Commit Graph

1560 Commits

Author SHA1 Message Date
Andreas Schwab
2212c1420c Simplify handling of nameserver configuration in resolver
Remove use of ext.nsmap member of struct __res_state and always use
an identity mapping betwen the nsaddr_list array and the ext.nsaddrs
array.  The fact that a nameserver has an IPv6 address is signalled by
setting nsaddr_list[].sin_family to zero.
2015-05-21 15:16:37 +02:00
Roland McGrath
ec0c23a4be BZ#18434: Mark fixed in NEWS. 2015-05-19 17:02:20 -07:00
Joseph Myers
3ce2232efb Fix ldbl-96 remquol (finite, Inf) (bug 18244).
ldbl-96 remquol wrongly handles the case where the first argument is
finite and the second infinite, because the check for the second
argument being a NaN fails to disregard the explicit high mantissa bit
and so wrongly interprets an infinity as being a NaN.  This patch
fixes this by masking off that bit, and improves test coverage for
both remainder and remquo (various cases were missing tests, or, as in
the case of the bug, were tested only for one of the two functions).

Tested for x86_64 and x86.

	[BZ #18244]
	* sysdeps/ieee754/ldbl-96/s_remquol.c (__remquol): Ignore explicit
	high mantissa bit when testing whether P is a NaN.
	* math/libm-test.inc (remainder_test_data): Add more tests.
	(remquo_test_data): Likewise.
2015-05-19 23:44:28 +00:00
Joseph Myers
526af54142 Fix i386 atanhl spurious underflows (bug 18049).
The i386 implementation of atanhl, for small arguments, does a
calculation that involves computing twice the square of the argument,
resulting in spurious underflows for some arguments.  This patch fixes
this by just returning the argument when its exponent is below -32,
with underflow being forced as needed for subnormal arguments.

Tested for x86 and x86_64.

	[BZ #18049]
	* sysdeps/i386/fpu/e_atanhl.S (__ieee754_atanhl): For exponents
	below -32, return the argument, with underflow if subnormal.
	* math/auto-libm-test-in: Add more tests of atanh.
	* math/auto-libm-test-out: Regenerated.
2015-05-19 23:05:22 +00:00
James Lemke
265cbed8e7 Fix for test "malloc_usable_size: expected 7 but got 11"
[BZ #17581] The checking chain of unused chunks was terminated by a hash of
    the block pointer, which was sometimes confused with the chunk length byte.
    We now avoid using a length byte equal to the magic byte.
2015-05-19 12:10:26 -07:00
Siddhesh Poyarekar
fff94fa224 Avoid deadlock in malloc on backtrace (BZ #16159)
When the malloc subsystem detects some kind of memory corruption,
depending on the configuration it prints the error, a backtrace, a
memory map and then aborts the process.  In this process, the
backtrace() call may result in a call to malloc, resulting in
various kinds of problematic behavior.

In one case, the malloc it calls may detect a corruption and call
backtrace again, and a stack overflow may result due to the infinite
recursion.  In another case, the malloc it calls may deadlock on an
arena lock with the malloc (or free, realloc, etc.) that detected the
corruption.  In yet another case, if the program is linked with
pthreads, backtrace may do a pthread_once initialization, which
deadlocks on itself.

In all these cases, the program exit is not as intended.  This is
avoidable by marking the arena that malloc detected a corruption on,
as unusable.  The following patch does that.  Features of this patch
are as follows:

- A flag is added to the mstate struct of the arena to indicate if the
  arena is corrupt.

- The flag is checked whenever malloc functions try to get a lock on
  an arena.  If the arena is unusable, a NULL is returned, causing the
  malloc to use mmap or try the next arena.

- malloc_printerr sets the corrupt flag on the arena when it detects a
  corruption

- free does not concern itself with the flag at all.  It is not
  important since the backtrace workflow does not need free.  A free
  in a parallel thread may cause another corruption, but that's not
  new

- The flag check and set are not atomic and may race.  This is fine
  since we don't care about contention during the flag check.  We want
  to make sure that the malloc call in the backtrace does not trip on
  itself and all that action happens in the same thread and not across
  threads.

I verified that the test case does not show any regressions due to
this patch.  I also ran the malloc benchmarks and found an
insignificant difference in timings (< 2%).

	* malloc/Makefile (tests): New test case tst-malloc-backtrace.
	* malloc/arena.c (arena_lock): Check if arena is corrupt.
	(reused_arena): Find a non-corrupt arena.
	(heap_trim): Pass arena to unlink.
	* malloc/hooks.c (malloc_check_get_size): Pass arena to
	malloc_printerr.
	(top_check): Likewise.
	(free_check): Likewise.
	(realloc_check): Likewise.
	* malloc/malloc.c (malloc_printerr): Add arena argument.
	(unlink): Likewise.
	(munmap_chunk): Adjust.
	(ARENA_CORRUPTION_BIT): New macro.
	(arena_is_corrupt): Likewise.
	(set_arena_corrupt): Likewise.
	(sysmalloc): Use mmap if there are no usable arenas.
	(_int_malloc): Likewise.
	(__libc_malloc): Don't fail if arena_get returns NULL.
	(_mid_memalign): Likewise.
	(__libc_calloc): Likewise.
	(__libc_realloc): Adjust for additional argument to
	malloc_printerr.
	(_int_free): Likewise.
	(malloc_consolidate): Likewise.
	(_int_realloc): Likewise.
	(_int_memalign): Don't touch corrupt arenas.
	* malloc/tst-malloc-backtrace.c: New test case.
2015-05-19 06:40:38 +05:30
Adhemerval Zanella
b40a4e1a7b Fix stdlib/tst-setcontext3 with dash [BZ#18418]
This patch remove the non-portable array usage on tst-setcontext3.sh
script.
2015-05-17 08:48:08 -03:00
Joseph Myers
8020a80887 Fix atanhl missing underflows (bug 16352).
Similar to various other bugs in this area, some atanh implementations
do not raise the underflow exception for subnormal arguments, when the
result is tiny and inexact.  This patch forces the exception in a
similar way to previous fixes.  (No change in this regard is needed
for the i386 implementation; special handling to force underflows in
these cases will only be needed there when the spurious underflows,
bug 18049, get fixed.)

Tested for x86_64, x86, powerpc and mips64.

	[BZ #16352]
	* sysdeps/i386/fpu/e_atanh.S (dbl_min): New object.
	(__ieee754_atanh): Force underflow exception for results with
	small absolute value.
	* sysdeps/i386/fpu/e_atanhf.S (flt_min): New object.
	(__ieee754_atanhf): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/dbl-64/e_atanh.c: Include <float.h>.
	(__ieee754_atanh): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/flt-32/e_atanhf.c: Include <float.h>.
	(__ieee754_atanhf): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/ldbl-128/e_atanhl.c: Include <float.h>.
	(__ieee754_atanhl): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/ldbl-128ibm/e_atanhl.c: Include <float.h>.
	(__ieee754_atanhl): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/ldbl-96/e_atanhl.c: Include <float.h>.
	(__ieee754_atanhl): Force underflow exception for results with
	small absolute value.
	* math/auto-libm-test-in: Do not allow missing underflow
	exceptions from atanh.
	* math/auto-libm-test-out: Regenerated.
2015-05-15 22:07:57 +00:00
Joseph Myers
5a608ccc2d Fix tanf spurious underflows (bug 18221).
The flt-32 implementation of tanf produces spurious underflow
exceptions for some small arguments, through computing values on the
order of x^5.  This patch fixes this by adjusting the threshold for
returning x (or, as applicable, +/- 1/x) to 2**-13 (the next term in
the power series being x^3/3).

Tested for x86_64 and x86.

	[BZ #18221]
	* sysdeps/ieee754/flt-32/k_tanf.c (__kernel_tanf): Use 2**-13 not
	2**-28 as threshold for returning x or +/- 1/x.
	* math/auto-libm-test-in: Add more tests of tan.
	* math/auto-libm-test-out: Regenerated.
2015-05-15 17:47:29 +00:00
Joseph Myers
ff069f024a Fix lgammaf spurious underflows (bug 18220).
The flt-32 implementation of lgammaf produces spurious underflow
exceptions for some large arguments, because of calculations involving
x^-2 multiplied by small constants.  This patch fixes this by
adjusting the threshold for a simpler computation to 2**26 (the error
in the simpler computation is on the order of 0.5 * log (x), for a
result on the order of x * log (x)).

Tested for x86_64 and x86.

	[BZ #18220]
	* sysdeps/ieee754/flt-32/e_lgammaf_r.c (__ieee754_lgammaf_r): Use
	2**26 not 2**58 as threshold for returning x * (log (x) - 1).
	* math/auto-libm-test-in: Add another test of lgamma.
	* math/auto-libm-test-out: Regenerated.
2015-05-15 17:21:08 +00:00
Adhemerval Zanella
b2fb252408 Add BZ #16704 as fixed 2015-05-15 08:49:12 -03:00
Joseph Myers
fbc68f03b0 Fix erfcf spurious underflows (bug 18217).
The flt-32 implementation of erfcf produces spurious underflow
exceptions for some arguments close to 0, because of calculations
squaring the argument and then multiplying by small constants.  This
patch fixes this by adjusting the threshold for arguments for which
the result is so close to 1 that 1 - x will give the right result from
2**-56 to 2**-26.  (If 1 - x * 2/sqrt(pi) were used, the errors would be
on the order of x^3 and a much larger threshold could be used.)

Tested for x86_64 and x86.

	[BZ #18217]
	* sysdeps/ieee754/flt-32/s_erff.c (__erfcf): Use 2**-26 not 2**-56
	as threshold for returning 1 - x.
	* math/auto-libm-test-in: Add more tests of erfc.
	* math/auto-libm-test-out: Regenerated.
2015-05-15 00:16:10 +00:00
Joseph Myers
9a71f1fcf5 Fix atanf spurious underflows (bug 18196).
The sysdeps/ieee754/flt-32 version of atanf produces spurious
underflow exceptions for some large arguments, because of computations
that compute x^-4.  This patch fixes this by adjusting the threshold
for large arguments (for which +/- pi/2 can just be returned, the
correct result being roughly +/- pi/2 - 1/x) from 2^34 to 2^25.

Tested for x86_64 and x86.

	[BZ #18196]
	* sysdeps/ieee754/flt-32/s_atanf.c (__atanf): Use 2^25 not 2^34 as
	threshold for large arguments.
	* math/auto-libm-test-in: Add another test of atan.
	* math/auto-libm-test-out: Regenerated.
2015-05-14 23:51:09 +00:00
Joseph Myers
0b7a5f9201 Fix log1p missing underflows (bug 16339).
Similar to various other bugs in this area, some log1p implementations
do not raise the underflow exception for subnormal arguments, when the
result is tiny and inexact.  This patch forces the exception in a
similar way to previous fixes.  (The ldbl-128ibm implementation
doesn't currently need any change as it already generates this
exception, albeit through code that would generate spurious exceptions
in other cases; special code for this issue will only be needed there
when fixing the spurious exceptions.)

Tested for x86_64, x86, powerpc and mips64.

	[BZ #16339]
	* sysdeps/i386/fpu/s_log1p.S (dbl_min): New object.
	(__log1p): Force underflow exception for results with small
	absolute value.
	* sysdeps/i386/fpu/s_log1pf.S (flt_min): New object.
	(__log1pf): Force underflow exception for results with small
	absolute value.
	* sysdeps/ieee754/dbl-64/s_log1p.c: Include <float.h>.
	(__log1p): Force underflow exception for results with small
	absolute value.
	* sysdeps/ieee754/flt-32/s_log1pf.c: Include <float.h>.
	(__log1pf): Force underflow exception for results with small
	absolute value.
	* sysdeps/ieee754/ldbl-128/s_log1pl.c: Include <float.h>.
	(__log1pl): Force underflow exception for results with small
	absolute value.
	* math/auto-libm-test-in: Do not allow missing underflow
	exceptions from log1p.
	* math/auto-libm-test-out: Regenerated.
2015-05-14 23:38:07 +00:00
H.J. Lu
d9efd775ba Remove a trailing `\' in make-syscalls.sh
[BZ #18409]
	* sysdeps/unix/make-syscalls.sh: Remove a trailing `\'.
2015-05-13 09:11:12 -07:00
Joseph Myers
34cb304e5a Fix mips16 __fpu_control static linking (bug 18397).
Programs are supposed to be able to define the __fpu_control variable,
overriding the library's version to cause the floating-point control
word to be set to the chosen value at startup.

This is broken for mips16 for static linking because the library's
__fpu_control variable is in the same object file as the helper
functions used by fpu_control.h for mips16, so test-fpucw-ieee-static
fails to link with multiple definitions of __fpu_control.

This patch fixes this by putting the helpers in a separate file rather
than overriding fpu_control.c.  Tested for mips16 that this fixes the
link failure and the ABI tests still pass.

	[BZ #18397]
	* sysdeps/mips/mips32/fpu/fpu_control.c: Move to ....
	* sysdeps/mips/mips32/fpu/fpucw-helpers.c: ... here.  Include
	<fpu_control.h> instead of <math/fpu_control.c>.
	* sysdeps/mips/mips32/fpu/Makefile: New file.
2015-05-11 22:58:10 +00:00
Andreas Schwab
b13b96ca05 Separate internal state between getXXent and getXXbyYY NSS calls (bug 18007) 2015-05-11 10:41:49 +02:00
Carlos O'Donell
c92d40c0bc Bug 18125: Call exit after last linked context.
There appears to be a discrepancy among the implementations
of setcontext with regards to the function called once the last
linked-to context has finished executing via setcontext.

The POSIX standard says:
~~~
If the uc_link member of the ucontext_t structure pointed to by
the ucp argument is equal to 0, then this context is the main
context, and the thread will exit when this context returns.
~~~

It says "exit" not "exit immediately" nor "exit without running
functions registered with atexit or on_exit."

Therefore the AArch64, ARM, hppa and NIOS II implementations are
wrong and no test detects it.

It is questionable if this should even be fixed or just documented
that the above 4 targets are wrong. The functions are deprecated
and nobody should be using them, but at the same time it silly to
have cross-target differences that make it hard to port old
applications from say x86_64 to AArch64.

Therefore I will ix the 4 arches, and checkin a regression
test to prevent it from changing again.

https://sourceware.org/ml/libc-alpha/2015-03/msg00720.html
2015-05-08 11:29:38 -04:00
Siddhesh Poyarekar
a6d78c3b9d Update NEWS 2015-05-07 11:58:40 +05:30
Florian Weimer
fdbeb9c39e NEWS: BZ#18319 was fixed in commit ed159672eb 2015-04-29 15:33:41 +02:00
Florian Weimer
03d2730b44 CVE-2014-8121: Do not close NSS files database during iteration [BZ #18007]
Robin Hack discovered Samba would enter an infinite loop processing
certain quota-related requests.  We eventually tracked this down to a
glibc issue.

Running a (simplified) test case under strace shows that /etc/passwd
is continuously opened and closed:

…
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
read(3, "root0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET)                = 2717
close(3)                                = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "root0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET)                = 2717
close(3)                                = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
…

The lookup function implementation in
nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that.  It is
supposed skip closing the input file if it was already open.

  /* Reset file pointer to beginning or open file.  */			      \
  status = internal_setent (keep_stream);				      \
									      \
  if (status == NSS_STATUS_SUCCESS)					      \
    {									      \
      /* Tell getent function that we have repositioned the file pointer.  */ \
      last_use = getby;							      \
									      \
      while ((status = internal_getent (result, buffer, buflen, errnop	      \
					H_ERRNO_ARG EXTRA_ARGS_VALUE))	      \
	     == NSS_STATUS_SUCCESS)					      \
	{ break_if_match }						      \
									      \
      if (! keep_stream)						      \
	internal_endent ();						      \
    }									      \

keep_stream is initialized from the stayopen flag in internal_setent.
internal_setent is called from the set*ent implementation as:

  status = internal_setent (stayopen);

However, for non-host database, this flag is always 0, per the
STAYOPEN magic in nss/getXXent_r.c.

Thus, the fix is this:

-  status = internal_setent (stayopen);
+  status = internal_setent (1);

This is not a behavioral change even for the hosts database (where the
application can specify the stayopen flag) because with a call to
sethostent(0), the file handle is still not closed in the
implementation of gethostent.
2015-04-29 14:41:26 +02:00
Joseph Myers
7d0b257541 Fix ldbl-128 roundl for exponents in [31, 47] (bug 18346).
The implementation of roundl for ldbl-128 involves undefined behavior
for arguments with exponents from 31 to 47 inclusive, from the shift:

      u_int64_t i = -1ULL >> (j0 - 48);

For example, on mips64, this means roundl (0xffffffffffff.8p0L)
wrongly returns its argument, which is not an integer.  A condition
checking for exponents < 31 should actually be checking for exponents
< 48, and this patch makes it do so.  (That condition is for whether
the bit representing 0.5 is in the high 64-bit half of the
floating-point number.  The value 31 might have arisen from an
incorrect conversion of the ldbl-96 version to handle ldbl-128.)

This was originally reported as a GCC libquadmath bug
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65757>.

Tested for mips64; also tested for x86_64 and x86 to make sure the new
tests pass there.

	[BZ #18346]
	* sysdeps/ieee754/ldbl-128/s_roundl.c (__roundl): Handle all
	exponents less than 48 as cases where high part of mantissa needs
	examining to determine whether argument is integral.
	* math/libm-test.inc (round_test_data): Add more tests.
2015-04-28 17:27:02 +00:00
Florian Weimer
cc8dcf96e7 test-skeleton: Support temporary files without memory leaks [BZ#18333]
add_temp_file now makes a copy which is freed by delete_temp_files.
Callers to create_temp_file can now free the returned file name to
avoid the memory leak.  These changes do not affect the leak behavior
of existing code.

Also address a NULL pointer derefence in tzset after a memoru allocation
failure, found during testing.
2015-04-27 16:19:55 +02:00
Florian Weimer
42261ad731 Make time zone file parser more robust [BZ #17715] 2015-04-24 17:34:48 +02:00
Stefan Liebler
f7fba80508 S/390: Get cache information via sysconf
This patch adds support to query cache information on s390
via sysconf() function - e.g. with _SC_LEVEL1_ICACHE_SIZE.
The attributes size, linesize and assoc can be queried
for cache level 1 - 4 via "extract cpu attribute" instruction,
which was first available with z10.

* NEWS: Mention sysconf() cache information support for s390.
* sysdeps/unix/sysv/linux/s390/sysconf.c: New File.
2015-04-24 13:37:39 +02:00
Arjun Shankar
2959eda927 CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287] 2015-04-21 14:06:50 +02:00
Stefan Liebler
920a0395ba Use correct signedness in wcsncmp
[BZ #18206]
	* wcsmbs/wcsncmp.c (wcsncmp): Compare as wchar_t, not wint_t.
	  Use signed comparision instead of substraction to avoid
	  overflow bug.
	* localedata/tests-mbwc/tst_wcsncmp.c (tst_wcsncmp):
	  Take the sign of ret.
	* localedata/tests-mbwc/dat_wcsncmp.c (tst_wcsncmp_loc):
	  Do not expect precise return values. Only the sign matters.
	* wcsmbs/Makefile (strop-tests): Add wcsncmp.
	* wcsmbs/test-wcsncmp.c: New File.
	* string/test-strncmp.c: Add wcsncmp support.
2015-04-13 21:25:04 +02:00
Stefan Liebler
de8aadd52c Set errno for log1p on pole/domain error.
According to bug 6792, errno is not set to ERANGE/EDOM
by calling log1p/log1pf/log1pl with x = -1 or x < -1.

This patch adds a wrapper which sets errno in those cases
and returns the value of the existing __log1p function.
The log1p is now an alias to the wrapper function
instead of __log1p.

The files in sysdeps are reflecting these changes.
The ia64 implementation sets errno by itself,
thus the wrapper-file is empty.

The libm-test is adjusted for log1p-tests to check errno.

	[BZ #6792]
	* math/w_log1p.c: New file.
	* math/w_log1pf.c: Likewise.
	* math/w_log1pl.c: Likewise.
	* math/Makefile (libm-calls): Add w_log1p.
	* math/s_log1pl.c (log1pl): Remove weak_alias.
	* sysdeps/i386/fpu/s_log1p.S (log1p): Likewise.
	* sysdeps/i386/fpu/s_log1pf.S (log1pf): Likewise.
	* sysdeps/i386/fpu/s_log1pl.S (log1pl): Likewise.
	* sysdeps/x86_64/fpu/s_log1pl.S (log1pl): Likewise.
	* sysdeps/ieee754/dbl-64/s_log1p.c (log1p): Likewise.
	[NO_LONG_DOUBLE] (log1pl): Likewise.
	* sysdeps/ieee754/flt-32/s_log1pf.c (log1pf): Likewise.
	* sysdeps/ieee754/ldbl-128/s_log1pl.c (log1pl): Likewise.
	* sysdeps/ieee754/ldbl-64-128/s_log1pl.c
	(log1p): Remove long_double_symbol.
	* sysdeps/ieee754/ldbl-128ibm/s_log1pl.c (log1pl): Likewise.
	* sysdeps/ieee754/ldbl-64-128/w_log1pl.c: New file.
	* sysdeps/ieee754/ldbl-128ibm/w_log1pl.c: Likewise.
	* sysdeps/m68k/m680x0/fpu/s_log1p.c: Define empty weak_alias to
	remove weak_alias for corresponding log1p function.
	* sysdeps/m68k/m680x0/fpu/s_log1pf.c: Likewise.
	* sysdeps/m68k/m680x0/fpu/s_log1pl.c: Likewise.
	* sysdeps/ia64/fpu/w_log1p.c: New file.
	* sysdeps/ia64/fpu/w_log1pf.c: Likewise.
	* sysdeps/ia64/fpu/w_log1pl.c: Likewise.
	* math/libm-test.inc (log1p_test_data):	Add errno expectations.
2015-04-13 21:19:27 +02:00
Joseph Myers
5556d30cae Fix strtof decimal rounding close to half least subnormal (bug 18247).
Bug 18247 is an off-by-one error in strtof's determination of a
decimal exponent such that any value with that decimal exponent is at
most half the least subnormal and so the appropriate underflowing
value for the rounding mode can be determined with no
multiple-precision computations.  (Whether the value is in fact safe
despite the off-by-one depends on the floating-point format in
question.  It's wrong for float and for m68k ldbl-96 but not for other
supported formats.)  This patch corrects the computation of the
exponent in question to be safe in general, adding a comment
explaining the new computation.

Tested for x86_64.

	[BZ #18247]
	* stdlib/strtod_l.c (____STRTOF_INTERNAL): Decrease minimum
	decimal exponent by 1.
	* stdlib/tst-strtod-round-data: Add more tests.
	* stdlib/tst-strtod-round.c (tests): Regenerated.
2015-04-10 20:45:30 +00:00
Joseph Myers
8431838dde Fix dbl-64 atan2 in non-default rounding modes (bug 18210, bug 18211).
The dbl-64 implementation of atan2 does computations that expect to
run in round-to-nearest mode, and in other modes the errors can
accumulate to more than the maximum accepted 9ulp.  This patch makes
it use FE_TONEAREST internally, similar to other functions with such
issues.  Tests that previously produced large errors are added for
atan2 and the closely related carg, clog and clog10 functions.

Tested for x86_64 and x86 and ulps updated accordingly.

	[BZ #18210]
	[BZ #18211]
	* sysdeps/ieee754/dbl-64/e_atan2.c: Include <fenv.h>.
	(__ieee754_atan2): Set FE_TONEAREST mode for internal
	computations.
	* math/auto-libm-test-in: Add more tests of atan2, carg, clog and
	clog10.
	* math/auto-libm-test-out: Regenerated.
	* sysdeps/i386/fpu/libm-test-ulps: Update.
	* sysdeps/x86_64/fpu/libm-test-ulps: Likewise.
2015-04-08 17:32:17 +00:00
Joseph Myers
ae63c7ebed Fix dbl-64 atan in non-default rounding modes (bug 18197).
The dbl-64 implementation of atan does computations that expect to run
in round-to-nearest mode, and in other modes the errors can accumulate
to more than the maximum accepted 9ulp.  This patch makes it use
FE_TONEAREST internally, similar to other functions with such issues.

Tested for x86_64 and x86; no ulps updates needed.

	[BZ #18197]
	* sysdeps/ieee754/dbl-64/s_atan.c: Include <fenv.h>.
	(atan): Set FE_TONEAREST mode for internal computations.
	* math/auto-libm-test-in: Add more tests of atan.
	* math/auto-libm-test-out: Regenerated.
2015-04-08 17:14:12 +00:00
James Cowgill
d5856d06c3 [BZ #17930] MIPS: Define SHM_NORESERVE.
[BZ #17930]
	* sysdeps/unix/sysv/linux/mips/bits/shm.h (SHM_NORESERVE): Define.
2015-04-07 17:23:54 +00:00
Ondřej Bílka
9781a37002 Handle mblen return code when n is zero. 2015-04-03 15:47:12 +02:00
Andreas Schwab
b763f6ae85 aarch64: Increase MINSIGSTKSZ and SIGSTKSZ (bug 16850) 2015-04-02 12:18:11 +02:00
Mel Gorman
c26efef979 malloc: Consistently apply trim_threshold to all heaps [BZ #17195]
Trimming heaps is a balance between saving memory and the system overhead
required to update page tables and discard allocated pages. The malloc
option M_TRIM_THRESHOLD is a tunable that users are meant to use to decide
where this balance point is but it is only applied to the main arena.

For scalability reasons, glibc malloc has per-thread heaps but these are
shrunk with madvise() if there is one page free at the top of the heap.
In some circumstances this can lead to high system overhead if a thread
has a control flow like

    while (data_to_process) {
        buf = malloc(large_size);
        do_stuff();
        free(buf);
    }

For a large size, the free() will call madvise (pagetable teardown, page
free and TLB flush) every time followed immediately by a malloc (fault,
kernel page alloc, zeroing and charge accounting). The kernel overhead
can dominate such a workload.

This patch allows the user to tune when madvise gets called by applying
the trim threshold to the per-thread heaps and using similar logic to the
main arena when deciding whether to shrink. Alternatively if the dynamic
brk/mmap threshold gets adjusted then the new values will be obeyed by
the per-thread heaps.

Bug 17195 was a test case motivated by a problem encountered in scientific
applications written in python that performance badly due to high page fault
overhead. The basic operation of such a program was posted by Julian Taylor
https://sourceware.org/ml/libc-alpha/2015-02/msg00373.html

With this patch applied, the overhead is eliminated. All numbers in this
report are in seconds and were recorded by running Julian's program 30
times.

pyarray
                                 glibc               madvise
                                  2.21                    v2
System  min             1.81 (  0.00%)        0.00 (100.00%)
System  mean            1.93 (  0.00%)        0.02 ( 99.20%)
System  stddev          0.06 (  0.00%)        0.01 ( 88.99%)
System  max             2.06 (  0.00%)        0.03 ( 98.54%)
Elapsed min             3.26 (  0.00%)        2.37 ( 27.30%)
Elapsed mean            3.39 (  0.00%)        2.41 ( 28.84%)
Elapsed stddev          0.14 (  0.00%)        0.02 ( 82.73%)
Elapsed max             4.05 (  0.00%)        2.47 ( 39.01%)

               glibc     madvise
                2.21          v2
User          141.86      142.28
System         57.94        0.60
Elapsed       102.02       72.66

Note that almost a minutes worth of system time is eliminted and the
program completes 28% faster on average.

To illustrate the problem without python this is a basic test-case for
the worst case scenario where every free is a madvise followed by a an alloc

/* gcc bench-free.c -lpthread -o bench-free */
static int num = 1024;

void __attribute__((noinline,noclone)) dostuff (void *p)
{
}

void *worker (void *data)
{
  int i;

  for (i = num; i--;)
    {
      void *m = malloc (48*4096);
      dostuff (m);
      free (m);
    }

  return NULL;
}

int main()
{
  int i;
  pthread_t t;
  void *ret;
  if (pthread_create (&t, NULL, worker, NULL))
    exit (2);
  if (pthread_join (t, &ret))
    exit (3);
  return 0;
}

Before the patch, this resulted in 1024 calls to madvise. With the patch applied,
madvise is called twice because the default trim threshold is high enough to avoid
this.

This a more complex case where there is a mix of frees. It's simply a different worker
function for the test case above

void *worker (void *data)
{
  int i;
  int j = 0;
  void *free_index[num];

  for (i = num; i--;)
    {
      void *m = malloc ((i % 58) *4096);
      dostuff (m);
      if (i % 2 == 0) {
        free (m);
      } else {
        free_index[j++] = m;
      }
    }
  for (; j >= 0; j--)
    {
      free(free_index[j]);
    }

  return NULL;
}

glibc 2.21 calls malloc 90305 times but with the patch applied, it's
called 13438. Increasing the trim threshold will decrease the number of
times it's called with the option of eliminating the overhead.

ebizzy is meant to generate a workload resembling common web application
server workloads. It is threaded with a large working set that at its core
has an allocation, do_stuff, free loop that also hits this case. The primary
metric of the benchmark is records processed per second. This is running on
my desktop which is a single socket machine with an I7-4770 and 8 cores.
Each thread count was run for 30 seconds. It was only run once as the
performance difference is so high that the variation is insignificant.

                glibc 2.21              patch
threads 1            10230              44114
threads 2            19153              84925
threads 4            34295             134569
threads 8            51007             183387

Note that the saving happens to be a concidence as the size allocated
by ebizzy was less than the default threshold. If a different number of
chunks were specified then it may also be necessary to tune the threshold
to compensate

This is roughly quadrupling the performance of this benchmark. The difference in
system CPU usage illustrates why.

ebizzy running 1 thread with glibc 2.21
10230 records/s 306904
real 30.00 s
user  7.47 s
sys  22.49 s

22.49 seconds was spent in the kernel for a workload runinng 30 seconds. With the
patch applied

ebizzy running 1 thread with patch applied
44126 records/s 1323792
real 30.00 s
user 29.97 s
sys   0.00 s

system CPU usage was zero with the patch applied. strace shows that glibc
running this workload calls madvise approximately 9000 times a second. With
the patch applied madvise was called twice during the workload (or 0.06
times per second).

2015-02-10  Mel Gorman  <mgorman@suse.de>

  [BZ #17195]
  * malloc/arena.c (free): Apply trim threshold to per-thread heaps
    as well as the main arena.
2015-04-02 12:14:14 +05:30
H.J. Lu
a3d9ab5070 Limit threads sharing L2 cache to 2 for SLM/KNL
Silvermont and Knights Landing have a modular system design with two cores
sharing an L2 cache.  If more than 2 cores are detected to shared L2 cache,
it should be adjusted for Silvermont and Knights Landing.

	[BZ #18185]
	* sysdeps/x86_64/cacheinfo.c (init_cacheinfo): Limit threads
	sharing L2 cache to 2 for Silvermont/Knights Landing.
2015-03-31 13:18:10 -07:00
Alan Modra
afcd9480fe powerpc __tls_get_addr call optimization
This patch is glibc support for a PowerPC TLS optimization, inspired
by Alexandre Oliva's TLS optimization for other processors,
http://www.lsd.ic.unicamp.br/~oliva/writeups/TLS/RFC-TLSDESC-x86.txt

In essence, this optimization uses a zero module id in the tls_index
GOT entry to indicate that a TLS variable is allocated space in the
static TLS area.  A special plt call linker stub for __tls_get_addr
checks for such a tls_index and if found, returns the offset
immediately.  The linker communicates the fact that the special
__tls_get_addr stub is used by setting a bit in the dynamic tag
DT_PPC64_OPT/DT_PPC_OPT.  glibc communicates to the linker that this
optimization is available by the presence of __tls_get_addr_opt.

tst-tlsmod2.so is built with -Wl,--no-tls-get-addr-optimize for
tst-tls-dlinfo, which otherwise would fail since it tests that no
static tls is allocated.  The ld option --no-tls-get-addr-optimize has
been available since binutils-2.20 so doesn't need a configure test.

	* NEWS: Advertise TLS optimization.
	* elf/elf.h (R_PPC_TLSGD, R_PPC_TLSLD, DT_PPC_OPT, PPC_OPT_TLS): Define.
	(DT_PPC_NUM): Increment.
	* elf/dynamic-link.h (HAVE_STATIC_TLS): Define.
	(CHECK_STATIC_TLS): Use here.
	* sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela): Optimize
	TLS descriptors.
	* sysdeps/powerpc/powerpc64/dl-machine.h (elf_machine_rela): Likewise.
	* sysdeps/powerpc/dl-tls.c: New file.
	* sysdeps/powerpc/Versions: Add __tls_get_addr_opt.
	* sysdeps/powerpc/tst-tlsopt-powerpc.c: New tls test.
	* sysdeps/unix/sysv/linux/powerpc/Makefile: Add new test.
	Build tst-tlsmod2.so with --no-tls-get-addr-optimize.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/ld.abilist: Update.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/ld.abilist: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/ld-le.abilist: Likewise.
2015-03-25 15:53:47 +10:30
Florian Weimer
2b028564f1 Avoid SIGFPE in wordexp [BZ #18100]
Check for a zero divisor and integer overflow before performing
division in arithmetic expansion.
2015-03-23 16:12:38 +01:00
Joseph Myers
6a9350c854 Note old commit as having resolved bug 11505. 2015-03-21 17:50:13 +00:00
Joseph Myers
c2f5813ae0 Make sem_timedwait use FUTEX_CLOCK_REALTIME (bug 18138).
sem_timedwait converts absolute timeouts to relative to pass them to
the futex syscall.  (Before the recent reimplementation, on x86_64 it
used FUTEX_CLOCK_REALTIME, but not on other architectures.)

Correctly implementing POSIX requirements, however, requires use of
FUTEX_CLOCK_REALTIME; passing a relative timeout to the kernel does
not conform to POSIX.  The POSIX specification for sem_timedwait says
"The timeout shall be based on the CLOCK_REALTIME clock.".  The POSIX
specification for clock_settime says "If the value of the
CLOCK_REALTIME clock is set via clock_settime(), the new value of the
clock shall be used to determine the time of expiration for absolute
time services based upon the CLOCK_REALTIME clock. This applies to the
time at which armed absolute timers expire. If the absolute time
requested at the invocation of such a time service is before the new
value of the clock, the time service shall expire immediately as if
the clock had reached the requested time normally.".  If a relative
timeout is passed to the kernel, it is interpreted according to the
CLOCK_MONOTONIC clock, and so fails to meet that POSIX requirement in
the event of clock changes.

This patch makes sem_timedwait use lll_futex_timed_wait_bitset with
FUTEX_CLOCK_REALTIME when possible, as done in some other places in
NPTL.  FUTEX_CLOCK_REALTIME is always available for supported Linux
kernel versions; unavailability of lll_futex_timed_wait_bitset is only
an issue for hppa (an issue noted in
<https://sourceware.org/glibc/wiki/PortStatus>, and fixed by the
unreviewed
<https://sourceware.org/ml/libc-alpha/2014-12/msg00655.html> that
removes the hppa lowlevellock.h completely).

In the FUTEX_CLOCK_REALTIME case, the glibc code still needs to check
for negative tv_sec and handle that as timeout, because the Linux
kernel returns EINVAL not ETIMEDOUT for that case, so resulting in
failures of nptl/tst-abstime and nptl/tst-sem13 in the absence of that
check.  If we're trying to distinguish between Linux-specific and
generic-futex NPTL code, I suppose having this in an nptl/ file isn't
ideal, but there doesn't seem to be any better place at present.

It's not possible to add a testcase for this issue to the testsuite
because of the requirement to change the system clock as part of a
test (this is a case where testing would require some form of
container, with root in that container, and one whose CLOCK_REALTIME
is isolated from that of the host; I'm not sure what forms of
containers, short of a full virtual machine, provide that clock
isolation).

Tested for x86_64.  Also tested for powerpc with the testcase included
in the bug.

	[BZ #18138]
	* nptl/sem_waitcommon.c: Include <kernel-features.h>.
	(futex_abstimed_wait)
	[__ASSUME_FUTEX_CLOCK_REALTIME && lll_futex_timed_wait_bitset]:
	Use lll_futex_timed_wait_bitset with FUTEX_CLOCK_REALTIME instead
	of lll_futex_timed_wait.
2015-03-18 17:05:38 +00:00
Siddhesh Poyarekar
3382c079da Fix up NEWS merge goof-up 2015-03-18 15:04:57 +05:30
Brad Hubbard
ed6b0fe710 Use calloc to allocate xports (BZ #17542)
If xports is NULL in xprt_register we malloc it but if sock >
_rpc_dtablesize() that memory does not get initialised and may in theory
contain any value. Later we make a conditional jump in svc_getreq_common
based on the uninitialised memory and this caused a general protection
fault in rpc.statd on an older version of glibc but this code has not
changed since that version.

Following is the valgrind warning.

==26802== Conditional jump or move depends on uninitialised value(s)
==26802==    at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so)
==26802==    by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so)
==26802==    by 0x10DE1F: ??? (in /sbin/rpc.statd)
==26802==    by 0x10D0EF: main (in /sbin/rpc.statd)
==26802==  Uninitialised value was created by a heap allocation
==26802==    at 0x4C2210C: malloc (vg_replace_malloc.c:195)
==26802==    by 0x53438BE: xprt_register (in /lib64/libc-2.5.so)
==26802==    by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so)
==26802==    by 0x10FE32: ??? (in /sbin/rpc.statd)
==26802==    by 0x10D13E: main (in /sbin/rpc.statd)
2015-03-18 14:51:26 +05:30
Alexandre Oliva
f8aeae3473 Fix DTV race, assert, DTV_SURPLUS Static TLS limit, and nptl_db garbage
for  ChangeLog

	[BZ #17090]
	[BZ #17620]
	[BZ #17621]
	[BZ #17628]
	* NEWS: Update.
	* elf/dl-tls.c (_dl_update_slotinfo): Clean up outdated DTV
	entries with Static TLS too.  Skip entries past the end of the
	allocated DTV, from Alan Modra.
	(tls_get_addr_tail): Update to glibc_likely/unlikely.  Move
	Static TLS DTV entry set up from...
	 (_dl_allocate_tls_init): ... here (fix modid assertion), ...
	* elf/dl-reloc.c (_dl_nothread_init_static_tls): ... here...
	* nptl/allocatestack.c (init_one_static_tls): ... and here...
	* elf/dlopen.c (dl_open_worker): Drop l_tls_modid upper bound
	for Static TLS.
	* elf/tlsdeschtab.h (map_generation): Return size_t.  Check
	that the slot we find is associated with the given map before
	using its generation count.
	* nptl_db/db_info.c: Include ldsodefs.h.
	(rtld_global, dtv_slotinfo_list, dtv_slotinfo): New typedefs.
	* nptl_db/structs.def (DB_RTLD_VARIABLE): New macro.
	(DB_MAIN_VARIABLE, DB_RTLD_GLOBAL_FIELD): Likewise.
	(link_map::l_tls_offset): New struct field.
	(dtv_t::counter): Likewise.
	(rtld_global): New struct.
	(_rtld_global): New rtld variable.
	(dl_tls_dtv_slotinfo_list): New rtld global field.
	(dtv_slotinfo_list): New struct.
	(dtv_slotinfo): Likewise.
	* nptl_db/td_symbol_list.c: Drop gnu/lib-names.h include.
	(td_lookup): Rename to...
	(td_mod_lookup): ... this.  Use new mod parameter instead of
	LIBPTHREAD_SO.
	* nptl_db/td_thr_tlsbase.c: Include link.h.
	(dtv_slotinfo_list, dtv_slotinfo): New functions.
	(td_thr_tlsbase): Check DTV generation.  Compute Static TLS
	addresses even if the DTV is out of date or missing them.
	* nptl_db/fetch-value.c (_td_locate_field): Do not refuse to
	index zero-length arrays.
	* nptl_db/thread_dbP.h: Include gnu/lib-names.h.
	(td_lookup): Make it a macro implemented in terms of...
	(td_mod_lookup): ... this declaration.
	* nptl_db/db-symbols.awk (DB_RTLD_VARIABLE): Override.
	(DB_MAIN_VARIABLE): Likewise.
2015-03-17 00:31:49 -03:00
Andreas Schwab
a3905fd9de m68k: fix 64-bit arithmetic in atomic operations (bug 18128) 2015-03-14 22:27:36 +01:00
Carlos O'Donell
cf9313e7d1 Enhance nscd's inotify support (Bug 14906).
In bug 14906 the user complains that the inotify support in nscd
is not sufficient when it comes to detecting changes in the
configurationfiles that should be watched for the various databases.

The current nscd implementation uses inotify to watch for changes in
the configuration files, but adds watches only for IN_DELETE_SELF and
IN_MODIFY. These watches are insufficient to cover even the most basic
uses by a system administrator. For example using emacs or vim to edit
a configuration file should trigger a reload but it might not if
the editors use move to atomically update the file. This atomic update
changes the inode and thus removes the notification on the file (as
inotify is based on inodes). Thus the inotify support in nscd for
configuration files is insufficient to account for the average use
cases of system administrators and users.

The inotify support is significantly enhanced and described here:
https://www.sourceware.org/ml/libc-alpha/2015-02/msg00504.html

Tested on x86_64 with and without inotify support.
2015-03-13 09:49:24 -04:00
Stefan Liebler
2e807f2959 S/390: Fix setcontext/swapcontext which are not restoring sigmask. 2015-03-12 11:08:11 +01:00
Aurelien Jarno
6a1cf708dd Fix ldconfig segmentation fault with corrupted cache (Bug 18093).
ldconfig is using an aux-cache to speed up the ld.so.cache update. It
is read by mmaping the file to a structure which contains data offsets
used as pointers. As they are not checked, it is not hard to get
ldconfig to segfault with a corrupted file. This happens for instance if
the file is truncated, which is common following a filesystem check
following a system crash.

This can be reproduced for example by truncating the file to roughly
half of it's size.

There is already some code in elf/cache.c (load_aux_cache) to check
for a corrupted aux cache, but it happens to be broken and not enough.
The test (aux_cache->nlibs >= aux_cache_size) compares the number of
libs entry with the cache size. It's a non sense, as it basically
assumes that each library entry is a 1 byte... Instead this commit
computes the theoretical cache size using the headers and compares it
to the real size.
2015-03-11 21:07:32 -04:00
Mike Frysinger
b42e14ff3e hppa: update __O_SYNC fix with [BZ #18068] 2015-03-11 03:33:07 -04:00
Carlos O'Donell
e4363cfb57 hppa: Fix feupdateenv and fesetexceptflag (Bug 18111).
The function feupdateenv has been fixed to correctly handle FE_DFL_ENV
and FE_NOMASK_ENV.

The fesetexceptflag function has been fixed to correctly handle setting
the new flags instead of just OR-ing the existing flags.

This fixes the test-fenv-return and test-fenvinline failures on hppa.
2015-03-11 02:48:59 -04:00
John David Anglin
fae1aa8d22 hppa: Fix feholdexcpt and fesetenv (Bug 18110).
The constraints in the inline assembly in feholdexcept and fesetenv
are incorrect. The assembly modifies the buffer pointer, but doesn't
express that in the constraints. The simple fix is to remove the
modification of the buffer pointer which is no longer required by
the existing code, and adjust the one constraint that did express
the modification of bufptr.

The change fixes test-fenv when glibc is compiled with recent gcc.
2015-03-11 02:48:22 -04:00