Commit Graph

1697 Commits

Author SHA1 Message Date
Sergey Bugaev
41aac87234 hurd: Make _exit work during early boot-up
If any of the early boot-up tasks calls exit () or returns from main (),
terminate it properly instead of crashing on trying to dereference
_hurd_ports and getting forcibly terminated by the kernel.

We sadly cannot make the __USEPORT macro do the check for _hurd_ports
being unset, because it evaluates to the value of the expression
provided as the second argument, and that can be of any type; so there
is no single suitable fallback value for the macro to evaluate to in
case _hurd_ports is unset. Instead, each use site that wants to care for
this case will have to do its own checking.

Checked on x86_64-gnu.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-4-bugaevc@gmail.com>
2023-04-29 16:53:47 +02:00
Joseph Myers
af16a59ee1 Fix Hurd getcwd build with GCC >= 13
The build of glibc for i686-gnu has been failing for a while with GCC
mainline / GCC 13:

../sysdeps/mach/hurd/getcwd.c: In function '__hurd_canonicalize_directory_name_internal':
../sysdeps/mach/hurd/getcwd.c:242:48: error: pointer 'file_name' may be used after 'realloc' [-Werror=use-after-free]
  242 |                   file_namep = &buf[file_namep - file_name + size / 2];
      |                                     ~~~~~~~~~~~^~~~~~~~~~~
../sysdeps/mach/hurd/getcwd.c:236:25: note: call to 'realloc' here
  236 |                   buf = realloc (file_name, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~

Fix by doing the subtraction before the reallocation.

Tested with build-many-glibcs.py for i686-gnu.

[samuel.thibault@ens-lyon.rg: Removed mention of this being a bug]

Message-Id: <18587337-7815-4056-ebd0-724df262d591@codesourcery.com>
2023-04-27 01:27:28 +02:00
Joseph Myers
bcca5ae804 Regenerate sysdeps/mach/hurd/bits/errno.h
This file was out of date, as shown by build-many-glibcs.py runs
resulting in a modified source directory.
2023-04-26 17:11:41 +00:00
Samuel Thibault
323fe6a1a9 hurd: Do not take any flag from the CMSG_DATA
As fixed in 0822e3552a ("hurd: Don't pass FD_CLOEXEC in CMSG_DATA"),
senders currently don't have any flag to pass.  We shouldn't blindly take
random flags that senders could be erroneously giving us.
2023-04-25 00:14:58 +02:00
Sergey Bugaev
5fa8945605 hurd: Implement MSG_CMSG_CLOEXEC
This is a new flag that can be passed to recvmsg () to make it
atomically set the CLOEXEC flag on all the file descriptors received
using the SCM_RIGHTS mechanism. This is useful for all the same reasons
that the other XXX_CLOEXEC flags are useful: namely, it provides
atomicity with respect to another thread of the same process calling
(fork and then) exec at the same time.

This flag is already supported on Linux and FreeBSD. The flag's value,
0x40000, is choosen to match FreeBSD's.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230423160548.126576-2-bugaevc@gmail.com>
2023-04-24 23:09:50 +02:00
Samuel Thibault
0822e3552a hurd: Don't pass FD_CLOEXEC in CMSG_DATA
The flags are used by _hurd_intern_fd, which takes O_* flags, not FD_*.

Also, it is of no concern to the receiving process whether or not
the sender process wants to close its copy of sent file descriptor
upon exec, and it should not influence whether or not the received
file descriptor gets the FD_CLOEXEC flag set in the receiving process.

The latter should in fact be dependent on the MSG_CMSG_CLOEXEC flag
being passed to the recvmsg () call, which is going to be implemented
in the following commit.

Fixes 344e755248
"hurd: Support sending file descriptors over Unix sockets"

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-24 23:05:15 +02:00
Sergey Bugaev
c02b26455b hurd: Implement prefer_map_32bit_exec tunable
This makes the prefer_map_32bit_exec tunable no longer Linux-specific.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230423215526.346009-4-bugaevc@gmail.com>
2023-04-24 22:48:35 +02:00
Sergey Bugaev
35b7bf2fe0 hurd: Don't attempt to deallocate MACH_PORT_DEAD
...in some more places.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230423215526.346009-2-bugaevc@gmail.com>
2023-04-24 22:44:53 +02:00
Sergey Bugaev
4c39333050 hurd: Only deallocate addrport when it's valid
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230423160548.126576-3-bugaevc@gmail.com>
2023-04-24 22:44:18 +02:00
Sergey Bugaev
70b9173caa hurd: Implement MAP_32BIT
This is a flag that can be passed to mmap () to request that the mapping
being established should be located in the lower 2 GB area of the
address space, so only the lower 31 (not 32) bits can be set in its
address, and the address can be represented as a 32-bit integer without
truncating it.

This flag is intended to be compatible with Linux, FreeBSD, and Darwin
flags of the same name. Out of those systems, it appears Linux and
FreeBSD take MAP_32BIT to mean "map 31 bit", whereas Darwin allows the
32nd bit to be set in the address as well. The Hurd follows Linux and
FreeBSD behavior.

Unlike on those systems, on the Hurd MAP_32BIT is defined on all
supported architectures (which currently are only i386 and x86_64).

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230423215526.346009-1-bugaevc@gmail.com>
2023-04-24 22:42:12 +02:00
Sergey Bugaev
8e78a2e1d1 hurd: Don't migrate reply port into __init1_tcbhead
Properly differentiate between setting up the real TLS with
TLS_INIT_TP, and setting up the early TLS (__init1_tcbhead) in static
builds. In the latter case, don't yet migrate the reply port into the
TCB, and don't yet set __libc_tls_initialized to 1.

This also lets us move the __init1_desc assignment inside
_hurd_tls_init ().

Fixes cd019ddd89
"hurd: Don't leak __hurd_reply_port0"

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-21 03:02:04 +02:00
Sergey Bugaev
88cc282a9a hurd: Make dl-sysdep's open () cope with O_IGNORE_CTTY
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230419160207.65988-6-bugaevc@gmail.com>
2023-04-20 23:05:54 +02:00
Sergey Bugaev
8895a99c10 hurd: Microoptimize sigreturn
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-18 16:20:09 +02:00
Sergey Bugaev
e411e31b7b hurd: Fix restoring reply port in sigreturn
We must not use the user's reply port (scp->sc_reply_port) for any of
our own RPCs, otherwise various things break. So, use MACH_PORT_DEAD as
a reply port when destroying our reply port, and make sure to do this
after _hurd_sigstate_unlock (), which may do a gsync_wake () RPC.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-17 21:00:02 +02:00
Sergey Bugaev
e275690332 hurd: Only check for TLS initialization inside rtld or in static builds
When glibc is built as a shared library, TLS is always initialized by
the call of TLS_INIT_TP () macro made inside the dynamic loader, prior
to running the main program (see dl-call_tls_init_tp.h). We can take
advantage of this: we know for sure that __LIBC_NO_TLS () will evaluate
to 0 in all other cases, so let the compiler know that explicitly too.

Also, only define _hurd_tls_init () and TLS_INIT_TP () under the same
conditions (either !SHARED or inside rtld), to statically assert that
this is the case.

Other than a microoptimization, this also helps with avoiding awkward
sharing of the __libc_tls_initialized variable between ld.so and libc.so
that we would have to do otherwise -- we know for sure that no sharing
is required, simply because __libc_tls_initialized would always be set
to true inside libc.so.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-25-bugaevc@gmail.com>
2023-04-14 10:31:22 +00:00
Sergey Bugaev
ba00d787f3 hurd: Remove __hurd_local_reply_port
Now that the signal code no longer accesses it, the only real user of it
was mig-reply.c, so move the logic for managing the port there.

If we're in SHARED and outside of rtld, we know that __LIBC_NO_TLS ()
always evaluates to 0, and a TLS reply port will always be used, not
__hurd_reply_port0. Still, the compiler does not see that
__hurd_reply_port0 is never used due to its address being taken. To deal
with this, explicitly compile out __hurd_reply_port0 when we know we
won't use it.

Also, instead of accessing the port via THREAD_SELF->reply_port, this
uses THREAD_GETMEM and THREAD_SETMEM directly, avoiding possible
miscompilations.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-14 10:31:22 +00:00
Samuel Thibault
decf02d382 hurd: Mark two tests as unsupported
They make the whole testsuite hang/crash.
2023-04-13 02:02:38 +02:00
Samuel Thibault
6538a288be hurd: Restore destroying receive rights on sigreturn
Just subtracting a ref is making signal/tst-signal signal/tst-raise
signal/tst-minsigstksz-5 htl/tst-raise1 fail.
2023-04-13 00:49:16 +02:00
Samuel Thibault
5473a1747a Revert "hurd: Only check for TLS initialization inside rtld or in static builds"
This reverts commit b37899d34d.

Apparently we load libc.so (and thus start using its functions) before
calling TLS_INIT_TP, so libc.so functions should not actually assume
that TLS is always set up.
2023-04-11 18:45:47 +00:00
Sergey Bugaev
cd019ddd89 hurd: Don't leak __hurd_reply_port0
Previously, once we set up TLS, we would implicitly switch from using
__hurd_reply_port0 to reply_port inside the TCB, leaving the former
unused. But we never deallocated it, so it got leaked.

Instead, migrate the port into the new TCB's reply_port slot. This
avoids both the port leak and an extra syscall to create a new reply
port for the TCB.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-28-bugaevc@gmail.com>
2023-04-11 00:24:40 +02:00
Sergey Bugaev
747812349d hurd: Improve reply port handling when exiting signal handlers
If we're doing signals, that means we've already got the signal thread
running, and that implies TLS having been set up. So we know that
__hurd_local_reply_port will resolve to THREAD_SELF->reply_port, and can
access that directly using the THREAD_GETMEM and THREAD_SETMEM macros.
This avoids potential miscompilations, and should also be a tiny bit
faster.

Also, use mach_port_mod_refs () and not mach_port_destroy () to destroy
the receive right. mach_port_destroy () should *never* be used on
mach_task_self (); this can easily lead to port use-after-free
vulnerabilities if the task has any other references to the same port.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-26-bugaevc@gmail.com>
2023-04-10 23:54:28 +02:00
Sergey Bugaev
b37899d34d hurd: Only check for TLS initialization inside rtld or in static builds
When glibc is built as a shared library, TLS is always initialized by
the call of TLS_INIT_TP () macro made inside the dynamic loader, prior
to running the main program (see dl-call_tls_init_tp.h). We can take
advantage of this: we know for sure that __LIBC_NO_TLS () will evaluate
to 0 in all other cases, so let the compiler know that explicitly too.

Also, only define _hurd_tls_init () and TLS_INIT_TP () under the same
conditions (either !SHARED or inside rtld), to statically assert that
this is the case.

Other than a microoptimization, this also helps with avoiding awkward
sharing of the __libc_tls_initialized variable between ld.so and libc.so
that we would have to do otherwise -- we know for sure that no sharing
is required, simply because __libc_tls_initialized would always be set
to true inside libc.so.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-25-bugaevc@gmail.com>
2023-04-10 23:33:30 +02:00
Sergey Bugaev
60f9bf9746 hurd: Port trampoline.c to x86_64
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230403115621.258636-3-bugaevc@gmail.com>
2023-04-10 20:44:43 +02:00
Sergey Bugaev
645da826bb hurd: Do not declare local variables volatile
These are just regular local variables that are not accessed in any
funny ways, not even though a pointer. There's absolutely no reason to
declare them volatile. It only ends up hurting the quality of the
generated machine code.

If anything, it would make sense to decalre sigsp as *pointing* to
volatile memory (volatile void *sigsp), but evidently that's not needed
either.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230403115621.258636-2-bugaevc@gmail.com>
2023-04-10 20:42:28 +02:00
Sergey Bugaev
892f702827 hurd: Implement x86_64/intr-msg.h
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-18-bugaevc@gmail.com>
2023-04-10 20:39:28 +02:00
Sergey Bugaev
57df0f16b4 hurd: Add sys/ucontext.h and sigcontext.h for x86_64
This is based on the Linux port's version, but laid out to match Mach's
struct i386_thread_state, much like the i386 version does.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-10 20:11:43 +02:00
Flavio Cruz
f7f7dd8009 hurd: Stop depending on the default_pager stubs provided by gnumach
The hurd source tree already provides the same stubs and they are only
needed there.
Message-Id: <ZDN3rDdjMowtUWf7@jupiter.tail36e24.ts.net>
2023-04-10 19:01:52 +02:00
Guy-Fleury Iteriteka
5476f8cd2e htl: move pthread_self info libc.
Signed-off-by: Guy-Fleury Iteriteka <gfleury@disroot.org>
Message-Id: <20230318095826.1125734-4-gfleury@disroot.org>
2023-04-05 01:26:36 +02:00
Guy-Fleury Iteriteka
f987e9b7a3 htl: move ___pthread_self into libc.
sysdeps/mach/hurd/htl/pt-pthread_self.c: New file.
htl/Makefile: .. Add it to libc routine.
sysdeps/mach/hurd/htl/pt-sysdep.c(__pthread_self): Remove it.
sysdeps/mach/hurd/htl/pt-sysdep.h(__pthread_self): Add hidden propertie.
htl/Versions(__pthread_self) Version it as private symbol.

Signed-off-by: Guy-Fleury Iteriteka <gfleury@disroot.org>
Message-Id: <20230318095826.1125734-3-gfleury@disroot.org>
2023-04-05 01:26:34 +02:00
Sergey Bugaev
17841fa7d4 hurd: Add vm_param.h for x86_64
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-30-bugaevc@gmail.com>
2023-04-03 01:24:13 +02:00
Sergey Bugaev
20427b8f23 hurd: Implement _hurd_longjmp_thread_state for x86_64
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-29-bugaevc@gmail.com>
2023-04-03 01:23:30 +02:00
Sergey Bugaev
e0bbae0062 htl: Implement thread_set_pcsptp for x86_64
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-23-bugaevc@gmail.com>
2023-04-03 01:18:27 +02:00
Sergey Bugaev
d8b69e89d8 hurd: Move a couple of signal-related files to x86
These do not need any changes to be used on x86_64.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-20-bugaevc@gmail.com>
2023-04-03 01:14:51 +02:00
Sergey Bugaev
a1fbae7527 hurd: Use uintptr_t for register values in trampoline.c
This is more correct, if only because these fields are defined as having
the type unsigned int in the Mach headers, so casting them to a signed
int and then back is suboptimal.

Also, remove an extra reassignment of uesp -- this is another remnant of
the ecx kludge.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-16-bugaevc@gmail.com>
2023-04-03 01:13:28 +02:00
Sergey Bugaev
b43cb67457 hurd: Move rtld-strncpy-c.c out of mach/hurd/
There's nothing Mach- or Hurd-specific about it; any port that ends
up with rtld pulling in strncpy will need this.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-15-bugaevc@gmail.com>
2023-04-03 01:10:23 +02:00
Sergey Bugaev
0001a23f7a hurd: More 64-bit integer casting fixes
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-13-bugaevc@gmail.com>
2023-04-03 01:03:06 +02:00
Sergey Bugaev
af2942cc62 mach, hurd: Drop __libc_lock_self0
This was used for the value of libc-lock's owner when TLS is not yet set
up, so THREAD_SELF can not be used. Since the value need not be anything
specific -- it just has to be non-NULL -- we can just use a plain
constant, such as (void *) 1, for this. This avoids accessing the symbol
through GOT, and exporting it from libc.so in the first place.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-12-bugaevc@gmail.com>
2023-04-03 01:02:44 +02:00
Sergey Bugaev
71232da3b3 hurd: Remove __hurd_threadvar_stack_{offset,mask}
Noone is or should be using __hurd_threadvar_stack_{offset,mask}, we
have proper TLS now. These two remaining variables are never set to
anything other than zero, so any code that would try to use them as
described would just dereference a zero pointer and crash. So remove
them entirely.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-6-bugaevc@gmail.com>
2023-04-03 00:53:25 +02:00
Adhemerval Zanella Netto
f65ca70dea libio: Do not autogenerate stdio_lim.h
Instead define the required fields in system dependend files.  The only
system dependent definition is FILENAME_MAX, which should match POSIX
PATH_MAX, and it is obtained from either kernel UAPI or mach headers.
Currently set pre-defined value from current kernels.

It avoids a circular dependendy when including stdio.h in
gen-as-const-headers files.

Checked on x86_64-linux-gnu and i686-linux-gnu
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00
Adhemerval Zanella Netto
88677348b4 Move libc_freeres_ptrs and libc_subfreeres to hidden/weak functions
They are both used by __libc_freeres to free all library malloc
allocated resources to help tooling like mtrace or valgrind with
memory leak tracking.

The current scheme uses assembly markers and linker script entries
to consolidate the free routine function pointers in the RELRO segment
and to be freed buffers in BSS.

This patch changes it to use specific free functions for
libc_freeres_ptrs buffers and call the function pointer array directly
with call_function_static_weak.

It allows the removal of both the internal macros and the linker
script sections.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00
Joseph Myers
dee2bea048 C2x scanf binary constant handling
C2x adds binary integer constants starting with 0b or 0B, and supports
those constants for the %i scanf format (in addition to the %b format,
which isn't yet implemented for scanf in glibc).  Implement that scanf
support for glibc.

As with the strtol support, this is incompatible with previous C
standard versions, in that such an input string starting with 0b or 0B
was previously required to be parsed as 0 (with the rest of the input
potentially matching subsequent parts of the scanf format string).
Thus this patch adds 12 new __isoc23_* functions per long double
format (12, 24 or 36 depending on how many long double formats the
glibc configuration supports), with appropriate header redirection
support (generally very closely following that for the __isoc99_*
scanf functions - note that __GLIBC_USE (DEPRECATED_SCANF) takes
precedence over __GLIBC_USE (C2X_STRTOL), so the case of GNU
extensions to C89 continues to get old-style GNU %a and does not get
this new feature).  The function names would remain as __isoc23_* even
if C2x ends up published in 2024 rather than 2023.

When scanf %b support is added, I think it will be appropriate for all
versions of scanf to follow C2x rules for inputs to the %b format
(given that there are no compatibility concerns for a new format).

Tested for x86_64 (full glibc testsuite).  The first version was also
tested for powerpc (32-bit) and powerpc64le (stdio-common/ and wcsmbs/
tests), and with build-many-glibcs.py.
2023-03-02 19:10:37 +00:00
Sergey Bugaev
60b21327b1 hurd: Remove the ecx kludge
"We don't need it any more"

The INTR_MSG_TRAP macro in intr-msg.h used to play little trick with
the stack pointer: it would temporarily save the "real" stack pointer
into ecx, while setting esp to point to just before the message buffer,
and then invoke the mach_msg trap. This way, INTR_MSG_TRAP reused the
on-stack arguments laid out for the containing call of
_hurd_intr_rpc_mach_msg (), passing them to the mach_msg trap directly.

This, however, required special support in hurdsig.c and trampoline.c,
since they now had to recognize when a thread is inside the piece of
code where esp doesn't point to the real tip of the stack, and handle
this situation specially.

Commit 1d20f33ff4 has removed the actual
temporary change of esp by actually re-pushing mach_msg arguments onto
the stack, and popping them back at end. It did not, however, deal with
the rest of "the ecx kludge" code in other files, resulting in potential
crashes if a signal arrives in the middle of pushing arguments onto the
stack.

Fix that by removing "the ecx kludge". Instead, when we want a thread
to skip the RPC, but cannot make just make it jump to after the trap
since it's not done adjusting the stack yet, set the SYSRETURN register
to MACH_SEND_INTERRUPTED (as we do anyway), and rely on the thread
itself for detecting this case and skipping the RPC.

This simplifies things somewhat and paves the way for a future x86_64
port of this code.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230301162355.426887-1-bugaevc@gmail.com>
2023-03-02 00:32:55 +01:00
Sergey Bugaev
f6cf701efc hurd: Implement TLS for x86_64
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230221211932.296459-4-bugaevc@gmail.com>
2023-02-27 23:22:40 +01:00
Sergey Bugaev
af0a16a863 htl: Make pthread_mutex_t pointer-aligned
This is for future-proofing. On i386, it is 4-byte aligned anyway, but
on x86_64, we want it 8-byte aligned, not 4-byte aligned.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230214173722.428140-4-bugaevc@gmail.com>
2023-02-27 23:12:36 +01:00
Sergey Bugaev
9168964965 hurd: Generalize init-first.c to support x86_64
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230223151436.49180-2-bugaevc@gmail.com>
2023-02-24 20:44:03 +01:00
Sergey Bugaev
b020355f38 hurd: Simplify init-first.c further
This drops all of the return address rewriting kludges. The only
remaining hack is the jump out of a call stack while adjusting the
stack pointer.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-02-24 19:40:33 +00:00
Samuel Thibault
48b8c7cfe8 hurd: Mark some audit tests as unsupported
They hang the testsuite.
2023-02-24 20:36:30 +01:00
Samuel Thibault
7db0f731b1 htl: Mark select loop test as unsupported
It overflows pflocal and doesn't manage to terminate.
2023-02-24 20:34:34 +01:00
Samuel Thibault
2352b407c9 hurd: Mark RLIMIT_AS tests as unsupported
Otherwise they put the system on its knees.
2023-02-24 20:28:15 +01:00
Flavio Cruz
b5b27ff151 Define PC, SP and SYSRETURN for hurd x86_64
Moved thread_state.h to x86 directory since we only need to customize
those 3 definitions.
Message-Id: <Y+x4xrsDMkAomncO@jupiter.tail36e24.ts.net>
2023-02-20 01:33:15 +01:00
Sergey Bugaev
90ab316b02 hurd: Simplify init-first.c a bit
And make it a bit more 64-bit ready. This is in preparation to moving this
file into x86/

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230218203717.373211-6-bugaevc@gmail.com>
2023-02-20 00:42:39 +01:00
Sergey Bugaev
ee10f5dfd8 hurd: Make timer_t pointer-sized
This ensures that a timer_t value can be cast to struct timer_node *
and back.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230218203717.373211-5-bugaevc@gmail.com>
2023-02-20 00:34:56 +01:00
Sergey Bugaev
80c2c1432d hurd: Fix xattr function return type
They all return int, not size_t.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230218203717.373211-4-bugaevc@gmail.com>
2023-02-20 00:34:07 +01:00
Sergey Bugaev
32fff41bde hurd: Use proper integer types
Fix a few more cases of build errors caused by mismatched types. This is a
continuation of f4315054b4.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230218203717.373211-3-bugaevc@gmail.com>
2023-02-20 00:33:47 +01:00
Sergey Bugaev
e48f33e76b hurd: Move thread state manipulation into _hurd_tls_new ()
This is going to be done differently on x86_64.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230218203717.373211-2-bugaevc@gmail.com>
2023-02-20 00:32:35 +01:00
Flavio Cruz
26c1769509 [hurd] Fix i686 build breakage caused by 4fedebc911
Message-Id: <Y+8bqZzYTl7WaUm7@jupiter.tail36e24.ts.net>
2023-02-17 11:21:28 +01:00
Joseph Myers
64924422a9 C2x strtol binary constant handling
C2x adds binary integer constants starting with 0b or 0B, and supports
those constants in strtol-family functions when the base passed is 0
or 2.  Implement that strtol support for glibc.

As discussed at
<https://sourceware.org/pipermail/libc-alpha/2020-December/120414.html>,
this is incompatible with previous C standard versions, in that such
an input string starting with 0b or 0B was previously required to be
parsed as 0 (with the rest of the string unprocessed).  Thus, as
proposed there, this patch adds 20 new __isoc23_* functions with
appropriate header redirection support.  This patch does *not* do
anything about scanf %i (which will need 12 new functions per long
double variant, so 12, 24 or 36 depending on the glibc configuration),
instead leaving that for a future patch.  The function names would
remain as __isoc23_* even if C2x ends up published in 2024 rather than
2023.

Making this change leads to the question of what should happen to
internal uses of these functions in glibc and its tests.  The header
redirection (which applies for _GNU_SOURCE or any other feature test
macros enabling C2x features) has the effect of redirecting internal
uses but without those uses then ending up at a hidden alias (see the
comment in include/stdio.h about interaction with libc_hidden_proto).
It seems desirable for the default for internal uses to be the same
versions used by normal code using _GNU_SOURCE, so rather than doing
anything to disable that redirection, similar macro definitions to
those in include/stdio.h are added to the include/ headers for the new
functions.

Given that the default for uses in glibc is for the redirections to
apply, the next question is whether the C2x semantics are correct for
all those uses.  Uses with the base fixed to 10, 16 or any other value
other than 0 or 2 can be ignored.  I think this leaves the following
internal uses to consider (an important consideration for review of
this patch will be both whether this list is complete and whether my
conclusions on all entries in it are correct):

benchtests/bench-malloc-simple.c
benchtests/bench-string.h
elf/sotruss-lib.c
math/libm-test-support.c
nptl/perf.c
nscd/nscd_conf.c
nss/nss_files/files-parse.c
posix/tst-fnmatch.c
posix/wordexp.c
resolv/inet_addr.c
rt/tst-mqueue7.c
soft-fp/testit.c
stdlib/fmtmsg.c
support/support_test_main.c
support/test-container.c
sysdeps/pthread/tst-mutex10.c

I think all of these places are OK with the new semantics, except for
resolv/inet_addr.c, where the POSIX semantics of inet_addr do not
allow for binary constants; thus, I changed that file (to use
__strtoul_internal, whose semantics are unchanged) and added a test
for this case.  In the case of posix/wordexp.c I think accepting
binary constants is OK since POSIX explicitly allows additional forms
of shell arithmetic expressions, and in stdlib/fmtmsg.c SEV_LEVEL is
not in POSIX so again I think accepting binary constants is OK.

Functions such as __strtol_internal, which are only exported for
compatibility with old binaries from when those were used in inline
functions in headers, have unchanged semantics; the __*_l_internal
versions (purely internal to libc and not exported) have a new
argument to specify whether to accept binary constants.

As well as for the standard functions, the header redirection also
applies to the *_l versions (GNU extensions), and to legacy functions
such as strtoq, to avoid confusing inconsistency (the *q functions
redirect to __isoc23_*ll rather than needing their own __isoc23_*
entry points).  For the functions that are only declared with
_GNU_SOURCE, this means the old versions are no longer available for
normal user programs at all.  An internal __GLIBC_USE_C2X_STRTOL macro
is used to control the redirections in the headers, and cases in glibc
that wish to avoid the redirections - the function implementations
themselves and the tests of the old versions of the GNU functions -
then undefine and redefine that macro to allow the old versions to be
accessed.  (There would of course be greater complexity should we wish
to make any of the old versions into compat symbols / avoid them being
defined at all for new glibc ABIs.)

strtol_l.c has some similarity to strtol.c in gnulib, but has already
diverged some way (and isn't listed at all at
https://sourceware.org/glibc/wiki/SharedSourceFiles unlike strtoll.c
and strtoul.c); I haven't made any attempts at gnulib compatibility in
the changes to that file.

I note incidentally that inttypes.h and wchar.h are missing the
__nonnull present on declarations of this family of functions in
stdlib.h; I didn't make any changes in that regard for the new
declarations added.
2023-02-16 23:02:40 +00:00
Sergey Bugaev
c57c53fa53 mach: undef ENTRY2
This macro from Mach headers conflicts with how
sysdeps/x86_64/multiarch/strcmp-sse2.S expects it to be defined.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230214173722.428140-3-bugaevc@gmail.com>
2023-02-14 20:29:55 +01:00
Sergey Bugaev
748511f0bb hurd: i386 TLS tweaks
* Micro-optimize TLS access using GCC's native support for gs-based
  addressing when available;
* Just use THREAD_GETMEM and THREAD_SETMEM instead of more inline
  assembly;
* Sync tcbhead_t layout with NPTL, in particular update/fix __private_ss
  offset;
* Statically assert that the two offsets that are a part of ABI are what
  we expect them to be.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230214173722.428140-2-bugaevc@gmail.com>
2023-02-14 20:27:11 +01:00
Sergey Bugaev
d08ae9c3fb hurd, htl: Add some x86_64-specific code
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-12-bugaevc@gmail.com>
2023-02-12 16:35:03 +01:00
Sergey Bugaev
be6d002ca2 hurd: Set up the basic tree for x86_64-gnu
And move pt-setup.c to the generic x86 tree.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-11-bugaevc@gmail.com>
2023-02-12 16:12:06 +01:00
Sergey Bugaev
4fedebc911 mach: Look for mach_i386.defs on x86_64 too
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-10-bugaevc@gmail.com>
2023-02-12 16:04:50 +01:00
Sergey Bugaev
f4315054b4 hurd: Use mach_msg_type_number_t where appropriate
It has been decided that on x86_64, mach_msg_type_number_t stays 32-bit.
Therefore, it's not possible to use mach_msg_type_number_t
interchangeably with size_t, in particular this breaks when a pointer to
a variable is passed to a MIG routine.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-3-bugaevc@gmail.com>
2023-02-12 15:52:07 +01:00
Sergey Bugaev
8a86e7b6a6 hurd: Refactor readlinkat()
Make the code flow more linear using early returns where possible. This
makes it so much easier to reason about what runs on error / successful
code paths.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-2-bugaevc@gmail.com>
2023-02-12 15:50:40 +01:00
Samuel Thibault
63550530d9 hurd: Fix unwinding over INTR_MSG_TRAP
We used to use .cfi_adjust_cfa_offset around %esp manipulation
asm instructions to fix unwinding, but when building glibc with
-fno-omit-frame-pointer this is bogus since in that case %ebp is the CFA and
does not move.

Instead, let's force -fno-omit-frame-pointer when building intr-msg.c so
that %ebp can always be used and no .cfi_adjust_cfa_offset is needed.
2023-02-09 19:58:43 +01:00
Flavio Cruz
a1dcc64c9b Move RETURN_TO to x86/sysdep.h and implement x86_64 version.
Message-Id: <Y99nfeBrTubZL9oi@jupiter.tail36e24.ts.net>
2023-02-05 12:36:38 +01:00
Flavio Cruz
5130cd77b0 Remove sysdeps/mach/i386/machine-sp.h
This file is not used today since we end up using
sysdeps/i386/htl/machine-sp.h. Getting the stack pointer does not need
to be hurd specific and can go into sysdeps/<arch>.
Message-Id: <Y9tpWs2WOgE/Duiq@jupiter.tail36e24.ts.net>
2023-02-02 19:47:47 +01:00
Samuel Thibault
e0dc827bf6 hurd: Move some i386 bits to x86
As they will actually be usable on x86_64 too.
2023-02-02 00:27:26 +01:00
Sergey Bugaev
a979b72747 hurd: Implement SHM_ANON
This adds a special SHM_ANON value that can be passed into shm_open ()
in place of a name. When called in this way, shm_open () will create a
new anonymous shared memory file. The file will be created in the same
way that other shared memory files are created (i.e., under /dev/shm/),
except that it is not given a name and therefore cannot be reached from
the file system, nor by other calls to shm_open (). This is accomplished
by utilizing O_TMPFILE.

This is intended to be compatible with FreeBSD's API of the same name.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230130125216.6254-4-bugaevc@gmail.com>
2023-02-01 23:36:11 +01:00
Sergey Bugaev
65392c8478 hurd: Implement O_TMPFILE
This is a flag that causes open () to create a new, unnamed file in the
same filesystem as the given directory. The file descriptor can be
simply used in the creating process as a temporary file, or shared with
children processes via fork (), or sent over a Unix socket. The file can
be left anonymous, in which case it will be deleted from the backing
file system once all copies of the file descriptor are closed, or given
a permanent name with a linkat () call, such as the following:

int fd = open ("/tmp", O_TMPFILE | O_RDWR, 0700);
/* Do something with the file... */
linkat (fd, "", AT_FDCWD, "/tmp/filename", AT_EMPTY_PATH);

In between creating the file and linking it to the file system, it is
possible to set the file content, mode, ownership, author, and other
attributes, so that the file visibly appears in the file system (perhaps
replacing another file) atomically, with all of its attributes already
set up.

The Hurd support for O_TMPFILE directly exposes the dir_mkfile RPC to
user programs. Previously, dir_mkfile was used by glibc internally, in
particular for implementing tmpfile (), but not exposed to user programs
through a Unix-level API.

O_TMPFILE was initially introduced by Linux. This implementation is
intended to be compatible with the Linux implementation, except that the
O_EXCL flag is not given the special meaning when used together with
O_TMPFILE, unlike on Linux.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230130125216.6254-3-bugaevc@gmail.com>
2023-02-01 23:32:21 +01:00
Carlos O'Donell
b01f976900 Regenerate configure.
Run using vanilla upstream autoconf 2.69.

Minor whitespace change to sysdeps/loongarch/configure and
sysdeps/mach/configure, and nothing else.
2023-01-31 17:51:40 -05:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Samuel Thibault
5f55b22f4b hurd getcwd: Fix memory leak on error 2023-01-02 11:36:11 +01:00
Samuel Thibault
e1a467d330 hurd fcntl: Make LOCKED macro more robust 2023-01-02 11:36:11 +01:00
Samuel Thibault
b7a5fec8b0 hurd: Make dl-sysdep __sbrk check __vm_allocate call
The caller won't be able to progress, but better crash than use random
addr.
2023-01-02 11:36:11 +01:00
Samuel Thibault
cba62c231c htl: Drop duplicate check in __pthread_stack_alloc 2023-01-02 11:36:11 +01:00
Samuel Thibault
0fb10e49ad mach: Drop remnants of old_CFLAGS 2022-12-19 02:38:38 +01:00
Samuel Thibault
7685630b98 mach: Fix passing -ffreestanding when checking for gnumach headers
8b8c768e3c ("Force use of -ffreestanding when checking for gnumach
headers") was passing -ffreestanding to CFLAGS only, but headers checks are
performed with the preprocessor, so we rather need to pass it to CPPFLAGS.
2022-12-19 02:34:55 +01:00
Flavio Cruz
8b8c768e3c Force use of -ffreestanding when checking for gnumach headers
Without this ./configure assumes that we are in a fully hosted
environment, which might not be the case. After this patch, we can rely on
the freestanding header files provided by GCC such as stdint.h.
Message-Id: <Y5+0V9osFc/zXMq0@mars>
2022-12-19 01:49:30 +01:00
Sergey Bugaev
8fb923ddc3 hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.

Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.

In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.

Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.

Tested on i686-gnu with the following program:

pthread_barrier_t barrier;

void *worker(void*) {
    pthread_barrier_wait(&barrier);
    uint32_t sum = 0;
    for (int i = 0; i < 10000; i++) {
        sum += arc4random();
    }
    return (void *)(uintptr_t) sum;
}

int main() {
    pthread_t threads[THREAD_COUNT];

    pthread_barrier_init(&barrier, NULL, THREAD_COUNT);

    for (int i = 0; i < THREAD_COUNT; i++) {
        pthread_create(&threads[i], NULL, worker, NULL);
    }
    for (int i = 0; i < THREAD_COUNT; i++) {
        void *retval;
        pthread_join(threads[i], &retval);
        printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
    }

In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 22:33:49 +01:00
Samuel Thibault
19934d629e hurd: Add sigtimedwait and sigwaitinfo support
This simply needed to add the timeout parameter to mach_msg, and copy
information from struct hurd_signal_detail.
2022-11-07 21:16:26 +01:00
Florian Weimer
1f34a23288 elf: Introduce <dl-call_tls_init_tp.h> and call_tls_init_tp (bug 29249)
This makes it more likely that the compiler can compute the strlen
argument in _startup_fatal at compile time, which is required to
avoid a dependency on strlen this early during process startup.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2022-11-03 17:28:03 +01:00
Florian Weimer
ee1ada1bdb elf: Rework exception handling in the dynamic loader [BZ #25486]
The old exception handling implementation used function interposition
to replace the dynamic loader implementation (no TLS support) with the
libc implementation (TLS support).  This results in problems if the
link order between the dynamic loader and libc is reversed (bug 25486).

The new implementation moves the entire implementation of the
exception handling functions back into the dynamic loader, using
THREAD_GETMEM and THREAD_SETMEM for thread-local data support.
These depends on Hurd support for these macros, added in commit
b65a82e4e7 ("hurd: Add THREAD_GET/SETMEM/_NC").

One small obstacle is that the exception handling facilities are used
before the TCB has been set up, so a check is needed if the TCB is
available.  If not, a regular global variable is used to store the
exception handling information.

Also rename dl-error.c to dl-catch.c, to avoid confusion with the
dlerror function.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-11-03 09:39:31 +01:00
Florian Weimer
58548b9d68 Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources
In the future, this will result in a compilation failure if the
macros are unexpectedly undefined (due to header inclusion ordering
or header inclusion missing altogether).

Assembler sources are more difficult to convert.  In many cases,
they are hand-optimized for the mangling and no-mangling variants,
which is why they are not converted.

sysdeps/s390/s390-32/__longjmp.c and sysdeps/s390/s390-64/__longjmp.c
are special: These are C sources, but most of the implementation is
in assembler, so the PTR_DEMANGLE macro has to be undefined in some
cases, to match the assembler style.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-10-18 17:04:10 +02:00
Florian Weimer
88f4b6929c Introduce <pointer_guard.h>, extracted from <sysdep.h>
This allows us to define a generic no-op version of PTR_MANGLE and
PTR_DEMANGLE.  In the future, we can use PTR_MANGLE and PTR_DEMANGLE
unconditionally in C sources, avoiding an unintended loss of hardening
due to missing include files or unlucky header inclusion ordering.

In i386 and x86_64, we can avoid a <tls.h> dependency in the C
code by using the computed constant from <tcb-offsets.h>.  <sysdep.h>
no longer includes these definitions, so there is no cyclic dependency
anymore when computing the <tcb-offsets.h> constants.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-10-18 17:03:55 +02:00
Joseph Myers
a878a1384c Regenerate sysdeps/mach/hurd/bits/errno.h
This addition to the list of source headers in
sysdeps/mach/hurd/bits/errno.h appears in the source tree after
build-many-glibcs.py runs, I'm guessing resulting from gnumach commit
c566ad85a2d6728ebc8ec0f461a3b35df300e96e.
2022-10-05 19:21:25 +00:00
Adhemerval Zanella
609c9d0951 malloc: Do not clobber errno on __getrandom_nocancel (BZ #29624)
Use INTERNAL_SYSCALL_CALL instead of INLINE_SYSCALL_CALL.  This
requires emulate the semantic for hurd call (so __arc4random_buf
uses the fallback).

Checked on x86_64-linux-gnu.

Reviewed-by: Wilco Dijkstra  <Wilco.Dijkstra@arm.com>
2022-09-30 15:25:15 -03:00
Samuel Thibault
d7f32c9958 hurd: Fix typo 2022-09-28 19:21:44 +02:00
Samuel Thibault
7de3f0a96c hurd: Increase SOMAXCONN to 4096
Notably fakeroot-tcp may introduce a lot of parallel connections.
2022-09-27 23:37:42 +02:00
Samuel Thibault
385f2ecda9 hurd: Fix SIOCADD/DELRT ioctls
The hurd network stack uses struct ifrtreq rather than ortentry.
2022-09-21 19:58:44 +02:00
Samuel Thibault
b84199eb18 hurd: Drop struct rtentry and in6_rtmsg
These were cargo-culted, they are not used at all in Hurd interfaces.
2022-09-21 19:58:44 +02:00
Damien Zammit
9ba0f010a6 hurd: Add _IOT_ifrtreq to <net/route.h>
So that we can use struct ifrtreq in ioctls.
2022-09-21 19:58:44 +02:00
Samuel Thibault
c0c9092f75 hurd: Use IF_NAMESIZE rather than IFNAMSIZ
The latter is not available without __USE_MISC.
2022-09-21 08:51:50 +02:00
Damien Zammit
ffd0b295d9 hurd: Add ifrtreq structure to net/route.h
As used by the hurdish route ioctls.
2022-09-21 00:42:13 +02:00
Samuel Thibault
7ae60af75b hurd: Factorize at/non-at functions
Non-at functions can be implemented by just calling the corresponding at
function with AT_FDCWD and zero at_flags.

In the linkat case, the at behavior is different (O_NOLINK), so this introduces
__linkat_common to pass O_NOLINK as appropriate.

lstat functions can also be implemented with fstatat by adding
__fstatat64_common which takes a flags parameter in addition to the at_flags
parameter,

In the end this factorizes chmod, chown, link, lstat64, mkdir, readlink,
rename, stat64, symlink, unlink, utimes.

This also makes __lstat, __lxstat64, __stat and __xstat64 directly use
__fstatat64_common instead of __lstat64 or __stat64.
2022-09-17 19:58:30 +00:00
Samuel Thibault
5652e12cce hurd: Make readlink* just reopen the file used for stat
9e5c991106 ("hurd: Fix readlink() hanging on fifo") separated opening
the file for the stat call from opening the file for the read call. That
however opened a small window for the file to change. Better make this
atomic by reopening the file with O_READ.
2022-09-15 21:53:57 +02:00
Samuel Thibault
9e5c991106 hurd: Fix readlink() hanging on fifo
readlink() opens the target with O_READ to be able to read the symlink
content. When the target is actually a fifo, that would hang waiting for a
writer (caught in the coreutils testsuite). We thus have to first lookup the
target without O_READ to perform io_stat and lookout for fifos, and only
after checking the symlink type, we can re-lookup with O_READ.
2022-09-14 18:57:44 +02:00
Samuel Thibault
063f7462da hurd: Fix vm_size_t incoherencies
In gnumach, 3e1702a65fb3 ("add rpc_versions for vm types") changed the type
of vm_size_t, making it always a unsigned long. This made it incompatible on
x86 with size_t. Even if we may want to revert it to unsigned int, it's
better to fix the types of parameters according to the .defs files.
2022-08-29 01:42:47 +02:00
Samuel Thibault
cb033e6b0c mach: Make xpg_strerror_r set a message on error
posix advises to have strerror_r fill a message even when we are returning
an error.

This makes mach's xpg_strerror_r do this, like the generic version does.

Spotted by the libunistring testsuite test-strerror_r
2022-08-27 14:56:35 +02:00
Samuel Thibault
03ad444e8e mach: Fix incoherency between perror and strerror
08d2024b41 ("string: Simplify strerror_r") inadvertently made
__strerror_r print unknown error system in decimal while the original
code was printing it in hexadecimal. perror was kept printing in
hexadecimal in 725eeb4af1 ("string: Use tls-internal on strerror_l"),
let us keep both coherent.

This also fixes a duplicate ':'

Spotted by the libunistring testsuite test-perror2
2022-08-27 14:36:18 +02:00
Samuel Thibault
af6b1cce98 hurd: Fix starting static binaries with stack protection enabled
gcc introduces gs:0x14 accesses in most functions, so we need some tcbhead
to be ready very early during initialization.  This configures a static area
which can be referenced by various protected functions, until proper TLS is
set up.
2022-08-22 22:34:31 +02:00
Samuel Thibault
4565083abc htl: Make pthread*_cond_timedwait register wref before releasing mutex
Otherwise another thread could be rightly trying to destroy the condition,
see e.g. tst-cond20.
2022-08-22 22:27:24 +02:00
Samuel Thibault
8bf0bc8350 htl: make __pthread_hurd_cond_timedwait_internal check mutex is held
Like __pthread_cond_timedwait_internal already does.
2022-08-22 22:25:27 +02:00
Samuel Thibault
f7b0fc5cc6 hurd: Assume non-suid during bootstrap
We do not have a hurd data block only when bootstrapping the system, in
which case we don't have a notion of suid yet anyway.

This is needed, otherwise init_standard_fds would check that standard
file descriptors are allocated, which is meaningless during bootstrap.
2022-08-19 02:26:21 +02:00
Arjun Shankar
9c443ac455 socket: Check lengths before advancing pointer in CMSG_NXTHDR
The inline and library functions that the CMSG_NXTHDR macro may expand
to increment the pointer to the header before checking the stride of
the increment against available space.  Since C only allows incrementing
pointers to one past the end of an array, the increment must be done
after a length check.  This commit fixes that and includes a regression
test for CMSG_FIRSTHDR and CMSG_NXTHDR.

The Linux, Hurd, and generic headers are all changed.

Tested on Linux on armv7hl, i686, x86_64, aarch64, ppc64le, and s390x.

[BZ #28846]

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-08-02 11:10:25 +02:00
Jason A. Donenfeld
eaad4f9e8f arc4random: simplify design for better safety
Rather than buffering 16 MiB of entropy in userspace (by way of
chacha20), simply call getrandom() every time.

This approach is doubtlessly slower, for now, but trying to prematurely
optimize arc4random appears to be leading toward all sorts of nasty
properties and gotchas. Instead, this patch takes a much more
conservative approach. The interface is added as a basic loop wrapper
around getrandom(), and then later, the kernel and libc together can
work together on optimizing that.

This prevents numerous issues in which userspace is unaware of when it
really must throw away its buffer, since we avoid buffering all
together. Future improvements may include userspace learning more from
the kernel about when to do that, which might make these sorts of
chacha20-based optimizations more possible. The current heuristic of 16
MiB is meaningless garbage that doesn't correspond to anything the
kernel might know about. So for now, let's just do something
conservative that we know is correct and won't lead to cryptographic
issues for users of this function.

This patch might be considered along the lines of, "optimization is the
root of all evil," in that the much more complex implementation it
replaces moves too fast without considering security implications,
whereas the incremental approach done here is a much safer way of going
about things. Once this lands, we can take our time in optimizing this
properly using new interplay between the kernel and userspace.

getrandom(0) is used, since that's the one that ensures the bytes
returned are cryptographically secure. But on systems without it, we
fallback to using /dev/urandom. This is unfortunate because it means
opening a file descriptor, but there's not much of a choice. Secondly,
as part of the fallback, in order to get more or less the same
properties of getrandom(0), we poll on /dev/random, and if the poll
succeeds at least once, then we assume the RNG is initialized. This is a
rough approximation, as the ancient "non-blocking pool" initialized
after the "blocking pool", not before, and it may not port back to all
ancient kernels, though it does to all kernels supported by glibc
(≥3.2), so generally it's the best approximation we can do.

The motivation for including arc4random, in the first place, is to have
source-level compatibility with existing code. That means this patch
doesn't attempt to litigate the interface itself. It does, however,
choose a conservative approach for implementing it.

Cc: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Cristian Rodríguez <crrodriguez@opensuse.org>
Cc: Paul Eggert <eggert@cs.ucla.edu>
Cc: Mark Harris <mark.hsj@gmail.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-07-27 08:58:27 -03:00
Adhemerval Zanella Netto
6f4e0fcfa2 stdlib: Add arc4random, arc4random_buf, and arc4random_uniform (BZ #4417)
The implementation is based on scalar Chacha20 with per-thread cache.
It uses getrandom or /dev/urandom as fallback to get the initial entropy,
and reseeds the internal state on every 16MB of consumed buffer.

To improve performance and lower memory consumption the per-thread cache
is allocated lazily on first arc4random functions call, and if the
memory allocation fails getentropy or /dev/urandom is used as fallback.
The cache is also cleared on thread exit iff it was initialized (so if
arc4random is not called it is not touched).

Although it is lock-free, arc4random is still not async-signal-safe
(the per thread state is not updated atomically).

The ChaCha20 implementation is based on RFC8439 [1], omitting the final
XOR of the keystream with the plaintext because the plaintext is a
stream of zeros.  This strategy is similar to what OpenBSD arc4random
does.

The arc4random_uniform is based on previous work by Florian Weimer,
where the algorithm is based on Jérémie Lumbroso paper Optimal Discrete
Uniform Generation from Coin Flips, and Applications (2013) [2], who
credits Donald E. Knuth and Andrew C. Yao, The complexity of nonuniform
random number generation (1976), for solving the general case.

The main advantage of this method is the that the unit of randomness is not
the uniform random variable (uint32_t), but a random bit.  It optimizes the
internal buffer sampling by initially consuming a 32-bit random variable
and then sampling byte per byte.  Depending of the upper bound requested,
it might lead to better CPU utilization.

Checked on x86_64-linux-gnu, aarch64-linux, and powerpc64le-linux-gnu.

Co-authored-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Yann Droneaud <ydroneaud@opteya.com>

[1] https://datatracker.ietf.org/doc/html/rfc8439
[2] https://arxiv.org/pdf/1304.1916.pdf
2022-07-22 11:58:27 -03:00
Tom Honermann
8bcca1db3d stdlib: Implement mbrtoc8, c8rtomb, and the char8_t typedef.
This change provides implementations for the mbrtoc8 and c8rtomb
functions adopted for C++20 via WG21 P0482R6 and for C2X via WG14
N2653.  It also provides the char8_t typedef from WG14 N2653.

The mbrtoc8 and c8rtomb functions are declared in uchar.h in C2X
mode or when the _GNU_SOURCE macro or C++20 __cpp_char8_t feature
test macro is defined.

The char8_t typedef is declared in uchar.h in C2X mode or when the
_GNU_SOURCE macro is defined and the C++20 __cpp_char8_t feature
test macro is not defined (if __cpp_char8_t is defined, then char8_t
is a builtin type).

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-07-06 09:29:42 -03:00
Adhemerval Zanella
81e7fdd7cc elf: Remove _dl_skip_args
Now that no architecture uses it anymore.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-05-30 16:33:54 -03:00
Adhemerval Zanella
b3528b0048 linux: Add P_PIDFD
It was added on Linux 5.4 (3695eae5fee0605f316fbaad0b9e3de791d7dfaf)
to extend waitid to wait on pidfd.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-05-17 10:34:36 -03:00
Szabolcs Nagy
ad43cac44a rtld: Use generic argv adjustment in ld.so [BZ #23293]
When an executable is invoked as

  ./ld.so [ld.so-args] ./exe [exe-args]

then the argv is adujusted in ld.so before calling the entry point of
the executable so ld.so args are not visible to it.  On most targets
this requires moving argv, env and auxv on the stack to ensure correct
stack alignment at the entry point.  This had several issues:

- The code for this adjustment on the stack is written in asm as part
  of the target specific ld.so _start code which is hard to maintain.

- The adjustment is done after _dl_start returns, where it's too late
  to update GLRO(dl_auxv), as it is already readonly, so it points to
  memory that was clobbered by the adjustment. This is bug 23293.

- _environ is also wrong in ld.so after the adjustment, but it is
  likely not used after _dl_start returns so this is not user visible.

- _dl_argv was updated, but for this it was moved out of relro, which
  changes security properties across targets unnecessarily.

This patch introduces a generic _dl_start_args_adjust function that
handles the argument adjustments after ld.so processed its own args
and before relro protection is applied.

The same algorithm is used on all targets, _dl_skip_args is now 0, so
existing target specific adjustment code is no longer used.  The bug
affects aarch64, alpha, arc, arm, csky, ia64, nios2, s390-32 and sparc,
other targets don't need the change in principle, only for consistency.

The GNU Hurd start code relied on _dl_skip_args after dl_main returned,
now it checks directly if args were adjusted and fixes the Hurd startup
data accordingly.

Follow up patches can remove _dl_skip_args and DL_ARGV_NOT_RELRO.

Tested on aarch64-linux-gnu and cross tested on i686-gnu.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-05-17 10:14:03 +01:00
Adhemerval Zanella
6fad891dfd stdio: Remove the usage of $(fno-unit-at-a-time) for siglist.c
The siglist.c is built with -fno-toplevel-reorder to avoid compiler
to reorder the compat assembly directives due an assembler
issue [1] (fixed on 2.39).

This patch removes the compiler flags by split the compat symbol
generation in two phases.  First the __sys_siglist and __sys_sigabbrev
without any compat symbol directive is preprocessed to generate an
assembly source code.  This generate assembly is then used as input
on a platform agnostic siglist.S which then creates the compat
definitions.  This prevents compiler to move any compat directive
prior the _sys_errlist definition itself.

Checked on a make check run-built-tests=no on all affected ABIs.

Reviewed-by: Fangrui Song <maskray@google.com>
2022-05-13 10:54:41 -03:00
Adhemerval Zanella
900fa25736 stdio: Remove the usage of $(fno-unit-at-a-time) for errlist.c
The errlist.c is built with -fno-toplevel-reorder to avoid compiler to
reorder the compat assembly directives due an assembler issue [1]
(fixed on 2.39).

This patch removes the compiler flags by split the compat symbol
generation in two phases.  First the _sys_errlist_internal internal
without any compat symbol directive is preprocessed to generate an
assembly source code.  This generate assembly is then used as input
on a platform agnostic errlist-data.S which then creates the compat
definitions.  This prevents compiler to move any compat directive
prior the _sys_errlist_internal definition itself.

Checked on a make check run-built-tests=no on all affected ABIs.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=29012
2022-05-13 10:54:41 -03:00
Samuel Thibault
eff158b75d hurd spawni: Fix reauthenticating closed fds
When an fd is closed, the port cell remains, but the port becomes
MACH_PORT_NULL, so we have to guard against it.
2022-05-05 02:14:43 +02:00
Fangrui Song
3e9acce8c5 elf: Remove __libc_init_secure
After 73fc4e28b9,
__libc_enable_secure_decided is always 0 and a statically linked
executable may overwrite __libc_enable_secure without considering
AT_SECURE.

The __libc_enable_secure has been correctly initialized in _dl_aux_init,
so just remove __libc_enable_secure_decided and __libc_init_secure.
This allows us to remove some startup_get*id functions from
22b79ed7f4.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-04-19 15:52:27 -07:00
Adhemerval Zanella
592b6d00aa stdio: Split __get_errname definition from errlist.c
The loader does not need to pull all __get_errlist definitions
and its size is decreased:

Before:
$ size elf/ld.so
   text    data     bss     dec     hex filename
 197774   11024     456  209254   33166 elf/ld.so

After:
$ size elf/ld.so
   text    data     bss     dec     hex filename
 191510    9936     456  201902   314ae elf/ld.so

Checked on x86_64-linux-gnu.
2022-04-15 09:37:57 -03:00
Samuel Thibault
45a8e05785 hurd: Define ELIBEXEC
So we can implement it in the exec server.
2022-04-12 22:16:40 +02:00
Adhemerval Zanella
6289d28d3c posix: Replace posix_spawnattr_tc{get,set}pgrp_np with posix_spawn_file_actions_addtcsetpgrp_np
The posix_spawnattr_tcsetpgrp_np works on a file descriptor (the
controlling terminal), so it would make more sense to actually fit
it on the file actions API.

Also, POSIX_SPAWN_TCSETPGROUP is not really required since it is
implicit by the presence of tcsetpgrp file action.

The posix/tst-spawn6.c is also fixed when TTY can is not present.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-02-02 08:34:16 -03:00
Samuel Thibault
355bc7f736 SET_RELHOOK: merge i386 and x86_64, and move to sysdeps/mach/hurd/x86
It is not Hurd-specific, but H.J. Lu wants it there.

Also, dc.a can be used to avoid hardcoding .long vs .quad and thus use
the same implementation for i386 and x86_64.
2022-02-01 20:08:25 +00:00
Florian Weimer
af121ae3e7 Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader)
The glibc 2.34 release really should have added a GLIBC_2.34
symbol to the dynamic loader. With it, we could move functions such
as dlopen or pthread_key_create that work on process-global state
into the dynamic loader (once we have fixed a longstanding issue
with static linking).  Without the GLIBC_2.34 symbol, yet another
new symbol version would be needed because old glibc will fail to
load binaries due to the missing symbol version in ld.so that newly
linked programs will require.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-01-27 18:52:05 +01:00
Adhemerval Zanella
604814121d hurd: Add posix_spawnattr_tc{get,set}pgrp_np on libc.abilist
Commit 342cc934a3 missed the update-abi for the ABI.
2022-01-26 16:22:54 -03:00
Adhemerval Zanella
342cc934a3 posix: Add terminal control setting support for posix_spawn
Currently there is no proper way to set the controlling terminal through
posix_spawn in race free manner [1].  This forces shell implementations
to keep using fork+exec when launching background process groups,
even when using posix_spawn yields better performance.

This patch adds a new GNU extension so the creating process can
configure the created process terminal group.  This is done with a new
flag, POSIX_SPAWN_TCSETPGROUP, along with two new attribute functions:
posix_spawnattr_tcsetpgrp_np, and posix_spawnattr_tcgetpgrp_np.
The function sets a new attribute, spawn-tcgroupfd, that references to
the controlling terminal.

The controlling terminal is set after the spawn-pgroup attribute, and
uses the spawn-tcgroupfd along with current creating process group
(so it is composable with POSIX_SPAWN_SETPGROUP).

To create a process and set the controlling terminal, one can use the
following sequence:

    posix_spawnattr_t attr;
    posix_spawnattr_init (&attr);
    posix_spawnattr_setflags (&attr, POSIX_SPAWN_TCSETPGROUP);
    posix_spawnattr_tcsetpgrp_np (&attr, tcfd);

If the idea is also to create a new process groups:

    posix_spawnattr_t attr;
    posix_spawnattr_init (&attr);
    posix_spawnattr_setflags (&attr, POSIX_SPAWN_TCSETPGROUP
				     | POSIX_SPAWN_SETPGROUP);
    posix_spawnattr_tcsetpgrp_np (&attr, tcfd);
    posix_spawnattr_setpgroup (&attr, 0);

The controlling terminal file descriptor is ignored if the new flag is
not set.

This interface is slight different than the one provided by QNX [2],
which only provides the POSIX_SPAWN_TCSETPGROUP flag.  The QNX
documentation does not specify how the controlling terminal is obtained
nor how it iteracts with POSIX_SPAWN_SETPGROUP.  Since a glibc
implementation is library based, it is more straightforward and avoid
requires additional file descriptor operations to request the caller
to setup the controlling terminal file descriptor (and it also allows
a bit less error handling by posix_spawn).

Checked on x86_64-linux-gnu and i686-linux-gnu.

[1] https://github.com/ksh93/ksh/issues/79
[2] https://www.qnx.com/developers/docs/7.0.0/index.html#com.qnx.doc.neutrino.lib_ref/topic/p/posix_spawn.html

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-01-25 14:07:53 -03:00
Samuel Thibault
8c86ba4463 htl: Fix cleaning the reply port
If any RPC fails, the reply port will already be deallocated.
__pthread_thread_terminate thus has to defer taking its name until the very last
__thread_terminate_release which doesn't reply a message.  But then we
have to read from the pthread structure.

This introduces __pthread_dealloc_finish() which does the recording of
the thread termination, so the slot can be reused really only just before
the __thread_terminate_release call. Only the real thread can set it, so
let's decouple this from the pthread_state by just removing the
PTHREAD_TERMINATED state and add a terminated field.
2022-01-22 02:17:19 +01:00
Samuel Thibault
41a11a5e83 hurd: optimize exec cleanup
When ports are nul we do not need to request their deallocation. It is
also useless to look for them in portnames.
2022-01-16 00:02:16 +01:00
Samuel Thibault
54dda2cdba hurd: Add __rtld_execve
It trivially execs with the same dtable, portarray and intarray, and only
has to take care of deallocating / destroying ports (file, notably).
2022-01-15 23:42:35 +01:00
Samuel Thibault
1bd7a06a95 htl: Hide __pthread_attr's __schedparam type [BZ #23088]
The content of the structure is only used internally, so we can make
__pthread_attr_getschedparam and __pthread_attr_setschedparam convert
between the public sched_param type and an internal __sched_param.

This allows to avoid to spuriously expose the sched_param type.

This fixes BZ #23088.
2022-01-15 21:31:08 +01:00
Samuel Thibault
c1105e34ac htl: Clear kernel_thread field before releasing the thread structure
Otherwise this is a use-after-free.
2022-01-15 21:31:08 +01:00
Samuel Thibault
2c040d0b90 hurd: Fix pthread_kill on exiting/ted thread
We have to drop the kernel_thread port from the thread structure, to
avoid pthread_kill's call to _hurd_thread_sigstate trying to reference
it and fail.
2022-01-15 15:11:54 +01:00
Samuel Thibault
dfb204d87f [hurd] Drop spurious #ifdef SHARED
The whole file is already #ifdef SHARED
2022-01-15 14:23:37 +01:00
Samuel Thibault
f05faf5f22 [hurd] Call _dl_sort_maps_init in _dl_sysdep_start
This follows 15a0c5730d ("elf: Fix slow DSO sorting behavior in
dynamic loader (BZ #17645)").
2022-01-15 14:21:53 +01:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Samuel Thibault
edb5ab841a hurd: Use __trivfs_server_name instead of trivfs_server_name
The latter violates namespace contraints
2022-01-01 17:51:18 +01:00
Samuel Thibault
35cf8a85ed hurd: Bump BRK_START to 0x20000000
By nowadays uses, 256MiB is not that large for the program+libraries.
Let's push the heap further to leave room for e.g. clang.
2021-12-31 18:25:49 +01:00
Samuel Thibault
8c0727af63 hurd: Avoid overzealous shared objects constraints
407765e9f2 ("hurd: Fix ELF_MACHINE_USER_ADDRESS_MASK value") switched
ELF_MACHINE_USER_ADDRESS_MASK from 0xf8000000UL to 0xf0000000UL to let
libraries etc. get loaded at 0x08000000. But
ELF_MACHINE_USER_ADDRESS_MASK is actually only meaningful for the main
program anyway, so keep it at 0xf8000000UL to prevent the program loader
from putting ld.so beyond 0x08000000. And conversely, drop the use of
ELF_MACHINE_USER_ADDRESS_MASK for shared objects, which don't need any
constraints since the program will have already be loaded by then.
2021-12-31 18:22:46 +01:00
Samuel Thibault
33e8e95cbd hurd: Make getrandom a stub inside the random translator
glibc uses /dev/urandom for getrandom(), and from version 2.34 malloc
initialization uses it. We have to detect when we are running the random
translator itself, in which case we can't read ourself.
2021-12-31 08:54:41 +01:00
Florian Weimer
5d28a8962d elf: Add _dl_find_object function
It can be used to speed up the libgcc unwinder, and the internal
_dl_find_dso_for_object function (which is used for caller
identification in dlopen and related functions, and in dladdr).

_dl_find_object is in the internal namespace due to bug 28503.
If libgcc switches to _dl_find_object, this namespace issue will
be fixed.  It is located in libc for two reasons: it is necessary
to forward the call to the static libc after static dlopen, and
there is a link ordering issue with -static-libgcc and libgcc_eh.a
because libc.so is not a linker script that includes ld.so in the
glibc build tree (so that GCC's internal -lc after libgcc_eh.a does
not pick up ld.so).

It is necessary to do the i386 customization in the
sysdeps/x86/bits/dl_find_object.h header shared with x86-64 because
otherwise, multilib installations are broken.

The implementation uses software transactional memory, as suggested
by Torvald Riegel.  Two copies of the supporting data structures are
used, also achieving full async-signal-safety.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-12-28 22:52:56 +01:00
Adhemerval Zanella
83b8d5027d malloc: Remove memusage.h
And use machine-sp.h instead.  The Linux implementation is based on
already provided CURRENT_STACK_FRAME (used on nptl code) and
STACK_GROWS_UPWARD is replaced with _STACK_GROWS_UP.
2021-12-28 14:57:57 -03:00
Samuel Thibault
ae49f218da hurd: Fix static-PIE startup
hurd initialization stages use RUN_HOOK to run various initialization
functions.  That is however using absolute addresses which need to be
relocated, which is done later by csu.  We can however easily make the
linker compute relative addresses which thus don't need a relocation.
The new SET_RELHOOK and RUN_RELHOOK macros implement this.
2021-12-28 10:28:22 +01:00
Samuel Thibault
2ce0481d26 hurd: let csu initialize tls
Since 9cec82de71 ("htl: Initialize later"), we let csu initialize
pthreads. We can thus let it initialize tls later too, to better align
with the generic order.  Initialization however accesses ports which
links/unlinks into the sigstate for unwinding.  We can however easily
skip that during initialization.
2021-12-28 10:15:52 +01:00
Samuel Thibault
7b358de1af hurd: Fix XFAIL-ing mallocfork2 tests
They are using setpshared but are outside the htl directory.
2021-12-27 22:21:08 +01:00
Samuel Thibault
1c6e6e52e5 hurd: XFAIL more tests that require setpshared support 2021-12-27 22:15:43 +01:00
Adhemerval Zanella
a4b4131355 Set default __TIMESIZE default to 64
This is expected size for newer ABIs.
2021-12-23 11:41:08 -03:00
Samuel Thibault
ec06717856 hurd: Do not set PIE_UNSUPPORTED
This is now supported.
2021-12-14 08:38:05 +01:00
Adhemerval Zanella
104d2005d5 math: Remove the error handling wrapper from hypot and hypotf
The error handling is moved to sysdeps/ieee754 version with no SVID
support.  The compatibility symbol versions still use the wrapper with
SVID error handling around the new code.  There is no new symbol version
nor compatibility code on !LIBM_SVID_COMPAT targets (e.g. riscv).

Only ia64 is unchanged, since it still uses the arch specific
__libm_error_region on its implementation.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
2021-12-13 10:08:46 -03:00
Siddhesh Poyarekar
23645707f1 Replace --enable-static-pie with --disable-default-pie
Build glibc programs and tests as PIE by default and enable static-pie
automatically if the architecture and toolchain supports it.

Also add a new configuration option --disable-default-pie to prevent
building programs as PIE.

Only the following architectures now have PIE disabled by default
because they do not work at the moment.  hppa, ia64, alpha and csky
don't work because the linker is unable to handle a pcrel relocation
generated from PIE objects.  The microblaze compiler is currently
failing with an ICE.  GNU hurd tries to enable static-pie, which does
not work and hence fails.  All these targets have default PIE disabled
at the moment and I have left it to the target maintainers to enable PIE
on their targets.

build-many-glibcs runs clean for all targets.  I also tested x86_64 on
Fedora and Ubuntu, to verify that the default build as well as
--disable-default-pie work as expected with both system toolchains.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-12-13 08:08:59 +05:30
Samuel Thibault
556a6126f8 hurd: Add rules for static PIE build
This fixes [BZ #28671].
2021-12-12 00:42:13 +01:00
Samuel Thibault
26803075e4 hurd: Fix gmon-static
We need to use crt0 for gmon-static too.
2021-12-12 00:42:12 +01:00
Florian Weimer
627f5ede70 Remove TLS_TCB_ALIGN and TLS_INIT_TCB_ALIGN
TLS_INIT_TCB_ALIGN is not actually used.  TLS_TCB_ALIGN was likely
introduced to support a configuration where the thread pointer
has not the same alignment as THREAD_SELF.  Only ia64 seems to use
that, but for the stack/pointer guard, not for storing tcbhead_t.
Some ports use TLS_TCB_OFFSET and TLS_PRE_TCB_SIZE to shift
the thread pointer, potentially landing in a different residue class
modulo the alignment, but the changes should not impact that.

In general, given that TLS variables have their own alignment
requirements, having different alignment for the (unshifted) thread
pointer and struct pthread would potentially result in dynamic
offsets, leading to more complexity.

hppa had different values before: __alignof__ (tcbhead_t), which
seems to be 4, and __alignof__ (struct pthread), which was 8
(old default) and is now 32.  However, it defines THREAD_SELF as:

/* Return the thread descriptor for the current thread.  */
# define THREAD_SELF \
  ({ struct pthread *__self;			\
	__self = __get_cr27();			\
	__self - 1;				\
   })

So the thread pointer points after struct pthread (hence __self - 1),
and they have to have the same alignment on hppa as well.

Similarly, on ia64, the definitions were different.  We have:

# define TLS_PRE_TCB_SIZE \
  (sizeof (struct pthread)						\
   + (PTHREAD_STRUCT_END_PADDING < 2 * sizeof (uintptr_t)		\
      ? ((2 * sizeof (uintptr_t) + __alignof__ (struct pthread) - 1)	\
	 & ~(__alignof__ (struct pthread) - 1))				\
      : 0))
# define THREAD_SELF \
  ((struct pthread *) ((char *) __thread_self - TLS_PRE_TCB_SIZE))

And TLS_PRE_TCB_SIZE is a multiple of the struct pthread alignment
(confirmed by the new _Static_assert in sysdeps/ia64/libc-tls.c).

On m68k, we have a larger gap between tcbhead_t and struct pthread.
But as far as I can tell, the port is fine with that.  The definition
of TCB_OFFSET is sufficient to handle the shifted TCB scenario.

This fixes commit 23c77f6018
("nptl: Increase default TCB alignment to 32").

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-12-09 23:47:49 +01:00
Adhemerval Zanella
456b3c08b6 io: Refactor close_range and closefrom
Now that Hurd implementis both close_range and closefrom (f2c996597d),
we can make close_range() a base ABI, and make the default closefrom()
implementation on top of close_range().

The generic closefrom() implementation based on __getdtablesize() is
moved to generic close_range().  On Linux it will be overriden by
the auto-generation syscall while on Hurd it will be a system specific
implementation.

The closefrom() now calls close_range() and __closefrom_fallback().
Since on Hurd close_range() does not fail, __closefrom_fallback() is an
empty static inline function set by__ASSUME_CLOSE_RANGE.

The __ASSUME_CLOSE_RANGE also allows optimize Linux
__closefrom_fallback() implementation when --enable-kernel=5.9 or
higher is used.

Finally the Linux specific tst-close_range.c is moved to io and
enabled as default.  The Linuxism and CLOSE_RANGE_UNSHARE are
guarded so it can be built for Hurd (I have not actually test it).

Checked on x86_64-linux-gnu, i686-linux-gnu, and with a i686-gnu
build.
2021-11-24 09:09:37 -03:00
Adhemerval Zanella
bc801b3a40 setjmp: Replace jmp_buf-macros.h with jmp_buf-macros.sym
It requires less boilerplate code for newer ports.  The _Static_assert
checks from internal setjmp are moved to its own internal test since
setjmp.h is included early by multiple headers (to generate
rtld-sizes.sym).

The riscv jmp_buf-macros.h check is also redundant, it is already
done by riscv configure.ac.

Checked with a build for the affected architectures.
2021-11-22 13:43:22 -03:00