Commit Graph

37661 Commits

Author SHA1 Message Date
Adhemerval Zanella
3a0253ac6f elf: Add -Wl,--no-as-needed for tst-tls-manydynamic*mod-dep-bad.so (BZ #28089)
The tests explicit requires the dependencies and it is required for
the case the toolchain defaults to -Wl,--as-needed.

Checked on x86_64-linux-gnu.
2021-07-15 08:18:21 -03:00
Florian Weimer
820bb23ff0 resolv: Move ns_name_unpack to its own file and into libc
Reformat to GNU style. Avoid out-of-bounds buffer arithmetic.
Eliminate the labellen function.

The symbol was moved using scripts/move-symbol-to-libc.py.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15 09:00:27 +02:00
Florian Weimer
ee3639e0fe resolv: Remove unnecessary res_isourserver_p call from send_dg
As the comment indicates, the check is unnecessary due to the way the
UDP socket is set up.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15 09:00:24 +02:00
Florian Weimer
adcc572a29 resolv: Move ns_name_ntop to its own file and into libc
Reformat to GNU style.  Avoid out-of-bounds pointer arithmetic
(e.g., use eom - dn < 2 instead of dn + 1 >= eom).  Inline the
labellen function and fold the compression pointer check into
the length check (l >= 64).  Assume ASCII encoding.

The symbol was moved using scripts/move-symbol-to-libc.py.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15 08:39:31 +02:00
Florian Weimer
2ff32dd492 nss_dns: Do not use deprecated packet parsing functions
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15 08:39:02 +02:00
Florian Weimer
389c1114d1 resolv: Sort Makefile routines and Versions lexicographically
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15 08:37:45 +02:00
Florian Weimer
b8f889064d socket: Add hidden prototype for setsockopt
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-15 08:35:45 +02:00
Adhemerval Zanella
ba33937be2 elf: Fix DTV gap reuse logic (BZ #27135)
This is updated version of the 572bd547d5 (reverted by 40ebfd016a)
that fixes the _dl_next_tls_modid issues.

This issue with 572bd547d5 patch is the DTV entry will be only
update on dl_open_worker() with the update_tls_slotinfo() call after
all dependencies are being processed by _dl_map_object_deps().  However
_dl_map_object_deps() itself might call _dl_next_tls_modid(), and since
the _dl_tls_dtv_slotinfo_list::map is not yet set the entry will be
wrongly reused.

This patch fixes by renaming the _dl_next_tls_modid() function to
_dl_assign_tls_modid() and by passing the link_map so it can set
the slotinfo value so a subsequente _dl_next_tls_modid() call will
see the entry as allocated.

The intermediary value is cleared up on remove_slotinfo() for the case
a library fails to load with RTLD_NOW.

This patch fixes BZ #27135.

Checked on x86_64-linux-gnu.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2021-07-14 15:10:27 -03:00
Stefan Liebler
0e1f068108 Fix linknamespace errors and local-plt-usages in nss_files.
After commit f9c8b11ed7
"nss: Access nss_files through direct references",
when building with -Os, multiple conform/.../linknamespace tests
and elf/check-localplt are failing:
Extra PLT reference: libc.so: fgetc_unlocked
Extra PLT reference: libc.so: getline

Or e.g.:
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endaliasent -> [libc.a(files-alias.o)] feof_unlocked
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endaliasent -> [libc.a(files-alias.o)] fgetc_unlocked
[initial] glob -> [libc.a(glob.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_module_get_function -> [libc.a(nss_module.o)] __nss_files_functions -> [libc.a(nss_files_functions.o)] _nss_files_endnetgrent -> [libc.a(files-netgrp.o)] getline

This patch is using the hidden symbols where possible.
Instead of fputc_unlocked, __putc_unlocked is used.
(Compare to commit eeaa19f75e
"mntent: Use __putc_unlocked instead of fputc_unlocked")
2021-07-14 16:59:12 +02:00
H.J. Lu
84d40d702f Add static tests for __clone_internal
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-14 06:55:04 -07:00
H.J. Lu
24c78e2c75 x86-64: Add the clone3 wrapper
extern int clone3 (struct clone_args *__cl_args, size_t __size,
		   int (*__func) (void *__arg), void *__arg);

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-07-14 06:34:13 -07:00
H.J. Lu
d8ea0d0168 Add an internal wrapper for clone, clone2 and clone3
The clone3 system call (since Linux 5.3) provides a superset of the
functionality of clone and clone2.  It also provides a number of API
improvements, including the ability to specify the size of the child's
stack area which can be used by kernel to compute the shadow stack size
when allocating the shadow stack.  Add:

extern int __clone_internal (struct clone_args *__cl_args,
			     int (*__func) (void *__arg), void *__arg);

to provide an abstract interface for clone, clone2 and clone3.

1. Simplify stack management for thread creation by passing both stack
base and size to create_thread.
2. Consolidate clone vs clone2 differences into a single file.
3. Call __clone3 if HAVE_CLONE3_WAPPER is defined.  If __clone3 returns
-1 with ENOSYS, fall back to clone or clone2.
4. Use only __clone_internal to clone a thread.  Since the stack size
argument for create_thread is now unconditional, always pass stack size
to create_thread.
5. Enable the public clone3 wrapper in the future after it has been
added to all targets.

NB: Sandbox will return ENOSYS on clone3 in both Chromium:

The following revision refers to this bug:
  218438259d

commit 218438259dd795456f0a48f67cbe5b4e520db88b
Author: Matthew Denton <mpdenton@chromium.org>
Date: Thu Jun 03 20:06:13 2021

Linux sandbox: return ENOSYS for clone3

Because clone3 uses a pointer argument rather than a flags argument, we
cannot examine the contents with seccomp, which is essential to
preventing sandboxed processes from starting other processes. So, we
won't be able to support clone3 in Chromium. This CL modifies the
BPF policy to return ENOSYS for clone3 so glibc always uses the fallback
to clone.

Bug: 1213452
Change-Id: I7c7c585a319e0264eac5b1ebee1a45be2d782303
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2936184
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#888980}

[modify] https://crrev.com/218438259dd795456f0a48f67cbe5b4e520db88b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

and Firefox:

https://hg.mozilla.org/integration/autoland/rev/ecb4011a0c76

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-07-14 06:33:58 -07:00
Cooper Qu
135425a1dd nss: Fix build error with --disable-nscd
The error is as follows:
nss_module.c: In function 'module_load_nss_files':
nss_module.c:117:7: error: 'is_nscd' undeclared (first use in this function)
  117 |   if (is_nscd)
      |       ^~~~~~~
nss_module.c:117:7: note: each undeclared identifier is reported only once for each function it appears in
nss_module.c:119:51: error: 'nscd_init_cb' undeclared (first use in this function); did you mean 'nscd_init'?
  119 |       void (*cb) (size_t, struct traced_file *) = nscd_init_cb;
      |                                                   ^~~~~~~~~~~~
      |                                                   nscd_init
2021-07-14 10:17:49 +02:00
Samuel Thibault
d7fe71d842 htl: Fix linking static examples against libpthread
libpthread.a uses some mach and hurd RPCs so we need to link them in.
2021-07-13 23:49:53 +02:00
Samuel Thibault
c27bcc9588 htl: Let libc call __pthread_mutex_{,try,un}lock
Now that NPTL was moved to libc, libc makes internal __pthread calls, so
htl has to expose them internally.
2021-07-13 23:36:58 +02:00
Adhemerval Zanella
9ed752af8d posix: Ignore non opened files on tst-spawn5
The make program  might open a pipe for its job server, which triggers
an invalid check on the spawned process.  This patch now passes the
lowest file descriptor as ithe first argument, so only the range
that was actually opened is checked.

Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which
triggers the issue).
2021-07-13 14:09:03 -03:00
H.J. Lu
84ea6ea24b mcheck: Align struct hdr to MALLOC_ALIGNMENT bytes [BZ #28068]
1. Align struct hdr to MALLOC_ALIGNMENT bytes so that malloc hooks in
libmcheck align memory to MALLOC_ALIGNMENT bytes.
2. Remove tst-mallocalign1 from tests-exclude-mcheck for i386 and x32.
3. Add tst-pvalloc-fortify and tst-reallocarray to tests-exclude-mcheck
since they use malloc_usable_size (see BZ #22057).

This fixed BZ #28068.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-07-12 18:13:32 -07:00
Adhemerval Zanella
72e84d1db2 Linux: Use 32-bit vDSO for clock_gettime, gettimeofday, time (BZ# 28071)
The previous approach defeats the vDSO optimization on older kernels
because a failing clock_gettime64 system call is performed on every
function call.  It also results in a clobbered errno value, exposing
an OpenJDK bug (JDK-8270244).

This patch fixes by open-code INLINE_VSYSCALL macro and replace all
INLINE_SYSCALL_CALL with INTERNAL_SYSCALL_CALLS.  Now for
__clock_gettime64x, the 64-bit vDSO is used and the 32-bit vDSO is
tried before falling back to 64-bit syscalls.

The previous code preferred 64-bit syscall for the case where the kernel
provides 64-bit time_t syscalls *and* also a 32-bit vDSO (in this case
the *64-bit* syscall should be preferable over the vDSO).  All
architectures that provides 32-bit vDSO (i386, mips, powerpc, s390)
modulo sparc; but I am not sure if some kernels versions do provide
only 32-bit vDSO while still providing 64-bit time_t syscall.
Regardless, for such cases the 64-bit time_t syscall is used if the
vDSO returns overflowed 32-bit time_t.

Tested on i686-linux-gnu (with a time64 and non-time64 kernel),
x86_64-linux-gnu.  Built with build-many-glibcs.py.

Co-authored-by: Florian Weimer <fweimer@redhat.com>
2021-07-12 17:37:56 -03:00
Florian Weimer
aaacde11f2 Reduce <limits.h> pollution due to dynamic PTHREAD_STACK_MIN
<limits.h> used to be a header file with no declarations.
GCC's libgomp includes it in a #pragma GCC visibility hidden block.
Including <unistd.h> from <limits.h> (indirectly) declares everything
in <unistd.h> with hidden visibility, resulting in linker failures.

This commit avoids C declarations in assembler mode and only declares
__sysconf in <limits.h> (and not the entire contents of <unistd.h>).
The __sysconf symbol is already part of the ABI.  PTHREAD_STACK_MIN
is no longer defined for __USE_DYNAMIC_STACK_SIZE && __ASSEMBLER__
because there is no possible definition.

Additionally, PTHREAD_STACK_MIN is now defined by <pthread.h> for
__USE_MISC because this is what developers expect based on the macro
name.  It also helps to avoid libgomp linker failures in GCC because
libgomp includes <pthread.h> before its visibility hacks.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-12 18:43:32 +02:00
Stefan Liebler
8235f9311b Fix failing nss/tst-nss-files-hosts-long.
Sometimes the test nss/tst-nss-files-hosts-long is failing as getent
fails with exit-code 2.

This happens if tst-reload1 was run just before this test:
make t=nss/tst-reload1 test
make t=nss/tst-nss-files-hosts-long test
Then the test fails as /etc/nsswitch.conf contains "hosts: test2"
and the hosts are not searched in /etc/hosts at all.

Thus this patch just requests a post cleanup after nss/tst-reload1
has run.
2021-07-12 11:59:04 +02:00
Florian Weimer
70099c7763 nis: nis_local_group may read from __nisgroup[-1] (bug 28075)
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-12 07:58:07 +02:00
Samuel Thibault
83b7008e11 hurd _Fork: Drop duplicate malloc_fork_lock calls
This was put in __libc_fork by c32c868ab8 ("posix: Add _Fork [BZ #4737]")
so we need to avoid locking them again in _Fork called by __libc_lock, otherwise
we deadlock.
2021-07-11 17:52:52 +00:00
H.J. Lu
17cef890c9 support: Replace _SC_MINSIGSTKSZ with _SC_SIGSTKSZ
Replace _SC_MINSIGSTKSZ with _SC_SIGSTKSZ since sysconf (_SC_MINSIGSTKSZ)
returns the minimum number of bytes of free stack space required in order
to guarantee successful, non-nested handling of a single signal whose
handler is an empty function while sysconf (_SC_SIGSTKSZ) returns the
suggested minimum number of bytes of stack space required for a signal
stack.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-11 07:57:31 -07:00
H.J. Lu
28d07380c2 support: Replace MINSIGSTKSZ with sysconf (_SC_MINSIGSTKSZ)
Replace MINSIGSTKSZ with sysconf (_SC_MINSIGSTKSZ) since the constant
MINSIGSTKSZ used in glibc build may be too small.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-09 15:20:55 -07:00
H.J. Lu
5d98a7dae9 Define PTHREAD_STACK_MIN to sysconf(_SC_THREAD_STACK_MIN)
The constant PTHREAD_STACK_MIN may be too small for some processors.
Rename _SC_SIGSTKSZ_SOURCE to _DYNAMIC_STACK_SIZE_SOURCE.  When
_DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined, define
PTHREAD_STACK_MIN to sysconf(_SC_THREAD_STACK_MIN) which is changed
to MIN (PTHREAD_STACK_MIN, sysconf(_SC_MINSIGSTKSZ)).

Consolidate <bits/local_lim.h> with <bits/pthread_stack_min.h> to
provide a constant target specific PTHREAD_STACK_MIN value.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-09 15:10:35 -07:00
Florian Weimer
7c241325d6 Force building with -fno-common
As a result, is not necessary to specify __attribute__ ((nocommon))
on individual definitions.

GCC 10 defaults to -fno-common on all architectures except ARC,
but this change is compatible with older GCC versions and ARC, too.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-09 20:09:14 +02:00
H.J. Lu
dc76a059fd Add a generic malloc test for MALLOC_ALIGNMENT
1. Add sysdeps/generic/malloc-size.h to define size related macros for
malloc.
2. Move x86_64/tst-mallocalign1.c to malloc and replace ALIGN_MASK with
MALLOC_ALIGN_MASK.
3. Add tst-mallocalign1 to tests-exclude-mcheck for i386 and x32 since
mcheck doesn't honor MALLOC_ALIGNMENT.
2021-07-09 06:39:30 -07:00
H.J. Lu
0ec97597c8 Properly run tst-spawn5 directly [BZ #28067]
Change tst-spawn5.c to handle tst-spawn5 without optional path to ld.so,
--library-path nor the library path when glibc is configured with
--enable-hardcoded-path-in-tests.  This fixes BZ #28067.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-09 06:37:51 -07:00
Florian Weimer
1e5235c561 build-many-glibcs.py: Add glibcs-arm-linux-gnueabihf-thumb
Previously, there was no thumb variant, despite that building
glibc in Thumb-2 mode is supported.
2021-07-09 10:59:22 +02:00
Florian Weimer
508ee037a3 nptl: Use out-of-line wake function in __libc_lock_unlock slow path
This slightly reduces code size, as can be seen below.
__libc_lock_unlock is usually used along with __libc_lock_lock in
the same function.  __libc_lock_lock already has an out-of-line
slow path, so this change should not introduce many additional
non-leaf functions.

This change also fixes a link failure in 32-bit Arm thumb mode
because commit 1f9c804fbd
("nptl: Use internal low-level lock type for !IS_IN (libc)")
introduced __libc_do_syscall calls outside of libc.

Before x86-64:

   text	   data	    bss	    dec	    hex	filename
1937748	  20456	  54896	2013100	 1eb7ac	libc.so.6
  25601	    856	  12768	  39225	   9939	nss/libnss_db.so.2
  40310	    952	  25144	  66406	  10366	nss/libnss_files.so.2

After x86-64:
   text	   data	    bss	    dec	    hex	filename
1935312	  20456	  54896	2010664	 1eae28	libc.so.6
  25559	    864	  12768	  39191	   9917	nss/libnss_db.so.2
  39764	    960	  25144	  65868	  1014c	nss/libnss_files.so.2

Before i686:

2110961	  11272	  39144	2161377	 20fae1	libc.so.6
  27243	    428	  12652	  40323	   9d83	nss/libnss_db.so.2
  43062	    476	  25028	  68566	  10bd6	nss/libnss_files.so.2

After i686:

2107347	  11272	  39144	2157763	 20ecc3	libc.so.6
  26929	    432	  12652	  40013	   9c4d	nss/libnss_db.so.2
  43132	    480	  25028	  68640	  10c20	nss/libnss_files.so.2

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-09 10:59:22 +02:00
Anton Blanchard
01d7806282 powerpc64le: Fix typo in configure
The configure script checks for -mlong-double-128 but mentions -mlongdouble
when it fails.
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-08 21:59:28 -03:00
Tulio Magno Quites Machado Filho
20f0491c67 powerpc64: Remove strcspn ifunc from the loader
5 years ago, commit 8f1b841e45
unintentionally added an ifunc to the loader.
That modification has not caused any harm so far, but it doesn't add any
value either, because the hwcap information is available later during
libc initialization.

Suggested-by: Anton Blanchard <anton@ozlabs.org>
2021-07-08 21:59:28 -03:00
Noah Goldstein
0679442def x86: Remove wcsnlen-sse4_1 from wcslen ifunc-impl-list [BZ #28064]
The following commit

commit 6f573a27b6
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Wed Jun 23 01:19:34 2021 -0400

    x86-64: Add wcslen optimize for sse4.1

Added wcsnlen-sse4.1 to the wcslen ifunc implementation list and did
not add wcslen-sse4.1 to wcslen ifunc implementation list. This commit
fixes that by removing wcsnlen-sse4.1 from the wcslen ifunc
implementation list and adding wcslen-sse4.1 to the ifunc
implementation list.

Testing:
test-wcslen.c, test-rsi-wcslen.c, and test-rsi-strlen.c are passing as
well as all other tests in wcsmbs and string.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-07-08 18:55:43 -04:00
H.J. Lu
a6e7c3745d x86-64: Test strlen and wcslen with 0 in the RSI register [BZ #28064]
commit 6f573a27b6
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Wed Jun 23 01:19:34 2021 -0400

    x86-64: Add wcslen optimize for sse4.1

added wcsnlen-sse4.1 to the wcslen ifunc implementation list.  Since the
random value in the the RSI register is larger than the wide-character
string length in the existing wcslen test, it didn't trigger the wcslen
test failure.  Add a test to force 0 into the RSI register before calling
wcslen.
2021-07-08 18:55:40 -04:00
Fangrui Song
115d242456 x86_64: Remove unneeded static PIE check for undefined weak diagnostic
https://sourceware.org/bugzilla/show_bug.cgi?id=21782 dropped an ld
diagnostic for R_X86_64_PC32 referencing an undefined weak symbol in
-pie links.  Arguably keeping the diagnostic like other ports is more
correct, since statically resolving movl foo(%rip), %eax to the
link-time zero address produces a corrupted output.

It turns out that --enable-static-pie builds do not depend on the ld
behavior. GCC generates GOT indirection for weak declarations for
-fPIE/-fPIC, so what ld does with the PC-relative relocation doesn't
really matter.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-07-08 14:26:22 -07:00
Joseph Myers
bba4383c6b Add NT_ARM_PAC_ENABLED_KEYS to elf.h
This patch adds the new NT_ARM_PAC_ENABLED_KEYS constant from Linux
5.13 to glibc's elf.h.

Tested for x86_64.
2021-07-08 17:36:27 +00:00
Adhemerval Zanella
882d6e17bc posix: Add posix_spawn_file_actions_addclosefrom_np
This patch adds a way to close a range of file descriptors on
posix_spawn as a new file action.  The API is similar to the one
provided by Solaris 11 [1], where the file action causes the all open
file descriptors greater than or equal to input on to be closed when
the new process is spawned.

The function posix_spawn_file_actions_addclosefrom_np is safe to be
implemented by iterating over /proc/self/fd, since the Linux spawni.c
helper process does not use CLONE_FILES, so its has own file descriptor
table and any failure (in /proc operation) aborts the process creation
and returns an error to the caller.

I am aware that this file action might be redundant to the current
approach of POSIX in promoting O_CLOEXEC in more interfaces. However
O_CLOEXEC is still not the default and for some specific usages, the
caller needs to close all possible file descriptors to avoid them
leaking.  Some examples are CPython (discussed in BZ#10353) and OpenJDK
jspawnhelper [2] (where OpenJDK spawns a helper process to exactly
closes all file descriptors).  Most likely any environment which calls
functions that might open file descriptor under the hood and aim to use
posix_spawn might face the same requirement.

Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.

[1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html
[2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-07-08 14:08:15 -03:00
Adhemerval Zanella
607449506f io: Add closefrom [BZ #10353]
The function closes all open file descriptors greater than or equal to
input argument.  Negative values are clamped to 0, i.e, it will close
all file descriptors.

As indicated by the bug report, this is a common symbol provided by
different systems (Solaris, OpenBSD, NetBSD, FreeBSD) and, although
its has inherent issues with not taking in consideration internal libc
file descriptors (such as syslog), this is also a common feature used
in multiple projects [1][2][3][4][5].

The Linux fallback implementation iterates over /proc and close all
file descriptors sequentially.  Although it was raised the questioning
whether getdents on /proc/self/fd might return disjointed entries
when file descriptor are closed; it does not seems the case on my
testing on multiple kernel (v4.18, v5.4, v5.9) and the same strategy
is used on different projects [1][2][3][5].

Also, the interface is set a fail-safe meaning that a failure in the
fallback results in a process abort.

Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.

[1] 5238e95759/src/basic/fd-util.c (L217)
[2] ddf4b77e11/src/lxc/start.c (L236)
[3] 9e4f2f3a6b/Modules/_posixsubprocess.c (L220)
[4] 5f47c0613e/src/libstd/sys/unix/process2.rs (L303-L308)
[5] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-07-08 14:08:14 -03:00
Adhemerval Zanella
286286283e linux: Add close_range
It was added on Linux 5.9 (278a5fbaed89) with CLOSE_RANGE_CLOEXEC
added on 5.11 (582f1fb6b721f).  Although FreeBSD has added the same
syscall, this only adds the symbol on Linux ports.  This syscall is
required to provided a fail-safe way to implement the closefrom
symbol (BZ #10353).

Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.
2021-07-08 14:08:13 -03:00
Adhemerval Zanella
ae8c243d24 support: Add support_stack_alloc
The code to allocate a stack from xsigstack is refactored so it can
be more generic.  The new support_stack_alloc() also set PROT_EXEC
if DEFAULT_STACK_PERMS has PF_X.  This is required on some
 architectures (hppa for instance) and trying to access the rtld
global from testsuite will require more intrusive refactoring
in the ldsodefs.h header.

Checked on x86_64-linux-gnu and i686-linux-gnu.  I also ran
tst-xsigstack on both hppa and ia64.
2021-07-08 13:48:06 -03:00
Siddhesh Poyarekar
79969f41a7 _int_realloc is static
_int_realloc is correctly declared at the top to be static, but
incorrectly defined without the static keyword.  Fix that.  The
generated binaries have identical code.
2021-07-08 18:47:21 +05:30
Siddhesh Poyarekar
b8a19968b0 Move mcheck symbol from stdlib to malloc
It is defined in malloc, so it belongs there.  Verified on x86_64 that
the built libraries are identical despite this change.
2021-07-08 18:47:21 +05:30
Florian Weimer
9ed48feed8 nss: Do not install static linker input files for libnss_files 2021-07-08 14:06:53 +02:00
Siddhesh Poyarekar
5ceb1630bd elf/tests: Make thrlock and noload depend on libm
Both tests try to dlopen libm.so at runtime, so make them depend on it
so that they're executed if libm.so has been updated.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-07-08 13:39:19 +05:30
Siddhesh Poyarekar
fc859c3048 Harden tcache double-free check
The tcache allocator layer uses the tcache pointer as a key to
identify a block that may be freed twice.  Since this is in the
application data area, an attacker exploiting a use-after-free could
potentially get access to the entire tcache structure through this
key.  A detailed write-up was provided by Awarau here:

https://awaraucom.wordpress.com/2020/07/19/house-of-io-remastered/

Replace this static pointer use for key checking with one that is
generated at malloc initialization.  The first attempt is through
getrandom with a fallback to random_bits(), which is a simple
pseudo-random number generator based on the clock.  The fallback ought
to be sufficient since the goal of the randomness is only to make the
key arbitrary enough that it is very unlikely to collide with user
data.

Co-authored-by: Eyal Itkin <eyalit@checkpoint.com>
2021-07-08 01:39:38 +05:30
Florian Weimer
f9c8b11ed7 nss: Access nss_files through direct references
This partially fixes static-only NSS support (bug 27959): The files
module no longer needs dlopen.  Support for the dns module remains
to be added, and also support for disabling dlopen altogether.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-07 18:33:52 +02:00
Florian Weimer
6212bb67f4 nss_files: Move into libc
This is the first step towards fixing bug 27959.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-07 18:33:52 +02:00
Florian Weimer
36861a968a nss_files: Add generic code for set*ent, end*ent and file open
This reduces RSS usage if nss_files is not actually used, and can
be used later to make NSS data thread-specific.  It also results in
a small code size reduction.

Before:

   text	   data	    bss	    dec	    hex	filename
   2288	      0	     72	   2360	    938	nss/files-alias.os
   1807	      0	     72	   1879	    757	nss/files-ethers.os
   1371	      0	     72	   1443	    5a3	nss/files-grp.os
   6246	      0	     72	   6318	   18ae	nss/files-hosts.os
    869	      0	      0	    869	    365	nss/files-initgroups.os
    666	      0	      0	    666	    29a	nss/files-init.os
   1934	      0	      0	   1934	    78e	nss/files-netgrp.os
   2353	      0	     72	   2425	    979	nss/files-network.os
   2130	      0	     72	   2202	    89a	nss/files-proto.os
   1372	      0	     72	   1444	    5a4	nss/files-pwd.os
   2124	      0	     72	   2196	    894	nss/files-rpc.os
   2265	      0	     72	   2337	    921	nss/files-service.os
   1125	      0	     72	   1197	    4ad	nss/files-sgrp.os
   1124	      0	     72	   1196	    4ac	nss/files-spwd.os

After:

   text	   data	    bss	    dec	    hex	filename
   2040	      0	      0	   2040	    7f8	nss/files-alias.os
   1599	      0	      0	   1599	    63f	nss/files-ethers.os
   1155	      0	      0	   1155	    483	nss/files-grp.os
   6010	      0	      0	   6010	   177a	nss/files-hosts.os
    869	      0	      0	    869	    365	nss/files-initgroups.os
    666	      0	      0	    666	    29a	nss/files-init.os
   1934	      0	      0	   1934	    78e	nss/files-netgrp.os
   2129	      0	      0	   2129	    851	nss/files-network.os
   1914	      0	      0	   1914	    77a	nss/files-proto.os
   1156	      0	      0	   1156	    484	nss/files-pwd.os
   1908	      0	      0	   1908	    774	nss/files-rpc.os
   2057	      0	      0	   2057	    809	nss/files-service.os
    909	      0	      0	    909	    38d	nss/files-sgrp.os
    908	      0	      0	    908	    38c	nss/files-spwd.os
   1090	      0	      8	   1098	    44a	nss/nss_files_data.os

27674 code bytes before, 26344 code bytes after, so it is an overall
win despite the extra initialization code.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-07 18:33:52 +02:00
Florian Weimer
f0c28504a9 nss_files: Allocate nscd file registration data on the heap
This is only needed if nss_files is loaded by nscd.

Before:

   text	   data	    bss	    dec	    hex	filename
    767	      0	  24952	  25719	   6477	nss/files-init.os

After:

   text	   data	    bss	    dec	    hex	filename
    666	      0	      0	    666	    29a	nss/files-init.os

Using PATH_MAX bytes unconditionally for the directory name
is wasteful, but fixing that would constitute another break
of this semi-public ABI.  (The other issue is that with
symbolic links, an arbitrary set of parent directories may need
watching, not just a single one.)

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-07 18:33:52 +02:00
Florian Weimer
7fcdb53253 libio: Replace internal _IO_getdelim symbol with __getdelim
__getdelim is exported, _IO_getdelim is not.  Add a hidden prototype
for __getdelim.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-07 18:33:52 +02:00