about summary refs log tree commit diff
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Define __libc_initial for the static libcFlorian Weimer2024-08-091-0/+3
| | | | Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717)Florian Weimer2024-08-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The old code used l_init_called as an indicator for whether TLS initialization was complete. However, it is possible that TLS for an object is initialized, written to, and then dlopen for this object is called again, and l_init_called is not true at this point. Previously, this resulted in TLS being initialized twice, discarding any interim writes (technically introducing a use-after-free bug even). This commit introduces an explicit per-object flag, l_tls_in_slotinfo. It indicates whether _dl_add_to_slotinfo has been called for this object. This flag is used to avoid double-initialization of TLS. In update_tls_slotinfo, the first_static_tls micro-optimization is removed because preserving the initalization flag for subsequent use by the second loop for static TLS is a bit complicated, and another per-object flag does not seem to be worth it. Furthermore, the l_init_called flag is dropped from the second loop (for static TLS initialization) because l_need_tls_init on its own prevents double-initialization. The remaining l_init_called usage in resize_scopes and update_scopes is just an optimization due to the use of scope_has_map, so it is not changed in this commit. The isupper check ensures that libc.so.6 is TLS is not reverted. Such a revert happens if l_need_tls_init is not cleared in _dl_allocate_tls_init for the main_thread case, now that l_init_called is not checked anymore in update_tls_slotinfo in elf/dl-open.c. Reported-by: Jonathon Anderson <janderson@rice.edu> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Increase version number to 2.40Andreas K. Hüttel2024-07-211-1/+1
| | | | Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
* posix: Sync tempname with gnulibAdhemerval Zanella2024-04-101-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | The gnulib version contains an important change (9ce573cde), which fixes some problems with multithreading, entropy loss, and ASLR leak nfo. It also fixes an issue where getrandom is not being used on some new files generation (only for __GT_NOCREATE on first try). The 044bf893ac removed __path_search, which is now moved to another gnulib shared files (stdio-common/tmpdir.{c,h}). Tthis patch also fixes direxists to use __stat64_time64 instead of __xstat64, and move the include of pathmax.h for !_LIBC (since it is not used by glibc). The license is also changed from GPL 3.0 to 2.1, with permission from the authors (Bruno Haible and Paul Eggert). The sync also removed the clock fallback, since clock_gettime with CLOCK_REALTIME is expected to always succeed. It syncs with gnulib commit 323834962817af7b115187e8c9a833437f8d20ec. Checked on x86_64-linux-gnu. Co-authored-by: Bruno Haible <bruno@clisp.org> Co-authored-by: Paul Eggert <eggert@cs.ucla.edu> Reviewed-by: Bruno Haible <bruno@clisp.org>
* riscv: Enable multi-arg ifunc resolversEvan Green2024-03-011-11/+17
| | | | | | | | | | | | | | | | | | | | | | | | RISC-V is apparently the first architecture to pass more than one argument to ifunc resolvers. The helper macros in libc-symbols.h, __ifunc_resolver(), __ifunc(), and __ifunc_hidden(), are incompatible with this. These macros have an "arg" (non-final) parameter that represents the parameter signature of the ifunc resolver. The result is an inability to pass the required comma through in a single preprocessor argument. Rearrange the __ifunc_resolver() macro to be variadic, and pass the types as those variable parameters. Move the guts of __ifunc() and __ifunc_hidden() into new macros, __ifunc_args(), and __ifunc_args_hidden(), that pass the variable arguments down through to __ifunc_resolver(). Then redefine __ifunc() and __ifunc_hidden(), which are used in a bunch of places, to simply shuffle the arguments down into __ifunc_args[_hidden]. Finally, define a riscv-ifunc.h header, which provides convenience macros to those looking to write ifunc selectors that use both arguments. Signed-off-by: Evan Green <evan@rivosinc.com> Reviewed-by: Florian Weimer <fweimer@redhat.com> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
* arm: Use _dl_find_object on __gnu_Unwind_Find_exidx (BZ 31405)Adhemerval Zanella2024-02-231-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of __dl_iterate_phdr. On ARM dlfo_eh_frame/dlfo_eh_count maps to PT_ARM_EXIDX vaddr start / length. On a Neoverse N1 machine with 160 cores, the following program: $ cat test.c #include <stdlib.h> #include <pthread.h> #include <assert.h> enum { niter = 1024, ntimes = 128, }; static void * tf (void *arg) { int a = (int) arg; for (int i = 0; i < niter; i++) { void *p[ntimes]; for (int j = 0; j < ntimes; j++) p[j] = malloc (a * 128); for (int j = 0; j < ntimes; j++) free (p[j]); } return NULL; } int main (int argc, char *argv[]) { enum { nthreads = 16 }; pthread_t t[nthreads]; for (int i = 0; i < nthreads; i ++) assert (pthread_create (&t[i], NULL, tf, (void *) i) == 0); for (int i = 0; i < nthreads; i++) { void *r; assert (pthread_join (t[i], &r) == 0); assert (r == NULL); } return 0; } $ arm-linux-gnueabihf-gcc -fsanitize=address test.c -o test Improves from ~15s to 0.5s. Checked on arm-linux-gnueabihf.
* string: Add hidden builtin definition for __strcpy_chk.Stefan Liebler2024-02-061-0/+1
| | | | | | | | | | | | Otherwise on at least x86_64 and s390x there is an unwanted PLT entry in libc.so when configured with --enable-fortify-source=3 and build with -Os. This is observed in elf/check-localplt Extra PLT reference: libc.so: __strcpy_chk The call to PLT entry is in inet/ruserpass.c. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Refer to C23 in place of C2X in glibcJoseph Myers2024-02-015-26/+34
| | | | | | | | | | | | | | | WG14 decided to use the name C23 as the informal name of the next revision of the C standard (notwithstanding the publication date in 2024). Update references to C2X in glibc to use the C23 name. This is intended to update everything *except* where it involves renaming files (the changes involving renaming tests are intended to be done separately). In the case of the _ISOC2X_SOURCE feature test macro - the only user-visible interface involved - support for that macro is kept for backwards compatibility, while adding _ISOC23_SOURCE. Tested for x86_64.
* version.h, include/features.h: Bump version to 2.39Andreas K. Hüttel2024-01-311-1/+1
| | | | Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
* Implement C23 <stdbit.h>Joseph Myers2024-01-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | C23 adds a header <stdbit.h> with various functions and type-generic macros for bit-manipulation of unsigned integers (plus macro defines related to endianness). Implement this header for glibc. The functions have both inline definitions in the header (referenced by macros defined in the header) and copies with external linkage in the library (which are implemented in terms of those macros to avoid duplication). They are documented in the glibc manual. Tests, as well as verifying results for various inputs (of both the macros and the out-of-line functions), verify the types of those results (which showed up a bug in an earlier version with the type-generic macro stdc_has_single_bit wrongly returning a promoted type), that the macros can be used at top level in a source file (so don't use ({})), that they evaluate their arguments exactly once, and that the macros for the type-specific functions have the expected implicit conversions to the relevant argument type. Jakub previously referred to -Wconversion warnings in type-generic macros, so I've included a test with -Wconversion (but the only warnings I saw and fixed from that test were actually in inline functions in the <stdbit.h> header - not anything coming from use of the type-generic macros themselves). This implementation of the type-generic macros does not handle unsigned __int128, or unsigned _BitInt types with a width other than that of a standard integer type (and C23 doesn't require the header to handle such types either). Support for those types, using the new type-generic built-in functions Jakub's added for GCC 14, can reasonably be added in a followup (along of course with associated tests). This implementation doesn't do anything special to handle C++, or have any tests of functionality in C++ beyond the existing tests that all headers can be compiled in C++ code; it's not clear exactly what form this header should take in C++, but probably not one using macros. DIS ballot comment AT-107 asks for the word "count" to be added to the names of the stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros and stdc_trailing_ones functions and macros. I don't think it's likely to be accepted (accepting any technical comments would mean having an FDIS ballot), but if it is accepted at the WG14 meeting (22-26 January in Strasbourg, starting with DIS ballot comment handling) then there would still be time to update glibc for the renaming before the 2.39 release. The new functions and header are placed in the stdlib/ directory in glibc, rather than creating a new toplevel stdbit/ or putting them in string/ alongside ffs. Tested for x86_64 and x86.
* Update copyright dates with scripts/update-copyrightsPaul Eggert2024-01-0145-45/+45
|
* aarch64: Add half-width versions of AdvSIMD f32 libmvec routinesJoe Ramsay2023-12-201-0/+2
| | | | | | | | | | | Compilers may emit calls to 'half-width' routines (two-lane single-precision variants). These have been added in the form of wrappers around the full-width versions, where the low half of the vector is simply duplicated. This will perform poorly when one lane triggers the special-case handler, as there will be a redundant call to the scalar version, however this is expected to be rare at Ofast. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* malloc: Use __get_nprocs on arena_get2 (BZ 30945)Adhemerval Zanella2023-11-221-4/+0
| | | | | | | | | | | | | | | | This restore the 2.33 semantic for arena_get2. It was changed by 11a02b035b46 to avoid arena_get2 call malloc (back when __get_nproc was refactored to use an scratch_buffer - 903bc7dcc2acafc). The __get_nproc was refactored over then and now it also avoid to call malloc. The 11a02b035b46 did not take in consideration any performance implication, which should have been discussed properly. The __get_nprocs_sched is still used as a fallback mechanism if procfs and sysfs is not acessible. Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* elf: Remove LD_PROFILE for static binariesAdhemerval Zanella2023-11-211-0/+5
| | | | | | | | | | | The _dl_non_dynamic_init does not parse LD_PROFILE, which does not enable profile for dlopen objects. Since dlopen is deprecated for static objects, it is better to remove the support. It also allows to trim down libc.a of profile support. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* linux: Add PR_SET_VMA_ANON_NAME supportAdhemerval Zanella2023-11-071-0/+5
| | | | | | | | | | | | | | Linux 5.17 added support to naming anonymous virtual memory areas through the prctl syscall. The __set_vma_name is a wrapper to avoid optimizing the prctl call if the kernel does not support it. If the kernel does not support PR_SET_VMA_ANON_NAME, prctl returns EINVAL. And it also returns the same error for an invalid argument. Since it is an internal-only API, it assumes well-formatted input: aligned START, with (START, START+LEN) being a valid memory range, and NAME with a limit of 80 characters without an invalid one ("\\`$[]"). Reviewed-by: DJ Delorie <dj@redhat.com>
* stdlib: Remove use of mergesort on qsort (BZ 21719)Adhemerval Zanella2023-10-311-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the mergesort optimization on qsort implementation and uses the introsort instead. The mergesort implementation has some issues: - It is as-safe only for certain types sizes (if total size is less than 1 KB with large element sizes also forcing memory allocation) which contradicts the function documentation. Although not required by the C standard, it is preferable and doable to have an O(1) space implementation. - The malloc for certain element size and element number adds arbitrary latency (might even be worse if malloc is interposed). - To avoid trigger swap from memory allocation the implementation relies on system information that might be virtualized (for instance VMs with overcommit memory) which might lead to potentially use of swap even if system advertise more memory than actually has. The check also have the downside of issuing syscalls where none is expected (although only once per execution). - The mergesort is suboptimal on an already sorted array (BZ#21719). The introsort implementation is already optimized to use constant extra space (due to the limit of total number of elements from maximum VM size) and thus can be used to avoid the malloc usage issues. Resulting performance is slower due the usage of qsort, specially in the worst-case scenario (partialy or sorted arrays) and due the fact mergesort uses a slight improved swap operations. This change also renders the BZ#21719 fix unrequired (since it is meant to fix the sorted input performance degradation for mergesort). The manual is also updated to indicate the function is now async-cancel safe. Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* crypt: Remove libcrypt supportAdhemerval Zanella2023-10-301-3/+0
| | | | | | | | | | | | | | | | | | All the crypt related functions, cryptographic algorithms, and make requirements are removed, with only the exception of md5 implementation which is moved to locale folder since it is required by localedef for integrity protection (libc's locale-reading code does not check these, but localedef does generate them). Besides thec code itself, both internal documentation and the manual is also adjusted. This allows to remove both --enable-crypt and --enable-nss-crypt configure options. Checked with a build for all affected ABIs. Co-authored-by: Zack Weinberg <zack@owlfolio.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Move 'netgroup' routines from 'inet' into 'nss'Arjun Shankar2023-10-242-2/+2
| | | | | | | These netgroup routines are entry points for nss functionality. This commit moves them along with netgroup.h from the 'inet' subdirectory to 'nss', and adjusts any references accordingly. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Move 'aliases' routines from 'inet' into 'nss'Arjun Shankar2023-10-241-1/+1
| | | | | | | The aliases routines are entry points for nss functionality. This commit moves aliases.h and the aliases routines from the 'inet' subdirectory to 'nss', and adjusts any external references. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Remove 'shadow' and merge into 'nss'Arjun Shankar2023-10-241-1/+1
| | | | | | | | The majority of shadow routines are entry points for nss functionality. This commit removes the 'shadow' subdirectory and moves all functionality and tests to 'nss'. References to shadow/ are accordingly changed. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Remove 'pwd' and merge into 'nss'Arjun Shankar2023-10-241-1/+1
| | | | | | | The majority of pwd routines are entry points for nss functionality. This commit removes the 'pwd' subdirectory and moves all functionality and tests to 'nss'. References to pwd/ are accordingly changed. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Remove 'gshadow' and merge into 'nss'Arjun Shankar2023-10-241-1/+1
| | | | | | | | The majority of gshadow routines are entry points for nss functionality. This commit removes the 'gshadow' subdirectory and moves all functionality and tests to 'nss'. References to gshadow/ are accordingly changed. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Remove 'grp' and merge into 'nss' and 'posix'Arjun Shankar2023-10-242-2/+2
| | | | | | | | | | | | | | The majority of grp routines are entry points for nss functionality. This commit removes the 'grp' subdirectory and moves all nss-relevant functionality and all tests to 'nss', and the 'setgroups' stub into 'posix' (alongside the 'getgroups' stub). References to grp/ are accordingly changed. In addition, compat-initgroups.c, a fallback implementation of initgroups is renamed to initgroups-fallback.c so that the build system does not confuse it for nss_compat/compat-initgroups.c. Build time improves very slightly; e.g. down from an average of 45.5s to 44.5s on an 8-thread mobile x86_64 CPU. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Revert "elf: Always call destructors in reverse constructor order (bug 30785)"Florian Weimer2023-10-181-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 6985865bc3ad5b23147ee73466583dd7fdf65892. Reason for revert: The commit changes the order of ELF destructor calls too much relative to what applications expect or can handle. In particular, during process exit and _dl_fini, after the revert commit, we no longer call the destructors of the main program first; that only happens after some dlopen'ed objects have been destructed. This robs applications of an opportunity to influence destructor order by calling dlclose explicitly from the main program's ELF destructors. A couple of different approaches involving reverse constructor order were tried, and none of them worked really well. It seems we need to keep the dependency sorting in _dl_fini. There is also an ambiguity regarding nested dlopen calls from ELF constructors: Should those destructors run before or after the object that called dlopen? Commit 6985865bc3ad5b2314 used reverse order of the start of ELF constructor calls for destructors, but arguably using completion of constructors is more correct. However, that alone is not sufficient to address application compatibility issues (it does not change _dl_fini ordering at all).
* stdio: Remove __libc_message alloca usageJoe Simmons-Talbott2023-09-111-1/+28
| | | | | | | | Use a fixed size array instead. The maximum number of arguments is set by macro tricks. Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* elf: Remove unused l_text_end field from struct link_mapFlorian Weimer2023-09-081-2/+0
| | | | | | | | | | | | | It is a left-over from commit 52a01100ad011293197637e42b5be1a479a2 ("elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]"). When backporting commmit 6985865bc3ad5b23147ee73466583dd7fdf65892 ("elf: Always call destructors in reverse constructor order (bug 30785)"), we can move the l_init_called_next field to this place, so that the internal GLIBC_PRIVATE ABI does not change. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* elf: Always call destructors in reverse constructor order (bug 30785)Florian Weimer2023-09-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation of dlclose (and process exit) re-sorts the link maps before calling ELF destructors. Destructor order is not the reverse of the constructor order as a result: The second sort takes relocation dependencies into account, and other differences can result from ambiguous inputs, such as cycles. (The force_first handling in _dl_sort_maps is not effective for dlclose.) After the changes in this commit, there is still a required difference due to dlopen/dlclose ordering by the application, but the previous discrepancies went beyond that. A new global (namespace-spanning) list of link maps, _dl_init_called_list, is updated right before ELF constructors are called from _dl_init. In dl_close_worker, the maps variable, an on-stack variable length array, is eliminated. (VLAs are problematic, and dlclose should not call malloc because it cannot readily deal with malloc failure.) Marking still-used objects uses the namespace list directly, with next and next_idx replacing the done_index variable. After marking, _dl_init_called_list is used to call the destructors of now-unused maps in reverse destructor order. These destructors can call dlopen. Previously, new objects do not have l_map_used set. This had to change: There is no copy of the link map list anymore, so processing would cover newly opened (and unmarked) mappings, unloading them. Now, _dl_init (indirectly) sets l_map_used, too. (dlclose is handled by the existing reentrancy guard.) After _dl_init_called_list traversal, two more loops follow. The processing order changes to the original link map order in the namespace. Previously, dependency order was used. The difference should not matter because relocation dependencies could already reorder link maps in the old code. The changes to _dl_fini remove the sorting step and replace it with a traversal of _dl_init_called_list. The l_direct_opencount decrement outside the loader lock is removed because it appears incorrect: the counter manipulation could race with other dynamic loader operations. tst-audit23 needs adjustments to the changes in LA_ACT_DELETE notifications. The new approach for checking la_activity should make it clearer that la_activty calls come in pairs around namespace updates. The dependency sorting test cases need updates because the destructor order is always the opposite order of constructor order, even with relocation dependencies or cycles present. There is a future cleanup opportunity to remove the now-constant force_first and for_fini arguments from the _dl_sort_maps function. Fixes commit 1df71d32fe5f5905ffd5d100e5e9ca8ad62 ("elf: Implement force_first handling in _dl_sort_maps_dfs (bug 28937)"). Reviewed-by: DJ Delorie <dj@redhat.com>
* posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349)Adhemerval Zanella Netto2023-09-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* __call_tls_dtors: Use call_function_static_weakSamuel Thibault2023-09-041-5/+1
|
* nscd: Do not rebuild getaddrinfo (bug 30709)Florian Weimer2023-08-111-4/+0
| | | | | | | | | | | | | | | | The nscd daemon caches hosts data from NSS modules verbatim, without filtering protocol families or sorting them (otherwise separate caches would be needed for certain ai_flags combinations). The cache implementation is complete separate from the getaddrinfo code. This means that rebuilding getaddrinfo is not needed. The only function actually used is __bump_nl_timestamp from check_pf.c, and this change moves it into nscd/connections.c. Tested on x86_64-linux-gnu with -fexceptions, built with build-many-glibcs.py. I also backported this patch into a distribution that still supports nscd and verified manually that caching still works. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* chk: Add and fix hidden builtin definitions for *_chkSamuel Thibault2023-08-033-0/+11
| | | | | | | Otherwise on gnu-i686 there are unwanted PLT entries in libc.so when fortification is enabled. Tested for i686-gnu, x86_64-gnu, i686-linux-gnu and x86_64-linux-gnu
* Increase version numbersAndreas K. Hüttel2023-07-301-1/+1
| | | | Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
* misc/bits/syslog.h: Clearly separate declaration from definitionFrédéric Bérat2023-07-052-0/+5
| | | | | | | | This allows to include bits/syslog-decl.h in include/sys/syslog.h and therefore be able to create the libc_hidden_builtin_proto (__syslog_chk) prototype. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/bits/select2.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-052-0/+5
| | | | | | | | | The __fdelt_chk declaration needs to be available so that libc_hidden_proto can be used while not redefining __FD_ELT. Thus, misc/bits/select-decl.h is created to hold the corresponding prototypes. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* unistd: Avoid PLT entries with _FORTIFY_SOURCEFrédéric Bérat2023-07-051-0/+4
| | | | | | | The change is meant to avoid unwanted PLT entries for the read_chk, getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* posix/bits/unistd.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-052-0/+2
| | | | | | | | | | | This change is similar to what was done for bits/wchar2.h. Routines declaration are moved into a dedicated bits/unistd-decl.h file which is then included into the bits/unistd.h file. This will allow to adapt the files so that PLT entries are not created when _FORTIFY_SOURCE is enabled. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* wchar: Avoid PLT entries with _FORTIFY_SOURCEFrédéric Bérat2023-07-051-0/+15
| | | | | | | | | | The change is meant to avoid unwanted PLT entries for the wmemset and wcrtomb routines when _FORTIFY_SOURCE is set. On top of that, ensure that *_chk routines have their hidden builtin definitions available. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/sys/cdefs.h: Create FORTIFY redirects for internal callsFrédéric Bérat2023-07-051-0/+14
| | | | | | | | | | | The __REDIRECT* macros are creating aliases which may lead to unwanted PLT entries when fortification is enabled. To prevent these entries, the REDIRECT alias should be set to point to the existing __GI_* aliases. This is done transparently by creating a __REDIRECT_FORTIFY* version of these macros, that can be overwritten internally when necessary. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* stdio: Ensure *_chk routines have their hidden builtin definition availableFrédéric Bérat2023-07-051-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines, there are unwanted PLT entries in libc.so. There is a special case with __asprintf_chk: If ldbl_* macros are used for asprintf, ABI gets broken on s390x, if it isn't, ppc64le isn't building due to multiple asm redirections. This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it isn't for s390x. This header creates redirections, which are not compatible with the ones generated using libc_hidden_def. Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not create a simple strong alias (e.g. as done on x86_64), but a versioned alias, leading to ABI breakage. This results in errors on s390x: /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference to `__asprintf_chk' Original __asprintf_chk symbols: 00000000001395b0 T __asprintf_chk 0000000000177e90 T __nldbl___asprintf_chk __asprintf_chk symbols with ldbl_* macros: 000000000012d590 t ___asprintf_chk 000000000012d590 t __asprintf_chk@@GLIBC_2.4 000000000012d590 t __GI___asprintf_chk 000000000012d590 t __GL____asprintf_chk___asprintf_chk 0000000000172240 T __nldbl___asprintf_chk __asprintf_chk symbols with the patch: 000000000012d590 t ___asprintf_chk 000000000012d590 T __asprintf_chk 000000000012d590 t __GI___asprintf_chk 0000000000172240 T __nldbl___asprintf_chk Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* string: Ensure *_chk routines have their hidden builtin definition availableFrédéric Bérat2023-07-051-0/+7
| | | | | | | If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines, there are unwanted PLT entries in libc.so. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* wcsmbs/bits/wchar2{, -decl}.h: Clearly separate declaration from definitionsFrederic Berat2023-06-221-0/+1
| | | | | | | | | | | | This will enable __REDIRECT_FORTIFY* macros to be used when _FORTIFY_SOURCE is set. Routine declarations that were in bits/wchar2.h are moved into the bits/wchar2-decl.h file. The file is now included into include/wchar.h irrespectively from fortification. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Add the wcslcpy, wcslcat functionsFlorian Weimer2023-06-141-0/+5
| | | | | | | These functions are about to be added to POSIX, under Austin Group issue 986. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Implement strlcpy and strlcat [BZ #178]Florian Weimer2023-06-141-0/+4
| | | | | | | | | | | These functions are about to be added to POSIX, under Austin Group issue 986. The fortified strlcat implementation does not raise SIGABRT if the destination buffer does not contain a null terminator, it just inherits the non-failing regular strlcat behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Move {read,write}_all functions to a dedicated headerFrédéric Bérat2023-06-061-0/+66
| | | | | | | | Since these functions are used in both catgets/gencat.c and malloc/memusage{,stat}.c, it make sense to move them into a dedicated header where they can be inlined. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Fix a few more typos I missed in previous round -- BZ 25337Paul Pluzhnikov2023-06-022-2/+2
|
* Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov2023-06-027-10/+10
|
* Use __nonnull for the epoll_wait(2) family of syscallsAlejandro Colomar2023-06-011-1/+2
| | | | | Signed-off-by: Alejandro Colomar <alx@kernel.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Mark various cold functions as __COLDSergey Bugaev2023-05-011-2/+2
| | | | | | | | | | GCC docs explicitly list perror () as a good candidate for using __attribute__ ((cold)). So apply __COLD to perror () and similar functions. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230429131223.2507236-3-bugaevc@gmail.com>
* Fix regex type usageнаб2023-05-011-11/+11
| | | | | | | | | | | include/regex.h had not been updated during the int -> Idx transition, and the prototypes don't matched the definitions in regexec.c. In regcomp.c, most interfaces were updated for Idx, except for two ones guarded by #if _LIBC. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Remove set-hooks.h from generic includesAdhemerval Zanella Netto2023-03-271-96/+0
| | | | | | | | | | | | | | The hooks mechanism uses symbol sets for running lists of functions, which requires either extra linker directives to provide any hardening (such as RELRO) or additional code (such as pointer obfuscation via mangling with random value). Currently only hurd uses set-hooks.h so we remove it from the generic includes. The generic implementation uses direct function calls which provide hardening and good code generation, observability and debugging without the need for extra linking options or special code handling. Reviewed-by: Carlos O'Donell <carlos@redhat.com>