From 5570fbd25a574d54ab135e1d3cdac0bc74029689 Mon Sep 17 00:00:00 2001 From: Jakub Jelinek Date: Mon, 27 Jun 2005 09:15:54 +0000 Subject: Updated to fedora-glibc-20050627T0850 --- ChangeLog | 61 +++++++ Versions.def | 1 + config.h.in | 3 + configure | 17 ++ configure.in | 9 + debug/Makefile | 4 +- debug/Versions | 3 + debug/stack_chk_fail.c | 33 ++++ debug/stack_chk_fail_local.c | 30 ++++ elf/Makefile | 11 +- elf/Versions | 4 + elf/rtld.c | 54 +++--- elf/stackguard-macros.h | 30 ++++ elf/tst-stackguard1-static.c | 1 + elf/tst-stackguard1.c | 196 ++++++++++++++++++++++ fedora/branch.mk | 4 +- nptl/ChangeLog | 22 +++ nptl/Makefile | 9 +- nptl/pthread_create.c | 5 + nptl/sysdeps/i386/tls.h | 9 + nptl/sysdeps/powerpc/tls.h | 22 ++- nptl/sysdeps/s390/tls.h | 10 +- nptl/sysdeps/sparc/tls.h | 9 + nptl/sysdeps/x86_64/tls.h | 9 + nptl/tst-stackguard1-static.c | 1 + nptl/tst-stackguard1.c | 226 ++++++++++++++++++++++++++ nscd/connections.c | 10 +- nscd/nscd.c | 6 +- nscd/nscd.init | 16 +- nscd/nscd_stat.c | 6 +- nscd/selinux.c | 6 +- resource/Makefile | 4 +- resource/tst-getrlimit.c | 112 +++++++++++++ sunrpc/Makefile | 1 + sunrpc/tst-xdrmem.c | 205 +++++++++++++++++++++++ sunrpc/xdr.c | 4 +- sysdeps/generic/dl-osinfo.h | 13 +- sysdeps/generic/libc-start.c | 15 ++ sysdeps/generic/libc-tls.c | 11 -- sysdeps/ia64/strlen.S | 6 +- sysdeps/unix/sysv/linux/alpha/bits/resource.h | 2 +- sysdeps/unix/sysv/linux/bits/resource.h | 2 +- sysdeps/unix/sysv/linux/dl-osinfo.h | 22 +++ sysdeps/unix/sysv/linux/sparc/bits/resource.h | 2 +- 44 files changed, 1148 insertions(+), 78 deletions(-) create mode 100644 debug/stack_chk_fail.c create mode 100644 debug/stack_chk_fail_local.c create mode 100644 elf/stackguard-macros.h create mode 100644 elf/tst-stackguard1-static.c create mode 100644 elf/tst-stackguard1.c create mode 100644 nptl/tst-stackguard1-static.c create mode 100644 nptl/tst-stackguard1.c create mode 100644 resource/tst-getrlimit.c create mode 100644 sunrpc/tst-xdrmem.c diff --git a/ChangeLog b/ChangeLog index 47224b74cc..157dffe69d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,64 @@ +2005-06-16 Jakub Jelinek + + [BZ #1016] + * sysdeps/ia64/strlen.S (strlen): Change l2 into a local label. + +2005-06-23 Thorsten Kukuk + + * nscd/nscd_stat.c (receive_print_stats): Replace YESSTR/NOSTR + with own translation. + +2005-06-25 Jakub Jelinek + + * sunrpc/xdr.c (xdr_hyper, xdr_u_hyper): When decoding, cast + t2 to uint32_t instead of ulong. + * sunrpc/Makefile (tests): Add tst-xdrmem. + * sunrpc/tst-xdrmem.c: New test. + + * Versions.def (ld): Add GLIBC_2.4. + * configure.in: Add --enable-stackguard-randomization option. + (ENABLE_STACKGUARD_RANDOMIZE): New define. + * config.h.in (ENABLE_STACKGUARD_RANDOMIZE): Add. + * sysdeps/unix/sysv/linux/dl-osinfo.h: Include stdint.h. + (_dl_setup_stack_chk_guard): New inline function. + * sysdeps/generic/dl-osinfo.h: Include stdint.h. + (_dl_setup_stack_chk_guard): New inline function. + * elf/rtld.c (__stack_chk_guard): New variable. + (dl_main): Remove all traces of TLS_INIT_TP_EXPENSIVE. + Set __stack_chk_guard to _dl_setup_stack_chk_guard (), + use THREAD_SET_STACK_GUARD if defined. + * elf/Versions (ld): Export __stack_chk_guard@@GLIBC_2.4. + * sysdeps/generic/libc-start.c (__stack_chk_guard): New variable. + (__libc_start_main): Set __stack_chk_guard to + _dl_setup_stack_chk_guard (), use THREAD_SET_STACK_GUARD if defined. + * sysdeps/generic/libc-tls.c (__libc_setup_tls): Remove all + traces of TLS_INIT_TP_EXPENSIVE. + * debug/Versions (libc): Export __stack_chk_fail@@GLIBC_2.4. + * debug/Makefile (routines): Add stack_chk_fail. + (static-only-routines): Add stack_chk_fail_local. + * debug/stack_chk_fail_local.c: New file. + * debug/stack_chk_fail.c: New file. + * elf/Makefile: Add rules to build and run tst-stackguard1{,-static} + tests. + * elf/tst-stackguard1.c: New file. + * elf/tst-stackguard1-static.c: New file. + * elf/stackguard-macros.h: New file. + +2005-06-21 Ulrich Drepper + + * resource/Makefile (tests): Add tst-getrlimit. + * resource/tst-getrlimit.c: New file. + + * sysdeps/unix/sysv/linux/bits/resource.h (RLIMIT_RTPRIO): Fix typo. + * sysdeps/unix/sysv/linux/alpha/bits/resource.h: Likewise. + * sysdeps/unix/sysv/linux/sparc/bits/resource.h: Likewise. + +2005-06-20 Ulrich Drepper + + * nscd/nscd.init: Get more in line with lsb3. + * nscd/nscd.c: Adjust some error codes to fit in better with lsb3. + * nscd/connections.c: Likewise. + 2005-06-20 Jakub Jelinek * sysdeps/unix/sysv/linux/sys/quota.h: Add definitions and types for diff --git a/Versions.def b/Versions.def index 923f5eb31e..4619bf6c0c 100644 --- a/Versions.def +++ b/Versions.def @@ -100,6 +100,7 @@ ld { GLIBC_2.0 GLIBC_2.1 GLIBC_2.3 + GLIBC_2.4 GLIBC_PRIVATE } libthread_db { diff --git a/config.h.in b/config.h.in index 70e67bb912..552523a83e 100644 --- a/config.h.in +++ b/config.h.in @@ -223,6 +223,9 @@ /* Define if your assembler and linker support R_PPC_REL16* relocs. */ #undef HAVE_ASM_PPC_REL16 +/* Define if __stack_chk_guard canary should be randomized at program startup. */ +#undef ENABLE_STACKGUARD_RANDOMIZE + /* */ diff --git a/configure b/configure index 8c978e7512..402da463f9 100755 --- a/configure +++ b/configure @@ -873,6 +873,9 @@ Optional Features: objects [default=yes if supported] --enable-oldest-abi=ABI configure the oldest ABI supported [e.g. 2.2] [default=glibc default] + --enable-stackguard-randomization + initialize __stack_chk_guard canary with a random + number at program start --enable-add-ons[=DIRS...] configure and build add-ons in DIR1,DIR2,... search for add-ons if no parameter given @@ -1597,6 +1600,20 @@ _ACEOF fi +# Check whether --enable-stackguard-randomization or --disable-stackguard-randomization was given. +if test "${enable_stackguard_randomization+set}" = set; then + enableval="$enable_stackguard_randomization" + enable_stackguard_randomize=$enableval +else + enable_stackguard_randomize=no +fi; +if test "$enable_stackguard_randomize" = yes; then + cat >>confdefs.h <<\_ACEOF +#define ENABLE_STACKGUARD_RANDOMIZE 1 +_ACEOF + +fi + # Check whether --enable-add-ons or --disable-add-ons was given. if test "${enable_add_ons+set}" = set; then enableval="$enable_add_ons" diff --git a/configure.in b/configure.in index 5f46b5e4ef..4396891db5 100644 --- a/configure.in +++ b/configure.in @@ -174,6 +174,15 @@ else fi AC_SUBST(oldest_abi) +AC_ARG_ENABLE([stackguard-randomization], + AC_HELP_STRING([--enable-stackguard-randomization], + [initialize __stack_chk_guard canary with a random number at program start]), + [enable_stackguard_randomize=$enableval], + [enable_stackguard_randomize=no]) +if test "$enable_stackguard_randomize" = yes; then + AC_DEFINE(ENABLE_STACKGUARD_RANDOMIZE) +fi + dnl Generic infrastructure for drop-in additions to libc. AC_ARG_ENABLE([add-ons], AC_HELP_STRING([--enable-add-ons@<:@=DIRS...@:>@], diff --git a/debug/Makefile b/debug/Makefile index 42e64ad16f..6ec08dc94a 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -31,9 +31,9 @@ routines = backtrace backtracesyms backtracesymsfd noophooks \ printf_chk fprintf_chk vprintf_chk vfprintf_chk \ gets_chk chk_fail readonly-area fgets_chk fgets_u_chk \ read_chk pread_chk pread64_chk recv_chk recvfrom_chk \ - readlink_chk getwd_chk getcwd_chk \ + readlink_chk getwd_chk getcwd_chk stack_chk_fail \ $(static-only-routines) -static-only-routines := warning-nop +static-only-routines := warning-nop stack_chk_fail_local CFLAGS-backtrace.c = -fno-omit-frame-pointer CFLAGS-sprintf_chk.c = -D_IO_MTSAFE_IO diff --git a/debug/Versions b/debug/Versions index 07d6fbb830..7cbb02c31e 100644 --- a/debug/Versions +++ b/debug/Versions @@ -18,4 +18,7 @@ libc { __printf_chk; __fprintf_chk; __vprintf_chk; __vfprintf_chk; __gets_chk; } + GLIBC_2.4 { + __stack_chk_fail; + } } diff --git a/debug/stack_chk_fail.c b/debug/stack_chk_fail.c new file mode 100644 index 0000000000..298b323671 --- /dev/null +++ b/debug/stack_chk_fail.c @@ -0,0 +1,33 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include +#include + + +extern char **__libc_argv attribute_hidden; + +void +__attribute__ ((noreturn)) +__stack_chk_fail (void) +{ + /* The loop is added only to keep gcc happy. */ + while (1) + __libc_message (1, "*** stack smashing detected ***: %s terminated\n", + __libc_argv[0] ?: ""); +} diff --git a/debug/stack_chk_fail_local.c b/debug/stack_chk_fail_local.c new file mode 100644 index 0000000000..de0de8f397 --- /dev/null +++ b/debug/stack_chk_fail_local.c @@ -0,0 +1,30 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include + +extern void __stack_chk_fail (void) __attribute__ ((noreturn)); + +/* On some architectures, this helps needless PIC pointer setup + that would be needed just for the __stack_chk_fail call. */ + +void __attribute__ ((noreturn)) attribute_hidden +__stack_chk_fail_local (void) +{ + __stack_chk_fail (); +} diff --git a/elf/Makefile b/elf/Makefile index d988baca3b..c43eb02f5b 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -87,7 +87,8 @@ distribute := rtld-Rules \ unload3mod1.c unload3mod2.c unload3mod3.c unload3mod4.c \ unload4mod1.c unload4mod2.c unload4mod3.c unload4mod4.c \ unload6mod1.c unload6mod2.c unload6mod3.c tst-auditmod1.c \ - order2mod1.c order2mod2.c order2mod3.c order2mod4.c + order2mod1.c order2mod2.c order2mod3.c order2mod4.c \ + tst-stackguard1.c tst-stackguard1-static.c CFLAGS-dl-runtime.c = -fexceptions -fasynchronous-unwind-tables CFLAGS-dl-lookup.c = -fexceptions -fasynchronous-unwind-tables @@ -140,7 +141,7 @@ ifeq (yes,$(have-initfini-array)) tests += tst-array1 tst-array2 tst-array3 tst-array4 endif ifeq (yes,$(build-static)) -tests-static = tst-tls1-static tst-tls2-static +tests-static = tst-tls1-static tst-tls2-static tst-stackguard1-static ifeq (yesyesyes,$(build-static)$(build-shared)$(elf)) tests-static += tst-tls9-static tst-tls9-static-ENV = \ @@ -162,7 +163,8 @@ tests += loadtest restest1 preloadtest loadfail multiload origtest resolvfail \ tst-tls10 tst-tls11 tst-tls12 tst-tls13 tst-tls14 tst-tls15 tst-align \ tst-align2 $(tests-execstack-$(have-z-execstack)) tst-dlmodcount \ tst-dlopenrpath tst-deep1 tst-dlmopen1 tst-dlmopen2 tst-dlmopen3 \ - unload3 unload4 unload5 unload6 tst-audit1 tst-global1 order2 + unload3 unload4 unload5 unload6 tst-audit1 tst-global1 order2 \ + tst-stackguard1 # reldep9 test-srcs = tst-pathopt tests-vis-yes = vismain @@ -843,3 +845,6 @@ $(objpfx)order2mod1.so: $(objpfx)order2mod4.so $(objpfx)order2mod4.so: $(objpfx)order2mod3.so $(objpfx)order2mod2.so: $(objpfx)order2mod3.so order2mod2.so-no-z-defs = yes + +tst-stackguard1-ARGS = --command "$(built-program-cmd) --child" +tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child" diff --git a/elf/Versions b/elf/Versions index aaacf3e4ea..9c53f1615e 100644 --- a/elf/Versions +++ b/elf/Versions @@ -43,6 +43,10 @@ ld { # runtime interface to TLS __tls_get_addr; } + GLIBC_2.4 { + # stack canary + __stack_chk_guard; + } GLIBC_PRIVATE { # Those are in the dynamic linker, but used by libc.so. __libc_enable_secure; diff --git a/elf/rtld.c b/elf/rtld.c index a3dbb867f3..cf0e415ce1 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -80,6 +80,12 @@ char **_dl_argv attribute_relro = NULL; #endif INTDEF(_dl_argv) +#ifndef THREAD_SET_STACK_GUARD +/* Only exported for architectures that don't store the stack guard canary + in thread local area. */ +uintptr_t __stack_chk_guard attribute_relro; +#endif + /* Nonzero if we were run directly. */ unsigned int _dl_skip_args attribute_relro attribute_hidden; @@ -1451,9 +1457,6 @@ ld.so does not support TLS, but program uses it!\n"); always allocate the static block, we never defer it even if no DF_STATIC_TLS bit is set. The reason is that we know glibc will use the static model. */ -# ifndef TLS_INIT_TP_EXPENSIVE -# define TLS_INIT_TP_EXPENSIVE 0 -# endif /* Since we start using the auditing DSOs right away we need to initialize the data structures now. */ @@ -1911,10 +1914,18 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", used. Trying to do it lazily is too hairy to try when there could be multiple threads (from a non-TLS-using libpthread). */ bool was_tls_init_tp_called = tls_init_tp_called; - if (tcbp == NULL && (!TLS_INIT_TP_EXPENSIVE || GL(dl_tls_max_dtv_idx) > 0)) + if (tcbp == NULL) tcbp = init_tls (); #endif + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +#ifdef THREAD_SET_STACK_GUARD + THREAD_SET_STACK_GUARD (stack_chk_guard); +#else + __stack_chk_guard = stack_chk_guard; +#endif + if (__builtin_expect (mode, normal) != normal) { /* We were run just to list the shared libraries. It is @@ -2334,29 +2345,26 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", #endif #ifdef USE_TLS - if (GL(dl_tls_max_dtv_idx) > 0 || USE___THREAD || !TLS_INIT_TP_EXPENSIVE) - { - if (!was_tls_init_tp_called && GL(dl_tls_max_dtv_idx) > 0) - ++GL(dl_tls_generation); + if (!was_tls_init_tp_called && GL(dl_tls_max_dtv_idx) > 0) + ++GL(dl_tls_generation); - /* Now that we have completed relocation, the initializer data - for the TLS blocks has its final values and we can copy them - into the main thread's TLS area, which we allocated above. */ - _dl_allocate_tls_init (tcbp); + /* Now that we have completed relocation, the initializer data + for the TLS blocks has its final values and we can copy them + into the main thread's TLS area, which we allocated above. */ + _dl_allocate_tls_init (tcbp); - /* And finally install it for the main thread. If ld.so itself uses - TLS we know the thread pointer was initialized earlier. */ - if (! tls_init_tp_called) - { - const char *lossage = TLS_INIT_TP (tcbp, USE___THREAD); - if (__builtin_expect (lossage != NULL, 0)) - _dl_fatal_printf ("cannot set up thread-local storage: %s\n", - lossage); - } + /* And finally install it for the main thread. If ld.so itself uses + TLS we know the thread pointer was initialized earlier. */ + if (! tls_init_tp_called) + { + const char *lossage = TLS_INIT_TP (tcbp, USE___THREAD); + if (__builtin_expect (lossage != NULL, 0)) + _dl_fatal_printf ("cannot set up thread-local storage: %s\n", + lossage); } - else +#else + NONTLS_INIT_TP; #endif - NONTLS_INIT_TP; #ifdef SHARED /* Auditing checkpoint: we have added all objects. */ diff --git a/elf/stackguard-macros.h b/elf/stackguard-macros.h new file mode 100644 index 0000000000..0fbf4d2c0b --- /dev/null +++ b/elf/stackguard-macros.h @@ -0,0 +1,30 @@ +#include + +#ifdef __i386__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; }) +#elif defined __x86_64__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("movq %%fs:0x28, %0" : "=r" (x)); x; }) +#elif defined __powerpc64__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; }) +#elif defined __powerpc__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; }) +#elif defined __sparc__ && defined __arch64__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; }) +#elif defined __sparc__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; }) +#elif defined __s390x__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("ear %0,%a0; sllg %0,%0,32; ear %0,%a1; lg %0,0x28(%0)" : "=r" (x)); x; }) +#elif defined __s390__ +# define STACK_CHK_GUARD \ + ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=r" (x)); x; }) +#else +extern uintptr_t __stack_chk_guard; +# define STACK_CHK_GUARD __stack_chk_guard +#endif diff --git a/elf/tst-stackguard1-static.c b/elf/tst-stackguard1-static.c new file mode 100644 index 0000000000..db1e21554d --- /dev/null +++ b/elf/tst-stackguard1-static.c @@ -0,0 +1 @@ +#include "tst-stackguard1.c" diff --git a/elf/tst-stackguard1.c b/elf/tst-stackguard1.c new file mode 100644 index 0000000000..480f9297d0 --- /dev/null +++ b/elf/tst-stackguard1.c @@ -0,0 +1,196 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + Contributed by Jakub Jelinek , 2005. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include +#include +#include +#include +#include +#include +#include +#include + +static const char *command; +static bool child; +static uintptr_t stack_chk_guard_copy; +static bool stack_chk_guard_copy_set; +static int fds[2]; + +static void __attribute__ ((constructor)) +con (void) +{ + stack_chk_guard_copy = STACK_CHK_GUARD; + stack_chk_guard_copy_set = true; +} + +static int +uintptr_t_cmp (const void *a, const void *b) +{ + if (*(uintptr_t *) a < *(uintptr_t *) b) + return 1; + if (*(uintptr_t *) a > *(uintptr_t *) b) + return -1; + return 0; +} + +static int +do_test (void) +{ + if (!stack_chk_guard_copy_set) + { + puts ("constructor has not been run"); + return 1; + } + + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed between constructor and do_test"); + return 1; + } + + if (child) + { + write (2, &stack_chk_guard_copy, sizeof (stack_chk_guard_copy)); + return 0; + } + + if (command == NULL) + { + puts ("missing --command or --child argument"); + return 1; + } + +#define N 16 + uintptr_t child_stack_chk_guards[N + 1]; + child_stack_chk_guards[N] = stack_chk_guard_copy; + int i; + for (i = 0; i < N; ++i) + { + if (pipe (fds) < 0) + { + printf ("couldn't create pipe: %m\n"); + return 1; + } + + pid_t pid = fork (); + if (pid < 0) + { + printf ("fork failed: %m\n"); + return 1; + } + + if (!pid) + { + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed after fork"); + exit (1); + } + + close (fds[0]); + close (2); + dup2 (fds[1], 2); + close (fds[1]); + + system (command); + exit (0); + } + + close (fds[1]); + + if (TEMP_FAILURE_RETRY (read (fds[0], &child_stack_chk_guards[i], + sizeof (uintptr_t))) != sizeof (uintptr_t)) + { + puts ("could not read stack_chk_guard value from child"); + return 1; + } + + close (fds[0]); + + pid_t termpid; + int status; + termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)); + if (termpid == -1) + { + printf ("waitpid failed: %m\n"); + return 1; + } + else if (termpid != pid) + { + printf ("waitpid returned %ld != %ld\n", + (long int) termpid, (long int) pid); + return 1; + } + else if (!WIFEXITED (status) || WEXITSTATUS (status)) + { + puts ("child hasn't exited with exit status 0"); + return 1; + } + } + + qsort (child_stack_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp); + + uintptr_t default_guard = 0; + unsigned char *p = (unsigned char *) &default_guard; + p[sizeof (uintptr_t) - 1] = 255; + p[sizeof (uintptr_t) - 2] = '\n'; + p[0] = 0; + + /* Test if the stack guard canaries are either randomized, + or equal to the default stack guard canary value. + Even with randomized stack guards it might happen + that the random number generator generates the same + values, but if that happens in more than half from + the 16 runs, something is very wrong. */ + int ndifferences = 0; + int ndefaults = 0; + for (i = 0; i < N; ++i) + { + if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1]) + ndifferences++; + else if (child_stack_chk_guards[i] == default_guard) + ndefaults++; + } + + printf ("differences %d defaults %d\n", ndifferences, ndefaults); + + if (ndifferences < N / 2 && ndefaults < N / 2) + { + puts ("stack guard canaries are not randomized enough"); + puts ("nor equal to the default canary value"); + return 1; + } + + return 0; +} + +#define OPT_COMMAND 10000 +#define OPT_CHILD 10001 +#define CMDLINE_OPTIONS \ + { "command", required_argument, NULL, OPT_COMMAND }, \ + { "child", no_argument, NULL, OPT_CHILD }, +#define CMDLINE_PROCESS \ + case OPT_COMMAND: \ + command = optarg; \ + break; \ + case OPT_CHILD: \ + child = true; \ + break; +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/fedora/branch.mk b/fedora/branch.mk index 90bf380a3c..daf78e7120 100644 --- a/fedora/branch.mk +++ b/fedora/branch.mk @@ -1,5 +1,5 @@ # This file is updated automatically by Makefile. glibc-branch := fedora glibc-base := HEAD -fedora-sync-date := 2005-06-20 15:30 UTC -fedora-sync-tag := fedora-glibc-20050620T1530 +fedora-sync-date := 2005-06-27 08:50 UTC +fedora-sync-tag := fedora-glibc-20050627T0850 diff --git a/nptl/ChangeLog b/nptl/ChangeLog index 470d4b9887..1c53e5e505 100644 --- a/nptl/ChangeLog +++ b/nptl/ChangeLog @@ -1,3 +1,25 @@ +2005-06-25 Jakub Jelinek + + * sysdeps/i386/tls.h (tcbhead_t): Add stack_guard field. + (THREAD_SET_STACK_GUARD, THREAD_COPY_STACK_GUARD): Define. + * sysdeps/x86_64/tls.h (tcbhead_t): Add sysinfo and stack_guard + fields. + (THREAD_SET_STACK_GUARD, THREAD_COPY_STACK_GUARD): Define. + * sysdeps/s390/tls.h (tcbhead_t): Add stack_guard + field. Put in sysinfo field unconditionally. + (THREAD_SET_STACK_GUARD, THREAD_COPY_STACK_GUARD): Define. + * sysdeps/powerpc/tls.h (tcbhead_t): Add stack_guard field. + (THREAD_SET_STACK_GUARD, THREAD_COPY_STACK_GUARD): Define. + * sysdeps/sparc/tls.h (tcbhead_t): Add sysinfo and stack_guard + fields. + (THREAD_SET_STACK_GUARD, THREAD_COPY_STACK_GUARD): Define. + * pthread_create.c (__pthread_create_2_1): Use + THREAD_COPY_STACK_GUARD macro. + * Makefile: Add rules to build and run tst-stackguard1{,-static} + tests. + * tst-stackguard1.c: New file. + * tst-stackguard1-static.c: New file. + 2005-06-14 Alan Modra * sysdeps/unix/sysv/linux/powerpc/powerpc32/sysdep-cancel.h (PSEUDO): diff --git a/nptl/Makefile b/nptl/Makefile index 2acb8d01b7..184375a461 100644 --- a/nptl/Makefile +++ b/nptl/Makefile @@ -269,7 +269,8 @@ tests += tst-cancelx2 tst-cancelx3 tst-cancelx4 tst-cancelx5 \ tst-oncex3 tst-oncex4 endif ifeq ($(build-shared),yes) -tests += tst-atfork2 tst-tls3 tst-tls4 tst-tls5 tst-_res1 tst-fini1 +tests += tst-atfork2 tst-tls3 tst-tls4 tst-tls5 tst-_res1 tst-fini1 \ + tst-stackguard1 tests-nolibpthread += tst-fini1 ifeq ($(have-z-execstack),yes) tests += tst-execstack @@ -337,7 +338,8 @@ link-libc-static := $(common-objpfx)libc.a $(static-gnulib) \ $(common-objpfx)libc.a ifeq ($(build-static),yes) -tests-static += tst-locale1 tst-locale2 +tests-static += tst-locale1 tst-locale2 tst-stackguard1-static +tests += tst-stackguard1-static xtests-static += tst-setuid1-static endif # These tests are linked with libc before libpthread @@ -590,6 +592,9 @@ LDFLAGS-tst-execstack = -Wl,-z,noexecstack $(objpfx)tst-fini1mod.so: $(shared-thread-library) +tst-stackguard1-ARGS = --command "$(built-program-cmd) --child" +tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child" + # The tests here better do not run in parallel ifneq ($(filter %tests,$(MAKECMDGOALS)),) .NOTPARALLEL: diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c index 18f1c034c7..122778bddf 100644 --- a/nptl/pthread_create.c +++ b/nptl/pthread_create.c @@ -399,6 +399,11 @@ __pthread_create_2_1 (newthread, attr, start_routine, arg) pd->schedpolicy = self->schedpolicy; pd->schedparam = self->schedparam; + /* Copy the stack guard canary. */ +#ifdef THREAD_COPY_STACK_GUARD + THREAD_COPY_STACK_GUARD (pd); +#endif + /* Determine scheduling parameters for the thread. */ if (attr != NULL && __builtin_expect ((iattr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0, 0) diff --git a/nptl/sysdeps/i386/tls.h b/nptl/sysdeps/i386/tls.h index c0331140f4..65566ff7a7 100644 --- a/nptl/sysdeps/i386/tls.h +++ b/nptl/sysdeps/i386/tls.h @@ -49,6 +49,7 @@ typedef struct void *self; /* Pointer to the thread descriptor. */ int multiple_threads; uintptr_t sysinfo; + uintptr_t stack_guard; } tcbhead_t; # define TLS_MULTIPLE_THREADS_IN_TCB 1 @@ -416,6 +417,14 @@ union user_desc_init __res; }) +/* Set the stack guard field in TCB head. */ +#define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +#define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + + #endif /* __ASSEMBLER__ */ #endif /* tls.h */ diff --git a/nptl/sysdeps/powerpc/tls.h b/nptl/sysdeps/powerpc/tls.h index a7f69074e9..b2322b09bd 100644 --- a/nptl/sysdeps/powerpc/tls.h +++ b/nptl/sysdeps/powerpc/tls.h @@ -65,11 +65,11 @@ typedef union dtv /* Get the thread descriptor definition. */ # include -/* This layout is actually wholly private and not affected by the ABI. - Nor does it overlap the pthread data structure, so we need nothing - extra here at all. */ +/* The stack_guard is accessed directly by GCC -fstack-protector code, + so it is a part of public ABI. The dtv field is private. */ typedef struct { + uintptr_t stack_guard; dtv_t *dtv; } tcbhead_t; @@ -127,7 +127,7 @@ register void *__thread_register __asm__ ("r13"); /* Return the address of the dtv for the current thread. */ # define THREAD_DTV() \ - (((tcbhead_t *) (__thread_register - TLS_TCB_OFFSET))[-1].dtv) + (((tcbhead_t *) (__thread_register - TLS_TCB_OFFSET))[-1].dtv) /* Return the thread descriptor for the current thread. */ # define THREAD_SELF \ @@ -136,9 +136,9 @@ register void *__thread_register __asm__ ("r13"); /* Magic for libthread_db to know how to do THREAD_SELF. */ # define DB_THREAD_SELF \ - REGISTER (32, 32, PT_THREAD_POINTER * 4, \ + REGISTER (32, 32, PT_THREAD_POINTER * 4, \ - TLS_TCB_OFFSET - TLS_PRE_TCB_SIZE) \ - REGISTER (64, 64, PT_THREAD_POINTER * 8, \ + REGISTER (64, 64, PT_THREAD_POINTER * 8, \ - TLS_TCB_OFFSET - TLS_PRE_TCB_SIZE) /* Read member of the thread descriptor directly. */ @@ -156,6 +156,16 @@ register void *__thread_register __asm__ ("r13"); # define THREAD_SETMEM_NC(descr, member, idx, value) \ ((void)(descr), (THREAD_SELF)->member[idx] = (value)) +/* Set the stack guard field in TCB head. */ +# define THREAD_SET_STACK_GUARD(value) \ + (((tcbhead_t *) ((char *) __thread_register \ + - TLS_TCB_OFFSET))[-1].stack_guard = (value)) +# define THREAD_COPY_STACK_GUARD(descr) \ + (((tcbhead_t *) ((char *) (descr) \ + + TLS_PRE_TCB_SIZE))[-1].stack_guard \ + = ((tcbhead_t *) ((char *) __thread_register \ + - TLS_TCB_OFFSET))[-1].stack_guard) + /* l_tls_offset == 0 is perfectly valid on PPC, so we have to use some different value to mean unset l_tls_offset. */ # define NO_TLS_OFFSET -1 diff --git a/nptl/sysdeps/s390/tls.h b/nptl/sysdeps/s390/tls.h index 060dde39df..f90b35b1e5 100644 --- a/nptl/sysdeps/s390/tls.h +++ b/nptl/sysdeps/s390/tls.h @@ -48,9 +48,8 @@ typedef struct dtv_t *dtv; void *self; /* Pointer to the thread descriptor. */ int multiple_threads; -# ifdef NEED_DL_SYSINFO uintptr_t sysinfo; -# endif + uintptr_t stack_guard; } tcbhead_t; # ifndef __s390x__ @@ -158,6 +157,13 @@ typedef struct #define THREAD_SETMEM_NC(descr, member, idx, value) \ descr->member[idx] = (value) +/* Set the stack guard field in TCB head. */ +#define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +#define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + #endif /* __ASSEMBLER__ */ #endif /* tls.h */ diff --git a/nptl/sysdeps/sparc/tls.h b/nptl/sysdeps/sparc/tls.h index 54b54859d9..ddc4848554 100644 --- a/nptl/sysdeps/sparc/tls.h +++ b/nptl/sysdeps/sparc/tls.h @@ -46,6 +46,8 @@ typedef struct dtv_t *dtv; void *self; int multiple_threads; + uintptr_t sysinfo; + uintptr_t stack_guard; } tcbhead_t; #else /* __ASSEMBLER__ */ @@ -126,6 +128,13 @@ register struct pthread *__thread_self __asm__("%g7"); #define THREAD_SETMEM_NC(descr, member, idx, value) \ descr->member[idx] = (value) +/* Set the stack guard field in TCB head. */ +#define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +# define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + #endif /* !ASSEMBLER */ #endif /* tls.h */ diff --git a/nptl/sysdeps/x86_64/tls.h b/nptl/sysdeps/x86_64/tls.h index 3fc9b384aa..516827b8e1 100644 --- a/nptl/sysdeps/x86_64/tls.h +++ b/nptl/sysdeps/x86_64/tls.h @@ -47,6 +47,8 @@ typedef struct dtv_t *dtv; void *self; /* Pointer to the thread descriptor. */ int multiple_threads; + uintptr_t sysinfo; + uintptr_t stack_guard; } tcbhead_t; #else /* __ASSEMBLER__ */ @@ -320,6 +322,13 @@ typedef struct __res; }) +/* Set the stack guard field in TCB head. */ +# define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +# define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + #endif /* __ASSEMBLER__ */ #endif /* tls.h */ diff --git a/nptl/tst-stackguard1-static.c b/nptl/tst-stackguard1-static.c new file mode 100644 index 0000000000..db1e21554d --- /dev/null +++ b/nptl/tst-stackguard1-static.c @@ -0,0 +1 @@ +#include "tst-stackguard1.c" diff --git a/nptl/tst-stackguard1.c b/nptl/tst-stackguard1.c new file mode 100644 index 0000000000..15c30aeb6b --- /dev/null +++ b/nptl/tst-stackguard1.c @@ -0,0 +1,226 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + Contributed by Jakub Jelinek , 2005. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static const char *command; +static bool child; +static uintptr_t stack_chk_guard_copy; +static bool stack_chk_guard_copy_set; +static int fds[2]; + +static void __attribute__ ((constructor)) +con (void) +{ + stack_chk_guard_copy = STACK_CHK_GUARD; + stack_chk_guard_copy_set = true; +} + +static int +uintptr_t_cmp (const void *a, const void *b) +{ + if (*(uintptr_t *) a < *(uintptr_t *) b) + return 1; + if (*(uintptr_t *) a > *(uintptr_t *) b) + return -1; + return 0; +} + +static void * +tf (void *arg) +{ + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed in thread"); + return (void *) 1L; + } + return NULL; +} + +static int +do_test (void) +{ + if (!stack_chk_guard_copy_set) + { + puts ("constructor has not been run"); + return 1; + } + + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed between constructor and do_test"); + return 1; + } + + if (child) + { + int i; + pthread_t th[4]; + void *ret; + for (i = 0; i < 4; ++i) + if (pthread_create (&th[i], NULL, tf, NULL)) + { + puts ("thread creation failed"); + return 1; + } + for (i = 0; i < 4; ++i) + if (pthread_join (th[i], &ret)) + { + puts ("thread join failed"); + return 1; + } + else if (ret != NULL) + return 1; + + write (2, &stack_chk_guard_copy, sizeof (stack_chk_guard_copy)); + return 0; + } + + if (command == NULL) + { + puts ("missing --command or --child argument"); + return 1; + } + +#define N 16 + uintptr_t child_stack_chk_guards[N + 1]; + child_stack_chk_guards[N] = stack_chk_guard_copy; + int i; + for (i = 0; i < N; ++i) + { + if (pipe (fds) < 0) + { + printf ("couldn't create pipe: %m\n"); + return 1; + } + + pid_t pid = fork (); + if (pid < 0) + { + printf ("fork failed: %m\n"); + return 1; + } + + if (!pid) + { + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed after fork"); + exit (1); + } + + close (fds[0]); + close (2); + dup2 (fds[1], 2); + close (fds[1]); + + system (command); + exit (0); + } + + close (fds[1]); + + if (TEMP_FAILURE_RETRY (read (fds[0], &child_stack_chk_guards[i], + sizeof (uintptr_t))) != sizeof (uintptr_t)) + { + puts ("could not read stack_chk_guard value from child"); + return 1; + } + + close (fds[0]); + + pid_t termpid; + int status; + termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)); + if (termpid == -1) + { + printf ("waitpid failed: %m\n"); + return 1; + } + else if (termpid != pid) + { + printf ("waitpid returned %ld != %ld\n", + (long int) termpid, (long int) pid); + return 1; + } + else if (!WIFEXITED (status) || WEXITSTATUS (status)) + { + puts ("child hasn't exited with exit status 0"); + return 1; + } + } + + qsort (child_stack_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp); + + uintptr_t default_guard = 0; + unsigned char *p = (unsigned char *) &default_guard; + p[sizeof (uintptr_t) - 1] = 255; + p[sizeof (uintptr_t) - 2] = '\n'; + p[0] = 0; + + /* Test if the stack guard canaries are either randomized, + or equal to the default stack guard canary value. + Even with randomized stack guards it might happen + that the random number generator generates the same + values, but if that happens in more than half from + the 16 runs, something is very wrong. */ + int ndifferences = 0; + int ndefaults = 0; + for (i = 0; i < N; ++i) + { + if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1]) + ndifferences++; + else if (child_stack_chk_guards[i] == default_guard) + ndefaults++; + } + + printf ("differences %d defaults %d\n", ndifferences, ndefaults); + + if (ndifferences < N / 2 && ndefaults < N / 2) + { + puts ("stack guard canaries are not randomized enough"); + puts ("nor equal to the default canary value"); + return 1; + } + + return 0; +} + +#define OPT_COMMAND 10000 +#define OPT_CHILD 10001 +#define CMDLINE_OPTIONS \ + { "command", required_argument, NULL, OPT_COMMAND }, \ + { "child", no_argument, NULL, OPT_CHILD }, +#define CMDLINE_PROCESS \ + case OPT_COMMAND: \ + command = optarg; \ + break; \ + case OPT_CHILD: \ + child = true; \ + break; +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/nscd/connections.c b/nscd/connections.c index 818de977d5..a9cdbd4cd8 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -209,7 +209,7 @@ nscd_init (void) if (server_user != NULL && secure_in_use) { dbg_log (_("Cannot run nscd in secure mode as unprivileged user")); - exit (1); + exit (4); } /* Look up unprivileged uid/gid/groups before we start listening on the @@ -514,7 +514,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"), if (sock < 0) { dbg_log (_("cannot open socket: %s"), strerror (errno)); - exit (1); + exit (errno == EACCES ? 4 : 1); } /* Bind a name to the socket. */ struct sockaddr_un sock_addr; @@ -523,7 +523,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"), if (bind (sock, (struct sockaddr *) &sock_addr, sizeof (sock_addr)) < 0) { dbg_log ("%s: %s", _PATH_NSCDSOCKET, strerror (errno)); - exit (1); + exit (errno == EACCES ? 4 : 1); } /* We don't want to get stuck on accept. */ @@ -1628,14 +1628,14 @@ finish_drop_privileges (void) { dbg_log (_("Failed to run nscd as user '%s'"), server_user); perror ("setgid"); - exit (1); + exit (4); } if (setuid (server_uid) == -1) { dbg_log (_("Failed to run nscd as user '%s'"), server_user); perror ("setuid"); - exit (1); + exit (4); } } diff --git a/nscd/nscd.c b/nscd/nscd.c index 3ae401f1f7..76d2080309 100644 --- a/nscd/nscd.c +++ b/nscd/nscd.c @@ -152,7 +152,7 @@ main (int argc, char **argv) { error (0, 0, gettext ("wrong number of arguments")); argp_help (&argp, stdout, ARGP_HELP_SEE, program_invocation_short_name); - exit (EXIT_FAILURE); + exit (1); } /* Read the configuration file. */ @@ -309,7 +309,7 @@ parse_opt (int key, char *arg, struct argp_state *state) case 'K': if (getuid () != 0) - error (EXIT_FAILURE, 0, _("Only root is allowed to use this option!")); + error (4, 0, _("Only root is allowed to use this option!")); { int sock = nscd_open_socket (); request_header req; @@ -333,7 +333,7 @@ parse_opt (int key, char *arg, struct argp_state *state) case 'i': if (getuid () != 0) - error (EXIT_FAILURE, 0, _("Only root is allowed to use this option!")); + error (4, 0, _("Only root is allowed to use this option!")); else { int sock = nscd_open_socket (); diff --git a/nscd/nscd.init b/nscd/nscd.init index 23e20c3a82..a0074b99e5 100644 --- a/nscd/nscd.init +++ b/nscd/nscd.init @@ -10,6 +10,16 @@ # processname: /usr/sbin/nscd # config: /etc/nscd.conf # +### BEGIN INIT INFO +# Provides: nscd +# Required-Start: $syslog +# Default-Stop: 0 1 6 +# Short-Description: Starts the Name Switch Cache Daemon +# Description: This is a daemon which handles passwd and group lookups \ +# for running programs and cache the results for the next \ +# query. You should start this daemon if you use \ +# slow naming services like NIS, NIS+, LDAP, or hesiod. +### END INIT INFO # Sanity checks. [ -f /etc/nscd.conf ] || exit 0 @@ -29,7 +39,7 @@ case $(uname -r) in ;; *) #this is not - exit 0 + exit 1 ;; esac @@ -95,11 +105,11 @@ case "$1" in restart RETVAL=$? ;; - condrestart) + try-restart | condrestart) [ -e /var/lock/subsys/nscd ] && restart RETVAL=$? ;; - reload) + force-reload | reload) echo -n $"Reloading $prog: " killproc /usr/sbin/nscd -HUP RETVAL=$? diff --git a/nscd/nscd_stat.c b/nscd/nscd_stat.c index 9231642278..8bf50f39f4 100644 --- a/nscd/nscd_stat.c +++ b/nscd/nscd_stat.c @@ -1,4 +1,4 @@ -/* Copyright (c) 1998, 2003, 2004 Free Software Foundation, Inc. +/* Copyright (c) 1998, 2003, 2004, 2005 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1998. @@ -143,8 +143,8 @@ receive_print_stats (void) int fd; int i; uid_t uid = getuid (); - const char *yesstr = nl_langinfo (YESSTR); - const char *nostr = nl_langinfo (NOSTR); + const char *yesstr = _("yes"); + const char *nostr = _("no"); /* Find out whether there is another user but root allowed to request statistics. */ diff --git a/nscd/selinux.c b/nscd/selinux.c index 4dc4df3648..91c1442b59 100644 --- a/nscd/selinux.c +++ b/nscd/selinux.c @@ -1,5 +1,5 @@ /* SELinux access controls for nscd. - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2005 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Matthew Rickard , 2004. @@ -111,7 +111,7 @@ static const struct avc_lock_callback lock_cb = static int audit_fd = -1; /* When an avc denial occurs, log it to audit system */ -static void +static void log_callback (const char *fmt, ...) { va_list ap; @@ -122,7 +122,7 @@ log_callback (const char *fmt, ...) } /* Initialize the connection to the audit system */ -static void +static void audit_init (void) { audit_fd = audit_open (); diff --git a/resource/Makefile b/resource/Makefile index cddb6d353c..68f9ff65a3 100644 --- a/resource/Makefile +++ b/resource/Makefile @@ -1,4 +1,4 @@ -# Copyright (C) 1991, 1992, 1994, 1995, 1997 Free Software Foundation, Inc. +# Copyright (C) 1991,1992,1994,1995,1997,2005 Free Software Foundation, Inc. # This file is part of the GNU C Library. # The GNU C Library is free software; you can redistribute it and/or @@ -24,4 +24,6 @@ headers := sys/resource.h bits/resource.h sys/vlimit.h sys/vtimes.h \ routines := getrlimit setrlimit getrlimit64 setrlimit64 getrusage ulimit \ vlimit vtimes getpriority setpriority nice +tests = tst-getrlimit + include ../Rules diff --git a/resource/tst-getrlimit.c b/resource/tst-getrlimit.c new file mode 100644 index 0000000000..67480340f0 --- /dev/null +++ b/resource/tst-getrlimit.c @@ -0,0 +1,112 @@ +#include +#include +#include +#include + + +static struct +{ + const char *name; + int resource; + bool required; +} tests[] = + { + /* The following 7 limits are part of POSIX and must exist. */ + { "RLIMIT_CORE", RLIMIT_CORE, true }, + { "RLIMIT_CPU", RLIMIT_CPU, true }, + { "RLIMIT_DATA", RLIMIT_DATA, true }, + { "RLIMIT_FSIZE", RLIMIT_FSIZE, true }, + { "RLIMIT_NOFILE", RLIMIT_NOFILE, true }, + { "RLIMIT_STACK", RLIMIT_STACK, true }, + { "RLIMIT_AS", RLIMIT_AS, true }, + /* The following are traditional Unix limits which are also + expected (by us). */ + { "RLIMIT_RSS", RLIMIT_RSS, true }, + { "RLIMIT_NPROC", RLIMIT_NPROC, true }, + /* The following are extensions. */ +#ifdef RLIMIT_MEMLOCK + { "RLIMIT_MEMLOCK", RLIMIT_MEMLOCK, false }, +#endif +#ifdef RLIMIT_LOCKS + { "RLIMIT_LOCKS", RLIMIT_LOCKS, false }, +#endif +#ifdef RLIMIT_SIGPENDING + { "RLIMIT_SIGPENDING", RLIMIT_SIGPENDING, false }, +#endif +#ifdef RLIMIT_MSGQUEUE + { "RLIMIT_MSGQUEUE", RLIMIT_MSGQUEUE, false }, +#endif +#ifdef RLIMIT_NICE + { "RLIMIT_NICE", RLIMIT_NICE, false }, +#endif +#ifdef RLIMIT_RTPRIO + { "RLIMIT_RTPRIO", RLIMIT_RTPRIO, false }, +#endif + }; +#define ntests (sizeof (tests) / sizeof (tests[0])) + + +static int +do_test (void) +{ + int status = 0; + + for (int i = 0; i < ntests; ++i) + { + bool this_ok = true; + + struct rlimit r; + int res = getrlimit (tests[i].resource, &r); + if (res == -1) + { + if (errno == EINVAL) + { + if (tests[i].required) + { + printf ("limit %s expectedly not available for getrlimit\n", + tests[i].name); + status = 1; + this_ok = false; + } + } + else + { + printf ("getrlimit for %s returned unexpected error: %m\n", + tests[i].name); + status = 1; + this_ok = false; + } + } + + struct rlimit64 r64; + res = getrlimit64 (tests[i].resource, &r64); + if (res == -1) + { + if (errno == EINVAL) + { + if (tests[i].required) + { + printf ("limit %s expectedly not available for getrlimit64" + "\n", tests[i].name); + status = 1; + this_ok = false; + } + } + else + { + printf ("getrlimit64 for %s returned unexpected error: %m\n", + tests[i].name); + status = 1; + this_ok = false; + } + } + + if (this_ok) + printf ("limit %s OK\n", tests[i].name); + } + + return status; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/sunrpc/Makefile b/sunrpc/Makefile index 4a2c60eab4..bc826affdd 100644 --- a/sunrpc/Makefile +++ b/sunrpc/Makefile @@ -85,6 +85,7 @@ all: # Make this the default target; it will be defined in Rules. include ../Makeconfig +tests = tst-xdrmem xtests := tst-getmyaddr ifeq ($(have-thread-library),yes) diff --git a/sunrpc/tst-xdrmem.c b/sunrpc/tst-xdrmem.c new file mode 100644 index 0000000000..0c9929c6ed --- /dev/null +++ b/sunrpc/tst-xdrmem.c @@ -0,0 +1,205 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + Contributed by Jakub Jelinek , 2005. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + XDR xdrs; + unsigned char buf[8192]; + int v_int; + u_int v_u_int; + long v_long; + u_long v_u_long; + quad_t v_hyper; + u_quad_t v_u_hyper; + quad_t v_longlong_t; + u_quad_t v_u_longlong_t; + short v_short; + u_short v_u_short; + char v_char; + u_char v_u_char; + bool_t v_bool; + enum_t v_enum; + char *v_wrapstring; + + xdrmem_create (&xdrs, (char *) buf, sizeof (buf), XDR_ENCODE); + +#define TESTS \ + T(int, 0) \ + T(int, CHAR_MAX) \ + T(int, CHAR_MIN) \ + T(int, SHRT_MAX) \ + T(int, SHRT_MIN) \ + T(int, INT_MAX) \ + T(int, INT_MIN) \ + T(int, 0x123) \ + T(u_int, 0) \ + T(u_int, UCHAR_MAX) \ + T(u_int, USHRT_MAX) \ + T(u_int, UINT_MAX) \ + T(u_int, 0xdeadbeef) \ + T(u_int, 0x12345678) \ + T(long, 0) \ + T(long, 2147483647L) \ + T(long, -2147483648L) \ + T(long, -305419896L) \ + T(long, -305419896L) \ + T(u_long, 0) \ + T(u_long, 0xffffffffUL) \ + T(u_long, 0xdeadbeefUL) \ + T(u_long, 0x12345678UL) \ + T(hyper, 0) \ + T(hyper, CHAR_MAX) \ + T(hyper, CHAR_MIN) \ + T(hyper, SHRT_MAX) \ + T(hyper, SHRT_MIN) \ + T(hyper, INT_MAX) \ + T(hyper, INT_MIN) \ + T(hyper, LONG_MAX) \ + T(hyper, LONG_MIN) \ + T(hyper, LONG_LONG_MAX) \ + T(hyper, LONG_LONG_MIN) \ + T(hyper, 0x12312345678LL) \ + T(hyper, 0x12387654321LL) \ + T(u_hyper, 0) \ + T(u_hyper, UCHAR_MAX) \ + T(u_hyper, USHRT_MAX) \ + T(u_hyper, UINT_MAX) \ + T(u_hyper, ULONG_MAX) \ + T(u_hyper, ULONG_LONG_MAX) \ + T(u_hyper, 0xdeadbeefdeadbeefULL) \ + T(u_hyper, 0x12312345678ULL) \ + T(u_hyper, 0x12387654321ULL) \ + T(longlong_t, 0) \ + T(longlong_t, CHAR_MAX) \ + T(longlong_t, CHAR_MIN) \ + T(longlong_t, SHRT_MAX) \ + T(longlong_t, SHRT_MIN) \ + T(longlong_t, INT_MAX) \ + T(longlong_t, INT_MIN) \ + T(longlong_t, LONG_MAX) \ + T(longlong_t, LONG_MIN) \ + T(longlong_t, LONG_LONG_MAX) \ + T(longlong_t, LONG_LONG_MIN) \ + T(longlong_t, 0x12312345678LL) \ + T(longlong_t, 0x12387654321LL) \ + T(u_longlong_t, 0) \ + T(u_longlong_t, UCHAR_MAX) \ + T(u_longlong_t, USHRT_MAX) \ + T(u_longlong_t, UINT_MAX) \ + T(u_longlong_t, ULONG_MAX) \ + T(u_longlong_t, ULONG_LONG_MAX) \ + T(u_longlong_t, 0xdeadbeefdeadbeefULL)\ + T(u_longlong_t, 0x12312345678ULL) \ + T(u_longlong_t, 0x12387654321ULL) \ + T(short, CHAR_MAX) \ + T(short, CHAR_MIN) \ + T(short, SHRT_MAX) \ + T(short, SHRT_MIN) \ + T(short, 0x123) \ + T(u_short, 0) \ + T(u_short, UCHAR_MAX) \ + T(u_short, USHRT_MAX) \ + T(u_short, 0xbeef) \ + T(u_short, 0x5678) \ + T(char, CHAR_MAX) \ + T(char, CHAR_MIN) \ + T(char, 0x23) \ + T(u_char, 0) \ + T(u_char, UCHAR_MAX) \ + T(u_char, 0xef) \ + T(u_char, 0x78) \ + T(bool, 0) \ + T(bool, 1) \ + T(enum, 0) \ + T(enum, CHAR_MAX) \ + T(enum, CHAR_MIN) \ + T(enum, SHRT_MAX) \ + T(enum, SHRT_MIN) \ + T(enum, INT_MAX) \ + T(enum, INT_MIN) \ + T(enum, 0x123) \ + S(wrapstring, (char *) "") \ + S(wrapstring, (char *) "hello, world") + +#define T(type, val) \ + v_##type = val; \ + if (! xdr_##type (&xdrs, &v_##type)) \ + { \ + puts ("encoding of " #type \ + " " #val " failed"); \ + return 1; \ + } +#define S(type, val) T(type, val) + + TESTS +#undef T +#undef S + + xdr_destroy (&xdrs); + + xdrmem_create (&xdrs, (char *) buf, sizeof (buf), XDR_DECODE); + +#define T(type, val) \ + v_##type = 0x15; \ + if (! xdr_##type (&xdrs, &v_##type)) \ + { \ + puts ("decoding of " #type \ + " " #val " failed"); \ + return 1; \ + } \ + if (v_##type != val) \ + { \ + puts ("decoded value differs, " \ + "type " #type " " #val); \ + return 1; \ + } +#define S(type, val) \ + v_##type = NULL; \ + if (! xdr_##type (&xdrs, &v_##type)) \ + { \ + puts ("decoding of " #type \ + " " #val " failed"); \ + return 1; \ + } \ + if (strcmp (v_##type, val)) \ + { \ + puts ("decoded value differs, " \ + "type " #type " " #val); \ + return 1; \ + } \ + free (v_##type); \ + v_##type = NULL; + + TESTS +#undef T +#undef S + + xdr_destroy (&xdrs); + + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/sunrpc/xdr.c b/sunrpc/xdr.c index 411cbe1ab1..1f25e3e9c0 100644 --- a/sunrpc/xdr.c +++ b/sunrpc/xdr.c @@ -239,7 +239,7 @@ xdr_hyper (XDR *xdrs, quad_t *llp) if (!XDR_GETLONG(xdrs, &t1) || !XDR_GETLONG(xdrs, &t2)) return FALSE; *llp = ((quad_t) t1) << 32; - *llp |= (unsigned long int) t2; + *llp |= (uint32_t) t2; return TRUE; } @@ -272,7 +272,7 @@ xdr_u_hyper (XDR *xdrs, u_quad_t *ullp) if (!XDR_GETLONG(xdrs, &t1) || !XDR_GETLONG(xdrs, &t2)) return FALSE; *ullp = ((u_quad_t) t1) << 32; - *ullp |= (unsigned long int) t2; + *ullp |= (uint32_t) t2; return TRUE; } diff --git a/sysdeps/generic/dl-osinfo.h b/sysdeps/generic/dl-osinfo.h index b8e40d5a76..60b84a900d 100644 --- a/sysdeps/generic/dl-osinfo.h +++ b/sysdeps/generic/dl-osinfo.h @@ -1 +1,12 @@ -/* Nothing needed in general. */ +#include + +static inline uintptr_t __attribute__ ((always_inline)) +_dl_setup_stack_chk_guard (void) +{ + uintptr_t ret = 0; + unsigned char *p = (unsigned char *) &ret; + p[sizeof (ret) - 1] = 255; + p[sizeof (ret) - 2] = '\n'; + p[0] = 0; + return ret; +} diff --git a/sysdeps/generic/libc-start.c b/sysdeps/generic/libc-start.c index f0d69b443b..3fcadcf19f 100644 --- a/sysdeps/generic/libc-start.c +++ b/sysdeps/generic/libc-start.c @@ -35,6 +35,11 @@ extern void __pthread_initialize_minimal (void) __attribute__ ((weak)) # endif ; +# ifndef THREAD_SET_STACK_GUARD +/* Only exported for architectures that don't store the stack guard canary + in thread local area. */ +uintptr_t __stack_chk_guard attribute_relro; +# endif #endif #ifdef HAVE_PTR_NTHREADS @@ -152,6 +157,16 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL), __pthread_initialize_minimal (); #endif +# ifndef SHARED + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +# ifdef THREAD_SET_STACK_GUARD + THREAD_SET_STACK_GUARD (stack_chk_guard); +# else + __stack_chk_guard = stack_chk_guard; +# endif +#endif + /* Register the destructor of the dynamic linker if there is any. */ if (__builtin_expect (rtld_fini != NULL, 1)) __cxa_atexit ((void (*) (void *)) rtld_fini, NULL, NULL); diff --git a/sysdeps/generic/libc-tls.c b/sysdeps/generic/libc-tls.c index 0cf884ca08..bfb6de0f73 100644 --- a/sysdeps/generic/libc-tls.c +++ b/sysdeps/generic/libc-tls.c @@ -133,17 +133,6 @@ __libc_setup_tls (size_t tcbsize, size_t tcbalign) break; } -#ifdef TLS_INIT_TP_EXPENSIVE - if (memsz == 0 && tcbsize <= TLS_INIT_TCB_SIZE) - { - /* We do not need a TLS block and no thread descriptor. */ -# ifdef NONTLS_INIT_TP - NONTLS_INIT_TP; -# endif - return; - } -#endif - /* We have to set up the TCB block which also (possibly) contains 'errno'. Therefore we avoid 'malloc' which might touch 'errno'. Instead we use 'sbrk' which would only uses 'errno' if it fails. diff --git a/sysdeps/ia64/strlen.S b/sysdeps/ia64/strlen.S index a05b054ed8..518d86b0d2 100644 --- a/sysdeps/ia64/strlen.S +++ b/sysdeps/ia64/strlen.S @@ -1,6 +1,6 @@ /* Optimized version of the standard strlen() function. This file is part of the GNU C Library. - Copyright (C) 2000, 2001, 2003 Free Software Foundation, Inc. + Copyright (C) 2000, 2001, 2003, 2005 Free Software Foundation, Inc. Contributed by Dan Pop . The GNU C Library is free software; you can redistribute it and/or @@ -73,7 +73,7 @@ ENTRY(strlen) ld8 val1 = [str], 8;; nop.b 0 nop.b 0 -l2: ld8.s val2 = [str], 8 // don't bomb out here +.l2: ld8.s val2 = [str], 8 // don't bomb out here czx1.r pos0 = val1 ;; cmp.ne p6, p0 = 8, pos0 @@ -81,7 +81,7 @@ l2: ld8.s val2 = [str], 8 // don't bomb out here chk.s val2, .recovery .back: mov val1 = val2 - br.cond.dptk l2 + br.cond.dptk .l2 .foundit: sub tmp = str, origadd // tmp = crt address - orig add len = len, pos0;; diff --git a/sysdeps/unix/sysv/linux/alpha/bits/resource.h b/sysdeps/unix/sysv/linux/alpha/bits/resource.h index 8bbd301dd9..2163745840 100644 --- a/sysdeps/unix/sysv/linux/alpha/bits/resource.h +++ b/sysdeps/unix/sysv/linux/alpha/bits/resource.h @@ -98,7 +98,7 @@ enum __rlimit_resource /* Maximum realtime priority allowed for non-priviledged processes. */ __RLIMIT_RTPRIO = 14, -#define RLIMIT_RTPRIO _RLIMIT_RTPRIO +#define RLIMIT_RTPRIO __RLIMIT_RTPRIO __RLIMIT_NLIMITS = 15, __RLIM_NLIMITS = __RLIMIT_NLIMITS diff --git a/sysdeps/unix/sysv/linux/bits/resource.h b/sysdeps/unix/sysv/linux/bits/resource.h index 115739d439..526cdaf53c 100644 --- a/sysdeps/unix/sysv/linux/bits/resource.h +++ b/sysdeps/unix/sysv/linux/bits/resource.h @@ -98,7 +98,7 @@ enum __rlimit_resource /* Maximum realtime priority allowed for non-priviledged processes. */ __RLIMIT_RTPRIO = 14, -#define RLIMIT_RTPRIO _RLIMIT_RTPRIO +#define RLIMIT_RTPRIO __RLIMIT_RTPRIO __RLIMIT_NLIMITS = 15, __RLIM_NLIMITS = __RLIMIT_NLIMITS diff --git a/sysdeps/unix/sysv/linux/dl-osinfo.h b/sysdeps/unix/sysv/linux/dl-osinfo.h index 03e1de716c..e374023841 100644 --- a/sysdeps/unix/sysv/linux/dl-osinfo.h +++ b/sysdeps/unix/sysv/linux/dl-osinfo.h @@ -23,6 +23,7 @@ #include #include "kernel-features.h" #include +#include #ifndef MIN # define MIN(a,b) (((a)<(b))?(a):(b)) @@ -157,3 +158,24 @@ _dl_discover_osversion (void) else if (__LINUX_KERNEL_VERSION > 0) \ FATAL ("FATAL: cannot determine kernel version\n"); \ } while (0) + +static inline uintptr_t __attribute__ ((always_inline)) +_dl_setup_stack_chk_guard (void) +{ + uintptr_t ret; +#ifdef ENABLE_STACKGUARD_RANDOMIZE + int fd = __open ("/dev/urandom", O_RDONLY); + if (fd >= 0) + { + ssize_t reslen = __read (fd, &ret, sizeof (ret)); + __close (fd); + if (reslen == (ssize_t) sizeof (ret)) + return ret; + } +#endif + ret = 0; + unsigned char *p = (unsigned char *) &ret; + p[sizeof (ret) - 1] = 255; + p[sizeof (ret) - 2] = '\n'; + return ret; +} diff --git a/sysdeps/unix/sysv/linux/sparc/bits/resource.h b/sysdeps/unix/sysv/linux/sparc/bits/resource.h index 8e7b64f996..3f2c600141 100644 --- a/sysdeps/unix/sysv/linux/sparc/bits/resource.h +++ b/sysdeps/unix/sysv/linux/sparc/bits/resource.h @@ -98,7 +98,7 @@ enum __rlimit_resource /* Maximum realtime priority allowed for non-priviledged processes. */ __RLIMIT_RTPRIO = 14, -#define RLIMIT_RTPRIO _RLIMIT_RTPRIO +#define RLIMIT_RTPRIO __RLIMIT_RTPRIO __RLIMIT_NLIMITS = 15, __RLIM_NLIMITS = __RLIMIT_NLIMITS -- cgit 1.4.1