Bug 189941 - [libc] getgroups(2) implements first argument as unsigned int
Summary: [libc] getgroups(2) implements first argument as unsigned int
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: Normal Affects Only Me
Assignee: Warner Losh
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-19 10:30 UTC by Peter Holm
Modified: 2021-08-07 00:05 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Holm freebsd_committer freebsd_triage 2014-05-19 10:30:00 UTC
Passing -1 as gidsetlen is not detected. Discovered by ATF. Caught on Ubuntu and OS/X.

How-To-Repeat: #include <err.h>
#include <errno.h>
#include <unistd.h>
#include <sys/param.h>

int
main(void)
{
        gid_t gidset[NGROUPS_MAX];

        if (getgroups(-1, gidset) != -1)
                errx(1, "getgroups(-1, ...) must fail.");
        else
                if (errno != EINVAL)
                        err(1, "getgroups(-1, ...) failed.");

        return (0);
}
Comment 1 Bruce Evans freebsd_committer freebsd_triage 2014-05-20 09:14:43 UTC
On Mon, 19 May 2014, Peter Holm wrote:

>> Description:
> Passing -1 as gidsetlen is not detected. Discovered by ATF. Caught on Ubuntu and OS/X.

A typical error from abusing an unsigned variable as a counter.  This doesn't
even match the API.  This bug was in 4.4BSD.

The fix seems to be almost as simple as changing the u_int for getgroups()
in syscalls.master to int.  Also change 3 corresponding u_int's in
kern_prot.c

setgroups() has the same API design error, but there it reduces to an
obfuscated way to check for invalid counts (for getgroups(), negative
counts are automatically detected as invalid, since they are too small
to hold any actual number of groups).  For setgroups(), negative counts
are are type-punned to become large unsigned counts, so they are
obfuscatedly detected as invalid because they are larger than any actual
number for {NGROUPS_MAX}.  The check for that should for negative counts.

Grepping for u_ in syscalls.master shows abuse of u_int for almost all
uses:
- dup, dup2: not even wrong, modulo type puns being benign.  These syscalls
    take int args, but syscalls. master says that they take u_int args.
    This converts the ints to u_ints using a type pun.  But the kernel
    converts these u_ints back to ints at the top level.  Obfuscated
    tests for negative values for file descriptors using the unsigned
    hack have (all?) been fixed in at least kern_descrip.c too.
- profil: correct
- getlogin: POSIX specifies size_t for getlogin_r(3), but FreeBSD still
    uses int.  The getlogin syscall is not directly available, but is
    closer to getlogin_r(3) than getlogin(3).  It uses u_int where the
    FreeBSD API says int.  This sort of works.  It is an obfuscated way
    of giving the POSIX semantics instead of the documented semantics.
    An arg of -1 doesn't mean -1, but means SIZE_MAX in POSIX and UINT_MAX
    in FreeBSD.  This is a physically impossible size (except on 64-bit
    systems while the punned FreeBSD semantics), but the POSIX semantics
    don't allow detecting it as an error, and the FreeBSD behaviour is to
    reduce it to MAXLOGNAME.  The behaviour is undefined in most cases if
    the arg is -1, but in practice the syscall will do the right thing if
    the buffer has size >= MAXLOGNAME.
- getgroups, setgroups: see above
- getitimer, setitimer: like setgroups (just the unsigned hack, but the
    range checking is slightly more obfuscated: the valid values are 0,
    1 and 2, so checking for the unsigned value being <= {the one that
    happens to be 2} gives an obfuscated quick check for the value being
    one of these three.
- gethostname: POSIX specifies size_t.  FreeBSD documents size_t, but
    actually uses u_int.  On 64-bit arches, the buffer may have the silly
    but valid size of 2**32.  This is blindly truncated to 0 so the syscall
    fails.  The arg is converted back to size_t at the top level in the
    kernel so as to pass the address of a size_t to another function,
    but it has already been truncated then.  Similar truncation breaks the
    accidental change to POSIX semantics in some cases in getlogin_r.
- sethostname: not in POSIX.  FreeBSD still documents int, but still
    actually uses u_int.  The arg is converted back to size_t too late to
    preserve it, as for gethostname.
- readv, writev: POSIX and FreeBSD document that the iovcnt arg is int.
    FreeBSD type puns it to u_int, then converts this to size_t before
    using it as an arg for copyin*().  No errror checking is done except
    in copyin*() where the error checking is adequate.  -1 becomes UINT_MAX
    vua the type pun, but is not increased further to SIZE_MAX on 64-bit
    arches.  U_INT is usually too large, so the result is probably EFAULT.
- getrlimit, setrlimit.  Like getitimer and setitimer, except the there
    is a macro to de-obfuscate the upper limit.  In the same file, the
    'which' variable for get/setpriority is handled quite differently.
    It is left as an int and checked using a case statement.
- getdirentries: just the unsigned hack
- __sysctl: at least matches the documented API.  The API uses u_int for
    small counts and size_t for large counts.  Old APIs don't have the
    design error of using u_int where int would do.  New APIs mostly
    use size_t excessively.  My grep doesn't find these.  It finds this
    one since it has a strange mixture of u_int and size_t.
- poll: correct, I think.  POSIX specifies nfds_t, and IIRC has the design
    errors of requiring this to be unsigned and having excessive typedefs
    for the function.  FreeBSD spells it u_int to avoid some namespace
    pollution.  It should spell it nfds_t except in syscalls.master and
    files generated from it.
- preadv, pwritev: like readv, writev (?)
- __getcwd: POSIX specifies size_t and FreeBSD documents size_t for getcwd().
    Using u_int probably gives the usual truncation bugs.
- *audit*: not checked.  The only set of new APIs that uses u_int.  About
    25 years anachronistic with C90's and POSIX's converting even old APIs
    to use size_t.
- _umtx_op: not checked
- *cap*: not checked.  Mostly not count args or plain u_int.  It mispells
    uint64_t as u_int64_t.  The correct spelling uint* is used for just 1
    syscall, and my grep for u_ didn't find it.  This use seems to be to
    avoid namespace pollution, so it is correct.  This points to further
    uses of unsigned types which were hidden by althernative spellings.
    The style bug of using 'unsigned' is used a bit:
    - nmount: uses 'unsigned int'.  Otherwise like writev (?), except the
      documented API also has this bug.
    - *ksem*, *kmq*: uses 'unsigned int'.  Not checked.  Seems to be
      undocumented.
    - jail_get, jail_set: like nmount.

Stress and regression tests could try to find bugs in all of the above,
but I code inspection only found the harmless truncation bugs for u_int
instead of size_t in addition to the one in the PR.  The one in the
PR is a rare case where the unsigned comparison hack doesn't give
fail-safe behaviour.

Bruce
Comment 2 commit-hook freebsd_committer freebsd_triage 2014-10-23 05:58:33 UTC
A commit references this bug:

Author: ngie
Date: Thu Oct 23 05:58:03 UTC 2014
New revision: 273517
URL: https://svnweb.freebsd.org/changeset/base/273517

Log:
  Expect getgroups_err to fail on FreeBSD

  PR: 189941
  Submitted by: pho
  Sponsored by: EMC / Isilon Storage Division

Changes:
  head/contrib/netbsd-tests/lib/libc/sys/t_getgroups.c
Comment 3 commit-hook freebsd_committer freebsd_triage 2014-12-31 20:13:52 UTC
A commit references this bug:

Author: ngie
Date: Wed Dec 31 20:13:40 UTC 2014
New revision: 276478
URL: https://svnweb.freebsd.org/changeset/base/276478

Log:
  MFC r272343,r272458,r272890,r272891,r272901,r272902,r272903,r272905,r272908,r272909,r272910,r272914,r272915,r272979,r272980,r273010,r273011,r273012,r273015,r273017,r273019,r273020,r273021,r273022,r273023,r273024,r273025,r273389,r273390,r273391,r273393,r273395,r273396,r273397,r273410,r273516,r273517,r273520,r273521,r273522,r273523,r273524,r273525,r273526,r273527,r273528,r273529,r273530,r273533,r273534,r273535,r273536,r273537,r273538,r273539,r273540,r273572,r273574,r273578,r273579,r273591,r273592,r273928,r273933,r273935,r273936,r273937,r273938,r273942,r273943,r273945,r273946,r273947,r273948,r273949,r273950,r273951,r273952,r274061,r274062,r274066,r274067,r274072,r274074,r274079,r274090,r274142,r274143,r274571,r274572,r274573,r274574,r274575,r274576,r274577,r274579,r274597,r274598,r274599,r274600,r274601,r274626,r275033,r276046,r276430:

  r272343:
  r272458:

    Import the NetBSD test suite from ^/vendor/NetBSD/tests/09.30.2014_20.45 ,
    minus the vendor Makefiles

    Provide directions for how to bootstrap the vendor sources in
    FREEBSD-upgrade

    MFC after 2 weeks
    Discussed with: rpaulo
    Sponsored by: EMC / Isilon Storage Division

  r272890:

    Only build/run hsearch_basic and hsearch_r_basic on NetBSD

    hdestroy1 is not present on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r272891:

    Expect SIGSEGV in lib/libc/stdlib/t_getenv:setenv_basic

    See bin/189805 for more details

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r272901:

    Disable tests that don't pass on FreeBSD due to missing support in
    humanize_number(3). Bringing in additional revisions from NetBSD's
    humanize_number(3) will fix the tests

    Account for the fact that util.h on NetBSD is libutil.h on FreeBSD

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r272902:

    Add missing #include <sys/time.h> for gettimeofday

    Sponsored by: EMC / Isilon Storage Division

  r272903:

    FreeBSD returns ENOTTY instead of EBADF in ttyname_r; mark it as an expected
    failure

    PR: 191936

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r272905:

    FreeBSD doesn't support strings greater than MAXHOSTNAMELEN-1 in
    {get,set}{domain,host}name. Adjust the tests to not exceed that
    value when testing out the code

    Add a positive and negative test for MAXHOSTNAMELEN-1 and
    MAXHOSTNAMELEN, respectively

    PR: 181127
    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r272908:

    Disable the invalid pointer test on FreeBSD

    FreeBSD segfaults on invalid pointers passed to getcwd because it throbs the
    address passed in in libc, whereas NetBSD just passes the information off to
    the syscall, which allows the kernel to return EFAULT on bad pointers.

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r272909:

    Handle getting/setting niceness/priority correctly on FreeBSD vs NetBSD

    This might be fallout from PR: 189821

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r272910:

    SIGPWR does not exist on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r272914:

    Skip over t_spawn_open_nonexistent_diag because it requires NetBSD specific
    additions to posix_spawn

    Sponsored by: EMC / Isilon Storage Division

  r272915:

    Port the testcase to FreeBSD

    - Make #include path to h_macros.h a non-relative path
    - __gl_stat_t is synonymous with struct stat on FreeBSD
    - FreeBSD doesn't have _DIRENT_RECLEN
    - Skip over glob_star on FreeBSD (testcase doesn't pass)

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r272979:

    Only #include <sys/tls.h> on NetBSD

    Sponsored by: EMC / Isilon Storage Division

  r272980:

    #include libutil.h for fparseln on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r273010:

    Implement 64MB memory limit for test to ensure that it fails reliably in
    600 seconds; it would previously fail inconsistently when run in some virtual
    machine configurations

    This patch might need to be reverted or revisited later (see the attached PR
    for more details)

    PR: 169302

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273011:

    Fix compilation errors with missing wide-type headers and fix compilation
    warnings with -Wformat

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273012:

    - Add libutil #include for fparseln
    - Change ATF_REQUIRE_EQ_MSG to ATF_CHECK_EQ_MSG to gather all failing results
      possible (currently 12 with leftassoc)
    - Mark leftassoc "atf_tc_expect_fail" on FreeBSD (PR coming soon after further
      analysis is done on the code)

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273015:

    Expect nice_err to fail on FreeBSD with unprivileged users

    PR: 189821
    Sponsored by: EMC / Isilon Storage Division

  r273017:

    Add #include <stdio.h> for printf

    Sponsored by: EMC / Isilon Storage Division

  r273019:

    Do initial port of contrib/netbsd-tests/lib/libc/locale

    t_io:
    - Expect failures potentially related to implementation-specific knowledge of
    the zh_TW.Big5 locale [*]

    t_mbrtowc:
    - Handle unknown locales more gracefully (do not test if the locale doesn't
    exist)
    - Expect failure with mbrtowc_internal dealing with Japanese locales
    (potentially related to implementation detail knowledge of the ja_* locales) [*].

    t_mbstowcs, t_mbtowc, t_wctomb:
    - Handle unknown locales more gracefully (do not test if the locale doesn't
    exist)

    t_wcstod:
    - Treat FreeBSD like NetBSD and Linux in the XXX: FIXME section

    [*] More investigation is required to determine the root cause of the failures

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273020:

    memmem with NUL length "needle" (aka small) strings on FreeBSD/OSX returns
    NULL instead of the "haystack" value (aka big)

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273021:

    Use 1 as a random seed, as recommended in srandom(3). Adjust the random values
    accordingly

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273022:

    Add #include <stdio.h> to get sys_nerr definition

    Sponsored by: EMC / Isilon Storage Division

  r273023:

    __isnanl is automatically picked according to data type in <math.h>. There
    isn't a need for the explicit __isnanl test

    Sponsored by: EMC / Isilon Storage Division

  r273024:

    Only test the return value in mktime_negyear

    Testing for the errno is an optional requirement according to POSIX, and
    FreeBSD doesn't document that errno would be set on failure with mktime

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273025:

    Change ATF_REQUIRE_MSG calls to ATF_CHECK_MSG to get as many errors as possible

    t_strptime:common..
    - Expect the testcase body as a whole to fail. Multiple PRs will be filed to
    track the issues (there are 18 check failures)

    t_strptime:day..
    - %EA and %OA seem to be case insensitive on FreeBSD

  r273389:

    Port lib/libc/gen/t_siginfo to FreeBSD

    - mcontext_t on FreeBSD doesn't have a __gregs field (it's split out on FreeBSD
    into separate fields). In order to avoid muddying the test code with MD code,
    the debugging trace info has not been implemented
    - FreeBSD does not implement the si_stime and si_utime fields in siginfo_t, so
    omit the debugging code that dumps the values
    - sys/inttypes.h doesn't exist on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r273390:

    libutil.h is required for fparseln on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r273391:

    Add missing #include for sys/stat.h for fchmod

    Sponsored by: EMC / Isilon Storage Division

  r273393:

    Port t_write to FreeBSD

    - Mark the signo variable for the signal handle __unused
    - Use limits.h instead of sys/syslimits.h (the latter does not
    exist on FreeBSD)

    Sponsored by: EMC / Isilon Storage Division

  r273395:

    Mark osi __unused so this compiles cleanly on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r273396:

    unlink("/") fails with EISDIR instead of EBUSY on FreeBSD; test for that
    instead

    Sponsored by: EMC / Isilon Storage Division

  r273397:

    Port t_chroot to FreeBSD

    - Add missing #include sys/stat.h for mkdir(2)
    - Omit the fchroot(2) tests because the support is not present on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r273410:

    Add sys/socket.h #include for bind(2), et al

    Sponsored by: EMC / Isilon Storage Division

  r273516:

    Add netinet/in.h for struct sockaddr_in

    Sponsored by: EMC / Isilon Storage Division

  r273517:

    Expect getgroups_err to fail on FreeBSD

    PR: 189941
    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273520:

    Port t_pipe2.c to FreeBSD

    - Omit the pipe2_nosigpipe testcase on FreeBSD (FreeBSD doesn't have
      O_NOSIGPIPE).
    - Convert "fcntl(n, F_CLOSEM)" to "closefrom(n)".
    - Save and restore the resource limit on the number of files (RLIMIT_NOFILE).

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273521:

    Convert "fcntl(n, F_CLOSEM)" to "closefrom(n)"

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273522:

    - Mark unused parameters __unused in handler
    - Call sigqueue with getpid() instead of 0 -- the latter idiom appears to only
    be valid on NetBSD

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273523:

    Add limits.h #include for LINE_MAX

    Sponsored by: EMC / Isilon Storage Division

  r273524:

    Add sys/socket.h #include for struct sockaddr_in

    Sponsored by: EMC / Isilon Storage Division

  r273525:

    Port t_mmap.c to FreeBSD

    - Add needed headers for the testcases
    - Omit mmap_block on non-NetBSD OSes
    - Use "security.bsd.map_at_zero" instead of "vm.user_va0_disable"

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273526:

    Omit the pollts testcases on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r273527:

    Omit all of the testcases as revoke(2) is only implemented on devfs(5)

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273528:

    Mark signo __unused in handler(..)

    Sponsored by: EMC / Isilon Storage Division

  r273529:

    - Omit the poll testcases on FreeBSD (they require pollts)
    - Add necessary headers for the testcases

    Sponsored by: EMC / Isilon Storage Division

  r273530:

    Add limits.h #include for INT_MAX

    Sponsored by: EMC / Isilon Storage Division

  r273533:

    Use <atf_srcdir>/truncate_test.root_owned instead of /usr/bin/fpr as fpr does
    not exist on FreeBSD

    truncate_test.root_owned will be generated at build time and owned by root

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273534:

    - Mark sig/signo __unused
    - Do not provide a relative path via #include "h_macros.h"

    Sponsored by: EMC / Isilon Storage Division

  r273535:

    - Omit setrlimit_nthr testcase on FreeBSD (requires lwp.h, et al)
    - Expect overflow with rlim_max at INT64_MAX, not UINT64_MAX (rlim_t is int64_t
    on FreeBSD)

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273536:

    Add limits.h #include for SSIZE_MAX

    Sponsored by: EMC / Isilon Storage Division

  r273537:

    Add limits.h #include for SSIZE_MAX

    Sponsored by: EMC / Isilon Storage Division

  r273538:

    Fix a typo (__FreeBSD__ -> __NetBSD__ when omitting setrlimit_nthr)

  r273539:

    Mark signum __unused

    Sponsored by: EMC / Isilon Storage Division

  r273540:

    Omit the mprotect_exec testcase on FreeBSD

    Sponsored by: EMC / Isilon Storage Division

  r273572:

    - Ignore EINVAL check with mknod(path, S_IFCHR, -1) as the testcase is always
      executed on a non-devfs filesystem
    - Expect mknod(path, S_IFREG, 0) to fail on FreeBSD

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273574:

    - Test for EINVAL requirement when passing an invalid flag in to msync(2)
    - Expect ENOMEM instead of EFAULT when msync'ing a previously munmap'ed region
      on FreeBSD

    Submitted by: pho
    Sponsored by: EMC / Isilon Storage Division

  r273578:

    - Add inttypes.h and stdint.h in lieu of int_limits.h from NetBSD
    - Use #include "h_macros.h" instead of relative path analog

    Sponsored by: EMC / Isilon Storage Division

  r273579:

    - Mark signo __unused in the signal handler function
    - Effectively #if 0 out some code that does not fail on FreeBSD

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273591:

    Correct my previous commit:

    - getrusage_utime_back succeeds reliably on FreeBSD
    - getrusage_utime_zero passes/fails in a seemingly non-deterministic manner.
      Skip it for now (and fix it later)

    In the initial port of this testcase to FreeBSD, the results failed reliably
    in the same manner as it does on NetBSD

    Sponsored by: EMC / Isilon Storage Division

  r273592:

    - Add sys/types.h for the APIs in sys/sysctl.h
    - Poke at VM_MIN_ADDRESS in machine/vmparam.h because FreeBSD doesn't have a
      vm.minaddress sysctl analog
    - Expect ENOMEM instead of EAGAIN in mlock_limits
    - Provide mlock an mmap'ed page twice to simulate MAP_WIRED on NetBSD

    In collaboration with: pho
    Sponsored by: EMC / Isilon Storage Division

  r273928:

    Put mtree test files into a subdirectory.

    Kyua 0.11 points TMPDIR to the test's work directory, and atf_check creates
    auxiliary files in TMPDIR.  This confuses a couple of mtree tests that were
    using the work directory's root to validate the contents of the directory.

    Fix the two affected tests by creating an auxiliary directory to use for
    the mtree tests.  (Kyua should probably do this on its own; filed bug #133
    upstream to take a look at this.)

  r273933:

    Don't prune duplicate services in the expected output from /etc/services on
    FreeBSD

    Submitted by: pho

  r273935:

    Port tests to FreeBSD/Linux

    Some of the testcases don't work outside of NetBSD, and the behavior of
    ether_aton_r differs between FreeBSD, Linux, and NetBSD, and the calls to the
    API need to be massaged for FreeBSD and Linux.

    Submitted by: pho

  r273936:

    Port lib/libc/net/h_dns_server to FreeBSD

    Submitted by: pho

  r273937:

    Port lib/libc/sys/t_dup to FreeBSD/Linux

    - The requirements differ between FreeBSD/Linux when dealing with oldd/newd
      being equal (both fail with EINVAL, not EBADF)
    - Add an EBADF testcase
    - Fix compilation issues on clang

    In collaboration with: pho

  r273938:

    getitimer on FreeBSD returns the last set time instead of the remaining time;
    test for that instead

    Submitted by: pho

  r273942:

    Skip :sethostname_basic because it messes up the test host's hostname

    Convert code from #if defined(__FreeBSD__) to #ifdef __FreeBSD__

  r273943:

    Port t_kevent to FreeBSD

    Submitted by: pho

  r273945:

    Port t_mincore to FreeBSD

    Mark :mincore_resid as atf_tc_expect_fail on FreeBSD because of new bug
    discovered in running the tests (it succeeded from earlier on in the year to
    September/October on FreeBSD, at least)

    Submitted by: pho

  r273946:

    Port h_atexit to FreeBSD

    __cxa_atexit varies between FreeBSD and NetBSD, and thus we must use pointers
    instead of static fields in the BSS. More extensive discussion is included in
    the source code

    In collaboration with: kib
    Submitted by: pho

  r273947:

    Expect :snprintf_posarg_error to blow up with a SIGSEGV on !NetBSD OSes

  r273948:

    Disable testcases 12 and 15-22 on FreeBSD

    Submitted by: pho

  r273949:

    Add new atf_tc_expect_fail to fflush_err; this is a new (within the past couple months) bug

  r273950:

    Skip :fopen_regular on !NetBSD because it's a NetBSD specific test

    Submitted by: pho

  r273951:

    Expect :sscanf_whitespace to fail on !NetBSD OSes

    Submitted by: pho

  r273952:

    Port h_hash and t_sha2 to FreeBSD

    t_sha2 contains dirty copy-paste hacks that need to be fixed with the openssh
    OpenBSD compat layer

    Submitted by: pho

  r274061:

    Port t_db.sh to FreeBSD

    - The blocksize on FreeBSD is 32kB, not 64kB
    - Add some detection for MK_DICT == no; /nonexistent is echoed along with
      atf_skip to ensure that the test will fail if dict(..) is called in the
      non-final stage of the pipeline

    Submitted by: pho

  r274062:

    inet_network on FreeBSD returns NULL when provided "0x" to inet_network

    Submitted by: pho

  r274066:

    Port lib/libc/ssp to FreeBSD

    In most cases, the buffers and data were resized, but when dealing with the
    helpers, some of the code was adjusted to fail more reliably

    Submitted by: pho

  r274067:

    rpc_control on FreeBSD is a public-ish API (not prefixed with __), not private
    like NetBSD

    Submitted by: pho

  r274072:

    Finish off lib/libc/stdlib/t_strtod.c port by checking for "y" twice on
    FreeBSD, and always assume long long double exists on FreeBSD

    Submitted by: pho

  r274074:

    Add Makefile snippet to ease porting NetBSD testcases to FreeBSD from
    contrib/netbsd-tests

    This Makefile snippet handles polluting testcases with -lnetbsd, specific
    headers for ATF version differences, and does necessary rewriting for the
    testcases to match the format discussed on the TestSuite wiki page
    (t_<foo> -> <foo>_test)

    One must define SRCTOP (inspired by projects/bmake), OBJTOP, and TESTSRC
    (e.g. contrib/netbsd-tests/lib/libc/gen) to use the Makefile snippet

    Test programs are specific either via NETBSD_ATF_TESTS_C or NETBSD_ATF_TESTS_SH

    C++ analogs aren't currently implemented.

    The imported testcases will be cleaned up to use this Makefile snippet pseudo
    "API".

  r274079:

    Import proper fix for misc/49356 (/usr/include/atf-c/config.h) after atf-c/config.h
    was removed from the build

    Pointyhat to: me (again, for not running make delete-old after running test builds)

  r274090:

    Fix the Jenkins test run by skipping the negative testcases earlier

    The problem is that lib.libc.locale.t_io:bad_big5_wprintf was printing out
    illegal Unicode characters, which causes XML parsers to bail immediately, e.g.

    % kyua report-junit > ~/report.junit
    % python2 -c 'import xml.dom.minidom as md; md.parse("/home/ngie/report.junit")'
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/usr/local/lib/python2.7/xml/dom/minidom.py", line 1918, in parse
        return expatbuilder.parse(file)
      File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 924, in parse
        result = builder.parseFile(fp)
      File "/usr/local/lib/python2.7/xml/dom/expatbuilder.py", line 207, in parseFile
        parser.Parse(buffer, 0)
    xml.parsers.expat.ExpatError: not well-formed (invalid token): line 27137, column 13

  r274142:

    Remove expected failure from lib.libc.sys.t_mincore:mincore_resid

    The failure was added based on observation seen on 11.0-CURRENT @ r273153, not
    based on internal testing at EMC/Isilon

    PR: 194829
    Tested with the following configuration:
    - amd64/i386
    - 11.0-CURRENT @ r273153
    - 100 times in a tight loop as root with the following commands...
    -- kyua test lib/libc
    -- kyua test lib/libc/sys
    -- kyua test lib/libc/sys/mincore_test

  r274143:

    Expect lib.libc.sys.getcontext_test.setcontext_link to fail on amd64; add
    additional debugging to make the underlying problem more visible

    Calling setcontext(2) on amd64 as shown in the test program is failing on
    amd64, not i386, with a return code of -1 and an errno of EINVAL

    Further investigation is being done in the PR to determine the root cause for
    the failure

    PR: 194828
    Tested with the following configuration:
    - amd64/i386
    - 11.0-CURRENT @ r273153
    - 100 times in a tight loop as root with the following commands...
    -- kyua test lib/libc
    -- kyua test lib/libc/sys
    -- kyua test lib/libc/sys/getcontext_test

  r274571:

    Use _exit instead of exit so the file descriptors aren't flushed twice in the
    child processes

    Submitted by: pho

  r274572:

    Only expect timeouts on powerpc with NetBSD

    Submitted by: pho

  r274573:

    Expect :pthread_detach to fail with EINVAL instead of ESRCH on FreeBSD

    PR: 191906
    In collaboration with: pho

  r274574:

    Add pthread_np.h #include and initialize the pthread attribute on FreeBSD

    Submitted by: pho

  r274575:

    #ifdef out a printf on !NetBSD that causes the testcase to fail when comparing
    the output from the helper program

    Submitted by: pho

  r274576:

    Port helper program to FreeBSD, similar to ../../lib/libc/stdlib/h_atexit.c

    Submitted by: pho
    In collaboration with: kib

  r274577:

    Add missing sys/time.h #include for timespecsub macro in lib/libnetbsd/sys/time.h

  r274579:

    Call sem_unlink on semaphores before attempting to create them

    Due to the lack of uniqueness in the semaphore name, and the fact that the
    tests don't have cleanup routines, an interrupted test can leave a semaphore
    "laying around", causing all subsequent attempts to run the test to fail

    I will file a NetBSD PR for this issue soon

  r274597:

    Skip the long-double epsilon checks on FreeBSD/i386

    Sponsored by: EMC / Isilon Storage Division

  r274598:

    Reset errno to 0 before running scalbn to be sure that the tested errno is
    valid

    Sponsored by: EMC / Isilon Storage Division

  r274599:

    Alias isinff to isinf on FreeBSD

    isinf on FreeBSD automatically picks the appropriate type per math.h

    Sponsored by: EMC / Isilon Storage Division

  r274600:

    - Expect exp2_powers to fail on FreeBSD/i386
    - Expect exp2_values to fail on FreeBSD due to the small epsilon

    Sponsored by: EMC / Isilon Storage Division

  r274601:

    - Skip over the testcases that call cbrtl on platforms where LDBL_PREC == 53
    (arm, mips, powerpc). This fixes the build on these platforms, based on some
    ad hoc tinderbox runs I did a while ago
    - Skip cast the arguments to powl as long double so powl properly interprets
    those arugments at compile-time when picking the type

    Sponsored by: EMC / Isilon Storage Division

  r274626:

    Mechanically replace #if defined(__FreeBSD__) and #if defined(__NetBSD__) with
    their #ifdef equivalents for everything changed in contrib/netbsd-tests. There
    are some items from the vendor tree that use #if defined(__FreeBSD__) or
    #if defined(__NetBSD__) which are being left alone

    Requested by: bde, rpaulo
    Sponsored by: EMC / Isilon Storage Division

  r275033:

    Only pass 6 arguments to the 'run' function on amd64.  amd64's
    makecontext on FreeBSD only supports a maximum of 6 arguments.  This
    fixes the setcontext_link test on amd64.

    PR:		194828

  r276046:

    Add __FreeBSD_version guards around hsearch_r to ease MFCing the code to
    stable/10

    It was added when __FreeBSD_version was ~1100027

  r276430:

    Expect access_test:access_inval to fail before __FreeBSD_version == 1100033

    This will allow me to MFC the test, as jilles@ requested that I don't MFC the
    access(2) KBI change to 10-STABLE in r271655

Changes:
_U  stable/10/
  stable/10/contrib/netbsd-tests/
  stable/10/contrib/netbsd-tests/include/t_paths.c
  stable/10/contrib/netbsd-tests/lib/libc/db/t_db.sh
  stable/10/contrib/netbsd-tests/lib/libc/gen/posix_spawn/t_fileactions.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_floatunditf.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_fpsetmask.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_getcwd.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_glob.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_humanize_number.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_isnan.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_nice.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_raise.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_setdomainname.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_sethostname.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_siginfo.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_sleep.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_time.c
  stable/10/contrib/netbsd-tests/lib/libc/gen/t_ttyname.c
  stable/10/contrib/netbsd-tests/lib/libc/hash/h_hash.c
  stable/10/contrib/netbsd-tests/lib/libc/hash/t_sha2.c
  stable/10/contrib/netbsd-tests/lib/libc/inet/t_inet_network.c
  stable/10/contrib/netbsd-tests/lib/libc/locale/t_io.c
  stable/10/contrib/netbsd-tests/lib/libc/locale/t_mbrtowc.c
  stable/10/contrib/netbsd-tests/lib/libc/locale/t_mbstowcs.c
  stable/10/contrib/netbsd-tests/lib/libc/locale/t_mbtowc.c
  stable/10/contrib/netbsd-tests/lib/libc/locale/t_wcstod.c
  stable/10/contrib/netbsd-tests/lib/libc/locale/t_wctomb.c
  stable/10/contrib/netbsd-tests/lib/libc/net/h_dns_server.c
  stable/10/contrib/netbsd-tests/lib/libc/net/t_ether_aton.c
  stable/10/contrib/netbsd-tests/lib/libc/net/t_servent.sh
  stable/10/contrib/netbsd-tests/lib/libc/regex/debug.c
  stable/10/contrib/netbsd-tests/lib/libc/regex/t_exhaust.c
  stable/10/contrib/netbsd-tests/lib/libc/regex/t_regex_att.c
  stable/10/contrib/netbsd-tests/lib/libc/rpc/t_rpc.c
  stable/10/contrib/netbsd-tests/lib/libc/ssp/h_memset.c
  stable/10/contrib/netbsd-tests/lib/libc/ssp/h_read.c
  stable/10/contrib/netbsd-tests/lib/libc/ssp/h_readlink.c
  stable/10/contrib/netbsd-tests/lib/libc/ssp/h_snprintf.c
  stable/10/contrib/netbsd-tests/lib/libc/ssp/t_ssp.sh
  stable/10/contrib/netbsd-tests/lib/libc/stdio/t_fflush.c
  stable/10/contrib/netbsd-tests/lib/libc/stdio/t_fmemopen.c
  stable/10/contrib/netbsd-tests/lib/libc/stdio/t_fopen.c
  stable/10/contrib/netbsd-tests/lib/libc/stdio/t_printf.c
  stable/10/contrib/netbsd-tests/lib/libc/stdio/t_scanf.c
  stable/10/contrib/netbsd-tests/lib/libc/stdlib/h_atexit.c
  stable/10/contrib/netbsd-tests/lib/libc/stdlib/h_getopt.c
  stable/10/contrib/netbsd-tests/lib/libc/stdlib/h_getopt_long.c
  stable/10/contrib/netbsd-tests/lib/libc/stdlib/t_getenv.c
  stable/10/contrib/netbsd-tests/lib/libc/stdlib/t_hsearch.c
  stable/10/contrib/netbsd-tests/lib/libc/stdlib/t_strtod.c
  stable/10/contrib/netbsd-tests/lib/libc/string/t_memcpy.c
  stable/10/contrib/netbsd-tests/lib/libc/string/t_memmem.c
  stable/10/contrib/netbsd-tests/lib/libc/string/t_strerror.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_access.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_chroot.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_clock_gettime.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_connect.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_dup.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_getcontext.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_getgroups.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_getitimer.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_getrusage.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_kevent.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_link.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_listen.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_mincore.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_mknod.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_mlock.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_mmap.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_mprotect.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_msgrcv.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_msync.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_nanosleep.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_pipe2.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_poll.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_revoke.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_select.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_setrlimit.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_sigaction.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_sigqueue.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_socketpair.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_stat.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_timer_create.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_truncate.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_unlink.c
  stable/10/contrib/netbsd-tests/lib/libc/sys/t_write.c
  stable/10/contrib/netbsd-tests/lib/libc/time/t_strptime.c
  stable/10/contrib/netbsd-tests/lib/libc/tls/dso/h_tls_dlopen.c
  stable/10/contrib/netbsd-tests/lib/libc/tls/t_tls_dlopen.c
  stable/10/contrib/netbsd-tests/lib/libc/tls/t_tls_dynamic.c
  stable/10/contrib/netbsd-tests/lib/libc/tls/t_tls_static.c
  stable/10/contrib/netbsd-tests/lib/libc/tls/t_tls_static_helper.c
  stable/10/contrib/netbsd-tests/lib/libc/tls_dso/h_tls_dynamic.c
  stable/10/contrib/netbsd-tests/lib/libexecinfo/t_backtrace.c
  stable/10/contrib/netbsd-tests/lib/libm/t_cbrt.c
  stable/10/contrib/netbsd-tests/lib/libm/t_exp.c
  stable/10/contrib/netbsd-tests/lib/libm/t_ldexp.c
  stable/10/contrib/netbsd-tests/lib/libm/t_log.c
  stable/10/contrib/netbsd-tests/lib/libm/t_pow.c
  stable/10/contrib/netbsd-tests/lib/libm/t_precision.c
  stable/10/contrib/netbsd-tests/lib/libm/t_scalbn.c
  stable/10/contrib/netbsd-tests/lib/libpthread/h_atexit.c
  stable/10/contrib/netbsd-tests/lib/libpthread/h_cancel.c
  stable/10/contrib/netbsd-tests/lib/libpthread/t_condwait.c
  stable/10/contrib/netbsd-tests/lib/libpthread/t_detach.c
  stable/10/contrib/netbsd-tests/lib/libpthread/t_fork.c
  stable/10/contrib/netbsd-tests/lib/libpthread/t_join.c
  stable/10/contrib/netbsd-tests/lib/libpthread/t_mutex.c
  stable/10/contrib/netbsd-tests/lib/libpthread/t_once.c
  stable/10/contrib/netbsd-tests/lib/libpthread/t_sem.c
  stable/10/contrib/netbsd-tests/lib/librt/t_sem.c
  stable/10/contrib/netbsd-tests/usr.sbin/mtree/t_mtree.sh
  stable/10/share/mk/bsd.progs.mk
  stable/10/share/mk/netbsd-tests.test.mk
Comment 4 Glen Barber freebsd_committer freebsd_triage 2015-07-08 18:32:21 UTC
To originators/assignees of this PR:

A commit to the tree references this PR, however the PR is still in a non-closed state.

Please review this PR and close as appropriate, or if closing the PR requires a merge to stable/10, please let re@ know as soon as possible.

Thank you.

Glen
Comment 5 Peter Holm freebsd_committer freebsd_triage 2015-07-08 18:40:04 UTC
The problem is not fixed as of:

$ uname -a
FreeBSD t2.osted.lan 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r285236M: Tue Jul  7 19:02:32 CEST 2015     pho@t2.osted.lan:/usr/src/sys/amd64/compile/PHO  amd64
$ ./bug
bug: getgroups(-1, ...) must fail.
$
Comment 6 Glen Barber freebsd_committer freebsd_triage 2015-07-08 18:44:48 UTC
Bah.  I keyed off 'commit-hook@' being a in the 'commentor' list, and the tests commit in this PR tripped that.

Thank you for the update.
Comment 7 Warner Losh freebsd_committer freebsd_triage 2021-06-02 18:23:22 UTC
Landing a pull requests that fixes this soon.
Comment 8 commit-hook freebsd_committer freebsd_triage 2021-06-02 19:25:52 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=4bc2174a1b489c36195ccc8cfc15e0775b817c69

commit 4bc2174a1b489c36195ccc8cfc15e0775b817c69
Author:     Moritz Buhl <gh@moritzbuhl.de>
AuthorDate: 2019-07-09 15:03:37 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2021-06-02 19:22:57 +0000

    kern: fail getgroup and setgroup with negative int

    Found using
    https://github.com/NetBSD/src/blob/trunk/tests/lib/libc/sys/t_getgroups.c

    getgroups/setgroups want an int and therefore casting it to u_int
    resulted in `getgroups(-1, ...)` not returning -1 / errno = EINVAL.

    imp@ updated syscall.master and made changes markj@ suggested

    PR:                     189941
    Tested by:              imp@
    Reviewed by:            markj@
    Pull Request:           https://github.com/freebsd/freebsd-src/pull/407
    Differential Revision:  https://reviews.freebsd.org/D30617

 sys/kern/kern_prot.c     | 12 +++++-------
 sys/kern/syscalls.master |  4 ++--
 2 files changed, 7 insertions(+), 9 deletions(-)
Comment 9 Warner Losh freebsd_committer freebsd_triage 2021-07-07 20:11:02 UTC
This has been fixed and the test that was marked expect to fail has been corrected.
It's been MFC'd to 13.
Comment 10 commit-hook freebsd_committer freebsd_triage 2021-07-07 20:11:08 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e991afea1e794885931d17310019e4c067501981

commit e991afea1e794885931d17310019e4c067501981
Author:     Moritz Buhl <gh@moritzbuhl.de>
AuthorDate: 2019-07-09 15:03:37 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2021-07-07 20:09:44 +0000

    kern: fail getgroup and setgroup with negative int

    Found using
    https://github.com/NetBSD/src/blob/trunk/tests/lib/libc/sys/t_getgroups.c

    getgroups/setgroups want an int and therefore casting it to u_int
    resulted in `getgroups(-1, ...)` not returning -1 / errno = EINVAL.

    imp@ updated syscall.master and made changes markj@ suggested

    PR:                     189941
    Tested by:              imp@
    Reviewed by:            markj@
    Pull Request:           https://github.com/freebsd/freebsd-src/pull/407
    Differential Revision:  https://reviews.freebsd.org/D30617

    (cherry picked from commit 4bc2174a1b489c36195ccc8cfc15e0775b817c69)

 sys/kern/kern_prot.c     | 12 +++++-------
 sys/kern/syscalls.master |  4 ++--
 2 files changed, 7 insertions(+), 9 deletions(-)