Commit Graph

40667 Commits

Author SHA1 Message Date
Sergey Bugaev
4145de65f6 hurd: Only init early static TLS if it's used to store stack or pointer guards
This is the case on both x86 architectures, but not on AArch64.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-ID: <20240103171502.1358371-11-bugaevc@gmail.com>
2024-01-04 23:48:23 +01:00
Sergey Bugaev
9eaa0e1799 hurd: Make init-first.c no longer x86-specific
This will make it usable in other ports.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-ID: <20240103171502.1358371-10-bugaevc@gmail.com>
2024-01-04 23:48:07 +01:00
Sergey Bugaev
b44ad8944b hurd: Drop x86-specific assembly from init-first.c
We already have the RETURN_TO macro for this exact use case, and it's already
used in the non-static code path. Use it here too.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-ID: <20240103171502.1358371-9-bugaevc@gmail.com>
2024-01-04 23:47:23 +01:00
Sergey Bugaev
24b707c166 hurd: Pass the data pointer to _hurd_stack_setup explicitly
Instead of relying on the stack frame layout to figure out where the stack
pointer was prior to the _hurd_stack_setup () call, just pass the pointer
as an argument explicitly. This is less brittle and much more portable.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-ID: <20240103171502.1358371-8-bugaevc@gmail.com>
2024-01-04 23:47:03 +01:00
H.J. Lu
35694d3416 x86-64/cet: Check the restore token in longjmp
setcontext and swapcontext put a restore token on the old shadow stack
which is used to restore the target shadow stack when switching user
contexts.  When longjmp from a user context, the target shadow stack
can be different from the current shadow stack and INCSSP can't be
used to restore the shadow stack pointer to the target shadow stack.

Update longjmp to search for a restore token.  If found, use the token
to restore the shadow stack pointer before using INCSSP to pop the
shadow stack.  Stop the token search and use INCSSP if the shadow stack
entry value is the same as the current shadow stack pointer.

It is a user error if there is a shadow stack switch without leaving a
restore token on the old shadow stack.

The only difference between __longjmp.S and __longjmp_chk.S is that
__longjmp_chk.S has a check for invalid longjmp usages.  Merge
__longjmp.S and __longjmp_chk.S by adding the CHECK_INVALID_LONGJMP
macro.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-01-04 13:38:26 -08:00
Mike FABIAN
e9f5dc7e4a localedata: ru_RU, ru_UA: convert to UTF-8 2024-01-04 16:32:44 +01:00
Mike FABIAN
d61a2bd782 localedata: es_??: convert to UTF-8 2024-01-04 16:03:08 +01:00
Mike FABIAN
734abeda98 localedata: miq_NI: convert to UTF-8 2024-01-04 16:03:08 +01:00
H.J. Lu
bbfb54930c i386: Ignore --enable-cet
Since shadow stack is only supported for x86-64, ignore --enable-cet for
i386.  Always setting $(enable-cet) for i386 to "no" to support

ifneq ($(enable-cet),no)

in x86 Makefiles.  We can't use

ifeq ($(enable-cet),yes)

since $(enable-cet) can be "yes", "no" or "permissive".
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-04 06:08:55 -08:00
Sergey Bugaev
0d4a2f3576 mach: Drop SNARF_ARGS macro
We're obtaining arguments from the stack differently, see init-first.c.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2024-01-03 21:59:55 +01:00
Sergey Bugaev
114de961e0 mach: Drop some unnecessary vm_param.h includes
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2024-01-03 21:59:54 +01:00
Sergey Bugaev
b6931d6d14 hurd: Declare _hurd_intr_rpc_msg* with protected visibility
These symbols are internal and never exported; make sure the compiler
realizes that when compiling hurdsig.c and does not try to emit GOT
reads.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2024-01-03 21:59:54 +01:00
Sergey Bugaev
dac7c64065 hurd: Add some missing includes
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2024-01-03 21:59:54 +01:00
Mike FABIAN
b31a01909c localedata: fy_DE: make this "Western Frisian" to agree with the language code "fy"
Resolves: BZ # 14522
2024-01-03 20:55:44 +01:00
Mike FABIAN
3c173c1f63 localedata: fy_DE, fy_NL: convert to UTF-8 2024-01-03 20:07:21 +01:00
Mike FABIAN
bec492c1da localedata: ast_ES: convert to UTF-8 2024-01-03 17:44:52 +01:00
Mike FABIAN
521e96c13f localedata: ast_ES: Remove wrong copyright text
Resolves: BZ # 27601
2024-01-03 17:43:55 +01:00
Mike FABIAN
5448a127e4 localedata: de_{AT,BE,CH,IT,LU}: convert to UTF-8 2024-01-03 13:54:34 +01:00
Mike FABIAN
a8f7f742be localedata: lv_LV, it_IT, it_CH: convert to UTF-8 2024-01-03 13:54:34 +01:00
Mike FABIAN
61171bb2b9 localedata: it_IT, lv_LV: currency symbol should follow the amount
Resolves: BZ # 28558
2024-01-03 13:54:34 +01:00
Joseph Myers
b34b46b880 Implement C23 <stdbit.h>
C23 adds a header <stdbit.h> with various functions and type-generic
macros for bit-manipulation of unsigned integers (plus macro defines
related to endianness).  Implement this header for glibc.

The functions have both inline definitions in the header (referenced
by macros defined in the header) and copies with external linkage in
the library (which are implemented in terms of those macros to avoid
duplication).  They are documented in the glibc manual.  Tests, as
well as verifying results for various inputs (of both the macros and
the out-of-line functions), verify the types of those results (which
showed up a bug in an earlier version with the type-generic macro
stdc_has_single_bit wrongly returning a promoted type), that the
macros can be used at top level in a source file (so don't use ({})),
that they evaluate their arguments exactly once, and that the macros
for the type-specific functions have the expected implicit conversions
to the relevant argument type.

Jakub previously referred to -Wconversion warnings in type-generic
macros, so I've included a test with -Wconversion (but the only
warnings I saw and fixed from that test were actually in inline
functions in the <stdbit.h> header - not anything coming from use of
the type-generic macros themselves).

This implementation of the type-generic macros does not handle
unsigned __int128, or unsigned _BitInt types with a width other than
that of a standard integer type (and C23 doesn't require the header to
handle such types either).  Support for those types, using the new
type-generic built-in functions Jakub's added for GCC 14, can
reasonably be added in a followup (along of course with associated
tests).

This implementation doesn't do anything special to handle C++, or have
any tests of functionality in C++ beyond the existing tests that all
headers can be compiled in C++ code; it's not clear exactly what form
this header should take in C++, but probably not one using macros.

DIS ballot comment AT-107 asks for the word "count" to be added to the
names of the stdc_leading_zeros, stdc_leading_ones,
stdc_trailing_zeros and stdc_trailing_ones functions and macros.  I
don't think it's likely to be accepted (accepting any technical
comments would mean having an FDIS ballot), but if it is accepted at
the WG14 meeting (22-26 January in Strasbourg, starting with DIS
ballot comment handling) then there would still be time to update
glibc for the renaming before the 2.39 release.

The new functions and header are placed in the stdlib/ directory in
glibc, rather than creating a new toplevel stdbit/ or putting them in
string/ alongside ffs.

Tested for x86_64 and x86.
2024-01-03 12:07:14 +00:00
Mike FABIAN
fe316dad7c localedata: ms_MY should not use 12-hour format
Resolves: BZ # 29504
2024-01-03 11:07:27 +01:00
Mike FABIAN
b5b558ab4b localedata: es_ES: convert to UTF-8 2024-01-02 21:30:42 +01:00
Mike FABIAN
e3e98b0327 localedata: es_ES: Add am_pm strings
Resolves: BZ # 24013

Use <U202F> instead of a plain space because CLDR also uses that.
2024-01-02 21:30:42 +01:00
Szabolcs Nagy
0c12c8c0cb aarch64: Add longjmp test for SME
Includes test for setcontext too.

The test directly checks after longjmp if ZA got disabled and the
ZA contents got saved following the lazy saving scheme. It does not
use ACLE code to verify that gcc can interoperate with glibc.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-02 16:54:21 +00:00
Szabolcs Nagy
9d30e5cf96 aarch64: Add setcontext support for SME
For the ZA lazy saving scheme to work, setcontext has to call
__libc_arm_za_disable.

Also fixes swapcontext which uses setcontext internally.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-02 15:43:30 +00:00
Szabolcs Nagy
a7373e457f aarch64: Add longjmp support for SME
For the ZA lazy saving scheme to work, longjmp has to call
__libc_arm_za_disable.

In ld.so we assume ZA is not used so longjmp does not need
special support there.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-02 15:43:30 +00:00
Szabolcs Nagy
d3c32ae207 aarch64: Add SME runtime support
The runtime support routines for the call ABI of the Scalable Matrix
Extension (SME) are mostly in libgcc. Since libc.so cannot depend on
libgcc_s.so have an implementation of __arm_za_disable in libc for
libc internal use in longjmp and similar APIs.

__libc_arm_za_disable follows the same PCS rules as __arm_za_disable,
but it's a hidden symbol so it does not need variant PCS marking.

Using __libc_fatal instead of abort because it can print a message and
works in ld.so too. But for now we don't need SME routines in ld.so.

To check the SME HWCAP in asm, we need the _dl_hwcap2 member offset in
_rtld_global_ro in the shared libc.so, while in libc.a the _dl_hwcap2
object is accessed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-02 15:43:30 +00:00
Mike FABIAN
67f371e882 localedata: convert uz_UZ and uz_UZ@cyrillic to UTF-8 2024-01-02 16:36:43 +01:00
Mike FABIAN
cdce63a767 localedata: uz_UZ and uz_UZ@cyrillic: Fix decimal point and thousands separator
Resolves: BZ # 31204
2024-01-02 16:36:43 +01:00
Florian Weimer
ecc7c3deb9 libio: Check remaining buffer size in _IO_wdo_write (bug 31183)
The multibyte character needs to fit into the remaining buffer space,
not the already-written buffer space.  Without the fix, we were never
moving the write pointer from the start of the buffer, always using
the single-character fallback buffer.

Fixes commit 04b76b5aa8 ("Don't error out writing
a multibyte character to an unbuffered stream (bug 17522)").
2024-01-02 14:36:17 +01:00
Andreas Schwab
5eabdb6a6a getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163)
When __resolv_context_get returns NULL due to out of memory, translate it
to a return value of EAI_MEMORY.
2024-01-02 11:10:42 +01:00
Noah Goldstein
4b00532e51 string: Add additional output in test-strchr failure
Seeing occasional failures in `__strchrnul_evex512` that are not
consistently reproducible. Hopefully by adding this the next failure
will provide enough information to debug.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2024-01-01 21:06:57 -08:00
H.J. Lu
8d8ae5eebd Add a setjmp/longjmp test between user contexts
Verify that setjmp and longjmp work correctly between user contexts.
Arrange stacks for uctx_func1 and uctx_func2 so that ____longjmp_chk
works when setjmp and longjmp are called from different user contexts.

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-01-01 15:55:38 -08:00
H.J. Lu
b5dcccfb12 x86/cet: Add -fcf-protection=none before -fcf-protection=branch
When shadow stack is enabled, some CET tests failed when compiled with
GCC 14:

FAIL: elf/tst-cet-legacy-4
FAIL: elf/tst-cet-legacy-5a
FAIL: elf/tst-cet-legacy-6a

which are caused by

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039

These tests use -fcf-protection -fcf-protection=branch and assume that
-fcf-protection=branch will override -fcf-protection.  But this GCC 14
commit:

https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca

changed the -fcf-protection behavior such that

-fcf-protection -fcf-protection=branch

is treated the same as

-fcf-protection

Use

-fcf-protection -fcf-protection=none -fcf-protection=branch

as the workaround.  This fixes BZ #31187.

Tested with GCC 13 and GCC 14 on Intel Tiger Lake.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-01-01 15:53:52 -08:00
Andreas K. Hüttel
6ac0e01909
Regenerate libc.pot
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-01-01 21:09:13 +01:00
Paul Eggert
540b740c8a Omit regex.c pragmas no longer needed
* posix/regex.c: [!_LIBC && __GNUC_PREREQ (4, 3)]:
Omit GCC pragmas no longer needed when this file is used as part of Gnulib.
-Wold-style-definition no longer needs to be ignored because the regex
code no longer uses old style definitions.  -Wtype-limits no longer
needs to be ignored because Gnulib already arranges for it to be
ignored in the C compiler flags.  This patch is taken from Gnulib.
2024-01-01 10:53:40 -08:00
Paul Eggert
1059defeee Update copyright dates not handled by scripts/update-copyrights
I've updated copyright dates in glibc for 2024.  This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files.
2024-01-01 10:53:40 -08:00
Paul Eggert
bfe7dd88f1 Update copyright in generated files by running "make" 2024-01-01 10:53:40 -08:00
Paul Eggert
dff8da6b3e Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
H.J. Lu
cf9481724b x86/cet: Run some CET tests with shadow stack
When CET is disabled by default, run some CET tests with shadow stack
enabled using

$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
2024-01-01 05:22:48 -08:00
H.J. Lu
55d63e7312 x86/cet: Don't set CET active by default
Not all CET enabled applications and libraries have been properly tested
in CET enabled environments.  Some CET enabled applications or libraries
will crash or misbehave when CET is enabled.  Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not.  Shadow stack can be enabled by

$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK

at run-time if shadow stack can be enabled by kernel.

NB: This commit can be reverted if it is OK to enable CET by default for
all applications and libraries.
2024-01-01 05:22:48 -08:00
H.J. Lu
d360dcc001 x86/cet: Check feature_1 in TCB for active IBT and SHSTK
Initially, IBT and SHSTK are marked as active when CPU supports them
and CET are enabled in glibc.  They can be disabled early by tunables
before relocation.  Since after relocation, GLRO(dl_x86_cpu_features)
becomes read-only, we can't update GLRO(dl_x86_cpu_features) to mark
IBT and SHSTK as inactive.  Instead, check the feature_1 field in TCB
to decide if IBT and SHST are active.
2024-01-01 05:22:48 -08:00
H.J. Lu
541641a3de x86/cet: Enable shadow stack during startup
Previously, CET was enabled by kernel before passing control to user
space and the startup code must disable CET if applications or shared
libraries aren't CET enabled.  Since the current kernel only supports
shadow stack and won't enable shadow stack before passing control to
user space, we need to enable shadow stack during startup if the
application and all shared library are shadow stack enabled.  There
is no need to disable shadow stack at startup.  Shadow stack can only
be enabled in a function which will never return.  Otherwise, shadow
stack will underflow at the function return.

1. GL(dl_x86_feature_1) is set to the CET features which are supported
by the processor and are not disabled by the tunable.  Only non-zero
features in GL(dl_x86_feature_1) should be enabled.  After enabling
shadow stack with ARCH_SHSTK_ENABLE, ARCH_SHSTK_STATUS is used to check
if shadow stack is really enabled.
2. Use ARCH_SHSTK_ENABLE in RTLD_START in dynamic executable.  It is
safe since RTLD_START never returns.
3. Call arch_prctl (ARCH_SHSTK_ENABLE) from ARCH_SETUP_TLS in static
executable.  Since the start function using ARCH_SETUP_TLS never returns,
it is safe to enable shadow stack in ARCH_SETUP_TLS.
2024-01-01 05:22:48 -08:00
H.J. Lu
8d9f9c4460 elf: Always provide _dl_get_dl_main_map in libc.a
Always provide _dl_get_dl_main_map in libc.a.  It will be used by x86
to process PT_GNU_PROPERTY segment.
2024-01-01 05:22:48 -08:00
H.J. Lu
edb5e0c8f9 x86/cet: Sync with Linux kernel 6.6 shadow stack interface
Sync with Linux kernel 6.6 shadow stack interface.  Since only x86-64 is
supported, i386 shadow stack codes are unchanged and CET shouldn't be
enabled for i386.

1. When the shadow stack base in TCB is unset, the default shadow stack
is in use.  Use the current shadow stack pointer as the marker for the
default shadow stack. It is used to identify if the current shadow stack
is the same as the target shadow stack when switching ucontexts.  If yes,
INCSSP will be used to unwind shadow stack.  Otherwise, shadow stack
restore token will be used.
2. Allocate shadow stack with the map_shadow_stack syscall.  Since there
is no function to explicitly release ucontext, there is no place to
release shadow stack allocated by map_shadow_stack in ucontext functions.
Such shadow stacks will be leaked.
3. Rename arch_prctl CET commands to ARCH_SHSTK_XXX.
4. Rewrite the CET control functions with the current kernel shadow stack
interface.

Since CET is no longer enabled by kernel, a separate patch will enable
shadow stack during startup.
2024-01-01 05:22:48 -08:00
Aurelien Jarno
6b32696116 RISC-V: Add support for dl_runtime_profile (BZ #31151)
Code is mostly inspired from the LoongArch one, which has a similar ABI,
with minor changes to support riscv32 and register differences.

This fixes elf/tst-sprof-basic. This also fixes elf/tst-audit1,
elf/tst-audit2 and elf/tst-audit8 with recent binutils snapshots when
--enable-bind-now is used.

Resolves: BZ #31151

Acked-by: Palmer Dabbelt <palmer@rivosinc.com>
2023-12-30 11:00:10 +01:00
Adhemerval Zanella
a8a4c94ae9 debug: Add fortify wprintf tests
Similar to other printf-like ones.  It requires to be in a different
process so we can change the orientation of stdout.

Checked on aarch64, armhf, x86_64, and i686.
2023-12-29 10:57:27 -03:00
Adhemerval Zanella
446e2c935a debug: Add fortify syslog tests
It requires to be in a container tests to avoid logging bogus
information on the system.  The syslog also requires to be checked in
a different process because the internal printf call will abort with
the internal syslog lock taken (which makes subsequent syslog calls
deadlock).

Checked on aarch64, armhf, x86_64, and i686.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-12-29 10:57:03 -03:00
Adhemerval Zanella
121aad59de debug: Add fortify dprintf tests
Similar to other printf-like ones.

Checked on aarch64, armhf, x86_64, and i686.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-12-29 10:57:03 -03:00