Commit Graph

39527 Commits

Author SHA1 Message Date
Andreas K. Hüttel
c80b311ac0 i686: Regenerate ulps
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-01-02 19:48:38 +01:00
Samuel Thibault
5f55b22f4b hurd getcwd: Fix memory leak on error 2023-01-02 11:36:11 +01:00
Samuel Thibault
e1a467d330 hurd fcntl: Make LOCKED macro more robust 2023-01-02 11:36:11 +01:00
Samuel Thibault
b7a5fec8b0 hurd: Make dl-sysdep __sbrk check __vm_allocate call
The caller won't be able to progress, but better crash than use random
addr.
2023-01-02 11:36:11 +01:00
Samuel Thibault
cba62c231c htl: Drop duplicate check in __pthread_stack_alloc 2023-01-02 11:36:11 +01:00
Samuel Thibault
f77bd0ee9a hurd hurdstartup: Initialize remaining fields of hurd_startup_data
In case we don't have a bootstrap port or __exec_startup_get_info
failed, we should avoid leaking uninitialized fields of data.
2023-01-02 11:36:11 +01:00
Samuel Thibault
6514b2d595 hurd _S_msg_add_auth: Initialize new arrays to 0
If make_list fails, they would be undefined, and freeup with free
uninitialized pointers.
2023-01-02 11:36:11 +01:00
Samuel Thibault
3a614f39e6 htl: Check error returned by __getrlimit 2023-01-02 11:36:10 +01:00
Andreas Schwab
a09183aed7 getdelim: ensure error indicator is set on error (bug 29917)
POSIX requires that getdelim and getline set the error indicator on the
stream when an error occured, in addition to setting errno.
2023-01-02 10:58:49 +01:00
Samuel Thibault
289b098c9e htl: Fix sem_wait race between read and gsync_wait
If the value changes between sem_wait's read and the gsync_wait call,
the kernel will return KERN_INVALID_ARGUMENT, which we have to interpret
as the value having already changed.

This fixes applications (e.g. libgo) seeing sem_wait erroneously return
KERN_INVALID_ARGUMENT.
2022-12-30 00:41:24 +01:00
Joseph Myers
c923cd8c49 Avoid use of atoi in malloc
This patch is analogous to commit
a3708cf6b0.

atoi has undefined behavior on out-of-range input, which makes it
problematic to use anywhere in glibc that might be processing input
out-of-range for atoi but not specified to produce undefined behavior
for the function calling atoi.  In conjunction with the C2x strtol
changes, use of atoi in libc can also result in localplt test failures
because the redirection for strtol does not interact properly with the
libc_hidden_proto call for __isoc23_strtol for the call in the inline
atoi implementation.

In malloc/arena.c, this issue shows up for atoi calls that are only
compiled for --disable-tunables (thus with the
x86_64-linux-gnu-minimal configuration of build-many-glibcs.py, for
example).  Change those atoi calls to use strtol directly, as in the
previous such changes.

Tested for x86_64 (--disable-tunables).
2022-12-22 19:37:09 +00:00
Florian Weimer
3c66c9600e Linux: Pass size argument of epoll_create to the kernel
The kernel actually verifies it, and a garbage value in the register
causes improper system call failures.

Fixes commit c1c0dea388 ("Linux: Remove epoll_create,
inotify_init from syscalls.list") and commit d1d23b1342
("Lninux: consolidate epoll_create implementation").

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-12-22 17:23:23 +01:00
Carlos O'Donell
9ffeabdf2e Simplify scripts/cross-test-ssh.sh configuration.
With modern ssh clients and daemons it is required to use AcceptEnv and
SendEnv configuration options to correctly support testing the DSO sort
ordering tests.  This requirement is present because
scripts/dso-ordering-test.py injects GLIBC_TUNABLES to the left of the
${test_wrapper_env} and so it must both be sent by the ssh client and
accepted by the ssh daemon.  This requirement is removed in this change
and the injected GLIBC_TUNABLES is placed after ${run_program_env} and
so still correctly provides the override that the test requires.
This is similar to existing tests like elf/tst-pathopt.sh,
elf/tst-rtld-load-self.sh, and locale/tst-locale-locpath.sh.

Tested that it fixes two failures when cross-testing on aarch64 with
scripts/cross-test-ssh.sh and an ssh client and daemon that do not pass
GLIBC_TUNABLES. Without this fix such a configuration will report the
following failures (since the GLIBC_TUNABLES not preserved):
FAIL: elf/tst-bz15311
FAIL: elf/tst-bz28937

Tested without regression on native x86_64 and aarch64 builds.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-12-22 11:08:59 -05:00
Joseph Myers
81a94a2ae3 Define MADV_COLLAPSE from Linux 6.1
Add the MADV_COLLAPSE constant from Linux 6.1 to bits/mman-linux.h and
the hppa bits/mman.h.

Tested for x86_64.
2022-12-22 15:12:52 +00:00
Rajalakshmi Srinivasaraghavan
e2b68828fa powerpc64: Increase SIGSTKSZ and MINSIGSTKSZ
This patch increases the value of SIGSTKSZ and MINSIGSTKSZ
for powerpc64 similar to the kernel commit
2f82ec19757f58549467db568c56e7dfff8af283 to allow
further expansion of the signal stack frame size.
2022-12-21 17:48:35 -06:00
Carlos O'Donell
161eafec32 Update all PO files in preparation for release. 2022-12-21 17:15:37 -05:00
Joseph Myers
258d554a9c Update kernel version to 6.1 in header constant tests
This patch updates the kernel version in the tests tst-mman-consts.py,
tst-mount-consts.py and tst-pidfd-consts.py to 6.1.  (There are no new
constants covered by these tests in 6.1 that need any other header
changes.)

Tested with build-many-glibcs.py.
2022-12-21 15:49:37 +00:00
Joseph Myers
5ab9b2c924 Update syscall lists for Linux 6.1
Linux 6.1 has no new syscalls.  Update the version number in
syscall-names.list to reflect that it is still current for 6.1.
2022-12-20 15:24:29 +00:00
Florian Weimer
118816de33 libio: Convert __vswprintf_internal to buffers (bug 27857)
Always null-terminate the buffer and set E2BIG if the buffer is too
small.  This fixes bug 27857.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
5365acc567 libio: Convert __obstack_vprintf_internal to buffers (bug 27124)
This fixes bug 27124 because the problematic built-in vtable is gone.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
8ece45e4f5 libio: Convert __vdprintf_internal to buffers
The internal buffer size is set to 2048 bytes.  This is less than
the original BUFSIZ value used by buffered_vfprintf before
the conversion, but it hopefully covers all cases where write
boundaries matter.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
af7f416551 libio: Convert __vasprintf_internal to buffers
The buffer resizing algorithm is slightly different.  The initial
buffer is on the stack, and small buffers are directly allocated
on the heap using the exact required size.  The overhead of the
additional copy is compensated by the lowered setup cost for buffers
compared to libio streams.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
fb9bd841b8 libio: Convert __vsprintf_internal to buffers
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:55 +01:00
Florian Weimer
3d0005b54a stdio-common: Add lock optimization to vfprintf and vfwprintf
After the rewrite and the implicit unbuffered streams handling, this
is very straightforward to add.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
e88b9f0e5c stdio-common: Convert vfprintf and related functions to buffers
vfprintf is entangled with vfwprintf (of course), __printf_fp,
__printf_fphex, __vstrfmon_l_internal, and the strfrom family of
functions.  The latter use the internal snprintf functionality,
so vsnprintf is converted as well.

The simples conversion is __printf_fphex, followed by
__vstrfmon_l_internal and __printf_fp, and finally
__vfprintf_internal and __vfwprintf_internal.  __vsnprintf_internal
and strfrom* are mostly consuming the new interfaces, so they
are comparatively simple.

__printf_fp is a public symbol, so the FILE *-based interface
had to preserved.

The __printf_fp rewrite does not change the actual binary-to-decimal
conversion algorithm, and digits are still not emitted directly to
the target buffer.  However, the staging buffer now uses bytes
instead of wide characters, and one buffer copy is eliminated.

The changes are at least performance-neutral in my testing.
Floating point printing and snprintf improved measurably, so that
this Lua script

  for i=1,5000000 do
      print(i, i * math.pi)
  end

runs about 5% faster for me.  To preserve fprintf performance for
a simple "%d" format, this commit has some logic changes under
LABEL (unsigned_number) to avoid additional function calls.  There
are certainly some very easy performance improvements here: binary,
octal and hexadecimal formatting can easily avoid the temporary work
buffer (the number of digits can be computed ahead-of-time using one
of the __builtin_clz* built-ins). Decimal formatting can use a
specialized version of _itoa_word for base 10.

The existing (inconsistent) width handling between strfmon and printf
is preserved here.  __print_fp_buffer_1 would have to use
__translated_number_width to achieve ISO conformance for printf.

Test expectations in libio/tst-vtables-common.c are adjusted because
the internal staging buffer merges all virtual function calls into
one.

In general, stack buffer usage is greatly reduced, particularly for
unbuffered input streams.  __printf_fp can still use a large buffer
in binary128 mode for %g, though.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
46378560e0 stdio-common: Add __translated_number_width
This function will be used to compute the width of a number
after i18n digit translation.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
c7bf2e99ca stdio-common: Add __printf_function_invoke
And __wprintf_function_invoke.  These functions will be used to
to call registered printf specifier callbacks on printf buffers
after vfprintf and vfwprintf have been converted to buffers.  The new
implementation avoids alloca/variable length arrays.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
659fe9fdd1 stdio-common: Introduce buffers for implementing printf
These buffers will eventually be used instead of FILE * objects
to implement printf functions.  The multibyte buffer is struct
__printf_buffer, the wide buffer is struct __wprintf_buffer.

To enable writing type-generic code, the header files
printf_buffer-char.h and printf_buffer-wchar_t.h define the
Xprintf macro differently, enabling Xprintf (buffer) to stand
for __printf_buffer and __wprintf_buffer as appropriate.  For
common cases, macros like Xprintf_buffer are provided as a more
syntactically convenient shortcut.

Buffer-specific flush callbacks are implemented with a switch
statement instead of a function pointer, to avoid hardening issues
similar to those of libio vtables.  struct __printf_buffer_as_file
is needed to support custom printf specifiers because the public
interface for that requires passing a FILE *, which is why there
is a trapdoor back from these buffers to FILE * streams.

Since the immediate user of these interfaces knows when processing
has finished, there is no flush callback for the end of processing,
only a flush callback for the intermediate buffer flush.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
ffde06c915 locale: Implement struct grouping_iterator
The iterator allows grouping while scanning forward through
the digits.  This enables emitting digits as they are processed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Joseph Myers
edd1b2a0d9 Use Linux 6.1 in build-many-glibcs.py
This patch makes build-many-glibcs.py use Linux 6.1.

Tested with build-many-glibcs.py (host-libraries, compilers and glibcs
builds).
2022-12-19 15:04:37 +00:00
Joseph Myers
a3708cf6b0 Avoid use of atoi in some places in libc
This patch is split out of
<https://sourceware.org/pipermail/libc-alpha/2022-December/144122.html>.

atoi has undefined behavior on out-of-range input, which makes it
problematic to use anywhere in glibc that might be processing input
out-of-range for atoi but not specified to produce undefined behavior
for the function calling atoi.  Change some uses of atoi to call
strtol instead; this avoids the undefined behavior, though there is no
guarantee that the overflow handling of strtol is really right in
those places either.  This also serves to avoid localplt test failures
given an installed header redirection for strtol (which means that the
call from the inline atoi implementation doesn't end up at a hidden
alias from libc_hidden_proto).

Certainly, the use of atoi is questionable in argp-help.c (shared with
gnulib, so shouldn't depend on glibc implementation details, and
processing user-provided input), and maybe also in argp-parse.c (I'm
not sure what that code in argp-parse.c is meant to be used for).  I
also changed inet/rexec.c and resolv/res_init.c similarly to use
strtol to avoid such localplt failures, although given those files (in
those versions) are only used in glibc it's not problematic for them
to rely on the specific behavior of glibc's atoi on out-of-range input
(in the absence of compiler optimizations based on the undefined
behavior) in the same way it's problematic for gnulib code to do so.

There may be other uses of atoi (or atol or atoll), in any of glibc's
installed code, for which it would also be appropriate to avoid the
undefined behavior on out-of-range input; this patch only fixes the
specific cases needed to avoid localplt failures.

Tested for x86_64.
2022-12-19 14:45:44 +00:00
Florian Weimer
c1c0dea388 Linux: Remove epoll_create, inotify_init from syscalls.list
Their presence causes stub warnings to be created on architectures
which do not implement them.

Fixes commit d1d23b1342 ("Lninux: consolidate
epoll_create implementation") and commit 842128f160
("Linux: consolidate inotify_init implementation").

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 13:28:14 +01:00
Florian Weimer
9a5b1d84fb Linux: Reflow and sort some Makefile variables
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 13:28:07 +01:00
Samuel Thibault
0fb10e49ad mach: Drop remnants of old_CFLAGS 2022-12-19 02:38:38 +01:00
Samuel Thibault
7685630b98 mach: Fix passing -ffreestanding when checking for gnumach headers
8b8c768e3c ("Force use of -ffreestanding when checking for gnumach
headers") was passing -ffreestanding to CFLAGS only, but headers checks are
performed with the preprocessor, so we rather need to pass it to CPPFLAGS.
2022-12-19 02:34:55 +01:00
Flavio Cruz
8b8c768e3c Force use of -ffreestanding when checking for gnumach headers
Without this ./configure assumes that we are in a fully hosted
environment, which might not be the case. After this patch, we can rely on
the freestanding header files provided by GCC such as stdint.h.
Message-Id: <Y5+0V9osFc/zXMq0@mars>
2022-12-19 01:49:30 +01:00
Adhemerval Zanella
71e408e45d elf: Fix tst-relro-symbols.py argument passing
Current scheme only consideres the first argument for both --required
and --optional, where the idea is to append a new item.

Checked on x86_64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-12-15 16:59:13 -03:00
Noah Goldstein
b712be5264 x86: Prevent SIGSEGV in memcmp-sse2 when data is concurrently modified [BZ #29863]
In the case of INCORRECT usage of `memcmp(a, b, N)` where `a` and `b`
are concurrently modified as `memcmp` runs, there can be a SIGSEGV
in `L(ret_nonzero_vec_end_0)` because the sequential logic
assumes that `(rdx - 32 + rax)` is a positive 32-bit integer.

To be clear, this change does not mean the usage of `memcmp` is
supported.  The program behaviour is undefined (UB) in the
presence of data races, and `memcmp` is incorrect when the values
of `a` and/or `b` are modified concurrently (data race). This UB
may manifest itself as a SIGSEGV. That being said, if we can
allow the idiomatic use cases, like those in yottadb with
opportunistic concurrency control (OCC), to execute without a
SIGSEGV, at no cost to regular use cases, then we can aim to
minimize harm to those existing users.

The fix replaces a 32-bit `addl %edx, %eax` with the 64-bit variant
`addq %rdx, %rax`. The 1-extra byte of code size from using the
64-bit instruction doesn't contribute to overall code size as the
next target is aligned and has multiple bytes of `nop` padding
before it. As well all the logic between the add and `ret` still
fits in the same fetch block, so the cost of this change is
basically zero.

The relevant sequential logic can be seen in the following
pseudo-code:
```
    /*
     * rsi = a
     * rdi = b
     * rdx = len - 32
     */
    /* cmp a[0:15] and b[0:15]. Since length is known to be [17, 32]
    in this case, this check is also assumed to cover a[0:(31 - len)]
    and b[0:(31 - len)].  */
    movups  (%rsi), %xmm0
    movups  (%rdi), %xmm1
    PCMPEQ  %xmm0, %xmm1
    pmovmskb %xmm1, %eax
    subl    %ecx, %eax
    jnz L(END_NEQ)

    /* cmp a[len-16:len-1] and b[len-16:len-1].  */
    movups  16(%rsi, %rdx), %xmm0
    movups  16(%rdi, %rdx), %xmm1
    PCMPEQ  %xmm0, %xmm1
    pmovmskb %xmm1, %eax
    subl    %ecx, %eax
    jnz L(END_NEQ2)
    ret

L(END2):
    /* Position first mismatch.  */
    bsfl    %eax, %eax

    /* The sequential version is able to assume this value is a
    positive 32-bit value because the first check included bytes in
    range a[0:(31 - len)] and b[0:(31 - len)] so `eax` must be
    greater than `31 - len` so the minimum value of `edx` + `eax` is
    `(len - 32) + (32 - len) >= 0`. In the concurrent case, however,
    `a` or `b` could have been changed so a mismatch in `eax` less or
    equal than `(31 - len)` is possible (the new low bound is `(16 -
    len)`. This can result in a negative 32-bit signed integer, which
    when zero extended to 64-bits is a random large value this out
    out of bounds. */
    addl %edx, %eax

    /* Crash here because 32-bit negative number in `eax` zero
    extends to out of bounds 64-bit offset.  */
    movzbl  16(%rdi, %rax), %ecx
    movzbl  16(%rsi, %rax), %eax
```

This fix is quite simple, just make the `addl %edx, %eax` 64 bit (i.e
`addq %rdx, %rax`). This prevents the 32-bit zero extension
and since `eax` is still a low bound of `16 - len` the `rdx + rax`
is bound by `(len - 32) - (16 - len) >= -16`. Since we have a
fixed offset of `16` in the memory access this must be in bounds.
2022-12-15 09:09:35 -08:00
Joseph Myers
6fd504849d Allow _Qp_fgt in sparc64 localplt.data
A recent GCC change resulted in localplt test failures on sparc64
because of references to _Qp_fgt.  This is analogous to all the other
floating-point symbols allowed in localplt.data, so it seems
appropriate to allow this one as well.

Tested with build-many-glibcs.py for sparc64-linux-gnu (GCC mainline),
where it fixes the test failure.
2022-12-13 22:16:22 +00:00
Adhemerval Zanella
5dcd2d0ad0 stdlib: Move _IO_cleanup to call_function_static_weak
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-12-12 09:53:23 -03:00
Adhemerval Zanella
d4facb63ff elf: Do not assume symbol order on tst-audit25{a,b}
The static linker might impose any order or internal function
position, so change the test to check if the audit prints the
symbol only once in any order.
2022-12-12 09:53:20 -03:00
Adhemerval Zanella Netto
4e21c20751 time: Use 64 bit time on tzfile
The tzfile_mtime is already compared to 64 bit time_t stat call.
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-09 09:56:09 -03:00
Adhemerval Zanella Netto
fa4a192778 nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402)
Although the nscd module is built with 64 bit time_t, the routines
linked direct to libc.so need to use the internal symbols.
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-09 09:56:09 -03:00
Adhemerval Zanella Netto
545eefc2f5 nis: Build libnsl with 64 bit time_t
And remove the usage of glibc reserved names.
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-09 09:56:09 -03:00
Siddhesh Poyarekar
f4f2ca1509 realloc: Return unchanged if request is within usable size
If there is enough space in the chunk to satisfy the new size, return
the old pointer as is, thus avoiding any locks or reallocations.  The
only real place this has a benefit is in large chunks that tend to get
satisfied with mmap, since there is a large enough spare size (up to a
page) for it to matter.  For allocations on heap, the extra size is
typically barely a few bytes (up to 15) and it's unlikely that it would
make much difference in performance.

Also added a smoke test to ensure that the old pointer is returned
unchanged if the new size to realloc is within usable size of the old
pointer.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-08 11:23:43 -05:00
Adhemerval Zanella Netto
929ea132b4 Linux: Consolidate typesizes.h
The generic (sysdeps/unix/sysv/linux/generic/bits/typesizes.h) and
default (bits/typesizes.h) differs in two fields:

                    bits/typesizes.h    Linux generic
__NLINK_T_TYPE      __UWORD_TYPE        __U32_TYPE
__BLKSIZE_T_TYPE    __SLONGWORD_TYPE    __S32_TYPE

Sinceit leads to different C++ mangling names, the default typesize.h
is copied for the requires archtiectures and the generic is make the
default Linux one.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:41:21 -03:00
Adhemerval Zanella Netto
9d53dc48e8 Linux: Make generic fcntl.h the default one
It is currently used for csky, arc, nios2, and or1k.  Newer 64 bit
architecture, like riscv32 and loongarch, reimplement it to override
F_GETLK64/F_SETLK64/F_SETLKW64.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:40:52 -03:00
Adhemerval Zanella Netto
fea7abbc23 Linux: make generic xstatver.h the default one
And copy the current default one to required ABIs.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:40:36 -03:00
Adhemerval Zanella Netto
71e4344f25 Linux: Remove generic sysdep
The includes chain is added on each architecture sysdep.h and
the __NR__llseek hack is moved to lseek.c and lseek64.c.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:33:47 -03:00
Adhemerval Zanella Netto
127945c561 Linux: Assume and consolidate shutdown wire-up syscall
And disable if kernel does not support it.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:17:28 -03:00