| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
if the file descriptor resource limit has been increased past
FD_SETSIZE, this is actually a security issue; we could write past the
end of the fd_set object. using poll makes it a non-issue, and
simplifies the code at the same time.
also, use clock_gettime instead of gettimeofday, for reduced bloat
and better entropy.
|
|
|
|
|
|
|
| |
for now this is just a tiny optimization, but later if we support
cancellation from __stdio_read and __stdio_write, it will be necessary
for the recusrive lock count to be zero in order for these functions
to know they are responsible for unlocking the FILE on cancellation.
|
|
|
|
|
|
| |
the arm syscall abi requires 64-bit arguments to be aligned on an even
register boundary. these new macros facilitate meeting the abi
requirement without imposing significant ugliness on the code.
|
| |
|
|
|
|
|
| |
at the same time, make struct statfs match the traditional definition
and make it more useful, especially the fsid_t stuff.
|
|
|
|
|
| |
this was the cause of crashes in printf when attempting to print
floating point values.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this port assumes eabi calling conventions, eabi linux syscall
convention, and presence of the kernel helpers at 0xffff0f?0 needed
for threads support. otherwise it makes very few assumptions, and the
code should work even on armv4 without thumb support, as well as on
systems with thumb interworking. the bits headers declare this a
little endian system, but as far as i can tell the code should work
equally well on big endian.
some small details are probably broken; so far, testing has been
limited to qemu/aboriginal linux.
|
|
|
|
|
| |
it does not work, but some configure scripts will falsely detect
support then generate programs that crash when they call dlopen.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
several things are changed. first, i have removed the old __uniclone
function signature and replaced it with the "standard" linux
__clone/clone signature. this was necessary to expose clone to
applications anyway, and it makes it easier to port __clone to new
archs, since it's now testable independently of pthread_create.
secondly, i have removed all references to the ugly ldt descriptor
structure (i386 only) from the c code and pthread structure. in places
where it is needed, it is now created on the stack just when it's
needed, in assembly code. thus, the i386 __clone function takes the
desired thread pointer as its argument, rather than an ldt descriptor
pointer, just like on all other sane archs. this should not affect
applications since there is really no way an application can use clone
with threads/tls in a way that doesn't horribly conflict with and
clobber the underlying implementation's use. applications are expected
to use clone only for creating actual processes, possibly with new
namespace features and whatnot.
|
|
|
|
|
|
|
|
| |
eventually we may have a working "generic" implementation for archs
that don't need anything special. in any case, the goal of having
stubs like this is to allow early testing of new ports before all the
details needed for threads have been filled in. more functions like
this will follow.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
i blame this one on posix for using hideous const-qualified double
pointers which are unusable without hideous casts.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
previous fix was backwards and propagated the wrong type rather than
the right one...
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
programs that use this tend to horribly botch international text
support, so it's questionable whether we want to support it even in
the long term... for now, it's just a dummy that calls strcmp.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on spurious wakeups/returns from __timedwait, pthread_join would
"succeed" and unmap the thread's stack while it was still running. at
best this would lead to SIGSEGV when the thread resumed execution, but
in the worst case, the thread would later resume executing on top of
another new thread's stack mapped at the same address.
spent about 4 hours tracking this bug down, chasing rare
difficult-to-reproduce stack corruption in a stress test program.
still no idea *what* caused the spurious wakeups; i suspect it's a
kernel bug.
|
|
|
|
|
|
|
|
|
| |
this seeme to be the bug that prevented enabling of private futex
support. i'm going to hold off on switching to private futexes until
after the next release, and until i get a chance to audit all
wait/wake calls to make sure they're using the correct private
argument, but with this change it should be safe to enable private
futex support.
|
|
|
|
|
| |
some features are not yet supported, and only minimal testing has been
performed. should be considered experimental at this point.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
null termination is only added when current size grows.
in update modes, null termination is not added if it does not fit
(i.e. it is not allowed to clobber data).
these rules make very little sense, but that's how it goes..
|
|
|
|
|
|
| |
read should not be allowed past "current size".
append mode should write at "current size", not buffer size.
null termination should not be written except when "current size" grows.
|
|
|
|
|
|
|
|
|
|
|
| |
this is not strictly required by the standard, but without it, there
is a race condition where cancellation arriving just before async
cancellation is enabled might not be acted upon. it is impossible for
a conforming application to work around this race condition since
calling pthread_testcancel after setting async cancellation mode is
not allowed (pthread_testcancel is not specified to be
async-cancel-safe). thus the implementation should be responsible for
eliminating the race, from a quality-of-implementation standpoint.
|
| |
|
|
|
|
|
|
| |
disallow seek past end of buffer (per posix)
fix position accounting to include data buffered for read
don't set eof flag when no data was requested
|
|
|
|
|
| |
the addition is safe and cannot overflow because both operands are
positive when considered as signed quantities.
|
| |
|
|
|
|
|
|
| |
the expression -off is not safe in case off is the most-negative
value. instead apply - to base which is known to be non-negative and
bounded within sanity.
|
|
|
|
| |
testing so far has been minimal. may need further work.
|
| |
|
|
|
|
|
|
| |
not heavily tested, but it seems to be correct, including the odd
behavior that seeking is in terms of wide character count. this
precludes any simple buffering, so we just make the stream unbuffered.
|
|
|
|
|
| |
the return address was being truncated to 32 bits, preventing the
dlsym code from determining which module contains the calling code.
|
|
|
|
|
| |
this is the first attempt, and may have bugs. only minimal testing has
been performed.
|
| |
|
|
|
|
|
|
| |
its existence doesn't hurt anything, and dynamic-linked binaries using
previous versions of musl were wrongly binding to it instead of
__environ.
|
|
|
|
|
|
|
| |
gcc generates extremely bad code (7 byte immediate mov) for the old
null pointer write approach. it should be generating something like
"xor %eax,%eax ; mov %al,(%eax)". in any case, using a dedicated
crashing opcode accomplishes the same thing in one byte.
|
|
|
|
|
|
|
|
|
|
|
| |
this behavior (opening fds 0-2 for a suid program) is explicitly
allowed (but not required) by POSIX to protect badly-written suid
programs from clobbering files they later open.
this commit does add some cost in startup code, but the availability
of auxv and the security flag will be useful elsewhere in the future.
in particular auxv is needed for static-linked vdso support, which is
still waiting to be committed (sorry nik!)
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
it's missing at least:
- derived fields
- week numbers
- short year (without century) support
- locale modifiers
|