of the queue(3) FOREACH macros which can
optionally start the traversal from a previously found element by
passing the element in as "var". Passing a NULL "var" retains the same
semantics as the regular FOREACH macros.
Kudos to phk for suggesting the "FROM" suffix instead of my original
proposal.
Reviewed by: jhb (previous version), rpaulo
MFC after: 1 week
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
For example, the FreeBSD GCC (4.2.1) has a spotty support for that
feature. If the static keyword is used with an unnamed array parameter
in a function declaration, then the compilation fails with:
error: static or type qualifiers in abstract declarator
The feature does work if the parameter is named.
So, the restriction introduced in this commit can be removed when all
affected function prototypes have the workaround.
MFC after: 1 week
Sponsored by: Panzura
For consistency with the qualifiers added in r310977, define a new
qualifier _Null_unspecified which is also defined in clang 3.7+.
Add two new macros:
__NULLABILITY_PRAGMA_PUSH
__NULLABILITY_PRAGMA_POP
These are for use in headers when we want avoid noisy warnings if
some pointers are left without nullability annotations.
These are added with way ahead of their first use to teach the GCC
ports headers of their existance before their first use.
This was meant to be used by a future FORTIFY_SOURCE implementation.
Probably for good, FORTIFY_SOURCE and this particular GCCism were never
well supported by clang or other compilers. Furthermore, the technology
has long since been replaced by either static checkers, sanitizers, or
even just the strong stack protector that was enabled by default.
Drop __gnu_inline to avoid cluttering the headers.
MFC after: 5 days
Add two new qualifiers for use by the static checkers:
_Nonnull
The _Nonnull nullability qualifier indicates that null is not a meaningful
value for a value of the _Nonnull pointer type.
_Nullable
The _Nullable nullability qualifier indicates that a value of the
_Nullable pointer type can be null.
These were introduced in Clang 3.7. For more information, see:
http://clang.llvm.org/docs/AttributeReference.html#nonnull
We add these now without using them so that the GCC ports have time to
pick up the header change.
Hinted by: Android Bionic libc [1]
Also seen in: Apple's Libc-1158.20.4
[1]
baa2a973bd
C99 allows array function parameters to use the static keyword for their
sizes. This tells the compiler that the parameter will have at least the
specified size, and calling code will fail to compile if that guarantee is
not met. However, this syntax is not legal in C++.
This commit reverts r300824, which worked around the problem for
sys/md5.h only, and introduces a new macro: min_size(). min_size(x) can
be used in headers as a static array size, but will still compile in C++
mode.
Reviewed by: cem, ed
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D8277
fix a typo in __STDC_VERSION__ in __min_size requirements
MFC after: 1 week
Sponsored by: Panzura
It clashes with the one in libc++'s <atomic> header.
(Previously, the _Atomic() macro was defined in <stdatomic.h>, which is
only for use with C11, but for various reasons it was moved to its
current location in r251804.)
Discussed with: bdrewery, ed
MFC after: 2 weeks
The locale_t type is provided by <xlocale.h> on Linux, FreeBSD, and Darwin.
While, like on some of those systems, it is automatically included by
<locale.h> with the proper feature test macros, its presence under this
particular name is still presumed in real-world software.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
At the moment when targeting bare-metal targets or systems without
definition for the locking primitives newlib, uses dummy empty macros.
This has the advantage of reduced size and faster implementation but
does not allow the application to retarget the locking routines.
Retargeting is useful for a single toolchain to support multiple systems
since then it's only at link time that you know which system you are
targeting.
This patch adds a new configure option
--enable-newlib-retargetable-locking to use dummy empty functions
instead of dummy empty macros. The default is to keep the current
behavior to not have any size or speed impact on targets not interested
in this feature. To allow for any size of lock, the _LOCK_T type is
changed into pointer to struct _lock and the _init function are tasked
with allocating the locks. The platform being targeted must provide the
static locks. A dummy implementation of the locking routines and static
lock is provided for single-threaded applications to link successfully
out of the box.
To ensure that the behavior is consistent (either no locking whatsoever
or working locking), the dummy implementation is strongly defined such
that a partial retargeting will cause a doubly defined link error.
Indeed, the linker will only pull in the file providing the dummy
implementation if it cannot find an implementation for one of the
routine or lock.
- use of DEBUG flag is non-standard and interferes with other
project's using same flag
- change to be _REENT_CHECK_DEBUG which means the flag is
allowing debugging of _REENT_CHECK macros
- use #ifdef instead of #if
This makes it possible provide operating system specific types for
<pthread.h>. It is in line with the FreeBSD header file structure and
allows a future cleanup of <pthread.h> to not expose unrelated things
via <sys/types.h> and <unistd.h>. Glibc uses the similar
<bits/pthreadtypes.h> for this purpose.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Non-default visibility attributes are unsupported on PE/COFF, so don't
use in __hidden definition for Cygwin. Add comment.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Provide __intmax_t and __uintmax_t via <machine/_default_types.h> and
define intmax_t and uintmax_t in <sys/_stdint.h> for FreeBSD
compatibility.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Update the getconf utility to support the new flag as well as
_PC_POSIX_PERMISSIONS and _PC_POSIX_SECURITY. These were previously
unsupported, probably as an oversight.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>