To improve GCC 10 compatibility, it is necessary to remove the l_audit
zero-length array from the end of struct link_map. In preparation of
that, this commit introduces an accessor function for the audit state,
so that it is possible to change the representation of the audit state
without adjusting the code that accesses it.
Tested on x86_64-linux-gnu. Built on i686-gnu.
Change-Id: Id815673c29950fc011ae5301d7cde12624f658df
GCC 10 will warn about subscribing inner length zero arrays. Use a GCC
extension in csu/libc-tls.c to allocate space for the static_slotinfo
variable. Adjust nptl_db so that the type description machinery does
not attempt to determine the size of the flexible array member slotinfo.
Change-Id: I51be146a7857186a4ede0bb40b332509487bdde8
This does not change generated code (with -fstack-protector-strong), but
is important for formal compiler flags compliance.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This patch fixes the OFD ("file private") locks for architectures that
support non-LFS flock definition (__USE_FILE_OFFSET64 not defined). The
issue in this case is both F_OFD_{GETLK,SETLK,SETLKW} and
F_{SET,GET}L{W}K64 expects a flock64 argument and when using old
F_OFD_* flags with a non LFS flock argument the kernel might interpret
the underlying data wrongly. Kernel idea originally was to avoid using
such flags in non-LFS syscall, but since GLIBC uses fcntl with LFS
semantic as default it is possible to provide the functionality and
avoid the bogus struct kernel passing by adjusting the struct manually
for the required flags.
The idea follows other LFS interfaces that provide two symbols:
1. A new LFS fcntl64 is added on default ABI with the usual macros to
select it for FILE_OFFSET_BITS=64.
2. The Linux non-LFS fcntl use a stack allocated struct flock64 for
F_OFD_{GETLK,SETLK,SETLKW} copy the results on the user provided
struct.
3. Keep a compat symbol with old broken semantic for architectures
that do not define __OFF_T_MATCHES_OFF64_T.
So for architectures which defines __USE_FILE_OFFSET64, fcntl64 will
aliased to fcntl and no adjustment would be required. So to actually
use F_OFD_* with LFS support the source must be built with LFS support
(_FILE_OFFSET_BITS=64).
Also F_OFD_SETLKW command is handled a cancellation point, as for
F_SETLKW{64}.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[BZ #20251]
* NEWS: Mention fcntl64 addition.
* csu/check_fds.c: Replace __fcntl_nocancel by __fcntl64_nocancel.
* login/utmp_file.c: Likewise.
* sysdeps/posix/fdopendir.c: Likewise.
* sysdeps/posix/opendir.c: Likewise.
* sysdeps/unix/pt-fcntl.c: Likewise.
* include/fcntl.h (__libc_fcntl64, __fcntl64,
__fcntl64_nocancel_adjusted): New prototype.
(__fcntl_nocancel_adjusted): Remove prototype.
* io/Makefile (routines): Add fcntl64.
(CFLAGS-fcntl64.c): New rule.
* io/Versions [GLIBC_2.28] (fcntl64): New symbol.
[GLIBC_PRIVATE] (__libc_fcntl): Rename to __libc_fcntl64.
* io/fcntl.h (fcntl64): Add prototype and redirect if
__USE_FILE_OFFSET64 is defined.
* io/fcntl64.c: New file.
* manual/llio.text: Add a note for which commands fcntl acts a
cancellation point.
* nptl/Makefile (CFLAGS-fcntl64.c): New rule.
* sysdeps/mach/hurd/fcntl.c: Alias fcntl to fcntl64 symbols.
* sysdeps/mach/hurd/i386/libc.abilist [GLIBC_2.28] (fcntl, fcntl64):
New symbols.
* sysdeps/unix/sysv/linux/fcntl.c (__libc_fcntl): Fix F_GETLK64,
F_OFD_GETLK, F_SETLK64, F_SETLKW64, F_OFD_SETLK, and F_OFD_SETLKW for
non-LFS case.
* sysdeps/unix/sysv/linux/fcntl64.c: New file.
* sysdeps/unix/sysv/linux/fcntl_nocancel.c (__fcntl_nocancel): Rename
to __fcntl64_nocancel.
(__fcntl_nocancel_adjusted): Rename to __fcntl64_nocancel_adjusted.
* sysdeps/unix/sysv/linux/not-cancel.h (__fcntl_nocancel): Rename
to __fcntl64_nocancel.
* sysdeps/unix/sysv/linux/tst-ofdlocks.c: New file.
* sysdeps/unix/sysv/linux/tst-ofdlocks-compat.c: Likewise.
* sysdeps/unix/sysv/linux/Makefile (tests): Add tst-ofdlocks.
(tests-internal): Add tst-ofdlocks-compat.
* sysdeps/unix/sysv/linux/aarch64/libc.abilist [GLIBC_2.28]
(fcntl64): New symbol.
* sysdeps/unix/sysv/linux/alpha/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/ia64/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist: Likewise.
* sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/arm/libc.abilist [GLIBC_2.28] (fcntl,
fcntl64): Likewise.
* sysdeps/unix/sysv/linux/hppa/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/i386/libc.abilis: Likewise.
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/microblaze/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/nios2/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist:
Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist:
Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/sh/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist: Likewise.
Neither the <dlfcn.h> entry points, nor lazy symbol resolution, nor
initial shared library load-up, are cancellation points, so ld.so
should exclusively use I/O primitives that are not cancellable. We
currently achieve this by having the cancellation hooks compile as
no-ops when IS_IN(rtld); this patch changes to using exclusively
_nocancel primitives in the source code instead, which makes the
intent clearer and significantly reduces the amount of code compiled
under IS_IN(rtld) as well as IS_IN(libc) -- in particular,
elf/Makefile no longer thinks we require a copy of unwind.c in
rtld-libc.a. (The older mechanism is preserved as a backstop.)
The bulk of the change is splitting up the files that define the
_nocancel I/O functions, so they don't also define the variants that
*are* cancellation points; after which, the existing logic for picking
out the bits of libc that need to be recompiled as part of ld.so Just
Works. I did this for all of the _nocancel functions, not just the
ones used by ld.so, for consistency.
fcntl was a little tricky because it's only a cancellation point for
certain opcodes (F_SETLKW(64), which can block), and the existing
__fcntl_nocancel wasn't applying the FCNTL_ADJUST_CMD hook, which
strikes me as asking for trouble, especially as the only nontrivial
definition of FCNTL_ADJUST_CMD (for powerpc64) changes F_*LK* opcodes.
To fix this, fcntl_common moves to fcntl_nocancel.c along with
__fcntl_nocancel, and changes its name to the extern (but hidden)
symbol __fcntl_nocancel_adjusted, so that regular fcntl can continue
calling it. __fcntl_nocancel now applies FCNTL_ADJUST_CMD; so that
both both fcntl.c and fcntl_nocancel.c can see it, the only nontrivial
definition moves from sysdeps/u/s/l/powerpc/powerpc64/fcntl.c to
.../powerpc64/sysdep.h and becomes entirely a macro, instead of a macro
that calls an inline function.
The nptl version of libpthread also changes a little, because its
"compat-routines" formerly included files that defined all the
_nocancel functions it uses; instead of continuing to duplicate them,
I exported the relevant ones from libc.so as GLIBC_PRIVATE. Since the
Linux fcntl.c calls a function defined by fcntl_nocancel.c, it can no
longer be used from libpthread.so; instead, introduce a custom
forwarder, pt-fcntl.c, and export __libc_fcntl from libc.so as
GLIBC_PRIVATE. The nios2-linux ABI doesn't include a copy of vfork()
in libpthread, and it was handling that by manipulating
libpthread-routines in .../linux/nios2/Makefile; it is cleaner to do
what other such ports do, and have a pt-vfork.S that defines no symbols.
Right now, it appears that Hurd does not implement _nocancel I/O, so
sysdeps/generic/not-cancel.h will forward everything back to the
regular functions. This changed the names of some of the functions
that sysdeps/mach/hurd/dl-sysdep.c needs to interpose.
* elf/dl-load.c, elf/dl-misc.c, elf/dl-profile.c, elf/rtld.c
* sysdeps/unix/sysv/linux/dl-sysdep.c
Include not-cancel.h. Use __close_nocancel instead of __close,
__open64_nocancel instead of __open, __read_nocancel instead of
__libc_read, and __write_nocancel instead of __libc_write.
* csu/check_fds.c (check_one_fd)
* sysdeps/posix/fdopendir.c (__fdopendir)
* sysdeps/posix/opendir.c (__alloc_dir): Use __fcntl_nocancel
instead of __fcntl and/or __libc_fcntl.
* sysdeps/unix/sysv/linux/pthread_setname.c (pthread_setname_np)
* sysdeps/unix/sysv/linux/pthread_getname.c (pthread_getname_np)
* sysdeps/unix/sysv/linux/i386/smp.h (is_smp_system):
Use __open64_nocancel instead of __open_nocancel.
* sysdeps/unix/sysv/linux/not-cancel.h: Move all of the
hidden_proto declarations to the end and issue them if either
IS_IN(libc) or IS_IN(rtld).
* sysdeps/unix/sysv/linux/Makefile [subdir=io] (sysdep_routines):
Add close_nocancel, fcntl_nocancel, nanosleep_nocancel,
open_nocancel, open64_nocancel, openat_nocancel, pause_nocancel,
read_nocancel, waitpid_nocancel, write_nocancel.
* io/Versions [GLIBC_PRIVATE]: Add __libc_fcntl,
__fcntl_nocancel, __open64_nocancel, __write_nocancel.
* posix/Versions: Add __nanosleep_nocancel, __pause_nocancel.
* nptl/pt-fcntl.c: New file.
* nptl/Makefile (pthread-compat-wrappers): Remove fcntl.
(libpthread-routines): Add pt-fcntl.
* include/fcntl.h (__fcntl_nocancel_adjusted): New function.
(__libc_fcntl): Remove attribute_hidden.
* sysdeps/unix/sysv/linux/fcntl.c (__libc_fcntl): Call
__fcntl_nocancel_adjusted, not fcntl_common.
(__fcntl_nocancel): Move to new file fcntl_nocancel.c.
(fcntl_common): Rename to __fcntl_nocancel_adjusted; also move
to fcntl_nocancel.c.
* sysdeps/unix/sysv/linux/fcntl_nocancel.c: New file.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/fcntl.c: Remove file.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/sysdep.h:
Define FCNTL_ADJUST_CMD here, as a self-contained macro.
* sysdeps/unix/sysv/linux/close.c: Move __close_nocancel to...
* sysdeps/unix/sysv/linux/close_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/nanosleep.c: Move __nanosleep_nocancel to...
* sysdeps/unix/sysv/linux/nanosleep_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/open.c: Move __open_nocancel to...
* sysdeps/unix/sysv/linux/open_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/open64.c: Move __open64_nocancel to...
* sysdeps/unix/sysv/linux/open64_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/openat.c: Move __openat_nocancel to...
* sysdeps/unix/sysv/linux/openat_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/openat64.c: Move __openat64_nocancel to...
* sysdeps/unix/sysv/linux/openat64_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/pause.c: Move __pause_nocancel to...
* sysdeps/unix/sysv/linux/pause_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/read.c: Move __read_nocancel to...
* sysdeps/unix/sysv/linux/read_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/waitpid.c: Move __waitpid_nocancel to...
* sysdeps/unix/sysv/linux/waitpid_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/write.c: Move __write_nocancel to...
* sysdeps/unix/sysv/linux/write_nocancel.c: ...this new file.
* sysdeps/unix/sysv/linux/nios2/Makefile: Don't override
libpthread-routines.
* sysdeps/unix/sysv/linux/nios2/pt-vfork.S: New file which
defines nothing.
* sysdeps/mach/hurd/dl-sysdep.c: Define __read instead of
__libc_read, and __write instead of __libc_write. Define
__open64 in addition to __open.
* sysdeps/generic/libc-start.h [!SHARED] (ARCH_SETUP_TLS): Define to
__libc_setup_tls.
* sysdeps/unix/sysv/linux/powerpc/libc-start.h [!SHARED]
(ARCH_SETUP_TLS): Likewise.
* sysdeps/mach/hurd/libc-start.h: New file copied from
sysdeps/generic/libc-start.h, but define ARCH_SETUP_TLS to empty.
* csu/libc-start.c [!SHARED] (LIBC_START_MAIN): Call ARCH_SETUP_TLS instead
of __libc_setup_tls.
* sysdeps/mach/hurd/i386/init-first.c [!SHARED] (init1): Call
__libc_setup_tls before initializing libpthread and running _hurd_init which
starts the signal thread.
Nearly everything in _G_config.h is either junk or more appropriately
defined elsewhere:
* _G_fpos_t, _G_fpos64_t, and _G_BUFSIZ are already completely unused.
* All remaining uses of _G_va_list have been changed to __gnuc_va_list.
* The definition of _G_HAVE_ST_BLKSIZE/_IO_HAVE_ST_BLKSIZE has
been inlined into its sole use.
* The complete definition of _G_iconv_t has been moved to libio.h and
renamed _IO_iconv_t (all actual users used that name).
* _G_IO_IO_FILE_VERSION is vestigial; some code cares whether
_IO_stdin_used exists, but nothing looks at its value. I've
preserved the value as a hardwired constant in csu/init.c.
This means csu/init.c no longer needs to include anything.
* Many of the headers included by _G_config.h were already being
included directly by either either libio.h or stdio.h; the
remaining ones were moved to libio.h.
* _G_HAVE_MREMAP is still relevant, because mremap genuinely is a
Linux extension; it's not in POSIX and as far as I can tell it's
not available on the Hurd either. I also preserved _G_HAVE_MMAP,
since it's conceivable someone would want to port glibc to a
MMU-less, mmap-less environment in the future. Both are now always
defined to 1/0 as is the current convention, instead of the older
1/undef convention. These are the only symbols still defined in
_G_config.h.
* The actual inclusion of _G_config.h moves from libio.h to libioP.h,
as this is where a potential override of _G_HAVE_MMAP happens.
* The #ifdef logic in libioP.h controlling _IO_JUMPS_OFFSET has been
simplified.
After this patch, the only surviving _G_ symbols are the struct tag
names _G_fpos_t and _G_fpos64_t, which are preserved for the sake of
C++ mangled names in applications, and _G_HAVE_MMAP and _G_HAVE_MREMAP,
which do not seem worth renaming.
Installed stripped libraries are unchanged by this patch.
* bits/_G_config.h: Move back to sysdeps/generic/_G_config.h.
Delete all contents except for definitions of _G_HAVE_MMAP and
_G_HAVE_MREMAP. Add commentary explaining those two symbols.
* sysdeps/unix/sysv/linux/bits/_G_config.h: Move back to
sysdeps/unix/sysv/linux/_G_config.h. Make same content
change as above.
* libio/libio.h: Don't include bits/_G_config.h here.
Include stddef.h with __need_wchar_t defined. Include
bits/types/__mbstate_t.h, bits/types/wint_t.h, and gconv.h.
Define _IO_iconv_t here, directly.
Don't define _IO_HAVE_ST_BLKSIZE.
* libio/libioP.h: Include _G_config.h here. Move include of
shlib-compat.h up with rest of includes. Simplify conditionals
controlling definition of _IO_JUMPS_OFFSET.
* csu/init.c: Remove always-true #if around entire file.
Don't include stdio.h. Set _IO_stdin_used to hardwired
constant 0x20001, and update commentary.
* include/stdio.h, sysdeps/ieee754/ldbl-opt/nldbl-compat.h:
Replace all uses of _G_va_list with __gnuc_va_list.
* libio/filedoalloc.c: Use #if defined _STATBUF_ST_BLKSIZE
instead of #if _IO_HAVE_ST_BLKSIZE.
* libio/fileops.c: Test _G_HAVE_MREMAP with #if, not #ifdef.
* libio/iofdopen.c, libio/iofopen.c: Test _G_HAVE_MMAP with #if,
not #ifdef.
Building with -Os produces linknamespace and localplt failures for,
among other functions, gnu_dev_major, gnu_dev_minor and
gnu_dev_makedev.
The issue is that those functions are not inlined when building with
-Os. While one could force them to be inlined in that case, it seems
more natural to fix this issue similarly to other namespace issues.
Thus, this patch makes gnu_dev_* into weak aliases for hidden symbols
__gnu_dev_*; __gnu_dev_* are then defined as inlines in the internal
include/sys/sysmacros.h, and uses of gnu_dev_* (often via the macros
major, minor and makedev) for which there are namespace issues are
changed to use __gnu_dev_*; where there are no namespace issues, use
of libc_hidden_proto serves to avoid unnecessary local PLT entry use.
Tested for x86_64, (a) without -Os, to verify the testsuite continues
to pass without problems and that the functions called under their new
names continue to be inlined as expected in that case; (b) with -Os,
to verify that the linknamespace and localplt failures in question go
away (but because of other such failures present, neither of the
relevant bugs can yet be closed).
[BZ #15105]
[BZ #19463]
* include/sys/sysmacros.h [!_ISOMAC]
(__SYSMACROS_NEED_IMPLEMENTATION): Define macro.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC]
(_SYS_SYSMACROS_H_WRAPPER): Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (gnu_dev_major): Use
libc_hidden_proto.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (gnu_dev_minor): Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (gnu_dev_makedev):
Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__SYSMACROS_DECL_TEMPL):
Undefine and redefine to add use __gnu_dev_ prefix.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__SYSMACROS_IMPL_TEMPL):
Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__gnu_dev_major): Declare
and define as hidden inline function.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__gnu_dev_minor):
Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__gnu_dev_makedev):
Likewise.
* misc/makedev.c (OUT_OF_LINE_IMPL_TEMPL): Use __gnu_dev_ prefix.
(gnu_dev_major): Use weak_alias and libc_hidden_weak.
(gnu_dev_minor): Likewise.
(gnu_dev_makedev): Likewise.
* csu/check_fds.c (check_one_fd): Use __gnu_dev_makedev instead of
makedev.
* posix/wordexp.c (exec_comm_child): Likewise.
* sysdeps/mach/hurd/xmknodat.c (__xmknodat): Use __gnu_dev_minor
instead of minor and __gnu_dev_major instead of major.
* sysdeps/unix/sysv/linux/device-nrs.h (DEV_TTY_P): Use
__gnu_dev_major instead of major.
* sysdeps/unix/sysv/linux/pathconf.c (distinguish_extX): Use
__gnu_dev_major instead of gnu_dev_major and __gnu_dev_minor
instead of gnu_dev_minor.
* sysdeps/unix/sysv/linux/ptsname.c (MASTER_P): Likewise.
(SLAVE_P): Likewise.
(__ptsname_internal): Use __gnu_dev_minor instead of minor.
* sysdeps/unix/sysv/linux/ttyname.h (is_pty): Use __gnu_dev_major
instead of major.
libio.h was originally the header for a set of supported GNU
extensions, but they have not been maintained as such in many years,
they are now standing in the way of improvements to stdio, and we
don't think there are any remaining external users. _G_config.h was
never intended for public use, but predates the bits convention.
Move both of these headers into the bits directory and provide stubs
at top level which issue deprecation warnings.
The contents of (bits/)libio.h and (bits/)_G_config.h are still
exposed to external software via stdio.h; changing that requires more
complex surgery than I have time to attempt right now.
* libio/libio.h, libio/_G_config.h: New stub headers which issue a
deprecation warning and then include <bits/libio.h>, <bits/_G_config.h>
respectively.
* libio/libio.h: Rename the original version of this file to
libio/bits/libio.h. Error out if not included by stdio.h or the
stub libio.h.
* include/libio.h: Move to include/bits. Forward to libio/bits/libio.h.
* sysdeps/generic/_G_config.h: Move to top-level bits/. Error out
if not included by bits/libio.h or the stub _G_config.h.
* sysdeps/unix/sysv/linux/_G_config.h: Move to
sysdeps/unix/sysv/linux/bits. Error out if not included by
bits/libio.h or the stub _G_config.h.
* libio/stdio.h: Include bits/libio.h, not libio.h.
* libio/Makefile: Install bits/libio.h and bits/_G_config.h as
well as libio.h and _G_config.h.
* csu/init.c, libio/fmemopen.c, libio/iolibio.h, libio/oldfmemopen.c
* libio/strfile.h, stdio-common/vfscanf.c
* sysdeps/pthread/flockfile.c, sysdeps/pthread/funlockfile.c
Include stdio.h, not _G_config.h nor libio.h.
* libio/iofgetpos.c: Also rename fgetpos64 out of the way.
* libio/iofsetpos.c: Also rename fsetpos64 out of the way.
* scripts/check-installed-headers.sh: Skip libio.h and _G_config.h.
Static PIE extends address space layout randomization to static
executables. It provides additional security hardening benefits at
the cost of some memory and performance.
Dynamic linker, ld.so, is a standalone program which can be loaded at
any address. This patch adds a configure option, --enable-static-pie,
to embed the part of ld.so in static executable to create static position
independent executable (static PIE). A static PIE is similar to static
executable, but can be loaded at any address without help from a dynamic
linker. When --enable-static-pie is used to configure glibc, libc.a is
built as PIE and all static executables, including tests, are built as
static PIE. The resulting libc.a can be used together with GCC 8 or
above to build static PIE with the compiler option, -static-pie. But
GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC
with PIE support is needed. When an older GCC is used to build glibc
with --enable-static-pie, proper input files are passed to linker to
create static executables as static PIE, together with "-z text" to
prevent dynamic relocations in read-only segments, which are not allowed
in static PIE.
The following changes are made for static PIE:
1. Add a new function, _dl_relocate_static_pie, to:
a. Get the run-time load address.
b. Read the dynamic section.
c. Perform dynamic relocations.
Dynamic linker also performs these steps. But static PIE doesn't load
any shared objects.
2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in
libc.a. crt1.o, which is used to create dynamic and non-PIE static
executables, is updated to include a dummy _dl_relocate_static_pie.
rcrt1.o is added to create static PIE, which will link in the real
_dl_relocate_static_pie. grcrt1.o is also added to create static PIE
with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for
static PIE.
Static PIE can work on all architectures which support PIE, provided:
1. Target must support accessing of local functions without dynamic
relocations, which is needed in start.S to call __libc_start_main with
function addresses of __libc_csu_init, __libc_csu_fini and main. All
functions in static PIE are local functions. If PIE start.S can't reach
main () defined in a shared object, the code sequence:
pass address of local_main to __libc_start_main
...
local_main:
tail call to main via PLT
can be used.
2. start.S is updated to check PIC instead SHARED for PIC code path and
avoid dynamic relocation, when PIC is defined and SHARED isn't defined,
to support static PIE.
3. All assembly codes are updated check PIC instead SHARED for PIC code
path to avoid dynamic relocations in read-only sections.
4. All assembly codes are updated check SHARED instead PIC for static
symbol name.
5. elf_machine_load_address in dl-machine.h are updated to support static
PIE.
6. __brk works without TLS nor dynamic relocations in read-only section
so that it can be used by __libc_setup_tls to initializes TLS in static
PIE.
NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled
with -fPIE, regardless if --enable-static-pie is used to configure glibc.
When glibc is configured with --enable-static-pie, libc.a is compiled
with -fPIE, regardless whether GCC defaults to PIE or not. The same
libc.a can be used to build both static executable and static PIE.
There is no need for separate PIE copy of libc.a.
On x86-64, the normal static sln:
text data bss dec hex filename
625425 8284 5456 639165 9c0bd elf/sln
the static PIE sln:
text data bss dec hex filename
657626 20636 5392 683654 a6e86 elf/sln
The code size is increased by 5% and the binary size is increased by 7%.
Linker requirements to build glibc with --enable-static-pie:
1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from
static PIE.
2. Linker can create working static PIE. The x86-64 linker needs the
fix for
https://sourceware.org/bugzilla/show_bug.cgi?id=21782
The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax"
to "leal main@GOTOFF(%ebx), %eax" if main is defined locally.
Binutils 2.29 or above are OK for i686 and x86-64. But linker status for
other targets need to be verified.
3. Linker should resolve undefined weak symbols to 0 in static PIE:
https://sourceware.org/bugzilla/show_bug.cgi?id=22269
4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS
relocations, which should check bfd_link_executable instead:
https://sourceware.org/bugzilla/show_bug.cgi?id=22263
Tested on aarch64, i686 and x86-64.
Using GCC 7 and binutils master branch, build-many-glibcs.py with
--enable-static-pie with all patches for static PIE applied have the
following build successes:
PASS: glibcs-aarch64_be-linux-gnu build
PASS: glibcs-aarch64-linux-gnu build
PASS: glibcs-armeb-linux-gnueabi-be8 build
PASS: glibcs-armeb-linux-gnueabi build
PASS: glibcs-armeb-linux-gnueabihf-be8 build
PASS: glibcs-armeb-linux-gnueabihf build
PASS: glibcs-arm-linux-gnueabi build
PASS: glibcs-arm-linux-gnueabihf build
PASS: glibcs-arm-linux-gnueabihf-v7a build
PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build
PASS: glibcs-m68k-linux-gnu build
PASS: glibcs-microblazeel-linux-gnu build
PASS: glibcs-microblaze-linux-gnu build
PASS: glibcs-mips64el-linux-gnu-n32 build
PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build
PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build
PASS: glibcs-mips64el-linux-gnu-n32-soft build
PASS: glibcs-mips64el-linux-gnu-n64 build
PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build
PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build
PASS: glibcs-mips64el-linux-gnu-n64-soft build
PASS: glibcs-mips64-linux-gnu-n32 build
PASS: glibcs-mips64-linux-gnu-n32-nan2008 build
PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build
PASS: glibcs-mips64-linux-gnu-n32-soft build
PASS: glibcs-mips64-linux-gnu-n64 build
PASS: glibcs-mips64-linux-gnu-n64-nan2008 build
PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build
PASS: glibcs-mips64-linux-gnu-n64-soft build
PASS: glibcs-mipsel-linux-gnu build
PASS: glibcs-mipsel-linux-gnu-nan2008 build
PASS: glibcs-mipsel-linux-gnu-nan2008-soft build
PASS: glibcs-mipsel-linux-gnu-soft build
PASS: glibcs-mips-linux-gnu build
PASS: glibcs-mips-linux-gnu-nan2008 build
PASS: glibcs-mips-linux-gnu-nan2008-soft build
PASS: glibcs-mips-linux-gnu-soft build
PASS: glibcs-nios2-linux-gnu build
PASS: glibcs-powerpc64le-linux-gnu build
PASS: glibcs-powerpc64-linux-gnu build
PASS: glibcs-tilegxbe-linux-gnu-32 build
PASS: glibcs-tilegxbe-linux-gnu build
PASS: glibcs-tilegx-linux-gnu-32 build
PASS: glibcs-tilegx-linux-gnu build
PASS: glibcs-tilepro-linux-gnu build
and the following build failures:
FAIL: glibcs-alpha-linux-gnu build
elf/sln is failed to link due to:
assertion fail bfd/elf64-alpha.c:4125
This is caused by linker bug and/or non-PIC code in PIE libc.a.
FAIL: glibcs-hppa-linux-gnu build
elf/sln is failed to link due to:
collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
https://sourceware.org/bugzilla/show_bug.cgi?id=22537
FAIL: glibcs-ia64-linux-gnu build
elf/sln is failed to link due to:
collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
FAIL: glibcs-powerpc-linux-gnu build
FAIL: glibcs-powerpc-linux-gnu-soft build
FAIL: glibcs-powerpc-linux-gnuspe build
FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build
elf/sln is failed to link due to:
ld: read-only segment has dynamic relocations.
This is caused by linker bug and/or non-PIC code in PIE libc.a. See:
https://sourceware.org/bugzilla/show_bug.cgi?id=22264
FAIL: glibcs-powerpc-linux-gnu-power4 build
elf/sln is failed to link due to:
findlocale.c:96:(.text+0x22c): @local call to ifunc memchr
This is caused by linker bug and/or non-PIC code in PIE libc.a.
FAIL: glibcs-s390-linux-gnu build
elf/sln is failed to link due to:
collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped
assertion fail bfd/elflink.c:14299
This is caused by linker bug and/or non-PIC code in PIE libc.a.
FAIL: glibcs-sh3eb-linux-gnu build
FAIL: glibcs-sh3-linux-gnu build
FAIL: glibcs-sh4eb-linux-gnu build
FAIL: glibcs-sh4eb-linux-gnu-soft build
FAIL: glibcs-sh4-linux-gnu build
FAIL: glibcs-sh4-linux-gnu-soft build
elf/sln is failed to link due to:
ld: read-only segment has dynamic relocations.
This is caused by linker bug and/or non-PIC code in PIE libc.a. See:
https://sourceware.org/bugzilla/show_bug.cgi?id=22263
Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS
code sequence expected by ld:
https://sourceware.org/bugzilla/show_bug.cgi?id=22270
FAIL: glibcs-sparc64-linux-gnu build
FAIL: glibcs-sparcv9-linux-gnu build
FAIL: glibcs-tilegxbe-linux-gnu build
FAIL: glibcs-tilegxbe-linux-gnu-32 build
FAIL: glibcs-tilegx-linux-gnu build
FAIL: glibcs-tilegx-linux-gnu-32 build
FAIL: glibcs-tilepro-linux-gnu build
elf/sln is failed to link due to:
ld: read-only segment has dynamic relocations.
This is caused by linker bug and/or non-PIC code in PIE libc.a. See:
https://sourceware.org/bugzilla/show_bug.cgi?id=22263
[BZ #19574]
* INSTALL: Regenerated.
* Makeconfig (real-static-start-installed-name): New.
(pic-default): Updated for --enable-static-pie.
(pie-default): New for --enable-static-pie.
(default-pie-ldflag): Likewise.
(+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F))
with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)).
Replace $(static-start-installed-name) with
$(real-static-start-installed-name).
(+prectorT): Updated for --enable-static-pie.
(+postctorT): Likewise.
(CFLAGS-.o): Add $(pie-default).
(CFLAGS-.op): Likewise.
* NEWS: Mention --enable-static-pie.
* config.h.in (ENABLE_STATIC_PIE): New.
* configure.ac (--enable-static-pie): New configure option.
(have-no-dynamic-linker): New LIBC_CONFIG_VAR.
(have-static-pie): Likewise.
Enable static PIE if linker supports --no-dynamic-linker.
(ENABLE_STATIC_PIE): New AC_DEFINE.
(enable-static-pie): New LIBC_CONFIG_VAR.
* configure: Regenerated.
* csu/Makefile (omit-deps): Add r$(start-installed-name) and
gr$(start-installed-name) for --enable-static-pie.
(extra-objs): Likewise.
(install-lib): Likewise.
(extra-objs): Add static-reloc.o and static-reloc.os
($(objpfx)$(start-installed-name)): Also depend on
$(objpfx)static-reloc.o.
($(objpfx)r$(start-installed-name)): New.
($(objpfx)g$(start-installed-name)): Also depend on
$(objpfx)static-reloc.os.
($(objpfx)gr$(start-installed-name)): New.
* csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie
in libc.a.
* csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to
initimage.
* csu/static-reloc.c: New file.
* elf/Makefile (routines): Add dl-reloc-static-pie.
(elide-routines.os): Likewise.
(DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed.
(tst-tls1-static-non-pie-no-pie): New.
* elf/dl-reloc-static-pie.c: New file.
* elf/dl-support.c (_dl_get_dl_main_map): New function.
* elf/dynamic-link.h (ELF_DURING_STARTUP): Also check
STATIC_PIE_BOOTSTRAP.
* elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise.
* gmon/Makefile (tests): Add tst-gmon-static-pie.
(tests-static): Likewise.
(DEFAULT-LDFLAGS-tst-gmon-static): Removed.
(tst-gmon-static-no-pie): New.
(CFLAGS-tst-gmon-static-pie.c): Likewise.
(CRT-tst-gmon-static-pie): Likewise.
(tst-gmon-static-pie-ENV): Likewise.
(tests-special): Likewise.
($(objpfx)tst-gmon-static-pie.out): Likewise.
(clean-tst-gmon-static-pie-data): Likewise.
($(objpfx)tst-gmon-static-pie-gprof.out): Likewise.
* gmon/tst-gmon-static-pie.c: New file.
* manual/install.texi: Document --enable-static-pie.
* sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New.
(_dl_get_dl_main_map): Likewise.
* sysdeps/i386/configure.ac: Check if linker supports static PIE.
* sysdeps/x86_64/configure.ac: Likewise.
* sysdeps/i386/configure: Regenerated.
* sysdeps/x86_64/configure: Likewise.
* sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default).
(ASFLAGS-.op): Likewise.
When multi-lib GCC is used to build glibc, the search order of GCC driver
for crt*.o is -B*/`gcc -print-multi-directory`, the installed diretory,
-B*/. This patch adds multi-lib support to csu/Makefile so that
-B/glibc-build-directory/csu/ will pick up the newly built crt*.o.
Tested on x86-64 for i686 and x32.
[BZ #22362]
* Makerules (make-link-multidir): New.
* config.make.in (multidir): New.
* configure.ac (libc_cv_multidir): New. AC_SUBST.
* configure: Regenerated.
* csu/Makefile [$(multidir) != .](multilib-extra-objs): New.
[$(multidir) != .](extra-objs): Add $(multilib-extra-objs).
[$(multidir) != .]($(addprefix $(objpfx)$(multidir)/, $(install-lib))):
New target.
Hide internal __libc_print_version function to allow direct access
within libc.so and libc.a without using GOT nor PLT.
[BZ #18822]
* csu/version.c (__libc_print_version): Add attribute_hidden.
This patch removes the Banner mechanism, with the last remaining
Banner file replaced by a contrib.texi entry. This accords with the
principle that the output of running libc.so.6 is not the place to
credit particular contributions (the manual is), and with all other
configuration options not mentioned there, it doesn't seem appropriate
to focus there on the one question of whether the one remaining piece
configured as an add-on was enabled or not.
Tested for x86_64.
* csu/Makefile (generated): Do not add version-info.h.
(before-compile): Likewise.
(all-Banner-files): Remove variable.
($(objpfx)version-info.h): Remove rule.
* csu/version.c (banner): Do not include "version-info.h".
* libidn/Banner: Remove.
* manual/contrib.texi (Simon Josefsson): New entry.
Add unwind info to __libc_start_main so that unwinding continues one
extra level to _start. Similarly add unwind info to backtrace.
Given many targets require this, do this in a general way.
* csu/Makefile: Add -funwind-tables to libc-start.c.
* debug/Makefile: Add -funwind-tables to backtrace.c.
* sysdeps/aarch64/Makefile: Remove CFLAGS-backtrace.c.
* sysdeps/arm/Makefile: Likewise.
* sysdeps/i386/Makefile: Likewise.
* sysdeps/m68k/Makefile: Likewise.
* sysdeps/mips/Makefile: Likewise.
* sysdeps/nios2/Makefile: Likewise.
* sysdeps/sh/Makefile: Likewise.
* sysdeps/sparc/Makefile: Likewise.
Since __libc_multiple_libcs is defined as hidden symbol in init-first.c,
it should be always marked with attribute_hidden.
[BZ #18822]
* csu/libc-start.c (__libc_multiple_libcs): Removed.
* elf/dl-open.c: Include <libc-internal.h>.
(__libc_multiple_libcs): Removed.
* elf/dl-sysdep.c: Include <libc-internal.h> instead of
<hp-timing.h>.
* include/libc-internal.h (__libc_multiple_libcs): New.
* misc/sbrk.c: Include <libc-internal.h>.
(__libc_multiple_libcs): Removed.
On Linux/i386, there are 3 ways to make a system call:
1. call *%gs:SYSINFO_OFFSET. This requires TLS initialization.
2. call *_dl_sysinfo. This requires relocation of _dl_sysinfo.
3. int $0x80. This is slower than #2 and #3, but works everywhere.
When an object file is compiled with PIC, #1 is prefered since it is
faster than #3 and doesn't require relocation of _dl_sysinfo. For
dynamic executables, ld.so initializes TLS. However, for static
executables, before TLS is initialized by __libc_setup_tls, #3 should
be used for system calls.
This patch adds <startup.h> which defines _startup_fatal and defaults
it to __libc_fatal. It replaces __libc_fatal with _startup_fatal in
static executables where it is called before __libc_setup_tls is called.
This header file is included in all files containing functions which are
called before __libc_setup_tls is called. On Linux/i386, when PIE is
enabled by default, _startup_fatal is turned into ABORT_INSTRUCTION and
I386_USE_SYSENTER is defined to 0 so that "int $0x80" is used for system
calls before __libc_setup_tls is called.
Tested on i686 and x86-64. Without this patch, all statically-linked
tests will fail on i686 when the compiler defaults to -fPIE.
[BZ #21913]
* csu/libc-tls.c: Include <startup.h> first.
(__libc_setup_tls): Call _startup_fatal instead of __libc_fatal.
* elf/dl-tunables.c: Include <startup.h> first.
* include/libc-symbols.h (BUILD_PIE_DEFAULT): New.
* sysdeps/generic/startup.h: New file.
* sysdeps/unix/sysv/linux/i386/startup.h: Likewise.
* sysdeps/unix/sysv/linux/i386/brk.c [BUILD_PIE_DEFAULT != 0]
(I386_USE_SYSENTER): New. Defined to 0.
The patch proposed by Peter Bergner [1] to libgcc in order to fix
[BZ #21707] adds a dependency on a symbol provided by the loader,
forcing the loader to be linked to tests after libgcc was linked.
It also requires to read the thread pointer during IRELA relocations.
Tested on powerpc, powerpc64, powerpc64le, s390x and x86_64.
[1] https://sourceware.org/ml/libc-alpha/2017-06/msg01383.html
[BZ #21707]
* csu/libc-start.c (LIBC_START_MAIN): Perform IREL{,A}
relocations before or after initializing the TCB on statically
linked executables. That's a per-architecture definition.
* elf/rtld.c (dl_main): Add a comment about thread-local
variables initialization.
* sysdeps/generic/libc-start.h: New file. Define
ARCH_APPLY_IREL and ARCH_SETUP_IREL.
* sysdeps/powerpc/Makefile:
[$(subdir) = elf && $(multi-arch) != no] (tests-static-internal): Add tst-tlsifunc-static.
[$(subdir) = elf && $(multi-arch) != no && $(build-shared) == yes]
(tests-internal): Add tst-tlsifunc.
* sysdeps/powerpc/tst-tlsifunc.c: New file.
* sysdeps/powerpc/tst-tlsifunc-static.c: Likewise.
* sysdeps/powerpc/powerpc64le/Makefile (f128-loader-link): New
variable.
[$(subdir) = math] (test-float128% test-ifloat128%): Force
linking to the loader after linking to libgcc.
[$(subdir) = wcsmbs || $(subdir) = stdlib] (bug-strtod bug-strtod2)
(bug-strtod2 tst-strtod-round tst-wcstod-round tst-strtod6 tst-strrom)
(tst-strfrom-locale strfrom-skeleton): Likewise.
* sysdeps/unix/sysv/linux/powerpc/libc-start.h: New file. Define
ARCH_APPLY_IREL and ARCH_SETUP_IREL.
Allow the CPU features structure set up to be overridden by tunables
by delaying it to until after tunables are initialized. The
initialization is already delayed in dynamically linked glibc, it is
only in static binaries that the initialization is set early to allow
it to influence IFUNC relocations that happen in libc-start. It is a
bit too early however and there is a good place between tunables
initialization and IFUNC relocations where this can be done.
Verified that this does not regress the testsuite.
* csu/libc-start.c [!ARCH_INIT_CPU_FEATURES]: Define
ARCH_INIT_CPU_FEATURES.
(LIBC_START_MAIN): Call it.
* sysdeps/unix/sysv/linux/aarch64/libc-start.c
(__libc_start_main): Remove.
(ARCH_INIT_CPU_FEATURES): New macro.
* sysdeps/x86/libc-start.c (__libc_start_main): Remove.
(ARCH_INIT_CPU_FEATURES): New macro.
glibc's implementation of getopt includes code to parse an environment
variable named _XXX_GNU_nonoption_argv_flags_ (where XXX is the
current process's PID in decimal); but all of it has been #ifdefed out
since 2001, with no official way to turn it back on.
According to commentary in our config.h.in, bash version 2.0 set this
environment variable to indicate argv elements that were the result of
glob expansion and therefore should not be treated as options, but the
feature was "disabled later" because "it caused problems". According
to bash's CHANGES file, "later" was release 2.01; it gives no more
detail about what the problems were.
Version 2.0 of bash was released on the last day of 1996, and version
2.01 in June of 1997. Twenty years later, I think it is safe to
assume that this environment variable isn't coming back.
* config.h.in (USE_NONOPTION_FLAGS): Remove.
* csu/init-first.c: Remove all #ifdef USE_NONOPTION_FLAGS blocks.
* sysdeps/mach/hurd/i386/init-first.c: Likewise.
* posix/getopt_int.h: Likewise.
* posix/getopt.c: Likewise. Also remove SWAP_FLAGS and the
__libc_argc and __libc_argv externs, which were only used by
#ifdef USE_NONOPTION_FLAGS blocks.
* posix/getopt_init.c: Remove file.
* posix/Makefile (routines): Remove getopt_init.
* include/getopt.h: Don't declare __getopt_initialize_environment.
* manual/getopt.texi: Remove mention of USE_NONOPTION_FLAGS in
a comment.
The tunables framework allows us to uniformly manage and expose global
variables inside glibc as switches to users. tunables/README has
instructions for glibc developers to add new tunables.
Tunables support can be enabled by passing the --enable-tunables
configure flag to the configure script. This patch only adds a
framework and does not pose any limitations on how tunable values are
read from the user. It also adds environment variables used in malloc
behaviour tweaking to the tunables framework as a PoC of the
compatibility interface.
* manual/install.texi: Add --enable-tunables option.
* INSTALL: Regenerate.
* README.tunables: New file.
* Makeconfig (CPPFLAGS): Define TOP_NAMESPACE.
(before-compile): Generate dl-tunable-list.h early.
* config.h.in: Add HAVE_TUNABLES.
* config.make.in: Add have-tunables.
* configure.ac: Add --enable-tunables option.
* configure: Regenerate.
* csu/init-first.c (__libc_init_first): Move
__libc_init_secure earlier...
* csu/init-first.c (LIBC_START_MAIN):... to here.
Include dl-tunables.h, libc-internal.h.
(LIBC_START_MAIN) [!SHARED]: Initialize tunables for static
binaries.
* elf/Makefile (dl-routines): Add dl-tunables.
* elf/Versions (ld): Add __tunable_set_val to GLIBC_PRIVATE
namespace.
* elf/dl-support (_dl_nondynamic_init): Unset MALLOC_CHECK_
only when !HAVE_TUNABLES.
* elf/rtld.c (process_envvars): Likewise.
* elf/dl-sysdep.c [HAVE_TUNABLES]: Include dl-tunables.h
(_dl_sysdep_start): Call __tunables_init.
* elf/dl-tunable-types.h: New file.
* elf/dl-tunables.c: New file.
* elf/dl-tunables.h: New file.
* elf/dl-tunables.list: New file.
* malloc/tst-malloc-usable-static.c: New test case.
* malloc/Makefile (tests-static): Add it.
* malloc/arena.c [HAVE_TUNABLES]: Include dl-tunables.h.
Define TUNABLE_NAMESPACE.
(DL_TUNABLE_CALLBACK (set_mallopt_check)): New function.
(DL_TUNABLE_CALLBACK_FNDECL): New macro. Use it to define
callback functions.
(ptmalloc_init): Set tunable values.
* scripts/gen-tunables.awk: New file.
* sysdeps/mach/hurd/dl-sysdep.c: Include dl-tunables.h.
(_dl_sysdep_start): Call __tunables_init.
The startup code in csu/, and the brk and sbrk functions are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized; TLS initialization also uses
memcpy, which cannot overrun its own stack. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure. (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
The address of the stack canary is stored in a per-thread variable,
which means that we must ensure that the TLS area is intialized before
calling any -fstack-protector'ed functions. For dynamically linked
applications, we ensure this (in a later patch) by disabling
-fstack-protector for the whole dynamic linker, but for static
applications, the AT_ENTRY address is called directly by the kernel, so
we must deal with the problem differently.
In static appliations, __libc_setup_tls performs the TCB setup and TLS
initialization, so this commit arranges for it to be called early and
unconditionally. The call (and the stack guard initialization) is
before the DL_SYSDEP_OSCHECK hook, which if set will probably call
functions which are stack-protected (it does on Linux and NaCL too). We
also move apply_irel up, so that we can still safely call functions that
require ifuncs while in __libc_setup_tls (though if stack-protection is
enabled we still have to avoid calling functions that are not
stack-protected at this stage).
Commit 7a5e3d9d63 (elf: Assume TLS is
initialized in _dl_map_object_from_fd) removed the last call of
_dl_tls_setup, but did not remove the function itself.
Stack-protection on .o files in csu/ must be suppressed for the sake of
library startup code. This also suppresses stack-protection in tests
(which are also covered by CFLAGS-.o), though this is neither necessary
nor desirable.
So impose the rule that .o files in csu/ are necessarily C startup code,
and move the few tests in there into misc/ instead.
21ad055803 removed the function, but
missed the declaration in libc-start. Removed and verified that the
generated assembly is unchanged.
* csu/libc-start.c (__libc_csu_irel): Remove declaration.
Instead of a flag which indicates the pointer can be freed, dtv_t
now includes the pointer which should be freed. Due to padding,
the size of dtv_t does not increase.
To avoid using memalign, the new allocate_dtv_entry function
allocates a sufficiently large buffer so that a sub-buffer
can be found in it which starts with an aligned pointer. Both
the aligned and original pointers are kept, the latter for calling
free later.
When static-start-installed-name is different from
start-installed-name, we must not use the shared objects.
* csu/Makefile
(extra-objs): Add gmon-start.o when building shared library and
$(static-start-installed-name) is different from
$(start-installed-name).
$(objpfx)g$(static-start-installed-name): When building shared
library and $(static-start-installed-name) is different from
$(static-start-installed-name), revert to non-shared rule,
i.e. using $(objpfx)% and gmon-start.o.
We need to align TCB offset to the maximum alignment for TLS_TCB_AT_TP
targets, as _dl_allocate_tls_storage (in elf/dl-tls.c) does using
__libc_memalign and dl_tls_static_align.
[BZ #18383]
* csu/libc-tls.c (__libc_setup_tls) [TLS_TCB_AT_TP]: Align
TCB_OFFSET to MAX_ALIGN, not just TCBALIGN. Add comment.
* elf/Makefile (test-xfail-tst-tlsalign{,-static}): Remove
comment for i386/x86-64.
(test-xfail-tst-tlsalign-extern-static): Removed.
We compile gcrt1.o with -fPIC to support both "gcc -pg" and "gcc -pie -pg".
[BZ #17836]
* csu/Makefile (extra-objs): Add gmon-start.o if not builing
shared library. Add gmon-start.os otherwise.
($(objpfx)g$(start-installed-name)): Use $(objpfx)S%
$(objpfx)gmon-start.os if builing shared library.
($(objpfx)g$(static-start-installed-name)): Likewise.
On powerpc, atomic_exchange_and_add is implemented without any
barriers. This patchs adds the missing instruction and memory barrier
for acquire and release semanthics.
This patch removes the --enable-oldest-abi configure option, which has
long been bitrotten (as reported in bug 6652). The principle of
removing this option was agreed in the thread starting at
<https://sourceware.org/ml/libc-alpha/2013-07/msg00174.html>.
Tested for x86_64 and x86 that the installed shared libraries other
than libc.so are unchanged by this patch and that libc.so disassembly
and symbol versions are unchanged (debug info changes because of
changed line numbers in csu/version.c).
[BZ #6652]
* Makeconfig (soversions-default-setname): Remove variable.
($(common-objpfx)soversions.i): Don't pass default_setname to
soversions.awk.
* Makerules ($(common-objpfx)abi-versions.h): Don't pass
oldest_abi to abi-versions.awk.
* config.h.in (GLIBC_OLDEST_ABI): Remove macro undefine.
* config.make.in (oldest-abi): Remove variable.
* configure.ac (--enable-oldest-abi): Remove configure option.
* configure: Regenerated.
* csu/version.c (banner) [GLIBC_OLDEST_ABI]: Remove conditional
text.
* scripts/abi-versions.awk: Do not handle oldest_abi variable.
* scripts/soversions.awk: Do not handle default_setname variable.
* sysdeps/mach/hurd/configure.ac: Do not handle oldest_abi
variable.
* sysdeps/mach/hurd/configure: Regenerated.
* sysdeps/unix/sysv/linux/configure.ac: Do not handle oldest_abi
variable.
* sysdeps/unix/sysv/linux/configure: Regenerated.
We initialize _r_debug for static binaries to allows debug
agents to treat static binaries a little more like dyanmic
ones. This simplifies the work a debug agent has to do to
access TLS in a static binary via libthread_db.
Tested on x86_64.
See:
https://sourceware.org/ml/libc-alpha/2014-04/msg00183.html
[BZ #16831]
* csu/libc-start.c (LIBC_START_MAIN) [!SHARED]: Call
_dl_debug_initialize.