This patch fixes backtrace for PPC32 and PPC64 to correctly handle
signal trampolines. The 'debug/tst-backtrace6.c' also check for
SA_SIGINFO handling, where is triggers another vDSO symbols for PPC32.
This patch fixes dlfcn/tststatic5 for PowerPC where pagesize
variable was not properly initialized in certain cases. This patch
is based on other architecture code.
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
The generated header is compiled with `-ffreestanding' to avoid any
circular dependencies against the installed implementation headers.
Such a dependency would require the implementation header to be
installed before the generated header could be built (See bug 15711).
In current practice the generated header dependencies do not include
any of the implementation headers removed by the use of `-ffreestanding'.
---
2013-07-15 Carlos O'Donell <carlos@redhat.com>
[BZ #15711]
* sysdeps/unix/sysv/linux/Makefile ($(objpfx)bits/syscall%h):
Avoid system header dependency with -ffreestanding.
($(objpfx)bits/syscall%d): Likewise.
This patch introduces two new convenience functions to set the default
thread attributes used for creating threads. This allows a programmer
to set the default thread attributes just once in a process and then
run pthread_create without additional attributes.
__clock_gettime and other __clock_* functions could result in an extra
PLT reference within libc.so if it actually gets used. None of the
code currently uses them, which is why this probably went unnoticed.
PowerPC kernel now provides a vDSO implementation for time syscall
(commit fcb41a2030abe0eb716ef0798035ef9562097f42). This patch changes
time syscall wrapper to use the vDSO when available. It also changes
the default non vDSO time on PowerPC to use sysdeps/posix/time.c
(since gettimeofday is a vDSO call).
* sysdeps/gnu/netinet/tcp.h (TCP_TIMESTAMP): New value, from
Linux 3.9.
* sysdeps/unix/sysv/linux/bits/socket.h (PF_VSOCK, AF_VSOCK):
Add.
(PF_MAX): Adjust for VSOCK change.
Kay Sievers reported that coreutils' stat tool has a problem with
s390's statfs[64] definition:
> The definition of struct statfs::f_type needs a fix. s390 is the only
> architecture in the kernel that uses an int and expects magic
> constants lager than INT_MAX to fit into.
>
> A fix is needed to make Fedora boot on s390, it currently fails to do
> so. Userspace does not want to add code to paper-over this issue.
[...]
> Even coreutils cannot handle it:
> #define RAMFS_MAGIC 0x858458f6
> # stat -f -c%t /
> ffffffff858458f6
>
> #define BTRFS_SUPER_MAGIC 0x9123683E
> # stat -f -c%t /mnt
> ffffffff9123683e
The bug is caused by an implicit sign extension within the stat tool:
out_uint_x (pformat, prefix_len, statfsbuf->f_type);
where the format finally will be "%lx".
A similar problem can be found in the 'tail' tool.
s390 is the only architecture which has an int type f_type member in
struct statfs[64]. Other architectures have either unsigned ints or
long values, so that the problem doesn't occur there.
Therefore change the type of the f_type member to unsigned int, so
that we get zero extension instead sign extension when assignment to
a long value happens.
Reported-by: Kay Sievers <kay@vrfy.org>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Fix BZ #15305.
On kernel versions earlier than 2.6.29, the Linux kernel exported a
sysctl called restrict_chown for xfs, which could be used to allow
chown to users other than the owner. 2.6.29 removed this support,
causing the open_not_cancel_2 to fail and thus modify errno. The fix
is to save and restore errno so that the caller sees it as unmodified.
Additionally, since the code to check the sysctl is not useful on
newer kernels, we add an ifdef so that in future the code block gets
rmeoved completely.
Fixes BZ #12723
The variable pipe buffer size does nothing to the value of PIPE_BUF,
since the number of bytes that are atomically written is still
PIPE_BUF on Linux.
* sysdeps/unix/sysv/linux/bits/mman-linux.h (MAP_ANONYMOUS):
Allow definition via __MAP_ANONYMOUS.
* sysdeps/unix/sysv/linux/mips/bits/mman.h: Remove all defines
provided by bits/mman-linux.h and include <bits/mman-linux.h>.
(__MAP_ANONYMOUS): Define.
* sysdeps/unix/sysv/linux/s390/bits/mman.h: Include
<bits/mman-linux.h>.
(MCL_CURRENT, MCL_FUTURE): Do not define here, the generic value
is fine.
* sysdeps/unix/sysv/linux/sh/bits/mman.h: Move include of
<bits/mman-linux.h> to end of file.
(MCL_CURRENT, MCL_FUTURE): Do not define here, the generic value
is fine.
* sysdeps/unix/sysv/linux/x86/bits/mman.h: Move include of
<bits/mman-linux.h> to end of file.
(MCL_CURRENT, MCL_FUTURE): Do not define here, the generic value
is fine.
* sysdeps/unix/sysv/linux/sparc/bits/mman.h: Move include of
<bits/mman-linux.h> to end of file.
* sysdeps/unix/sysv/linux/bits/mman-linux.h [!MCL_CURRENT]
(MCL_CURRENT, MCL_FUTURE): Define here.
* sysdeps/unix/sysv/linux/bits/mman-linux.h: New file, with
Linux common definitions.
* sysdeps/unix/sysv/linux/sh/bits/mman.h: Remove all defines
provided by bits/mman-linux.h and include <bits/mman-linux.h>.
* sysdeps/unix/sysv/linux/x86/bits/mman.h: Likewise.
* sysdeps/unix/sysv/linux/s390/bits/mman.h: Likewise.
* sysdeps/unix/sysv/linux/powerpc/bits/mman.h: Likewise.
* sysdeps/unix/sysv/linux/sh/bits/mman.h: Likewise.
* sysdeps/unix/sysv/linux/sparc/bits/mman.h: Likewise.
This feature is specifically for the C++ compiler to offload calling
thread_local object destructors on thread program exit, to glibc.
This is to overcome the possible complication of destructors of
thread_local objects getting called after the DSO in which they're
defined is unloaded by the dynamic linker. The DSO is marked as
'unloadable' if it has a constructed thread_local object and marked as
'unloadable' again when all the constructed thread_local objects
defined in it are destroyed.
The bsd implementation of ulimit produces wrong return values, so remove it
in favour of the posix implementation.
The only regression for non-Linux implementations using bsd sysdeps and not
providing an own ulimit is that the __UL_GETMAXBRK case (which is non-standard)
is left unimplemented (giving EINVAL).
In order for the __kernel_get_tbfreq vDSO call to work the
INTERNAL_VSYSCALL_NCS macro needed to be updated to prevent it from
assuming an integer return type (since the timebase frequency is a 64-bit
value) by specifying the type of the return type as a macro parameter. The
macro then specifically declares the return value as a 'register' (or
implied pair) of the denoted type. The compiler is then informed that this
register (or implied pair) is to be used for the return value.
Introduce (only on Linux) and use a HAVE_MREMAP symbol to advertize mremap
availability.
Move the malloc-sysdep.h include from arena.c to malloc.c, since what is
provided by malloc-sysdep.h is needed earlier in malloc.c, before the inclusion
of arena.c.
This header uses size_t but doesn't include stddef.h for it. So when
packages happen to include this before any header that defines size_t,
they get a build failure.
Reviewed-by: Carlos O'Donell <codonell@redhat.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_ceil.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_finite.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_floor.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_frexp.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_isinf.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_isnan.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_llround.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_logb.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_lround.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_modf.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_nearbyint.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_remquo.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_rint.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_round.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_scalbln.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_scalbn.c: New file.
* sysdeps/ieee754/ldbl-opt/wordsize-64/s_trunc.c: New file.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/Implies: Add
ieee754/ldbl-opt/wordsize-64.
* sysdeps/powerpc/powerpc64/Implies: Add
ieee754/dbl-64/wordsize-64.
Some arches do not have a __NR_fadvise64 but do have __NR_fadvise64_64.
If the former is unavailable, fallback to the latter.
Reviewed-by: Carlos O'Donell <carlos@systemhalted.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
In commit 26889eacc2 (Remove
__ASSUME_POSIX_CPU_TIMERS), all users of HAS_CPUCLOCK were
dropped. Punt the fallback definition too.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sysdeps/unix/sysv/linux/sparc/sparc64/get_clockfreq.c: Include
inttypes.h
(__get_clockfreq_via_proc_openprom): Use __open, __read, and
__close rather than their public counterparts.
* sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h: Remove all
definitions and declarations that are provided by
<bits/fcntl-linux.h> and include <bits/fcntl-linux.h>.
* sysdeps/unix/sysv/linux/sparc/sparc64/__start_context.S: New file.
* sysdeps/unix/sysv/linux/sparc/sparc64/makecontext.c
(__start_context): Declare.
(__makecontext_ret): Delete.
(__makecontext): Hook up __start_context instead of
__makecontext_ret.
* sysdeps/unix/sysv/linux/sparc/sparc64/Makefile
(sysdep_routines): Add __start_context when in stdlib.
[BZ #14809]
* sysdeps/unix/sysv/linux/sys/sysctl.h (_UAPI_LINUX_KERNEL_H)
(_UAPI_LINUX_TYPES_H): Starting with Linux 3.7, the include header
guards are changed. Only define if not yet defined, #undef back
after including linux/sysctl.h if defined here.
* sysdeps/unix/sysv/linux/x86/bits/fcntl.h (__O_LARGEFILE)
[!__x86_64]: Do not define, take value from <bits/fcntl-linux.h>.
* sysdeps/unix/sysv/linux/s390/bits/fcntl.h (__O_LARGEFILE):
[__WORDSIZE != 64]: Likewise.
* sysdeps/unix/sysv/linux/generic/bits/fcntl.h: (__O_LARGEFILE)
[__WORDSIZE != 64]: Do not define, take value from
<bits/fcntl-linux.h>.
Create a new bits/fcntl-linux.h that contains Linux generic code and a
include it from the architecture specific bits/fcntl.h.
Architectures done: x86, SPARC, s390
(__crypt_r, __crypt): Disable MD5 and DES if FIPS is enabled.
* crypt/md5c-test.c (main): Tolerate disabled MD5.
* sysdeps/unix/sysv/linux/fips-private.h: New file.
* sysdeps/generic/fips-private.h: New file, dummy fallback.
Using madvise with MADV_DONTNEED to release memory back to the kernel
is not sufficient to change the commit charge accounted against the
process on Linux. It is OK however, when overcommit is enabled or is
heuristic. However, when overcommit is restricted to a percentage of
memory setting the contents of /proc/sys/vm/overcommit_memory as 2, it
makes a difference since memory requests will fail. Hence, we do what
we do with secure exec binaries, which is to call mmap on the region
to be dropped with MAP_FIXED. This internally unmaps the pages in
question and reduces the amount of memory accounted against the
process.
The ttyname and ttyname_r functions on Linux now fall back to
searching for the tty file descriptor in /dev/pts or /dev if /proc is
not available. This allows creation of chroots without the procfs
mounted on /proc.
Fixes BZ #14516.
(__ptrace_eventcodes): Add new value PTRACE_EVENT_SECCOMP from Linux 3.5.
(__ptrace_setoptions): Add new value PTRACE_O_TRACESECCOMP, adjust PTRACE_O_MASK.