about summary refs log tree commit diff
path: root/misc
Commit message (Collapse)AuthorAgeFilesLines
* Enable --enable-fortify-source with clangAdhemerval Zanella2024-04-171-1/+3
|
* x86: Use bool for C++ on x86.hAdhemerval Zanella2024-04-171-0/+7
| | | | | Not all compilers might define C99 _Bool type on C++ mode in old standard modes (clang does not define for -std=c++98).
* misc: Disable some atomic tests on clangAdhemerval Zanella2024-04-171-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | clang warns on some atomic macros, disable for now: tst-atomic.c:463:7: error: unsupported inline asm: input with type 'int64_t' (aka 'long') matching output with type 'typeof (*&mem)' (aka 'int') if (catomic_exchange_and_add (&mem, 11) != 2 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../sysdeps/x86/atomic-machine.h:213:3: note: expanded from macro 'catomic_exchange_and_add' __arch_exchange_and_add_body (__arch_exchange_and_add_cprefix, __arch_c, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../sysdeps/x86/atomic-machine.h:199:12: note: expanded from macro '__arch_exchange_and_add_body' : "0" ((int64_t) cast_to_integer (__addval)), \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tst-atomic.c:487:7: error: unsupported inline asm: input with type 'int64_t' (aka 'long') matching output with type 'typeof (*(&mem))' (aka 'int') if (catomic_increment_val (&mem) != 3) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../include/atomic.h:313:38: note: expanded from macro 'catomic_increment_val' # define catomic_increment_val(mem) (catomic_exchange_and_add ((mem), 1) + 1) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../sysdeps/x86/atomic-machine.h:213:3: note: expanded from macro 'catomic_exchange_and_add' __arch_exchange_and_add_body (__arch_exchange_and_add_cprefix, __arch_c, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../sysdeps/x86/atomic-machine.h:199:12: note: expanded from macro '__arch_exchange_and_add_body' : "0" ((int64_t) cast_to_integer (__addval)), \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tst-atomic.c:501:7: error: unsupported inline asm: input with type 'int64_t' (aka 'long') matching output with type 'typeof (*(&mem))' (aka 'int') if (catomic_decrement_val (&mem) != 15) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../include/atomic.h:340:38: note: expanded from macro 'catomic_decrement_val' # define catomic_decrement_val(mem) (catomic_exchange_and_add ((mem), -1) - 1) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../sysdeps/x86/atomic-machine.h:213:3: note: expanded from macro 'catomic_exchange_and_add' __arch_exchange_and_add_body (__arch_exchange_and_add_cprefix, __arch_c, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../sysdeps/x86/atomic-machine.h:199:12: note: expanded from macro '__arch_exchange_and_add_body' : "0" ((int64_t) cast_to_integer (__addval)), \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* And defines to __attribute__ (__noclone__) iff compiler supports it.Adhemerval Zanella2024-04-172-7/+14
|
* misc: Suppress clang warnings on syslogAdhemerval Zanella2024-04-171-6/+24
| | | | | clang complains that adding a 'int_t' to a string does not append to it, but the idea is to print the pid conditionally.
* misc: Add support for Linux uio.h RWF_NOAPPEND flagStafford Horne2024-04-041-1/+4
| | | | | | | | | | | | | | | | | | | In Linux 6.9 a new flag is added to allow for Per-io operations to disable append mode even if a file was opened with the flag O_APPEND. This is done with the new RWF_NOAPPEND flag. This caused two test failures as these tests expected the flag 0x00000020 to be unused. Adding the flag definition now fixes these tests on Linux 6.9 (v6.9-rc1). FAIL: misc/tst-preadvwritev2 FAIL: misc/tst-preadvwritev64v2 This patch adds the flag, adjusts the test and adds details to documentation. Link: https://lore.kernel.org/all/20200831153207.GO3265@brightrain.aerifal.cx/ Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Always define __USE_TIME_BITS64 when 64 bit time_t is usedAdhemerval Zanella2024-04-022-3/+3
| | | | | | | | | | | | | | | | | | | | It was raised on libc-help [1] that some Linux kernel interfaces expect the libc to define __USE_TIME_BITS64 to indicate the time_t size for the kABI. Different than defined by the initial y2038 design document [2], the __USE_TIME_BITS64 is only defined for ABIs that support more than one time_t size (by defining the _TIME_BITS for each module). The 64 bit time_t redirects are now enabled using a different internal define (__USE_TIME64_REDIRECTS). There is no expected change in semantic or code generation. Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, and arm-linux-gnueabi [1] https://sourceware.org/pipermail/libc-help/2024-January/006557.html [2] https://sourceware.org/glibc/wiki/Y2038ProofnessDesign Reviewed-by: DJ Delorie <dj@redhat.com>
* cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)Siddhesh Poyarekar2024-02-281-3/+3
| | | | | | | | | | | | When passed a pointer to a zero-sized struct, the access attribute without the third argument misleads -Wstringop-overflow diagnostics to think that a function is writing 1 byte into the zero-sized structs. The attribute doesn't add that much value in this context, so drop it completely for _FORTIFY_SOURCE=3. Resolves: BZ #31383 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* debug: Improve fcntl.h fortify warnings with clangAdhemerval Zanella2024-02-271-1/+8
| | | | | | | | | It improves open, open64, openat, and openat64. The compile and runtime checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* syslog: Improve fortify with clangAdhemerval Zanella2024-02-271-2/+12
| | | | | | | | | | | | It improve fortify checks for syslog and vsyslog. The compile and runtime hecks have similar coverage as with GCC. The syslog fortify wrapper calls the va_arg version, since clang does not support __va_arg_pack. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* cdefs.h: Add clang fortify directivesAdhemerval Zanella2024-02-271-2/+149
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For instance, the read wrapper is currently expanded as: extern __inline __attribute__((__always_inline__)) __attribute__((__artificial__)) __attribute__((__warn_unused_result__)) ssize_t read (int __fd, void *__buf, size_t __nbytes) { return __glibc_safe_or_unknown_len (__nbytes, sizeof (char), __glibc_objsize0 (__buf)) ? __read_alias (__fd, __buf, __nbytes) : __glibc_unsafe_len (__nbytes, sizeof (char), __glibc_objsize0 (__buf)) ? __read_chk_warn (__fd, __buf, __nbytes, __builtin_object_size (__buf, 0)) : __read_chk (__fd, __buf, __nbytes, __builtin_object_size (__buf, 0)); } The wrapper relies on __builtin_object_size call lowers to a constant at compile-time and many other operations in the wrapper depends on having a single, known value for parameters. Because this is impossible to have for function parameters, the wrapper depends heavily on inlining to work and While this is an entirely viable approach on GCC, it is not fully reliable on clang. This is because by the time llvm gets to inlining and optimizing, there is a minimal reliable source and type-level information available (more information on a more deep explanation on how to fortify wrapper works on clang [1]). To allow the wrapper to work reliably and with the same functionality as with GCC, clang requires a different approach: * __attribute__((diagnose_if(c, “str”, “warning”))) which is a function level attribute; if the compiler can determine that 'c' is true at compile-time, it will emit a warning with the text 'str1'. If it would be better to emit an error, the wrapper can use "error" instead of "warning". * __attribute__((overloadable)) which is also a function-level attribute; and it allows C++-style overloading to occur on C functions. * __attribute__((pass_object_size(n))) which is a parameter-level attribute; and it makes the compiler evaluate __builtin_object_size(param, n) at each call site of the function that has the parameter, and passes it in as a hidden parameter. This attribute has two side-effects that are key to how FORTIFY works: 1. It can overload solely on pass_object_size (e.g. there are two overloads of foo in void foo(char * __attribute__((pass_object_size(0))) c); void foo(char *); (The one with pass_object_size attribute has precende over the default one). 2. A function with at least one pass_object_size parameter can never have its address taken (and overload resolution respects this). Thus the read wrapper can be implemented as follows, without hindering any fortify coverage compile and runtime: extern __inline __attribute__((__always_inline__)) __attribute__((__artificial__)) __attribute__((__overloadable__)) __attribute__((__warn_unused_result__)) ssize_t read (int __fd, void *const __attribute__((pass_object_size (0))) __buf, size_t __nbytes) __attribute__((__diagnose_if__ ((((__builtin_object_size (__buf, 0)) != -1ULL && (__nbytes) > (__builtin_object_size (__buf, 0)) / (1))), "read called with bigger length than size of the destination buffer", "warning"))) { return (__builtin_object_size (__buf, 0) == (size_t) -1) ? __read_alias (__fd, __buf, __nbytes) : __read_chk (__fd, __buf, __nbytes, __builtin_object_size (__buf, 0)); } To avoid changing the current semantic for GCC, a set of macros is defined to enable the clang required attributes, along with some changes on internal macros to avoid the need to issue the symbol_chk symbols (which are done through the __diagnose_if__ attribute for clang). The read wrapper is simplified as: __fortify_function __attribute_overloadable__ __wur ssize_t read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes) __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, "read called with bigger length than " "size of the destination buffer") { return __glibc_fortify (read, __nbytes, sizeof (char), __glibc_objsize0 (__buf), __fd, __buf, __nbytes); } There is no expected semantic or code change when using GCC. Also, clang does not support __va_arg_pack, so variadic functions are expanded to call va_arg implementations. The error function must not have bodies (address takes are expanded to nonfortified calls), and with the __fortify_function compiler might still create a body with the C++ mangling name (due to the overload attribute). In this case, the function is defined with __fortify_function_error_function macro instead. [1] https://docs.google.com/document/d/1DFfZDICTbL7RqS74wJVIJ-YnjQOj1SaoqfhbgddFYSM/edit Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* syslog: Fix integer overflow in __vsyslog_internal (CVE-2023-6780)Arjun Shankar2024-01-301-1/+2
| | | | | | | | | __vsyslog_internal calculated a buffer size by adding two integers, but did not first check if the addition would overflow. This commit fixes that. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)Arjun Shankar2024-01-301-11/+28
| | | | | | | | | | | | __vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output. This commit fixes that. All snprintf/vsnprintf calls are checked for negative return values and the function silently returns upon encountering them. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)Arjun Shankar2024-01-304-15/+82
| | | | | | | | | | | | __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. This commit fixes that. It also adds a new regression test that uses glibc.malloc.check. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2024-01-01186-186/+186
|
* malloc: Use __get_nprocs on arena_get2 (BZ 30945)Adhemerval Zanella2023-11-221-6/+0
| | | | | | | | | | | | | | | | This restore the 2.33 semantic for arena_get2. It was changed by 11a02b035b46 to avoid arena_get2 call malloc (back when __get_nproc was refactored to use an scratch_buffer - 903bc7dcc2acafc). The __get_nproc was refactored over then and now it also avoid to call malloc. The 11a02b035b46 did not take in consideration any performance implication, which should have been discussed properly. The __get_nprocs_sched is still used as a fallback mechanism if procfs and sysfs is not acessible. Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* misc/bits/syslog.h: Clearly separate declaration from definitionFrédéric Bérat2023-07-054-10/+40
| | | | | | | | This allows to include bits/syslog-decl.h in include/sys/syslog.h and therefore be able to create the libc_hidden_builtin_proto (__syslog_chk) prototype. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/bits/select2.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-053-4/+34
| | | | | | | | | The __fdelt_chk declaration needs to be available so that libc_hidden_proto can be used while not redefining __FD_ELT. Thus, misc/bits/select-decl.h is created to hold the corresponding prototypes. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc/sys/cdefs.h: Create FORTIFY redirects for internal callsFrédéric Bérat2023-07-051-0/+8
| | | | | | | | | | | The __REDIRECT* macros are creating aliases which may lead to unwanted PLT entries when fortification is enabled. To prevent these entries, the REDIRECT alias should be set to point to the existing __GI_* aliases. This is done transparently by creating a __REDIRECT_FORTIFY* version of these macros, that can be overwritten internally when necessary. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Exclude routines from fortificationFrédéric Bérat2023-07-051-0/+7
| | | | | | | | | | | | | | | | | Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to be excluded from the fortification. On top of that: - some tests explicitly verify that some level of fortification works appropriately, we therefore shouldn't modify the level set for them. - some objects need to be build with optimization disabled, which prevents _FORTIFY_SOURCE to be used for them. Assembler files that implement architecture specific versions of the fortified routines were not excluded from _FORTIFY_SOURCE as there is no C header included that would impact their behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* tests: Replace various function calls with their x variantFrédéric Bérat2023-06-061-1/+3
| | | | | | | With fortification enabled, few function calls return result need to be checked, has they get the __wur macro enabled. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov2023-06-026-7/+7
|
* tests: fix warn unused resultsFrédéric Bérat2023-06-011-2/+2
| | | | | | With fortification enabled, few function calls return result need to be checked, has they get the __wur macro enabled. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Reformat Makefile.Carlos O'Donell2023-05-181-3/+3
| | | | | | | | | | | | Reflow Makefile. Sort using updated scripts/sort-makefile-lines.py. Code generation is changed as routines are linked in sorted order as expected. No regressions on x86_64 and i686. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Reformat Makefile.Carlos O'Donell2023-05-161-67/+232
| | | | | | | | | | Reflow Makefile. Sort using scripts/sort-makefile-lines.py. Code generation is changed as routines are linked in sorted order as expected. No regressions on x86_64 and i686.
* Added Redirects to longdouble error functions [BZ #29033]Sachin Monga2023-05-104-2/+135
| | | | | | | | This patch redirects the error functions to the appropriate longdouble variants which enables the compiler to optimize for the abi ieeelongdouble. Signed-off-by: Sachin Monga <smonga@linux.ibm.com>
* Mark various cold functions as __COLDSergey Bugaev2023-05-012-8/+8
| | | | | | | | | | GCC docs explicitly list perror () as a good candidate for using __attribute__ ((cold)). So apply __COLD to perror () and similar functions. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230429131223.2507236-3-bugaevc@gmail.com>
* cdefs.h: Define __COLDSergey Bugaev2023-04-291-0/+7
| | | | | | | This expands to __attribute__ ((cold)) when supported. It should be used to mark up functions that are invoked rarely. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
* misc: Convert daemon () to GNU coding styleSergey Bugaev2023-04-221-39/+49
| | | | | | | | | | | This is nicer, and is going to be required for the following changes to reasonably stay within the 79 column limit. No functional change. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Message-Id: <20230419160207.65988-2-bugaevc@gmail.com>
* Move libc_freeres_ptrs and libc_subfreeres to hidden/weak functionsAdhemerval Zanella Netto2023-03-277-8/+13
| | | | | | | | | | | | | | | | | | | | They are both used by __libc_freeres to free all library malloc allocated resources to help tooling like mtrace or valgrind with memory leak tracking. The current scheme uses assembly markers and linker script entries to consolidate the free routine function pointers in the RELRO segment and to be freed buffers in BSS. This patch changes it to use specific free functions for libc_freeres_ptrs buffers and call the function pointer array directly with call_function_static_weak. It allows the removal of both the internal macros and the linker script sections. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* cdefs.h: fix "__clang_major" typoPaul Eggert2023-02-271-1/+1
| | | | | * misc/sys/cdefs.h: Fix misspelling of "__clang_major__". Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Use uintptr_t instead of performing pointer subtraction with a null pointerQihao Chencao2023-02-171-2/+3
| | | | | | Signed-off-by: Qihao Chencao <twose@qq.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* cdefs: Limit definition of fortification macrosSiddhesh Poyarekar2023-02-021-2/+4
| | | | | | | | | | | | Define the __glibc_fortify and other macros only when __FORTIFY_LEVEL > 0. This has the effect of not defining these macros on older C90 compilers that do not have support for variable length argument lists. Also trim off the trailing backslashes from the definition of __glibc_fortify and __glibc_fortify_n macros. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Update copyright dates with scripts/update-copyrightsJoseph Myers2023-01-06183-183/+183
|
* Apply asm redirections in syslog.h before first use [BZ #27087]Tulio Magno Quites Machado Filho2022-11-292-9/+19
| | | | | | | | | | Similar to d0fa09a770, but for syslog.h when _FORTIFY_SOURCE > 0. Fixes [BZ #27087] by applying long double-related asm redirections before using functions in bits/syslog.h. Tested with build-many-glibcs.py. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* configure: Use -Wno-ignored-attributes if compiler warns about multiple aliasesAdhemerval Zanella2022-11-011-0/+2
| | | | | | | | | clang emits an warning when a double alias redirection is used, to warn the the original symbol will be used even when weak definition is overridden. However, this is a common pattern for weak_alias, where multiple alias are set to same symbol. Reviewed-by: Fangrui Song <maskray@google.com>
* Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sourcesFlorian Weimer2022-10-181-6/+4
| | | | | | | | | | | | | | | | | In the future, this will result in a compilation failure if the macros are unexpectedly undefined (due to header inclusion ordering or header inclusion missing altogether). Assembler sources are more difficult to convert. In many cases, they are hand-optimized for the mangling and no-mangling variants, which is why they are not converted. sysdeps/s390/s390-32/__longjmp.c and sysdeps/s390/s390-64/__longjmp.c are special: These are C sources, but most of the implementation is in assembler, so the PTR_DEMANGLE macro has to be undefined in some cases, to match the assembler style. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Introduce <pointer_guard.h>, extracted from <sysdep.h>Florian Weimer2022-10-181-0/+1
| | | | | | | | | | | | | | This allows us to define a generic no-op version of PTR_MANGLE and PTR_DEMANGLE. In the future, we can use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources, avoiding an unintended loss of hardening due to missing include files or unlucky header inclusion ordering. In i386 and x86_64, we can avoid a <tls.h> dependency in the C code by using the computed constant from <tcb-offsets.h>. <sysdep.h> no longer includes these definitions, so there is no cyclic dependency anymore when computing the <tcb-offsets.h> constants. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* syslog: Remove extra whitespace between timestamp and message (BZ#29544)Adhemerval Zanella2022-09-052-4/+7
| | | | | | | The rfc3164 clear states that a single space character must follow the timestamp field. Checked on x86_64-linux-gnu.
* syslog: Fix large messages (BZ#29536)Adhemerval Zanella2022-08-302-28/+142
| | | | | | | | | | | | | The a583b6add407c17cd change did not handle large messages that would require a heap allocation correctly, where the message itself is not take in consideration. This patch fixes it and extend the tst-syslog to check for large messages as well. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Optimize internal usage of __libc_single_threadedAdhemerval Zanella2022-06-241-0/+2
| | | | | | | | | | | | | | | By adding an internal alias to avoid the GOT indirection. On some architecture, __libc_single_thread may be accessed through copy relocations and thus it requires to update also the copies default copy. This is done by adding a new internal macro, libc_hidden_data_{proto,def}, which has an addition argument that specifies the alias name (instead of default __GI_ one). Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Fangrui Song <maskray@google.com>
* linux: Add process_madviseAdhemerval Zanella2022-06-021-0/+3
| | | | | | | | | | It was added on Linux 5.10 (ecb8ac8b1f146915aa6b96449b66dd48984caacc) with the same functionality as madvise but using a pidfd of the target process. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* misc: Use 64 bit stat for getusershell (BZ# 29203)Adhemerval Zanella2022-06-011-2/+2
| | | | | | This is a missing spot initially from 52a5fe70a2c77935. Checked on i686-linux-gnu.
* misc: Use 64 bit stat for daemon (BZ# 29203)Adhemerval Zanella2022-06-011-3/+2
| | | | | | This is a missing spot initially from 52a5fe70a2c77935. Checked on i686-linux-gnu.
* sys/cdefs.h: Do not require C++ compilers to define __STDC__Jonathan Wakely2022-05-161-2/+2
| | | | | | | | | | | | | | The check for an ISO C compiler assumes that anything GCC-like will define __STDC__, even if it's actually a C++ compiler. That's currently true for G++ and compilers like clang++ that also define __GNUC__, but it might not always be true. The C++ standard leaves it implementation-defined whether or not __STDC__ is defined by C++ compilers. And really the check should be "ISO C or ISO C++ conforming compiler" anyway. So only give an error if __GNUC__ is defined and neither __STDC__ nor __cplusplus is defined. Reviewed-by: Fangrui Song <maskray@google.com>
* fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141]Siddhesh Poyarekar2022-05-161-1/+1
| | | | | | | | | | | | | The fix c8ee1c85 introduced a -1 check for object size without also checking that object size is a constant. Because of this, the tree optimizer passes in gcc fail to fold away one of the branches in __glibc_fortify and trips on a spurious Wstringop-overflow. The warning itself is incorrect and the branch does go away eventually in DCE in the rtl passes in gcc, but the constant check is a helpful hint to simplify code early, so add it in. Resolves: BZ #29141 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Fix rare fortify crash on wchar funcs. [BZ 29030]Joan Bruguera2022-04-251-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If `__glibc_objsize (__o) == (size_t) -1` (i.e. `__o` is unknown size), fortify checks should pass, and `__whatever_alias` should be called. Previously, `__glibc_objsize (__o) == (size_t) -1` was explicitly checked, but on commit a643f60c53876b, this was moved into `__glibc_safe_or_unknown_len`. A comment says the -1 case should work as: "The -1 check is redundant because since it implies that __glibc_safe_len_cond is true.". But this fails when: * `__s > 1` * `__osz == -1` (i.e. unknown size at compile time) * `__l` is big enough * `__l * __s <= __osz` can be folded to a constant (I only found this to be true for `mbsrtowcs` and other functions in wchar2.h) In this case `__l * __s <= __osz` is false, and `__whatever_chk_warn` will be called by `__glibc_fortify` or `__glibc_fortify_n` and crash the program. This commit adds the explicit `__osz == -1` check again. moc crashes on startup due to this, see: https://bugs.archlinux.org/task/74041 Minimal test case (test.c): #include <wchar.h> int main (void) { const char *hw = "HelloWorld"; mbsrtowcs (NULL, &hw, (size_t)-1, NULL); return 0; } Build with: gcc -O2 -Wp,-D_FORTIFY_SOURCE=2 test.c -o test && ./test Output: *** buffer overflow detected ***: terminated Fixes: BZ #29030 Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Use 64 bit time_t interfaces on syslogAdhemerval Zanella2022-04-151-8/+27
| | | | | | | | It also handles the highly unlikely case where localtime might return NULL, in this case only the PRI is set to hopefully instruct the relay to get eh TIMESTAMP (as defined by the RFC). Checked on x86_64-linux-gnu and i686-linux-gnu.
* misc: syslog: Move SYSLOG_NAME to USE_MISC (BZ #16355)Adhemerval Zanella2022-04-151-2/+2
| | | | | | | | | There is no easy solution as described on first comment in bug report, and some code (like busybox) assumes facilitynames existance when SYSLOG_NAMES is defined (so we can't just remove it as suggested in comment #2). So use the easier solution and guard it with __USE_MISC.
* misc: syslog: Use fixed-sized buffer and remove memstreamAdhemerval Zanella2022-04-151-34/+52
| | | | | | | | | | | A fixed-sized buffer is used instead of memstream for messages up to 1024 bytes to avoid the potential BUFSIZ (8K) malloc and free for each syslog call. Also, since the buffer size is know, memstream is replaced with a malloced buffer for larger messages. Checked on x86_64-linux-gnu.