Commit Graph

35772 Commits

Author SHA1 Message Date
Adhemerval Zanella
5f34491510 math: Remove fenvinline.h
Similar to string2.h (18b10de7ce) and string3.h (09a596cc2c) this
patch removes the fenvinline.h on all architectures.  Currently
only powerpc implements some optimizations.  This kind of optimization
is better implemented by the compiler (which handles the architecture
ISA transparently).

Also, for the specific optimized powerpc implementation the code is
becoming convoluted and these micro-optimization are hardly wildly
used, even more being a possible hotspot in realword cases
(non-default rounding are used only on specific cases and exception
handling are done most likely only on errors path).  Only x86
implements similar optimization (on fenv.h) also indicates that
these should no be on libc.

The math/test-fenv already covers all math/test-fenvinline tests,
so it is safe to remove it.

The powerpc fegetround optimization is moved to internal
fenv_libc.h.

The BZ#94193 [1] the corresponding GCC bug for adding replacements
for these on powerpc.

Checked on x86_64-linux-gnu and powerpc64le-linux-gnu.

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94193
2020-03-30 10:52:25 -03:00
Samuel Thibault
e095db0bc6 hurd: Make O_TRUNC update mtime/ctime
* hurd/lookup-retry.c (__hurd_file_name_lookup_retry): Call
__file_utimens after __file_set_size.
2020-03-29 19:42:55 +02:00
Eyal Itkin
a1a486d70e Add Safe-Linking to fastbins and tcache
Safe-Linking is a security mechanism that protects single-linked
lists (such as the fastbin and tcache) from being tampered by attackers.
The mechanism makes use of randomness from ASLR (mmap_base), and when
combined with chunk alignment integrity checks, it protects the "next"
pointers from being hijacked by an attacker.

While Safe-Unlinking protects double-linked lists (such as the small
bins), there wasn't any similar protection for attacks against
single-linked lists. This solution protects against 3 common attacks:
  * Partial pointer override: modifies the lower bytes (Little Endian)
  * Full pointer override: hijacks the pointer to an attacker's location
  * Unaligned chunks: pointing the list to an unaligned address

The design assumes an attacker doesn't know where the heap is located,
and uses the ASLR randomness to "sign" the single-linked pointers. We
mark the pointer as P and the location in which it is stored as L, and
the calculation will be:
  * PROTECT(P) := (L >> PAGE_SHIFT) XOR (P)
  * *L = PROTECT(P)

This way, the random bits from the address L (which start at the bit
in the PAGE_SHIFT position), will be merged with LSB of the stored
protected pointer. This protection layer prevents an attacker from
modifying the pointer into a controlled value.

An additional check that the chunks are MALLOC_ALIGNed adds an
important layer:
  * Attackers can't point to illegal (unaligned) memory addresses
  * Attackers must guess correctly the alignment bits

On standard 32 bit Linux machines, an attack will directly fail 7
out of 8 times, and on 64 bit machines it will fail 15 out of 16
times.

This proposed patch was benchmarked and it's effect on the overall
performance of the heap was negligible and couldn't be distinguished
from the default variance between tests on the vanilla version. A
similar protection was added to Chromium's version of TCMalloc
in 2012, and according to their documentation it had an overhead of
less than 2%.

Reviewed-by: DJ Delorie <dj@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Adhemerval Zacnella <adhemerval.zanella@linaro.org>
2020-03-29 13:03:14 -04:00
Shen-Ta Hsieh
642d5abaf1 Add benchtests for roundeven and roundevenf.
This patch adds benchtests for the roundeven and roundevenf functions.
The inputs are copied from trunc-inputs.
2020-03-27 23:24:02 +00:00
Alistair Francis
933dc0e570 time: Add a __itimerval64 struct
Add a __itimerval64 which always uses a 64-bit time_t.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-03-27 11:23:15 -07:00
Alistair Francis
d1876749a8 time: Add a timeval with a 32-bit tv_sec and tv_usec
On y2038 safe 32-bit systems the Linux kernel expects itimerval to
use a 32-bit time_t, even though the other time_t's are 64-bit. To
address this let's add a __timeval32 struct to be used internally.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-03-27 11:23:15 -07:00
Alistair Francis
4da2597af5 sysv/linux: Rename alpha functions to be alpha specific
These functions are alpha specifc, rename them to be clear.

Let's also rename the header file from tv32-compat.h to
alpha-tv32-compat.h. This is to avoid conflicts with the one we will
introduce later.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-03-27 11:23:15 -07:00
Vineet Gupta
e8a0f5831e ARC: add definitions to elf/elf.h
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2020-03-25 18:48:48 -07:00
Paul E. Murphy
57651ee4c8 powerpc64: apply -mabi=ibmlongdouble to special files
Some of these files depend on the avoidance of using the various
register sets of POWER.  When enabling the IEEE 128 long double,
we must be sure to disable this ABI as some compilers will
refuse to compile if -mno-vsx and -mabi=ieeelongdouble are both
present.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-03-25 14:34:23 -05:00
Paul E. Murphy
39517c008f powerpc64le: add -mno-gnu-attribute to *f128 objects and difftime
In practice, this flag should be applied globally, but it makes a good
sanity check to ensure ibm128 and ieee128 long double files are not
getting mismatched.  _Float128 files use no long double, thus are
always safe to use this option.

Similarly, when investigating the linker complaints, difftime
makes trivial, self contained, usage of long double, so thus it
is also explicitly marked as such.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-03-25 14:34:23 -05:00
Paul E. Murphy
3618e5fece Makeconfig: sandwich gnulib-tests between libc/ld linking of tests
This better resembles the default linking process with the gnulibs,
and also resolves the increasingly difficult to maintain
f128-loader-link usage on powerpc64le as some libgcc symbols are
dependent on those found in the loader (ld).
2020-03-25 14:34:23 -05:00
Gabriel F. T. Gomes
076d06e849 powerpc64le: Ensure correct ldouble compiler flags are used
Ensure the correct ldouble abi flags are applied to ibm128 files and
nldbl files.  Remove the IEEE options if used, and apply the flags
used to build ldouble files which are ibm128 abi.

nldbl tests are a little tricky.  To use the support, we must remove
all ldouble abi flags, and ensure -mlong-double-64 is used.

Co-authored-by: Rajalakshmi Srinivasaraghavan  <raji@linux.vnet.ibm.com>
Co-authored-by: Tulio Magno Quites Machado Filho  <tuliom@linux.vnet.ibm.com>
Co-authored-by: Paul E. Murphy  <murphyp@linux.vnet.ibm.com>
2020-03-25 14:34:23 -05:00
Paul E. Murphy
d0d1811fb9 Fix tests which expose ldbl -> _Float128 redirects
The ldbl redirects for ieee128 have some jagged edges when
inspecting and manipulating symbols directly.

e.g asprintf is unconditionally redirected to __asprintfieee128
thus any tests relying on GCC's redirect behavior will encounter
problems if they inspect the symbol names too closely.

I've mitigated tests which expose the limitations of the
ldbl -> f128 redirects by giving them knowledge about the
redirected symbol names.

Hopefully there isn't much user code which depends on this
implementation specific behavior.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-03-25 14:34:23 -05:00
Paul E. Murphy
45ae17dd7e ldbl-128ibm-compat: PLT redirects for using ldbl redirects internally
Tweak the PLT bypass magic when building glibc with long double
redirects.  This is made more difficult by the fact we only get
one chance to redirect functions.  This happens via the public
headers.

There are roughly three classes of redirect we need to attend to
today:

 1. Simple redirects, redirected via cdef macro overrides and
    and new libc_hidden_ldbl_proto macro.
 2. Internal usage of internal API, e.g __snprintf, which has
    no direct analogue.  This is bypassed directly on case-by-
    case basis.
 3. Double redirects, e.g sscanf and related.  These require
    a heavier handed approach of macro renaming to existing
    symbols.

Most simple redirects are handled via 1.  Ideally, the libc_*
macro would live in libc-symbols.h, but in practice the macros
needed for it to do anything useful live in cdefs.h, so they
are defined in the local override.

Notably, the internal name of the asprintf generated for ieee ldbl
redirects is renamed to work with internal prefixed usage.

This resolves the local plt usage introduced when building glibc
with ldbl == ieee128 on ppc64le.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-03-25 14:34:23 -05:00
Adhemerval Zanella
4eda036f5b stdlib: Move tst-system to tests-container
Fix some issues with different shell and error messages.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-03-25 09:50:45 -03:00
Adhemerval Zanella
1c17100c43 support/shell-container.c: Add builtin kill
No options supported.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-03-25 09:50:45 -03:00
Adhemerval Zanella
5a5a3a3234 support/shell-container.c: Add builtin exit
Reviewed-by: DJ Delorie <dj@redhat.com>
2020-03-25 09:50:45 -03:00
Adhemerval Zanella
5fce0e095b support/shell-container.c: Return 127 if execve fails
Reviewed-by: DJ Delorie <dj@redhat.com>
2020-03-25 09:50:45 -03:00
Aurelien Jarno
07d16a6deb Add NEWS entry for CVE-2020-1751 (bug 25423)
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-03-24 22:49:32 +01:00
Adhemerval Zanella
f09542c584 posix: Fix system error return value [BZ #25715]
It fixes 5fb7fc9635 when posix_spawn fails.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-03-23 18:00:38 -03:00
Lukasz Majewski
0334369949 y2038: fix: Add missing libc_hidden_def attribute for some syscall wrappers
During the conversion to support 64 bit time on some architectures with
__WORDSIZE == 32 && __TIMESIZE != 64 the libc_hidden_def attribute for
eligible functions was by mistake omitted.

This patch fixes this issue and exports (and allows using) those
functions when Y2038 support is enabled in glibc.
2020-03-23 21:21:28 +01:00
Carlos O'Donell
b8de7980c0 Extended Char Intro: Use getwc in example (Bug 25626)
In the "Extended Char Intro" the example incorrectly uses a function
called wgetc which doesn't exist.  The example is corrected to use
getwc, which is correct for the use in this case.

Reported-by: Toomas Rosin <toomas@rosin.ee>
2020-03-20 17:13:03 -04:00
Adhemerval Zanella
910a835dc9 stdio: Add tests for printf multibyte convertion leak [BZ#25691]
Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-03-20 11:02:38 -03:00
Florian Weimer
3cc4a8367c stdio: Remove memory leak from multibyte convertion [BZ#25691]
This is an updated version of a previous patch [1] with the
following changes:

  - Use compiler overflow builtins on done_add_func function.
  - Define the scratch +utstring_converted_wide_string using
    CHAR_T.
  - Added a testcase and mention the bug report.

Both default and wide printf functions might leak memory when
manipulate multibyte characters conversion depending of the size
of the input (whether __libc_use_alloca trigger or not the fallback
heap allocation).

This patch fixes it by removing the extra memory allocation on
string formatting with conversion parts.

The testcase uses input argument size that trigger memory leaks
on unpatched code (using a scratch buffer the threashold to use
heap allocation is lower).

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

[1] https://sourceware.org/pipermail/libc-alpha/2017-June/082098.html
2020-03-20 11:02:38 -03:00
Aurelien Jarno
39a05214fe Add NEWS entry for CVE-2020-1752 (bug 25414) 2020-03-19 22:53:00 +01:00
Adhemerval Zanella
1c15464ca0 math: Remove inline math tests
With mathinline removal there is no need to keep building and testing
inline math tests.

The gen-libm-tests.py support to generate ULP_I_* is removed and all
libm-test-ulps files are updated to longer have the
i{float,double,ldouble} entries.  The support for no-test-inline is
also removed from both gen-auto-libm-tests and the
auto-libm-test-out-* were regenerated.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-03-19 11:45:44 -03:00
Adhemerval Zanella
a8ce822234 Remove __LIBC_INTERNAL_MATH_INLINES
With m68k mathinline.h removal the flag is not used anymore.

Checked with a m68k-linux-gnu build/check.
2020-03-19 11:45:44 -03:00
Adhemerval Zanella
a2ce37b564 math: Remove mathinline
With m68k bits moved to internal headers, no architectures export
additional optimizations on mathinline.
2020-03-19 11:45:44 -03:00
Adhemerval Zanella
4bad2e014e m68k: Remove mathinline.h
This is similar to x86 (da75c1b180) and powerpc (32ea729996)
mathinline.h removal.  The required macros to build the fpu routines
are moved to mathimpl.h, while the inline optimization macros for
atan, tanh, rint, log1p, significand, trunc, floor, ceil, isinf,
finite, scalbn, isnan, scalbln, nearbyint, lrint, and sincos are removed.

The gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94204 was
created to track builtin support.

Checked with a build against m68k-linux-gnu, resulting binaries
are similar with and without the patch.
2020-03-19 11:45:44 -03:00
Rafał Lużyński
649fdf039b oc_FR locale: Fix spelling of Thursday (bug 25639)
As reported by a native speaker:

Thursday: "dijóus" -> "dijòus" (also confirmed by CLDR)
2020-03-19 00:19:07 +01:00
H.J. Lu
1fabdb9908 x86: Remove ARCH_CET_LEGACY_BITMAP [BZ #25397]
Since legacy bitmap doesn't cover jitted code generated by legacy JIT
engine, it isn't very useful.  This patch removes ARCH_CET_LEGACY_BITMAP
and treats indirect branch tracking similar to shadow stack by removing
legacy bitmap support.

Tested on CET Linux/x86-64 and non-CET Linux/x86-64.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-03-18 04:35:54 -07:00
Joseph Myers
49348beafe Fix build with GCC 10 when long double = double.
On platforms where long double has the same ABI as double, glibc
defines long double functions as aliases for the corresponding double
functions.  The declarations of those functions in <math.h> are
disabled to avoid problems with aliases having incompatible types, but
GCC 10 now gives errors for incompatible types when the long double
function is known to GCC as a built-in function, not just when there
is an incompatible header declaration.

This patch fixes those errors by using appropriate
-fno-builtin-<function> options to compile the double functions.  The
list of CFLAGS-* settings is an appropriately adapted version of that
in sysdeps/ieee754/ldbl-opt/Makefile used there for building nldbl-*.c
files; in particular, the options are used even if GCC does not
currently have a built-in function of a given function, so that adding
such a built-in function in future will not break the glibc build.
Thus, various of the CFLAGS-* settings are only for future-proofing
and may not currently be needed (and it's possible some could be
irrelevant for other reasons).

Tested with build-many-glibcs.py for arm-linux-gnueabi (compilers and
glibcs builds), where it fixes the build that previously failed.
2020-03-17 22:57:42 +00:00
DJ Delorie
cbd1569904 nscd/cachedumper.c : fix whitespace 2020-03-17 14:03:43 -04:00
DJ Delorie
28b4928b1b Fix nscd/cachedumper.c compile errors 2020-03-16 02:13:36 -04:00
Girish Joshi
4315f45c93 manual: Fix inconsistent declaration of wcsrchr [BZ #24655]
Reviewed-by: DJ Delorie <dj@redhat.com>
2020-03-13 17:45:04 -04:00
DJ Delorie
dcf46d3fe5 nscd: add cache dumper 2020-03-13 16:43:19 -04:00
Jonathan Wakely
2de7fe6253 parse_tunables: Fix typo in comment 2020-03-13 10:27:23 +00:00
DJ Delorie
b7176cc2af ldconfig: trace origin paths with -v
With this patch, -v turns on a "from" trace for each directory
searched, that tells you WHY that directory is being searched -
is it a builtin, from the command line, or from some config file?
2020-03-11 16:02:05 -04:00
Michael Hudson-Doyle
083d644d42 test-container: print errno when execvp fails
I'm debugging a situation where lots of tests using test-container fail
and it's possible knowing errno would help understand why.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-03-11 16:00:58 -04:00
Wilco Dijkstra
7000651327 [AArch64] Improve integer memcpy
Further optimize integer memcpy.  Small cases now include copies up
to 32 bytes.  64-128 byte copies are split into two cases to improve
performance of 64-96 byte copies.  Comments have been rewritten.
2020-03-11 17:15:25 +00:00
Aurelien Jarno
15ab195229 Add NEWS entry for CVE-2020-10029 (bug 25487) 2020-03-11 12:20:26 +01:00
Vineet Gupta
a9f4703d93 gcc PR 89877: miscompilation due to missing cc clobber in longlong.h macros
simple test such as below was failing.

| void main(int argc, char *argv[])
| {
|    size_t total_time = 115424;                       // expected 115.424
|    double secs = (double)total_time/(double)1000;
|    printf("%s %d %lf\n", "secs", total_time, secs);  // prints 113.504
|    printf("%d\n", (size_t)secs);
| }

The printf eventually called into glibc stdlib/divrem.c:__mpn_divrem()
which uses the __arc__ specific inline asm macros from longlong.h which
were causing miscompilation.

include/
2019-03-28  Vineet Gupta <vgupta@synopsys.com>

	PR 89877

	* longlong.h [__arc__] (add_ssaaaa): Add cc clobber
	(sub_ddmmss): Likewise.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2020-03-10 18:57:28 -07:00
Adhemerval Zanella
d8faf2955a mips: Fix wrong INTERNAL_SYSCALL_ERROR_P check from bc2eb9321e
Checked on mips64-linux-gnu.
2020-03-10 17:24:14 -03:00
Adhemerval Zanella
fbaf0bae57 elf: Fix wrong indentation from commit eb447b7b4b 2020-03-10 16:11:29 -03:00
Lukasz Majewski
8b8f39376b y2038: linux: Provide __futimesat64 implementation
This conversion patch for supporting 64 bit time for futimesat only differs
from the work performed for futimes (when providing __futimes64) with passing
also the file name (and path) to utimensat.

All the design and conversion decisions are exactly the same as for futimens
conversion.
2020-03-09 10:26:46 +01:00
Lukasz Majewski
1a5e12826c y2038: linux: Provide __lutimes64 implementation
This conversion patch for supporting 64 bit time for lutimes mostly differs from
the work performed for futimes (when providing __futimes64) with adding the
AT_SYMLINK_NOFOLLOW flag to utimensat.
It also supports passing file name instead of file descriptor number, but this
is not relevant for utimensat used to implement it.

All the design and conversion decisions are exactly the same as for futimens
conversion.
2020-03-09 10:26:46 +01:00
Lukasz Majewski
f072671cf5 y2038: linux: Provide __futimes64 implementation
This patch provides new __futimes64 explicit 64 bit function for setting file's
64 bit attributes for access and modification time (by specifying file
descriptor number).

Internally, the __utimensat64_helper function is used. This patch is necessary
for having architectures with __WORDSIZE == 32 Y2038 safe.

Moreover, a 32 bit version - __futimes has been refactored to internally use
__futimes64.

The __futimes is now supposed to be used on systems still supporting 32
bit time (__TIMESIZE != 64) - hence the necessary conversion of struct timeval
to 64 bit struct __timeval64.

The check if struct timevals' usec fields are in the range between 0 and 1000000
has been removed as Linux kernel performs it internally in the implementation
of utimensat (the conversion between struct __timeval64 and __timespec64 is not
relevant for this particular check).

Last but not least, checks for tvp{64} not being NULL have been preserved from
the original code as some legacy user space programs may rely on it.

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
  https://github.com/lmajewski/meta-y2038 and run tests:
  https://github.com/lmajewski/y2038-tests/commits/master

Above tests were performed with Y2038 redirection applied as well as without to
test the proper usage of both __futimes64 and __futimes.
2020-03-09 10:26:46 +01:00
Lukasz Majewski
7975f9a48a y2038: fix: Add missing libc_hidden_def for __futimens64
The libc_hidden_def () declaration for __futimens64 function was missing,
so it is added in this patch.
2020-03-07 12:45:27 +01:00
Adhemerval Zanella
b33e946fbb sparc: Move sigreturn stub to assembly
It seems that some gcc versions might generates a stack frame for the
sigreturn stub requires on sparc signal handling.  For instance:

  $ cat test.c
  #define _GNU_SOURCE
  #include <sys/syscall.h>

  __attribute__ ((__optimize__ ("-fno-stack-protector")))
  void
  __sigreturn_stub (void)
  {
    __asm__ ("mov %0, %%g1\n\t"
            "ta  0x10\n\t"
            : /* no outputs */
            : "i" (SYS_rt_sigreturn));
  }
  $ gcc -v
  [...]
  gcc version 9.2.1 20200224 (Debian 9.2.1-30)
  $ gcc -O2 -m64 test.c -S -o -
  [...]
    __sigreturn_stub:
          save    %sp, -176, %sp
  #APP
  ! 9 "t.c" 1
          mov 101, %g1
          ta  0x10

  ! 0 "" 2
  #NO_APP
          .size   __sigreturn_stub, .-__sigreturn_stub

As indicated by kernel developers [1], the sigreturn stub can not change
the register window or the stack pointer since the kernel has setup the
restore frame at a precise location relative to the stack pointer when
the stub is invoked.

I tried to play with some compiler flags and even with _Noreturn and
__builtin_unreachable after the asm does not help (and Sparc does not
support naked functions).

To avoid similar issues, as the stack-protector support also have
stumbled, this patch moves the implementation of the sigreturn stubs to
assembly.

Checked on sparcv9-linux-gnu and sparc64-linux-gnu with gcc 9.2.1
and gcc 7.5.0.

[1] https://lkml.org/lkml/2016/5/27/465
2020-03-06 13:17:20 -03:00
Tulio Magno Quites Machado Filho
d2b2acefa6 ldbl-128ibm: Let long double files have specific compiler flags
Soon, powerpc64le will need to provide extra compiler flags to the long
double files in order to continue to build using the IBM 128-bit
extended floating point type as long double.
2020-03-06 09:17:32 -06:00