Consolidate EOF error codes. Currently we have ~15 error codes which indicate an EOF condition. One should suffice, so drop all codes except the generic E_EOF and use that everywhere.
Merge topic branch t/overflow into master This series implements a new memory allocation API which checks for overflows. The first part of the series just renames the main allocation functions. Later patches in the series implement allocators which take two size_t arguments (like calloc(3)) and check whether the multiplication overflows by employing the __builtin_mul_overflow() primitive supported by gcc and clang. This requires us to bump the lowest supported gcc and clang version. * refs/heads/t/overflow: build: Compile with -ftrapv. string: Introduce arr_zalloc(). string: Introduce arr_alloc(). string: Introduce arr_realloc() and check for integer overflow. string: Rename para_calloc() -> zalloc(). string: Rename para_malloc() -> alloc(). string: Overhaul para_strdup().
Merge branch 'refs/heads/t/ll' Two little cleanups related to the logging facility and two commits which add the ll command to para_server and para_audiod. The merge resulted in a conflict in afs.c due to the earlier merge of the poll topic branch which replaced all calls to select() by calls to poll(). The implementation of the ll server command introduced a new caller of select(), afs_select(), which needs to be replaced by afs_poll() to resolve the conflict. * refs/heads/t/ll: New server command: ll to change the log level at runtime. New audiod command: ll to change the log level at runtime. daemon: Kill get_loglevel_by_name(). server/audiod: Don't parse loglevel argument unnecessarily.
Switch from select(2) to poll(2). The select(2) API is kind of obsolete because it does not work for file descriptors greater or equal than 1024, The general advice is to switch to poll(2), which offers equivalent functionality and does not suffer from this restriction. This patch implements this switch. The fd sets of select(2) have one nice feature: One can determine in O(1) time whether the bit for a given fd is turned on in an fd set. For poll(2), the monitored file descriptors are organized in an array of struct pollfd. Without information about the given fd's index in the pollfd array, one can only perform a linear search which requires O(n) time, with n being the number of fds being watched. Since this would have to be done for each fd, the running time becomes quadratic in the number of monitored fds, which is bad. Keeping the pollfd array sorted would reduce that to n * log(n) at the cost of additional work at insert time. This patch implements a different approach. The scheduler now maintains an additional array of unsigned integers which map fds to indices into the pollfd array. This new index array is transparent to the individual tasks, which still simply pass one or more fds from their ->pre_monitor() method to the scheduler. The length of the index array equals the highest fd given. This might become prohibitive in theory, but should not be an issue for the time being. Care needs to be taken in order to deal with callers which ask for the readiness of an fd without having called sched_monitor_readfd() or sched_monitor_writefd() in the ->pre_monitor() step. Before the patch, thanks to the FD_ZERO() call at the beginning of each iteration of the scheduler's main loop, both sched_read_ok() and sched_write_ok() returned false for fds which were not asked to be watched. We need to keep it this way for a seamless transition. We achieve this by replacing the FD_ZERO() call by a memset(3) call which fills the index array with 0xff bytes. Both sched_read_ok() and sched_write_ok() call the new get_revents() helper, where we check the fd argument against the allocation sizes of the two arrays. If either function is called with an fd that was not asked to be monitored in the ->pre_monitor() step, the checks notice that the index of this fd, 0xffffffff, is larger than the highest open fd and we return "not ready for I/O". Another issue is the case where the same file descriptor is submitted twice in ->pre_monitor() to check for readiness with respect to both reading and writing. The code in client_comon.c currently does that. To keep it working, the scheduler needs to detect this case and re-use the existing slot in both arrays.
Rename ->{pre,post}_select methods to ->{pre,post}_monitor. The word "monitor" is neutral and continues to be correct after the switch from select(2) to poll(2). Pure rename, nothing to see here.
sched: Use integer value for select timeout. This modifies the public struct sched so that users pass in the default timeout as an integer value in milliseconds rather than a struct timeval. This simplifies the code a little and eases the transition from select(2) to poll(2) because poll(2) also takes a plain integer for the timeout. Since para_select() of fd.c now calls ms2tv() to convert the timeout back to a struct timeval, all executables which link with fd.o must also link with time.o. This was not the case for para_mixer and para_audioc, so configure.ac needs to be adjusted accordingly.
string: Introduce arr_alloc(). Change all callers of alloc() which pass a product of two integers as the allocation size to call the new function instead. This function aborts if the multiplication overflows. With arr_alloc() in place, alloc() reduces to a trivial wrapper which calls new arr_alloc() with the first argument equal to one.
string: Introduce arr_realloc() and check for integer overflow. Use __builtin_mul_overflow() for the check. This builtin was introduced in gcc-5, so we need to bump the lowest supported version. Re-implement para_realloc() as a trivial wrapper for arr_realloc() to simplify and to avoid duplicating the size check.
string: Rename para_malloc() -> alloc(). Just because it's shorter and matches the naming of the new allocators we are about to introduce. The bulk of this patch was created with sed -i 's/para_malloc/alloc/g' *.c *.h yy/mp.y
New server command: ll to change the log level at runtime. This makes use of the infrastructure introduced in the previous patch. However, the implementation of the ll command for para_server is more involved than its audiod counterpart because in the server case we have to tell two different processes (server and afs) to change their log level while the calling process, the command handler, does not need to set the loglevel because it is about to exit anyway. For the inter-process communication we introduce a new field in the mmd shared memory area so that command handlers can read the current value or set a new value. The log level propagates from there via daemon_set_loglevel() to the server and afs processes during each iteration of the scheduler loop where para_log() will pick it up to set the log level threshold for subsequent log events. The si command handler currently refers to the argument of the --loglevel server option to include the log level in its output. With dynamic log levels this no longer works because it always prints the value from the command line or the config file rather than the run time log level. Since the new ll command also prints the loglevel when it is executed with no arguments, we simply remove this line from the si output and hope that nobody cares. The si command handler was the last user of the ENUM_STRING_VAL macro in command.c. Removing the macro also allows us to make CMD_PTR local to server.c and to remove the lopsub definitions of the server suite from command.c. However, we still include the lopsub definitions of the server *command* suite (server_cmd.lsg.h) of course. We let any authenticated user run the command with no arguments to report the current loglevel but require full privileges to change the loglevel. Thus, the check for sufficient privileges needs to be performed in the command handler.
Merge branch 'refs/heads/t/rm_task_subcmd' A single commit containing an incompatible change for 0.7.0. Cooking for almost a year. * refs/heads/t/rm_task_subcmd: Remove obsolete server subcommand "task".
client.c: Fix typo in comment.
Remove obsolete server subcommand "task". It was deprecated long ago. Since v0.6.2 it does nothing anyway.
Merge branch 'refs/heads/t/long-help' This series introduces lsu.c and lsu.h which contain helpers related to the lopsub library. These helpers are designed to be shared between the executables. The series starts by implementing a generic help command for lopsub suites and converts para_server. Subsequent patches convert audiod and para_play. The second part of the series adds another lopsub related helper which merges command line options and config file options. Each executable is modified to make use of the new helper, getting rid of quite some code duplication. The conflict resolution for server.c has been tested for a while. Cooking for five weeks. * refs/heads/t/long-help: play: Use lsu_merge_config_file_options(). mixer: Use lsu_merge_config_file_options(). gui: Use lsu_merge_config_file_options(). filter: Use lsu_merge_config_file_options(). audioc: Use lsu_merge_config_file_options(). audiod: Use lsu_merge_config_file_options(). client: Use lsu_merge_config_file_options(). lsu: Add helper to merge config file options, convert server. Trivial: Rename completion_result variables. play: Implement help --long. audiod: Implement help --long. Introduce lsu.{c,h}, implement help --long for para_server.
Trivial: Rename completion_result variables. Most completers call the completion result pointer "cr", but some use "result" instead. Let's be consistent and rename those to cr.
Introduce lsu.{c,h}, implement help --long for para_server. This adds the --long option to the server help subcommand. The former help output becomes the long help while the short help text is shown if --long is not given. Although only the help command of para_server is converted in this patch, the new functionality is implemented in a generic way so that the help commands of para_audiod and para_play can use the same implementation. Those will be converted in subsequent patches. t0004 parses the help output and thus needs to be changed to include --long.
crypt: Introduce crypt_shutdown(). This plugs a few harmless memory leaks in the openssl crypto backend. The leaks occur on exit and are only reported by valgrind if it is run with --leak-check=full --show-leak-kinds=all. The gcrypt backend has similar problems, but there is no way to provide a similar patch for libgrypt. The newly added comment in gcrypt.c explains why.
crypt: Rename init_random_seed_or_die() -> crypt_init(). At least the gcrypt implementation does more than just seed the PRNG. The new name is shorter and more descriptive.
Shorten copyright notice. The GPLv2 line does not add any additional information, so drop it. This leaves a single line of legalese text for most files, which is about the amount of screen real estate it deserves. This patch was created with the following script (plus some manual fixups): awk '{ if (NR <= 5) { gs = gensub(/.*Copyright.* ([0-9]+).*Andre Noll.*/, "\\1", "g") if (gs != $0) year = gs next } if (NR == 6 && year != "") printf("/* Copyright (C) %s Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */\n", year) print }'
Make dummy completers static. This revealed that the completers for SUPERCOMMAND_UNAVAILABLE are all unused..