about summary refs log tree commit diff
path: root/sysdeps
Commit message (Collapse)AuthorAgeFilesLines
...
* x86: Use dl-symbol-redir-ifunc.h on cpu-tunablesAdhemerval Zanella2023-11-214-55/+32
| | | | | | | | | | | | | | | | The dl-symbol-redir-ifunc.h redirects compiler-generated libcalls to arch-specific memory implementations to avoid ifunc calls where it is not yet possible. The memcmp-isa-default-impl.h aims to fix the same issue by calling the specific memset implementation directly. Using the memcmp symbol directly allows the compiler to inline the memset calls (especially because _dl_tunable_set_hwcaps uses constants values), generating better code. Checked on x86_64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* elf: Fix _dl_debug_vdprintf to work before self-relocationAdhemerval Zanella2023-11-211-0/+24
| | | | | | | | | | | | | The strlen might trigger and invalid GOT entry if it used before the process is self-relocated (for instance on dl-tunables if any error occurs). For i386, _dl_writev with PIE requires to use the old 'int $0x80' syscall mode because the calling the TLS register (gs) is not yet initialized. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* elf: Add all malloc tunable to unsecvarsAdhemerval Zanella2023-11-211-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | Some environment variables allow alteration of allocator behavior across setuid boundaries, where a setuid program may ignore the tunable, but its non-setuid child can read it and adjust the memory allocator behavior accordingly. Most library behavior tunings is limited to the current process and does not bleed in scope; so it is unclear how pratical this misfeature is. If behavior change across privilege boundaries is desirable, it would be better done with a wrapper program around the non-setuid child that sets these envvars, instead of using the setuid process as the messenger. The patch as fixes tst-env-setuid, where it fail if any unsecvars is set. It also adds a dynamic test, although it requires --enable-hardcoded-path-in-tests so kernel correctly sets the setuid bit (using the loader command directly would require to set the setuid bit on the loader itself, which is not a usual deployment). Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* elf: Ignore GLIBC_TUNABLES for setuid/setgid binariesAdhemerval Zanella2023-11-211-1/+0
| | | | | | | | | | | | | | | | | | | | The tunable privilege levels were a retrofit to try and keep the malloc tunable environment variables' behavior unchanged across security boundaries. However, CVE-2023-4911 shows how tricky can be tunable parsing in a security-sensitive environment. Not only parsing, but the malloc tunable essentially changes some semantics on setuid/setgid processes. Although it is not a direct security issue, allowing users to change setuid/setgid semantics is not a good security practice, and requires extra code and analysis to check if each tunable is safe to use on all security boundaries. It also means that security opt-in features, like aarch64 MTE, would need to be explicit enabled by an administrator with a wrapper script or with a possible future system-wide tunable setting. Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: DJ Delorie <dj@redhat.com>
* elf: Add GLIBC_TUNABLES to unsecvarsAdhemerval Zanella2023-11-211-0/+1
| | | | | | | | | | | | setuid/setgid process now ignores any glibc tunables, and filters out all environment variables that might changes its behavior. This patch also adds GLIBC_TUNABLES, so any spawned process by setuid/setgid processes should set tunable explicitly. Checked on x86_64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* hurd: Prevent the final file_exec_paths call from signalsSamuel Thibault2023-11-201-1/+15
| | | | | | | Otherwise if the exec server started thrashing the old task, we won't be able to restart the exec. This notably fixes building ghc.
* aarch64: Add vector implementations of expm1 routinesJoe Ramsay2023-11-2013-0/+462
| | | | May discard sign of 0 - auto tests for -0 and -0x1p-10000 updated accordingly.
* linux: Use fchmodat2 on fchmod for flags different than 0 (BZ 26401)Adhemerval Zanella2023-11-202-53/+75
| | | | | | | | | | | | | | | | | | Linux 6.6 (09da082b07bbae1c) added support for fchmodat2, which has similar semantics as fchmodat with an extra flag argument. This allows fchmodat to implement AT_SYMLINK_NOFOLLOW and AT_EMPTY_PATH without the need for procfs. The syscall is registered on all architectures (with value of 452 except on alpha which is 562, commit 78252deb023cf087). The tst-lchmod.c requires a small fix where fchmodat checks two contradictory assertions ('(st.st_mode & 0777) == 2' and '(st.st_mode & 0777) == 3'). Checked on x86_64-linux-gnu on a 6.6 kernel. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* x86: Fix unchecked AVX512-VBMI2 usage in strrchr-evex-base.SNoah Goldstein2023-11-151-24/+51
| | | | | | | | | | | | | strrchr-evex-base used `vpcompress{b|d}` in the page cross logic but was missing the CPU_FEATURE checks for VBMI2 in the ifunc/ifunc-impl-list. The fix is either to add those checks or change the logic to not use `vpcompress{b|d}`. Choosing the latter here so that the strrchr-evex implementation is usable on SKX. New implementation is a bit slower, but this is in a cold path so its probably okay.
* sparc: Fix broken memset for sparc32 [BZ #31068]Andreas Larsson2023-11-151-2/+2
| | | | | | | | | | | Fixes commit a61933fe27df ("sparc: Remove bzero optimization") that after moving code jumped to the wrong label 4. Verfied by successfully running string/test-memset on sparc32. Signed-off-by: Andreas Larsson <andreas@gaisler.com> Signed-off-by: Ludwig Rydberg <ludwig.rydberg@gaisler.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* hurd: Fix spawni returning allocation errors.Samuel Thibault2023-11-141-2/+8
|
* AArch64: Remove Falkor memcpyWilco Dijkstra2023-11-137-331/+0
| | | | | | | | | | The latest implementations of memcpy are actually faster than the Falkor implementations [1], so remove the falkor/phecda ifuncs for memcpy and the now unused IS_FALKOR/IS_PHECDA defines. [1] https://sourceware.org/pipermail/libc-alpha/2022-December/144227.html Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* AArch64: Add memset_zva64Wilco Dijkstra2023-11-136-68/+38
| | | | | | | | Add a specialized memset for the common ZVA size of 64 to avoid the overhead of reading the ZVA size. Since the code is identical to __memset_falkor, remove the latter. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* AArch64: Cleanup emag memsetWilco Dijkstra2023-11-134-197/+90
| | | | | | | Cleanup emag memset - merge the memset_base64.S file, remove the unused ZVA code (since it is disabled on emag). Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* aarch64: Add vector implementations of log1p routinesJoe Ramsay2023-11-1013-0/+500
| | | | May discard sign of zero.
* aarch64: Add vector implementations of atan2 routinesJoe Ramsay2023-11-1015-0/+535
|
* aarch64: Add vector implementations of atan routinesJoe Ramsay2023-11-1013-0/+407
|
* aarch64: Add vector implementations of acos routinesJoe Ramsay2023-11-1013-1/+440
|
* aarch64: Add vector implementations of asin routinesJoe Ramsay2023-11-1013-1/+407
|
* elf: Add glibc.mem.decorate_maps tunableAdhemerval Zanella2023-11-071-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PR_SET_VMA_ANON_NAME support is only enabled through a configurable kernel switch, mainly because assigning a name to a anonymous virtual memory area might prevent that area from being merged with adjacent virtual memory areas. For instance, with the following code: void *p1 = mmap (NULL, 1024 * 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); void *p2 = mmap (p1 + (1024 * 4096), 1024 * 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); The kernel will potentially merge both mappings resulting in only one segment of size 0x800000. If the segment is names with PR_SET_VMA_ANON_NAME with different names, it results in two mappings. Although this will unlikely be an issue for pthread stacks and malloc arenas (since for pthread stacks the guard page will result in a PROT_NONE segment, similar to the alignment requirement for the arena block), it still might prevent the mmap memory allocated for detail malloc. There is also another potential scalability issue, where the prctl requires to take the mmap global lock which is still not fully fixed in Linux [1] (for pthread stacks and arenas, it is mitigated by the stack cached and the arena reuse). So this patch disables anonymous mapping annotations as default and add a new tunable, glibc.mem.decorate_maps, can be used to enable it. [1] https://lwn.net/Articles/906852/ Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* linux: Decorate __libc_fatal error bufferAdhemerval Zanella2023-11-071-0/+3
| | | | Reviewed-by: DJ Delorie <dj@redhat.com>
* linux: Add PR_SET_VMA_ANON_NAME supportAdhemerval Zanella2023-11-074-0/+108
| | | | | | | | | | | | | | Linux 5.17 added support to naming anonymous virtual memory areas through the prctl syscall. The __set_vma_name is a wrapper to avoid optimizing the prctl call if the kernel does not support it. If the kernel does not support PR_SET_VMA_ANON_NAME, prctl returns EINVAL. And it also returns the same error for an invalid argument. Since it is an internal-only API, it assumes well-formatted input: aligned START, with (START, START+LEN) being a valid memory range, and NAME with a limit of 80 characters without an invalid one ("\\`$[]"). Reviewed-by: DJ Delorie <dj@redhat.com>
* hurd: statfsconv: Add missing f_ffree conversionSamuel Thibault2023-11-071-0/+1
|
* Update BAD_TYPECHECK to work on x86_64Flavio Cruz2023-11-061-6/+3
| | | | Message-ID: <ZUhn7LOcgLOJjKZr@jupiter.tail36e24.ts.net>
* sysdeps: sem_open: Clear O_CREAT when semaphore file is expected to exist ↵Sergio Durigan Junior2023-11-031-6/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [BZ #30789] When invoking sem_open with O_CREAT as one of its flags, we'll end up in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0)", which means that we don't expect the semaphore file to exist. In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC" and there's an attempt to open(2) the file, which will likely fail because it won't exist. After that first (expected) failure, some cleanup is done and we go back to the label "try_again", which lives in the first part of the aforementioned "if". The problem is that, in that part of the code, we expect the semaphore file to exist, and as such O_CREAT (this time the flag we pass to open(2)) needs to be cleaned from open_flags, otherwise we'll see another failure (this time unexpected) when trying to open the file, which will lead the call to sem_open to fail as well. This can cause very strange bugs, especially with OpenMPI, which makes extensive use of semaphores. Fix the bug by simplifying the logic when choosing open(2) flags and making sure O_CREAT is not set when the semaphore file is expected to exist. A regression test for this issue would require a complex and cpu time consuming logic, since to trigger the wrong code path is not straightforward due the racy condition. There is a somewhat reliable reproducer in the bug, but it requires using OpenMPI. This resolves BZ #30789. See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912 Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net> Co-Authored-By: Simon Chopin <simon.chopin@canonical.com> Co-Authored-By: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org> Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)")
* Add SEGV_CPERR from Linux 6.6 to bits/siginfo-consts.hJoseph Myers2023-11-031-1/+3
| | | | | | | Linux 6.6 adds the constant SEGV_CPERR. Add it to glibc's bits/siginfo-consts.h. Tested for x86_64.
* linux: Add HWCAP2_HBC from Linux 6.6 to AArch64 bits/hwcap.hAdhemerval Zanella2023-11-031-0/+1
|
* linux: Add FSCONFIG_CMD_CREATE_EXCL from Linux 6.6 to sys/mount.hAdhemerval Zanella2023-11-031-0/+2
| | | | | The tst-mount-consts.py does not need to be updated because kernel exports it as an enum (compare_macro_consts can not parse it).
* linux: Add MMAP_ABOVE4G from Linux 6.6 to sys/mman.hAdhemerval Zanella2023-11-032-1/+2
| | | | | | x86 added the flag (29f890d1050fc099f) for CET enabled. Also update tst-mman-consts.py test.
* Update kernel version to 6.6 in header constant testsAdhemerval Zanella2023-11-032-3/+3
| | | | | There are no new constants covered, the tst-mman-consts.py is updated separately along with a header constant addition.
* Update syscall lists for Linux 6.6Adhemerval Zanella2023-11-0328-2/+32
| | | | | Linux 6.6 has one new syscall for all architectures, fchmodat2, and the map_shadow_stack on x86_64.
* AArch64: Cleanup ifuncsWilco Dijkstra2023-11-0118-125/+41
| | | | | | | | Cleanup ifuncs. Remove uses of libc_hidden_builtin_def, use ENTRY rather than ENTRY_ALIGN, remove unnecessary defines and conditional compilation. Rename strlen_mte to strlen_generic. Remove rtld-memset. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* Use correct subdir when building tst-rfc3484* for mach and armArjun Shankar2023-11-012-6/+2
| | | | | | | | | Commit 7f602256ab5b85db1dbfb5f40bd109c4b37b68c8 moved the tst-rfc3484* tests from posix/ to nss/, but didn't correct references to point to their new subdir when building for mach and arm. This commit fixes that. Tested with build-many-glibcs.sh for i686-gnu.
* string: Add internal memswap implementationAdhemerval Zanella2023-10-311-0/+41
| | | | | | | | | | | | | | The prototype is: void __memswap (void *restrict p1, void *restrict p2, size_t n) The function swaps the content of two memory blocks P1 and P2 of len N. Memory overlap is NOT handled. It will be used on qsort optimization. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* crypt: Remove libcrypt supportAdhemerval Zanella2023-10-3039-319/+1
| | | | | | | | | | | | | | | | | | All the crypt related functions, cryptographic algorithms, and make requirements are removed, with only the exception of md5 implementation which is moved to locale folder since it is required by localedef for integrity protection (libc's locale-reading code does not check these, but localedef does generate them). Besides thec code itself, both internal documentation and the manual is also adjusted. This allows to remove both --enable-crypt and --enable-nss-crypt configure options. Checked with a build for all affected ABIs. Co-authored-by: Zack Weinberg <zack@owlfolio.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* sparc: Remove optimize md5, sha256, and sha512Adhemerval Zanella2023-10-3014-454/+0
| | | | | | | | | | The libcrypt was maked to be phase out on 2.38, and a better project already exist that provide both compatibility and better API (libxcrypt). The sparc optimizations add the burden to extra build-many-glibcs.py configurations. Checked on sparc64 and sparcv9. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* LoongArch: Delete excessively allocated memory.caiyinyu2023-10-261-34/+34
|
* LoongArch: Update hwcap.h to sync with LoongArch kernel.caiyinyu2023-10-261-0/+1
|
* LoongArch: Unify Register Names.caiyinyu2023-10-262-19/+19
|
* AArch64: Add support for MOPS memcpy/memmove/memsetWilco Dijkstra2023-10-2411-1/+141
| | | | | | | | Add support for MOPS in cpu_features and INIT_ARCH. Add ifuncs using MOPS for memcpy, memmove and memset (use .inst for now so it works with all binutils versions without needing complex configure and conditional compilation). Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* Move getaddrinfo from 'posix' into 'nss'Arjun Shankar2023-10-241-2625/+0
| | | | | | | getaddrinfo is an entry point for nss functionality. This commit moves it from 'sysdeps/posix' to 'nss', gets rid of the stub in 'posix', and moves all associated tests as well. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* aarch64: Add vector implementations of exp10 routinesJoe Ramsay2023-10-2313-0/+528
| | | | | Double-precision routines either reuse the exp table (AdvSIMD) or use SVE FEXPA intruction.
* aarch64: Add vector implementations of log10 routinesJoe Ramsay2023-10-2315-1/+584
| | | | A table is also added, which is shared between AdvSIMD and SVE log10.
* aarch64: Add vector implementations of log2 routinesJoe Ramsay2023-10-2315-1/+549
| | | | A table is also added, which is shared between AdvSIMD and SVE log2.
* aarch64: Add vector implementations of exp2 routinesJoe Ramsay2023-10-2313-0/+463
| | | | Some routines reuse table from v_exp_data.c
* aarch64: Add vector implementations of tan routinesJoe Ramsay2023-10-2319-1/+1248
| | | | | This includes some utility headers for evaluating polynomials using various schemes.
* tst-spawn-cgroup.c: Fix argument order of UNSUPPORTED message.Stefan Liebler2023-10-201-3/+3
| | | | | | | The arguments for "expected" and "got" are mismatched. Furthermore this patch is dumping both values as hex. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Florian Weimer <fweimer@redhat.com>
* s390: Fix undefined behaviour in feenableexcept, fedisableexcept [BZ #30960]Stefan Liebler2023-10-192-2/+4
| | | | | | | | | | | | | | | | | If feenableexcept or fedisableexcept gets excepts=FE_INVALID=0x80 as input, we have a signed left shift: 0x80 << 24 which is not representable as int and thus is undefined behaviour according to C standard. This patch casts excepts as unsigned int before shifting, which is defined. For me, the observed undefined behaviour is that the shift is done with "unsigned"-instructions, which is exactly what we want. Furthermore, I don't get any exception-flags. After the fix, the code is using the same instruction sequence as before.
* Revert "elf: Always call destructors in reverse constructor order (bug 30785)"Florian Weimer2023-10-181-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 6985865bc3ad5b23147ee73466583dd7fdf65892. Reason for revert: The commit changes the order of ELF destructor calls too much relative to what applications expect or can handle. In particular, during process exit and _dl_fini, after the revert commit, we no longer call the destructors of the main program first; that only happens after some dlopen'ed objects have been destructed. This robs applications of an opportunity to influence destructor order by calling dlclose explicitly from the main program's ELF destructors. A couple of different approaches involving reverse constructor order were tried, and none of them worked really well. It seems we need to keep the dependency sorting in _dl_fini. There is also an ambiguity regarding nested dlopen calls from ELF constructors: Should those destructors run before or after the object that called dlopen? Commit 6985865bc3ad5b2314 used reverse order of the start of ELF constructor calls for destructors, but arguably using completion of constructors is more correct. However, that alone is not sufficient to address application compatibility issues (it does not change _dl_fini ordering at all).
* Add LE DSCP code point from RFC-8622.Bruno Victal2023-10-171-0/+5
| | | | | Signed-off-by: Bruno Victal <mirai@makinata.eu> Reviewed-by: Florian Weimer <fweimer@redhat.com>