about summary refs log tree commit diff
path: root/misc/sys
Commit message (Collapse)AuthorAgeFilesLines
* cdefs: Limit definition of fortification macrosSiddhesh Poyarekar2023-02-021-2/+4
| | | | | | | | | | | | | Define the __glibc_fortify and other macros only when __FORTIFY_LEVEL > 0. This has the effect of not defining these macros on older C90 compilers that do not have support for variable length argument lists. Also trim off the trailing backslashes from the definition of __glibc_fortify and __glibc_fortify_n macros. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit 2337e04e21ba6040926ec871e403533f77043c40)
* Update copyright dates with scripts/update-copyrightsJoseph Myers2023-01-0612-12/+12
|
* Apply asm redirections in syslog.h before first use [BZ #27087]Tulio Magno Quites Machado Filho2022-11-291-5/+5
| | | | | | | | | | Similar to d0fa09a770, but for syslog.h when _FORTIFY_SOURCE > 0. Fixes [BZ #27087] by applying long double-related asm redirections before using functions in bits/syslog.h. Tested with build-many-glibcs.py. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* linux: Add process_madviseAdhemerval Zanella2022-06-021-0/+3
| | | | | | | | | | It was added on Linux 5.10 (ecb8ac8b1f146915aa6b96449b66dd48984caacc) with the same functionality as madvise but using a pidfd of the target process. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* sys/cdefs.h: Do not require C++ compilers to define __STDC__Jonathan Wakely2022-05-161-2/+2
| | | | | | | | | | | | | | The check for an ISO C compiler assumes that anything GCC-like will define __STDC__, even if it's actually a C++ compiler. That's currently true for G++ and compilers like clang++ that also define __GNUC__, but it might not always be true. The C++ standard leaves it implementation-defined whether or not __STDC__ is defined by C++ compilers. And really the check should be "ISO C or ISO C++ conforming compiler" anyway. So only give an error if __GNUC__ is defined and neither __STDC__ nor __cplusplus is defined. Reviewed-by: Fangrui Song <maskray@google.com>
* fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141]Siddhesh Poyarekar2022-05-161-1/+1
| | | | | | | | | | | | | The fix c8ee1c85 introduced a -1 check for object size without also checking that object size is a constant. Because of this, the tree optimizer passes in gcc fail to fold away one of the branches in __glibc_fortify and trips on a spurious Wstringop-overflow. The warning itself is incorrect and the branch does go away eventually in DCE in the rtl passes in gcc, but the constant check is a helpful hint to simplify code early, so add it in. Resolves: BZ #29141 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Fix rare fortify crash on wchar funcs. [BZ 29030]Joan Bruguera2022-04-251-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If `__glibc_objsize (__o) == (size_t) -1` (i.e. `__o` is unknown size), fortify checks should pass, and `__whatever_alias` should be called. Previously, `__glibc_objsize (__o) == (size_t) -1` was explicitly checked, but on commit a643f60c53876b, this was moved into `__glibc_safe_or_unknown_len`. A comment says the -1 case should work as: "The -1 check is redundant because since it implies that __glibc_safe_len_cond is true.". But this fails when: * `__s > 1` * `__osz == -1` (i.e. unknown size at compile time) * `__l` is big enough * `__l * __s <= __osz` can be folded to a constant (I only found this to be true for `mbsrtowcs` and other functions in wchar2.h) In this case `__l * __s <= __osz` is false, and `__whatever_chk_warn` will be called by `__glibc_fortify` or `__glibc_fortify_n` and crash the program. This commit adds the explicit `__osz == -1` check again. moc crashes on startup due to this, see: https://bugs.archlinux.org/task/74041 Minimal test case (test.c): #include <wchar.h> int main (void) { const char *hw = "HelloWorld"; mbsrtowcs (NULL, &hw, (size_t)-1, NULL); return 0; } Build with: gcc -O2 -Wp,-D_FORTIFY_SOURCE=2 test.c -o test && ./test Output: *** buffer overflow detected ***: terminated Fixes: BZ #29030 Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: syslog: Move SYSLOG_NAME to USE_MISC (BZ #16355)Adhemerval Zanella2022-04-151-2/+2
| | | | | | | | | There is no easy solution as described on first comment in bug report, and some code (like busybox) assumes facilitynames existance when SYSLOG_NAMES is defined (so we can't just remove it as suggested in comment #2). So use the easier solution and guard it with __USE_MISC.
* Add some missing access function attributesSteve Grubb2022-03-101-9/+13
| | | | | | | This patch adds some missing access function attributes to getrandom / getentropy and several functions in sys/xattr.h Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Enable _FORTIFY_SOURCE=3 for gcc 12 and aboveSiddhesh Poyarekar2022-01-121-1/+2
| | | | | | | | gcc 12 now has support for the __builtin_dynamic_object_size builtin. Adapt the macro checks to enable _FORTIFY_SOURCE=3 on gcc 12 and above. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-0112-12/+12
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* __glibc_unsafe_len: Fix commentSiddhesh Poyarekar2021-12-161-1/+1
| | | | | | We know that the length is *unsafe*. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Add alloc_align attribute to memalign et alJonathan Wakely2021-10-211-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GCC 4.9.0 added the alloc_align attribute to say that a function argument specifies the alignment of the returned pointer. Clang supports the attribute too. Using the attribute can allow a compiler to generate better code if it knows the returned pointer has a minimum alignment. See https://gcc.gnu.org/PR60092 for more details. GCC implicitly knows the semantics of aligned_alloc and posix_memalign, but not the obsolete memalign. As a result, GCC generates worse code when memalign is used, compared to aligned_alloc. Clang knows about aligned_alloc and memalign, but not posix_memalign. This change adds a new __attribute_alloc_align__ macro to <sys/cdefs.h> and then uses it on memalign (where it helps GCC) and aligned_alloc (where GCC and Clang already know the semantics, but it doesn't hurt) and xposix_memalign. It can't be used on posix_memalign because that doesn't return a pointer (the allocated pointer is returned via a void** parameter instead). Unlike the alloc_size attribute, alloc_align only allows a single argument. That means the new __attribute_alloc_align__ macro doesn't really need to be used with double parentheses to protect a comma between its arguments. For consistency with __attribute_alloc_size__ this patch defines it the same way, so that double parentheses are required. Signed-off-by: Jonathan Wakely <jwakely@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Make sure that the fortified function conditionals are constantSiddhesh Poyarekar2021-10-201-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In _FORTIFY_SOURCE=3, the size expression may be non-constant, resulting in branches in the inline functions remaining intact and causing a tiny overhead. Clang (and in future, gcc) make sure that the -1 case is always safe, i.e. any comparison of the generated expression with (size_t)-1 is always false so that bit is taken care of. The rest is avoidable since we want the _chk variant whenever we have a size expression and it's not -1. Rework the conditionals in a uniform way to clearly indicate two conditions at compile time: - Either the size is unknown (-1) or we know at compile time that the operation length is less than the object size. We can call the original function in this case. It could be that either the length, object size or both are non-constant, but the compiler, through range analysis, is able to fold the *comparison* to a constant. - The size and length are known and the compiler can see at compile time that operation length > object size. This is valid grounds for a warning at compile time, followed by emitting the _chk variant. For everything else, emit the _chk variant. This simplifies most of the fortified function implementations and at the same time, ensures that only one call from _chk or the regular function is emitted. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Don't add access size hints to fortifiable functionsSiddhesh Poyarekar2021-10-201-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the context of a function definition, the size hints imply that the size of an object pointed to by one parameter is another parameter. This doesn't make sense for the fortified versions of the functions since that's the bit it's trying to validate. This is harmless with __builtin_object_size since it has fairly simple semantics when it comes to objects passed as function parameters. With __builtin_dynamic_object_size we could (as my patchset for gcc[1] already does) use the access attribute to determine the object size in the general case but it misleads the fortified functions. Basically the problem occurs when access attributes are present on regular functions that have inline fortified definitions to generate _chk variants; the attributes get inherited by these definitions, causing problems when analyzing them. For example with poll(fds, nfds, timeout), nfds is hinted using the __attr_access as being the size of fds. Now, when analyzing the inline function definition in bits/poll2.h, the compiler sees that nfds is the size of fds and tries to use that information in the function body. In _FORTIFY_SOURCE=3 case, where the object size could be a non-constant expression, this information results in the conclusion that nfds is the size of fds, which defeats the purpose of the implementation because we're trying to check here if nfds does indeed represent the size of fds. Hence for this case, it is best to not have the access attribute. With the attributes gone, the expression evaluation should get delayed until the function is actually inlined into its destinations. Disable the access attribute for fortified function inline functions when building at _FORTIFY_SOURCE=3 to make this work better. The access attributes remain for the _chk variants since they can be used by the compiler to warn when the caller is passing invalid arguments. [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* regex: copy back from GnulibPaul Eggert2021-09-211-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Copy regex-related files back from Gnulib, to fix a problem with static checking of regex calls noted by Martin Sebor. This merges the following changes: * New macro __attribute_nonnull__ in misc/sys/cdefs.h, for use later when copying other files back from Gnulib. * Use __GNULIB_CDEFS instead of __GLIBC__ when deciding whether to include bits/wordsize.h etc. * Avoid duplicate entries in epsilon closure table. * New regex.h macro _REGEX_NELTS to let regexec say that its pmatch arg should contain nmatch elts. Use that for regexec, instead of __attr_access (which is incorrect). * New regex.h macro _Attr_access_ which is like __attr_access except portable to non-glibc platforms. * Add some DEBUG_ASSERTs to pacify gcc -fanalyzer and to catch recently-fixed performance bugs if they recur. * Add Gnulib-specific stuff to port the dynarray- and lock-using parts of regex code to non-glibc platforms. * Fix glibc bug 11053. * Avoid some undefined behavior when popping an empty fail stack.
* Linux: Fix fcntl, ioctl, prctl redirects for _TIME_BITS=64 (bug 28182)Florian Weimer2021-08-061-2/+2
| | | | | | | | | | | | | __REDIRECT and __THROW are not compatible with C++ due to the ordering of the __asm__ alias and the throw specifier. __REDIRECT_NTH has to be used instead. Fixes commit 8a40aff86ba5f64a3a84883e539cb67b ("io: Add time64 alias for fcntl"), commit 82c395d91ea4f69120d453aeec398e30 ("misc: Add time64 alias for ioctl"), commit b39ffab860cd743a82c91946619f1b8158 ("Linux: Add time64 alias for prctl"). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* xmalloc: Fix warnings with gcc analyzerSiddhesh Poyarekar2021-07-281-0/+10
| | | | | | | | | | Tell the compiler that xmalloc family of allocators always return non-NULL. xrealloc in locale/programs also always returns non-NULL, but that conflicts with default realloc behaviour and that of xrealloc in libsupport, so keep it as is for now and resolve the differences later. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* misc: Add time64 alias for ioctlFlorian Weimer2021-07-211-0/+10
| | | | | Reviewed-by: Lukasz Majewski <lukma@denx.de> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* y2038: Add support for 64-bit time on legacy ABIsAdhemerval Zanella2021-06-151-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A new build flag, _TIME_BITS, enables the usage of the newer 64-bit time symbols for legacy ABI (where 32-bit time_t is default). The 64 bit time support is only enabled if LFS (_FILE_OFFSET_BITS=64) is also used. Different than LFS support, the y2038 symbols are added only for the required ABIs (armhf, csky, hppa, i386, m68k, microblaze, mips32, mips64-n32, nios2, powerpc32, sparc32, s390-32, and sh). The ABIs with 64-bit time support are unchanged, both for symbol and types redirection. On Linux the full 64-bit time support requires a minimum of kernel version v5.1. Otherwise, the 32-bit fallbacks are used and might results in error with overflow return code (EOVERFLOW). The i686-gnu does not yet support 64-bit time. This patch exports following rediretions to support 64-bit time: * libc: adjtime adjtimex clock_adjtime clock_getres clock_gettime clock_nanosleep clock_settime cnd_timedwait ctime ctime_r difftime fstat fstatat futimens futimes futimesat getitimer getrusage gettimeofday gmtime gmtime_r localtime localtime_r lstat_time lutimes mktime msgctl mtx_timedlock nanosleep nanosleep ntp_gettime ntp_gettimex ppoll pselec pselect pthread_clockjoin_np pthread_cond_clockwait pthread_cond_timedwait pthread_mutex_clocklock pthread_mutex_timedlock pthread_rwlock_clockrdlock pthread_rwlock_clockwrlock pthread_rwlock_timedrdlock pthread_rwlock_timedwrlock pthread_timedjoin_np recvmmsg sched_rr_get_interval select sem_clockwait semctl semtimedop sem_timedwait setitimer settimeofday shmctl sigtimedwait stat thrd_sleep time timegm timerfd_gettime timerfd_settime timespec_get utime utimensat utimes utimes wait3 wait4 * librt: aio_suspend mq_timedreceive mq_timedsend timer_gettime timer_settime * libanl: gai_suspend Reviewed-by: Lukasz Majewski <lukma@denx.de> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Enable support for GCC 11 -Wmismatched-dealloc.Martin Sebor2021-05-161-0/+11
| | | | | | | | | | | | | | | | | | | | | | | To help detect common kinds of memory (and other resource) management bugs, GCC 11 adds support for the detection of mismatched calls to allocation and deallocation functions. At each call site to a known deallocation function GCC checks the set of allocation functions the former can be paired with and, if the two don't match, issues a -Wmismatched-dealloc warning (something similar happens in C++ for mismatched calls to new and delete). GCC also uses the same mechanism to detect attempts to deallocate objects not allocated by any allocation function (or pointers past the first byte into allocated objects) by -Wfree-nonheap-object. This support is enabled for built-in functions like malloc and free. To extend it beyond those, GCC extends attribute malloc to designate a deallocation function to which pointers returned from the allocation function may be passed to deallocate the allocated objects. Another, optional argument designates the positional argument to which the pointer must be passed. This change is the first step in enabling this extended support for Glibc.
* Annotate additional APIs with GCC attribute access.Martin Sebor2021-05-061-13/+24
| | | | | | | | | | | | | | | | This change continues the improvements to compile-time out of bounds checking by decorating more APIs with either attribute access, or by explicitly providing the array bound in APIs such as tmpnam() that expect arrays of some minimum size as arguments. (The latter feature is new in GCC 11.) The only effects of the attribute and/or the array bound is to check and diagnose calls to the functions that fail to provide a sufficient number of elements, and the definitions of the functions that access elements outside the specified bounds. (There is no interplay with _FORTIFY_SOURCE here yet.) Tested with GCC 7 through 11 on x86_64-linux.
* Add __attribute_access_none to disable GCC warnings [BZ #27714]Martin Sebor2021-04-271-1/+7
| | | | | | | | | | | | | | | | GCC 11 warns when a pointer to an uninitialized object is passed to a function that takes a const-qualified argument. This is done on the assumption that most such functions read from the object. For the rare case of a function that doesn't, GCC 11 extends attribute access to add a new mode called none. POSIX pthread_setspecific() is one such rare function that takes a const void* argument but that doesn't read from the object it points to. To suppress the -Wmaybe-uninitialized issued by GCC 11 when the address of an uninitialized object is passed to it (e.g., the result of malloc()), this change #defines __attr_access_none in cdefs.h and uses the macro on the function in sysdeps/htl/pthread.h and sysdeps/nptl/pthread.h.
* misc: Sync cdefs.h with gnulibAdhemerval Zanella2021-02-091-57/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It adds __glibc_has_builtin, __glibc_has_extension, and __attribute_maybe_unused__ alongsize with some fixes. The differences are: --- glibc +++ gnulib @@ -259,7 +259,9 @@ # define __attribute_const__ /* Ignore */ #endif -#if __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__) +#if defined __STDC_VERSION__ && 201710L < __STDC_VERSION__ +# define __attribute_maybe_unused__ [[__maybe_unused__]] +#elif __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__) # define __attribute_maybe_unused__ __attribute__ ((__unused__)) #else # define __attribute_maybe_unused__ /* Ignore */ @@ -485,7 +487,7 @@ /* The #ifndef lets Gnulib avoid including these on non-glibc platforms, where the includes typically do not exist. */ -#ifdef __GLIBC__ +#ifndef __WORDSIZE # include <bits/wordsize.h> # include <bits/long-double.h> #endif The [[__attribute_maybe_unused__]] attribute removal __ is due Joseph questioning gcc support with -std=c2x or -std=gnu2x [1]. The _WORDSIZE replacement by __GLIBC__ is because it does not play well with internal cdefs.h that also uses __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI. Checked on x86_64-linux-gnu. [1] https://sourceware.org/pipermail/libc-alpha/2021-January/121600.html
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-0212-12/+12
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* Introduce _FORTIFY_SOURCE=3Siddhesh Poyarekar2020-12-311-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new _FORTIFY_SOURCE level of 3 to enable additional fortifications that may have a noticeable performance impact, allowing more fortification coverage at the cost of some performance. With llvm 9.0 or later, this will replace the use of __builtin_object_size with __builtin_dynamic_object_size. __builtin_dynamic_object_size ----------------------------- __builtin_dynamic_object_size is an LLVM builtin that is similar to __builtin_object_size. In addition to what __builtin_object_size does, i.e. replace the builtin call with a constant object size, __builtin_dynamic_object_size will replace the call site with an expression that evaluates to the object size, thus expanding its applicability. In practice, __builtin_dynamic_object_size evaluates these expressions through malloc/calloc calls that it can associate with the object being evaluated. A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of __builtin_dynamic_object_size is able to emit __memcpy_chk with the allocation size expression passed into the function: void *copy_obj (const void *src, size_t alloc, size_t copysize) { void *obj = malloc (alloc); memcpy (obj, src, copysize); return obj; } Limitations ----------- If the object was allocated elsewhere that the compiler cannot see, or if it was allocated in the function with a function that the compiler does not recognize as an allocator then __builtin_dynamic_object_size also returns -1. Further, the expression used to compute object size may be non-trivial and may potentially incur a noticeable performance impact. These fortifications are hence enabled at a new _FORTIFY_SOURCE level to allow developers to make a choice on the tradeoff according to their environment.
* Fix spelling and grammar in several commentsJonny Grant2020-12-121-2/+2
|
* Remove __warndeclSiddhesh Poyarekar2020-11-051-3/+0
| | | | | | The macro is not used anymore, so remove it and warning-nop.c. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Avoid -Wstringop-overflow warning in pthread_cleanup_push macrosJoseph Myers2020-10-301-0/+8
| | | | | | | | | | | | | | | | | | | | | GCC 11 introduces a -Wstringop-overflow warning for calls to functions with an array argument passed as a pointer to memory not large enough for that array. This includes the __sigsetjmp calls from pthread_cleanup_push macros, because those use a structure in __pthread_unwind_buf_t, which has a common initial subsequence with jmp_buf but does not include the saved signal mask; this is OK in this case because the second argument to __sigsetjmp is 0 so the signal mask is not accessed. To avoid this warning, use a function alias __sigsetjmp_cancel with first argument an array of exactly the type used in the calls to the function, if using GCC 11 or later. With older compilers, continue to use __sigsetjmp with a cast, to avoid any issues with compilers predating the returns_twice attribute not applying the same special handling to __sigsetjmp_cancel as to __sigsetjmp. Tested with build-many-glibcs.py for arm-linux-gnueabi that this fixes the testsuite build failures.
* Define __THROW to noexcept for C++11 and laterJonathan Wakely2020-09-221-4/+8
| | | | | | | | | | | | | The __THROW macro and friends expand to "throw ()" for C++ code, but that syntax is deprecated in C++11 and no longer supported at all since C++20. In order for glibc headers to be compatible with C++20, "noexcept" should be used instead. This patch uses "noexcept (true)" rather than just "noexcept", which is semantically equivalent, but avoids any possibility of parsing ambiguities if the next preprocessor token happens to be an opening parenthesis. This is probably unnecessary, but it seems safer to be cautious.
* Add the __libc_single_threaded variableFlorian Weimer2020-07-061-0/+33
| | | | | | | | | | | | | | The variable is placed in libc.so, and it can be true only in an outer libc, not libcs loaded via dlmopen or static dlopen. Since thread creation from inner namespaces does not work, pthread_create can update __libc_single_threaded directly. Using __libc_early_init and its initial flag, implementation of this variable is very straightforward. A future version may reset the flag during fork (but not in an inner namespace), or after joining all threads except one. Reviewed-by: DJ Delorie <dj@redhat.com>
* improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]Martin Sebor2020-05-041-0/+11
| | | | | | | | Adds the access attribute newly introduced in GCC 10 to the subset of function declarations that are already covered by _FORTIFY_SOURCE and that don't have corresponding GCC built-in equivalents. Reviewed-by: DJ Delorie <dj@redhat.com>
* Rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABIPaul E. Murphy2020-04-302-3/+3
| | | | | | | | | | | | | | | Improve the commentary to aid future developers who will stumble upon this novel, yet not always perfect, mechanism to support alternative formats for long double. Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work has settled down. The command used was git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \ xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g' Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
* Prepare redirections for IEEE long double on powerpc64leGabriel F. T. Gomes2020-02-172-3/+39
| | | | | | | | | | | | | | | | | | | | | | | | | All functions that have a format string, which can consume a long double argument, must have one version for each long double format supported on a platform. On powerpc64le, these functions currently have two versions (i.e.: long double with the same format as double, and long double with IBM Extended Precision format). Support for a third long double format option (i.e. long double with IEEE long double format) is being prepared and all the aforementioned functions now have a third version (not yet exported on the master branch, but the code is in). For these functions to get selected (during build time), references to them in user programs (or dependent libraries) must get redirected to the aforementioned new versions of the functions. This patch installs the header magic required to perform such redirections. Notice, however, that since the redirections only happen when __LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including powerpc64le) currently does it, no redirections actually happen. Redirections and the exporting of the new functions will happen at the same time (when powerpc64le adds ldbl-128ibm-compat to their Implies. Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-0111-11/+11
|
* Don't use a custom wrapper macro around __has_include (bug 25189).Emilio Cobos Álvarez2019-11-211-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | This causes issues when using clang with -frewrite-includes to e.g., submit the translation unit to a distributed compiler. In my case, I was building Firefox using sccache. See [1] for a reduced test-case since I initially thought this was a clang bug, and [2] for more context. Apparently doing this is invalid C++ per [cpp.cond], which mentions [3]: > The #ifdef and #ifndef directives, and the defined conditional > inclusion operator, shall treat __has_include and __has_cpp_attribute > as if they were the names of defined macros. The identifiers > __has_include and __has_cpp_attribute shall not appear in any context > not mentioned in this subclause. [1]: https://bugs.llvm.org/show_bug.cgi?id=43982 [2]: https://bugs.llvm.org/show_bug.cgi?id=37990 [3]: http://eel.is/c++draft/cpp.cond#7.sentence-2 Change-Id: Id4b8ee19176a9e4624b533087ba870c418f27e60
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-0711-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* <sys/cdefs.h>: Inhibit macro expansion for __glibc_has_includeFlorian Weimer2019-06-141-1/+3
| | | | | | | | | This is currently ineffective with GCC because of GCC PR 80005, but it makes sense to anticipate a fix for this defect. Suggested by Zack Weinberg. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* <sys/cdefs.h>: Add __glibc_has_include macroFlorian Weimer2019-06-121-0/+6
|
* Break some lines before not after operators.Joseph Myers2019-02-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GNU Coding Standards specify that line breaks in expressions should go before an operator, not after one. This patch fixes various code to do this. It only changes code that appears to be mostly following GNU style anyway, not files and directories with substantially different formatting. It is not exhaustive even for files using GNU style (for example, changes to sysdeps files are deferred for subsequent cleanups). Some files changed are shared with gnulib, but most are specific to glibc. Changes were made manually, with places to change found by grep (so some cases, e.g. where the operator was followed by a comment at end of line, are particularly liable to have been missed by grep, but I did include cases where the operator was followed by backslash-newline). This patch generally does not attempt to address other coding style issues in the expressions changed (for example, missing spaces before '(', or lack of parentheses to ensure indentation of continuation lines properly reflects operator precedence). Tested for x86_64, and with build-many-glibcs.py. * benchtests/bench-memmem.c (simple_memmem): Break lines before rather than after operators. * benchtests/bench-skeleton.c (TIMESPEC_AFTER): Likewise. * crypt/md5.c (md5_finish_ctx): Likewise. * crypt/sha256.c (__sha256_finish_ctx): Likewise. * crypt/sha512.c (__sha512_finish_ctx): Likewise. * elf/cache.c (load_aux_cache): Likewise. * elf/dl-load.c (open_verify): Likewise. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * elf/readelflib.c (process_elf_file): Likewise. * elf/rtld.c (dl_main): Likewise. * elf/sprof.c (generate_call_graph): Likewise. * hurd/ctty-input.c (_hurd_ctty_input): Likewise. * hurd/ctty-output.c (_hurd_ctty_output): Likewise. * hurd/dtable.c (reauth_dtable): Likewise. * hurd/getdport.c (__getdport): Likewise. * hurd/hurd/signal.h (_hurd_interrupted_rpc_timeout): Likewise. * hurd/hurd/sigpreempt.h (HURD_PREEMPT_SIGNAL_P): Likewise. * hurd/hurdfault.c (_hurdsig_fault_catch_exception_raise): Likewise. * hurd/hurdioctl.c (fioctl): Likewise. * hurd/hurdselect.c (_hurd_select): Likewise. * hurd/hurdsig.c (_hurdsig_abort_rpcs): Likewise. (STOPSIGS): Likewise. * hurd/hurdstartup.c (_hurd_startup): Likewise. * hurd/intr-msg.c (_hurd_intr_rpc_mach_msg): Likewise. * hurd/lookup-retry.c (__hurd_file_name_lookup_retry): Likewise. * hurd/msgportdemux.c (msgport_server): Likewise. * hurd/setauth.c (_hurd_setauth): Likewise. * include/features.h (__GLIBC_USE_DEPRECATED_SCANF): Likewise. * libio/libioP.h [IO_DEBUG] (CHECK_FILE): Likewise. * locale/programs/ld-ctype.c (set_class_defaults): Likewise. * localedata/tests-mbwc/tst_swscanf.c (tst_swscanf): Likewise. * login/tst-utmp.c (do_check): Likewise. (simulate_login): Likewise. * mach/lowlevellock.h (lll_lock): Likewise. (lll_trylock): Likewise. * math/test-fenv.c (ALL_EXC): Likewise. * math/test-fenvinline.c (ALL_EXC): Likewise. * misc/sys/cdefs.h (__attribute_deprecated_msg__): Likewise. * nis/nis_call.c (__do_niscall3): Likewise. * nis/nis_callback.c (cb_prog_1): Likewise. * nis/nis_defaults.c (searchaccess): Likewise. * nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise. * nis/nis_ismember.c (internal_ismember): Likewise. * nis/nis_local_names.c (nis_local_principal): Likewise. * nis/nss_nis/nis-rpc.c (_nss_nis_getrpcbyname_r): Likewise. * nis/nss_nisplus/nisplus-netgrp.c (_nss_nisplus_getnetgrent_r): Likewise. * nis/ypclnt.c (yp_match): Likewise. (yp_first): Likewise. (yp_next): Likewise. (yp_master): Likewise. (yp_order): Likewise. * nscd/hstcache.c (cache_addhst): Likewise. * nscd/initgrcache.c (addinitgroupsX): Likewise. * nss/nss_compat/compat-pwd.c (copy_pwd_changes): Likewise. (internal_getpwuid_r): Likewise. * nss/nss_compat/compat-spwd.c (copy_spwd_changes): Likewise. * posix/glob.h (__GLOB_FLAGS): Likewise. * posix/regcomp.c (peek_token): Likewise. (peek_token_bracket): Likewise. (parse_expression): Likewise. * posix/regexec.c (sift_states_iter_mb): Likewise. (check_node_accept_bytes): Likewise. * posix/tst-spawn3.c (do_test): Likewise. * posix/wordexp-test.c (testit): Likewise. * posix/wordexp.c (parse_tilde): Likewise. (exec_comm): Likewise. * posix/wordexp.h (__WRDE_FLAGS): Likewise. * resource/vtimes.c (TIMEVAL_TO_VTIMES): Likewise. * setjmp/sigjmp.c (__sigjmp_save): Likewise. * stdio-common/printf_fp.c (__printf_fp_l): Likewise. * stdio-common/tst-fileno.c (do_test): Likewise. * stdio-common/vfprintf-internal.c (vfprintf): Likewise. * stdlib/strfmon_l.c (__vstrfmon_l_internal): Likewise. * stdlib/strtod_l.c (round_and_return): Likewise. (____STRTOF_INTERNAL): Likewise. * stdlib/tst-strfrom.h (TEST_STRFROM): Likewise. * string/strcspn.c (STRCSPN): Likewise. * string/test-memmem.c (simple_memmem): Likewise. * termios/tcsetattr.c (tcsetattr): Likewise. * time/alt_digit.c (_nl_parse_alt_digit): Likewise. * time/asctime.c (asctime_internal): Likewise. * time/strptime_l.c (__strptime_internal): Likewise. * time/sys/time.h (timercmp): Likewise. * time/tzfile.c (__tzfile_compute): Likewise.
* Fix a few typos in commentsDmitry V. Levin2019-01-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the following spelling fixes: $ git grep -F -l 'relevent' | xargs sed -i 's/relevent/relevant/g' $ git grep -F -l 'checked fot' | xargs sed -i 's/checked fot/checked for/g' $ git grep -F -l "could't" | xargs sed -i "s/could't/couldn't/g" $ git grep -F -l 'wheter' | grep -Fv ChangeLog.old | xargs sed -i 's/wheter/whether/g' $ git grep -F -l 'neccessary' | grep -Fv ChangeLog.old | xargs sed -i 's/neccessary/necessary/g' $ git grep -F -l 'ouput' | xargs sed -i 's/ouput/output/g' $ git grep -F -w -l 'iput' | xargs sed -i 's/iput/input/g' This is inspired by a gnulib bug report at https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00081.html * argp/argp-help.c: Fix typo in comment. * misc/sys/cdefs.h: Likewise. * posix/regexec.c (sift_states_iter_mb): Likewise. * socket/sockatmark.c: Likewise. * socket/sys/socket.h: Likewise. * sysdeps/ia64/fpu/libm_sincos_large.S: Likewise. * sysdeps/ia64/fpu/libm_sincosl.S: Likewise. * sysdeps/ia64/fpu/s_cosl.S: Likewise. * sysdeps/ieee754/dbl-64/k_rem_pio2.c: Likewise. * sysdeps/unix/sockatmark.c: Likewise. * time/strptime_l.c: Likewise.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-0111-11/+11
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* Add support for GCC 9 attribute copy.Martin Sebor2018-11-091-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GCC 9 has gained an enhancement to help detect attribute mismatches between alias declarations and their targets. It consists of a new warning, -Wattribute-alias, an enhancement to an existing warning, -Wmissing-attributes, and a new attribute called copy. The purpose of the warnings is to help identify either possible bugs (an alias declared with more restrictive attributes than its target promises) or optimization or diagnostic opportunities (an alias target missing some attributes that it could be declared with that might benefit analysis and code generation). The purpose of the new attribute is to easily apply (almost) the same set of attributes to one declaration as those already present on another. As expected (and intended) the enhancement triggers warnings for many alias declarations in Glibc code. This change, tested on x86_64-linux, avoids all instances of the new warnings by making use of the attribute where appropriate. To fully benefit from the enhancement Glibc will need to be compiled with -Wattribute-alias=2 and remaining warnings reviewed and dealt with (there are a couple of thousand but most should be straightforward to deal with). ChangeLog: * include/libc-symbols.h (__attribute_copy__): Define macro unless it's already defined. (_strong_alias): Use __attribute_copy__. (_weak_alias, __hidden_ver1, __hidden_nolink2): Same. * misc/sys/cdefs.h (__attribute_copy__): New macro. * sysdeps/x86_64/multiarch/memchr.c (memchr): Use __attribute_copy__. * sysdeps/x86_64/multiarch/memcmp.c (memcmp): Same. * sysdeps/x86_64/multiarch/mempcpy.c (mempcpy): Same. * sysdeps/x86_64/multiarch/memset.c (memset): Same. * sysdeps/x86_64/multiarch/stpcpy.c (stpcpy): Same. * sysdeps/x86_64/multiarch/strcat.c (strcat): Same. * sysdeps/x86_64/multiarch/strchr.c (strchr): Same. * sysdeps/x86_64/multiarch/strcmp.c (strcmp): Same. * sysdeps/x86_64/multiarch/strcpy.c (strcpy): Same. * sysdeps/x86_64/multiarch/strcspn.c (strcspn): Same. * sysdeps/x86_64/multiarch/strlen.c (strlen): Same. * sysdeps/x86_64/multiarch/strncmp.c (strncmp): Same. * sysdeps/x86_64/multiarch/strncpy.c (strncpy): Same. * sysdeps/x86_64/multiarch/strnlen.c (strnlen): Same. * sysdeps/x86_64/multiarch/strpbrk.c (strpbrk): Same. * sysdeps/x86_64/multiarch/strrchr.c (strrchr): Same. * sysdeps/x86_64/multiarch/strspn.c (strspn): Same.
* Add <bits/indirect-return.h>H.J. Lu2018-07-241-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add <bits/indirect-return.h> and include it in <ucontext.h>. __INDIRECT_RETURN defined in <bits/indirect-return.h> indicates if swapcontext requires special compiler treatment. The default __INDIRECT_RETURN is empty. On x86, when shadow stack is enabled, __INDIRECT_RETURN is defined with indirect_return attribute, which has been added to GCC 9, to indicate that swapcontext returns via indirect branch. Otherwise __INDIRECT_RETURN is defined with returns_twice attribute. When shadow stack is enabled, remove always_inline attribute from prepare_test_buffer in string/tst-xbzero-opt.c to avoid: tst-xbzero-opt.c: In function ‘prepare_test_buffer’: tst-xbzero-opt.c:105:1: error: function ‘prepare_test_buffer’ can never be inlined because it uses setjmp prepare_test_buffer (unsigned char *buf) when indirect_return attribute isn't available. Reviewed-by: Carlos O'Donell <carlos@redhat.com> * bits/indirect-return.h: New file. * misc/sys/cdefs.h (__glibc_has_attribute): New. * sysdeps/x86/bits/indirect-return.h: Likewise. * stdlib/Makefile (headers): Add bits/indirect-return.h. * stdlib/ucontext.h: Include <bits/indirect-return.h>. (swapcontext): Add __INDIRECT_RETURN. * string/tst-xbzero-opt.c (ALWAYS_INLINE): New. (prepare_test_buffer): Use it.
* Deprecate ustat syscall interfaceAdhemerval Zanella2018-05-021-37/+0
| | | | | | | | | | | | | | | | | | | | | | | | | As for sysctl, ustat has been deprecated in favor of {f}statfs. Also some newer ports which uses generic interface builds a stub version that returns ENOSYS. This patch deprecates ustat interface by removing ustat.h related headers, adding a compatibility symbol, and avoiding new ports to build and provide the symbol. Checked on x86_64-linux-gnu and i686-linux-gnu. Also checked with a check-abi on all affected ABIs. * NEWS: Add ustat.h deprecation entry. * bits/ustat.h: Remove file. * misc/sys/ustat.h: Likewise. * misc/ustat.h: Likewise. * sysdeps/unix/sysv/linux/generic/ustat.c: Likewise. * misc/Makefile (headers): Remove ustat.h and sys/ustat.h. * misc/ustat.c (__ustat): Rename to __old_ustat and export only in compatibility mode. * sysdeps/unix/sysv/linux/ustat.c (__ustat): Likewise. * sysdeps/unix/sysv/linux/mips/ustat.c: Define DEV_TO_KDEV and use generic Linux implementation.
* [BZ #19239] Don't include sys/sysmacros.h from sys/types.h.Zack Weinberg2018-02-121-49/+3
| | | | | | | | | This completes the deprecation and removal of this inclusion, which was begun in the 2.25 release. * posix/sys/types.h: Don't include sys/sysmacros.h. * misc/sys/sysmacros.h: Remove the conditional deprecation warnings for the macros defined by this header.
* Fix non-__GNUC__ definitions of __inline and __restrict (bug 17721).Joseph Myers2018-02-061-2/+11
| | | | | | | | | | | | | | | | | Bug 17721 reports that the non-__GNUC__ definitions of __inline and __restrict are suboptimal, in that they are defined to empty when they could be defined to inline and restrict for appropriate language versions. This patch makes those fixes. Tested for x86_64 (however, I have not done any testing with an actual non-__GNUC__ compiler and it's likely such compilers may have other problems with glibc headers). [BZ #17721] * misc/sys/cdefs.h [!__GNUC__ && (__cplusplus || (__STDC_VERSION__ && __STDC_VERSION__ >= 199901L))] (__inline): Define to inline. [!__GNUC_PREREQ (2,92) && __STDC_VERSION__ && __STDC_VERSION__ >= 199901L] (__restrict): Define to restrict.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2018-01-0112-12/+12
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* The -Wstringop-truncation option new in GCC 8 detects common misusesMartin Sebor2017-11-151-0/+9
| | | | | | | | | | | | | | | of the strncat and strncpy function that may result in truncating the copied string before the terminating NUL. To avoid false positive warnings for correct code that intentionally creates sequences of characters that aren't guaranteed to be NUL-terminated, arrays that are intended to store such sequences should be decorated with a new nonstring attribute. This change add this attribute to Glibc and uses it to suppress such false positives. ChangeLog: * misc/sys/cdefs.h (__attribute_nonstring__): New macro. * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
* Do not use generic selection in C++ modeGabriel F. T. Gomes2017-08-181-9/+10
| | | | | | | | | | | The logic to protect the use of generic selection (_Generic) does not check for C or C++ mode, however, generic selection is a C-only feature. Tested for powerpc64le. * misc/sys/cdefs.h (__HAVE_GENERIC_SELECTION): Define to 0, if in C++ mode.