about summary refs log tree commit diff
path: root/misc
Commit message (Collapse)AuthorAgeFilesLines
* Add mremap testsH.J. Lu2024-08-013-0/+102
| | | | | | | | | Add tests for MREMAP_MAYMOVE and MREMAP_FIXED. On Linux, also test MREMAP_DONTUNMAP. Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> (cherry picked from commit ff0320bec2810192d453c579623482fab87bfa01)
* misc: Add support for Linux uio.h RWF_NOAPPEND flagStafford Horne2024-05-291-1/+4
| | | | | | | | | | | | | | | | | | | | In Linux 6.9 a new flag is added to allow for Per-io operations to disable append mode even if a file was opened with the flag O_APPEND. This is done with the new RWF_NOAPPEND flag. This caused two test failures as these tests expected the flag 0x00000020 to be unused. Adding the flag definition now fixes these tests on Linux 6.9 (v6.9-rc1). FAIL: misc/tst-preadvwritev2 FAIL: misc/tst-preadvwritev64v2 This patch adds the flag, adjusts the test and adds details to documentation. Link: https://lore.kernel.org/all/20200831153207.GO3265@brightrain.aerifal.cx/ Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> (cherry picked from commit 3db9d208dd5f30b12900989c6d2214782b8e2011)
* Always define __USE_TIME_BITS64 when 64 bit time_t is usedAdhemerval Zanella2024-05-282-3/+3
| | | | | | | | | | | | | | | | | | | | | It was raised on libc-help [1] that some Linux kernel interfaces expect the libc to define __USE_TIME_BITS64 to indicate the time_t size for the kABI. Different than defined by the initial y2038 design document [2], the __USE_TIME_BITS64 is only defined for ABIs that support more than one time_t size (by defining the _TIME_BITS for each module). The 64 bit time_t redirects are now enabled using a different internal define (__USE_TIME64_REDIRECTS). There is no expected change in semantic or code generation. Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, and arm-linux-gnueabi [1] https://sourceware.org/pipermail/libc-help/2024-January/006557.html [2] https://sourceware.org/glibc/wiki/Y2038ProofnessDesign Reviewed-by: DJ Delorie <dj@redhat.com> (cherry picked from commit a4ed0471d71739928a0d0fa3258b3ff3b158e9b9)
* socket: Use may_alias on sockaddr structs (bug 19622)Florian Weimer2024-05-271-0/+9
| | | | | | | | | | | | | | | This supports common coding patterns. The GCC C front end before version 7 rejects the may_alias attribute on a struct definition if it was not present in a previous forward declaration, so this attribute can only be conditionally applied. This implements the spirit of the change in Austin Group issue 1641. Suggested-by: Marek Polacek <polacek@redhat.com> Suggested-by: Jakub Jelinek <jakub@redhat.com> Reviewed-by: Sam James <sam@gentoo.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 8d7b6b4cb27d4dec1dd5f7960298c1699275f962)
* syslog: Fix integer overflow in __vsyslog_internal (CVE-2023-6780)Arjun Shankar2024-01-301-1/+2
| | | | | | | | | __vsyslog_internal calculated a buffer size by adding two integers, but did not first check if the addition would overflow. This commit fixes that. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)Arjun Shankar2024-01-301-11/+28
| | | | | | | | | | | | __vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output. This commit fixes that. All snprintf/vsnprintf calls are checked for negative return values and the function silently returns upon encountering them. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)Arjun Shankar2024-01-304-15/+82
| | | | | | | | | | | | __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. This commit fixes that. It also adds a new regression test that uses glibc.malloc.check. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2024-01-01186-186/+186
|
* malloc: Use __get_nprocs on arena_get2 (BZ 30945)Adhemerval Zanella2023-11-221-6/+0
| | | | | | | | | | | | | | | | This restore the 2.33 semantic for arena_get2. It was changed by 11a02b035b46 to avoid arena_get2 call malloc (back when __get_nproc was refactored to use an scratch_buffer - 903bc7dcc2acafc). The __get_nproc was refactored over then and now it also avoid to call malloc. The 11a02b035b46 did not take in consideration any performance implication, which should have been discussed properly. The __get_nprocs_sched is still used as a fallback mechanism if procfs and sysfs is not acessible. Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* misc/bits/syslog.h: Clearly separate declaration from definitionFrédéric Bérat2023-07-054-10/+40
| | | | | | | | This allows to include bits/syslog-decl.h in include/sys/syslog.h and therefore be able to create the libc_hidden_builtin_proto (__syslog_chk) prototype. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/bits/select2.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-053-4/+34
| | | | | | | | | The __fdelt_chk declaration needs to be available so that libc_hidden_proto can be used while not redefining __FD_ELT. Thus, misc/bits/select-decl.h is created to hold the corresponding prototypes. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/sys/cdefs.h: Create FORTIFY redirects for internal callsFrédéric Bérat2023-07-051-0/+8
| | | | | | | | | | | The __REDIRECT* macros are creating aliases which may lead to unwanted PLT entries when fortification is enabled. To prevent these entries, the REDIRECT alias should be set to point to the existing __GI_* aliases. This is done transparently by creating a __REDIRECT_FORTIFY* version of these macros, that can be overwritten internally when necessary. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Exclude routines from fortificationFrédéric Bérat2023-07-051-0/+7
| | | | | | | | | | | | | | | | | Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to be excluded from the fortification. On top of that: - some tests explicitly verify that some level of fortification works appropriately, we therefore shouldn't modify the level set for them. - some objects need to be build with optimization disabled, which prevents _FORTIFY_SOURCE to be used for them. Assembler files that implement architecture specific versions of the fortified routines were not excluded from _FORTIFY_SOURCE as there is no C header included that would impact their behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* tests: Replace various function calls with their x variantFrédéric Bérat2023-06-061-1/+3
| | | | | | | With fortification enabled, few function calls return result need to be checked, has they get the __wur macro enabled. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov2023-06-026-7/+7
|
* tests: fix warn unused resultsFrédéric Bérat2023-06-011-2/+2
| | | | | | With fortification enabled, few function calls return result need to be checked, has they get the __wur macro enabled. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Reformat Makefile.Carlos O'Donell2023-05-181-3/+3
| | | | | | | | | | | | Reflow Makefile. Sort using updated scripts/sort-makefile-lines.py. Code generation is changed as routines are linked in sorted order as expected. No regressions on x86_64 and i686. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Reformat Makefile.Carlos O'Donell2023-05-161-67/+232
| | | | | | | | | | Reflow Makefile. Sort using scripts/sort-makefile-lines.py. Code generation is changed as routines are linked in sorted order as expected. No regressions on x86_64 and i686.
* Added Redirects to longdouble error functions [BZ #29033]Sachin Monga2023-05-104-2/+135
| | | | | | | | This patch redirects the error functions to the appropriate longdouble variants which enables the compiler to optimize for the abi ieeelongdouble. Signed-off-by: Sachin Monga <smonga@linux.ibm.com>
* Mark various cold functions as __COLDSergey Bugaev2023-05-012-8/+8
| | | | | | | | | | GCC docs explicitly list perror () as a good candidate for using __attribute__ ((cold)). So apply __COLD to perror () and similar functions. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230429131223.2507236-3-bugaevc@gmail.com>
* cdefs.h: Define __COLDSergey Bugaev2023-04-291-0/+7
| | | | | | | This expands to __attribute__ ((cold)) when supported. It should be used to mark up functions that are invoked rarely. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
* misc: Convert daemon () to GNU coding styleSergey Bugaev2023-04-221-39/+49
| | | | | | | | | | | This is nicer, and is going to be required for the following changes to reasonably stay within the 79 column limit. No functional change. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Message-Id: <20230419160207.65988-2-bugaevc@gmail.com>
* Move libc_freeres_ptrs and libc_subfreeres to hidden/weak functionsAdhemerval Zanella Netto2023-03-277-8/+13
| | | | | | | | | | | | | | | | | | | | They are both used by __libc_freeres to free all library malloc allocated resources to help tooling like mtrace or valgrind with memory leak tracking. The current scheme uses assembly markers and linker script entries to consolidate the free routine function pointers in the RELRO segment and to be freed buffers in BSS. This patch changes it to use specific free functions for libc_freeres_ptrs buffers and call the function pointer array directly with call_function_static_weak. It allows the removal of both the internal macros and the linker script sections. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* cdefs.h: fix "__clang_major" typoPaul Eggert2023-02-271-1/+1
| | | | | * misc/sys/cdefs.h: Fix misspelling of "__clang_major__". Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Use uintptr_t instead of performing pointer subtraction with a null pointerQihao Chencao2023-02-171-2/+3
| | | | | | Signed-off-by: Qihao Chencao <twose@qq.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* cdefs: Limit definition of fortification macrosSiddhesh Poyarekar2023-02-021-2/+4
| | | | | | | | | | | | Define the __glibc_fortify and other macros only when __FORTIFY_LEVEL > 0. This has the effect of not defining these macros on older C90 compilers that do not have support for variable length argument lists. Also trim off the trailing backslashes from the definition of __glibc_fortify and __glibc_fortify_n macros. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Update copyright dates with scripts/update-copyrightsJoseph Myers2023-01-06183-183/+183
|
* Apply asm redirections in syslog.h before first use [BZ #27087]Tulio Magno Quites Machado Filho2022-11-292-9/+19
| | | | | | | | | | Similar to d0fa09a770, but for syslog.h when _FORTIFY_SOURCE > 0. Fixes [BZ #27087] by applying long double-related asm redirections before using functions in bits/syslog.h. Tested with build-many-glibcs.py. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* configure: Use -Wno-ignored-attributes if compiler warns about multiple aliasesAdhemerval Zanella2022-11-011-0/+2
| | | | | | | | | clang emits an warning when a double alias redirection is used, to warn the the original symbol will be used even when weak definition is overridden. However, this is a common pattern for weak_alias, where multiple alias are set to same symbol. Reviewed-by: Fangrui Song <maskray@google.com>
* Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sourcesFlorian Weimer2022-10-181-6/+4
| | | | | | | | | | | | | | | | | In the future, this will result in a compilation failure if the macros are unexpectedly undefined (due to header inclusion ordering or header inclusion missing altogether). Assembler sources are more difficult to convert. In many cases, they are hand-optimized for the mangling and no-mangling variants, which is why they are not converted. sysdeps/s390/s390-32/__longjmp.c and sysdeps/s390/s390-64/__longjmp.c are special: These are C sources, but most of the implementation is in assembler, so the PTR_DEMANGLE macro has to be undefined in some cases, to match the assembler style. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Introduce <pointer_guard.h>, extracted from <sysdep.h>Florian Weimer2022-10-181-0/+1
| | | | | | | | | | | | | | This allows us to define a generic no-op version of PTR_MANGLE and PTR_DEMANGLE. In the future, we can use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources, avoiding an unintended loss of hardening due to missing include files or unlucky header inclusion ordering. In i386 and x86_64, we can avoid a <tls.h> dependency in the C code by using the computed constant from <tcb-offsets.h>. <sysdep.h> no longer includes these definitions, so there is no cyclic dependency anymore when computing the <tcb-offsets.h> constants. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* syslog: Remove extra whitespace between timestamp and message (BZ#29544)Adhemerval Zanella2022-09-052-4/+7
| | | | | | | The rfc3164 clear states that a single space character must follow the timestamp field. Checked on x86_64-linux-gnu.
* syslog: Fix large messages (BZ#29536)Adhemerval Zanella2022-08-302-28/+142
| | | | | | | | | | | | | The a583b6add407c17cd change did not handle large messages that would require a heap allocation correctly, where the message itself is not take in consideration. This patch fixes it and extend the tst-syslog to check for large messages as well. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Optimize internal usage of __libc_single_threadedAdhemerval Zanella2022-06-241-0/+2
| | | | | | | | | | | | | | | By adding an internal alias to avoid the GOT indirection. On some architecture, __libc_single_thread may be accessed through copy relocations and thus it requires to update also the copies default copy. This is done by adding a new internal macro, libc_hidden_data_{proto,def}, which has an addition argument that specifies the alias name (instead of default __GI_ one). Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Fangrui Song <maskray@google.com>
* linux: Add process_madviseAdhemerval Zanella2022-06-021-0/+3
| | | | | | | | | | It was added on Linux 5.10 (ecb8ac8b1f146915aa6b96449b66dd48984caacc) with the same functionality as madvise but using a pidfd of the target process. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* misc: Use 64 bit stat for getusershell (BZ# 29203)Adhemerval Zanella2022-06-011-2/+2
| | | | | | This is a missing spot initially from 52a5fe70a2c77935. Checked on i686-linux-gnu.
* misc: Use 64 bit stat for daemon (BZ# 29203)Adhemerval Zanella2022-06-011-3/+2
| | | | | | This is a missing spot initially from 52a5fe70a2c77935. Checked on i686-linux-gnu.
* sys/cdefs.h: Do not require C++ compilers to define __STDC__Jonathan Wakely2022-05-161-2/+2
| | | | | | | | | | | | | | The check for an ISO C compiler assumes that anything GCC-like will define __STDC__, even if it's actually a C++ compiler. That's currently true for G++ and compilers like clang++ that also define __GNUC__, but it might not always be true. The C++ standard leaves it implementation-defined whether or not __STDC__ is defined by C++ compilers. And really the check should be "ISO C or ISO C++ conforming compiler" anyway. So only give an error if __GNUC__ is defined and neither __STDC__ nor __cplusplus is defined. Reviewed-by: Fangrui Song <maskray@google.com>
* fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141]Siddhesh Poyarekar2022-05-161-1/+1
| | | | | | | | | | | | | The fix c8ee1c85 introduced a -1 check for object size without also checking that object size is a constant. Because of this, the tree optimizer passes in gcc fail to fold away one of the branches in __glibc_fortify and trips on a spurious Wstringop-overflow. The warning itself is incorrect and the branch does go away eventually in DCE in the rtl passes in gcc, but the constant check is a helpful hint to simplify code early, so add it in. Resolves: BZ #29141 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Fix rare fortify crash on wchar funcs. [BZ 29030]Joan Bruguera2022-04-251-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If `__glibc_objsize (__o) == (size_t) -1` (i.e. `__o` is unknown size), fortify checks should pass, and `__whatever_alias` should be called. Previously, `__glibc_objsize (__o) == (size_t) -1` was explicitly checked, but on commit a643f60c53876b, this was moved into `__glibc_safe_or_unknown_len`. A comment says the -1 case should work as: "The -1 check is redundant because since it implies that __glibc_safe_len_cond is true.". But this fails when: * `__s > 1` * `__osz == -1` (i.e. unknown size at compile time) * `__l` is big enough * `__l * __s <= __osz` can be folded to a constant (I only found this to be true for `mbsrtowcs` and other functions in wchar2.h) In this case `__l * __s <= __osz` is false, and `__whatever_chk_warn` will be called by `__glibc_fortify` or `__glibc_fortify_n` and crash the program. This commit adds the explicit `__osz == -1` check again. moc crashes on startup due to this, see: https://bugs.archlinux.org/task/74041 Minimal test case (test.c): #include <wchar.h> int main (void) { const char *hw = "HelloWorld"; mbsrtowcs (NULL, &hw, (size_t)-1, NULL); return 0; } Build with: gcc -O2 -Wp,-D_FORTIFY_SOURCE=2 test.c -o test && ./test Output: *** buffer overflow detected ***: terminated Fixes: BZ #29030 Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Use 64 bit time_t interfaces on syslogAdhemerval Zanella2022-04-151-8/+27
| | | | | | | | It also handles the highly unlikely case where localtime might return NULL, in this case only the PRI is set to hopefully instruct the relay to get eh TIMESTAMP (as defined by the RFC). Checked on x86_64-linux-gnu and i686-linux-gnu.
* misc: syslog: Move SYSLOG_NAME to USE_MISC (BZ #16355)Adhemerval Zanella2022-04-151-2/+2
| | | | | | | | | There is no easy solution as described on first comment in bug report, and some code (like busybox) assumes facilitynames existance when SYSLOG_NAMES is defined (so we can't just remove it as suggested in comment #2). So use the easier solution and guard it with __USE_MISC.
* misc: syslog: Use fixed-sized buffer and remove memstreamAdhemerval Zanella2022-04-151-34/+52
| | | | | | | | | | | A fixed-sized buffer is used instead of memstream for messages up to 1024 bytes to avoid the potential BUFSIZ (8K) malloc and free for each syslog call. Also, since the buffer size is know, memstream is replaced with a malloced buffer for larger messages. Checked on x86_64-linux-gnu.
* misc: syslog: Simplify implementationAdhemerval Zanella2022-04-151-69/+26
| | | | | | | | Use a temporary buffer for strftime instead of using internal libio members, simplify fprintf call on the memstream and memory allocation, use %b instead of %h, use dprintf instead of writev for LOG_PERROR. Checked on x86_64-linux-gnu and i686-linux-gnu.
* misc: syslog: Fix indentation and styleAdhemerval Zanella2022-04-151-251/+234
| | | | And also clenaup the headers, no semantic changes.
* misc: Add syslog testAdhemerval Zanella2022-04-152-0/+475
| | | | | | | | | | | | | | | | The test cover: - All possible priorities and facilities through TCP and UDP. - Same syslog tests for vsyslog. - Some openlog/syslog/close combinations. - openlog with LOG_CONS, LOG_PERROR, and LOG_PID. Internally is done with a test-container where the main process mimics the syslog server interface. The test does not cover multithread and async-signal usage. Checked on x86_64-linux-gnu.
* Add some missing access function attributesSteve Grubb2022-03-101-9/+13
| | | | | | | This patch adds some missing access function attributes to getrandom / getentropy and several functions in sys/xattr.h Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Enable _FORTIFY_SOURCE=3 for gcc 12 and aboveSiddhesh Poyarekar2022-01-121-1/+2
| | | | | | | | gcc 12 now has support for the __builtin_dynamic_object_size builtin. Adapt the macro checks to enable _FORTIFY_SOURCE=3 on gcc 12 and above. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-01182-182/+182
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* Fix __minimal_malloc segfaults in __mmap due to stack-protectorStefan Liebler2021-12-161-0/+4
| | | | | | | | | | | | | | | Starting with commit b05fae4d8e34604a72ee36d2d3164391b76fcf0b "elf: Use the minimal malloc on tunables_strdup", I get lots of segfaults in static tests on s390x when also using, e.g.: export GLIBC_TUNABLES="glibc.elision.enable=1" tunables_strdup callls __minimal_malloc which tries to call __mmap due to insufficient space left. __mmap itself first setups a new stack frame and segfaults when copying the stack-protector canary from thread-pointer. The latter one is not yet setup. Thus this patch also turns off stack-protection for mmap. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>