This issue is similar to BZ #19235, where spurious exceptions are
created from adding 0.5 then converting to an integer.
The solution is based on Joseph's fix for BZ #19235.
[BZ #22697]
* sysdeps/powerpc/powerpc32/power4/fpu/s_llround.S (__llround):
Do not add 0.5 to integer or out-of-range arguments.
In the static pie enabled libc, crt1.o uses the same position independent
code as rcrt1.o and crt1.o is used instead of Scrt1.o when -no-pie
executables are linked. When main is not defined in the executable, but
in a shared library crt1.o is currently broken, it assumes main is local.
(glibc has a test for this but i missed it in my previous testing.)
To make both rcrt1.o and crt1.o happy with the same code, a wrapper is
introduced around main: with this crt1.o works with extern main symbol
while rcrt1.o does not depend on GOT relocations. (The change only
affects static pie enabled libc. Further simplification of start.S is
possible in the future by using the same approach for Scrt1.o too.)
* aarch64/start.S (_start): Use __wrap_main.
(__wrap_main): New local symbol.
Currently getcwd(3) can succeed without returning an absolute path
because the underlying getcwd syscall, starting with linux commit
v2.6.36-rc1~96^2~2, may succeed without returning an absolute path.
This is a conformance issue because "The getcwd() function shall
place an absolute pathname of the current working directory
in the array pointed to by buf, and return buf".
This is also a security issue because a non-absolute path returned
by getcwd(3) causes a buffer underflow in realpath(3).
Fix this by checking the path returned by getcwd syscall and falling
back to generic_getcwd if the path is not absolute, effectively making
getcwd(3) fail with ENOENT. The error code is chosen for consistency
with the case when the current directory is unlinked.
[BZ #22679]
CVE-2018-1000001
* sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to
generic_getcwd if the path returned by getcwd syscall is not absolute.
* io/tst-getcwd-abspath.c: New test.
* io/Makefile (tests): Add tst-getcwd-abspath.
The current date format prefixes one-digit days with a space, resulting
in ugly two spaces:
$ LC_ALL=hu_HU.UTF-8 date
2018. jan. 1., hétfő, 21:25:35 CET
^^
The official orthography rules doesn't contain an explicit rule about
this (which already gives no sane reason for double space), and an
implicit example of "1848. március 9." under bullet point 296 at
http://helyesiras.mta.hu/helyesiras/default/akh12 contains a single
space only. It's sure not convincing on an HTML page, but I confirm
that the official book edition (e.g.
https://www.libri.hu/en/konyv/a-magyar-helyesiras-szabalyai-32.html)
also contains a single space there.
[BZ #22657]
* localedata/locales/hu_HU (d_t_fmt): Avoid a leading space
before the day number which may produce a double space.
(date_fmt): Likewise.
My fix for bug 22702 introduced linknamespace test failures on
s390x-linux-gnu and s390-linux-gnu because it made remainder call
__feholdexcept, and the s390 __feholdexcept calls fegetenv, and
remainder is in Unix98 and XPG4.2 but fegetenv isn't. This patch
makes __feholdexcept call __fegetenv instead to avoid that namespace
issue.
Tested (compilation) with build-many-glibcs.py for s390x-linux-gnu,
where it resolves the test failures.
* sysdeps/s390/fpu/feholdexcpt.c (__feholdexcept): Call __fegetenv
instead of fegetenv.
For soft-float powerpc, the math/test-nearbyint-except-2 test fails
because nearbyintl traps when traps on "inexact" are enabled on entry
(and an "inexact" exception is generated internally, though cleared
for the final return).
The problem is the default implementation of
libc_feholdsetround_noex_ctx, which does not disable exception traps.
There is some ambiguity about whether the *noex* interfaces are
required to do so or only permitted to do so. But given that we
support fe* interfaces to enable and disable traps (on architectures
with that functionality), functions that must not raise an exception
(must not leave the flag set on exit if not set on entry) should also
not trap on it when traps on that exception are enabled. So it is
appropriate to define these interfaces to have the feholdexcept effect
of disabling exception traps; this patch updates the default
implementation and comments accordingly.
At least some architecture versions already disable traps; there are
few uses of the *noex* interfaces at all, and while it's possible
there are bugs on any architecture versions failing to disable traps
that appear in the exp2 and remainder implementations, there are
currently no tests, other than this one for nearbyintl (where only the
ldbl-128ibm implementation uses SET_RESTORE_ROUND_NOEX), that would
fail as a result of such a bug. (Hard-float powerpc does disable
traps here, hence the nearbyintl failure not appearing there.)
Tested for powerpc (soft-float). This brings that configuration to
clean math/ test results, provided you build with GCC 8 to get the fix
for GCC bug 64811.
[BZ #22702]
* sysdeps/generic/math_private.h (libc_feresetround_noex): Update
comment to say exceptions are discarded.
(libc_feholdsetround_noex_ctx): Use __feholdexcept instead of
__fegetenv.
(SET_RESTORE_ROUND_NOEX): Update comment to say non-stop mode must
be enabled.
I verified that without the guard accounting change in commit
630f4cc3aa (Fix stack guard size
accounting) and RTLD_NOW for libgcc_s introduced by commit
f993b87540 (nptl: Open libgcc.so with
RTLD_NOW during pthread_cancel), the tst-minstack-cancel test fails on
an AVX-512F machine. tst-minstack-exit still passes, and either of
the mentioned commit by itself frees sufficient stack space to make
tst-minstack-cancel pass, too.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The ldbl-128ibm implementation of log1pl does ordered comparisons on a
negative qNaN argument, so resulting in spurious "invalid" exceptions
(for soft-float powerpc; hard-float only avoids this because of GCC
bug 58684 meaning ordered comparison instructions never get
generated). This patch fixes this by arranging for the test for NaN
or infinity arguments to handle negative arguments as well.
Tested for powerpc (soft float).
[BZ #22693]
* sysdeps/ieee754/ldbl-128ibm/s_log1pl.c (__log1pl): Handle
negative arguments in test for NaN or infinity argument.
Disabling lazy binding reduces stack usage during unwinding.
Note that RTLD_NOW only makes a difference if libgcc.so has not
already been loaded, so this is only a partial fix.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* hurd/hurd/fd.h: Include <fcntl.h>
(__hurd_at_flags): New function.
* hurd/lookup-at.c (__file_name_lookup_at): Replace flag computation
with call to __hurd_at_flags.
* include/unistd.h (__faccessat, __faccessat_noerrno): Add declaration.
* sysdeps/mach/hurd/access.c (access_common): Move implementation to
__faccessat
(hurd_fail_seterrno, hurd_fail_noerrno): Move to sysdeps/mach/hurd/faccessat.c.
(__access_noerrno): Use __faccessat_common instead of access_common.
(__access): Likewise.
* sysdeps/mach/hurd/euidaccess.c (__euidaccess): Replace implementation
with a call to __faccessat.
* sysdeps/mach/hurd/faccessat.c (faccessat): Rename into...
(__faccessat_common): ... this. Move implementation of __access into it when
AT_FLAGS does not contain AT_EACCESS. Make it call __hurd_at_flags, add
reauthenticate_cwdir_at helper to implement AT mechanism.
(__faccessat_noerrno): New function, just calls __faccessat_common.
(__faccessat): New function, just calls __faccessat_common.
(faccessat): Define weak alias.
For soft-float powerpc, fmaxmagl and fminmagl generate spurious
"invalid" exceptions for quiet NaN arguments. This is another case of
the problems with fabsl inline expansion via comparisons, and so is
fixed by building those functions with -fno-builtin-fabsl.
Tested for powerpc (soft-float).
[BZ #22691]
* sysdeps/powerpc/nofpu/Makefile [$(subdir) = math]
(CFLAGS-s_fmaxmagl.c): New variable.
[$(subdir) = math] (CFLAGS-s_fminmagl.c: Likewise.
The ldbl-128ibm implementations of lrintl and lroundl are missing
"invalid" exceptions for certain overflow cases when compiled with GCC
8. The cause of this is after-the-fact integer overflow checks that
fail when the compiler optimizes on the basis of integer overflow
being undefined; GCC 8 must be able to detect new cases of
undefinedness here.
Failure: lrint (-0x80000001p0): Exception "Invalid operation" not set
Failure: lrint_downward (-0x80000001p0): Exception "Invalid operation" not set
Failure: lrint_towardzero (-0x80000001p0): Exception "Invalid operation" not set
Failure: lrint_upward (-0x80000001p0): Exception "Invalid operation" not set
Failure: lround (-0x80000001p0): Exception "Invalid operation" not set
Failure: lround_downward (-0x80000001p0): Exception "Invalid operation" not set
Failure: lround_towardzero (-0x80000001p0): Exception "Invalid operation" not set
Failure: lround_upward (-0x80000001p0): Exception "Invalid operation" not set
(Tested that these failures occur before the patch for powerpc
soft-float, but the issue applies in principle for hard-float as well,
whether or not the particular optimizations in fact occur there at
present.)
This patch fixes the bug by ensuring the additions / subtractions in
question cast arguments to unsigned long int, or use 1UL as a constant
argument, so that the arithmetic occurs in an unsigned type with the
result then converted back to a signed type.
Tested for powerpc (soft-float).
[BZ #22690]
* sysdeps/ieee754/ldbl-128ibm/s_lrintl.c (__lrintl): Use unsigned
long int for arguments of possibly overflowing addition or
subtraction.
* sysdeps/ieee754/ldbl-128ibm/s_lroundl.c (__lroundl): Likewise.
For soft-float powerpc, the remainderl function produces zero results
with the wrong sign for various inputs. This is another instance of
the problem with incorrect built-in fabsl expansion, so is fixed by
this patch using -fno-builtin-fabsl for this function.
Tested for powerpc (soft-float).
[BZ #22688]
* sysdeps/powerpc/nofpu/Makefile [$(subdir) = math]
(CFLAGS-e_remainderl.c): New variable.
For soft-float powerpc, various _Complex long double functions
generate spurious "invalid" exceptions, even with a compiler with GCC
bug 64811 fixed.
The problem is GCC's built-in fabsl expansion. Various files are
already built with -fno-builtin-fabsl because in this case (IBM long
double, for soft-float or e500v1) a fallback fabsl expansion based on
comparisons is used, which can produce the wrong sign of a zero
result. Those comparisons can also produce spurious exceptions for
NaN arguments. Furthermore, __builtin_fpclassify implemently uses
__builtin_fabsl, and is unaffected by -fno-builtin-fabsl, and the
fpclassify macro uses __builtin_fpclassify in the absence of
-fsignaling-nans. Thus, this patch arranges for the problem files
using fpclassify to be built with -fsignaling-nans in this case, to
avoid spurious exceptions from fpclassify.
Tested for powerpc (soft-float).
[BZ #22687]
* sysdeps/powerpc/nofpu/Makefile (CFLAGS-s_cacosl.c): New
variable.
(CFLAGS-s_cacoshl.c): Likewise.
(CFLAGS-s_casinhl.c): Likewise.
(CFLAGS-s_catanl.c): Likewise.
(CFLAGS-s_catanhl.c): Likewise.
(CFLAGS-s_cexpl.c): Likewise.
(CFLAGS-s_ccoshl.c): Add -fsignaling-nans.
(CFLAGS-s_csinhl.c): Likewise.
(CFLAGS-s_clogl.c): Likewise.
(CFLAGS-s_clog10l.c): Likewise.
(CFLAGS-s_csinl.c): Likewise.
(CFLAGS-s_csqrtl.c): Likewise.
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
From: Svante Signell <svante.signell@gmail.com>
Pass the file paths of executable to the exec server, both relative and
absolute, which exec needs to properly execute and avertise #!-scripts.
Previously, the exec server tried to guess the name from argv[0] but argv[0]
only contains the executable name by convention.
* hurd/hurdexec.c (_hurd_exec): Deprecate function.
(_hurd_exec_paths): New function.
* hurd/hurd.h (_hurd_exec): Deprecate function.
(_hurd_exec_paths): Declare function.
* hurd/Versions: Export _hurd_exec_paths.
* sysdeps/mach/hurd/execve.c: Include <stdlib.h> and <stdio.h>
(__execve): Use __getcwd to build absolute path, and use
_hurd_exec_paths instead of _hurd_exec.
* sysdeps/mach/hurd/spawni.c: Likewise.
* sysdeps/mach/hurd/fexecve.c: Use _hurd_exec_paths instead of
_hurd_exec.
The old implementation based on hsearch_r used an ad-hoc C string
encoding and produced an incorrect format on the wire for domain
names which contained bytes which needed escaping when printed.
This commit switches to ns_name_pton for the wire format conversion
(now that we have separate tests for it) and uses a tsearch tree
with a suitable comparison function to locate compression targets.
The previous implementation of the TEST_COMPARE macro would fail
to compile code like this:
int ret = res_send (query, sizeof (query), buf, sizeof (buf));
TEST_COMPARE (ret,
sizeof (query)
+ 2 /* Compression reference. */
+ 2 + 2 + 4 + 2 /* Type, class, TTL, RDATA length. */
+ 1 /* Pascal-style string length. */
+ strlen (expected_name));
This resulted in a failed static assertion, "integer conversions
may alter sign of operands". A user of the TEST_COMPARE would have
to add a cast to fix this.
This patch reverts to the original proposed solution of a run-time
check, making TEST_COMPARE usable for comparisons of numbers with
types with different signedness in more contexts.
Previously if user requested S stack and G guard when creating a
thread, the total mapping was S and the actual available stack was
S - G - static_tls, which is not what the user requested.
This patch fixes the guard size accounting by pretending the user
requested S+G stack. This way all later logic works out except
when reporting the user requested stack size (pthread_getattr_np)
or when computing the minimal stack size (__pthread_get_minstack).
Normally this will increase thread stack allocations by one page.
TLS accounting is not affected, that will require a separate fix.
[BZ #22637]
* nptl/descr.h (stackblock, stackblock_size): Update comments.
* nptl/allocatestack.c (allocate_stack): Add guardsize to stacksize.
* nptl/nptl-init.c (__pthread_get_minstack): Remove guardsize from
stacksize.
* nptl/pthread_getattr_np.c (pthread_getattr_np): Likewise.
Since the x86-64 assembly version of sincosf is higly optimized with
vector instructions, there isn't much room for improvement. However
s_sincosf.c written in C with vector math and intrinsics can be
optimized by GCC with FMA.
On Skylake, bench-sincosf reports performance improvement:
Assembly FMA improvement
max 104.042 101.008 3%
min 9.426 8.586 10%
mean 20.6209 18.2238 13%
* sysdeps/x86_64/fpu/multiarch/Makefile (libm-sysdep_routines):
Add s_sincosf-sse2 and s_sincosf-fma.
(CFLAGS-s_sincosf-fma.c): New.
* sysdeps/x86_64/fpu/multiarch/s_sincosf-fma.c: New file.
* sysdeps/x86_64/fpu/multiarch/s_sincosf-sse2.S: Likewise.
* sysdeps/x86_64/fpu/multiarch/s_sincosf.c: Likewise.
* sysdeps/x86_64/fpu/s_sincosf.S: Don't add alias if
__sincosf is defined.
GCC PR 83641 results in a miscompilation of libpthread, which
causes pthread_exit not to restore callee-saved registers before
running destructors for objects on the stack. This test detects
this situation:
info: unsigned int, direct pthread_exit call
tst-thread-exit-clobber.cc:80: numeric comparison failure
left: 4148288912 (0xf741dd90); from: value
right: 1600833940 (0x5f6ac994); from: magic_values.v2
info: double, direct pthread_exit call
info: unsigned int, indirect pthread_exit call
info: double, indirect pthread_exit call
error: 1 test failures
Commit 24731685 ("prlimit: Translate old_rlimit from RLIM64_INFINITY to
RLIM_INFINITY") broken the getrlimit64 for 32-bit configurations which
do no need the 2GiB limited compat getrlimit (default version >= 2.2).
This patch fixes that by restoring the weak alias in that case.
Changelog:
* sysdeps/unix/sysv/linux/getrlimit64 (getrlimit64)
[!__RLIM_T_MATCHES_RLIM64_T]
[!SHLIB_COMPAT (libc, GLIBC_2_1, GLIBC_2_2)]: Define as weak alias of
__getrlimit64. Add libc_hidden_weak.
This follows c45d78aac ('posix: Fix generic p{read,write}v buffer allocation
(BZ#22457)'), which made pwritev to use __mmap instead of __posix_memalign,
but didn't pass PROT_READ to it, while the pwrite() call does need to
read the data we have just copied over.
* sysdeps/posix/pwritev_common.c: Add PROT_READ to __mmap prot.
`make check' sometimes triggers a rebuild of librt.so using
nptl/Makefile, which ignores librt's dependence on libpthread. This
causes the build to blow up when we attempt to run the test suite on
RISC-V.
2018-01-06 Palmer Dabbelt <palmer@sifive.com>
* nptl/Makefile (/librt.so): Always depend on
"$(shared-thread-library)".
The RISC-V port will have libraries in subdirectories of lib, like
"lib64/lp64d". This adds support for stripping these installed
libraries.
2018-01-06 Palmer Dabbelt <palmer@sifive.com>
* scripts/build-many-glibcs.py (class Glibc): Strip shared objects
in subdirectories of lib.
The RISC-V Linux port defines VDSO symbols
2018-01-06 Palmer Dabbelt <palmer@sifive.com>
* sysdeps/unix/sysv/linux/dl-vdso.h (VDSO_NAME_LINUX_4_15): New
define.
(VDSO_HASH_LINUX_4_15): Likewise.
The RISC-V Linux ABI doesn't define any libraries that go directly in
lib, instead they go into lib32/ilp32 or lib64/lp64. This casuse
make-link-multidir to fail when attempting to make library directories
when building a static libc on multilib RISC-V systems.
This patch uses scripts/mkinstalldirs to make the base directory of the
target symlink of make-link-multidir.
2018-01-06 Palmer Dabbelt <palmer@sifive.com>
* Makerules (make-link-multidir): Make directories before linking into
them.
This follows ccf970c7a ('posix: Add compat glob symbol to not follow
dangling symbols') by adding to gnu/ the same compatibility as for Linux.
* sysdeps/gnu/glob64.c (__glob): Define macro instead of glob macro.
(__glob64): Define GLIBC_2_27 versioned symbol instead of glob64.
* sysdeps/gnu/glob-lstat-compat.c: New file.
* sysdeps/gnu/glob64-lstat-compat.c: New file.
The function _itoa_word() writes characters from the higher address to
the lower address, requiring the destination string to reserve that size
before calling it.
* sysdeps/powerpc/powerpc64/dl-machine.c (_dl_reloc_overflow):
Reserve 16 chars to reloc_addr before calling _itoa_word.
Signed-off-by: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Add a test to check that the getrlimit, setrlimit and prlimit functions
and their 64-bit equivalent behave correctly with RLIM_INFINITY and
RLIM64_INFINITY. For that it assumes that the prlimit64 function calls
the syscall directly without translating the value and that the kernel
uses the -1 value to represent infinity.
It first finds a resource with the hard limit set to infinity so the
soft limit can be manipulated easily and check for the consistency
between the value set or get by the prlimit64 and the other functions.
It is Linux specific add it uses the prlimit and prlimit64 functions.
Changelog:
* sysdeps/unix/sysv/linux/tst-rlimit-infinity.c: New file.
* sysdeps/unix/sysv/linux/Makefile (tests): Add tst-rlimit-infinity.
prlimit called without a new value fails on 32-bit machines if any of
the soft or hard limits are infinity. This is because prlimit does not
translate old_rlimit from RLIM64_INFINITY to RLIM_INFINITY, but checks
that the value returned by the prlimit64 syscall fits into a 32-bit
value, like it is done for example in getrlimit. Note that on the
other hand new_rlimit is correctly translated from RLIM_INFINITY to
RLIM64_INFINITY before calling the syscall.
This patch fixes that.
Changelog:
[BZ #22678]
* sysdeps/unix/sysv/linux/prlimit.c (prlimit): Translate
old_rlimit from RLIM64_INFINITY to RLIM_INFINITY.
Fix the RLIM_INFINITY and RLIM64_INFINITY constants on alpha to match
the kernel one and all other architectures. Change the getrlimit,
getrlimit64, setrlimit, setrlimit64 into old compat symbols, and provide
the Linux generic functions as GLIBC_2_27 version.
Changelog:
* sysdeps/unix/sysv/linux/getrlimit64.c [USE_VERSIONED_RLIMIT]: Do not
define getrlimit and getrlimit64 as weak aliases of __getrlimit64.
Define __GI_getrlimit64 as weak alias of __getrlimit64.
[__RLIM_T_MATCHES_RLIM64_T]: Do not redefine SHLIB_COMPAT, use #elif
instead.
* sysdeps/unix/sysv/linux/setrlimit64.c [USE_VERSIONED_RLIMIT]: Do not
define setrlimit and setrlimit64 as weak aliases of __setrlimit64.
* sysdeps/unix/sysv/linux/alpha/bits/resource.h (RLIM_INFINITY,
RLIM64_INFINITY): Fix values to match the kernel ones.
* sysdeps/unix/sysv/linux/alpha/getrlimit64.c: Define
USE_VERSIONED_RLIMIT. Rename __getrlimit64 into __old_getrlimit64 and
provide it as getrlimit@@GLIBC_2_0 and getrlimit64@@GLIBC_2_1. Add a
__getrlimit64 function and provide it as getrlimit@@GLIBC_2_27 and
getrlimit64@@GLIBC_2_27.
* sysdeps/unix/sysv/linux/alpha/setrlimit64.c: Ditto with setrlimit
and setrlimit64.
* sysdeps/unix/sysv/linux/alpha/libc.abilist (GLIBC_2.27): Add
getrlimit, setrlimit, getrlimit64 and setrlimit64.
* sysdeps/unix/sysv/linux/alpha/Versions (libc): Add getrlimit,
setrlimit, getrlimit64 and setrlimit64.
RLIM64_INFINITY was supposed to be a glibc convention rather than
anything seen by the kernel, but it ended being passed to the kernel
through the prlimit64 syscall.
* On the kernel side, the value is defined for the prlimit64 syscall for
all architectures in include/uapi/linux/resource.h:
#define RLIM64_INFINITY (~0ULL)
* On the kernel side, the value is defined for getrlimit and setrlimit
in arch/alpha/include/uapi/asm/resource.h
#define RLIM_INFINITY 0x7ffffffffffffffful
* On the GNU libc side, the value is defined in
sysdeps/unix/sysv/linux/alpha/bits/resource.h:
# define RLIM64_INFINITY 0x7fffffffffffffffLL
This was not an issue until the getrlimit and setrlimit glibc functions
have been changed in commit 045c13d185 ("Consolidate Linux setrlimit and
getrlimit implementation") to use the prlimit64 syscall instead of the
getrlimit and setrlimit ones.
This patch fixes that by adding a wrapper to fix the value passed to or
received from the kernel, before or after calling the prlimit64 syscall.
Changelog:
[BZ #22648]
* sysdeps/unix/sysv/linux/alpha/getrlimit64.c: New file.
* sysdeps/unix/sysv/linux/alpha/setrlimit64.c: Ditto.
This patch increases timeouts on three tests I observed timing out on
slow systems.
* malloc/tst-malloc-tcache-leak.c (TIMEOUT): Define to 50.
* posix/tst-glob-tilde.c (TIMEOUT): Define to 200.
* resolv/tst-resolv-res_ninit.c (TIMEOUT): Define to 50.