They are both used by __libc_freeres to free all library malloc
allocated resources to help tooling like mtrace or valgrind with
memory leak tracking.
The current scheme uses assembly markers and linker script entries
to consolidate the free routine function pointers in the RELRO segment
and to be freed buffers in BSS.
This patch changes it to use specific free functions for
libc_freeres_ptrs buffers and call the function pointer array directly
with call_function_static_weak.
It allows the removal of both the internal macros and the linker
script sections.
Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
GCC with -Os warns that sprint might overflow:
netname.c: In function ‘user2netname’:
netname.c:51:28: error: ‘%s’ directive writing up to 255 bytes into a
region of size between 239 and 249 [-Werror=format-overflow=]
51 | sprintf (netname, "%s.%d@%s", OPSYS, uid, dfltdom);
| ^~ ~~~~~~~
netname.c:51:3: note: ‘sprintf’ output between 8 and 273 bytes into a
destination of size 256
51 | sprintf (netname, "%s.%d@%s", OPSYS, uid, dfltdom);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
However the code does test prior the sprintf call that dfltdom plus
the required extra space for OPSYS, uid, and extra character will not
overflow and return 0 instead.
Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
The sunrpc function svcunix_create suffers from a stack-based buffer
overflow with overlong pathname arguments.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Processing an overlong pathname in the sunrpc clnt_create function
results in a stack-based buffer overflow.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date. Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.
Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions. These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.
The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively. These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:
https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dchttps://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
As a result, is not necessary to specify __attribute__ ((nocommon))
on individual definitions.
GCC 10 defaults to -fno-common on all architectures except ARC,
but this change is compatible with older GCC versions and ARC, too.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The commit 2433d39b69, which added time64 support to select, changed
the function to use __NR_pselect6 (or __NR_pelect6_time64) on all
architectures. However, on architectures where the symbol was
implemented with __NR_select the kernel normalizes the passed timeout
instead of return EINVAL. For instance, the input timeval
{ 0, 5000000 } is interpreted as { 5, 0 }.
And as indicated by BZ #27651, this semantic seems to be expected
and changing it results in some performance issues (most likely
the program does not check the return code and keeps issuing
select with unormalized tv_usec argument).
To avoid a different semantic depending whether which syscall the
architecture used to issue, select now always normalize the timeout
input. This is a slight change for some ABIs (for instance aarch64).
Checked on x86_64-linux-gnu and i686-linux-gnu.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
If glibc is build with -O3 on at least 390 (-m31) or x86 (-m32),
gcc 11 dumps this warning:
svc_tcp.c: In function 'rendezvous_request':
svc_tcp.c:274:3: error: 'memcpy' offset [0, 15] is out of the bounds [0, 0] [-Werror=array-bounds]
274 | memcpy (&xprt->xp_raddr, &addr, sizeof (addr));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
In out-of-memory case, if one of the mallocs in makefd_xprt function
returns NULL, a message is dumped, makefd_xprt returns NULL
and the subsequent memcpy would copy to NULL.
Instead of a segfaulting, we delay a bit (see also __svc_accept_failed
and Bug 14889 (CVE-2011-4609) - svc_run() produces high cpu usage when
accept() fails with EMFILE (CVE-2011-4609).
The same applies to svc_unix.c.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Building Glibc with the latest GCC 11 shows a number of instances
of the new -Warray-parameter warning designed to encourage
consistency in the forms of array arguments in redeclarations of
the same function (and, ultimately, to enable the detection of out
of bounds accesses via such arguments).
To avoid the subset of these warnings for the RPC APIs, this patch
changes the declarations of these functions to match both their
definitions and the Oracle RPC documentation.
Besides avoiding the -Warray-parameter warnings the effect of this
change is for GCC to issue warnings when either the functions are
passed an array with fewer than MAXNETNAMELEN + 1 elements, or when
the functions themselves access elements outside the array bounds.
Restore <rpc/netdb.h> as an installed header. Delete the dummy header
resolv/rpc/netdb.h because inet is not an optional glibc component
(so its <rpc/netdb.h> is always available).
Fixes commit acb527929d ("Move
non-deprecated RPC-related functions from sunrpc to inet") in
combination with commit 5500cdba40
("Remove --enable-obsolete-rpc configure flag").
Sun RPC was removed from glibc. This includes rpcgen program, librpcsvc,
and Sun RPC headers. Also test for bug #20790 was removed
(test for rpcgen).
Backward compatibility for old programs is kept only for architectures
and ABIs that have been added in or before version 2.28.
libtirpc is mature enough, librpcsvc and rpcgen are provided in
rpcsvc-proto project.
NOTE: libnsl code depends on Sun RPC (installed libnsl headers use
installed Sun RPC headers), thus --enable-obsolete-rpc was a dependency
for --enable-obsolete-nsl (removed in a previous commit).
The arc ABI list file has to be updated because the port was added
with the sunrpc symbols
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This includes bindresvport and the NSS-related RPC functions. This will
simplify the removal of the sunrpc functionality because these functions
no longer have to be treated specially.
It is generally not possible to add hidden aliases for global data
symbols: If the main executable contains a copy relocation against
the symbol, the hidden aliases keep pointing to the glibc-internal
copy of the symbol, instead of the symbol actually used by the
application.
Fixes commit 89aacb513e ("sunrpc:
Remove stray exports without --enable-obsolete-rpc [BZ #23166]").
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Following on 00c3da43a ('sunrpc/tst-udp-timeout: Fix timeout value').
While e.g. 2.5 timeout can be represented exactly with doubles, time stamps
may not be represented that exactly, and thus with coarse-grain clocks (e.g.
10ms) we may end up with 2.499-ish values due to rounding errors.
* sunrpc/tst-udp-timeout.c (test_udp_server): Add more timeout slack.
* sunrpc/tst-udp-nonblocking.c (do_test): Likewise.
The macro TEST_VERIFY_EXIT is used several times on
sunrpc/tst-udp-timeout to exit the test if a condition evaluates to
false. The side effect is that the code to terminate the RPC server
process is not executed when the program calls exit, so that
sub-process stays alive.
This commit registers a clean up function with atexit to kill the
server process before exiting the main program.
Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Since gettimeofday will shortly be implemented in terms of
clock_gettime on all platforms, internal code should use clock_gettime
directly; in addition to removing a layer of indirection, this will
allow us to remove the PLT-bypass gunk for gettimeofday. (We can't
quite do that yet, but it'll be coming later in this patch series.)
In many cases, the changed code does fewer conversions.
The changed code always assumes __clock_gettime (CLOCK_REALTIME)
cannot fail. Most of the call sites were assuming gettimeofday could
not fail, but a few places were checking for errors. POSIX says
clock_gettime can only fail if the clock constant is invalid or
unsupported, and CLOCK_REALTIME is the one and only clock constant
that's required to be supported. For consistency I grepped the entire
source tree for any other places that checked for errors from
__clock_gettime (CLOCK_REALTIME), found one, and changed it too.
(For the record, POSIX also says gettimeofday can never fail.)
(It would be nice if we could declare that GNU systems will always
support CLOCK_MONOTONIC as well as CLOCK_REALTIME; there are several
places where we are using CLOCK_REALTIME where _MONOTONIC would be
more appropriate, and/or trying to use _MONOTONIC and then falling
back to _REALTIME. But the Hurd doesn't support CLOCK_MONOTONIC yet,
and it looks like adding it would involve substantial changes to
gnumach's internals and API. Oh well.)
A few Hurd-specific files were changed to use __host_get_time instead
of __clock_gettime, as this seemed tidier. We also assume this cannot
fail. Skimming the code in gnumach leads me to believe the only way
it could fail is if __mach_host_self also failed, and our
Hurd-specific code consistently assumes that can't happen, so I'm
going with that.
With the exception of support/support_test_main.c, test cases are not
modified, mainly because I didn't want to have to figure out which
test cases were testing gettimeofday specifically.
The definition of GETTIME in sysdeps/generic/memusage.h had a typo and
was not reading tv_sec at all. I fixed this. It appears nobody has been
generating malloc traces on a machine that doesn't have a superseding
definition.
There are a whole bunch of places where the code could be simplified
by factoring out timespec subtraction and/or comparison logic, but I
want to keep this patch as mechanical as possible.
Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
To work around <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91691>
for RV32, we recently disabled -Wmaybe-uninitialized for some inline
functions in inet/net-internal.h, as included by sunrpc/clnt_udp.c.
The same error has now appeared with current GCC trunk for MIPS, in a
form that is located at the definition of the variable in question and
so unaffected by the disabling in inet/net-internal.h. Thus, this
patch adds the same disabling around the definition of that variable,
to cover the MIPS case.
Tested with build-many-glibcs.py (compilers and glibcs stages) for
mips64-linux-gnu with GCC mainline.
* sunrpc/clnt_udp.c: Include <libc-diag.h>.
(clntudp_call): Disable -Wmaybe-uninitialized around declaration
of total_deadline.
Building the testsuite with -Wextra produces a warning in
sunrpc/tst-svc_register.c for a useless qualifier on a function return
type. This patch removes that qualifier.
Tested for x86_64.
* sunrpc/tst-svc_register.c (rpcbind_address): Remove qualifier
from function return type.
This patch fixes implicit-fallthrough warnings in sunrpc/xdr.c when
building with -Wextra. A fall-through comment is added in three
places; in two other places, an existing comment is reworded so it
matches the default patterns used by -Wimplicit-fallthrough.
Tested for x86_64.
* sunrpc/xdr.c (xdr_int): Add fall-through comment.
(xdr_u_int): Likewise.
(xdr_enum): Likewise.
(xdr_bytes): Reword fall-through comment.
(xdr_string): Likewise.
The __libc_freeres framework does not extend to non-libc.so objects.
This causes problems in general for valgrind and mtrace detecting
unfreed objects in both libdl.so and libpthread.so. This change is
a pre-requisite to properly moving the malloc hooks out of malloc
since such a move now requires precise accounting of all allocated
data before destructors are run.
This commit adds a proper hook in libc.so.6 for both libdl.so and
for libpthread.so, this ensures that shm-directory.c which uses
freeit () to free memory is called properly. We also remove the
nptl_freeres hook and fall back to using weak-ref-and-check idiom
for a loaded libpthread.so, thus making this process similar for
all DSOs.
Lastly we follow best practice and use explicit free calls for
both libdl.so and libpthread.so instead of the generic hook process
which has undefined order.
Tested on x86_64 with no regressions.
Signed-off-by: DJ Delorie <dj@redhat.com>
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
The functions encrypt, setkey, encrypt_r, setkey_r, cbc_crypt,
ecb_crypt, and des_setparity should not be used in new programs,
because they use the DES block cipher, which is unacceptably weak by
modern standards. Demote all of them to compatibility symbols, and
remove their prototypes from installed headers. cbc_crypt, ecb_crypt,
and des_setparity were already compat symbols when glibc was
configured with --disable-obsolete-rpc.
POSIX requires encrypt and setkey to be available when _XOPEN_CRYPT
is defined, so this change also removes the definition of X_OPEN_CRYPT
from <unistd.h>.
The entire "DES Encryption" section is dropped from the manual, as is
the mention of AUTH_DES and FIPS 140-2 in the introduction to
crypt.texi. The documentation of 'memfrob' cross-referenced the DES
Encryption section, which is replaced by a hyperlink to libgcrypt, and
while I was in there I spruced up the actual documentation of
'memfrob' and 'strfry' a little. It's still fairly jokey, because
those functions _are_ jokes, but they do also have real use cases, so
people trying to use them for real should have all the information
they need.
DES-based authentication for Sun RPC is also insecure and should be
deprecated or even removed, but maybe that can be left as TI-RPC's
problem.
This is needed to avoid a warning when linking against libtirpc:
/lib64/libc.so.6: warning: common of `rpc_createerr@@TIRPC_0.3.0' overridden by definition
/usr/lib64/libtirpc.so: warning: defined here
This ld warning is not enabled by default; -Wl,--warn-common enables it.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Update all sourceware links to https. The website redirects
everything to https anyway so let the web server do a bit less work.
The only reference that remains unchanged is the one in the old
ChangeLog, since it didn't seem worth changing it.
* NEWS: Update sourceware link to https.
* configure.ac: Likewise.
* crypt/md5test-giant.c: Likewise.
* dlfcn/bug-atexit1.c: Likewise.
* dlfcn/bug-atexit2.c: Likewise.
* localedata/README: Likewise.
* malloc/tst-mallocfork.c: Likewise.
* manual/install.texi: Likewise.
* nptl/tst-pthread-getattr.c: Likewise.
* stdio-common/tst-fgets.c: Likewise.
* stdio-common/tst-fwrite.c: Likewise.
* sunrpc/Makefile: Likewise.
* sysdeps/arm/armv7/multiarch/memcpy_impl.S: Likewise.
* wcsmbs/tst-mbrtowc2.c: Likewise.
* configure: Regenerate.
* INSTALL: Regenerate.
2.3 is not representable with double, and thus leads to rounding issues if
the clock is not very precise and the measured delay is then exactly 2.3.
* sunrpc/tst-udp-timeout.c (test_udp_server): Increase timeout to 2.5
seconds.
Commit 384ca55174 from 2007 added this to
nss/XXX-lookup.c:
+#ifndef NO_COMPAT
+int
+internal_function attribute_compat_text_section
+DB_COMPAT_FCT (service_user **ni, const char *fct_name, void **fctp)
+{
+ return DB_LOOKUP_FCT (ni, fct_name, NULL, fctp);
+}
+#endif
That is, it adds a pseudo-compat function with an internal_function
attribute. The function it was supposed to replace did not have the
attribute:
extern int DB_LOOKUP_FCT (service_user **ni, const char *fct_name,
- void **fctp) internal_function;
+ const char *fct2_name, void **fctp)
+ internal_function;
This changed the calling convention on i386 for the following
functions in the public ABI:
__nss_passwd_lookup
__nss_group_lookup
__nss_hosts_lookup
This commit replaces the functions with always-failing stubs,
with true compat symbols. Due to a happy accident, the calling
convention of the stub is identical for the internal_function
and non-internal_function case on i386.
In addition, this commit auto-generates the __nss_*_lookup2
function declarations as part of <nsswitch.h>.
Every file that uses libc_hidden_nolink_sunrpc or
libnsl_hidden_nolink_def needs to include shlib-compat.h. Currently,
most of them are getting it via stdio.h, because libio.h refers to
SHLIB_COMPAT when _LIBC is defined, so it includes shlib-compat.h. My
experimental patch to not install libio.h breaks that chain; stdio.h
no longer pulls in libio.h even for internal users.
Accordingly, this patch adds #include <shlib-compat.h> to many files
in sunrpc/ and nis/. There are also a small number of really obvious
fixups to includes that caught my eye while proofreading the patch -
not including headers twice in a row, not worrying about portability
to Ultrix anymore, sort of thing.
* nis/nis_add.c, nis/nis_addmember.c, nis/nis_call.c
* nis/nis_checkpoint.c, nis/nis_clone_dir.c, nis/nis_clone_obj.c
* nis/nis_clone_res.c, nis/nis_creategroup.c, nis/nis_defaults.c
* nis/nis_destroygroup.c, nis/nis_domain_of.c
* nis/nis_domain_of_r.c, nis/nis_error.c, nis/nis_file.c
* nis/nis_free.c, nis/nis_getservlist.c, nis/nis_ismember.c
* nis/nis_local_names.c, nis/nis_lookup.c, nis/nis_mkdir.c
* nis/nis_modify.c, nis/nis_ping.c, nis/nis_print.c
* nis/nis_print_group_entry.c, nis/nis_remove.c
* nis/nis_removemember.c, nis/nis_rmdir.c, nis/nis_server.c
* nis/nis_subr.c, nis/nis_table.c, nis/nis_util.c
* nis/nis_verifygroup.c, nis/nis_xdr.c, nis/yp_xdr.c
* nis/ypclnt.c, nis/ypupdate_xdr.c, sunrpc/auth_des.c
* sunrpc/auth_none.c, sunrpc/auth_unix.c, sunrpc/authdes_prot.c
* sunrpc/authuxprot.c, sunrpc/clnt_gen.c, sunrpc/clnt_perr.c
* sunrpc/clnt_raw.c, sunrpc/clnt_simp.c, sunrpc/clnt_tcp.c
* sunrpc/clnt_udp.c, sunrpc/clnt_unix.c, sunrpc/des_crypt.c
* sunrpc/des_soft.c, sunrpc/get_myaddr.c, sunrpc/key_call.c
* sunrpc/key_prot.c, sunrpc/netname.c, sunrpc/pm_getmaps.c
* sunrpc/pm_getport.c, sunrpc/pmap_clnt.c, sunrpc/pmap_prot.c
* sunrpc/pmap_prot2.c, sunrpc/pmap_rmt.c, sunrpc/publickey.c
* sunrpc/rpc_cmsg.c, sunrpc/rpc_dtable.c, sunrpc/rpc_prot.c
* sunrpc/rpc_thread.c, sunrpc/rtime.c, sunrpc/svc.c
* sunrpc/svc_auth.c, sunrpc/svc_raw.c, sunrpc/svc_run.c
* sunrpc/svc_tcp.c, sunrpc/svc_udp.c, sunrpc/svc_unix.c
* sunrpc/svcauth_des.c, sunrpc/xdr.c, sunrpc/xdr_array.c
* sunrpc/xdr_float.c, sunrpc/xdr_intXX_t.c, sunrpc/xdr_mem.c
* sunrpc/xdr_rec.c, sunrpc/xdr_ref.c, sunrpc/xdr_sizeof.c
* sunrpc/xdr_stdio.c: Include shlib-compat.h.
* sunrpc/des_crypt.c, sunrpc/des_soft.c: No need to include
abi-versions.h as well as shlib-compat.h.
* sunrpc/get_myaddr.c: Remove obsolete comment.
* sunrpc/pmap_rmt.c: Remove obsolete comment and #undef.
* sunrpc/rpc_thread.c: Include libc-lock.h only once.
* resolv/res_libc.c: Include shlib-compat.h only once.