about summary refs log tree commit diff
path: root/misc
Commit message (Collapse)AuthorAgeFilesLines
* Enable _FORTIFY_SOURCE=3 for gcc 12 and aboveSiddhesh Poyarekar2022-01-121-1/+2
| | | | | | | | gcc 12 now has support for the __builtin_dynamic_object_size builtin. Adapt the macro checks to enable _FORTIFY_SOURCE=3 on gcc 12 and above. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-01182-182/+182
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* Fix __minimal_malloc segfaults in __mmap due to stack-protectorStefan Liebler2021-12-161-0/+4
| | | | | | | | | | | | | | | Starting with commit b05fae4d8e34604a72ee36d2d3164391b76fcf0b "elf: Use the minimal malloc on tunables_strdup", I get lots of segfaults in static tests on s390x when also using, e.g.: export GLIBC_TUNABLES="glibc.elision.enable=1" tunables_strdup callls __minimal_malloc which tries to call __mmap due to insufficient space left. __mmap itself first setups a new stack frame and segfaults when copying the stack-protector canary from thread-pointer. The latter one is not yet setup. Thus this patch also turns off stack-protection for mmap. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* __glibc_unsafe_len: Fix commentSiddhesh Poyarekar2021-12-161-1/+1
| | | | | | We know that the length is *unsafe*. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc, nptl: Remove stray references to __condvar_load_64_relaxedFlorian Weimer2021-12-061-2/+2
| | | | | | The function was renamed to __atomic_wide_counter_load_relaxed in commit 8bd336a00a5311bf7a9e99b3b0e9f01ff5faa74b ("nptl: Extract <bits/atomic_wide_counter.h> from pthread_cond_common.c").
* nptl: Extract <bits/atomic_wide_counter.h> from pthread_cond_common.cFlorian Weimer2021-11-172-1/+129
| | | | | | | | | | | | | And make it an installed header. This addresses a few aliasing violations (which do not seem to result in miscompilation due to the use of atomics), and also enables use of wide counters in other parts of the library. The debug output in nptl/tst-cond22 has been adjusted to print the 32-bit values instead because it avoids a big-endian/little-endian difference. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Add alloc_align attribute to memalign et alJonathan Wakely2021-10-211-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GCC 4.9.0 added the alloc_align attribute to say that a function argument specifies the alignment of the returned pointer. Clang supports the attribute too. Using the attribute can allow a compiler to generate better code if it knows the returned pointer has a minimum alignment. See https://gcc.gnu.org/PR60092 for more details. GCC implicitly knows the semantics of aligned_alloc and posix_memalign, but not the obsolete memalign. As a result, GCC generates worse code when memalign is used, compared to aligned_alloc. Clang knows about aligned_alloc and memalign, but not posix_memalign. This change adds a new __attribute_alloc_align__ macro to <sys/cdefs.h> and then uses it on memalign (where it helps GCC) and aligned_alloc (where GCC and Clang already know the semantics, but it doesn't hurt) and xposix_memalign. It can't be used on posix_memalign because that doesn't return a pointer (the allocated pointer is returned via a void** parameter instead). Unlike the alloc_size attribute, alloc_align only allows a single argument. That means the new __attribute_alloc_align__ macro doesn't really need to be used with double parentheses to protect a comma between its arguments. For consistency with __attribute_alloc_size__ this patch defines it the same way, so that double parentheses are required. Signed-off-by: Jonathan Wakely <jwakely@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Make sure that the fortified function conditionals are constantSiddhesh Poyarekar2021-10-201-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In _FORTIFY_SOURCE=3, the size expression may be non-constant, resulting in branches in the inline functions remaining intact and causing a tiny overhead. Clang (and in future, gcc) make sure that the -1 case is always safe, i.e. any comparison of the generated expression with (size_t)-1 is always false so that bit is taken care of. The rest is avoidable since we want the _chk variant whenever we have a size expression and it's not -1. Rework the conditionals in a uniform way to clearly indicate two conditions at compile time: - Either the size is unknown (-1) or we know at compile time that the operation length is less than the object size. We can call the original function in this case. It could be that either the length, object size or both are non-constant, but the compiler, through range analysis, is able to fold the *comparison* to a constant. - The size and length are known and the compiler can see at compile time that operation length > object size. This is valid grounds for a warning at compile time, followed by emitting the _chk variant. For everything else, emit the _chk variant. This simplifies most of the fortified function implementations and at the same time, ensures that only one call from _chk or the regular function is emitted. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Don't add access size hints to fortifiable functionsSiddhesh Poyarekar2021-10-201-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the context of a function definition, the size hints imply that the size of an object pointed to by one parameter is another parameter. This doesn't make sense for the fortified versions of the functions since that's the bit it's trying to validate. This is harmless with __builtin_object_size since it has fairly simple semantics when it comes to objects passed as function parameters. With __builtin_dynamic_object_size we could (as my patchset for gcc[1] already does) use the access attribute to determine the object size in the general case but it misleads the fortified functions. Basically the problem occurs when access attributes are present on regular functions that have inline fortified definitions to generate _chk variants; the attributes get inherited by these definitions, causing problems when analyzing them. For example with poll(fds, nfds, timeout), nfds is hinted using the __attr_access as being the size of fds. Now, when analyzing the inline function definition in bits/poll2.h, the compiler sees that nfds is the size of fds and tries to use that information in the function body. In _FORTIFY_SOURCE=3 case, where the object size could be a non-constant expression, this information results in the conclusion that nfds is the size of fds, which defeats the purpose of the implementation because we're trying to check here if nfds does indeed represent the size of fds. Hence for this case, it is best to not have the access attribute. With the attributes gone, the expression evaluation should get delayed until the function is actually inlined into its destinations. Disable the access attribute for fortified function inline functions when building at _FORTIFY_SOURCE=3 to make this work better. The access attributes remain for the _chk variants since they can be used by the compiler to warn when the caller is passing invalid arguments. [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Add __get_nprocs_schedAdhemerval Zanella2021-09-271-0/+6
| | | | | | | | | | | This is an internal function meant to return the number of avaliable processor where the process can scheduled, different than the __get_nprocs which returns a the system available online CPU. The Linux implementation currently only calls __get_nprocs(), which in tuns calls sched_getaffinity. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* regex: copy back from GnulibPaul Eggert2021-09-211-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Copy regex-related files back from Gnulib, to fix a problem with static checking of regex calls noted by Martin Sebor. This merges the following changes: * New macro __attribute_nonnull__ in misc/sys/cdefs.h, for use later when copying other files back from Gnulib. * Use __GNULIB_CDEFS instead of __GLIBC__ when deciding whether to include bits/wordsize.h etc. * Avoid duplicate entries in epsilon closure table. * New regex.h macro _REGEX_NELTS to let regexec say that its pmatch arg should contain nmatch elts. Use that for regexec, instead of __attr_access (which is incorrect). * New regex.h macro _Attr_access_ which is like __attr_access except portable to non-glibc platforms. * Add some DEBUG_ASSERTs to pacify gcc -fanalyzer and to catch recently-fixed performance bugs if they recur. * Add Gnulib-specific stuff to port the dynarray- and lock-using parts of regex code to non-glibc platforms. * Fix glibc bug 11053. * Avoid some undefined behavior when popping an empty fail stack.
* Remove "Contributed by" linesSiddhesh Poyarekar2021-09-0314-15/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Linux: Fix fcntl, ioctl, prctl redirects for _TIME_BITS=64 (bug 28182)Florian Weimer2021-08-061-2/+2
| | | | | | | | | | | | | __REDIRECT and __THROW are not compatible with C++ due to the ordering of the __asm__ alias and the throw specifier. __REDIRECT_NTH has to be used instead. Fixes commit 8a40aff86ba5f64a3a84883e539cb67b ("io: Add time64 alias for fcntl"), commit 82c395d91ea4f69120d453aeec398e30 ("misc: Add time64 alias for ioctl"), commit b39ffab860cd743a82c91946619f1b8158 ("Linux: Add time64 alias for prctl"). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* xmalloc: Fix warnings with gcc analyzerSiddhesh Poyarekar2021-07-281-0/+10
| | | | | | | | | | Tell the compiler that xmalloc family of allocators always return non-NULL. xrealloc in locale/programs also always returns non-NULL, but that conflicts with default realloc behaviour and that of xrealloc in libsupport, so keep it as is for now and resolve the differences later. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Move malloc hooks into a compat DSOSiddhesh Poyarekar2021-07-221-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | Remove all malloc hook uses from core malloc functions and move it into a new library libc_malloc_debug.so. With this, the hooks now no longer have any effect on the core library. libc_malloc_debug.so is a malloc interposer that needs to be preloaded to get hooks functionality back so that the debugging features that depend on the hooks, i.e. malloc-check, mcheck and mtrace work again. Without the preloaded DSO these debugging features will be nops. These features will be ported away from hooks in subsequent patches. Similarly, legacy applications that need hooks functionality need to preload libc_malloc_debug.so. The symbols exported by libc_malloc_debug.so are maintained at exactly the same version as libc.so. Finally, static binaries will no longer be able to use malloc debugging features since they cannot preload the debugging DSO. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* misc: Add time64 alias for ioctlFlorian Weimer2021-07-214-2/+57
| | | | | Reviewed-by: Lukasz Majewski <lukma@denx.de> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Force building with -fno-commonFlorian Weimer2021-07-091-5/+4
| | | | | | | | | | As a result, is not necessary to specify __attribute__ ((nocommon)) on individual definitions. GCC 10 defaults to -fno-common on all architectures except ARC, but this change is compatible with older GCC versions and ARC, too. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Linux: Cleanups after librt moveFlorian Weimer2021-06-281-6/+0
| | | | | | | | | | | | librt.so is no longer installed for PTHREAD_IN_LIBC, and tests are not linked against it. $(librt) is introduced globally for shared tests that need to be linked for both PTHREAD_IN_LIBC and !PTHREAD_IN_LIBC. GLIBC_PRIVATE symbols that were needed during the transition are removed again. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* linux: Only use 64-bit syscall if required for selectAdhemerval Zanella2021-06-222-15/+26
| | | | | | | | | | | | | | | | | For !__ASSUME_TIME64_SYSCALLS there is no need to issue a 64-bit syscall if the provided timeout fits in a 32-bit one. The 64-bit usage should be rare since the timeout is a relative one. This also avoids the need to use supports_time64() (which breaks the usage case of live migration like CRIU or similar). It also fixes an issue on 32-bit select call for !__ASSUME_PSELECT (microblase with older kernels only) where the expected timeout is a 'struct timeval' instead of 'struct timespec'. Checked on i686-linux-gnu on a 4.15 kernel and on a 5.11 kernel (with and without --enable-kernel=5.1) and on x86_64-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
* linux: Only use 64-bit syscall if required for pselectAdhemerval Zanella2021-06-222-64/+65
| | | | | | | | | | | | | For !__ASSUME_TIME64_SYSCALLS there is no need to issue a 64-bit syscall if the provided timeout fits in a 32-bit one. The 64-bit usage should be rare since the timeout is a relative one. This also avoids the need to use supports_time64() (which breaks the usage case of live migration like CRIU or similar). Checked on i686-linux-gnu on a 4.15 kernel and on a 5.11 kernel (with and without --enable-kernel=5.1) and on x86_64-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
* Add hidden prototypes for fsync, fdatasyncFlorian Weimer2021-06-222-1/+2
| | | | Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* y2038: Add test coverageAdhemerval Zanella2021-06-153-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is enabled through a new rule, tests-y2038, which is built only when the ABI supports the comapt 64-bit time_t (defined by the header time64-compat.h, which also enables the creation of the symbol Version for Linux). It means the tests are not built for ABI which already provide default 64-bit time_t. The new rule already adds the required LFS and 64-bit time_t compiler flags. The current coverage is: * libc: - adjtime tst-adjtime-time64 - adjtimex tst-adjtimex-time64 - clock_adjtime tst-clock_adjtime-time64 - clock_getres tst-clock-time64, tst-cpuclock1-time64 - clock_gettime tst-clock-time64, tst-clock2-time64, tst-cpuclock1-time64 - clock_nanosleep tst-clock_nanosleep-time64, tst-cpuclock1-time64 - clock_settime tst-clock2-time64 - cnd_timedwait tst-cnd-timedwait-time64 - ctime tst-ctime-time64 - ctime_r tst-ctime-time64 - difftime tst-difftime-time64 - fstat tst-stat-time64 - fstatat tst-stat-time64 - futimens tst-futimens-time64 - futimes tst-futimes-time64 - futimesat tst-futimesat-time64 - fts_* tst-fts-time64 - getitimer tst-itimer-timer64 - getrusage - gettimeofday tst-clock_nanosleep-time64 - glob / globfree tst-gnuglob64-time64 - gmtime tst-gmtime-time64 - gmtime_r tst-gmtime-time64 - lstat tst-stat-time64 - localtime tst-y2039-time64 - localtime_t tst-y2039-time64 - lutimes tst-lutimes-time64 - mktime tst-mktime4-time64 - mq_timedreceive tst-mqueue{1248}-time64 - mq_timedsend tst-mqueue{1248}-time64 - msgctl test-sysvmsg-time64 - mtx_timedlock tst-mtx-timedlock-time64 - nanosleep tst-cpuclock{12}-time64, tst-mqueue8-time64, tst-clock-time64 - nftw / ftw ftwtest-time64 - ntp_adjtime tst-ntp_adjtime-time64 - ntp_gettime tst-ntp_gettime-time64 - ntp_gettimex tst-ntp_gettimex-time64 - ppoll tst-ppoll-time64 - pselect tst-pselect-time64 - pthread_clockjoin_np tst-join14-time64 - pthread_cond_clockwait tst-cond11-time64 - pthread_cond_timedwait tst-abstime-time64 - pthread_mutex_clocklock tst-abstime-time64 - pthread_mutex_timedlock tst-abstime-time64 - pthread_rwlock_clockrdlock tst-abstime-time64, tst-rwlock14-time64 - pthread_rwlock_clockwrlock tst-abstime-time64, tst-rwlock14-time64 - pthread_rwlock_timedrdlock tst-abstime-time64, tst-rwlock14-time64 - pthread_rwlock_timedwrlock tst-abstime-time64, tst-rwlock14-time64 - pthread_timedjoin_np tst-join14-time64 - recvmmsg tst-cancel4_2-time64 - sched_rr_get_interval tst-sched_rr_get_interval-time64 - select tst-select-time64 - sem_clockwait tst-sem5-time64 - sem_timedwait tst-sem5-time64 - semctl test-sysvsem-time64 - semtimedop test-sysvsem-time64 - setitimer tst-mqueue2-time64, tst-itimer-timer64 - settimeofday tst-settimeofday-time64 - shmctl test-sysvshm-time64 - sigtimedwait tst-sigtimedwait-time64 - stat tst-stat-time64 - thrd_sleep tst-thrd-sleep-time64 - time tst-mqueue{1248}-time64 - timegm tst-timegm-time64 - timer_gettime tst-timer4-time64 - timer_settime tst-timer4-time64 - timerfd_gettime tst-timerfd-time64 - timerfd_settime tst-timerfd-time64 - timespec_get tst-timespec_get-time64 - timespec_getres tst-timespec_getres-time64 - utime tst-utime-time64 - utimensat tst-utimensat-time64 - utimes tst-utimes-time64 - wait3 tst-wait3-time64 - wait4 tst-wait4-time64 * librt: - aio_suspend tst-aio6-time64 - mq_timedreceive tst-mqueue{1248}-time64 - mq_timedsend tst-mqueue{1248}-time64 - timer_gettime tst-timer4-time64 - timer_settime tst-timer4-time64 * libanl: - gai_suspend Reviewed-by: Lukasz Majewski <lukma@denx.de> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* y2038: Add support for 64-bit time on legacy ABIsAdhemerval Zanella2021-06-151-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A new build flag, _TIME_BITS, enables the usage of the newer 64-bit time symbols for legacy ABI (where 32-bit time_t is default). The 64 bit time support is only enabled if LFS (_FILE_OFFSET_BITS=64) is also used. Different than LFS support, the y2038 symbols are added only for the required ABIs (armhf, csky, hppa, i386, m68k, microblaze, mips32, mips64-n32, nios2, powerpc32, sparc32, s390-32, and sh). The ABIs with 64-bit time support are unchanged, both for symbol and types redirection. On Linux the full 64-bit time support requires a minimum of kernel version v5.1. Otherwise, the 32-bit fallbacks are used and might results in error with overflow return code (EOVERFLOW). The i686-gnu does not yet support 64-bit time. This patch exports following rediretions to support 64-bit time: * libc: adjtime adjtimex clock_adjtime clock_getres clock_gettime clock_nanosleep clock_settime cnd_timedwait ctime ctime_r difftime fstat fstatat futimens futimes futimesat getitimer getrusage gettimeofday gmtime gmtime_r localtime localtime_r lstat_time lutimes mktime msgctl mtx_timedlock nanosleep nanosleep ntp_gettime ntp_gettimex ppoll pselec pselect pthread_clockjoin_np pthread_cond_clockwait pthread_cond_timedwait pthread_mutex_clocklock pthread_mutex_timedlock pthread_rwlock_clockrdlock pthread_rwlock_clockwrlock pthread_rwlock_timedrdlock pthread_rwlock_timedwrlock pthread_timedjoin_np recvmmsg sched_rr_get_interval select sem_clockwait semctl semtimedop sem_timedwait setitimer settimeofday shmctl sigtimedwait stat thrd_sleep time timegm timerfd_gettime timerfd_settime timespec_get utime utimensat utimes utimes wait3 wait4 * librt: aio_suspend mq_timedreceive mq_timedsend timer_gettime timer_settime * libanl: gai_suspend Reviewed-by: Lukasz Majewski <lukma@denx.de> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* dlfcn: Cleanups after -ldl is no longer requiredFlorian Weimer2021-06-031-2/+0
| | | | | | | | | | | | This commit removes the ELF constructor and internal variables from dlfcn/dlfcn.c. The file now serves the same purpose as nptl/libpthread-compat.c, so it is renamed to dlfcn/libdl-compat.c. The use of libdl-shared-only-routines ensures that libdl.a is empty. This commit adjusts the test suite not to use $(libdl). The libdl.so symbolic link is no longer installed. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Enable support for GCC 11 -Wmismatched-dealloc.Martin Sebor2021-05-161-0/+11
| | | | | | | | | | | | | | | | | | | | | | | To help detect common kinds of memory (and other resource) management bugs, GCC 11 adds support for the detection of mismatched calls to allocation and deallocation functions. At each call site to a known deallocation function GCC checks the set of allocation functions the former can be paired with and, if the two don't match, issues a -Wmismatched-dealloc warning (something similar happens in C++ for mismatched calls to new and delete). GCC also uses the same mechanism to detect attempts to deallocate objects not allocated by any allocation function (or pointers past the first byte into allocated objects) by -Wfree-nonheap-object. This support is enabled for built-in functions like malloc and free. To extend it beyond those, GCC extends attribute malloc to designate a deallocation function to which pointers returned from the allocation function may be passed to deallocate the allocated objects. Another, optional argument designates the positional argument to which the pointer must be passed. This change is the first step in enabling this extended support for Glibc.
* misc: use _fitoa_word to implement __fd_to_filename.Érico Nogueira2021-05-071-5/+2
| | | | | | | | | | In a default build for x86_64, size decreased by 24 bytes: 1883294 to 1883270. Aditionally, avoids repeating the number printing logic in multiple places. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Annotate additional APIs with GCC attribute access.Martin Sebor2021-05-061-13/+24
| | | | | | | | | | | | | | | | This change continues the improvements to compile-time out of bounds checking by decorating more APIs with either attribute access, or by explicitly providing the array bound in APIs such as tmpnam() that expect arrays of some minimum size as arguments. (The latter feature is new in GCC 11.) The only effects of the attribute and/or the array bound is to check and diagnose calls to the functions that fail to provide a sufficient number of elements, and the definitions of the functions that access elements outside the specified bounds. (There is no interplay with _FORTIFY_SOURCE here yet.) Tested with GCC 7 through 11 on x86_64-linux.
* nptl: Move sem_close, sem_open into libcFlorian Weimer2021-05-051-0/+1
| | | | | | | | | | | The symbols were moved using move-symbol-to-libc.py. Both functions are moved at the same time because they depend on internal functions in sysdeps/pthread/sem_routines.c, which are moved in this commit as well. Additional hidden prototypes are required to avoid check-localplt failures. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Add __attribute_access_none to disable GCC warnings [BZ #27714]Martin Sebor2021-04-271-1/+7
| | | | | | | | | | | | | | | | GCC 11 warns when a pointer to an uninitialized object is passed to a function that takes a const-qualified argument. This is done on the assumption that most such functions read from the object. For the rare case of a function that doesn't, GCC 11 extends attribute access to add a new mode called none. POSIX pthread_setspecific() is one such rare function that takes a const void* argument but that doesn't read from the object it points to. To suppress the -Wmaybe-uninitialized issued by GCC 11 when the address of an uninitialized object is passed to it (e.g., the result of malloc()), this change #defines __attr_access_none in cdefs.h and uses the macro on the function in sysdeps/htl/pthread.h and sysdeps/nptl/pthread.h.
* nptl: Move pthread_setcancelstate into libcFlorian Weimer2021-04-211-13/+6
| | | | | | | | No new symbol version is required because there was a forwarder. The symbol has been moved using scripts/move-symbol-to-libc.py. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* misc: syslog: Use static const for AF_UNIX addressAdhemerval Zanella2021-04-151-5/+6
| | | | Checked on x86_64-linux-gnu.
* misc: syslog: Use CLOC_EXEC with _PATH_CONSOLE (BZ #17145)Adhemerval Zanella2021-04-151-1/+2
| | | | | | | The syslog open the '/dev/console' for LOG_CONS without O_CLOEXEC, which might leak in multithread programs that call fork. Checked on x86_64-linux-gnu.
* misc: syslog: Assume MSG_NOSIGNAL support (BZ #17144)Adhemerval Zanella2021-04-151-45/+4
| | | | | | | | MSG_NOSIGNAL was added on POSIX 2008 and Hurd seems to support it. The SIGPIPE handling also makes the implementation not thread-safe (due the sigaction usage). Checked on x86_64-linux-gnu.
* misc: syslog: Use bool for connectedAdhemerval Zanella2021-04-151-3/+3
| | | | Checked on x86_64-linux-gnu.
* misc: syslog: Fix calls to openlog() with LOG_KERN facility (BZ #3604)Dan Raymond2021-04-131-3/+3
| | | | | | | | | | | | | | | | | | POSIX states for syslog [1]: "Values of the priority argument are formed by OR'ing together a severity-level value and an optional facility value. If no facility value is specified, the current default facility value is used." So the patch fixes an existing violation of the openlog interface contract where it is ignoring the facility argument when the value is zero It allows the use LOG_KERN by calling openlog prior syslog usage. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> [1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/syslog.html
* linux: always update select timeout (BZ #27706)Adhemerval Zanella2021-04-121-0/+30
| | | | | | The timeout should be updated even on failure for time64 support. Checked on i686-linux-gnu.
* linux: Normalize and return timeout on select (BZ #27651)Adhemerval Zanella2021-04-121-0/+17
| | | | | | | | | | | | | | | | | | | | The commit 2433d39b697, which added time64 support to select, changed the function to use __NR_pselect6 (or __NR_pelect6_time64) on all architectures. However, on architectures where the symbol was implemented with __NR_select the kernel normalizes the passed timeout instead of return EINVAL. For instance, the input timeval { 0, 5000000 } is interpreted as { 5, 0 }. And as indicated by BZ #27651, this semantic seems to be expected and changing it results in some performance issues (most likely the program does not check the return code and keeps issuing select with unormalized tv_usec argument). To avoid a different semantic depending whether which syscall the architecture used to issue, select now always normalize the timeout input. This is a slight change for some ABIs (for instance aarch64). Checked on x86_64-linux-gnu and i686-linux-gnu.
* misc: Fix tst-select timeout handling (BZ#27648)Adhemerval Zanella2021-03-261-30/+55
| | | | | | | | Instead of polling the stderr, create two pipes and fork to check if child timeout as expected similar to tst-pselect.c. Also lower the timeout value. Checked on x86_64-linux-gnu.
* tst: Provide test for selectLukasz Majewski2021-03-232-1/+72
| | | | | | | | | | | | | | This change adds new test to assess select()'s timeout related functionality (the rdfs set provides valid fd - stderr - but during normal program operation there is no data to be read, so one just waits for timeout). To be more specific - two use cases are checked: - if select() times out immediately when passed struct timeval has zero values of tv_usec and tv_sec. - if select() times out after timeout specified in passed argument Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Implement <unwind-link.h> for dynamically loading the libgcc_s unwinderFlorian Weimer2021-03-013-1/+147
| | | | | | | | | | This will be used to consolidate the libgcc_s access for backtrace and pthread_cancel. Unlike the existing backtrace implementations, it provides some hardening based on pointer mangling. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* misc: Sync cdefs.h with gnulibAdhemerval Zanella2021-02-091-57/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It adds __glibc_has_builtin, __glibc_has_extension, and __attribute_maybe_unused__ alongsize with some fixes. The differences are: --- glibc +++ gnulib @@ -259,7 +259,9 @@ # define __attribute_const__ /* Ignore */ #endif -#if __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__) +#if defined __STDC_VERSION__ && 201710L < __STDC_VERSION__ +# define __attribute_maybe_unused__ [[__maybe_unused__]] +#elif __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__) # define __attribute_maybe_unused__ __attribute__ ((__unused__)) #else # define __attribute_maybe_unused__ /* Ignore */ @@ -485,7 +487,7 @@ /* The #ifndef lets Gnulib avoid including these on non-glibc platforms, where the includes typically do not exist. */ -#ifdef __GLIBC__ +#ifndef __WORDSIZE # include <bits/wordsize.h> # include <bits/long-double.h> #endif The [[__attribute_maybe_unused__]] attribute removal __ is due Joseph questioning gcc support with -std=c2x or -std=gnu2x [1]. The _WORDSIZE replacement by __GLIBC__ is because it does not play well with internal cdefs.h that also uses __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI. Checked on x86_64-linux-gnu. [1] https://sourceware.org/pipermail/libc-alpha/2021-January/121600.html
* Use hidden visibility for early static PIE codeSzabolcs Nagy2021-01-211-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Extern symbol access in position independent code usually involves GOT indirection which needs RELATIVE reloc in a static linked PIE. (On some targets this is avoided e.g. because the linker can relax a GOT access to a pc-relative access, but this is not generally true.) Code that runs before static PIE self relocation must avoid relying on dynamic relocations which can be ensured by using hidden visibility. However we cannot just make all symbols hidden: On i386, all calls to IFUNC functions must go through PLT and calls to hidden functions CANNOT go through PLT in PIE since EBX used in PIE PLT may not be set up for local calls to hidden IFUNC functions. This patch aims to make symbol references hidden in code that is used before and by _dl_relocate_static_pie when building a static PIE libc. Note: for an object that is used in the startup code, its references and definition may not have consistent visibility: it is only forced hidden in the startup code. This is needed for fixing bug 27072. Co-authored-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* mntent: Use __putc_unlocked instead of fputc_unlockedSiddhesh Poyarekar2021-01-081-6/+6
| | | | | | | | __putc_unlocked is guaranteed to be inlined all the time as opposed to fputc_unlocked, which does not get inlined when glibc is built with -Os. Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-02178-178/+178
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* Introduce _FORTIFY_SOURCE=3Siddhesh Poyarekar2020-12-311-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new _FORTIFY_SOURCE level of 3 to enable additional fortifications that may have a noticeable performance impact, allowing more fortification coverage at the cost of some performance. With llvm 9.0 or later, this will replace the use of __builtin_object_size with __builtin_dynamic_object_size. __builtin_dynamic_object_size ----------------------------- __builtin_dynamic_object_size is an LLVM builtin that is similar to __builtin_object_size. In addition to what __builtin_object_size does, i.e. replace the builtin call with a constant object size, __builtin_dynamic_object_size will replace the call site with an expression that evaluates to the object size, thus expanding its applicability. In practice, __builtin_dynamic_object_size evaluates these expressions through malloc/calloc calls that it can associate with the object being evaluated. A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of __builtin_dynamic_object_size is able to emit __memcpy_chk with the allocation size expression passed into the function: void *copy_obj (const void *src, size_t alloc, size_t copysize) { void *obj = malloc (alloc); memcpy (obj, src, copysize); return obj; } Limitations ----------- If the object was allocated elsewhere that the compiler cannot see, or if it was allocated in the function with a function that the compiler does not recognize as an allocator then __builtin_dynamic_object_size also returns -1. Further, the expression used to compute object size may be non-trivial and may potentially incur a noticeable performance impact. These fortifications are hence enabled at a new _FORTIFY_SOURCE level to allow developers to make a choice on the tradeoff according to their environment.
* misc: Use __ferror_unlocked instead of ferrorSiddhesh Poyarekar2020-12-231-1/+1
| | | | | The ferror results in an unnecessary PLT reference. Use __ferror_unlocked instead , which gets inlined.
* addmntent: Remove unbounded alloca usage from getmntent [BZ#27083]Siddhesh Poyarekar2020-12-223-74/+140
| | | | | | | | | The addmntent function replicates elements of struct mnt on stack using alloca, which is unsafe. Put characters directly into the stream, escaping them as they're being written out. Also add a test to check all escaped characters with addmntent and getmntent.
* Replace __libc_multiple_libcs with __libc_initial flagFlorian Weimer2020-12-161-10/+24
| | | | | | | | | | | | | | Change sbrk to fail for !__libc_initial (in the generic implementation). As a result, sbrk is (relatively) safe to use for the __libc_initial case (from the main libc). It is therefore no longer necessary to avoid using it in that case (or updating the brk cache), and the __libc_initial flag does not need to be updated as part of dlmopen or static dlopen. As before, direct brk system calls on Linux may lead to memory corruption. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Fix spelling and grammar in several commentsJonny Grant2020-12-121-2/+2
|
* treewide: fix incorrect spelling of indices in commentsDmitry V. Levin2020-12-111-1/+1
| | | | | | Replace 'indeces' with 'indices', the most annoying of these typos were those found in elf.h which is a public header file copied to other projects.