Commit Graph

39550 Commits

Author SHA1 Message Date
Florian Weimer
659fe9fdd1 stdio-common: Introduce buffers for implementing printf
These buffers will eventually be used instead of FILE * objects
to implement printf functions.  The multibyte buffer is struct
__printf_buffer, the wide buffer is struct __wprintf_buffer.

To enable writing type-generic code, the header files
printf_buffer-char.h and printf_buffer-wchar_t.h define the
Xprintf macro differently, enabling Xprintf (buffer) to stand
for __printf_buffer and __wprintf_buffer as appropriate.  For
common cases, macros like Xprintf_buffer are provided as a more
syntactically convenient shortcut.

Buffer-specific flush callbacks are implemented with a switch
statement instead of a function pointer, to avoid hardening issues
similar to those of libio vtables.  struct __printf_buffer_as_file
is needed to support custom printf specifiers because the public
interface for that requires passing a FILE *, which is why there
is a trapdoor back from these buffers to FILE * streams.

Since the immediate user of these interfaces knows when processing
has finished, there is no flush callback for the end of processing,
only a flush callback for the intermediate buffer flush.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Florian Weimer
ffde06c915 locale: Implement struct grouping_iterator
The iterator allows grouping while scanning forward through
the digits.  This enables emitting digits as they are processed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 18:56:54 +01:00
Joseph Myers
edd1b2a0d9 Use Linux 6.1 in build-many-glibcs.py
This patch makes build-many-glibcs.py use Linux 6.1.

Tested with build-many-glibcs.py (host-libraries, compilers and glibcs
builds).
2022-12-19 15:04:37 +00:00
Joseph Myers
a3708cf6b0 Avoid use of atoi in some places in libc
This patch is split out of
<https://sourceware.org/pipermail/libc-alpha/2022-December/144122.html>.

atoi has undefined behavior on out-of-range input, which makes it
problematic to use anywhere in glibc that might be processing input
out-of-range for atoi but not specified to produce undefined behavior
for the function calling atoi.  Change some uses of atoi to call
strtol instead; this avoids the undefined behavior, though there is no
guarantee that the overflow handling of strtol is really right in
those places either.  This also serves to avoid localplt test failures
given an installed header redirection for strtol (which means that the
call from the inline atoi implementation doesn't end up at a hidden
alias from libc_hidden_proto).

Certainly, the use of atoi is questionable in argp-help.c (shared with
gnulib, so shouldn't depend on glibc implementation details, and
processing user-provided input), and maybe also in argp-parse.c (I'm
not sure what that code in argp-parse.c is meant to be used for).  I
also changed inet/rexec.c and resolv/res_init.c similarly to use
strtol to avoid such localplt failures, although given those files (in
those versions) are only used in glibc it's not problematic for them
to rely on the specific behavior of glibc's atoi on out-of-range input
(in the absence of compiler optimizations based on the undefined
behavior) in the same way it's problematic for gnulib code to do so.

There may be other uses of atoi (or atol or atoll), in any of glibc's
installed code, for which it would also be appropriate to avoid the
undefined behavior on out-of-range input; this patch only fixes the
specific cases needed to avoid localplt failures.

Tested for x86_64.
2022-12-19 14:45:44 +00:00
Florian Weimer
c1c0dea388 Linux: Remove epoll_create, inotify_init from syscalls.list
Their presence causes stub warnings to be created on architectures
which do not implement them.

Fixes commit d1d23b1342 ("Lninux: consolidate
epoll_create implementation") and commit 842128f160
("Linux: consolidate inotify_init implementation").

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 13:28:14 +01:00
Florian Weimer
9a5b1d84fb Linux: Reflow and sort some Makefile variables
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-19 13:28:07 +01:00
Samuel Thibault
0fb10e49ad mach: Drop remnants of old_CFLAGS 2022-12-19 02:38:38 +01:00
Samuel Thibault
7685630b98 mach: Fix passing -ffreestanding when checking for gnumach headers
8b8c768e3c ("Force use of -ffreestanding when checking for gnumach
headers") was passing -ffreestanding to CFLAGS only, but headers checks are
performed with the preprocessor, so we rather need to pass it to CPPFLAGS.
2022-12-19 02:34:55 +01:00
Flavio Cruz
8b8c768e3c Force use of -ffreestanding when checking for gnumach headers
Without this ./configure assumes that we are in a fully hosted
environment, which might not be the case. After this patch, we can rely on
the freestanding header files provided by GCC such as stdint.h.
Message-Id: <Y5+0V9osFc/zXMq0@mars>
2022-12-19 01:49:30 +01:00
Adhemerval Zanella
71e408e45d elf: Fix tst-relro-symbols.py argument passing
Current scheme only consideres the first argument for both --required
and --optional, where the idea is to append a new item.

Checked on x86_64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-12-15 16:59:13 -03:00
Noah Goldstein
b712be5264 x86: Prevent SIGSEGV in memcmp-sse2 when data is concurrently modified [BZ #29863]
In the case of INCORRECT usage of `memcmp(a, b, N)` where `a` and `b`
are concurrently modified as `memcmp` runs, there can be a SIGSEGV
in `L(ret_nonzero_vec_end_0)` because the sequential logic
assumes that `(rdx - 32 + rax)` is a positive 32-bit integer.

To be clear, this change does not mean the usage of `memcmp` is
supported.  The program behaviour is undefined (UB) in the
presence of data races, and `memcmp` is incorrect when the values
of `a` and/or `b` are modified concurrently (data race). This UB
may manifest itself as a SIGSEGV. That being said, if we can
allow the idiomatic use cases, like those in yottadb with
opportunistic concurrency control (OCC), to execute without a
SIGSEGV, at no cost to regular use cases, then we can aim to
minimize harm to those existing users.

The fix replaces a 32-bit `addl %edx, %eax` with the 64-bit variant
`addq %rdx, %rax`. The 1-extra byte of code size from using the
64-bit instruction doesn't contribute to overall code size as the
next target is aligned and has multiple bytes of `nop` padding
before it. As well all the logic between the add and `ret` still
fits in the same fetch block, so the cost of this change is
basically zero.

The relevant sequential logic can be seen in the following
pseudo-code:
```
    /*
     * rsi = a
     * rdi = b
     * rdx = len - 32
     */
    /* cmp a[0:15] and b[0:15]. Since length is known to be [17, 32]
    in this case, this check is also assumed to cover a[0:(31 - len)]
    and b[0:(31 - len)].  */
    movups  (%rsi), %xmm0
    movups  (%rdi), %xmm1
    PCMPEQ  %xmm0, %xmm1
    pmovmskb %xmm1, %eax
    subl    %ecx, %eax
    jnz L(END_NEQ)

    /* cmp a[len-16:len-1] and b[len-16:len-1].  */
    movups  16(%rsi, %rdx), %xmm0
    movups  16(%rdi, %rdx), %xmm1
    PCMPEQ  %xmm0, %xmm1
    pmovmskb %xmm1, %eax
    subl    %ecx, %eax
    jnz L(END_NEQ2)
    ret

L(END2):
    /* Position first mismatch.  */
    bsfl    %eax, %eax

    /* The sequential version is able to assume this value is a
    positive 32-bit value because the first check included bytes in
    range a[0:(31 - len)] and b[0:(31 - len)] so `eax` must be
    greater than `31 - len` so the minimum value of `edx` + `eax` is
    `(len - 32) + (32 - len) >= 0`. In the concurrent case, however,
    `a` or `b` could have been changed so a mismatch in `eax` less or
    equal than `(31 - len)` is possible (the new low bound is `(16 -
    len)`. This can result in a negative 32-bit signed integer, which
    when zero extended to 64-bits is a random large value this out
    out of bounds. */
    addl %edx, %eax

    /* Crash here because 32-bit negative number in `eax` zero
    extends to out of bounds 64-bit offset.  */
    movzbl  16(%rdi, %rax), %ecx
    movzbl  16(%rsi, %rax), %eax
```

This fix is quite simple, just make the `addl %edx, %eax` 64 bit (i.e
`addq %rdx, %rax`). This prevents the 32-bit zero extension
and since `eax` is still a low bound of `16 - len` the `rdx + rax`
is bound by `(len - 32) - (16 - len) >= -16`. Since we have a
fixed offset of `16` in the memory access this must be in bounds.
2022-12-15 09:09:35 -08:00
Joseph Myers
6fd504849d Allow _Qp_fgt in sparc64 localplt.data
A recent GCC change resulted in localplt test failures on sparc64
because of references to _Qp_fgt.  This is analogous to all the other
floating-point symbols allowed in localplt.data, so it seems
appropriate to allow this one as well.

Tested with build-many-glibcs.py for sparc64-linux-gnu (GCC mainline),
where it fixes the test failure.
2022-12-13 22:16:22 +00:00
Adhemerval Zanella
5dcd2d0ad0 stdlib: Move _IO_cleanup to call_function_static_weak
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-12-12 09:53:23 -03:00
Adhemerval Zanella
d4facb63ff elf: Do not assume symbol order on tst-audit25{a,b}
The static linker might impose any order or internal function
position, so change the test to check if the audit prints the
symbol only once in any order.
2022-12-12 09:53:20 -03:00
Adhemerval Zanella Netto
4e21c20751 time: Use 64 bit time on tzfile
The tzfile_mtime is already compared to 64 bit time_t stat call.
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-09 09:56:09 -03:00
Adhemerval Zanella Netto
fa4a192778 nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402)
Although the nscd module is built with 64 bit time_t, the routines
linked direct to libc.so need to use the internal symbols.
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-09 09:56:09 -03:00
Adhemerval Zanella Netto
545eefc2f5 nis: Build libnsl with 64 bit time_t
And remove the usage of glibc reserved names.
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-09 09:56:09 -03:00
Siddhesh Poyarekar
f4f2ca1509 realloc: Return unchanged if request is within usable size
If there is enough space in the chunk to satisfy the new size, return
the old pointer as is, thus avoiding any locks or reallocations.  The
only real place this has a benefit is in large chunks that tend to get
satisfied with mmap, since there is a large enough spare size (up to a
page) for it to matter.  For allocations on heap, the extra size is
typically barely a few bytes (up to 15) and it's unlikely that it would
make much difference in performance.

Also added a smoke test to ensure that the old pointer is returned
unchanged if the new size to realloc is within usable size of the old
pointer.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-12-08 11:23:43 -05:00
Adhemerval Zanella Netto
929ea132b4 Linux: Consolidate typesizes.h
The generic (sysdeps/unix/sysv/linux/generic/bits/typesizes.h) and
default (bits/typesizes.h) differs in two fields:

                    bits/typesizes.h    Linux generic
__NLINK_T_TYPE      __UWORD_TYPE        __U32_TYPE
__BLKSIZE_T_TYPE    __SLONGWORD_TYPE    __S32_TYPE

Sinceit leads to different C++ mangling names, the default typesize.h
is copied for the requires archtiectures and the generic is make the
default Linux one.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:41:21 -03:00
Adhemerval Zanella Netto
9d53dc48e8 Linux: Make generic fcntl.h the default one
It is currently used for csky, arc, nios2, and or1k.  Newer 64 bit
architecture, like riscv32 and loongarch, reimplement it to override
F_GETLK64/F_SETLK64/F_SETLKW64.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:40:52 -03:00
Adhemerval Zanella Netto
fea7abbc23 Linux: make generic xstatver.h the default one
And copy the current default one to required ABIs.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:40:36 -03:00
Adhemerval Zanella Netto
71e4344f25 Linux: Remove generic sysdep
The includes chain is added on each architecture sysdep.h and
the __NR__llseek hack is moved to lseek.c and lseek64.c.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:33:47 -03:00
Adhemerval Zanella Netto
127945c561 Linux: Assume and consolidate shutdown wire-up syscall
And disable if kernel does not support it.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:17:28 -03:00
Adhemerval Zanella Netto
377a14a22a Linux: Assume and consolidate listen wire-up syscall
And disable if kernel does not support it.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:11:53 -03:00
Adhemerval Zanella Netto
d00783653a Linux: Assume and consolidate socketpair wire-up syscall
And disable if kernel does not support it.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:11:49 -03:00
Adhemerval Zanella Netto
1fed1a5af4 Linux: Assume and consolidate socket wire-up syscall
And disable if kernel does not support it.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 14:11:36 -03:00
Adhemerval Zanella Netto
215bf99347 Linux: Assume and consolidate bind wire-up syscall
And disable if kernel does not support it.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 13:42:05 -03:00
Adhemerval Zanella Netto
a33919698b Linux: consolidate ____longjmp_chk
Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:52:23 -03:00
Adhemerval Zanella Netto
04e7e2658c Linux: consolidate sendfile implementation
This is similar to other LFS consolidation, where the non-LFS is only
built if __OFF_T_MATCHES_OFF64_T is not defined and the LFS version
is aliased to non-LFS name if __OFF_T_MATCHES_OFF64_T is defined.

For non-LFS variant, use sendfile syscall if defined, otherwise use
sendfile64 plus the offset overflow check (as generic implementation).

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
9cffb295e3 Linux: consolidate unlink implementation
Use unlink syscall if defined, otherwise use unlinkat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
bf58f34a70 Linux: consolidate symlink implementation
Use symlink syscall if defined, otherwise use symlinkat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
54ed77914a Linux: consolidate rmdir implementation
Use rmdir syscall if defined, otherwise use unlinkat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
2fc81f6ca5 Linux: consolidate readlink implementation
Use readlink syscall if defined, otherwise readlinkat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
ccb9215dbe Linux: consolidate mkdir implementation
Use mkdir syscall if defined, otherwise use mkdirat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
f178e5173f Linux: consolidate link implementation
Use link syscall if defined, otherwise use linkat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
25ca6175ba Linux: consolidate lchown implementation
Use lchown syscall if defined, otherwise use fchownat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
842128f160 Linux: consolidate inotify_init implementation
Use inotify_init syscall if defined, otherwise use inotify_init1.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
d1d23b1342 Lninux: consolidate epoll_create implementation
Use epoll_create syscall if defined, otherwise use epoll_create1.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
33ef940302 Linux: consolidate dup2 implementation
Use dup2 syscall if defined, otherwise use dup3.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
1001abfa14 Linux: consolidate chown implementation
Use chown syscall if defined, otherwise use fchownat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
f0fa84d31f Linux: consolidate chmod implementation
Use chmod syscall if defined, otherwise use fchmodat.

Checked on x86_64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2022-12-07 11:27:01 -03:00
Adhemerval Zanella Netto
b14e1f9fcd linux: Consolidate dl-origin.c
Use the generic implementation as the default, since the syscall
is supported by all architectures.

Also cleanup some headers and remove the INTERNAL_SYSCALL_ERROR_P
usage (the INTERNAL_SYSCALL_CALL macro already returns an negative
value if an error occurs).
2022-12-07 11:27:01 -03:00
Xing Li
36d423e203 linux: Use long int for syscall return value
The linux syscall ABI returns long, so the generic syscall code for
linux should use long for the return value.

This fixes the truncation of the return value of the syscall function
when that does not fit into an int.
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-12-07 10:37:06 -03:00
Chenghua Xu
9f482b73f4 LoongArch: Use medium cmodel build libc_nonshared.a.
This patch is used to fix address out-of-bounds error when building
Chrome.
2022-12-07 10:42:51 +08:00
Adhemerval Zanella
8d6083717c x86_64: State assembler is being tested on sysdeps/x86/configure 2022-12-06 13:47:47 -03:00
Adhemerval Zanella
2b0da5028d configure: Remove AS check
The assembler is not issued directly, but rather always through CC
wrapper.  The binutils version check if done with LD instead.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-12-06 09:40:19 -03:00
Adhemerval Zanella
6cfc50f40a configure: Remove check if ld is GNU
Assume linker has gnu argument input style.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-12-06 09:40:19 -03:00
Adhemerval Zanella
f35b7ce02f configure: Remove check if as is GNU
It is not used in any place.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-12-06 09:40:19 -03:00
Adhemerval Zanella
43ecc41dda configure: Move locale tools early
When using --with-binutils, the configure might not use the specified
linker or assembler while checking for expected support.  Move the
tools check early, before any compiler usage test.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-12-06 09:40:19 -03:00
Sergey Bugaev
8fb923ddc3 hurd: Make getrandom cache the server port
Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.

Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.

In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.

Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.

Tested on i686-gnu with the following program:

pthread_barrier_t barrier;

void *worker(void*) {
    pthread_barrier_wait(&barrier);
    uint32_t sum = 0;
    for (int i = 0; i < 10000; i++) {
        sum += arc4random();
    }
    return (void *)(uintptr_t) sum;
}

int main() {
    pthread_t threads[THREAD_COUNT];

    pthread_barrier_init(&barrier, NULL, THREAD_COUNT);

    for (int i = 0; i < THREAD_COUNT; i++) {
        pthread_create(&threads[i], NULL, worker, NULL);
    }
    for (int i = 0; i < THREAD_COUNT; i++) {
        void *retval;
        pthread_join(threads[i], &retval);
        printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
    }

In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>
2022-12-02 22:33:49 +01:00