maintainer's note: past sentiment was that, despite being imperfect
and unable to force clearing of all possible copies of sensitive data
(e.g. in registers, register spills, signal contexts left on the
stack, etc.) this function would be added if major implementations
agreed on it, which has happened -- several BSDs and glibc all include
it.
mlock2 syscall was added in linux v4.4 and glibc has api for it.
It falls back to mlock in case of flags==0, so that case works
even on older kernels.
MLOCK_ONFAULT is moved under _GNU_SOURCE following glibc.
PR_{SET,GET}_SPECULATION_CTRL controls speculation related vulnerability
mitigations, new in commits
b617cfc858161140d69cc0b5cc211996b557a1c7
356e4bfff2c5489e016fdb925adbf12a1e3950ee
new and missing netlink attributes types for SCM_TIMESTAMPING_OPT_STATS,
new ones were added in commits
7156d194a0772f733865267e7207e0b08f81b02b
be631892948060f44b1ceee3132be1266932071e
87ecc95d81d951b0984f2eb9c5c118cb68d0dce8
introduced to stat ipc objects without permission checks since the
info is available in /proc/sysvipc anyway, new in linux commits
23c8cec8cf679b10997a512abb1e86f0cedc42ba
a280d6dc77eb6002f269d58cd47c7c7e69b617b6
c21a6970ae727839a2f300cd8dd957de0d0238c3
to map at a fixed address without unmapping underlying mappings
(fails with EEXIST unlike MAP_FIXED), new in linux commits
4ed28639519c7bad5f518e70b3284c6e0763e650 and
a4ff8e8620d3f4f50ac4b41e8067b7d395056843.
to get seccomp state for checkpoint restore.
added in linux commit 26500475ac1b499d8636ff281311d633909f5d20
struct tag follows the glibc api and ptrace_peeksiginfo_args
got changed too accordingly.
added to uapi in commit 65aaf87b3aa2d049c6b9fd85221858a895df3393
used since commit a9a08845e9acbd224e4ee466f5c1275ed50054e8,
which renamed POLL* to EPOLL* in the kernel.
commit d93c0740d8 added use of feature
test macros without including features.h, causing a definition that
should be exposed in the default profile, TSVTX, to appear only when
_XOPEN_SOURCE or higher is explicitly defined.
standing alone, both the signed and int keywords identify the same
type, a (signed) int. however the C language has an exception where,
when the lone keyword int is used to declare a bitfield, it's
implementation-defined whether the bitfield is signed or unsigned. C11
footnote 125 extends this implementation-definedness to typedefs, and
DR#315 extends it to other integer types (for which support with
bitfields is implementation-defined).
while reasonable ABIs (all the ones we support) define bitfields as
signed by default, GCC and compatible compilers offer an option
-funsigned-bitfields to change the default. while any signed types
defined without explicit use of the signed keyword are affected, the
stdint.h types, especially intNN_t, have a natural use in bitfields.
ensure that bitfields defined with these types always have the correct
signedness regardless of compiler & flags used.
see also GCC PR 83294.
this must have been taken from POSIX without realizing that it was
meaningless. the resolution to Austin Group issue #844 removed it from
the standard.
PAGESIZE is actually the version defined in POSIX base, with PAGE_SIZE
being in the XSI option. use PAGESIZE as the underlying definition to
facilitate making exposure of PAGE_SIZE conditional.
add a member of appropriate type to the fpos_t union so that accesses
are well-defined. use long long instead of off_t since off_t is not
always exposed in stdio.h and there's no namespace-clean alias for it.
access is still performed using pointer casts rather than by naming
the union member as a matter of style; to the extent possible, the
naming of fields in opaque types defined in the public headers is not
treated as an API contract with the implementation. access via the
pointer cast is valid as long as the union has a member of matching
type.
based loosely on patch by Hauke Mehrtens; converted to wrap the public
API of the underlying getrandom function rather than direct syscalls,
so that if/when a fallback implementation of getrandom is added it
will automatically get picked up by getentropy too.
NT_ARM_SVE and NT_S390_RI_CB are new in linux commits
43d4da2c45b2f5d62f8a79ff7c6f95089bb24656 and
262832bc5acda76fd8f901d39f4da1121d951222
the rest are older.
musl missed NT_PRFPREG because it followed the glibc api:
https://sourceware.org/bugzilla/show_bug.cgi?id=14890
PR_SVE_SET_VL and PR_SVE_GET_VL controls are new in linux commit
2d2123bc7c7f843aa9db87720de159a049839862
related PR_SVE_* macros were added in
7582e22038a266444eb87bc07c372592ad647439
for synchronous page faults, new in linux commit
1c9725974074a047f6080eecc62c50a8e840d050 and
b6fb293f2497a9841d94f6b57bd2bb2cd222da43
note that only targets that use asm-generic/mman.h have this new
flag defined, so undef it on other targets (mips*, powerpc*).
*_HUGE_SHIFT, *_HUGE_2MB, *_HUGE_1GB are documented in the man page,
so add all of the *_HUGE_* macros from linux uapi.
if MAP_HUGETLB is set, top bits of the mmap flags encode the page size.
see the linux commit aafd4562dfee81a40ba21b5ea3cf5e06664bc7f6
if SHM_HUGETLB is set, top bits of the shmget flags encode the page size.
see the linux commit 4da243ac1cf6aeb30b7c555d56208982d66d6d33
*_HUGE_16GB is defined unsigned to avoid signed left shift ub.
new ethertypes in linux v4.14:
ETH_P_ERSPAN new in 84e54fe0a5eaed696dee4019c396f8396f5a908b
ETH_P_IFE new in 2804fd3af6ba5ae5737705b27146455eabe2e2f8
ETH_P_NSH new in 155e6f649757c902901e599c268f8b575ddac1f8
ETH_P_MAP new in 7373ae7e8f0bf2c0718422481da986db5058b005
MSG_ZEROCOPY socket send flag avoids copy in the kernel
new in linux commit 52267790ef52d7513879238ca9fac22c1733e0e3
SO_ZEROCOPY socket option enables MSG_ZEROCOPY if availale
new in linux commit 76851d1212c11365362525e1e2c0a18c97478e6b
add AF_SMC and PF_SMC for the IBM shared memory communication protocol.
new in linux commit ac7138746e14137a451f8539614cdd349153e0c0
(linux socket.h is not in uapi so this update was missed earlier)
With Linux kernel 4.16 it will be possible to guard more parts of the
Linux header files from a libc. Make use of this in musl to guard all
the structures and other definitions from the Linux header files which
are also defined by the header files provided by musl. This will make
it possible to compile source files which include both the libc
headers and the kernel userspace headers.
This extends the definitions done in commit 04983f2272 ("make
netinet/in.h suppress clashing definitions from kernel headers")
notes added by maintainer:
this function is a GNU extension. it was chosen over the similar BSD
function funopen because the latter depends on fpos_t being an
arithmetic type as part of its public API, conflicting with our
definition of fpos_t and with the intent that it be an opaque type. it
was accepted for inclusion because, despite not being widely used, it
is usually very difficult to extricate software using it from the
dependency on it.
calling pattern for the read and write callbacks is not likely to
match glibc or other implementations, but should work with any
reasonable callbacks. in particular the read function is never called
without at least one byte being needed to satisfy its caller, so that
spurious blocking is not introduced.
contracts for what callbacks called from inside libc/stdio can do are
always complicated, and at some point still need to be specified
explicitly. at the very least, the callbacks must return or block
indefinitely (they cannot perform nonlocal exits) and they should not
make calls to stdio using their own FILE as an argument.
for getting/setting write lifetime hints fcntl commands were
added in linux commit c75b1d9421f80f4143e389d2d50ddfc8a28c8c35
added under _GNU_SOURCE || _BSD_SOURCE, since RWH_* life time
hints are not in the POSIX reserved namespace.
