about summary refs log tree commit diff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* workaround another sendmsg kernel bug on 64-bit machinesRich Felker2012-07-121-0/+13
| | | | | | | | | the kernel wrongly expects the cmsg length field to be size_t instead of socklen_t. in order to work around the issue, we have to impose a length limit and copy to a local buffer. the length limit should be more than sufficient for any real-world use; these headers are only used for passing file descriptors and permissions between processes over unix sockets.
* fix several locks that weren't updated right for new futex-based __lockRich Felker2012-07-124-10/+10
| | | | | | these could have caused memory corruption due to invalid accesses to the next field. all should be fixed now; I found the errors with fgrep -r '__lock(&', which is bogus since the argument should be an array.
* fix pthread_kill unlockingRich Felker2012-07-121-1/+1
| | | | it had not been updated for the futex-based locks
* fix breakage of x86_64 sigaction from recent changes for mipsRich Felker2012-07-121-1/+1
|
* fix potential race condition in detached threadsRich Felker2012-07-112-4/+10
| | | | | | | after the thread unmaps its own stack/thread structure, the kernel, performing child tid clear and futex wake, could clobber a new mapping made at the same location as the just-removed thread's tid field. disable kernel clearing of child tid to prevent this.
* mips clone: don't free stack space used to copy argRich Felker2012-07-111-1/+0
| | | | | | the mips abi reserves stack space equal to the size of the in-register args for the callee to save the args, if desired. this would cause the beginning of the thread structure to be clobbered...
* fix mips clone() on real linux kernelRich Felker2012-07-111-4/+7
| | | | | | the old code worked in qemu app-level emulation, but not on real kernels where the clone syscall does not copy the register values to the new thread. save arguments on the new thread stack instead.
* fix clone() on mips (args were in wrong order)Rich Felker2012-07-111-3/+2
| | | | with this change, threads on mips seem to be working
* first attempt at making threads work on mipsRich Felker2012-07-113-0/+67
|
* generic c version of __set_thread_area for archs where it worksRich Felker2012-07-111-1/+5
| | | | on other archs, like x86[_64], asm version is required
* initial version of mips (o32) port, based on work by Richard Pennington (rdp)Rich Felker2012-07-115-0/+105
| | | | | | | | | | | | | basically, this version of the code was obtained by starting with rdp's work from his ellcc source tree, adapting it to musl's build system and coding style, auditing the bits headers for discrepencies with kernel definitions or glibc/LSB ABI or large file issues, fixing up incompatibility with the old binutils from aboriginal linux, and adding some new special cases to deal with the oddities of sigaction and pipe syscall interfaces on mips. at present, minimal test programs work, but some interfaces are broken or missing. threaded programs probably will not link.
* remove unused var in new sigaction codeRich Felker2012-07-111-1/+1
|
* use unsigned bitmask for consistency in ksigactionRich Felker2012-07-111-1/+1
| | | | | the type doesn't actually matter, just the size, but it's nice to be consistent...
* fix breakage from last commit: forgot to include ksigaction.hRich Felker2012-07-111-0/+6
| | | | this file can be overridden by a same-named file in an arch dir.
* changes to kernel sigaction struct handling in preparation for mips portRich Felker2012-07-112-14/+17
|
* make dynamic linker depend on -DSHARED not -fPICRich Felker2012-07-111-1/+1
| | | | | | if libc.a is compiled PIC for use in static PIE code, this should not cause the dynamic linker (which still does not support static-linked main program) to be built into libc.a.
* fix lots of breakage on dlopen, mostly with explicit pathnamesRich Felker2012-07-111-14/+21
| | | | | | | | | | | | | | | | | | most importantly, the name for such libs was being set from an uninitialized buffer. also, shortname always had an initial '/' character, making it useless for looking up already-loaded libraries by name, and thus causing repeated searches through the library path. major changes now: - shortname is the base name for library lookups with no explicit pathname. it's initially clear for libraries loaded with an explicit pathname (and for the main program), but will be set if the same library (detected via inodes match) is later found by a search. - exact name match is never used to identify libraries loaded with an explicit pathname. in this case, there's no explicit search, so we can just stat the file and check for inode match.
* fix dlsym RTLD_NEXT supportRich Felker2012-07-071-1/+3
| | | | | | | | previously this was being handled the same as a library-specific, dependency-order lookup on the next library in the global chain, which is likely to be utterly meaningless. instead the lookup needs to be in the global namespace, but omitting the initial portion of the global library chain up through the calling library.
* putw is supposed to return 0 (not the value written) on successRich Felker2012-07-041-1/+1
| | | | | this is not a standard but it's the traditional behavior and it's more useful because the caller can reliably detect errors.
* make sure getw/putw agree with prototypes by defining _GNU_SOURCERich Felker2012-07-042-0/+2
|
* jmp_buf overhaul fixing several issuesRich Felker2012-07-032-10/+7
| | | | | | | | | | | | | on arm, the location of the saved-signal-mask flag and mask were off by one between sigsetjmp and siglongjmp, causing incorrect behavior restoring the signal mask. this is because the siglongjmp code assumed an extra slot was in the non-sig jmp_buf for the flag, but arm did not have this. now, the extra slot is removed for all archs since it was useless. also, arm eabi requires jmp_buf to have 8-byte alignment. we achieve that using long long as the type rather than with non-portable gcc attribute tags.
* fix sigsetjmp on arm (needs asm)Rich Felker2012-07-021-0/+13
| | | | | | no idea why gcc refuses to compile the C code to use a tail call, but it's best to use asm anyway so we don't have to rely on the quality of the compiler's optimizations for correct code.
* fix missing function declarations for __stdio_exitRich Felker2012-07-022-0/+4
|
* fix missing prototype and simplify sincosl on ld64 archsRich Felker2012-07-021-4/+2
|
* fix invalid implicit pointer conversion in ld64 modflRich Felker2012-07-021-1/+1
|
* replace old and ugly crypt implementationRich Felker2012-06-293-2574/+1055
| | | | | | | | | | | | | | | | | | | | | | | | | the new version is largely the work of Solar Designer, with minor changes for integration with musl. compared to the old code, text size is reduced by about 7k, stack space usage by about 70k, and performance is greatly improved by avoiding expensive calculation of constant tables on each run. this version also adds support for extended des-based password hashes, which allow for unlimited key (password) length and configurable iteration counts. i've also published the interface for crypt_r in a new crypt.h header. especially since this is not a standard interface, i did not feel compelled to match the glibc abi for the crypt_data structure. the glibc structure is way too big to allocate on the stack; in fact it's so big that the first usage may cause the main thread to exceed its pre-committed stack size of 128k and thus could cause the program to crash even on systems with overcommit disabled. the only legitimate use of crypt_data for crypt_r is to store the hash string to return, so i've reserved 256 bytes, which should be more than sufficient (longest known password hashes are ~60 characters, and beyond that is possibly even exceeding some implementations' passwd file field size limit).
* add process_vm_readv and process_vm_writev syscall wrappersRich Felker2012-06-231-0/+13
| | | | based on a patch submitted by Kristian L. <email@thexception.net>
* proper error handling for fcntl F_GETOWN on modern kernelsRich Felker2012-06-201-1/+9
| | | | | | on old kernels, there's no way to detect errors; we must assume negative syscall return values are pgrp ids. but if the F_GETOWN_EX fcntl works, we can get a reliable answer.
* math: fix fma bug on x86 (found by Bruno Haible with gnulib)nsz2012-06-201-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | The long double adjustment was wrong: The usual check is mant_bits & 0x7ff == 0x400 before doing a mant_bits++ or mant_bits-- adjustment since this is the only case when rounding an inexact ld80 into double can go wrong. (only in nearest rounding mode) After such a check the ++ and -- is ok (the mantissa will end in 0x401 or 0x3ff). fma is a bit different (we need to add 3 numbers with correct rounding: hi_xy + lo_xy + z so we should survive two roundings at different places without precision loss) The adjustment in fma only checks for zero low bits mant_bits & 0x3ff == 0 this way the adjusted value is correct when rounded to double or *less* precision. (this is an important piece in the fma puzzle) Unfortunately in this case the -- is not a correct adjustment because mant_bits might underflow so further checks are needed and this was the source of the bug.
* fix broken wcwidth tablesRich Felker2012-06-201-7/+8
| | | | | | unicode char data has both "W" and "F" wide types and the old table only included the "W" ones. this omitted U+3000 (ideographic space) and all the wide-ascii, etc.
* support ld80 pseudo-denormal invalid bit patterns; treat them as nanRich Felker2012-06-201-2/+5
| | | | | this is silly, but it makes apps that read binary junk and interpret it as ld80 "safer", and it gets gnulib to stop replacing printf...
* fix ptsname_r to conform to the upcoming posix requirementsRich Felker2012-06-202-4/+13
| | | | it should return the error code rather than 0/-1 and setting errno.
* fix fwrite return value when full write does not succeedRich Felker2012-06-201-1/+1
|
* avoid cancellation in pcloseRich Felker2012-06-201-3/+4
| | | | | | | | | | | | | | at the point pclose might receive and act on cancellation, it has already invalidated the FILE passed to it. thus, per musl's QOI guarantees about cancellation and resource allocation/deallocation, it's not a candidate for cancellation. if it were required to be a cancellation point by posix, we would have to switch the order of deallocation, but somehow still close the pipe in order to trigger the child process to exit. i looked into doing this, but the logic gets ugly, and i'm not sure the semantics are conformant, so i'd rather just leave it alone unless there's a need to change it.
* fix invalid memory access in pcloseRich Felker2012-06-201-1/+2
|
* make popen cancellation-safeRich Felker2012-06-201-0/+7
| | | | | | | close was the only cancellation point called from popen, but it left popen with major resource leaks if any call to close got cancelled. the easiest, cheapest fix is just to use a non-cancellable close function.
* popen: handle issues with fd0/1 being closedRich Felker2012-06-201-3/+3
| | | | | also check for failure of dup2 and abort the child rather than reading/writing the wrong file.
* duplocale: don't crash when called with LC_GLOBAL_LOCALERich Felker2012-06-201-1/+1
| | | | | posix has resolved to add this usage; for now, we just avoid writing anything to the new locale object since it's not used anyway.
* make strerror_r behave nicer on failureRich Felker2012-06-201-2/+8
| | | | | | | if the buffer is too short, at least return a partial string. this is helpful if the caller is lazy and does not check for failure. care is taken to avoid writing anything if the buffer length is zero, and to always null-terminate when the buffer length is non-zero.
* fix another oob pointer arithmetic issue in printf floating pointRich Felker2012-06-201-1/+1
| | | | | | this one could never cause any problems unless the compiler/machine goes to extra trouble to break oob pointer arithmetic, but it's best to fix it anyway.
* minor perror behavior fixRich Felker2012-06-201-1/+1
| | | | patch by nsz
* fix localeconv values and implementationRich Felker2012-06-191-15/+28
| | | | | | | | dynamic-allocation of the structure is not valid; it can crash an application if malloc fails. since localeconv is not specified to have failure conditions, the object needs to have static storage duration. need to review whether all the values are right or not still..
* fix mistake in length test in getlogin_rRich Felker2012-06-191-1/+1
| | | | | this was actually dangerously wrong, but presumably nobody uses this broken function anymore anyway..
* fix dummied-out fsyncRich Felker2012-06-191-2/+1
| | | | | | | if we eventually have build options, it might be nice to make an option to dummy this out again, in case anybody needs a system-wide disable for disk/ssd-thrashing, etc. that some daemons do when logging...
* fix dummied-out fdatasyncRich Felker2012-06-191-1/+1
|
* fix pointer overflow bug in floating point printfRich Felker2012-06-191-3/+3
| | | | | | | | | | | | | | | | | | | | | large precision values could cause out-of-bounds pointer arithmetic in computing the precision cutoff (used to avoid expensive long-precision arithmetic when the result will be discarded). per the C standard, this is undefined behavior. one would expect that it works anyway, and in fact it did in most real-world cases, but it was randomly (depending on aslr) crashing in i386 binaries running on x86_64 kernels. this is because linux puts the userspace stack near 4GB (instead of near 3GB) when the kernel is 64-bit, leading to the out-of-bounds pointer arithmetic overflowing past the end of address space and giving a very low pointer value, which then compared lower than a pointer it should have been higher than. the new code rearranges the arithmetic so that no overflow can occur. while this bug could crash printf with memory corruption, it's unlikely to have security impact in real-world applications since the ability to provide an extremely large field precision value under attacker-control is required to trigger the bug.
* add vhangup syscall wrapperRich Felker2012-06-191-0/+8
| | | | | | request/patch by william haddonthethird, slightly modifed to add _GNU_SOURCE feature test macro so that the compiler can verify the prototype matches.
* add new stdio extension functions to make gnulib happyRich Felker2012-06-191-0/+24
| | | | | this is mildly ugly, but less ugly than gnulib trying to poke at the definition of the FILE structure...
* stdio: handle file position correctly at program exitRich Felker2012-06-194-6/+40
| | | | | | | | | | | | | | | | for seekable files, posix imposed requirements on the offset of the underlying open file description after a stream is closed. this was correctly handled (as a side effect of the unconditional fflush call) when streams were explicitly closed by fclose, but was not handled correctly at program exit time, where fflush(0) was being used. the weak symbol hackery is to pull in __stdio_exit if either of __toread or __towrite is used, but avoid calling it twice so we don't have to keep extra state. the new __stdio_exit is a streamlined fflush variant that avoids performing any unnecessary operations and which never unlocks the files or open file list, so we can be sure no other threads write new data to a stream's buffer after it's already flushed.
* minor cleanup in fflushRich Felker2012-06-191-5/+1
|