about summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* scripts: Add fortify checks on installed headers azanella/check-headersAdhemerval Zanella2023-07-101-13/+23
| | | | | | | | | The _FORTIFY_SOURCE is used as default by some system compilers, and there is no way to check if some fortify extension does not trigger any conformance issue. Checked on x86_64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Update sparc libm-test-ulpsAdhemerval Zanella2023-07-101-0/+1
|
* sysdeps: Add missing hidden definitions for i386Frédéric Bérat2023-07-102-0/+2
| | | | | Add missing libc_hidden_builtin_def for memset_chk and MEMCPY_CHK on i386.
* sysdeps/s390: Exclude fortified routines from being built with _FORTIFY_SOURCEFrédéric Bérat2023-07-101-0/+20
| | | | | | | | Depending on build configuration, the [routine]-c.c files may be chosen to provide fortified routines implementation. While [routines].c implementation were automatically excluded, the [routines]-c.c ones were not. This patch fixes that by adding these file to the list to be filtered.
* Translations: Add new ro support and update others.Carlos O'Donell2023-07-0710-67/+7910
| | | | | | | This brings in the new Romanian language translations, and updates nine other translations. Important translations in this update include the Italian and Japanese translations for ESTALE which remove the mention of "NFS" from the error message translation.
* elf: _dl_find_object may return 1 during early startup (bug 30515)Florian Weimer2023-07-072-1/+12
| | | | | | | | | | | | Success is reported with a 0 return value, and failure is -1. Enhance the kitchen sink test elf/tst-audit28 to cover _dl_find_object as well. Fixes commit 5d28a8962dcb ("elf: Add _dl_find_object function") and bug 30515. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* LoongArch: config: Rewrite check on static PIE.caiyinyu2023-07-072-14/+14
| | | | | It's better to add "\" before "EOF" and remove "\" before "$".
* Revert "hppa: Drop 16-byte pthread lock alignment"John David Anglin2023-07-062-9/+3
| | | | | This change reverts commits c4468cd3995b4236ea886901109b194641132b08 and ab991a3d1b401ded6bd4f027352da8262b021a11.
* realloc: Limit chunk reuse to only growing requests [BZ #30579]Siddhesh Poyarekar2023-07-061-8/+15
| | | | | | | | | | | | | | | | | | | | | The trim_threshold is too aggressive a heuristic to decide if chunk reuse is OK for reallocated memory; for repeated small, shrinking allocations it leads to internal fragmentation and for repeated larger allocations that fragmentation may blow up even worse due to the dynamic nature of the threshold. Limit reuse only when it is within the alignment padding, which is 2 * size_t for heap allocations and a page size for mmapped allocations. There's the added wrinkle of THP, but this fix ignores it for now, pessimizing that case in favor of keeping fragmentation low. This resolves BZ #30579. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reported-by: Nicolas Dusart <nicolas@freedelity.be> Reported-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Tested-by: Aurelien Jarno <aurelien@aurel32.net>
* vfscanf-internal: Remove potentially unbounded allocasAdhemerval Zanella2023-07-065-17/+197
| | | | | | | | | | | Some locales define a list of mapping pairs of alternate digits and separators for input digits (to_inpunct). This require the scanf to create a list of all possible inputs for the optional type modifier 'I'. Checked on x86_64-linux-gnu. Reviewed-by: Joe Simmons-Talbott <josimmon@redhat.com>
* fileops: Don't process ,ccs= as individual mode flags (BZ#18906)Joe Simmons-Talbott2023-07-052-1/+34
| | | | | | | | | | | In processing the first 7 individual characters of the mode for fopen if ,ccs= is used those characters will be processed as well. Stop processing individual mode flags once a comma is encountered. This has the effect of requiring ,ccs= to be the last mode flag in the mode string. Add a testcase to check that the ,ccs= mode flag is not processed as individual mode flags. Reviewed-by: DJ Delorie <dj@redhat.com>
* sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused resultFrédéric Bérat2023-07-052-14/+17
| | | | | | | Return value from *scanf and *asprintf routines are now properly checked in test-scanf-ldbl-compat-template.c and test-printf-ldbl-compat.c. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCEFrédéric Bérat2023-07-051-1/+1
| | | | | | | The change is meant to avoid unwanted PLT entry for the fgets_unlocked routine when _FORTIFY_SOURCE is set. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* libio/bits/stdio2.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-052-48/+49
| | | | | | | | Move declarations from libio/bits/stdio.h to existing libio/bits/stdio2-decl.h. This will enable future use of __REDIRECT_FORTIFY in place of some __REDIRECT. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/bits/syslog.h: Clearly separate declaration from definitionFrédéric Bérat2023-07-057-10/+46
| | | | | | | | This allows to include bits/syslog-decl.h in include/sys/syslog.h and therefore be able to create the libc_hidden_builtin_proto (__syslog_chk) prototype. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/bits/select2.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-056-4/+40
| | | | | | | | | The __fdelt_chk declaration needs to be available so that libc_hidden_proto can be used while not redefining __FD_ELT. Thus, misc/bits/select-decl.h is created to hold the corresponding prototypes. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* unistd: Avoid PLT entries with _FORTIFY_SOURCEFrédéric Bérat2023-07-055-3/+10
| | | | | | | The change is meant to avoid unwanted PLT entries for the read_chk, getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* posix/bits/unistd.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-055-153/+202
| | | | | | | | | | | This change is similar to what was done for bits/wchar2.h. Routines declaration are moved into a dedicated bits/unistd-decl.h file which is then included into the bits/unistd.h file. This will allow to adapt the files so that PLT entries are not created when _FORTIFY_SOURCE is enabled. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* wchar: Avoid PLT entries with _FORTIFY_SOURCEFrédéric Bérat2023-07-055-2/+23
| | | | | | | | | | The change is meant to avoid unwanted PLT entries for the wmemset and wcrtomb routines when _FORTIFY_SOURCE is set. On top of that, ensure that *_chk routines have their hidden builtin definitions available. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/sys/cdefs.h: Create FORTIFY redirects for internal callsFrédéric Bérat2023-07-052-0/+22
| | | | | | | | | | | The __REDIRECT* macros are creating aliases which may lead to unwanted PLT entries when fortification is enabled. To prevent these entries, the REDIRECT alias should be set to point to the existing __GI_* aliases. This is done transparently by creating a __REDIRECT_FORTIFY* version of these macros, that can be overwritten internally when necessary. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* stdio: Ensure *_chk routines have their hidden builtin definition availableFrédéric Bérat2023-07-059-2/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines, there are unwanted PLT entries in libc.so. There is a special case with __asprintf_chk: If ldbl_* macros are used for asprintf, ABI gets broken on s390x, if it isn't, ppc64le isn't building due to multiple asm redirections. This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it isn't for s390x. This header creates redirections, which are not compatible with the ones generated using libc_hidden_def. Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not create a simple strong alias (e.g. as done on x86_64), but a versioned alias, leading to ABI breakage. This results in errors on s390x: /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference to `__asprintf_chk' Original __asprintf_chk symbols: 00000000001395b0 T __asprintf_chk 0000000000177e90 T __nldbl___asprintf_chk __asprintf_chk symbols with ldbl_* macros: 000000000012d590 t ___asprintf_chk 000000000012d590 t __asprintf_chk@@GLIBC_2.4 000000000012d590 t __GI___asprintf_chk 000000000012d590 t __GL____asprintf_chk___asprintf_chk 0000000000172240 T __nldbl___asprintf_chk __asprintf_chk symbols with the patch: 000000000012d590 t ___asprintf_chk 000000000012d590 T __asprintf_chk 000000000012d590 t __GI___asprintf_chk 0000000000172240 T __nldbl___asprintf_chk Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* string: Ensure *_chk routines have their hidden builtin definition availableFrédéric Bérat2023-07-0528-1/+58
| | | | | | | If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines, there are unwanted PLT entries in libc.so. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* sysdeps: Ensure ieee128*_chk routines to be properly namedFrédéric Bérat2023-07-0519-40/+40
| | | | | | | | | | | | The *_chk routines naming doesn't match the name that would be generated using libc_hidden_ldbl_proto. Since the macro is needed for some of these *_chk functions for _FORTIFY_SOURCE to be enabled, that needed to be fixed. While at it, all the *_chk function get renamed appropriately for consistency, even if not strictly necessary. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
* Exclude routines from fortificationFrédéric Bérat2023-07-0517-26/+248
| | | | | | | | | | | | | | | | | Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to be excluded from the fortification. On top of that: - some tests explicitly verify that some level of fortification works appropriately, we therefore shouldn't modify the level set for them. - some objects need to be build with optimization disabled, which prevents _FORTIFY_SOURCE to be used for them. Assembler files that implement architecture specific versions of the fortified routines were not excluded from _FORTIFY_SOURCE as there is no C header included that would impact their behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Allow glibc to be built with _FORTIFY_SOURCEFrédéric Bérat2023-07-059-42/+167
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add --enable-fortify-source option. It is now possible to enable fortification through a configure option. The level may be given as parameter, if none is provided, the configure script will determine what is the highest level possible that can be set considering GCC built-ins availability and set it. If level is explicitly set to 3, configure checks if the compiler supports the built-in function necessary for it or raise an error if it isn't. If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is forcibly undefined (and therefore disabled). The result of the configure checks are new variables, ${fortify_source} and ${no_fortify_source} that can be used to appropriately populate CFLAGS. A dedicated patch will follow to make use of this variable in Makefiles when necessary. Updated NEWS and INSTALL. Adding dedicated x86_64 variant that enables the configuration. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* manual: Update documentation of strerror and related functionsFlorian Weimer2023-07-031-26/+98
| | | | | | | | | | | | The current implementation of strerror is thread-safe, but this has implications for the lifetime of the return string. Describe the strerror_l function. Describe both variants of the strerror_r function. Mention the lifetime of the returned string for strerrorname_np and strerrordesc_np. Clarify that perror output depends on the current locale. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* manual: Enhance documentation of the <ctype.h> functionsFlorian Weimer2023-07-031-8/+24
| | | | | | | | Describe the problems with signed characters, and the glibc extension to deal with most of them. Mention that the is* functions return zero for the special argument EOF. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Always do locking when accessing streams (bug 15142, bug 14697)Andreas Schwab2023-07-032-34/+10
| | | | | | Now that abort no longer calls fflush there is no reason to avoid locking the stdio streams anywhere. This fixes a conformance issue and potential heap corruption during exit.
* hurd: Implement MAP_EXCLSergey Bugaev2023-07-032-10/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MAP_FIXED is defined to silently replace any existing mappings at the address range being mapped over. This, however, is a dangerous, and only rarely desired behavior. Various Unix systems provide replacements or additions to MAP_FIXED: * SerenityOS and Linux provide MAP_FIXED_NOREPLACE. If the address space already contains a mapping in the requested range, Linux returns EEXIST. SerenityOS returns ENOMEM, however that is a bug, as the MAP_FIXED_NOREPLACE implementation is intended to be compatible with Linux. * FreeBSD provides the MAP_EXCL flag that has to be used in combination with MAP_FIXED. It returns EINVAL if the requested range already contains existing mappings. This is directly analogous to the O_EXCL flag in the open () call. * DragonFly BSD, NetBSD, and OpenBSD provide MAP_TRYFIXED, but with different semantics. DragonFly BSD returns ENOMEM if the requested range already contains existing mappings. NetBSD does not return an error, but instead creates the mapping at a different address if the requested range contains mappings. OpenBSD behaves the same, but also notes that this is the default behavior even without MAP_TRYFIXED (which is the case on the Hurd too). Since the Hurd leans closer to the BSD side, add MAP_EXCL as the primary API to request the behavior of not replacing existing mappings. Declare MAP_FIXED_NOREPLACE and MAP_TRYFIXED as aliases of (MAP_FIXED|MAP_EXCL), so any existing software that checks for either of those macros will pick them up automatically. For compatibility with Linux, return EEXIST if a mapping already exists. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230625231751.404120-5-bugaevc@gmail.com>
* hurd: Fix mapping at address 0 with MAP_FIXEDSergey Bugaev2023-07-031-2/+9
| | | | | | | | | | | Zero address passed to mmap () typically means the caller doesn't have any specific preferred address. Not so if MAP_FIXED is passed: in this case 0 means literal 0. Fix this case to pass anywhere = 0 into vm_map. Also add some documentation. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230625231751.404120-4-bugaevc@gmail.com>
* hurd: Fix calling vm_deallocate (NULL)Sergey Bugaev2023-07-031-3/+7
| | | | | | | | | | Only call vm_deallocate when we do have the old buffer, and check for unexpected errors. Spotted while debugging a msgids/readdir issue on x86_64-gnu. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230625231751.404120-3-bugaevc@gmail.com>
* hurd: Map brk non-executableSergey Bugaev2023-07-031-2/+2
| | | | | | | | | | | | The rest of the heap (backed by individual pages) is already mapped RW. Mapping these pages RWX presents a security hazard. Also, in another branch memory gets allocated using vm_allocate, which sets memory protection to VM_PROT_DEFAULT (which is RW). The mismatch between protections prevents Mach from coalescing the VM map entries. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230625231751.404120-2-bugaevc@gmail.com>
* htl: Let Mach place thread stacksSergey Bugaev2023-07-031-29/+6
| | | | | | | | | | | | | | Instead of trying to allocate a thread stack at a specific address, looping over the address space, just set the ANYWHERE flag in vm_allocate (). The previous behavior: - defeats ASLR (for Mach versions that support ASLR), - is particularly slow if the lower 4 GB of the address space are mapped inaccessible, as we're planning to do on 64-bit Hurd, - is just silly. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230625231751.404120-1-bugaevc@gmail.com>
* mach: strerror must not return NULL (bug 30555)Samuel Thibault2023-07-021-7/+19
| | | | | | | | | | | This follows 1d44530a5be2 ("string: strerror must not return NULL (bug 30555)"): « For strerror, this fixes commit 28aff047818eb1726394296d27b ("string: Implement strerror in terms of strerror_l"). This commit avoids returning NULL for strerror_l as well, although POSIX allows this behavior for strerror_l. »
* hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later)John David Anglin2023-07-011-0/+4
|
* support: Build with exceptions and asynchronous unwind tables [BZ #30587]John David Anglin2023-07-011-0/+3
| | | | | | | | | Changing tst-cleanup4.c to use xread instead of read caused the nptl/tst-cleanupx4 test to fail. The routines in libsupport.a need to be built with exception handling and asynchronous unwind table support. v2: Use "CFLAGS-.oS" instead of "override CFLAGS".
* hurd: Make getrandom return ENOSYS when /dev/random is not set upSamuel Thibault2023-07-011-2/+7
| | | | So that callers (e.g. __arc4random_buf) don't try calling it again.
* Stop applying a GCC-specific workaround on clang [BZ #30550]Tulio Magno Quites Machado Filho2023-06-301-1/+2
| | | | | | | | | | GCC was the only compiler affected by the issue with __builtin_isinf_sign and float128. Fix BZ #30550. Reported-by: Qiu Chaofan <qiucofan@cn.ibm.com> Reviewed-by: Florian Weimer <fweimer@redhat.com>
* ld.so: Always use MAP_COPY to map the first segment [BZ #30452]H.J. Lu2023-06-304-1/+10
| | | | | | | | | | | The first segment in a shared library may be read-only, not executable. To support LD_PREFER_MAP_32BIT_EXEC on such shared libraries, we also check MAP_DENYWRITE to decide if MAP_32BIT should be passed to mmap. Normally the first segment is mapped with MAP_COPY, which is defined as (MAP_PRIVATE | MAP_DENYWRITE). But if the segment alignment is greater than the page size, MAP_COPY isn't used to allocate enough space to ensure that the segment can be properly aligned. Map the first segment with MAP_COPY in this case to fix BZ #30452.
* setenv.c: Get rid of alloca.Joe Simmons-Talbott2023-06-301-34/+6
| | | | | | Use malloc rather than alloca to avoid potential stack overflow. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Add checks for wday, yday and new date formatsMartin Coufal2023-06-301-14/+27
| | | | | | | tm time struct contains tm_wday and tm_yday that were previously not checked in this test. Also added new test cases for date formats containing %D, %R or %h. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* aarch64: Add vector implementations of exp routinesJoe Ramsay2023-06-3015-1/+597
| | | | | | | | | | | | Optimised implementations for single and double precision, Advanced SIMD and SVE, copied from Arm Optimized Routines. As previously, data tables are used via a barrier to prevent overly aggressive constant inlining. Special-case handlers are marked NOINLINE to avoid incurring the penalty of switching call standards unnecessarily. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* aarch64: Add vector implementations of log routinesJoe Ramsay2023-06-3015-1/+563
| | | | | | | | | | | | | | Optimised implementations for single and double precision, Advanced SIMD and SVE, copied from Arm Optimized Routines. Log lookup table added as HIDDEN symbol to allow it to be shared between AdvSIMD and SVE variants. As previously, data tables are used via a barrier to prevent overly aggressive constant inlining. Special-case handlers are marked NOINLINE to avoid incurring the penalty of switching call standards unnecessarily. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* aarch64: Add vector implementations of sin routinesJoe Ramsay2023-06-3013-6/+430
| | | | | | | | | | | | Optimised implementations for single and double precision, Advanced SIMD and SVE, copied from Arm Optimized Routines. As previously, data tables are used via a barrier to prevent overly aggressive constant inlining. Special-case handlers are marked NOINLINE to avoid incurring the penalty of switching call standards unnecessarily. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* aarch64: Add vector implementations of cos routinesJoe Ramsay2023-06-3013-123/+609
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace the loop-over-scalar placeholder routines with optimised implementations from Arm Optimized Routines (AOR). Also add some headers containing utilities for aarch64 libmvec routines, and update libm-test-ulps. Data tables for new routines are used via a pointer with a barrier on it, in order to prevent overly aggressive constant inlining in GCC. This allows a single adrp, combined with offset loads, to be used for every constant in the table. Special-case handlers are marked NOINLINE in order to confine the save/restore overhead of switching from vector to normal calling standard. This way we only incur the extra memory access in the exceptional cases. NOINLINE definitions have been moved to math_private.h in order to reduce duplication. AOR exposes a config option, WANT_SIMD_EXCEPT, to enable selective masking (and later fixing up) of invalid lanes, in order to trigger fp exceptions correctly (AdvSIMD only). This is tested and maintained in AOR, however it is configured off at source level here for performance reasons. We keep the WANT_SIMD_EXCEPT blocks in routine sources to greatly simplify the upstreaming process from AOR to glibc. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* Switch to UTF-8 for INSTALLPaul Eggert2023-06-292-249/+249
| | | | | This makes it slightly easier to read, and these days everybody can read UTF-8.
* Make sure INSTALL is ASCII plaintextSiddhesh Poyarekar2023-06-292-3/+3
| | | | | | | Add --disable-encoding to makeinfo flags so that it does not generate unicode quote glyphs. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Update syscall lists for Linux 6.4Joseph Myers2023-06-285-2/+7
| | | | | | | | Linux 6.4 adds the riscv_hwprobe syscall on riscv and enables memfd_secret on s390. Update syscall-names.list and regenerate the arch-syscall.h headers with build-many-glibcs.py update-syscalls. Tested with build-many-glibcs.py.
* linux: Return unsupported if procfs can not be mount on tst-ttyname-namespaceAdhemerval Zanella2023-06-281-12/+16
| | | | | | | | | | | | | | | | Trying to mount procfs can fail due multiples reasons: proc is locked due the container configuration, mount syscall is filtered by a Linux Secuirty Module, or any other security or hardening mechanism that Linux might eventually add. The tests does require a new procfs without binding to parent, and to fully fix it would require to change how the container was created (which is out of the scope of the test itself). Instead of trying to foresee any possible scenario, if procfs can not be mount fail with unsupported. Checked on aarch64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* linux: Split tst-ttynameAdhemerval Zanella2023-06-284-206/+259
| | | | | | | | | | The tst-ttyname-direct.c checks the ttyname with procfs mounted in bind mode (MS_BIND|MS_REC), while tst-ttyname-namespace.c checks with procfs mount with MS_NOSUID|MS_NOEXEC|MS_NODEV in a new namespace. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>