explicit_bzero(s, n) is the same as memset(s, 0, n), except that the
compiler is not allowed to delete a call to explicit_bzero even if the
memory pointed to by 's' is dead after the call. Right now, this effect
is achieved externally by having explicit_bzero be a function whose
semantics are unknown to the compiler, and internally, with a no-op
asm statement that clobbers memory. This does mean that small
explicit_bzero operations cannot be expanded inline as small memset
operations can, but on the other hand, small memset operations do get
deleted by the compiler. Hopefully full compiler support for
explicit_bzero will happen relatively soon.
There are two new tests: test-explicit_bzero.c verifies the
visible semantics in the same way as the existing test-bzero.c,
and tst-xbzero-opt.c verifies the not-being-optimized-out property.
The latter is conceptually based on a test written by Matthew Dempsky
for the OpenBSD regression suite.
The crypt() implementation has an immediate use for this new feature.
We avoid having to add a GLIBC_PRIVATE alias for explicit_bzero
by running all of libcrypt's calls through the fortified variant,
__explicit_bzero_chk, which is in the impl namespace anyway. Currently
I'm not aware of anything in libc proper that needs this, but the
glue is all in place if it does become necessary. The legacy DES
implementation wasn't bothering to clear its buffers, so I added that,
mostly for consistency's sake.
* string/explicit_bzero.c: New routine.
* string/test-explicit_bzero.c, string/tst-xbzero-opt.c: New tests.
* string/Makefile (routines, strop-tests, tests): Add them.
* string/test-memset.c: Add ifdeffage for testing explicit_bzero.
* string/string.h [__USE_MISC]: Declare explicit_bzero.
* debug/explicit_bzero_chk.c: New routine.
* debug/Makefile (routines): Add it.
* debug/tst-chk1.c: Test fortification of explicit_bzero.
* string/bits/string3.h: Fortify explicit_bzero.
* manual/string.texi: Document explicit_bzero.
* NEWS: Mention addition of explicit_bzero.
* crypt/crypt-entry.c (__crypt_r): Clear key-dependent intermediate
data before returning, using explicit_bzero.
* crypt/md5-crypt.c (__md5_crypt_r): Likewise.
* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
* include/string.h: Redirect internal uses of explicit_bzero
to __explicit_bzero_chk[_internal].
* string/Versions [GLIBC_2.25]: Add explicit_bzero.
* debug/Versions [GLIBC_2.25]: Add __explicit_bzero_chk.
* sysdeps/arm/nacl/libc.abilist
* sysdeps/unix/sysv/linux/aarch64/libc.abilist
* sysdeps/unix/sysv/linux/alpha/libc.abilist
* sysdeps/unix/sysv/linux/arm/libc.abilist
* sysdeps/unix/sysv/linux/hppa/libc.abilist
* sysdeps/unix/sysv/linux/i386/libc.abilist
* sysdeps/unix/sysv/linux/ia64/libc.abilist
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist
* sysdeps/unix/sysv/linux/microblaze/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
* sysdeps/unix/sysv/linux/nios2/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist
* sysdeps/unix/sysv/linux/sh/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist:
Add entries for explicit_bzero and __explicit_bzero_chk.
This patch implements support for the __STDC_WANT_LIB_EXT2__ feature
test macro from ISO/IEC TR 24731-2:2010, thereby implementing one
possible approach for supporting ISO C feature test macros.
Recall that, as described in
<https://sourceware.org/ml/libc-alpha/2016-05/msg00486.html>, these
macros work based on the definition when affected headers are
included, so cannot be handled once when the first system header is
included because that might not be one of the headers the particular
macro in question affects.
<https://sourceware.org/ml/libc-alpha/2016-05/msg00680.html> expresses
views on possible approaches for implementation and
<https://sourceware.org/ml/libc-alpha/2016-06/msg00039.html> follows
up on that.
This patch arranges things so that the relevant condition is
__GLIBC_USE (LIB_EXT2), following one of the suggestions given.
Headers using these macros include <bits/libc-header-start.h>, which
in turn includes <features.h>. Headers must define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION before including
<bits/libc-header-start.h>, to discourage inclusion outside glibc as
requested. __USE_GNU conditions on affected functions are changed to
__GLIBC_USE (LIB_EXT2), while it's added as an additional alternative
on the conditions for functions already enabled for some POSIX
versions.
It would be possible to convert existing __USE_* conditionals to
__GLIBC_USE (with the relevant __GLIBC_USE_* being defined in
<features.h> where __USE_* are presently defined), and so make them
typo-proof (given -Wundef -Werror in glibc builds) because __GLIBC_USE
is used with #if not #ifdef / #if defined.
No attempt is made to enforce the rule about diagnosing different
definitions of __STDC_WANT_LIB_EXT2__ when affected headers are
included; such a diagnostic is incompatible with multiple-include
guards on the affected headers, unless compiler extensions are added
to support it.
As previously noted, glibc does not implement all features from TR
24731-2:2010: the functions aswprintf vaswprintf getwdelim getwline
are not in glibc, although they would be appropriate to add if someone
wished to do so. But I think it makes sense to support the feature
test macro if *any* of the controlled features are present in glibc.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* bits/libc-header-start.h: New file.
* Makefile (headers): Add bits/libc-header-start.h.
* include/features.h (__STDC_WANT_LIB_EXT2__): Document.
(__GLIBC_USE): New macro.
* libio/stdio.h: Define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION and include
<bits/libc-header-start.h> instead of including <features.h>.
(fmemopen): Declare also if [__GLIBC_USE (LIB_EXT2)].
(open_memstream): Likewise.
(vasprintf): Declare if [__GLIBC_USE (LIB_EXT2)], not [__USE_GNU].
(__asprintf): Likewise.
(asprintf): Likewise.
(__getdelim): Declare also if [__GLIBC_USE (LIB_EXT2)].
(getdelim): Likewise.
(getline): Likewise.
* string/string.h: Define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION and include
<bits/libc-header-start.h> instead of including <features.h>.
(strdup): Declare also if [__GLIBC_USE (LIB_EXT2)]
(strndup): Likewise.
* wcsmbs/wchar.h: Define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION and include
<bits/libc-header-start.h> instead of including <features.h>.
(open_wmemstream): Declare also if [__GLIBC_USE (LIB_EXT2)].
* manual/creature.texi (__STDC_WANT_LIB_EXT2__): Document macro.
This patch cleans up cases of __USE_MISC that are trivially redundant
after the recent substitution of __USE_MISC for __USE_BSD and
__USE_SVID: either in constructs such as "defined __USE_MISC ||
defined __USE_MISC", or else (in the bits/mman.h case) a conditional
on __USE_MISC nested inside another __USE_MISC conditional. (The
cleanups remaining after this patch are still quite large, but it
seems a reasonable piece to separate out.)
Tested x86_64.
* bits/mman.h [__USE_MISC]: Remove redundant conditionals.
* ctype/ctype.h [__USE_MISC]: Likewise.
* dirent/dirent.h [__USE_MISC]: Likewise.
* grp/grp.h [__USE_MISC]: Likewise.
* io/fcntl.h [__USE_MISC]: Likewise.
* io/sys/stat.h [__USE_MISC]: Likewise.
* libio/stdio.h [__USE_MISC]: Likewise.
* posix/unistd.h [__USE_MISC]: Likewise.
* pwd/pwd.h [__USE_MISC]: Likewise.
* stdlib.h [__USE_MISC]: Likewise.
* string/bits/string2.h [__USE_MISC]: Likewise.
* string/string.h [__USE_MISC]: Likewise.
* time/time.h [__USE_MISC]: Likewise.
In the string/string.h and string/strings.h headers, we have a couple
of macros that "tell the caller that we provide correct C++
prototypes" according to the comment; they are used to determine
whether to wrap some prototypes in "extern "C++"" (and provide
multiple overloads of them, and some other magic) when __cplusplus is
defined.
The macros are set to check for sufficiently-recent GCC versions (4.4
and later), but this is not the right check for non-GCC compilers. In
particular, these macros should also be set when using Clang -- if
they are not set, then Clang will be unable to correctly diagnose a
number of subtle bugs that will be errors in GCC compilations.
As per discussion on earlier versions of this patch, rather than
restrict the fix to Clang per se, we assume that all C++ compilers that
claim to fully support C++98 are using a standard-conforming C++
standard library, which seems pretty reasonable. Clang has been
providing an appropriate value of __cplusplus since May 2012.
Not using the result of the GNU strerror_r() is always a mistake.
Moreover this would generate warning if XSI version was expected but GNU
version was used instead (because some random used header defined
_GNU_SOURCE which was Python.h in this case).
* wcsmbs/wchar.h: mbsnrtowcs, open_wmemstream, wcpcpy, wcpncpy,
wcscasecmp, wcsdup, wcsncasecmp, wcsnlen, wcsnrtombs,
wcscasecmp_l, wcsncasecmp_l, wcscoll_l, and wcsxfrm_l.
* sysdeps/mach/hurd/bits/posix_opt.h: Reset value of macros from
200112L to 200809L.
* sysdeps/unix/sysv/linux/bits/posix_opt.h: Likewise.
* posix/getconf.c (vars): Add _SC_THREAD_ROBUST_PRIO_INHERIT and
_SC_THREAD_ROBUST_PRIO_PROTECT entries.
* bits/confname.h: Add _SC_THREAD_ROBUST_PRIO_INHERIT and
_SC_THREAD_ROBUST_PRIO_PROTECT.
* posix/unistd.h: fexecve is in POSIX 2008.
* time/time.h: strftime_l is in POSIX 2008.
* io/sys/stat.h: futimens is in POSIX 2008.
* string/strings.h: strcasecmp_l and strncasecmp_l are in POSIX 2008.
* string/string.h: stpcpy, stpncpy, strndup, strnlen, strsignal,
strcoll_l, strerror_l, and strxfrm_l are in POSIX 2008.
* stdlib/stdlib.h: mkdtemp is in POSIX 2008.
* misc/bits/syslog.h (syslog): When __va_arg_pack is defined,
implement as __extern_always_inline function.
(vsyslog): Define as __extern_always_inline function unconditionally.
* libio/bits/stdio2.h (sprintf, snprintf, printf, fprintf):
When __va_arg_pack is defined, implement as __extern_always_inline
functions.
(vsprintf, vsnprintf, vprintf, vfprintf): Define as
__extern_always_inline functions unconditionally.
* libio/bits/stdio.h (vprintf): Ifdef out the inline when
bits/stdio2.h will be included.
* wcsmbs/bits/wchar2.h (__swprintf_alias): New redirect.
(swprintf, wprintf, fwprintf): When __va_arg_pack is defined,
implement as __extern_always_inline functions.
(vswprintf, vwprintf, vfwprintf): Define as
__extern_always_inline functions unconditionally.
* debug/tst-chk1.c (do_test): Enable remaining tests for C++.
2007-09-03 Jakub Jelinek <jakub@redhat.com>
* misc/sys/cdefs.h (__extern_inline, __extern_always_inline): Only
define in C++ for GCC 4.3+, in C++ always use __gnu_inline__
attribute.
* include/features.h (__USE_EXTERN_INLINES): Define only when
__extern_inline is defined.
* stdlib/stdlib.h: Include bits/stdlib.h when __extern_always_inline
is defined instead of when not __cplusplus.
* misc/sys/syslog.h: Include bits/syslog.h when __extern_always_inline
is defined instead of when not __cplusplus.
* socket/sys/socket.h: Include bits/socket2.h when
__extern_always_inline is defined instead of when not __cplusplus.
* libio/stdio.h: Include bits/stdio2.h when __extern_always_inline
is defined instead of when not __cplusplus.
* posix/unistd.h: Include bits/unistd.h when __extern_always_inline
is defined instead of when not __cplusplus.
* string/string.h: Include bits/string3.h when __extern_always_inline
is defined instead of when not __cplusplus.
* wcsmbs/wchar.h: Include bits/wchar2.h when __extern_always_inline
is defined instead of when not __cplusplus.
(btowc, wctob): Don't guard the inlines with ifndef __cplusplus.
* io/fcntl.h: Don't include bits/fcntl2.h if __extern_always_inline
is not defined.
* misc/bits/syslog-ldbl.h: Guard *_chk stuff with
defined __extern_always_inline instead of !defined __cplusplus.
* libio/bits/stdio-ldbl.h: Likewise.
* wcsmbs/bits/wchar-ldbl.h: Likewise.
* misc/bits/syslog.h (syslog): Don't define for C++.
(vsyslog): Use __extern_always_inline function for C++ instead of
a macro.
* libio/bits/stdio.h (__STDIO_INLINE): Define to __extern_inline
whenever that macro is defined.
(vprintf): Don't provide the inline for C++.
(fread_unlocked, fwrite_unlocked): Don't define the macros for C++.
* libio/bits/stdio2.h (sprintf, snprintf, printf, fprintf): Don't
define the macros for C++.
(vsprintf, vsnprintf, vprintf, vfprintf): Define as
__extern_always_inline functions for C++.
* io/sys/stat.h (stat, lstat, fstat, fstatat, mknod, mknodat,
stat64, lstat64, fstat64, fstatat64): Don't define if not
__USE_EXTERN_INLINES.
* wcsmbs/bits/wchar2.h: Fix #error message.
(swprintf, wprintf, fwprintf): Don't define the macros for C++.
(vswprintf, vwprintf, vfwprintf): Define using
__extern_always_inline functions for C++.
* string/bits/string3.h: Don't #undef macros if __cplusplus.
(memcpy, memmove, mempcpy, memset, bcopy, bzero, strcpy, stpcpy,
strncpy, strcat, strncat): Define as __extern_always_inline
functions instead of macros for C++.
* math/bits/cmathcalls.h: Guard __extern_inline routines with
defined __extern_inline.
* sysdeps/alpha/fpu/bits/mathinline.h (__MATH_INLINE): Define
to __extern_inline whenever that macro is defined.
* sysdeps/ia64/fpu/bits/mathinline.h (__MATH_INLINE): Likewise.
* sysdeps/i386/fpu/bits/mathinline.h (__MATH_INLINE): Likewise.
* sysdeps/i386/i486/bits/string.h (__STRING_INLINE): Likewise.
* sysdeps/s390/bits/string.h (__STRING_INLINE): Likewise.
* sysdeps/s390/fpu/bits/mathinline.h (__MATH_INLINE): Likewise.
* sysdeps/powerpc/fpu/bits/mathinline.h (__MATH_INLINE): Likewise.
* sysdeps/x86_64/fpu/bits/mathinline.h (__MATH_INLINE): Likewise.
* sysdeps/sparc/fpu/bits/mathinline.h (__MATH_INLINE): Likewise.
* sysdeps/unix/sysv/linux/sys/sysmacros.h (gnu_dev_major,
gnu_dev_minor, gnu_dev_makedev): Remove __extern_inline from
prototypes. Only provide __extern_inline routines if
__USE_EXTERN_INLINES.
* debug/Makefile: Add rules to build and run tst-{,lfs}chk{4,5,6}
tests.
* debug/tst-chk1.c (do_prepare, do_test): Allow compilation as C++.
For now avoid some *printf tests in C++. Skip all testing
if __USE_FORTIFY_LEVEL is defined, but __extern_always_inline macro
is not.
* debug/tst-chk4.cc: New file.
* debug/tst-chk5.cc: New file.
* debug/tst-chk6.cc: New file.
* debug/tst-lfschk4.cc: New file.
* debug/tst-lfschk5.cc: New file.
* debug/tst-lfschk6.cc: New file.
* include/wchar.h (__vfwprintf_chk, __vswprintf_chk): Avoid
prototypes in C++.
* include/stdio.h (__sprintf_chk, __snprintf_chk, __vsprintf_chk,
__vsnprintf_chk, __printf_chk, __fprintf_chk, __vprintf_chk,
__vfprintf_chk, __fgets_unlocked_chk, __fgets_chk): Likewise.
returning.
(PTR_DEMANGLE): Real definition now that it's not the same as
PRT_MANGLE anymore.
* sysdeps/unix/sysv/linux/x86_64/sysdep.h: Likewise.
* string/strerror_l.c: New file.
* string/Makefile (routines): Add strerror_l.
* string/string.h: Declare strerror_l.
* string/Versions: Export strerror_l for GLIBC_2.6.
* nscd/connections.c (nscd_run): Don't define MAXKEYLEN here.
2004-03-22 Jakub Jelinek <jakub@redhat.com>
* sysdeps/unix/sysv/linux/sparc/sparc32/getpagesize.c
(__getpagesize): Avoid warning about writing into read-only memory.
* string/Makefile (routines): Add xpg-strerror.
* string/string.h (strerror_r): If __USE_XOPEN2K but not __USE_GNU,
redirect strerror_r to __xpg_strerror_r.
* string/Versions (libc): Add __xpg_strerror_r@@GLIBC_2.3.4.
* sysdeps/generic/xpg-strerror.c: New file.
* sysdeps/mach/xpg-strerror.c: New file.
More cancellation handling fixups.
* sysdeps/unix/sysv/linux/not-cancel.h: Add waitpid_not_cancel.
* sysdeps/generic/not-cancel.h: Likewise.
* catgets/open_catalog.c: Use not-cancelable syscalls.
* time/Makefile (CFLAGS-getdate.c): Add -fexceptions.
* sysdeps/unix/sysv/linux/llseek.c: Must not be cancelable.
* sysdeps/unix/syscalls.list: Don't mark lseek as cancelable.
* dlfcn/dlfcn.h: Mark dlopen with __THROW again.
* io/fcntl.h: Don't mark posix_fallocate with __THROW.
* libio/fileops.c: Use not-cancelable syscalls for fclose.
* libio/iopopen.c: Use no-cancelable syscalls.
* libio/stdio.h: Mark popen and pclose with __THROW again.
* misc/Makefile (CFLAGS-syslog.c): Add -fexceptions.
* misc/syslog.c: Fix locking and cancellation cleanup handling.
* posix/unistd.h: Mark ttyname and ttyname_r again with __THROW.
* stdio-common/Makefile (CFLAGS-tmpfile.c, CFLAGS-tmpfile64.c,
CFLAGS-tempname.c): Add -fexceptions.
* stdlib/Makefile (CFLAGS-mkstemp.c): Add -fexceptions.
* string/string.h: Mark strerror and strerror_r with _THROW again.
* sysdeps/generic/unwind.inc: New file. Copied from gcc.
* sysdeps/generic/unwind-dw2.c: Update from gcc version. Remove
#ifs since we now need all the code compiled.
* sysdeps/posix/spawni.c: Use close_not_cancel instead of close.
* sysdeps/unix/closedir.c: Use not-cancelable syscalls.
* sysdeps/unix/opendir.c: Likewise.
2001-10-31 Ulrich Drepper <drepper@redhat.com>
* iconvdata/Makefile: Add support for IBM1132, IBM1133, and IBM1162
modules.
* iconvdata/TESTS: Likewise.
* iconvdata/gconv-modules: Likewise.
* iconvdata/ibm1132.c: New file.
* iconvdata/ibm1132.h: New file.
* iconvdata/ibm1133.c: New file.
* iconvdata/ibm1133.h: New file.
* iconvdata/ibm1162.c: New file.
* iconvdata/ibm1162.h: New file.
* iconvdata/testdata/IBM1132: New file.
* iconvdata/testdata/IBM1132..UTF8: New file.
* iconvdata/testdata/IBM1133: New file.
* iconvdata/testdata/IBM1133..UTF8: New file.
* iconvdata/testdata/IBM1162: New file.
* iconvdata/testdata/IBM1162..UTF8: New file.
Patches by Masahide Washizawa <WASHI@jp.ibm.com>.
* string/string.h: Fix typo in comment.
* wcsmbs/wchar.h: Likewise.
2001-10-30 Joseph S. Myers <jsm28@cam.ac.uk>
* manual/getopt.texi (getopt_long, getopt_long_only): Include
const in type of longopts parameter.
* sysdeps/ieee754/dbl-64/mpa.h: Add prototypes for internal functions.
* manual/stdio.texi (Integer Conversions): Corrections to sample printf
2001-07-06 Paul Eggert <eggert@twinsun.com>
* manual/argp.texi: Remove ignored LGPL copyright notice; it's
not appropriate for documentation anyway.
* manual/libc-texinfo.sh: "Library General Public License" ->
"Lesser General Public License".
2001-07-06 Andreas Jaeger <aj@suse.de>
* All files under GPL/LGPL version 2: Place under LGPL version
2.1.
2001-05-05 Jakub Jelinek <jakub@redhat.com>
* include/features.h (__USE_EXTERN_INLINES): Don't define if
__NO_INLINE__ is defined.
* ctype/ctype.h (tolower, toupper): Change the guard condition to
__USE_EXTERN_INLINES check only.
* stdlib/stdlib.h (strtod, ...): Likewise.
* wcsmbs/wchar.h (mbrlen): Likewise.
* string/string.h: Only include bits/string.h and bits/string2.h
if __NO_INLINE__ is not defined.
2001-02-06 Andreas Jaeger <aj@suse.de>
* include/pthread.h: New file.
* wctype/wctype.h: Move internal interfaces from here to...
* include/wctype.h: ...here.
* wcsmbs/wchar.h: Move __wcslen from here to...
* include/wchar.h: ...here.
* posix/sys/wait.h: Move __wait from here to...
* include/sys/wait.h: ...here.
* string/string.h: Move __ffs and __strerror_r from here to...
* include/string.h: ...here.
* stdlib/stdlib.h: Move __on_exit from here to...
* include/stdlib.h: ...here.
* libio/stdio.h: Move __vsnprintf from here to...
* include/stdio.h: ...here.
2000-05-11 Jan Hubicka <jh@suse.cz>
* misc/sys/cdefs.h: Add support for pure attribute.
* include/string.h: Add __attribute_pure__ to various functions.
* string/string.h: Likewise.
2000-02-24 Ulrich Drepper <drepper@redhat.com>
* conform/conformtest.pl (@headers): Add string.h and strings.h.
* conform/data/string.h-data: New file.
* conform/data/strings.h-data: New file.
* string/string.h [__USE_XOPEN]: Don't declare functions from
<strings.h> here as well.
* misc/sys/cdefs.h: Define __attribute_malloc__ according to
available gcc version.
* string/string.h: Mark strdup, __strdup, and strndup with
__attribute_malloc__.
* stdlib/stdlib.h: Make malloc, calloc, realloc, and valloc with
__attribute_malloc__.
* malloc/malloc.h: Make malloc, calloc, realloc, valloc, pvallc,
__morecore, and __default_morecore with __attribute_malloc__.
Provide default definition for __attribute_malloc__.
* libio/stdio.h: Make tempnam with __attribute_malloc__.