The previous code used to evaluate the preprocessor token is_lock_free to
a variable before starting a transaction. This behavior can cause an
error if another thread got the lock (without using a transaction)
between the evaluation of the token and the beginning of the transaction.
This bug can be triggered with the following order of events:
1. The lock accessed by is_lock_free is free.
2. Thread T1 evaluates is_lock_free and stores into register R1 that the
lock is free.
3. Thread T2 acquires the same lock used in is_lock_free.
4. T1 begins the transaction, creating a memory barrier where is_lock_free
is false, but R1 is true.
5. T1 reads R1 and doesn't abort the transaction.
6. T1 calls ELIDE_UNLOCK, which reads false from is_lock_free and decides
to unlock a lock acquired by T2, leading to undefined behavior.
This patch delays the evaluation of is_lock_free to inside a transaction
by moving this part of the code to the macro ELIDE_LOCK.
[BZ #18743]
* sysdeps/powerpc/nptl/elide.h (__elide_lock): Move most of this
code to...
(ELIDE_LOCK): ...here.
(__get_new_count): New function with part of the code from
__elide_lock that updates the value of adapt_count after a
transaction abort.
(__elided_trylock): Moved this code to...
(ELIDE_TRYLOCK): ...here.
If grantpt() is called from a thread that is masking signals (for
instance, from a program using signalfd or using a dedicated
signal-handling thread), then that mask will get inherited to pt_chown.
This means that signals like SIGINT will not interrup pt_chown, so if it
hangs (e.g., because getgrnam("tty") hangs on a remote name service),
Ctrl-C will terminate the parent process but leave pt_chown around. Since
it's setuid, it's hard to kill any other way.
It is safe for pt_chown to unmask all signals, because grantpt() can be
(and usually is) called from an unprivileged process with all signals
unmasked.
There is a configure test for -fgnu89-inline. This option was added
in GCC 4.2, so the test is obsolete; this patch removes it.
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* configure.ac (libc_cv_gnu89_inline): Remove configure test.
* configure: Regenerated.
* config.make.in (gnu89-inline-CFLAGS): Remove variable.
* Makeconfig (CFLAGS): Use -fgnu89-inline instead of
$(gnu89-inline-CFLAGS).
There are configure tests for assembler .weak support, and, as a
fallback, for .weakext support.
.weakext appears to be an ECOFF thing (although a few ELF targets
support it as well). .weak has been supported by the GNU assembler
for ELF targets since version 2.2, so given the requirement for ELF
the configure tests are obsolete; this patch removes them.
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* configure.ac (libc_cv_asm_weak_directive): Remove configure
test.
(libc_cv_asm_weakext_directive): Likewise.
* configure: Regenerated.
* config.h.in (HAVE_ASM_WEAK_DIRECTIVE): Remove #undef.
(HAVE_ASM_WEAKEXT_DIRECTIVE): Likewise.
* include/libc-symbols.h
[!HAVE_ASM_WEAK_DIRECTIVE && !HAVE_ASM_WEAKEXT_DIRECTIVE]: Remove
#error.
[HAVE_ASM_WEAKEXT_DIRECTIVE]: Remove conditional code.
[!HAVE_ASM_WEAKEXT_DIRECTIVE]: Make code unconditional.
The previous (11th) version of the Hungarian spelling rules (released
in 1984) said that the separator had to be a dot, e.g. 10.35 meaning
10 o'clock 35 minutes. glibc correctly implements this.
The brand new (12th) version, in effect since September 1, 2015 adopts
to the common use of colon (especially in the digital world) and
allows to use either separator, without even expressing a preference.
For computer systems, using colons is way more typical and probably
easier to recognize. Dot is typically used in printed materials.
It also avoids an almost ambiguous situation where a space makes a
difference, e.g. "10.15-ig" means "until 10 o'clock 15 minutes"
whereas "10. 15-ig" means "until 15th of October". So I believe using
the colon as the separator is not only more frequent in the computer
world, but is also easier and quicker to recognize for the brain that
it's about hour:minute rather than month and day. And luckily it's now
equally correct according to the official rules.
11th edition: http://helyesiras.mta.hu/helyesiras/default/akh11
12th edition: http://helyesiras.mta.hu/helyesiras/default/akh12
In both editions it's the very last (299th and 300th, respectively) rule.
Microsoft also uses and recommends a colon since at least May 2011:
http://download.microsoft.com/download/e/6/1/e61266b2-d8b4-4fe0-a553-f01dc3976675/hun-hun-StyleGuide.pdf
The time format is different in common language and in the language of
IT. In common texts we usually do not abbreviate, so the full forms are
used: “7 óra 10 perckor csörgött a telefon”. However, the short format,
consisting of numerals only, can also be used. In this case a period
must be used between the two numbers and there must not be a space
between them: “találkozzunk 10.45-kor”.
However, in software mostly the short format is used, and the numbers
are separated by a colon. An obvious example is the clock in the bottom
right corner of your screen, thus 18:31.
This patch improves the libm test coverage for a few more functions.
Tested for x86_64 and x86.
* math/libm-test.inc (fabs_test_data): Add more tests.
(fdim_test_data): Likewise.
(fma_test_data): Likewise.
(fmax_test_data): Likewise.
(fmin_test_data): Likewise.
(fmod_test_data): Likewise.
This patch adds more tests for ceil, floor, round and trunc, with a
particular focus on verifying they don't raise spurious "inexact"
exceptions for integer arguments (a C99 / C11 requirement, as opposed
to the general principle that they shouldn't raise "inexact" for any
arguments at all which is a TS 18661-1 requirement).
Tested for x86_64 and x86.
* math/libm-test.inc (ceil_test_data): Add more tests and more
expectations for "inexact".
(floor_test_data): Add more tests.
(round_test_data): Likewise.
(trunc_test_data): Likewise.
sysdeps/nptl/configure.ac has code to give errors if certain tests in
the top-level configure failed. However, all those failure conditions
also produce errors in the top-level configure, so the errors in the
NPTL configure are completely redundant; this patch removes them.
(As suggested in
<https://sourceware.org/ml/libc-alpha/2015-10/msg00510.html>, I think
the top-level tests in question can be completely removed as
unnecessary given the version tests. But even without that there is
clearly no point in duplicating code that gives an error if the test
fails.)
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* sysdeps/nptl/configure.ac: Do not give errors based on the
results of top-level configure tests.
* sysdeps/nptl/configure: Regenerated.
There is a configure test for the -Bgroup linker option whose results
aren't used anywhere. This patch removes that test.
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* configure.ac (libc_cv_Bgroup): Remove configure test.
* configure: Regenerated.
* config.make.in (have-Bgroup): Remove variable.
There is a configure test for sizeof (long double) whose results
aren't used anywhere. This patch removes that test.
Tested for x86_64 (testsuite, and that installed shared libraries are
unchanged by the patch).
* configure.ac (sizeof_long_double): Remove configure test.
* configure: Regenerated.
* config.make.in (sizeof-long-double): Remove variable.
I noticed that glibc testsuite runs left several files behind in /tmp
(or TMPDIR, if different). The problem was testcases that generate a
template for mkstemp / mkstemp64, ending with XXXXXX, then pass that
template to add_temp_file before calling mkstemp / mkstemp64, meaning
that the template ending with XXXXXX is stored in the list of
temporary files to delete (add_temp_file uses strdup so that the
original string doesn't need to stay live), not the actual filename as
determined by mkstemp / mkstemp64. This patch fixes those tests to
call add_temp_file later.
Tested for x86_64 (that the files are no longer left behind by a
testsuite run and the modified tests still pass).
* io/test-lfs.c (do_prepare): Do not call add_temp_file until
after mkstemp64.
* login/tst-utmp.c (do_prepare): Likewise.
* rt/tst-aio.c (do_prepare): Likewise.
* rt/tst-aio64.c (do_prepare): Likewise.
With TLE enabled, the adapt count variable update incurs
an 8% overhead before entering the critical section of an
elided mutex.
Instead, if it is done right after leaving the critical
section, this serialization can be avoided.
This alters the existing behavior of __lll_trylock_elision
as it will only decrement the adapt_count if it successfully
acquires the lock.
* sysdeps/unix/sysv/linux/powerpc/elision-lock.c
(__lll_lock_elision): Remove adapt_count decrement...
* sysdeps/unix/sysv/linux/powerpc/elision-trylock.c
(__lll_trylock_elision): Likewise.
* sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
(__lll_unlock_elision): ... to here. And utilize
new adapt_count parameter.
* sysdeps/unix/sysv/linux/powerpc/lowlevellock.h
(__lll_unlock_elision): Update to include adapt_count
parameter.
(lll_unlock_elision): Pass pointer to adapt_count
variable.
Adding this parameter will give architectures more freedom in
how they choose to update this variable. This change has no
effect on architectures which choose not to use it.
* nptl/pthread_mutex_unlock.c(lll_unlock_elision):
Add elision adapt_count parameter to list of arguments.
* sysdeps/unix/sysv/linux/powerpc/lowlevellock.h
(lll_unlock_elision): Update with new parameter list
* sysdeps/unix/sysv/linux/s390/lowlevellock.h
(lll_unlock_elision): Likewise
* sysdeps/unix/sysv/linux/x86_64/lowlevellock.h
(lll_unlock_elision): Likewise
Since ld.so internel __uname is only used internally in ld.so, it can
be made hidden.
[BZ #19122]
* include/sys/utsname.h [IS_IN (rtld)] (__uname): Add
attribute_hidden.
Since ld.so internel stdlib functions are only used internally in
ld.so, they can be made hidden.
[BZ #19122]
* include/stdlib.h [IS_IN (rtld)] (unsetenv): Add
attribute_hidden.
[IS_IN (rtld)] (__strtoul_internal): Likewise.
Since ld.so internel sigaction functions are only used internally in
ld.so, they can be made hidden.
[BZ #19122]
* include/signal.h [IS_IN (rtld)] (__sigaction): Add
attribute_hidden.
[IS_IN (rtld)] (__libc_sigaction): Likewise.
Since internal dirent functions are only used internally in ld.so and
libc.so, they can be made hidden.
[BZ #19122]
* include/setjmp.h (__longjmp): Add attribute_hidden.
[IS_IN (rtld)] (__sigsetjmp): Likewise.
Since ld.so internel __profile_frequency is only used internally in
ld.so, it can be made hidden.
[BZ #19122]
* include/libc-internal.h [IS_IN (rtld)] (__profile_frequency):
Add attribute_hidden.
Since internal fcntl functions are only used internally in ld.so and
libc.so, they can be made hidden.
[BZ #19122]
* include/fcntl.h (__libc_fcntl): Add attribute_hidden.
[IS_IN (rtld)] (__open): Likewise.
[IS_IN (rtld)] (__fcntl): Likewise.
Since internal dirent functions are only used internally in ld.so and
libc.so, they can be made hidden.
[BZ #19122]
* include/dirent.h (__opendirat): Add attribute_hidden.
(__getdents): Likewise.
(__getdents64): Likewise.
(__alloc_dir): Likewise.
[IS_IN (rtld)] (__closedir): Likewise.
[IS_IN (rtld)] (__fdopendir): Likewise.
[IS_IN (rtld)] (__readdir): Likewise.
[IS_IN (rtld)] (__readdir64): Likewise.
[IS_IN (rtld)] (__rewinddir): Likewise.
Since _dl_catch_error is only used internally in ld.so, it should be
declared in sysdeps/generic/ldsodefs.h, not include/dlfcn.h and it can
be made hidden.
[BZ #19122]
* include/dlfcn.h (_dl_catch_error): Moved to ...
* sysdeps/generic/ldsodefs.h (_dl_catch_error): Add
attribute_hidden.
Since internal _itoa functions are only used internally in ld.so and
libc.so, they can be made hidden.
[BZ #19122]
* sysdeps/generic/_itoa.h (_itoa): Add attribute_hidden.
(_itoa_word): Likewise.
Since _wordcopy_XXX functions are only used internally in ld.so and
libc.so, they can be made hidden.
[BZ #19122]
* sysdeps/generic/memcopy.h (_wordcopy_fwd_aligned): Add
attribute_hidden.
(_wordcopy_fwd_dest_aligned): Likewise.
(_wordcopy_bwd_aligned): Likewise.
(_wordcopy_bwd_dest_aligned): Likewise.
Since x86 _dl_unmap and _dl_make_tlsdesc_dynamic are only used
internally in ld.so, they can be made hidden.
[BZ #19122]
* sysdeps/i386/dl-lookupcfg.h (_dl_unmap): Add attribute_hidden.
* sysdeps/i386/dl-tlsdesc.h (_dl_make_tlsdesc_dynamic):
Likewise.
* sysdeps/x86_64/dl-tlsdesc.h (_dl_make_tlsdesc_dynamic):
Likewise.
* sysdeps/x86_64/dl-lookupcfg.h (_dl_unmap): Likewise.
There is a configure test for assembler support for -mtune=i686. This
option was added in binutils 2.18 so the test is obsolete; this patch
removes it.
Tested for x86 (testsuite, and that installed shared libraries are
unchanged by the patch).
* sysdeps/i386/configure.ac (libc_cv_as_i686): Remove configure
test.
* sysdeps/i386/configure: Regenerated.
* sysdeps/i386/i686/Makefile [$(config-asflags-i686) = yes]: Make
code unconditional.
There is a configure test for the assembler .previous directive, and,
as a fallback, for .popsection.
glibc now only supports ELF. For ELF, the GNU assembler has supported
.previous since version 2.2 (support added by
Mon Jul 19 15:21:20 1993 Ken Raeburn (raeburn@rtl.cygnus.com)
* config/obj-elf.c (obj_elf_previous): New function.
(previous_section, previous_subsection): New vars.
(obj_elf_section): Save current place in case DWARF code wants us
to pop back to it. Handle unquoted section name as well as quoted
section name. Don't crash on invalid strings.
(obj_pseudo_table): Handle new pseudos "previous", "2byte", and
"4byte".
). Thus this configure test is obsolete, and this patch removes it
(and with it the fallback .popsection test).
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
* configure.ac (libc_cv_asm_previous_directive): Remove configure
test.
(libc_cv_asm_popsection_directive): Likewise.
* configure: Regenerated.
* config.h.in (HAVE_ASM_PREVIOUS_DIRECTIVE): Remove #undef.
(HAVE_ASM_POPSECTION_DIRECTIVE): Likewise.
* include/libc-symbols.h [HAVE_ASM_PREVIOUS_DIRECTIVE]
(__make_section_unallocated): Make definition unconditional.
[HAVE_ASM_POPSECTION_DIRECTIVE] (__make_section_unallocated):
Remove conditional definition.
[!HAVE_ASM_PREVIOUS_DIRECTIVE && !HAVE_ASM_POPSECTION_DIRECTIVE]
(__make_section_unallocated): Likewise.
There is a configure test for -static-libgcc. GCC added this option
in version 3.0, so this test is obsolete; this patch removes it.
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
* configure.ac (libc_cv_gcc_static_libgcc): Remove configure test.
* configure: Regenerated.
* config.make.in (static-libgcc): Remove variable.
* Makerules (build-shlib-helper): Use -static-libgcc instead of
$(static-libgcc).
(build-module-helper): Likewise.
There is a configure test "for libc-friendly stddef.h", which sets a
makefile variable stddef.h that appears to be nowhere used. It
appears the uses of this variable were removed by:
Tue Feb 21 00:10:50 1995 Roland McGrath <roland@churchy.gnu.ai.mit.edu>
* Makefile (headers): Remove $(stddef.h).
* Makeconfig (stddef.h): Variable removed; now require gcc version
>= 2.2.
* stddef.h: File removed.
(having been added by
Wed May 26 14:44:19 1993 Roland McGrath (roland@churchy.gnu.ai.mit.edu)
* configure.in (autoconf checks): Add new check for a
libc-friendly stddef.h.
so the test was of use for less than two years, before being obsolete
for over 20 years). This patch removes the test.
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
* configure.ac (libc_cv_friendly_stddef): Remove configure test.
* configure: Regenerated.
A custom character buffer is added in this commit, in the form of
struct char_buffer. The char_buffer_add function replaces the
ADDW macro (which has grown with each successive security fix).
The char_buffer_add slow path is moved out-of-line, reducing
code size.
* stdio-common/vfscanf.c (MEMCPY): Remove macro.
(struct char_buffer): New type.
(char_buffer_start, char_buffer_size, char_buffer_error)
(char_buffer_rewind, char_buffer_add): New functions.
(ADDW): Remove macro, replaced by the char_buffer_add function.
(_IO_vfscanf_internal): Rewrite using struct char_buffer instead
of extend_alloca. Make control flow more explicit.
Only i386 implements epoll_pwait in assembly code withot cancellation
support. All other architectures implement epoll_pwait in epoll_pwait.c
with
int epoll_pwait (int epfd, struct epoll_event *events,
int maxevents, int timeout,
const sigset_t *set)
{
return SYSCALL_CANCEL (epoll_pwait, epfd, events, maxevents,
timeout, set, _NSIG / 8);
}
Although there is no test for epoll_pwait in glibc, since SYSCALL_CANCEL
works on i386 and epoll_pwait.c works for other architectures, it is
safe to assume that epoll_pwait.c with SYSCALL_CANCEL also works on
i386.
[BZ #19137]
* sysdeps/unix/sysv/linux/i386/Makefile (CFLAGS-epoll_pwait.c):
Add -fomit-frame-pointer.
* sysdeps/unix/sysv/linux/i386/epoll_pwait.S: Remove file.
Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
has security implications. This commit enables pointer guard
unconditionally, and the environment variable is now ignored.
[BZ #18928]
* sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
_dl_pointer_guard member.
* elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
initializer.
(security_init): Always set up pointer guard.
(process_envvars): Do not process LD_POINTER_GUARD.
The powerpc32 implementation of lround and lroundf can produce
spurious exceptions from adding 0.5 then converting to integer. This
includes "inexact" from the conversion to integer (not allowed for
integer arguments to these functions), and, for larger integer
arguments, "inexact", and "overflow" when rounding upward, from the
addition. In addition, "inexact" is not allowed together with
"invalid" and so inexact addition must be avoided when the integer
will be out of range of 32-bit long, whether or not the argument is an
integer.
This patch fixes these problems. As in the powerpc64 llround
implementation, a check is added for too-large arguments; in the
powerpc64 case that means arguments at least 2^52 in magnitude (so
that 0.5 cannot be added exactly), while in this case it means
arguments for which the result would overflow "long". In those cases
a suitable overflowing value is used for the integer conversion
without adding 0.5, while for smaller arguments it's tested whether
the argument is an integer (by adding and subtracting 2^52 to the
absolute value and comparing with the original absolute value) to
avoid adding 0.5 to integers and generating spurious "inexact".
This code is not used when the power5+ sysdeps directories are used,
as there's a separate power5+ version of these functions..
Tested for powerpc. This gets test-float (for a default powerpc32
hard-float build without any --with-cpu) back to the point where it
should pass once powerpc ulps are regenerated; test-double still needs
another problem with exceptions fixed to get back to that point (and I
haven't looked lately at what default powerpc64 results are like).
[BZ #19134]
* sysdeps/powerpc/powerpc32/fpu/s_lround.S (.LC1): New object.
(.LC2): Likewise.
(.LC3): Likewise.
(__lround): Do not add 0.5 to integer or out-of-range arguments.