General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier f

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

show more ...

Add comment on use of abort() in libc

Suggested by: jonathan (in review D8133)

abort in srandomdev if kern.arandom sysctl fails

The sysctl cannot fail. If it does fail on some FreeBSD derivative or
after some future change, just abort() so that the problem will be found
and fi

abort in srandomdev if kern.arandom sysctl fails

The sysctl cannot fail. If it does fail on some FreeBSD derivative or
after some future change, just abort() so that the problem will be found
and fixed.

While abort() is not normally suitable for a library, it makes sense
here.

This is akin to r306636 for arc4random.

Reviewed by: ed
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8077

show more ...

Fix typing of srandom() and initstate().

POSIX requires that these functions have an unsigned int for their first
argument; not an unsigned long.

My reasoning is that we can safely change these fun

Fix typing of srandom() and initstate().

POSIX requires that these functions have an unsigned int for their first
argument; not an unsigned long.

My reasoning is that we can safely change these functions without
breaking the ABI. As far as I know, our supported architectures either
use registers for passing function arguments that are at least as big as
long (e.g., amd64), or int and long are of the same size (e.g., i386).

Reviewed by: ache
Differential Revision: https://reviews.freebsd.org/D6644

show more ...

Micro optimize: C standard guarantees that right shift for unsigned value
fills left bits with zero, and we have exact 32bit unsigned value
(uint32_t), so there is no reason to add "& 0x7fffffff" her

Micro optimize: C standard guarantees that right shift for unsigned value
fills left bits with zero, and we have exact 32bit unsigned value
(uint32_t), so there is no reason to add "& 0x7fffffff" here.

MFC after: 1 week

show more ...

1) Unifdef USE_WEAK_SEEDING it is too obsolete to support and makes reading
harder.

2) ACM paper require seed to be in [1, 2^31-2] range, so use the same range
shifting as already done for rand(3).

1) Unifdef USE_WEAK_SEEDING it is too obsolete to support and makes reading
harder.

2) ACM paper require seed to be in [1, 2^31-2] range, so use the same range
shifting as already done for rand(3). Also protect srandomdev() + TYPE_0 case
(non default) from negative seeds.

3) Don't check for valid "type" range in setstate(), it is always valid as
calculated. Instead add a check that rear pointer not exceeed end pointer.

MFC after: 1 week

show more ...

1) POSIX prohibits printing errors to stderr here and require
returning NULL:

"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a

1) POSIX prohibits printing errors to stderr here and require
returning NULL:

"Upon successful completion, initstate() and setstate() shall return a
pointer to the previous state array; otherwise, a null pointer shall
be returned.

Although some implementations of random() have written messages to
standard error, such implementations do not conform to POSIX.1-2008."

2) Move error detections earlier to prevent state modifying.

MFC after: 1 week

show more ...

Renumber clauses to reduce diffs to other versions

NetBSD, OpenBSD, and Android's Bionic number the clauses 1 through 3,
so follow suit to make comparison easier.

Replace access to /dev/random with the kernel pseudo-random number
source sysctl(KERN_ARND) and remove the fallback code.

Obtained from: OpenBSD
Reviewed by: secteam
MFC after: 1 month

Remove undefined behavior from sranddev() and
srandomdev(). This doesn't actually work
with any modern C compiler:

In particular, both clang and modern gcc
verisons silently elide any xor operation

Remove undefined behavior from sranddev() and
srandomdev(). This doesn't actually work
with any modern C compiler:

In particular, both clang and modern gcc
verisons silently elide any xor operation
with 'junk'.

Approved by: secteam
MFC after: 3 days

show more ...

libc: Use O_CLOEXEC for various internal file descriptors.

This fixes a race condition where another thread may fork() before CLOEXEC
is set, unintentionally passing the descriptor to the child proc

libc: Use O_CLOEXEC for various internal file descriptors.

This fixes a race condition where another thread may fork() before CLOEXEC
is set, unintentionally passing the descriptor to the child process.

This commit only adds O_CLOEXEC flags to open() or openat() calls where no
fcntl(fd, F_SETFD, FD_CLOEXEC) follows. The separate fcntl() call still
leaves a race window so it should be fixed later.

show more ...

Slight stylification.

Make 'junk' volatile so that compilers won't be tempted to optimize

Reviewed by: ache
MFC after: 3 days

Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.

Use 'uint32_t' instead of 'long' when a 32-bit integer is intended.
This results in no functional change, aside from fixing a data
corruption bug on LP64 platforms. The code here could still use a
s

Use 'uint32_t' instead of 'long' when a 32-bit integer is intended.
This results in no functional change, aside from fixing a data
corruption bug on LP64 platforms. The code here could still use a
significant amount of cleanup.

PR: 56502
Submitted by: hrs (earlier version)

show more ...

For type 0 rng lower initial drop to 50, it is enough to hide linearity
Reorganize historic #ifdef section

For rand(3) and random(3) TYPE_0 drop NSHUFF values right after srand{om}()
to remove part of seed -> 1st value correlation. Correlation still remains
because of algorithm limits. Note that old algor

For rand(3) and random(3) TYPE_0 drop NSHUFF values right after srand{om}()
to remove part of seed -> 1st value correlation. Correlation still remains
because of algorithm limits. Note that old algorithm have even stronger
correlation, especially in the lower bits area, but not eye-visible, as
current one.

show more ...

Park & Miller PRNG can be safely initialized with any value but 0 and stuck
at 0 as designed. Its BSD adaptation tries to fight it by mapping 0 to
2147483647 after calculation, but this method not wo

Park & Miller PRNG can be safely initialized with any value but 0 and stuck
at 0 as designed. Its BSD adaptation tries to fight it by mapping 0 to
2147483647 after calculation, but this method not works since 2147483647
seed returns to 0 again on the next interation. Instead of after calculation
mapping, map 0 to another value _before_ calculation, so it never stucks.

show more ...

Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.

Remove __P() usage.

Remove 'register' keyword.

Add a long-overdue nail to the deprecated /dev/urandom interface
by asking some things that need unpredictable numbers to read
/dev/random instead.

urandom(4) -> random(4) in comments.

PR: 27858
Submitted by: Yoshihiro Koya <[email protected]>
Reviewed by: md5(1)
Approved by: markm

srand*dev() fallback code: change ^getpid() to ^(getpid() << 16) to allow
change of high word part too to produce more interesting seed distribution.

Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will

Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by: -arch

show more ...