Commit Graph

34405 Commits

Author SHA1 Message Date
Florian Weimer
899478c2bf inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927] 2018-12-06 15:39:50 +01:00
Florian Weimer
f255336a93 support: Implement <support/descriptors.h> to track file descriptors 2018-12-06 15:39:42 +01:00
Zack Weinberg
35caceb145 Use PRINTF_LDBL_IS_DBL instead of __ldbl_is_dbl.
After all that prep work, nldbl-compat.c can now use PRINTF_LDBL_IS_DBL
instead of __no_long_double to control the behavior of printf-like
functions; this is the last thing we needed __no_long_double for, so it
can go away entirely.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:43 -02:00
Zack Weinberg
4e2f43f842 Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)
The _chk variants of all of the printf functions become much simpler.
This is the last thing that we needed _IO_acquire_lock_clear_flags2
for, so it can go as well.  I took the opportunity to make the headers
included and the names of all local variables consistent across all the
affected files.

Since we ultimately want to get rid of __no_long_double as well, it
must be possible to get all of the nontrivial effects of the _chk
functions by calling the _internal functions with appropriate flags.
For most of the __(v)xprintf_chk functions, this is covered by
PRINTF_FORTIFY plus some up-front argument checks that can be
duplicated.  However, __(v)sprintf_chk installs a custom jump table so
that it can crash instead of overflowing the output buffer.  This
functionality is moved to __vsprintf_internal, which now has a
'maxlen' argument like __vsnprintf_internal; to get the unsafe
behavior of ordinary (v)sprintf, pass -1 for that argument.

obstack_printf_chk and obstack_vprintf_chk are no longer in the same
file.

As a side-effect of the unification of both fortified and non-fortified
vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk
and __vdprintf_chk, which was previously fixed only for dprintf and
vdprintf by the commit

commit 7ca890b88e
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Wed Feb 24 16:07:57 2010 -0800

    Fix reporting of I/O errors in *dprintf functions.

This patch adds a test case to avoid regressions.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:43 -02:00
Zack Weinberg
124fc732c1 Add __vsyslog_internal, with same flags as __v*printf_internal.
__nldbl___vsyslog_chk will ultimately want to pass PRINTF_LDBL_IS_DBL
down to __vfprintf_internal *as well as* possibly setting PRINTF_FORTIFY.
To make that possible, we need a __vsyslog_internal that takes the
same flags as printf.  The code in misc/syslog.c does also get a
little simpler.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:43 -02:00
Zack Weinberg
698fb75b9f Add __v*printf_internal with flags arguments
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable.  Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.

As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.

Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead.  It also
turns out there were hardly any internal callers.  _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.

Summary for the changes to each of the affected symbols:

  _IO_vfprintf, _IO_vsprintf:
    All internal calls removed, thus the internal declarations, as well
    as uses of libc_hidden_proto and libc_hidden_def, were also removed.
    The external symbol is now exposed via uses of ldbl_strong_alias
    to __vfprintf_internal and __vsprintf_internal, respectively.

  _IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
  _IO_vfwprintf, _IO_vswprintf,
  _IO_obstack_vprintf, _IO_obstack_printf:
    All internal calls removed, thus declaration in internal headers
    were also removed.  They were never exported, so there are no
    aliases tying them to the internal functions.  I.e.: entirely gone.

  __vsnprintf:
    Internal calls were always preceded by macros such as
      #define __vsnprintf _IO_vsnprintf, and
      #define __vsnprintf vsnprintf
    The macros were removed and their uses replaced with calls to the
    new internal function __vsnprintf_internal.  Since there were no
    internal calls, the internal declaration was also removed.  The
    external symbol is preserved with ldbl_weak_alias to ___vsnprintf.

  __vfwprintf:
    All internal calls converted into calls to __vfwprintf_internal,
    thus the internal declaration was removed.  The function is now a
    wrapper that calls __vfwprintf_internal.  The external symbol is
    preserved.

  __vswprintf:
    Similarly, but no external symbol.

  __vasprintf, __vdprintf, __vfprintf, __vsprintf:
    New internal wrappers.  Not exported.

  vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
  vfwprintf, vswprintf,
  obstack_vprintf, obstack_printf:
    These functions used to be aliases to the respective _IO_* function,
    they are now aliases to their respective __* functions.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:42 -02:00
Zack Weinberg
d91798b31a Use SCANF_LDBL_IS_DBL instead of __ldbl_is_dbl.
Change the callers of __vfscanf_internal and __vfwscanf_internal that
want to treat 'long double' as another name for 'double' (all of which
happen to be in sysdeps/ieee754/ldbl-opt/nldbl-compat.c) to communicate
this via the new flags argument, instead of the per-thread variable
__no_long_double and its __ldbl_is_dbl wrapper macro.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:42 -02:00
Zack Weinberg
b87eb3f8fe Use SCANF_ISOC99_A instead of _IO_FLAGS2_SCANF_STD.
Change the callers of __vfscanf_internal and __vfwscanf_internal that
want C99-compliant behavior to communicate this via the new flags
argument, rather than setting bits on the FILE object.  This also
means these functions do not need to do their own locking.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:42 -02:00
Zack Weinberg
349718d4d7 Add __vfscanf_internal and __vfwscanf_internal with flags arguments.
There are two flags currently defined: SCANF_LDBL_IS_DBL is the mode
used by __nldbl_ scanf variants, and SCANF_ISOC99_A is the mode used
by __isoc99_ scanf variants.  In this patch, the new functions honor
these flag bits if they're set, but they still also look at the
corresponding bits of environmental state, and callers all pass zero.

The new functions do *not* have the "errp" argument possessed by
_IO_vfscanf and _IO_vfwscanf.  All internal callers passed NULL for
that argument.  External callers could theoretically exist, so I
preserved wrappers, but they are flagged as compat symbols and they
don't preserve the three-way distinction among types of errors that
was formerly exposed.  These functions probably should have been in
the list of deprecated _IO_ symbols in 2.27 NEWS -- they're not just
aliases for vfscanf and vfwscanf.

(It was necessary to introduce ldbl_compat_symbol for _IO_vfscanf.
Please check that part of the patch very carefully, I am still not
confident I understand all of the details of ldbl-opt.)

This patch also introduces helper inlines in libio/strfile.h that
encapsulate the process of initializing an _IO_strfile object for
reading.  This allows us to call __vfscanf_internal directly from
sscanf, and __vfwscanf_internal directly from swscanf, without
duplicating the initialization code.  (Previously, they called their
v-counterparts, but that won't work if we want to control *both* C99
mode and ldbl-is-dbl mode using the flags argument to__vfscanf_internal.)
It's still a little awkward, especially for wide strfiles, but it's
much better than what we had.

Tested for powerpc and powerpc64le.
2018-12-05 18:15:42 -02:00
Albert ARIBAUD (3ADEV)
72b8692d7e Y2038: make __tz_convert compatible with 64-bit-time
Now that __time64_t exists, we can switch internal function
__tz_convert from 32-bit to 64-bit time. This involves switching
some other internal functions as well, namely __tz_compute and
__offtime.

Tested with 'make check' on x86_64-linux-gnu and i686-linux.gnu.

	* include/time.h
	(__tz_compute): Replace time_t with __time64_t.
	(__tz_convert): Replace time_t* with __time64_t.
	(__offtime): Replace time_t* with __time64_t.
	* time/gmtime.c
	(__gmtime_r): Adjust call to __tz_convert.
	(gmtime): Likewise.
	* time/localtime.c
	(__localtime_r): Likewise.
	(localtime): Likewise.
	* time/offtime.c: Replace time_t with __time64_t.
	* time/tzset.c: Likewise.
2018-12-05 21:01:22 +01:00
Joseph Myers
bd598da9f4 Stop test-in-container trying to run other-OS binaries.
I noticed that, now that build-many-glibcs.py no longer copies glibc
sources, I was getting core dumps in my glibc source directories.  The
cause appears to be, from the i686-gnu build:

for dso in ` env LD_TRACE_LOADED_OBJECTS=1  \
        /scratch/jmyers/glibc-bot/build/glibcs/i686-gnu/glibc/elf/ld.so.1 \
        /scratch/jmyers/glibc-bot/build/glibcs/i686-gnu/glibc/testroot.pristine/bin/sh \
[...]
Segmentation fault (core dumped)

In this case, the x86 architecture means the binary executes, but
dumps core rather than actually working.

Anything involving running the newly built glibc should only be done
ifeq ($(run-built-tests),yes).  This patch conditions the relevant
part of the testroot setup accordingly.

Tested for x86_64, and with build-many-glibcs.py for i686-gnu.

	* Makefile ($(objpfx)testroot.pristine/install.stamp): Do not run
	dynamic linker unless [$(run-built-tests) = yes].
2018-12-04 16:52:39 +00:00
DJ Delorie
b2e93de0ff test-container: add "su" command to run test as root, add unshare hints
* support/test-container.c (check_for_unshare_hints): New.
(main): Call it if unshare fails.  Add support for "su" scriptlet
command.
2018-12-04 00:03:12 -05:00
Joseph Myers
477a02f637 Make gen-as-const.py handle '--' consistently with awk script.
It was reported in
<https://sourceware.org/ml/libc-alpha/2018-12/msg00045.html> that
gen-as-const.py fails to generate test code in the case where a .sym
file has no symbols in it, so resulting in a test failing to link for
Hurd.

The relevant difference from the old awk script is that the old script
treated '--' lines as indicating that the text to do at the start of
the test (or file used to compute constants) should be output at that
point if not already output, as well as treating lines with actual
entries for constants like that.  This patch changes gen-as-const.py
accordingly, making it the sole responsibility of the code parsing
.sym files to determine when such text should be output and ensuring
it's always output at some point even if there are no symbols and no
'--' lines, since not outputting it means the test fails to link.
Handling '--' like that also avoids any problems that would arise if
the first entry for a symbol were inside #ifdef (since the text in
question must not be output inside #ifdef).

Tested for x86_64, and with build-many-glibcs.py for i686-gnu.  Note
that there are still compilation test failures for i686-gnu
(linknamespace tests, possibly arising from recent posix_spawn-related
changes).

	* scripts/gen-as-const.py (compute_c_consts): Take an argument
	'START' to indicate that start text should be output.
	(gen_test): Likewise.
	(main): Generate 'START' for first symbol or '--' line, or at end
	of input if not previously generated.
2018-12-03 22:08:50 +00:00
Rafael Ávila de Espíndola
6af956e5c0 Enable VDSO for static linking on arm
I have tested that this builds and the resulting program still work.
The kernel in gcc117 (which I ussed for testing) seems to be missing
https://patchwork.kernel.org/patch/10060431/, so the vdso is never used.

	[BZ #19767]
	* sysdeps/unix/sysv/linux/arm/init-first.c: Remove #ifdef SHARED.
	* sysdeps/unix/sysv/linux/arm/libc-vdso.h: Remove #ifdef SHARED.
	* sysdeps/unix/sysv/linux/arm/sysdep.h: Define
	ALWAYS_USE_VSYSCALL.
2018-12-03 20:59:22 +00:00
Adhemerval Zanella
f5ec0ea9ea posix: Fix segfault in maybe_script_execute
This patch is essentially 28669f86f6 adjusted for the generic
implementation.

Checked on x86_64-linux-gnu with Linux spawni.c removed.  The only
failure is posix/tst-spawn3, which is expected.

	[BZ #23913]
	* sysdeps/posix/spawni.c (maybe_script_execute):
	Increment size of new_argv by one.
2018-12-03 18:23:11 -02:00
Carlos O'Donell
8cebd4ffe6 Add --no-hard-links option to localedef (bug 23923)
Downstream distributions need consistent sets of hardlinks in
order for rpm to operate effectively. This means that even if
locales are built with a high level of parallelism that the
resulting files need to have consistent hardlink counts. The only
way to achieve this is with a post-install hardlink pass using a
program like 'hardlink' (shipped in Fedora).

If the downstream distro wants to post-process the hardlinks then
the time spent in localedef looking up sibling directories and
processing hardlinks is wasted effort.

To optimize the build and install pass we add a --no-hard-links
option to localedef to avoid doing the hardlink optimziation for
size.

Tested on x86_64 with 'make localedata/install-locale-files'
before and after. Without the patch we have files with 100+
hardlink counts. After the patch and running with --no-hard-links
all link counts are 1. This patch also alters the convenience
target 'make localedata/install-locale-files' to use the new
option.

Signed-off-by: Carlos O'Donell <carlos@redhat.com>
2018-12-03 10:15:39 -05:00
H.J. Lu
c22e4c2a14 x86: Extend CPUID support in struct cpu_features
Extend CPUID support for all feature bits from CPUID.  Add a new macro,
CPU_FEATURE_USABLE, which can be used to check if a feature is usable at
run-time, instead of HAS_CPU_FEATURE and HAS_ARCH_FEATURE.

Add COMMON_CPUID_INDEX_D_ECX_1, COMMON_CPUID_INDEX_80000007 and
COMMON_CPUID_INDEX_80000008 to check CPU feature bits in them.

Tested on i686 and x86-64 as well as using build-many-glibcs.py with
x86 targets.

	* sysdeps/x86/cacheinfo.c (intel_check_word): Updated for
	cpu_features_basic.
	(__cache_sysconf): Likewise.
	(init_cacheinfo): Likewise.
	* sysdeps/x86/cpu-features.c (get_extended_indeces): Also
	populate COMMON_CPUID_INDEX_80000007 and
	COMMON_CPUID_INDEX_80000008.
	(get_common_indices): Also populate COMMON_CPUID_INDEX_D_ECX_1.
	Use CPU_FEATURES_CPU_P (cpu_features, XSAVEC) to check if
	XSAVEC is available.  Set the bit_arch_XXX_Usable bits.
	(init_cpu_features): Use _Static_assert on
	index_arch_Fast_Unaligned_Load.
	__get_cpuid_registers and __get_arch_feature.  Updated for
	cpu_features_basic.  Set stepping in cpu_features.
	* sysdeps/x86/cpu-features.h: (FEATURE_INDEX_1): Changed to enum.
	(FEATURE_INDEX_2): New.
	(FEATURE_INDEX_MAX): Changed to enum.
	(COMMON_CPUID_INDEX_D_ECX_1): New.
	(COMMON_CPUID_INDEX_80000007): Likewise.
	(COMMON_CPUID_INDEX_80000008): Likewise.
	(cpuid_registers): Likewise.
	(cpu_features_basic): Likewise.
	(CPU_FEATURE_USABLE): Likewise.
	(bit_arch_XXX_Usable): Likewise.
	(cpu_features): Use cpuid_registers and cpu_features_basic.
	(bit_arch_XXX): Reweritten.
	(bit_cpu_XXX): Likewise.
	(index_cpu_XXX): Likewise.
	(reg_XXX): Likewise.
	* sysdeps/x86/tst-get-cpu-features.c: Include <stdio.h> and
	<support/check.h>.
	(CHECK_CPU_FEATURE): New.
	(CHECK_CPU_FEATURE_USABLE): Likewise.
	(cpu_kinds): Likewise.
	(do_test): Print vendor, family, model and stepping.  Check
	HAS_CPU_FEATURE and CPU_FEATURE_USABLE.
	(TEST_FUNCTION): Removed.
	Include <support/test-driver.c> instead of
	"../../test-skeleton.c".
	* sysdeps/x86_64/multiarch/sched_cpucount.c (__sched_cpucount):
	Check POPCNT instead of POPCOUNT.
	* sysdeps/x86_64/multiarch/test-multiarch.c (do_test): Likewise.
2018-12-03 05:54:56 -08:00
Samuel Thibault
7b36d26b22 Fix test-as-const-jmp_buf-ssp.c generation on gnu-i386
hurd's jmp_buf-ssp.sym does not define any symbol.
scripts/gen-as-const.py currently was emitting an empty line in that
case, and the gawk invocation was prepending "asconst_" to it, ending up
with:

.../build/glibc/setjmp/test-as-const-jmp_buf-ssp.c:1:2: error: expected « = », « , », « ; », « asm » or
« __attribute__ » at end of input
    1 |  asconst_
      |  ^~~~~~~~

        * scripts/gen-as-const.py (main): Avoid emitting empty line when
        there is no element in `consts'.
2018-12-03 14:40:48 +01:00
Florian Weimer
02cd5c1a8d support: Close original descriptors in support_capture_subprocess 2018-12-01 22:41:46 +01:00
Samuel Thibault
fc493bc9e6 htl: Fix comparing attr with default values
Fortunately we were previously only missing an optimization.

Thanks dcb <dcb314@hotmail.com> for the report

	[BZ #23032]
	* sysdeps/htl/pt-barrier-init.c (pthread_barrier_init): Fix comparing
	attr with __pthread_default_barrierattr.
	* sysdeps/htl/pt-cond-init.c (__pthread_cond_init): Fix comparing
	attr with __pthread_default_condattr.
	* sysdeps/htl/pt-mutex-init.c (_pthread_mutex_init): Fix comparing
	attr with __pthread_default_mutexattr.
	* sysdeps/htl/pt-rwlock-init.c (_pthread_rwlock_init): Fix comparing
	attr with __pthread_default_rwlockattr.
2018-12-01 21:42:12 +01:00
Kemi Wang
6310e6be9b Mutex: Add pthread mutex tunables
This patch does not have any functionality change, we only provide a spin
count tunes for pthread adaptive spin mutex. The tunable
glibc.pthread.mutex_spin_count tunes can be used by system administrator to
squeeze system performance according to different hardware capabilities and
workload characteristics.

The maximum value of spin count is limited to 32767 to avoid the overflow
of mutex->__data.__spins variable with the possible type of short in
pthread_mutex_lock ().

The default value of spin count is set to 100 with the reference to the
previous number of times of spinning via trylock. This value would be
architecture-specific and can be tuned with kinds of benchmarks to fit most
cases in future.

I would extend my appreciation sincerely to H.J.Lu for his help to refine
this patch series.

	* manual/tunables.texi (POSIX Thread Tunables): New node.
	* nptl/Makefile (libpthread-routines): Add pthread_mutex_conf.
	* nptl/nptl-init.c: Include pthread_mutex_conf.h
	(__pthread_initialize_minimal_internal) [HAVE_TUNABLES]: Call
	 __pthread_tunables_init.
	* nptl/pthreadP.h (MAX_ADAPTIVE_COUNT): Remove.
	(max_adaptive_count): Define.
	* nptl/pthread_mutex_conf.c: New file.
	* nptl/pthread_mutex_conf.h: New file.
	* sysdeps/generic/adaptive_spin_count.h: New file.
	* sysdeps/nptl/dl-tunables.list: New file.
	* nptl/pthread_mutex_lock.c (__pthread_mutex_lock): Use
	max_adaptive_count () not MAX_ADAPTIVE_COUNT.
	* nptl/pthread_mutex_timedlock.c (__pthrad_mutex_timedlock):
	Likewise.

Suggested-by: Andi Kleen <andi.kleen@intel.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Signed-off-by: Kemi.wang <kemi.wang@intel.com>
2018-12-01 08:19:20 -08:00
Paul Pluzhnikov
8e67b39eb4 stdlib: assert on NULL function pointer in atexit etc. [BZ #20544] 2018-11-30 16:18:34 -08:00
Rafael Ávila de Espíndola
15b8d67e29 Enable VDSO on i386 statically linked programs
[BZ #19767]
	* sysdeps/unix/sysv/linux/i386/init-first.c: Don't check SHARED.
	* sysdeps/unix/sysv/linux/i386/sysdep.h (ALWAYS_USE_VSYSCALL):
	New.
2018-11-30 14:32:35 -08:00
Florian Weimer
5e63c240a2 scripts/abilist.awk: Handle special _end symbol for Hurd
Hurd has this in libc.so:

0024db9c g    D  .bss   00000000  GLIBC_2.2.6 _end

This g/D combination was not recognized before.
2018-11-30 22:22:57 +01:00
Adhemerval Zanella
7105860262 Fix ChangeLog date from previous commit 2018-11-30 19:10:50 -02:00
Adhemerval Zanella
5fb7fc9635 posix: Use posix_spawn on system
This patch uses posix_spawn on system implementation.  On Linux this has
the advantage of much lower memory consumption (usually 32 Kb minimum for
the mmap stack area).

Although POSIX does not require, glibc system implementation aims to be
thread and cancellation safe.  The cancellation code is moved to generic
implementation and enabled iff SIGCANCEL is defined (similar on how the
cancellation handler is enabled on nptl-init.c).

Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
arm-linux-gnueabihf, and powerpc64le-linux-gnu.

	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Use
	__sigismember instead of sigismember.
	* sysdeps/posix/system.c [SIGCANCEL] (cancel_handler_args,
	cancel_handler): New definitions.
	(CLEANUP_HANDLER, CLEANUP_RESET): Likewise.
	(DO_LOCK, DO_UNLOCK, INIT_LOCK, ADD_REF, SUB_REF): Remove.
	(do_system): Use posix_spawn instead of fork and execl and remove
	reentracy code.
	* sysdeps/generic/not-errno.h (__kill_noerrno): New prototype.
	* sysdeps/unix/sysv/linux/not-errno.h (__kill_noerrno): Likewise.
	* sysdeps/unix/sysv/linux/ia64/system.c: Remove file.
	* sysdeps/unix/sysv/linux/s390/system.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/system.c: Likewise.
	* sysdeps/unix/sysv/linux/system.c: Likewise.
2018-11-30 18:42:05 -02:00
Adhemerval Zanella
14d0e87d9b posix: Use posix_spawn on popen
This patch uses posix_spawn on popen instead of fork and execl.  On Linux
this has the advantage of much lower memory consumption (usually 32 Kb
minimum for the mmap stack area).

Two issues are also fixed with this change:

  * BZ#17490: although POSIX pthread_atfork description only list 'fork'
    as the function that should execute the atfork handlers, popen
    description states that:

      '[...] shall be *as if* a child process were created within the popen()
       call using the fork() function [...]'

    Other libc/system seems to follow the idea atfork handlers should not be
    executed for popen:

    libc/system	| run atfork handles   | notes
    ------------|----------------------|---------------------------------------
    Freebsd	|        no            | uses vfork
    Solaris 11	|        no            |
    MacOSX 11   |        no            | implemented through posix_spawn syscall
    ------------|----------------------|----------------------------------------

    Similar to posix_spawn and system, popen idea is to spawn a different
    binary so all the POSIX rationale to run the atfork handlers to avoid
    internal process inconsistency is not really required and in some cases
    might be unsafe.

  * BZ#22834: the described scenario, where the forked process might access
    invalid memory due an inconsistent state in multithreaded environment,
    should not happen because posix_spawn does not access the affected
    data structure (proc_file_chain).

Checked on x86_64-linux-gnu and i686-linux-gnu.

	[BZ #22834]
	[BZ #17490]
	* NEWS: Add new semantic for atfork with popen and system.
	* libio/iopopen.c (_IO_new_proc_open): use posix_spawn instead of
	fork and execl.
2018-11-30 18:42:05 -02:00
Tulio Magno Quites Machado Filho
e5d262effe Fix _dl_profile_fixup data-dependency issue (Bug 23690)
There is a data-dependency between the fields of struct l_reloc_result
and the field used as the initialization guard. Users of the guard
expect writes to the structure to be observable when they also observe
the guard initialized. The solution for this problem is to use an acquire
and release load and store to ensure previous writes to the structure are
observable if the guard is initialized.

The previous implementation used DL_FIXUP_VALUE_ADDR (l_reloc_result->addr)
as the initialization guard, making it impossible for some architectures
to load and store it atomically, i.e. hppa and ia64, due to its larger size.

This commit adds an unsigned int to l_reloc_result to be used as the new
initialization guard of the struct, making it possible to load and store
it atomically in all architectures. The fix ensures that the values
observed in l_reloc_result are consistent and do not lead to crashes.
The algorithm is documented in the code in elf/dl-runtime.c
(_dl_profile_fixup). Not all data races have been eliminated.

Tested with build-many-glibcs and on powerpc, powerpc64, and powerpc64le.

	[BZ #23690]
	* elf/dl-runtime.c (_dl_profile_fixup): Guarantee memory
	modification order when accessing reloc_result->addr.
	* include/link.h (reloc_result): Add field init.
	* nptl/Makefile (tests): Add tst-audit-threads.
	(modules-names): Add tst-audit-threads-mod1 and
	tst-audit-threads-mod2.
	Add rules to build tst-audit-threads.
	* nptl/tst-audit-threads-mod1.c: New file.
	* nptl/tst-audit-threads-mod2.c: Likewise.
	* nptl/tst-audit-threads.c: Likewise.
	* nptl/tst-audit-threads.h: Likewise.

Signed-off-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2018-11-30 18:05:32 -02:00
Joseph Myers
7e1d42400c Replace gen-as-const.awk by gen-as-const.py.
This patch replaces gen-as-const.awk, and some fragments of the
Makefile code that used it, by a Python script.  The point is not such
much that awk is problematic for this particular script, as that I'd
like to build up a general Python infrastructure for extracting
information from C headers, for use in writing tests of such headers.
Thus, although this patch does not set up such infrastructure, the
compute_c_consts function in gen-as-const.py might be moved to a
separate Python module in a subsequent patch as a starting point for
such infrastructure.

The general idea of the code is the same as in the awk version, but no
attempt is made to make the output files textually identical.  When
generating a header, a dict of constant names and values is generated
internally then defines are printed in sorted order (rather than the
order in the .sym file, which would have been used before).  When
generating a test that the values computed match those from a normal
header inclusion, the test code is made into a compilation test using
_Static_assert, where previously the comparisons were done only when
the test was executed.  One fragment of test generation (converting
the previously generated header to use asconst_* prefixes on its macro
names) is still in awk code in the makefiles; only the .sym processing
and subsequent execution of the compiler to extract constants have
moved to the Python script.

Tested for x86_64, and with build-many-glibcs.py.

	* scripts/gen-as-const.py: New file.
	* scripts/gen-as-const.awk: Remove.
	* Makerules ($(common-objpfx)%.h $(common-objpfx)%.h.d): Use
	gen-as-const.py.
	($(objpfx)test-as-const-%.c): Likewise.
2018-11-30 15:20:41 +00:00
H.J. Lu
ce7387cc25 elf/dl-exception.c: Include <_itoa.h> for _itoa prototype
Tested with build-many-glibcs.py.

	* elf/dl-exception.c: Include <_itoa.h>.
2018-11-29 20:03:46 -08:00
Samuel Thibault
c6a5bdc189 hurd: Fix returning value for fcntl(F_*LK*)
to avoid calling va_end again, etc.

	* sysdeps/mach/hurd/fcntl.c (__libc_fcntl): Directly return value
	returned by __f_setlk.
2018-11-30 02:41:50 +01:00
H.J. Lu
a5275ba537 _dl_exception_create_format: Support %x/%lx/%zx
Add support for %x, %lx and %zx to _dl_exception_create_format and pad
to the full width with 0.

	* elf/Makefile (tests-internal): Add tst-create_format1.
	* elf/dl-exception.c (_dl_exception_create_format): Support
	%x, %lx and %zx.
	* elf/tst-create_format1.c: New file.
2018-11-29 14:47:27 -08:00
Charles-Antoine Couret
3a67e81d75 argp: do not call _IO_fwide() if _LIBC is not defined
_IO_fwide() is defined in libio.h file. This file is included only
when _LIBC is defined.

So, in case of compilation of these files without _LIBC definition,
the compilation failed due to this unknown function.

Now this function is called when libio.h file is included.

(Change merged from gnulib.  Tested on x86_64.)

	* argp/argp-fmtstream.c (__argp_fmtstream_update): Use [_LIBC]
	conditional on calls to _IO_fwide and putwc_unlocked.  (Merge from
	gnulib.)
	* argp/argp-help.c (__argp_failure): Likewise.
2018-11-29 17:56:55 +00:00
Mao Han
4975f0c3d0 C-SKY: Add dynamic relocations to elf.h
* elf/elf.h (EM_CSKY, R_CKCORE_NONE, R_CKCORE_ADDR32)
	(R_CKCORE_PCRELIMM8BY4, R_CKCORE_PCRELIMM11BY2, R_CKCORE_PCREL32)
	(R_CKCORE_PCRELJSR_IMM11BY2, R_CKCORE_RELATIVE, R_CKCORE_COPY)
	(R_CKCORE_GLOB_DAT, R_CKCORE_JUMP_SLOT, R_CKCORE_GOTOFF)
	(R_CKCORE_GOTPC, R_CKCORE_GOT32, R_CKCORE_PLT32, R_CKCORE_ADDRGOT)
	(R_CKCORE_ADDRPLT, R_CKCORE_PCREL_IMM26BY2, R_CKCORE_PCREL_IMM16BY2)
	(R_CKCORE_PCREL_IMM16BY4, R_CKCORE_PCREL_IMM10BY2)
	(R_CKCORE_PCREL_IMM10BY4, R_CKCORE_ADDR_HI16, R_CKCORE_ADDR_LO16)
	(R_CKCORE_GOTPC_HI16, R_CKCORE_GOTPC_LO16, R_CKCORE_GOTOFF_HI16)
	(R_CKCORE_GOTOFF_LO16, R_CKCORE_GOT12, R_CKCORE_GOT_HI16)
	(R_CKCORE_GOT_LO16, R_CKCORE_PLT12, R_CKCORE_PLT_HI16)
	(R_CKCORE_PLT_LO16, R_CKCORE_ADDRGOT_HI16, R_CKCORE_ADDRGOT_LO16)
	(R_CKCORE_ADDRPLT_HI16, R_CKCORE_ADDRPLT_LO16)
	(R_CKCORE_PCREL_JSR_IMM26BY2, R_CKCORE_TOFFSET_LO16)
	(R_CKCORE_DOFFSET_LO16, R_CKCORE_PCREL_IMM18BY2)
	(R_CKCORE_DOFFSET_IMM18, R_CKCORE_DOFFSET_IMM18BY2)
	(R_CKCORE_DOFFSET_IMM18BY4, R_CKCORE_GOT_IMM18BY4)
	(R_CKCORE_PLT_IMM18BY4, R_CKCORE_PCREL_IMM7BY4, R_CKCORE_TLS_LE32)
	(R_CKCORE_TLS_IE32, R_CKCORE_TLS_GD32, R_CKCORE_TLS_LDM32)
	(R_CKCORE_TLS_LDO32, R_CKCORE_TLS_DTPMOD32, R_CKCORE_TLS_DTPOFF32)
	(R_CKCORE_TLS_TPOFF32): New defines.
2018-11-29 17:32:13 +00:00
Florian Weimer
250102c844 posix: Do not include testcases.h, ptestcases.h in source tree
These files were both auto-generated and shipped in the source tree.
We can assume that sed is available and always generate the files
during the build.
2018-11-29 13:51:25 +01:00
Florian Weimer
96cd0558bc support: Add signal support to support_capture_subprocess_check
Signal zero does not terminate a process, so it is safe to use negative
values for signal numbers.

Adjust libio/tst-vtables-common.c to use this new functionality,
instead of determining the termination status for a signal indirectly.
2018-11-28 20:57:18 +01:00
Joseph Myers
530504e3a8 Do not copy glibc sources in build-many-glibcs.py.
Now that build-many-glibcs.py touches at checkout time all files that
might get rebuilt in the glibc source directory in a normal glibc
build and test run, this patch stops the script from copying the glibc
source directory, so that all builds use the original directory
directly (and less disk space is used, less I/O is involved and cached
copies of the sources in memory can be shared between all the builds -
as well as avoiding spurious failures from copying while "git gc" is
running).  This is similar to how all other components were already
handled.  Any bugs involving writing into the source directory can be
dealt with in future as normal bugs, just as such bugs already are
handled.

Tested with build-many-glibcs.py runs with a read-only glibc source
directory, with all files not touched by the script having timestamps
in forwards alphabetical order and separately with all files not
touched by the script having timestamps in backwards alphabetical
order.

	* scripts/build-many-glibcs.py (Glibc.build_glibc): Use original
	source directory instead of a copy.
	(CommandList.create_copy_dir): Remove.
2018-11-28 17:28:50 +00:00
Stefan Liebler
9a0b697033 S390: Regenerate ULPs.
Regenerated ulps from scratch as builds with gcc 5.5 / 6.4
resulted in +1 ulps.

ChangeLog:

	* sysdeps/s390/fpu/libm-test-ulps: Regenerated.
2018-11-28 15:20:18 +01:00
Florian Weimer
47d8d9a217 support_quote_string: Do not use str parameter name
This avoids a build failure if this identifier is used as a macro
in a test.
2018-11-28 07:16:48 +01:00
Joseph Myers
b473b7d88e Fix Hurd build with read-only source directory.
The logic for generating sysdeps/mach/hurd/bits/errno.h involves a
stamp file and $(move-if-change).

The temporary file (generated unconditionally) is generated in the
source directory.  This means that even if
sysdeps/mach/hurd/bits/errno.h is up to date, and has an up to date
timestamp, the build will fail if the source directory is read-only.
Even with a writable source directory, multiple concurrent builds for
i686-gnu with the same source directory could race to access the
temporary file (which always has the same name).

This patch uses the build directory for the temporary file instead to
avoid those problems.  (In the case where the file is out of date and
the temporary file does need to be moved to the source directory, if
there are multiple concurrent builds for i686-gnu with the same source
directory, and the source and build directories are on different
filesystems, it's possible there might still be races replacing the
file in the source directory, depending on exactly how mv handles such
cross-filesystem moves.  This is certainly no worse than the present
situation, where such a case would have races regardless of whether
the file is out of date or whether different filesystems are in use.)

Tested with a build-many-glibcs.py build for i686-gnu.

	* sysdeps/mach/hurd/Makefile ($(common-objpfx)stamp-errnos): Use
	$(hurd-objpfx)bits/errno.h-tmp, not $(hurd)/bits/errno.h-tmp.
2018-11-27 22:05:49 +00:00
Florian Weimer
c74a91deaa support: Implement support_quote_string
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
2018-11-27 21:35:56 +01:00
Florian Weimer
d527c860f5 CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] 2018-11-27 18:12:49 +01:00
Rafael Ávila de Espíndola
979cfed05d Enable VDSO for static linking on aarch64
[BZ #19767]
	* sysdeps/unix/sysv/linux/aarch64/init-first.c: Remove #ifdef SHARED.
	* sysdeps/unix/sysv/linux/aarch64/libc-vdso.h: Remove #ifdef SHARED.
	* sysdeps/unix/sysv/linux/aarch64/sysdep.h (ALWAYS_USE_VSYSCALL):
	Define.
2018-11-27 12:27:39 +00:00
Carlos O'Donell
ce035c6e90 abilist.awk: Treat .tdata like .tbss and reject unknown combinations.
Mathieu Desnoyers ran into an issue with his rseq patch where he
was the first person to add weak thread-local data and this
resulted in an ABI list update with entries like this:
"GLIBC_2.29 w ? D .tdata 0000000000000020".

The weakness of the symbol has nothing to do with the DSOs ABI
and so we should not write anything about weak symbols here. The
.tdata entries should be treated exactly like .tbss entries and
the output should have been: "GLIBC_2.29 __rseq_abi T 0x20"

This change makes abilist.awk handle .tdata just like .tbss,
while at the same time adding an error case for the default, and
the unknown line cases.  We never want anyone to be able to add
such entries to any ABI list files and should see an immediate
error and consult with experts.

Tested by Mathieu Desnoyers <mathieu.desnoyers@efficios.com> with
the rseq patch set and 'make update-all-abi'.

Tested myself with 'make update-all-abi' on x86_64 with no
changes.

Signed-off-by: Carlos O'Donell <carlos@redhat.com>
2018-11-26 21:23:50 -05:00
Joseph Myers
2bd0bfcc68 Touch more glibc source files in build-many-glibcs.py.
build-many-glibcs.py currently copies the source tree to avoid issues
with parallel builds trying to write into it.  This copying can result
in occasional spurious build failures from bots, when a "git gc" is in
progress that changes .git contents while copying is taking place, and
it would also be desirable to avoid the need to copy to save on disk
space, I/O and memory used in build-many-glibcs.py builds.

In preparation for removing the copying, this patch arranges for
build-many-glibcs.py to touch more files on checkout so their
timestamps do not result in make attempting to rebuild them.  Before
actually removing the copying, I intend to do further tests to ensure
I haven't missed any other such makefile dependencies.

This is of course without prejudice to possibly moving more of these
files to being generated in the build directory rather than being
checked in at all, where that can be done using build tools already
required for the build.  For sysdeps files (installed and otherwise)
it would be necessary to make sure this does not affect the search
ordering, for headers used in the build it would be necessary to
ensure they are generated early enough, and for errlist.c there may be
dual licensing reasons for keeping it checked in.

Tested that a checkout with build-many-glibcs.py does touch the
expected files and that a glibcs build for aarch64-linux-gnu succeeds.

	* scripts/build-many-glibcs.py (Context.fix_glibc_timestamps):
	Touch additional files.
2018-11-26 23:52:43 +00:00
Florian Weimer
affec03b71 malloc: tcache: Validate tc_idx before checking for double-frees [BZ #23907]
The previous check could read beyond the end of the tcache entry
array.  If the e->key == tcache cookie check happened to pass, this
would result in crashes.
2018-11-26 20:06:37 +01:00
Rafael Ávila de Espíndola
8ae74eadb6 Enable VDSO on powerpc statically linked programs (bug 19767)
[BZ #19767]
	* sysdeps/unix/sysv/linux/powerpc/init-first.c: Remove #ifdef SHARED.
	* sysdeps/unix/sysv/linux/powerpc/libc-vdso.h: Remove #ifdef
	SHARED.  Include sysdep.h.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/sysdep.h: Define
	ALWAYS_USE_VSYSCALL.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/sysdep.h: Define
	ALWAYS_USE_VSYSCALL.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2018-11-26 11:37:19 -02:00
Rafael Ávila de Espíndola
1e8bdc3a2b Enable VDSO on x86_64 statically linked programs [BZ #19767]
All the required code already existed, and some of it was already
running.

AT_SYSINFO_EHDR is processed if NEED_DL_SYSINFO_DSO is defined, but it
looks like it always is. The call to setup_vdso is also unconditional,
so all that was left to do was setup the function pointers and use
them. This patch just deletes some #ifdef to enable that.

	[BZ #19767]
	* nptl/Makefile (tests-static): Add tst-cond11-static.
	(tests): Likewise.
	* nptl/tst-cond11-static.c: New File.
	* sysdeps/unix/sysv/linux/Makefile (tests-static): Add
	tst-affinity-static.
	(tests): Likewise.
	* sysdeps/unix/sysv/linux/sysdep-vdso.h: Check USE_VSYSCALL
	instead of SHARED.
	* sysdeps/unix/sysv/linux/sysdep.h (ALWAYS_USE_VSYSCALL): New.
	(USE_VSYSCALL): Likewise.
	* sysdeps/unix/sysv/linux/tst-affinity-static.c: New file.
	* sysdeps/unix/sysv/linux/x86/libc-vdso.h: Check USE_VSYSCALL
	instead of SHARED.
	* sysdeps/unix/sysv/linux/x86_64/init-first.c: Don't check
	SHARED.
	* sysdeps/unix/sysv/linux/x86_64/sysdep.h (ALWAYS_USE_VSYSCALL):
	New.
2018-11-23 16:50:29 -08:00
Joseph Myers
1283c478aa Fix Arm __ASSUME_COPY_FILE_RANGE (bug 23915).
The generic kernel-features.h defines __ASSUME_COPY_FILE_RANGE for 4.5
and later kernels.  However, for 32-bit Arm binaries running on 64-bit
Arm kernels, the syscall was only wired up in the 4.7 kernel, although
the 32-bit Arm kernel had the syscall from 4.5 onwards.  This patch
corrects the Arm kernel-features.h to undefine the macro for
configured minimum kernel versions before 4.7.

Tested (compilation only) with a build-many-glibcs.py build for
arm-linux-gnueabi.

	[BZ #23915]
	* sysdeps/unix/sysv/linux/arm/kernel-features.h
	[__LINUX_KERNEL_VERSION < 0x040700] (__ASSUME_COPY_FILE_RANGE):
	Undefine.
2018-11-23 17:53:50 +00:00
H.J. Lu
c089fd80c7 x86/CET: Add a re-exec test with legacy bitmap
Add a re-exec test with legacy bitmap to verify that legacy bitmap is
properly hanlded by kernel.

	* sysdeps/x86/Makefile (tests): Add tst-cet-legacy-1a.
	(tst-cet-legacy-1a-ARGS): New.
	($(objpfx)tst-cet-legacy-1a): New target.
	* sysdeps/x86/tst-cet-legacy-1a.c: New file.
2018-11-23 07:31:07 -08:00