Commit Graph

41420 Commits

Author SHA1 Message Date
Florian Weimer
5097cd344f elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717)
The old code used l_init_called as an indicator for whether TLS
initialization was complete.  However, it is possible that
TLS for an object is initialized, written to, and then dlopen
for this object is called again, and l_init_called is not true at
this point.  Previously, this resulted in TLS being initialized
twice, discarding any interim writes (technically introducing a
use-after-free bug even).

This commit introduces an explicit per-object flag, l_tls_in_slotinfo.
It indicates whether _dl_add_to_slotinfo has been called for this
object.  This flag is used to avoid double-initialization of TLS.
In update_tls_slotinfo, the first_static_tls micro-optimization
is removed because preserving the initalization flag for subsequent
use by the second loop for static TLS is a bit complicated, and
another per-object flag does not seem to be worth it.  Furthermore,
the l_init_called flag is dropped from the second loop (for static
TLS initialization) because l_need_tls_init on its own prevents
double-initialization.

The remaining l_init_called usage in resize_scopes and update_scopes
is just an optimization due to the use of scope_has_map, so it is
not changed in this commit.

The isupper check ensures that libc.so.6 is TLS is not reverted.
Such a revert happens if l_need_tls_init is not cleared in
_dl_allocate_tls_init for the main_thread case, now that
l_init_called is not checked anymore in update_tls_slotinfo
in elf/dl-open.c.

Reported-by: Jonathon Anderson <janderson@rice.edu>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-08-05 18:26:52 +02:00
Florian Weimer
fe06fb313b elf: Clarify and invert second argument of _dl_allocate_tls_init
Also remove an outdated comment: _dl_allocate_tls_init is
called as part of pthread_create.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-08-05 18:26:42 +02:00
Andreas Schwab
39ca997ab3 Fix name space violation in fortify wrappers (bug 32052)
Rename the identifier sz to __sz everywhere.

Fixes: a643f60c53 ("Make sure that the fortified function conditionals are constant")
2024-08-05 16:49:58 +02:00
Andreas Schwab
1b0a2062c8 iconv: Fix matching of multi-character transliterations (bug 31859)
Only return __GCONV_INCOMPLETE_INPUT for a partial match when the end of
the input buffer is reached.  Otherwise it is a non-match, and other
patterns should be tried.
2024-08-05 16:49:57 +02:00
Florian Weimer
7a630f7d33 x86: Tunables may incorrectly set Prefer_PMINUB_for_stringop (bug 32047)
Fixes commit 5bcf6265f2 ("x86:
Disable non-temporal memset on Skylake Server").

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-08-02 18:08:14 +02:00
Florian Weimer
0df48472ff x86: Add missing switch/case fall-through markers to init_cpu_features
The commits introducing these fall-throughs intended them to
happen.

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-08-02 18:08:14 +02:00
Florian Weimer
fb507de8fc stdlib: Link tst-concurrent-exit with $(shared-thread-library)
This avoids a Hurd build failure.  Fixes commit f6ba993e0c
("stdlib: Allow concurrent exit (BZ 31997)").
2024-08-02 14:45:10 +02:00
Samuel Thibault
8dc3f4f8ad hurd: Fix missing pthread_ compat symbol in libc
5476f8cd2e ("htl: move pthread_self info libc.") and
9dfa256216 ("htl: move pthread_equal into libc") to
1dc0bc8f07 ("htl: move pthread_attr_setdetachstate into libc")
moved some pthread_ symbols from libpthread.so to libc.so, but missed
adding the compat version like 5476f8cd2e ("htl: move pthread_self
info libc.") did: libc already had these symbols as forwards,
but versioned GLIBC_2.21, while the symbols in libpthread.so were
versioned GLIBC_2.12.

To fix running executables built before this, we thus have to add the
GLIBC_2.12 version, otherwise execution fails with e.g.

/usr/lib/i386-gnu/libglib-2.0.so: symbol lookup error: /usr/lib/i386-gnu/libglib-2.0.so: undefined symbol: pthread_attr_setinheritsched, version GLIBC_2.12
2024-08-01 23:58:51 +02:00
Florian Weimer
ec119972cb resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
Previous GCC versions do not support the C23 change that
allows labels on declarations.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2024-08-01 21:07:48 +02:00
H.J. Lu
ff0320bec2 Add mremap tests
Add tests for MREMAP_MAYMOVE and MREMAP_FIXED.  On Linux, also test
MREMAP_DONTUNMAP.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-08-01 05:06:12 -07:00
H.J. Lu
cb2dee4ecc mremap: Update manual entry
Update mremap manual entry:

1. Change mremap to variadic.
2. Document MREMAP_FIXED and MREMAP_DONTUNMAP.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-08-01 05:06:12 -07:00
H.J. Lu
6c40cb0e9f linux: Update the mremap C implementation [BZ #31968]
Update the mremap C implementation to support the optional argument for
MREMAP_DONTUNMAP added in Linux 5.7 since it may not always be correct
to implement a variadic function as a non-variadic function on all Linux
targets.  Return MAP_FAILED and set errno to EINVAL for unknown flag bits.
This fixes BZ #31968.

Note: A test must be added when a new flag bit is introduced.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-08-01 05:06:12 -07:00
Florian Weimer
54252394c2 Enhanced test coverage for strncmp, wcsncmp
Add string/test-strncmp-nonarray and
wcsmbs/test-wcsncmp-nonarray.

This is the test that uncovered bug 31934.  Test run time
is more than one minute on a fairly current system, so turn
these into xtests that do not run automatically.

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-08-01 09:08:32 +02:00
Florian Weimer
783d4c0b81 Enhance test coverage for strnlen, wcsnlen
This commit adds string/test-strnlen-nonarray and
wcsmbs/test-wcsnlen-nonarray.

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-08-01 09:07:34 +02:00
Noah Goldstein
e3b0b3484c stdlib: Mark abort as cold
This helps HotColdSplitting in GCC/LLVM.

Thought about doing `exit` as well since its only called once per
process, but since its easy to imagine a hot path leading into
`exit(0)`, its less clear if its profitable.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-07-31 14:26:00 +08:00
Flavio Cruz
11ad033e1c x86_64 hurd: ensure we have a large enough buffer to receive exception_raise requests.
Message-ID: <gtxd6s4s7fi7hdrlb7zayq3akij7x6jqawwq3zfl3v4nqspulo@euucuzeonrl6>
2024-07-30 16:59:12 +02:00
Adhemerval Zanella
f6ba993e0c stdlib: Allow concurrent exit (BZ 31997)
Even if C/POSIX standard states that exit is not formally thread-unsafe,
calling it more than once is UB.  The glibc already supports
it for the single-thread, and both elf/nodelete2.c and tst-rseq-disable.c
call exit from a DSO destructor (which is called by _dl_fini, registered
at program startup with __cxa_atexit).

However, there are still race issues when it is called more than once
concurrently by multiple threads.  A recent Rust PR triggered this
issue [1], which resulted in an Austin Group ask for clarification [2].
Besides it, there is a discussion to make concurrent calling not UB [3],
wtih a defined semantic where any remaining callers block until the first
call to exit has finished (reentrant calls, leaving through longjmp, and
exceptions are still undefined).

For glibc, at least reentrant calls are required to be supported to avoid
changing the current behaviour.  This requires locking using a recursive
lock, where any exit called by atexit() handlers resumes at the point of
the current handler (thus avoiding calling the current handle multiple
times).

Checked on x86_64-linux-gnu and aarch64-linux-gnu.

[1] https://github.com/rust-lang/rust/issues/126600
[2] https://austingroupbugs.net/view.php?id=1845
[3] https://www.openwall.com/lists/libc-coord/2024/07/24/4
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-07-30 08:54:23 -03:00
Adhemerval Zanella
28f8cee64a Add F_DUPFD_QUERY from Linux 6.10 to bits/fcntl-linux.h
It was added by commit c62b758bae6af16 as a way for userspace to
check if two file descriptors refer to the same struct file.

Checked on aarch64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30 08:52:52 -03:00
Adhemerval Zanella
bbb6a742c8 Add STATX_SUBVOL from Linux 6.10 to bits/statx-generic.h
Tested for aarch64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30 08:48:51 -03:00
Adhemerval Zanella
e433cdec9b Update kernel version to 6.10 in header constant tests
This patch updates the kernel version in the tests tst-mman-consts.py,
tst-mount-consts.py, and tst-pidfd-consts.py to 6.9.

There are no new constants covered by these tests in 6.10.

Tested with build-many-glibcs.py.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30 08:48:51 -03:00
Adhemerval Zanella
eb0776d4e1 Update syscall lists for Linux 6.10
Linux 6.10 changes for syscall are:

  * mseal for all architectures.
  * map_shadow_stack for x32.
  * Replace sync_file_range with sync_file_range2 for csky (which
    fixes a broken sync_file_range usage).

Update syscall-names.list and regenerate the arch-syscall.h headers
with build-many-glibcs.py update-syscalls.

Tested with build-many-glibcs.py.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30 08:48:51 -03:00
Adhemerval Zanella
f7e638f5a4 Use Linux 6.10 in build-many-glibcs.py
Tested with build-many-glibcs.py (host-libraries, compilers and glibcs
builds).
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30 08:48:51 -03:00
Michael Karcher
faeaa3bc9f
Mitigation for "clone on sparc might fail with -EFAULT for no valid reason" (bz 31394)
It seems the kernel can not deal with uncommitted stack space in the area intended
for the register window when executing the clone() system call. So create a nested
frame (proxy for the kernel frame) and flush it from the processor to memory to
force committing pages to the stack before invoking the system call.

Bug: https://www.mail-archive.com/debian-glibc@lists.debian.org/msg62592.html
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31394
See-also: https://lore.kernel.org/sparclinux/62f9be9d-a086-4134-9a9f-5df8822708af@mkarcher.dialup.fu-berlin.de/
Signed-off-by: Michael Karcher <sourceware-bugzilla@mkarcher.dialup.fu-berlin.de>
Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-29 23:00:39 +02:00
Lukas Bulwahn
aedbf08891 manual: make setrlimit() description less ambiguous
The existing description for setrlimit() has some ambiguity. It could be
understood to have the semantics of getrlimit(), i.e., the limits from the
process are stored in the provided rlp pointer.

Make the description more explicit that rlp are the input values, and that
the limits of the process is changed with this function.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-29 16:03:45 +02:00
Arjun Shankar
10de4a47ef manual/stdio: Clarify putc and putwc
The manual entry for `putc' described what "most systems" do instead of
describing the glibc implementation and its guarantees.  This commit
fixes that by warning that putc may be implemented as a macro that
double-evaluates `stream', and removing the performance claim.

Even though the current `putc' implementation does not double-evaluate
`stream', offering this obscure guarantee as an extension to what
POSIX allows does not seem very useful.

The entry for `putwc' is also edited to bring it in line with `putc'.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-29 14:55:10 +02:00
Julian Zhu
32328a5a14 MIPS: Regenerate ulps
From new tests added by 4dc22baa84.

Signed-off-by: Julian Zhu <jz531210@gmail.com>
2024-07-27 16:55:38 +02:00
Florian Weimer
a57cbbd853 malloc: Link threading tests with $(shared-thread-library)
Fixes build failures on Hurd.
2024-07-27 16:46:49 +02:00
Noah Goldstein
f6f9047459 assert: Mark __assert_fail as cold
This helps compilers split the codegen for setting up the arguments
(`__expression`, `__filename`, etc...) from the potentially hot cold
where the `assert` is to a presumably cold region on the assertion
failure path.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Sam James <sam@gentoo.org>
2024-07-26 20:41:00 +08:00
Maciej W. Rozycki
89cddc8a70 stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
Complement commit b03e4d7bd2 ("stdio: fix vfscanf with matches longer
than INT_MAX (bug 27650)") and add a test case for the issue, inspired
by the reproducer provided with the bug report.

This has been verified to succeed as from the commit referred and fail
beforehand.

As the test requires 2GiB of data to be passed around its performance
has been evaluated using a choice of systems and the execution time
determined to be respectively in the range of 9s for POWER9@2.166GHz,
24s for FU740@1.2GHz, and 40s for 74Kf@950MHz.  As this is on the verge
of and beyond the default timeout it has been increased by the factor of
8.  Regardless, following recent practice the test has been added to the
standard rather than extended set.

Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-26 13:21:34 +01:00
Maciej W. Rozycki
1b97a9f23b support: Add FAIL test failure helper
Add a FAIL test failure helper analogous to FAIL_RET, that does not
cause the current function to return, providing a standardized way to
report a test failure with a message supplied while permitting the
caller to continue executing, for further reporting, cleaning up, etc.

Update existing test cases that provide a conflicting definition of FAIL
by removing the local FAIL definition and then as follows:

- tst-fortify-syslog: provide a meaningful message in addition to the
  file name already added by <support/check.h>; 'support_record_failure'
  is already called by 'support_print_failure_impl' invoked by the new
  FAIL test failure helper.

- tst-ctype: no update to FAIL calls required, with the name of the file
  and the line number within of the failure site additionally included
  by the new FAIL test failure helper, and error counting plus count
  reporting upon test program termination also already provided by
  'support_record_failure' and 'support_report_failure' respectively,
  called by 'support_print_failure_impl' and 'adjust_exit_status' also
  respectively.  However in a number of places 'printf' is called and
  the error count adjusted by hand, so update these places to make use
  of FAIL instead.  And last but not least adjust the final summary just
  to report completion, with any error count following as reported by
  the test driver.

- test-tgmath2: no update to FAIL calls required, with the name of the
  file of the failure site additionally included by the new FAIL test
  failure helper.  Also there is no need to track the return status by
  hand as any call to FAIL will eventually cause the test case to return
  an unsuccesful exit status regardless of the return status from the
  test function, via a call to 'adjust_exit_status' made by the test
  driver.

Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-26 13:21:34 +01:00
Maciej W. Rozycki
fe47595504 posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64
Remove local FAIL macro in favor to FAIL_RET from <support/check.h>,
which provides equivalent reporting, with the name of the file of the
failure site additionally included, for the tst-truncate-common core
shared between the tst-truncate and tst-truncate64 tests.

Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-26 13:21:34 +01:00
Maciej W. Rozycki
8c98195af6 nptl: Use <support/check.h> facilities in tst-setuid3
Remove local FAIL macro in favor to FAIL_EXIT1 from <support/check.h>,
which provides equivalent reporting, with the name of the file and the
line number within of the failure site additionally included.  Remove
FAIL_ERR altogether and include ": %m" explicitly with the format string
supplied to FAIL_EXIT1 as there seems little value to have a separate
macro just for this.

Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-26 13:21:34 +01:00
Adhemerval Zanella
fe94080875 sparc: Regenerate ULPs
From new tests added by 4dc22baa84.
2024-07-25 11:06:53 -03:00
Adhemerval Zanella
65e267dcdd i386: Regenerate ULPs
From new tests added by 4dc22baa84.
2024-07-25 10:49:06 -03:00
Adhemerval Zanella
cc84f11282 arm: Regenerate ULPs
From new tests added by 4dc22baa84.
2024-07-25 10:41:34 -03:00
Adhemerval Zanella
cfc9b07346 aarch64: Regenerate ULPs
From new tests added by 4dc22baa84.
2024-07-25 10:41:30 -03:00
Adhemerval Zanella
fa00661082 powerpc: Regenerate ULPs for soft-fp
From new tests added by 4dc22baa84.
2024-07-25 10:33:40 -03:00
jeevitha
4e40c8104f powerpc: Update ulps for fpu
Adjust the ULPs for the log2p1 implementation.
2024-07-25 10:28:47 -03:00
Khem Raj
ff03b5efe6 riscv: Update ulps
Generated with make regen-ulps using gcc14 on a visionfive2 SBC.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-07-25 10:28:44 -03:00
Stefan Liebler
22958014ab s390x: Regenerate ULPs.
Needed due to:
"This patch adds larger ulp errors for the log2p1 function."
commit 4dc22baa84
2024-07-25 14:14:22 +02:00
H.J. Lu
8344c1f551 x32/cet: Support shadow stack during startup for Linux 6.10
Use RXX_LP in RTLD_START_ENABLE_X86_FEATURES.  Support shadow stack during
startup for Linux 6.10:

commit 2883f01ec37dd8668e7222dfdb5980c86fdfe277
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Mar 15 07:04:33 2024 -0700

    x86/shstk: Enable shadow stacks for x32

    1. Add shadow stack support to x32 signal.
    2. Use the 64-bit map_shadow_stack syscall for x32.
    3. Set up shadow stack for x32.

Add the map_shadow_stack system call to <fixup-asm-unistd.h> and regenerate
arch-syscall.h.  Tested on Intel Tiger Lake with CET enabled x32.  There
are no regressions with CET enabled x86-64.  There are no changes in CET
enabled x86-64 _dl_start_user.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-07-25 00:17:21 -07:00
H.J. Lu
652c6cf269 x86-64: Remove sysdeps/x86_64/x32/dl-machine.h
Remove sysdeps/x86_64/x32/dl-machine.h by folding x32 ARCH_LA_PLTENTER,
ARCH_LA_PLTEXIT and RTLD_START into sysdeps/x86_64/dl-machine.h.  There
are no regressions on x86-64 nor x32.  There are no changes in x86-64
_dl_start_user.  On x32, _dl_start_user changes are

 <_dl_start_user>:
 	mov    %eax,%r12d
+	mov    %esp,%r13d
 	mov    (%rsp),%edx
 	mov    %edx,%esi
-	mov    %esp,%r13d
 	and    $0xfffffff0,%esp
 	mov    0x0(%rip),%edi        # <_dl_start_user+0x14>
 	lea    0x8(%r13,%rdx,4),%ecx

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-07-25 00:17:21 -07:00
John David Anglin
431c1be28e hppa: Update libm-test-ulps 2024-07-24 16:43:01 -04:00
Florian Weimer
90842d3980 manual: Do not mention STATIC_TLS in dynamic linker hardening recommendations
The current toolchain does not consistently generate it, and
glibc does not use it.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2024-07-24 12:50:17 +02:00
Florian Weimer
765325951a resolv: Implement strict-error stub resolver option (bug 27929)
For now, do not enable this mode by default due to the potential
impact on compatibility with existing deployments.

Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-24 12:10:37 +02:00
Florian Weimer
95f61610f3 resolv: Support clearing option flags with a “-” prefix (bug 14799)
I think using a “-” prefix is less confusing than introducing
double-negation construct (“no-no-tld-query”).

Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-24 12:07:45 +02:00
Florian Weimer
af625987d6 resolv: Do not wait for non-existing second DNS response after error (bug 30081)
In single-request mode, there is no second response after an error
because the second query has not been sent yet.  Waiting for it
introduces an unnecessary timeout.

Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-24 12:07:24 +02:00
Florian Weimer
691a3b2e9b resolv: Allow short error responses to match any query (bug 31890)
Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-24 12:07:04 +02:00
Miguel Martín
b0fbcb7d00 malloc: add multi-threaded tests for aligned_alloc/calloc/malloc
Improve aligned_alloc/calloc/malloc test coverage by adding
multi-threaded tests with random memory allocations and with/without
cross-thread memory deallocations.

Perform a number of memory allocation calls with random sizes limited
to 0xffff.

Use the existing DSO ('malloc/tst-aligned_alloc-lib.c') to randomize
allocator selection.

The multi-threaded allocation/deallocation is staged as described below:

- Stage 1: Half of the threads will be allocating memory and the
  other half will be waiting for them to finish the allocation.
- Stage 2: Half of the threads will be allocating memory and the
  other half will be deallocating memory.
- Stage 3: Half of the threads will be deallocating memory and the
  second half waiting on them to finish.

Add 'malloc/tst-aligned-alloc-random-thread.c' where each thread will
deallocate only the memory that was previously allocated by itself.

Add 'malloc/tst-aligned-alloc-random-thread-cross.c' where each thread
will deallocate memory that was previously allocated by another thread.

The intention is to be able to utilize existing malloc testing to ensure
that similar allocation APIs are also exposed to the same rigors.
Reviewed-by: Arjun Shankar <arjun@redhat.com>
2024-07-22 11:54:46 +02:00
Miguel Martín
9a27b566b2 malloc: avoid global locks in tst-aligned_alloc-lib.c
Make sure the DSO used by aligned_alloc/calloc/malloc tests does not get
a global lock on multithreaded tests.
Reviewed-by: Arjun Shankar <arjun@redhat.com>
2024-07-22 11:54:46 +02:00