libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Kee

libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Keep those.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42385

(cherry picked from commit 559a218c9b257775fb249b67945fe4a05b7a6b9f)

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

vfs: add realpathat syscall

realpath(3) is used a lot e.g., by clang and is a major source of getcwd
and fstatat calls. This can be done more efficiently in the kernel.

This works by performing a r

vfs: add realpathat syscall

realpath(3) is used a lot e.g., by clang and is a major source of getcwd
and fstatat calls. This can be done more efficiently in the kernel.

This works by performing a regular lookup while saving the name and found
parent directory. If the terminal vnode is a directory we can resolve it using
usual means. Otherwise we can use the name saved by lookup and resolve the
parent.

See the review for sample syscall counts.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D23574

show more ...

Fix -Wsign-compare warnings in realpath.c

This is needed in order to build realpath.c as part of rtld.

libc: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
p

libc: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

show more ...

Style.

Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

Simplify cleanup on failure in realpath(3).

If realpath() allocated memory for result and failed, the memory is
freed in each place where return is performed. More, the function
needs to track the

Simplify cleanup on failure in realpath(3).

If realpath() allocated memory for result and failed, the memory is
freed in each place where return is performed. More, the function
needs to track the allocation status, to not free user-supplied
buffer.

Consolidate the memory handling in the wrapper, freeing the buffer if
the actual worker failed.

Reviewed by: emaste (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D10670

show more ...

Fix several buffer overflows in realpath(3).
- The statement "left_len -= s - left;" does not take the slash into
account if one was found. This results in the invariant
"left[left_len] == '\0'"

Fix several buffer overflows in realpath(3).
- The statement "left_len -= s - left;" does not take the slash into
account if one was found. This results in the invariant
"left[left_len] == '\0'" being violated (and possible buffer
overflows). The patch replaces the variable "s" with a size_t
"next_token_len" for more clarity.
- "slen" from readlink(2) can be 0 when encountering empty
symlinks. Then, further down, "symlink[slen - 1]" underflows the
buffer. When slen == 0, realpath(3) should probably return ENOENT
(http://austingroupbugs.net/view.php?id=825,
https://lwn.net/Articles/551224/).

Some other minor issues:
- The condition "resolved_len >= PATH_MAX" cannot be true.
- Similarly, "s - left >= sizeof(next_token)" cannot be true, as long
as "sizeof(next_token) >= sizeof(left)".
- Return ENAMETOOLONG when a resolved symlink from readlink(2) is too
long for the symlink buffer (instead of just truncating it).
- "resolved_len > 1" below the call to readlink(2) is always true as
"strlcat(resolved, next_token, PATH_MAX);" always results in a
string of length > 1. Also, "resolved[resolved_len - 1] = '\0';" is
not needed; there can never be a trailing slash here.
- The truncation check for "strlcat(symlink, left, sizeof(symlink));"
should be against "sizeof(symlink)" (the third argument to strlcat)
instead of "sizeof(left)".

Submitted by: Jan Kokemц╪ller <[email protected]>
PR: 219154
MFC after: 2 weeks

show more ...

realpath(): Properly fail "." or ".." components after non-directories.

If realpath() is called on pathnames like "/dev/null/." or "/dev/null/..",
it should fail with [ENOTDIR]. Pathnames like "/dev

realpath(): Properly fail "." or ".." components after non-directories.

If realpath() is called on pathnames like "/dev/null/." or "/dev/null/..",
it should fail with [ENOTDIR]. Pathnames like "/dev/null/" already failed as
they should.

Also, put the check for non-directories after lstatting the previous
component instead of when the empty component (consecutive or trailing
slashes) is detected, saving an lstat() call and some lines of code.

PR: kern/82980
MFC after: 2 weeks

show more ...

- Correct mispellings of the word occurrence

Submitted by: Christoph Mallon <[email protected]> (via private mail)

Avoid mapping ENOENT to ENOTDIR for non-existent path components.

The ENOTDIR mapping was introduced in r235266 for kern/128933 based on
an interpretation of the somewhat ambiguous language in the P

Avoid mapping ENOENT to ENOTDIR for non-existent path components.

The ENOTDIR mapping was introduced in r235266 for kern/128933 based on
an interpretation of the somewhat ambiguous language in the POSIX realpath
specification. The interpretation is inconsistent with Solaris and Linux,
a regression from 9.0, and does not appear to be permitted by the
description of ENOTDIR:

20 ENOTDIR Not a directory. A component of the specified pathname
existed, but it was not a directory, when a directory was
expected.

PR: standards/171577
MFC after: 3 days

show more ...

1) Although unpublished version of standard
http://austingroupbugs.net/view.php?id=385#c713
(Resolved state) recommend this way for the current standard (called
"earlier" in the text)

"However, earl

1) Although unpublished version of standard
http://austingroupbugs.net/view.php?id=385#c713
(Resolved state) recommend this way for the current standard (called
"earlier" in the text)

"However, earlier versions of this standard did not require this, and the
same example had to be written as:

// buf was obtained by malloc(buflen)
ret = write(fd, buf, buflen);
if (ret < 0) {
int save = errno;
free(buf);
errno = save;
return ret;
}
"

from feedback I have for previous commit it seems that many people prefer
to avoid mass code change needed for current standard compliance
and prefer to track unpublished standard instead, which requires now
that free() itself must save errno, not its usage code.

So, I back out "save errno across free()" part of previous commit,
and will fill PR for changing free() isntead.

2) Remove now unused serrno.

MFC after: 1 week

show more ...

1) IEEE Std 1003.1-2008, "errno" section, is explicit that

"The setting of errno after a successful call to a function is
unspecified unless the description of that function specifies that
errno sha

1) IEEE Std 1003.1-2008, "errno" section, is explicit that

"The setting of errno after a successful call to a function is
unspecified unless the description of that function specifies that
errno shall not be modified."

However, free() in IEEE Std 1003.1-2008 does not mention its interaction
with errno, so MAY modify it after successful call
(it depends on particular free() implementation, OS-specific, etc.).

So, save errno across free() calls to make code portable and
POSIX-conformant.

2) Remove unused serrno assignment.

MFC after: 1 week

show more ...

According to SUSv4, realpath(3) must fail if
[ENOENT] A component of file_name does not name an existing file or
file_name points to an empty string.
[ENOTDIR] A component of the path prefix is

According to SUSv4, realpath(3) must fail if
[ENOENT] A component of file_name does not name an existing file or
file_name points to an empty string.
[ENOTDIR] A component of the path prefix is not a directory, or the
file_name argument contains at least one non- <slash> character
and ends with one or more trailing <slash> characters and the last
pathname component names an existing file that is neither a
directory nor a symbolic link to a directory.
Add checks for the listed conditions, and set errno accordingly.

Update the realpath(3) manpage to mention SUS behaviour. Remove the
requirement to include sys/param.h before stdlib.h.

PR: 128933
MFC after: 3 weeks

show more ...

Fix a warning emitted by Clang.

The size passed to strlcat() must depend on the input length, not the
output length. Because the input and output buffers are equal in size,
the resulting binary does

Fix a warning emitted by Clang.

The size passed to strlcat() must depend on the input length, not the
output length. Because the input and output buffers are equal in size,
the resulting binary does not change at all.

show more ...

Fix some style(9) issues.
Do not use strlcpy() where simple assignment is enough.

Noted by: bde (long time ago)
MFC after: 1 week

MFC r206893:
Slightly modernize realpath(3).

SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with S

MFC r206893:
Slightly modernize realpath(3).

SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with SUSv4, adding restrict keywords.
Allow the resolved path buffer pointer be NULL, in which case realpath(3)
allocates storage with malloc().

MFC r206898:
Free() is not allowed to modify errno, remove safety brackets around it.
Add small optimization, do not copy a string to the buffer that is
to be freed immediately after.

MFC r206997:
Move realpath(3) prototype to a POSIX section.

MFC r206998:
Add standards section, improve wording, taking into account the handling
of NULL and changed type in declaration.

show more ...

Free() is not allowed to modify errno, remove safety brackets around it [1].
Add small optimization, do not copy a string to the buffer that is
to be freed immediately after.

Noted by: jh [1]
Review

Free() is not allowed to modify errno, remove safety brackets around it [1].
Add small optimization, do not copy a string to the buffer that is
to be freed immediately after.

Noted by: jh [1]
Reviewed by: jh
MFC after: 2 weeks

show more ...

Slightly modernize realpath(3).

SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with SUSv4, adding

Slightly modernize realpath(3).

SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with SUSv4, adding restrict keywords.
Allow the resolved path buffer pointer be NULL, in which case realpath(3)
allocates storage with malloc().

PR: kern/121897 [1]
MFC after: 2 weeks

show more ...

Fix stripping last path component when only one path component left.

PR: 52686
MFC after: 1 day

Back out the `hiding' of strlcpy and strlcat. Several people
vocally objected to this safety belt.

`Hide' strlcpy and strlcat (using the namespace.h / __weak_reference
technique) so that we don't wind up calling into an application's
version if the application defines them.

Inspired by: qpopper's

`Hide' strlcpy and strlcat (using the namespace.h / __weak_reference
technique) so that we don't wind up calling into an application's
version if the application defines them.

Inspired by: qpopper's interfering and buggy version of strlcpy

show more ...

BDE'ify

fix truncation check and buffer overflow check

- MAXPATHLEN -> PATH_MAX (pass correct buffer size to readlink as well)

Requested by: bde