Commit Graph

4969 Commits

Author SHA1 Message Date
Stefan Liebler
5be920e910 s390x: don't allow br r0 in CRTJMP asm
The instruction encoding that would be "br %r0" is not actually a
branch to r0, but instead a nop/memory-barrier. gcc 14 has been found
to choose r0 for the "r"(pc) constraint, breaking CRTJMP.

This patch adjusts the inline assembly constraints and marks "pc" as
address ("a"), which disallows usage of r0.
2024-10-11 12:21:35 -04:00
Rich Felker
2fc56aaa9f update contributor name in authorship notices 2024-10-10 19:44:58 -04:00
Rich Felker
43664364c8 fix compile regression in exit on archs without SYS_pause
commit 8cca79a72c added use of SYS_pause
to exit() without accounting for newer archs omitting the syscall.

use the newly-added __sys_pause abstraction instead, which uses
SYS_ppoll when SYS_pause is missing.
2024-10-10 17:11:48 -04:00
Rich Felker
6d8000d3c6 abstract missing SYS_pause syscall with macros
newer archs lack the syscall. the pause() function accounted for this
with its own #ifdef, but that didn't allow use of the syscall directly
elsewhere, so move the logic to macros in src/internal/syscall.h where
it can be shared.
2024-10-10 17:11:39 -04:00
Rich Felker
23ab04a863 statx: add new struct statx fields and corresponding mask macros 2024-09-13 17:21:17 -04:00
Rich Felker
4ca8c26776 statx: fix uninitialized attributes/mask in fallback path
commit b817541f1c introduced statx with
a fallback using fstatat, but failed to fill in stx_rdev_major/minor
and stx_attributes[_mask]. the rdev omission has been addressed
separately. rather than explicitly zeroing the attributes and their
mask, pre-fill the entire structure with zeros. this will also cover
the padding adjacent to stx_mode, in case it's ever used in the
future.

explicit zeroing of stx_btime is removed since, with this change, it
will already be pre-zeroed. as an aside, zeroing it was not strictly
necessary, since STATX_BASIC_STATS does not include STATX_BTIME and
thus does not indicate any validity for it.
2024-09-13 17:11:00 -04:00
Gabriel Ravier
251cbb6366 statx: fix ENOSYS emulation not setting stx_rdev_*
The current implementation of the statx function fails to set the
values of stx->stx_rdev_major and stx->stx_rdev_minor if the statx
syscall fails with ENOSYS and thus the statx function has to fall back
on fstatat-based emulation.
2024-09-13 16:58:21 -04:00
Rich Felker
8c43c56269 sysconf: fix _SC_MINSIGSTKSZ computation to match kernel interpretation
the value placed in the aux vector AT_MINSIGSTKSZ by the kernel is
purely the signal frame size, and does not include any execution space
for the signal handler. this is contrary to the POSIX definition of
MINSIGSTKSZ to be a value that can actually execute at least some
minimal signal handler, and contrary to the historical definitions of
MINSIGSTKSZ which had at least 1k of headroom.
2024-08-31 12:38:56 -04:00
Rich Felker
300a1f5390 sigaltstack: enforce dynamic MINSIGSTKSZ limit
commit 996b6154b2 added support for
querying the dynamic limit but did not enforce it in sigaltstack. the
kernel also does not seem to reliably enforce it, or at least does not
necessarily enforce the same limit exposed to userspace, so it needs
to be enforced here.
2024-08-31 12:38:56 -04:00
Rich Felker
572a2e2eb9 printf: drastically reduce stack usage without [long] double args
internally, printf always works with the maximal-size supported
integer and floating point formats. however, the space needed to
format a floating point number is proportional to the mantissa and
exponent ranges. on archs where long double is larger than double,
knowing that the actual value fit in double allows us to use a much
smaller buffer, roughly 1/16 the size.

as a bonus, making the working buffer a VLA whose dimension depends on
the format specifier prevents the compiler from lifting the stack
adjustment to the top of printf_core. this makes it so printf calls
without floating point arguments do not waste even the smaller amount
of stack space needed for double, making it much more practical to use
printf in tightly stack-constrained environments.
2024-08-26 16:01:11 -04:00
Rich Felker
c94a0c16f0 isatty: don't collapse all non-EBADF errors to ENOTTY
linux puts hung-up ttys in a state where ioctls produce EIO, and may
do the same for other types of devices in error or shutdown states.
such an error clearly does not mean the device is not a tty, but it
also can't reliably establish that the device is a tty, so the only
safe thing to do seems to be reporting the error. programs that don't
check errno will conclude that the device is not a tty, which is no
different from what happens now, but at least they gain the option to
differentiate between the cases.

commit c84971995b introduced the errno
collapsing behavior, but prior to that, errno was not set at all by
isatty.
2024-08-20 12:45:38 -04:00
Rich Felker
ee18e584bf printf core: replace if(0) blocks around switch cases with explicit gotos
this is purely a readability change, not a functional one. all of the
integer format cases use a common tail for handling precision logic
after the string representation of the number has been generated. the
code as I originally wrote it was overly clever in the aim of making a
point that the flow could be done without goto, and jumped over
intervening cases by wrapping them in if (0) { }, with the case labels
for each inside the conditional block scope.

this has been a perpetual source of complaints about the readability
and comprehensibility of the file, so I am now changing it to
explicitly jump to the tail logic with goto statements.
2024-08-18 13:53:39 -04:00
Rich Felker
06a9647093 iconv: add cp858
this is the same as cp850, but with the euro symbol replacing the
lowercase dotless i at 0xd5. it is significant because it's used by
thermal receipt printers.
2024-08-18 13:00:10 -04:00
Rich Felker
e1b57ede3e catan: remove no-op reduction mod pi and unused code
the output of atan2 is already in the correct range and does not need
further reduction. the MAXNUM macros were both unused and incorrect.
2024-08-16 11:51:53 -04:00
Rich Felker
ca4e632df4 remove incorrect comment regarding powl exceptional cases
the comment does not match the required or actual behavior when x<0
and y is not an integer. while it could be corrected, the role of
comments here is to tell about characteristics unique to the
implementation, not to restate the requirements of the standard, so
just removing it seems best.
2024-08-14 20:43:27 -04:00
Rich Felker
c851b268bd strerror: add error strings for EUCLEAN and ENAVAIL
while not the only error codes presently omitted, these two are
particularly likely to be encountered in the wild.

EUCLEAN is used by linux filesystem and device drivers to report
filesystem structure corruption or data corruption.

ENAVAIL is used by some linux drivers to indicate non-availability of
a resource.

both names are new inventions to correspond to how they are actually
used, as the original kernel strings ("Structure needs cleaning" and
"No XENIX semaphores available") are not remotely meaningful or
reasonable.
2024-08-10 22:08:56 -04:00
Rich Felker
9c78557af0 use hidden visibility for C entry point function _start_c
the file-level crt_arch.h asm fragments generally make direct
(non-PLT) calls from _start to _start_c, which is only valid when
there is a local, non-interposable definition for _start_c. generally,
the linker is expected to know that local definitions in a main
executable (as opposed to shared library) output are non-interposable,
making this work, but historically there have been linker bugs in this
area, and microblaze is reportedly still broken, flagging the
relocation for the call as a textrel.

the equivalent _dlstart_c, called from the same crt_arch.h asm
fragments, has always used hidden visibility without problem, and
semantically it should be hidden, so make it hidden. this ensures the
direct call is always valid regardless of whether the linker properly
special-cases main executable output.
2024-08-10 19:49:24 -04:00
Rich Felker
882aedf6a1 fix lost or delayed wakes in sem_post under certain race conditions
if sem_post is interrupted between clearing the waiters bit from the
semaphore value and performing the futex wait operation, subsequent
calls to sem_post will not perform a wake operation unless a new
waiter has arrived.

usually, this is at most a minor nuisance, since the original wake
operation will eventually happen. however, it's possible that the wake
is delayed indefinitely if interrupted by a signal handler, or that
the address the wake needs to be performed on is no longer mapped if
the semaphore was a process-shared one that has since been unmapped
but has a waiter on a different mapping of the same semaphore. this
can happen when another thread using the same mapping "steals the
post" atomically before actually becoming a second waiter, deduces
from success that it was the last user of the semaphore mapping, then
re-posts and unmaps the semaphore mapping. this scenario was described
in a report by Markus Wichmann.

instead of checking only the waiters bit, also check the waiter count
that was sampled before the atomic post operation, and perform the
wake if it's nonzero. this will not produce any additional wakes under
non-race conditions, since the waiters bit only becomes zero when
targeting a single waiter for wake. checking both was already the
behavior prior to commit 159d1f6c02.
2024-08-10 16:30:28 -04:00
Baruch Siach
b09e3174a6 m68k: fix POLLWRNORM and POLLWRBAND
As noted in commit f5011c62c3 ("fix POLLWRNORM and POLLWRBAND on mips")
m68k uses a different definition.
2024-08-09 23:07:04 -04:00
Rich Felker
2de6b42605 fix missing make dependency for Scrt1.o due to typo
commit 2f853dd6b9 inadvertently changed
Scrt1.o to scrt1.o in the Makefile rule for dependency on crt_arch.h.
2024-08-09 23:03:52 -04:00
Rich Felker
cde213f9c3 timer_create: replace pthread barrier with semaphores for thread start
our pthread barrier implementation reportedly has bugs that are could
lead to malfunction or crash in timer_create. while this has not been
reviewed to confirm, there have been past reports of pthread barrier
bugs, and it seems likely that something is actually wrong.

pthread barriers are an obscure primitive, and timer_create is the
only place we are using them internally at present. even if they were
working correctly, this means we are imposing linking of otherwise
likely-dead code whenever timer_create is used.

a pair of semaphores functions identically to a 2-waiter barrier
except for destruction order properties. since the parent is
responsible for the argument structure (including semaphores)
lifetimes, the last operation on them in the timer thread must be
posting to the parent.
2024-07-24 12:56:01 -04:00
Rich Felker
9ee6f10407 atexit: fail rather than deadlocking after last handler is called
previously, global dtors, which are executed after all atexit handlers
have been called rather than being implemented as an atexit handler
themselves, would deadlock if they called atexit.

it was intentional to disallow adding more atexit handlers past the
last point where they would be executed, since a successful return
from atexit imposes a contract that the handler will be executed, but
this was only considered in the context of calls to atexit from other
threads, not calls from the dtors.

to fix this, release the lock after the exit handlers loop completes,
but but set a flag first so that we can make all future calls to
atexit return a failure code.
2024-07-24 12:33:46 -04:00
Rich Felker
8cca79a72c exit: add back lock to make concurrent calls to exit safe
per the C and POSIX standards, calling exit "more than once",
including via return from main, produces undefined behavior. this
language predates threads, and at the time it was written, could only
have applied to recursive calls to exit via atexit handlers. C++
likewise makes calls to exit from global dtors undefined. nonetheless,
by the present specification as written, concurrent calls to exit by
multiple threads also have undefined behavior.

originally, our implementation of exit did have locking to handle
concurrent calls safely, but that was changed in commit
2e55da9118 based on it being undefined.
from a standpoint of both hardening and quality of implementation,
that change seems to have been a mistake.

this change adds back locking, but with awareness of the lock owner so
that recursive calls to exit can be trapped rather than deadlocking.
this also opens up the possibility of allowing recursive calls to
succeed, if future consensus ends up being in favor of that.

prior to this change, exit already behaved partly as if protected by a
lock as long as atexit was linked, but multiple threads calling exit
could concurrently "pop off" atexit handlers and execute them in
parallel with one another rather than serialized in the reverse order
of registration. this was a likely unnoticed but potentially very
dangerous manifestation of the undefined behavior. if on the other
hand atexit was not linked, multiple threads calling exit concurrently
could each run their own instance of global dtors, if any, likely
producing double-free situations.

now, if multiple threads call exit concurrently, all but the first
will permanently block (in SYS_pause) until the process terminates,
and all atexit handlers, global dtors, and stdio flushing/position
consistency will be handled in the thread that arrived first. this is
really the only reasonable way to define concurrent calls to exit. it
is not recommended usage, but may become so in the future if there is
consensus/standardization, as there is a push from the rust language
community (and potentially other languages interoperating with the C
runtime) to make concurrent calls to the language's exit interfaces
safe even when multiple languages are involved in a program, and this
is only possible by having the locking in the underlying C exit.
2024-07-23 20:36:58 -04:00
Rich Felker
ef7d0ae212 move __utc string object to its own translation unit
having it in __tz.c caused gmtime[_r] and timegm to pull in all of the
time zone code despite having no need for it.
2024-07-23 12:01:41 -04:00
Rich Felker
dd1e63c363 syslog: revert LOG_FAC/LOG_FACMASK changes
commit 895736d49b made these changes
along with fixing a real bug in LOG_MAKEPRI. based on further
information, they do not seem to be well-motivated or in line with
policy.

the result of LOG_FAC is not a meaningful facility value if we shift
it down like before, but apparently the way it is used by applications
is as an index into an array of facility names. moreover, all
historical systems which define it do so with the shift. as it is a
nonstandard interface, there is no justification for providing a macro
by the same name that is incompatible with historical practice.

the value of LOG_FACMASK likewise is 0x3f8 on all historical systems
checked. while only 5 bits are used for existing facility codes, the
convention seems to be that all 7 bits belong to the facility field
and theoretically could be used to expand to having more facilities.
that seems unlikely to happen, but there is no reason to make a
gratuitously incompatible change here.
2024-07-05 13:22:25 -04:00
Rich Felker
008f737ddf siglongjmp: document why this function just calls longjmp 2024-06-23 20:52:53 -04:00
Jakub Stasiak
947b4574fa inet_ntop: fix the IPv6 leading zero sequence compression
Per RFC 5952, ties for longest sequence of zero fields must be broken
by choosing the earliest, but the implementation put the leading
sequence of zeros at a disadvantage. That's because for example when
compressing "0:0:0:10:0:0:0:10" the strspn(buf+i, ":0") call returns 6
for the first sequence and 7 for the second one – the second sequence
has the benefit of a leading colon.

Changing the condition to require beating the leading sequence by not
one but two characters resolves the issue.
2024-06-22 17:01:00 -04:00
Rich Felker
50ab830633 dynlink: avoid copying to temp buffer in get_lfs64
while commit 53ac44ff4c fixed the temp
buffer being undersized, the use of a temp buffer to begin with was a
mistake. instead, compare the requested symbol name in-place and use
the already-null-terminated copy of the name without "64" present in
lfs64_list[] to look up the real symbol.
2024-06-22 16:54:11 -04:00
Joe Damato
1b97d0060b sys/epoll.h: add epoll ioctls
add two ioctls to get and set struct epoll_params to allow users to
control epoll based busy polling of network sockets.

added to uapi in commit 18e2bf0edf4dd88d9656ec92395aa47392e85b61 (Linux
kernel 6.9 and newer).
2024-06-22 16:53:06 -04:00
Rich Felker
ab31e9d6a0 getusershell: skip blank lines and comments
this interface does not have a lot of historical consensus on how it
handles the contents of the /etc/shells file in regard to whitespace
and comments, but the commonality between all checked is that they
ignore lines that are blank or that begin with '#', so that is the
behavior we adopt.
2024-06-21 20:54:30 -04:00
Florian Ziesche
53ac44ff4c dynlink: fix get_lfs64() with posix_fallocate64
"posix_fallocate64" is 17 characters long, so 16 is one too short.
2024-06-20 22:44:35 -04:00
Rich Felker
895736d49b syslog: fix incorrect LOG_MAKEPRI and LOG_FAC[MASK] macros
these are nonstandard and unnecessary for using the associated
functionality, but resulted in applications that used them
malfunctioning.

patch based on proposed fix by erny hombre.
2024-06-13 11:48:40 -04:00
Tony Ambardar
05ce67fea9 add renameat2 linux syscall wrapper
This syscall is available since Linux 3.15 and also implemented in
glibc from version 2.28. It is commonly used in filesystem or security
contexts.

Constants RENAME_NOREPLACE, RENAME_EXCHANGE, RENAME_WHITEOUT are
guarded by _GNU_SOURCE as with glibc.
2024-05-23 09:13:49 -04:00
Rich Felker
0079972992 fix mismatched type in posix_getdents definition
commit 1b0d48517f wrongly copied the
getdents return type of int rather than matching the ssize_t used by
posix_getdents. this was overlooked in testing on 32-bit archs but
obviously broke 64-bit archs.
2024-05-12 15:33:15 -04:00
mojyack
cbf59dd662 aarch64 crti.o: fix alignment of _init/_fini
without explicit alignment directives, whether they end up at the
necessary alignment depends on linker/linking conditions. initially
reported as mold issue 1255.
2024-05-12 12:17:13 -04:00
Gonzalo Alvarez
84015cee17 fix typo that broke sys/reg.h and sys/user.h
commit 7019fbe103 and commit
e709a6f07a misspelled bits/alltypes.h.
2024-05-11 17:52:04 -04:00
Rich Felker
1b0d48517f implement posix_getdents adopted for next issue of POSIX
this interface was added as the outcome of Austin Group tracker issue
697. no error is specified for unsupported flags, which is probably an
oversight. for now, EOPNOTSUPP is used so as not to overload EINVAL.
2024-05-08 08:50:03 -04:00
Rich Felker
2c124e13bd stdint.h: derive limits from __LONG_MAX, use common fast16 types
the bits file is retained, but as a single generic version, to allow
for the unlikely future possibility of letting a new arch define
something differently.
2024-05-07 09:17:51 -04:00
Rich Felker
7019fbe103 sys/user.h: derive __WORDSIZE from __LONG_MAX
previously, only a few archs defined it here. this change makes the
presence consistent across all archs, and reduces the amount of header
duplication (and potential for future inconsistency) between archs.
2024-05-07 09:11:10 -04:00
Rich Felker
e709a6f07a sys/reg.h: derive __WORDSIZE from __LONG_MAX
this removes an otherwise-unnecessary bits header from most archs,
replacing it with an empty generic version.
2024-05-07 09:08:31 -04:00
Rich Felker
29b216b2f2 unistd.h: derive ILP32/LP64 macros from __LONG_MAX instead of arch bits 2024-05-07 09:01:47 -04:00
Rich Felker
0dfa1d8caa unify bits/stat.h for all archs sharing a common definition
future archs should not define their own bits/stat.h but use this
generic one.
2024-05-07 08:58:45 -04:00
Rich Felker
ef600888d2 align aarch64, riscv64, loongarch64 stat structure padding type
this change is purely to document that they are the same in
preparation to remove the arch-specific headers for these archs and
replace them with a generic version that matches riscv32 and can be
shared by these and all future archs.
2024-05-07 08:55:55 -04:00
Rich Felker
6f666231bf ldso: fix non-functional fix to early dynamic PAGE_SIZE access
commit f47a8cdd25 introduced an
alternate mechanism for access to runtime page size for compatibility
with early stages of dynamic linking, but because pthread_impl.h
indirectly includes libc.h, the condition #ifndef PAGE_SIZE was never
satisfied.

rather than depend on order of inclusion, use the (baseline POSIX)
macro PAGESIZE, not the (XSI) macro PAGE_SIZE, to determine whether
page size is dynamic. our internal libc.h only provides a dynamic
definition for PAGE_SIZE, not for PAGESIZE.
2024-05-07 08:32:11 -04:00
Rich Felker
fced99e93d strptime: implement conversion specifiers adopted for next POSIX issue
the %s conversion is added as the outcome of Austin Group tracker
issue 169 and its unspecified behavior is clarified as the outcome of
issue 1727.

the %F, %g, %G, %u, %V, %z, and %Z conversions are added as the
outcome of Austin Group tracker issue 879 for alignment with strftime
and the behaviors of %u, %z, and %Z are defined as the outcome of
issue 1727.

at this time, the conversions with unspecified effects on struct tm
are all left as parse-only no-ops. this may be changed at a later
time, particularly for %s, if there is reasonable cross-implementation
consensus outside the standards process on what the behavior should
be.
2024-05-06 19:04:55 -04:00
Rich Felker
3f9d4224d8 printf decimal integer formatting: shave off one division
once the remaining value is less than 10, the modulo operation to
produce the final digit and division to prepare for next loop
iteration can be dropped. this may be a meaningful performance
distinction when formatting low-magnitude numbers in bulk, and should
never hurt.

based on patch by Viktor Reznov.
2024-05-06 17:13:23 -04:00
Michael Forney
a23cf8f9c5 riscv mcontext_t/sigcontext: use __aligned__ instead of aligned
aligned may be defined by the application for its own use before
bits/signal.h is included.
2024-05-06 10:59:12 -04:00
Rich Felker
cbf1c7b605 add missing STATX_ATTR_* macros omitted when statx was added
commit b817541f1c added statx and the
mask constant macros, but not the stx_attributes[_mask] ones.
2024-04-24 13:26:03 -04:00
Rich Felker
3f49203c55 initgroups: do not artificially limit number of supplementary groups
historically linux limited the number of supplementary groups a
process could be in to 32, but this limit was raised to 65536 in linux
2.6.4. proposals to support the new limit, change NGROUPS_MAX, or make
it dynamic have been stalled due to the impact it would have on
initgroups where the groups array exists in automatic storage.

the changes here decouple initgroups from the value of NGROUPS_MAX and
allow it to fall back to allocating a buffer in the case where
getgrouplist indicates the user has more supplementary groups than
could be reported in the buffer. getgrouplist already involves
allocation, so this does not pull in any new link dependency.
likewise, getgrouplist is already using the public malloc (vs internal
libc one), so initgroups does the same. if this turns out not to be
the best choice, both can be changed together later.

the initial buffer size is left at 32, but now as the literal value,
so that any potential future change to NGROUPS_MAX will not affect
initgroups.
2024-04-13 23:05:46 -04:00
Rich Felker
24ebbbdedc printf: fix edge case where hex float precision was not honored
commit cfa0a54c08 attempted to fix
rounding on archs where long double is not 80-bit (where LDBL_MANT_DIG
is not zero mod four), but failed to address the edge case where
rounding was skipped because LDBL_MANT_DIG/4 rounded down in the
comparison against the requested precision.

the rounding logic based on hex digit count is difficult to understand
and not well-motivated, so rather than try to fix it, replace it with
an explicit calculation in terms of number of bits to be kept, without
any truncating division operations. based on patch by Peter Ammon, but
with scalbn to apply the rounding exponent since the value will not
generally fit in any integer type. scalbn is used instead of scalbnl
to avoid pulling in the latter unnecessarily, since the value is an
exact power of two whose exponent range is bounded by LDBL_MANT_DIG, a
small integer.
2024-04-12 19:57:59 -04:00