about summary refs log tree commit diff
path: root/posix
Commit message (Collapse)AuthorAgeFilesLines
* hurd: Implement SHM_ANONSergey Bugaev2023-02-011-4/+21
| | | | | | | | | | | | | | | This adds a special SHM_ANON value that can be passed into shm_open () in place of a name. When called in this way, shm_open () will create a new anonymous shared memory file. The file will be created in the same way that other shared memory files are created (i.e., under /dev/shm/), except that it is not given a name and therefore cannot be reached from the file system, nor by other calls to shm_open (). This is accomplished by utilizing O_TMPFILE. This is intended to be compatible with FreeBSD's API of the same name. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230130125216.6254-4-bugaevc@gmail.com>
* linux: Add clone3 CLONE_CLEAR_SIGHAND optimization to posix_spawnAdhemerval Zanella Netto2023-02-012-1/+181
| | | | | | | | | | | | | | | | | The clone3 flag resets all signal handlers of the child not set to SIG_IGN to SIG_DFL. It allows to skip most of the sigaction calls to setup child signal handling, where previously a posix_spawn had to issue 2 times NSIG sigaction calls (one to obtain the current disposition and another to set either SIG_DFL or SIG_IGN). With POSIX_SPAWN_SETSIGDEF the child will setup the signal for the case where the disposition is SIG_IGN. The code must handle the fallback where clone3 is not available. This is done by splitting __clone_internal_fallback from __clone_internal. Checked on x86_64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates not handled by scripts/update-copyrightsJoseph Myers2023-01-061-1/+1
| | | | | | I've updated copyright dates in glibc for 2023. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
* Update copyright dates with scripts/update-copyrightsJoseph Myers2023-01-06262-262/+262
|
* posix: Make posix_spawn extensions available by defaultFlorian Weimer2022-11-041-2/+2
| | | | | | | | | | Some sources merely include <spawn.h> without -D_GNU_SOURCE and expect declarations for posix_spawn_file_actions_addchdir_np to be available. For consistency, declare posix_spawn_file_actions_addfchdir_np, posix_spawn_file_actions_addclosefrom_np, posix_spawn_file_actions_addtcsetpgrp_np as well. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* configure: Use -Wno-ignored-attributes if compiler warns about multiple aliasesAdhemerval Zanella2022-11-011-3/+3
| | | | | | | | | clang emits an warning when a double alias redirection is used, to warn the the original symbol will be used even when weak definition is overridden. However, this is a common pattern for weak_alias, where multiple alias are set to same symbol. Reviewed-by: Fangrui Song <maskray@google.com>
* posix: Suppress -Os may be used uninitialized warnings on regexecAdhemerval Zanella Netto2022-10-051-0/+6
| | | | | | | | GCC with -Os issues may uninitialized warnings on regexec code. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* posix: Suppress -Os warnings on fnmatchAdhemerval Zanella Netto2022-10-051-0/+31
| | | | | | | | | | GCC with -Os issues some may uninitialized warnings on fnmatch code. All of the variables are already set when they are accessed on the loop prior. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Use '%z' instead of '%Z' on printf functionsAdhemerval Zanella Netto2022-09-222-3/+3
| | | | | | | | The Z modifier is a nonstandard synonymn for z (that predates z itself) and compiler might issue an warning for in invalid conversion specifier. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Merge getopt patch from GnulibPaul Eggert2022-08-231-1/+2
| | | | | | * posix/getopt.c [!_LIBC]: Merge _WIN32 patch from Gnulib so that these source files are identical. This makes no difference for glibc.
* Merge _GL_UNUSED C23 patch from GnulibPaul Eggert2022-08-231-2/+2
| | | | | | | | | * posix/getopt.c (_getopt_initialize): * sysdeps/posix/tempname.c (try_dir, try_nocreate): Put _GL_UNUSED before args instead of after. This makes no difference for glibc. It is needed for Gnulib when being compiled on non-GCC C23 compilers.
* Replace __libc_multiple_threads with __libc_single_threadedAdhemerval Zanella2022-07-051-1/+1
| | | | | | | | | | | And also fixes the SINGLE_THREAD_P macro for SINGLE_THREAD_BY_GLOBAL, since header inclusion single-thread.h is in the wrong order, the define needs to come before including sysdeps/unix/sysdep.h. The macro is now moved to a per-arch single-threade.h header. The SINGLE_THREAD_P is used on some more places. Checked on aarch64-linux-gnu and x86_64-linux-gnu.
* misc: Optimize internal usage of __libc_single_threadedAdhemerval Zanella2022-06-241-1/+1
| | | | | | | | | | | | | | | By adding an internal alias to avoid the GOT indirection. On some architecture, __libc_single_thread may be accessed through copy relocations and thus it requires to update also the copies default copy. This is done by adding a new internal macro, libc_hidden_data_{proto,def}, which has an addition argument that specifies the alias name (instead of default __GI_ one). Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Fangrui Song <maskray@google.com>
* linux: Add process_madviseAdhemerval Zanella2022-06-021-1/+1
| | | | | | | | | | It was added on Linux 5.10 (ecb8ac8b1f146915aa6b96449b66dd48984caacc) with the same functionality as madvise but using a pidfd of the target process. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Fix deadlock when pthread_atfork handler calls pthread_atfork or dlcloseArjun Shankar2022-05-252-33/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In multi-threaded programs, registering via pthread_atfork, de-registering implicitly via dlclose, or running pthread_atfork handlers during fork was protected by an internal lock. This meant that a pthread_atfork handler attempting to register another handler or dlclose a dynamically loaded library would lead to a deadlock. This commit fixes the deadlock in the following way: During the execution of handlers at fork time, the atfork lock is released prior to the execution of each handler and taken again upon its return. Any handler registrations or de-registrations that occurred during the execution of the handler are accounted for before proceeding with further handler execution. If a handler that hasn't been executed yet gets de-registered by another handler during fork, it will not be executed. If a handler gets registered by another handler during fork, it will not be executed during that particular fork. The possibility that handlers may now be registered or deregistered during handler execution means that identifying the next handler to be run after a given handler may register/de-register others requires some bookkeeping. The fork_handler struct has an additional field, 'id', which is assigned sequentially during registration. Thus, handlers are executed in ascending order of 'id' during 'prepare', and descending order of 'id' during parent/child handler execution after the fork. Two tests are included: * tst-atfork3: Adhemerval Zanella <adhemerval.zanella@linaro.org> This test exercises calling dlclose from prepare, parent, and child handlers. * tst-atfork4: This test exercises calling pthread_atfork and dlclose from the prepare handler. [BZ #24595, BZ #27054] Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* linux: Add P_PIDFDAdhemerval Zanella2022-05-172-7/+2
| | | | | | | | It was added on Linux 5.4 (3695eae5fee0605f316fbaad0b9e3de791d7dfaf) to extend waitid to wait on pidfd. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* posix/glob.c: update from gnulibDJ Delorie2022-04-271-12/+58
| | | | | | | | Copied from gnulib/lib/glob.c in order to fix rhbz 1982608 Also fixes swbz 25659 Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Replace {u}int_fast{16|32} with {u}int32_tNoah Goldstein2022-04-131-1/+1
| | | | | | | | | On 32-bit machines this has no affect. On 64-bit machines {u}int_fast{16|32} are set as {u}int64_t which is often not ideal. Particularly x86_64 this change both saves code size and may save instruction cost. Full xcheck passes on x86_64.
* posix: Remove unused variable on tst-_Fork.cAdhemerval Zanella2022-03-311-1/+0
| | | | Checked on x86_64-linux-gnu and i686-linux-gnu.
* posix: Fix tst-spawn6 terminal handling (BZ #28853)Adhemerval Zanella2022-02-031-11/+51
| | | | | | | | | | | | | | | | | | | | | | The test changes the current foreground process group, which might break testing depending of how the make check is issued. For instance: nohup make -j1 test t=posix/tst-spawn6 | less Will set 'make' and 'less' to be in the foreground process group in the current session. When tst-spawn6 new child takes over it becomes the foreground process and 'less' is stopped and backgrounded which interrupts the 'make check' command. To fix it a pseudo-terminal is allocated, the test starts in new session (so there is no controlling terminal associated), and the pseudo-terminal is set as the controlling one (similar to what login_tty does). Checked on x86_64-linux-gnu. Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* posix: Replace posix_spawnattr_tc{get,set}pgrp_np with ↵Adhemerval Zanella2022-02-0210-101/+122
| | | | | | | | | | | | | | | | | | posix_spawn_file_actions_addtcsetpgrp_np The posix_spawnattr_tcsetpgrp_np works on a file descriptor (the controlling terminal), so it would make more sense to actually fit it on the file actions API. Also, POSIX_SPAWN_TCSETPGROUP is not really required since it is implicit by the presence of tcsetpgrp file action. The posix/tst-spawn6.c is also fixed when TTY can is not present. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* posix: Add terminal control setting support for posix_spawnAdhemerval Zanella2022-01-257-3/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently there is no proper way to set the controlling terminal through posix_spawn in race free manner [1]. This forces shell implementations to keep using fork+exec when launching background process groups, even when using posix_spawn yields better performance. This patch adds a new GNU extension so the creating process can configure the created process terminal group. This is done with a new flag, POSIX_SPAWN_TCSETPGROUP, along with two new attribute functions: posix_spawnattr_tcsetpgrp_np, and posix_spawnattr_tcgetpgrp_np. The function sets a new attribute, spawn-tcgroupfd, that references to the controlling terminal. The controlling terminal is set after the spawn-pgroup attribute, and uses the spawn-tcgroupfd along with current creating process group (so it is composable with POSIX_SPAWN_SETPGROUP). To create a process and set the controlling terminal, one can use the following sequence: posix_spawnattr_t attr; posix_spawnattr_init (&attr); posix_spawnattr_setflags (&attr, POSIX_SPAWN_TCSETPGROUP); posix_spawnattr_tcsetpgrp_np (&attr, tcfd); If the idea is also to create a new process groups: posix_spawnattr_t attr; posix_spawnattr_init (&attr); posix_spawnattr_setflags (&attr, POSIX_SPAWN_TCSETPGROUP | POSIX_SPAWN_SETPGROUP); posix_spawnattr_tcsetpgrp_np (&attr, tcfd); posix_spawnattr_setpgroup (&attr, 0); The controlling terminal file descriptor is ignored if the new flag is not set. This interface is slight different than the one provided by QNX [2], which only provides the POSIX_SPAWN_TCSETPGROUP flag. The QNX documentation does not specify how the controlling terminal is obtained nor how it iteracts with POSIX_SPAWN_SETPGROUP. Since a glibc implementation is library based, it is more straightforward and avoid requires additional file descriptor operations to request the caller to setup the controlling terminal file descriptor (and it also allows a bit less error handling by posix_spawn). Checked on x86_64-linux-gnu and i686-linux-gnu. [1] https://github.com/ksh93/ksh/issues/79 [2] https://www.qnx.com/developers/docs/7.0.0/index.html#com.qnx.doc.neutrino.lib_ref/topic/p/posix_spawn.html Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Fix handling of unterminated bracket expressions in fnmatch (bug 28792)Andreas Schwab2022-01-243-3/+45
| | | | | | | When fnmatch processes a bracket expression, and eventually finds it to be unterminated, it should rescan it, treating the starting bracket as a normal character. That didn't happen when a matching character was found while scanning the bracket expression.
* debug: Synchronize feature guards in fortified functions [BZ #28746]Siddhesh Poyarekar2022-01-121-1/+1
| | | | | | | | | | | | | | | | | | Some functions (e.g. stpcpy, pread64, etc.) had moved to POSIX in the main headers as they got incorporated into the standard, but their fortified variants remained under __USE_GNU. As a result, these functions did not get fortified when _GNU_SOURCE was not defined. Add test wrappers that check all functions tested in tst-chk0 at all levels with _GNU_SOURCE undefined and then use the failures to (1) exclude checks for _GNU_SOURCE functions in these tests and (2) Fix feature macro guards in the fortified function headers so that they're the same as the ones in the main headers. This fixes BZ #28746. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Update copyright dates not handled by scripts/update-copyrights.Paul Eggert2022-01-011-1/+1
| | | | | | | | | | | | | | I've updated copyright dates in glibc for 2022. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus csu/version.c which previously had to be handled manually but is now successfully updated by update-copyrights), there is a small change to the copyright notice in NEWS which should let NEWS get updated automatically next year. Please remember to include 2022 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-01259-259/+259
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* regex: fix buffer read overrun in search [BZ#28470]Paul Eggert2021-11-241-4/+3
| | | | | | Problem reported by Benno Schulenberg in: https://lists.gnu.org/r/bug-gnulib/2021-10/msg00035.html * posix/regexec.c (re_search_internal): Use better bounds check.
* io: Refactor close_range and closefromAdhemerval Zanella2021-11-241-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Now that Hurd implementis both close_range and closefrom (f2c996597d), we can make close_range() a base ABI, and make the default closefrom() implementation on top of close_range(). The generic closefrom() implementation based on __getdtablesize() is moved to generic close_range(). On Linux it will be overriden by the auto-generation syscall while on Hurd it will be a system specific implementation. The closefrom() now calls close_range() and __closefrom_fallback(). Since on Hurd close_range() does not fail, __closefrom_fallback() is an empty static inline function set by__ASSUME_CLOSE_RANGE. The __ASSUME_CLOSE_RANGE also allows optimize Linux __closefrom_fallback() implementation when --enable-kernel=5.9 or higher is used. Finally the Linux specific tst-close_range.c is moved to io and enabled as default. The Linuxism and CLOSE_RANGE_UNSHARE are guarded so it can be built for Hurd (I have not actually test it). Checked on x86_64-linux-gnu, i686-linux-gnu, and with a i686-gnu build.
* regex: Unnest nested functions in regcomp.cFangrui Song2021-11-021-223/+241
| | | | | | | | | | | | | | | | | This refactor moves four functions out of a nested scope and converts them into static always_inline functions. collseqwc, table_size, symb_table, extra are now initialized to zero because they are passed as function arguments. On x86-64, .text is 16 byte larger likely due to the 4 stores. This is nothing compared to the amount of work that regcomp has to do looking up the collation weights, or other functions. If the non-buildable `sysdeps/generic/dl-machine.h` doesn't count, this patch removes the last `auto inline` usage from glibc. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* posix: Remove alloca usage for internal fnmatch implementationAdhemerval Zanella2021-10-212-127/+87
| | | | | | | This patch replaces the internal fnmatch pattern list generation to use a dynamic array. Checked on x86_64-linux-gnu.
* Make sure that the fortified function conditionals are constantSiddhesh Poyarekar2021-10-201-135/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In _FORTIFY_SOURCE=3, the size expression may be non-constant, resulting in branches in the inline functions remaining intact and causing a tiny overhead. Clang (and in future, gcc) make sure that the -1 case is always safe, i.e. any comparison of the generated expression with (size_t)-1 is always false so that bit is taken care of. The rest is avoidable since we want the _chk variant whenever we have a size expression and it's not -1. Rework the conditionals in a uniform way to clearly indicate two conditions at compile time: - Either the size is unknown (-1) or we know at compile time that the operation length is less than the object size. We can call the original function in this case. It could be that either the length, object size or both are non-constant, but the compiler, through range analysis, is able to fold the *comparison* to a constant. - The size and length are known and the compiler can see at compile time that operation length > object size. This is valid grounds for a warning at compile time, followed by emitting the _chk variant. For everything else, emit the _chk variant. This simplifies most of the fortified function implementations and at the same time, ensures that only one call from _chk or the regular function is emitted. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Don't add access size hints to fortifiable functionsSiddhesh Poyarekar2021-10-201-12/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the context of a function definition, the size hints imply that the size of an object pointed to by one parameter is another parameter. This doesn't make sense for the fortified versions of the functions since that's the bit it's trying to validate. This is harmless with __builtin_object_size since it has fairly simple semantics when it comes to objects passed as function parameters. With __builtin_dynamic_object_size we could (as my patchset for gcc[1] already does) use the access attribute to determine the object size in the general case but it misleads the fortified functions. Basically the problem occurs when access attributes are present on regular functions that have inline fortified definitions to generate _chk variants; the attributes get inherited by these definitions, causing problems when analyzing them. For example with poll(fds, nfds, timeout), nfds is hinted using the __attr_access as being the size of fds. Now, when analyzing the inline function definition in bits/poll2.h, the compiler sees that nfds is the size of fds and tries to use that information in the function body. In _FORTIFY_SOURCE=3 case, where the object size could be a non-constant expression, this information results in the conclusion that nfds is the size of fds, which defeats the purpose of the implementation because we're trying to check here if nfds does indeed represent the size of fds. Hence for this case, it is best to not have the access attribute. With the attributes gone, the expression evaluation should get delayed until the function is actually inlined into its destinations. Disable the access attribute for fortified function inline functions when building at _FORTIFY_SOURCE=3 to make this work better. The access attributes remain for the _chk variants since they can be used by the compiler to warn when the caller is passing invalid arguments. [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* elf: Avoid deadlock between pthread_create and ctors [BZ #28357]Szabolcs Nagy2021-10-041-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fix for bug 19329 caused a regression such that pthread_create can deadlock when concurrent ctors from dlopen are waiting for it to finish. Use a new GL(dl_load_tls_lock) in pthread_create that is not taken around ctors in dlopen. The new lock is also used in __tls_get_addr instead of GL(dl_load_lock). The new lock is held in _dl_open_worker and _dl_close_worker around most of the logic before/after the init/fini routines. When init/fini routines are running then TLS is in a consistent, usable state. In _dl_open_worker the new lock requires catching and reraising dlopen failures that happen in the critical section. The new lock is reinitialized in a fork child, to keep the existing behaviour and it is kept recursive in case malloc interposition or TLS access from signal handlers can retake it. It is not obvious if this is necessary or helps, but avoids changing the preexisting behaviour. The new lock may be more appropriate for dl_iterate_phdr too than GL(dl_load_write_lock), since TLS state of an incompletely loaded module may be accessed. If the new lock can replace the old one, that can be a separate change. Fixes bug 28357. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* linux: Simplify get_nprocsAdhemerval Zanella2021-09-272-1/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch simplifies the memory allocation code and uses the sched routines instead of reimplement it. This still uses a stack allocation buffer, so it can be used on malloc initialization code. Linux currently supports at maximum of 4096 cpus for most architectures: $ find -iname Kconfig | xargs git grep -A10 -w NR_CPUS | grep -w range arch/alpha/Kconfig- range 2 32 arch/arc/Kconfig- range 2 4096 arch/arm/Kconfig- range 2 16 if DEBUG_KMAP_LOCAL arch/arm/Kconfig- range 2 32 if !DEBUG_KMAP_LOCAL arch/arm64/Kconfig- range 2 4096 arch/csky/Kconfig- range 2 32 arch/hexagon/Kconfig- range 2 6 if SMP arch/ia64/Kconfig- range 2 4096 arch/mips/Kconfig- range 2 256 arch/openrisc/Kconfig- range 2 32 arch/parisc/Kconfig- range 2 32 arch/riscv/Kconfig- range 2 32 arch/s390/Kconfig- range 2 512 arch/sh/Kconfig- range 2 32 arch/sparc/Kconfig- range 2 32 if SPARC32 arch/sparc/Kconfig- range 2 4096 if SPARC64 arch/um/Kconfig- range 1 1 arch/x86/Kconfig-# [NR_CPUS_RANGE_BEGIN ... NR_CPUS_RANGE_END] range. arch/x86/Kconfig- range NR_CPUS_RANGE_BEGIN NR_CPUS_RANGE_END arch/xtensa/Kconfig- range 2 32 With x86 supporting 8192: arch/x86/Kconfig 976 config NR_CPUS_RANGE_END 977 int 978 depends on X86_64 979 default 8192 if SMP && CPUMASK_OFFSTACK 980 default 512 if SMP && !CPUMASK_OFFSTACK 981 default 1 if !SMP So using a maximum of 32k cpu should cover all cases (and I would expect once we start to have many more CPUs that Linux would provide a more straightforward way to query for such information). A test is added to check if sched_getaffinity can successfully return with large buffers. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* regex: copy back from GnulibPaul Eggert2021-09-216-63/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Copy regex-related files back from Gnulib, to fix a problem with static checking of regex calls noted by Martin Sebor. This merges the following changes: * New macro __attribute_nonnull__ in misc/sys/cdefs.h, for use later when copying other files back from Gnulib. * Use __GNULIB_CDEFS instead of __GLIBC__ when deciding whether to include bits/wordsize.h etc. * Avoid duplicate entries in epsilon closure table. * New regex.h macro _REGEX_NELTS to let regexec say that its pmatch arg should contain nmatch elts. Use that for regexec, instead of __attr_access (which is incorrect). * New regex.h macro _Attr_access_ which is like __attr_access except portable to non-glibc platforms. * Add some DEBUG_ASSERTs to pacify gcc -fanalyzer and to catch recently-fixed performance bugs if they recur. * Add Gnulib-specific stuff to port the dynarray- and lock-using parts of regex code to non-glibc platforms. * Fix glibc bug 11053. * Avoid some undefined behavior when popping an empty fail stack.
* posix: Fix attribute access mode on getcwd [BZ #27476]Aurelien Jarno2021-09-162-5/+3
| | | | | | | | | There is a GNU extension that allows to call getcwd(NULL, >0). It is described in the documentation, but also directly in the unistd.h header, just above the declaration. Therefore the attribute access mode added in commit 06febd8c6705 is not correct. Drop it.
* Add generic C.UTF-8 locale (Bug 17318)Carlos O'Donell2021-09-069-30/+662
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We add a new C.UTF-8 locale. This locale is not builtin to glibc, but is provided as a distinct locale. The locale provides full support for UTF-8 and this includes full code point sorting via STRCMP-based collation (strcmp or wcscmp). The collation uses a new keyword 'codepoint_collation' which drops all collation rules and generates an empty zero rules collation to enable STRCMP usage in collation. This ensures that we get full code point sorting for C.UTF-8 with a minimal 1406 bytes of overhead (LC_COLLATE structure information and ASCII collating tables). The new locale is added to SUPPORTED. Minimal test data for specific code points (minus those not supported by collate-test) is provided in C.UTF-8.in, and this verifies code point sorting is working reasonably across the range. The locale was tested manually with the full set of code points without failure. The locale is harmonized with locales already shipping in various downstream distributions. A new tst-iconv9 test is added which verifies the C.UTF-8 locale is generally usable. Testing for fnmatch, regexec, and recomp is provided by extending bug-regex1, bugregex19, bug-regex4, bug-regex6, transbug, tst-fnmatch, tst-regcomp-truncated, and tst-regex to use C.UTF-8. Tested on x86_64 or i686 without regression. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Remove "Contributed by" linesSiddhesh Poyarekar2021-09-0348-49/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* posix: remove some iso-8859-encoded charactersDJ Delorie2021-09-015-336/+357
| | | | | | | | | | | | | With the increasing adoption of UTF-8, modern editors may (will?) replace iso-8859-encoded characters in the range 0x80..0xff with their UTF-8 equivalent, as will mailers and other tools. This breaks our testsuite and corrupts patches. So, this patch starts replacing these problematic characters with \OCTal sequences instead (adding support for those in tst-fnmatch.c) or with plain ASCII characters (PTESTS). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Use support_open_dev_null_range io/tst-closefrom, misc/tst-close_range, and ↵Adhemerval Zanella2021-08-261-12/+1
| | | | | | | | | posix/tst-spawn5 (BZ #28260) It ensures a continuous range of file descriptor and avoid hitting the RLIMIT_NOFILE. Checked on x86_64-linux-gnu.
* hurd: Fix glob lstat compatibilitySamuel Thibault2021-07-221-1/+2
| | | | | | 84f7ce84474c ("posix: Add glob64 with 64-bit time_t support") replaced GLOB_NO_LSTAT with defining GLOB_LSTAT and GLOB_LSTAT64, but the posix and gnu versions of the change were missing in the commit.
* mcheck: Wean away from malloc hooks [BZ #23489]Siddhesh Poyarekar2021-07-221-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | Split the mcheck implementation into the debugging hooks and API so that the API can be replicated in libc and libc_malloc_debug.so. The libc APIs always result in failure. The mcheck implementation has also been moved entirely into libc_malloc_debug.so and with it, all of the hook initialization code can now be moved into the debug library. Now the initialization can be done independently of libc internals. With this patch, libc_malloc_debug.so can no longer be used with older libcs, which is not its goal anyway. tst-vfork3 breaks due to this since it spawns shell scripts, which in turn execute using the system glibc. Move the test to tests-container so that only the built glibc is used. This move also fixes bugs in the mcheck version of memalign and realloc, thus allowing removal of the tests from tests-mcheck exclusion list. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Move malloc hooks into a compat DSOSiddhesh Poyarekar2021-07-221-13/+27
| | | | | | | | | | | | | | | | | | | | | | | | Remove all malloc hook uses from core malloc functions and move it into a new library libc_malloc_debug.so. With this, the hooks now no longer have any effect on the core library. libc_malloc_debug.so is a malloc interposer that needs to be preloaded to get hooks functionality back so that the debugging features that depend on the hooks, i.e. malloc-check, mcheck and mtrace work again. Without the preloaded DSO these debugging features will be nops. These features will be ported away from hooks in subsequent patches. Similarly, legacy applications that need hooks functionality need to preload libc_malloc_debug.so. The symbols exported by libc_malloc_debug.so are maintained at exactly the same version as libc.so. Finally, static binaries will no longer be able to use malloc debugging features since they cannot preload the debugging DSO. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* posix: Ignore non opened files on tst-spawn5Adhemerval Zanella2021-07-131-19/+34
| | | | | | | | | | The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
* Properly run tst-spawn5 directly [BZ #28067]H.J. Lu2021-07-091-11/+21
| | | | | | | | Change tst-spawn5.c to handle tst-spawn5 without optional path to ld.so, --library-path nor the library path when glibc is configured with --enable-hardcoded-path-in-tests. This fixes BZ #28067. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* posix: Add posix_spawn_file_actions_addclosefrom_npAdhemerval Zanella2021-07-087-1/+360
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
* io: Add closefrom [BZ #10353]Adhemerval Zanella2021-07-081-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function closes all open file descriptors greater than or equal to input argument. Negative values are clamped to 0, i.e, it will close all file descriptors. As indicated by the bug report, this is a common symbol provided by different systems (Solaris, OpenBSD, NetBSD, FreeBSD) and, although its has inherent issues with not taking in consideration internal libc file descriptors (such as syslog), this is also a common feature used in multiple projects [1][2][3][4][5]. The Linux fallback implementation iterates over /proc and close all file descriptors sequentially. Although it was raised the questioning whether getdents on /proc/self/fd might return disjointed entries when file descriptor are closed; it does not seems the case on my testing on multiple kernel (v4.18, v5.4, v5.9) and the same strategy is used on different projects [1][2][3][5]. Also, the interface is set a fail-safe meaning that a failure in the fallback results in a process abort. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://github.com/systemd/systemd/blob/5238e9575906297608ff802a27e2ff9effa3b338/src/basic/fd-util.c#L217 [2] https://github.com/lxc/lxc/blob/ddf4b77e11a4d08f09b7b9cd13e593f8c047edc5/src/lxc/start.c#L236 [3] https://github.com/python/cpython/blob/9e4f2f3a6b8ee995c365e86d976937c141d867f8/Modules/_posixsubprocess.c#L220 [4] https://github.com/rust-lang/rust/blob/5f47c0613ed4eb46fca3633c1297364c09e5e451/src/libstd/sys/unix/process2.rs#L303-L308 [5] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
* Fix extra PLT reference in libc.so due to __glob64_time64 if build with gcc ↵Stefan Liebler2021-07-011-0/+1
| | | | | | | | | | | | | | | | 7.5 on 32bit. Starting with recent commit 84f7ce84474c1648ce96884f1c91ca7b97ca3fc2 "posix: Add glob64 with 64-bit time_t support", elf/check-localplt fails due to extra PLT reference __glob64_time64 in __glob64_time64 itself. This is observable with gcc 7.5 on x86_64 with -m32 or s390x with -m31. E.g. if build with gcc 10, gcc is generating a call to __glob64_time64.localalias. This patch is adding a hidden version of __glob64_time64 in the same way as for __globfree64_time64.
* posix: Add _Fork [BZ #4737]Adhemerval Zanella2021-06-285-2/+168
| | | | | | | | | | | | | | | | | | | | | | | | | Austin Group issue 62 [1] dropped the async-signal-safe requirement for fork and provided a async-signal-safe _Fork replacement that does not run the atfork handlers. It will be included in the next POSIX standard. It allow to close a long standing issue to make fork AS-safe (BZ#4737). As indicated on the bug, besides the internal lock for the atfork handlers itself; there is no guarantee that the handlers itself will not introduce more AS-safe issues. The idea is synchronize fork with the required internal locks to allow children in multithread processes to use mostly of standard function (even though POSIX states only AS-safe function should be used). On signal handles, _Fork should be used intead and only AS-safe functions should be used. For testing, the new tst-_Fork only check basic usage. I also added a new tst-mallocfork3 which uses the same strategy to check for deadlock of tst-mallocfork2 but using threads instead of subprocesses (and it does deadlock if it replaces _Fork with fork). [1] https://austingroupbugs.net/view.php?id=62
* wordexp: handle overflow in positional parameter number (bug 28011)Andreas Schwab2021-06-272-1/+2
| | | | Use strtoul instead of atoi so that overflow can be detected.