Commit Graph

36133 Commits

Author SHA1 Message Date
Vineet Gupta
758caf3736 Documentation for ARC port
(a) ABI doc:
    https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/wiki/files/ARCv2_ABI.pdf

(b) Programmer's Reference Manual (PRM) : needs a download request to be filled
    https://www.synopsys.com/dw/ipdir.php?ds=arc-hs44-hs46-hs48
    https://www.synopsys.com/dw/doc.php/ds/cc/programmers-reference-manual-ARC-HS.pdf

As of port merge (and Florian's patch to fix static TLS), glibc testsuite
(cross-test setup) has following failures:

FAIL: elf/tst-audit14
FAIL: elf/tst-audit15
FAIL: elf/tst-audit16
FAIL: elf/tst-ldconfig-ld_so_conf-update
FAIL: elf/tst-libc_dlvsym
FAIL: elf/tst-libc_dlvsym-static
FAIL: iconv/test-iconvconfig		# Needs gconv installed
FAIL: io/ftwtest			# Requires execution by non-root
FAIL: io/tst-lockf
FAIL: libio/tst-wfile-sync
FAIL: locale/tst-localedef-path-norm
FAIL: nptl/test-cond-printers		# needs Python3 and target GDB on target
FAIL: nptl/test-condattr-printers	#    ditto
FAIL: nptl/test-mutex-printers		#    ditto
FAIL: nptl/test-mutexattr-printers	#    ditto
FAIL: nptl/test-rwlock-printers		#    ditto
FAIL: nptl/test-rwlockattr-printers	#    ditto
FAIL: nptl/tst-umask1			# passes if run natively on target (NFS ACLv3 support needed)
FAIL: nss/bug-erange
FAIL: nss/tst-nss-files-hosts-getent
FAIL: nss/tst-nss-files-hosts-multi
FAIL: posix/bug-ga2
FAIL: posix/globtest			# require same user on target and host
FAIL: posix/tst-getaddrinfo5
FAIL: stdio-common/tst-vfprintf-width-prec
FAIL: stdio-common/tst-vfprintf-width-prec-alloc
FAIL: stdio-common/tst-vfprintf-width-prec-mem
FAIL: string/tst-strerror
FAIL: string/tst-strsignal
FAIL: sunrpc/bug20790			# missing cpp on target
FAIL: timezone/tst-tzset

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:31:58 -07:00
Vineet Gupta
2fc2260ba4 build-many-glibcs.py: Enable ARC builds
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:45 -07:00
Vineet Gupta
0be8ae3679 ARC: Build Infrastructure
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:45 -07:00
Vineet Gupta
33ff7b3988 ARC: ABI lists
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
c86a9483f4 ARC: Linux Startup and Dynamic Loading
A big shoutout to Cupertino Miranda <cmiranda@synopsys.com> for his
valuable contribution in initial bringup and debugging on Linux and
later in solving pesky unwinding/cancelation failures in testsuite.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
e5ccf113cd ARC: Linux ABI
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
add5071a5c ARC: Linux Syscall Interface
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
3ab8611a22 ARC: hardware floating point support
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
fd9dec20c8 ARC: math soft float support
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
9679dd5ecd ARC: Atomics and Locking primitives
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
0261315289 ARC: Thread Local Storage support
This includes all 4 TLS addressing models

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
dd2e6ef179 ARC: startup and dynamic linking code
Code for C runtime startup and dynamic loading including PLT layout.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Vineet Gupta
0e7d930c4c ARC: ABI Implementation
This code deals with the ARC ABI.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:08:44 -07:00
Lucas A. M. Magalhaes
04deeaa9ea Fix time/tst-cpuclock1 intermitent failures
This test fails intermittently in systems with heavy load as
CLOCK_PROCESS_CPUTIME_ID is subject to scheduler pressure.  Thus the
test boundaries were relaxed to keep it from failing on such systems.

A refactor of the spent time checking was made with some support
functions.  With the advantage to representing time jitter in percent
of the target.

The values used by the test boundaries are all empirical.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-10 19:41:06 -03:00
Tulio Magno Quites Machado Filho
7c7bcf3634 powerpc64: Fix calls when r2 is not used [BZ #26173]
Teach the linker that __mcount_internal, __sigjmp_save_symbol,
__syscall_error and __GI_exit do not use r2, so that it does not need to
recover r2 after the call.

Test at configure time if the assembler supports @notoc and define
USE_PPC64_NOTOC.
2020-07-10 19:41:06 -03:00
Mike FABIAN
936c9666ae Add NEWS entry for Update to Unicode 13.0.0 [BZ #25819]
Unicode 13.0.0 Support: Character encoding, character type info, and
transliteration tables are all updated to Unicode 13.0.0, using
the generator scripts contributed by Mike FABIAN (Red Hat).

Total added characters in newly generated CHARMAP: 5930
Total added characters in newly generated WIDTH: 5536
2020-07-10 11:56:33 +02:00
Patsy Franklin
b21c2c24ed Update i686 libm-test-ulps
Without my ULP patch these 18 tests fail on i686:
 https://koji.fedoraproject.org/koji/taskinfo?taskID=46467301

+ cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 85
model name	: Intel Xeon Processor (Cascadelake)

FAIL: math/test-double-j0
FAIL: math/test-double-y0
FAIL: math/test-float-erfc
FAIL: math/test-float-j0
FAIL: math/test-float-j1
FAIL: math/test-float-lgamma
FAIL: math/test-float-tgamma
FAIL: math/test-float-y0
FAIL: math/test-float32-erfc
FAIL: math/test-float32-j0
FAIL: math/test-float32-j1
FAIL: math/test-float32-lgamma
FAIL: math/test-float32-tgamma
FAIL: math/test-float32-y0
FAIL: math/test-float32x-j0
FAIL: math/test-float32x-y0
FAIL: math/test-float64-j0
FAIL: math/test-float64-y0

With my ULP patch applied these tests now pass:
 https://koji.fedoraproject.org/koji/taskinfo?taskID=46436310
2020-07-09 23:43:25 -04:00
Joseph Myers
90663e9c81 Fix memory leak in __printf_fp_l (bug 26215).
__printf_fp_l has a memory leak in the case of some I/O errors, where
both buffer and wbuffer have been malloced but the handling of I/O
errors only frees wbuffer.  This patch fixes this by moving the
declaration of buffer to an outer scope and ensuring that it is freed
when wbuffer is freed.

Tested for x86_64 and x86.
2020-07-09 21:52:24 +00:00
Joseph Myers
ede56038e5 Fix double free in __printf_fp_l (bug 26214).
__printf_fp_l has a double free bug in the case where it allocates
memory with malloc internally, then has an I/O error while outputting
trailing padding and tries to free that already-freed memory when the
error occurs.  This patch fixes this by setting the relevant pointer
to NULL after the first free (the only free of this pointer that isn't
immediately followed by returning from the function).

Tested for x86_64 and x86.
2020-07-09 21:51:49 +00:00
Maciej W. Rozycki
c363f834cf linux: Fix syscall list generation instructions
Make the instructions for syscall list generation match Makefile and
refer to `update-syscall-lists'; there has been no `update-arch-syscall'
target.  Also use single quotes around the command to stick to the ASCII
character set.

Fixes 4cf0d22305 ("Linux: Add tables with system call numbers").

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-09 17:43:57 +01:00
Adhemerval Zanella
ffd178c651 sysv: linux: Add 64-bit time_t variant for shmctl
To provide a y2038 safe interface a new symbol __shmctl64 is added
and __shmctl is change to call it instead (it adds some extra buffer
copying for the 32 bit time_t implementation).

Two new structures are added:

  1. kernel_shmid64_ds: used internally only on 32-bit architectures
     to issue the syscall.  A handful of architectures (hppa, i386,
     mips, powerpc32, and sparc32) require specific implementations
     due to their kernel ABI.

  2. shmid_ds64: this is only for __TIMESIZE != 64 to use along with
     the 64-bit shmctl.  It is different than the kernel struct because
     the exported 64-bit time_t might require different alignment
     depending on the architecture ABI.

So the resulting implementation does:

  1. For 64-bit architectures it assumes shmid_ds already contains
     64-bit time_t fields and will result in just the __shmctl symbol
     using the __shmctl64 code.  The shmid_ds argument is passed as-is
     to the syscall.

  2. For 32-bit architectures with default 64-bit time_t (newer ABIs
     such riscv32 or arc), it will also result in only one exported
     symbol but with the required high/low time handling.

  3. Finally for 32-bit architecture with both 32-bit and 64-bit time_t
     support we follow the already set way to provide one symbol with
     64-bit time_t support and implement the 32-bit time_t support
     using of the 64-bit one.

     The default 32-bit symbol will allocate and copy the shmid_ds
     over multiple buffers, but this should be deprecated in favor
     of the __shmctl64 anyway.

Checked on i686-linux-gnu and x86_64-linux-gnu.  I also did some sniff
tests on powerpc, powerpc64, mips, mips64, armhf, sparcv9, and
sparc64.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-09 12:05:47 -03:00
Adhemerval Zanella
7929d77985 sysvipc: Remove the linux shm-pad.h file
Each architecture overrides the struct msqid_ds which its required
kernel ABI one.

Checked on x86_64-linux-gnu and some bases sysvipc tests on hppa,
mips, mipsle, mips64, mips64le, sparc64, sparcv9, powerpc64le,
powerpc64, and powerpc.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-09 12:05:46 -03:00
Adhemerval Zanella
380b7ced6a sysvipc: Split out linux struct shmid_ds
This will allow us to have architectures specify their own version.

Not semantic changes expected.  Checked with a build against the
all affected ABIs.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-09 12:05:46 -03:00
Adhemerval Zanella
3283f71113 sysv: linux: Add 64-bit time_t variant for msgctl
To provide a y2038 safe interface a new symbol __msgctl64 is added
and __msgctl is change to call it instead (it adds some extra buffer
coping for the 32 bit time_t implementation).

Two new structures are added:

  1. kernel_msqid64_ds: used internally only on 32-bit architectures
     to issue the syscall.  A handful of architectures (hppa, i386, mips,
     powerpc32, and sparc32) require specific implementations due to
     their kernel ABI.

  2. msqid_ds64: this is only for __TIMESIZE != 64 to use along with
     the 64-bit msgctl.  It is different than the kernel struct because
     the exported 64-bit time_t might require different alignment
     depending on the architecture ABI.

So the resulting implementation does:

  1. For 64-bit architectures it assumes msqid_ds already contains
     64-bit time_t fields and will result in just the __msgctl symbol
     using the __msgctl64 code.  The msgid_ds argument is passed as-is
     to the syscall.

  2. For 32-bit architectures with default 64-bit time_t (newer ABIs
     such riscv32 or arc), it will also result in only one exported
     symbol but with the required high/low time handling.

  3. Finally for 32-bit architecture with both 32-bit and 64-bit time_t
     support we follow the already set way to provide one symbol with
     64-bit time_t support and implement the 32-bit time_t support using
     the 64-bit time_t.

     The default 32-bit symbol will allocate and copy the msqid_ds
     over multiple buffers, but this should be deprecated in favor
     of the __msgctl64 anyway.

Checked on i686-linux-gnu and x86_64-linux-gnu.  I also did some sniff
tests on powerpc, powerpc64, mips, mips64, armhf, sparcv9, and
sparc64.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-09 12:05:40 -03:00
Adhemerval Zanella
915b9fe312 sysvipc: Remove the linux msq-pad.h file
Each architecture overrides the struct msqid_ds which its required
kernel ABI one.

Checked on x86_64-linux-gnu and some bases sysvipc tests on hppa,
mips, mipsle, mips64, mips64le, sparc64, sparcv9, powerpc64le,
powerpc64, and powerpc.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-09 12:05:40 -03:00
Adhemerval Zanella
078a892085 sysvipc: Split out linux struct semid_ds
This will allow us to have architectures specify their own version.

Not semantic changes expected.  Checked with a build against the
all affected ABIs.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2020-07-09 12:05:40 -03:00
Adhemerval Zanella
dba950e317 sysv: linux: Add 64-bit time_t variant for semctl
Different than others 64-bit time_t syscalls, the SysIPC interface
does not provide a new set of syscall for y2038 safeness.  Instead it
uses unused fields in semid_ds structure to return the high bits for
the timestamps.

To provide a y2038 safe interface a new symbol __semctl64 is added
and __semctl is change to call it instead (it adds some extra buffer
copying for the 32 bit time_t implementation).

Two new structures are added:

  1. kernel_semid64_ds: used internally only on 32-bit architectures
     to issue the syscall.  A handful of architectures (hppa, i386,
     mips, powerpc32, sparc32) require specific implementations due
     their kernel ABI.

  2. semid_ds64: this is only for __TIMESIZE != 64 to use along with
     the 64-bit semctl.  It is different than the kernel struct because
     the exported 64-bit time_t might require different alignment
     depending on the architecture ABI.

So the resulting implementation does:

  1. For 64-bit architectures it assumes semid_ds already contains
     64-bit time_t fields and will result in just the __semctl symbol
     using the __semctl64 code.  The semid_ds argument is passed as-is
     to the syscall.

  2. For 32-bit architectures with default 64-bit time_t (newer ABIs
     such riscv32 or arc), it will also result in only one exported
     symbol but with the required high/low handling.

     It might be possible to optimize it further to avoid the
     kernel_semid64_ds to semun transformation if the exported ABI
     for the architectures matches the expected kernel ABI, but the
     implementation is already complex enough and don't think this
     should be a hotspot in any case.

  3. Finally for 32-bit architecture with both 32-bit and 64-bit time_t
     support we follow the already set way to provide one symbol with
     64-bit time_t support and implement the 32-bit time_t support
     using the 64-bit one.

     The default 32-bit symbol will allocate and copy the semid_ds
     over multiple buffers, but this should be deprecated in favor
     of the __semctl64 anyway.

Checked on i686-linux-gnu and x86_64-linux-gnu.  I also did some sniff
tests on powerpc, powerpc64, mips, mips64, armhf, sparcv9, and
sparc64.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Vineet Gupta <vgupta@synopsys.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2020-07-09 12:05:35 -03:00
Szabolcs Nagy
ffb17e7ba3 rtld: Avoid using up static TLS surplus for optimizations [BZ #25051]
On some targets static TLS surplus area can be used opportunistically
for dynamically loaded modules such that the TLS access then becomes
faster (TLSDESC and powerpc TLS optimization). However we don't want
all surplus TLS to be used for this optimization because dynamically
loaded modules with initial-exec model TLS can only use surplus TLS.

The new contract for surplus static TLS use is:

- libc.so can have up to 192 bytes of IE TLS,
- other system libraries together can have up to 144 bytes of IE TLS.
- Some "optional" static TLS is available for opportunistic use.

The optional TLS is now tunable: rtld.optional_static_tls, so users
can directly affect the allocated static TLS size. (Note that module
unloading with dlclose does not reclaim static TLS. After the optional
TLS runs out, TLS access is no longer optimized to use static TLS.)

The default setting of rtld.optional_static_tls is 512 so the surplus
TLS is 3*192 + 4*144 + 512 = 1664 by default, the same as before.

Fixes BZ #25051.

Tested on aarch64-linux-gnu and x86_64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-08 17:32:56 +01:00
Szabolcs Nagy
17796419b5 rtld: Account static TLS surplus for audit modules
The new static TLS surplus size computation is

  surplus_tls = 192 * (nns-1) + 144 * nns + 512

where nns is controlled via the rtld.nns tunable. This commit
accounts audit modules too so nns = rtld.nns + audit modules.

rtld.nns should only include the namespaces required by the
application, namespaces for audit modules are accounted on top
of that so audit modules don't use up the static TLS that is
reserved for the application. This allows loading many audit
modules without tuning rtld.nns or using up static TLS, and it
fixes

FAIL: elf/tst-auditmany

Note that DL_NNS is currently a hard upper limit for nns, and
if rtld.nns + audit modules go over the limit that's a fatal
error. By default rtld.nns is 4 which allows 12 audit modules.

Counting the audit modules is based on existing audit string
parsing code, we cannot use GLRO(dl_naudit) before the modules
are actually loaded.
2020-07-08 17:32:56 +01:00
Szabolcs Nagy
0c7b002fac rtld: Add rtld.nns tunable for the number of supported namespaces
TLS_STATIC_SURPLUS is 1664 bytes currently which is not enough to
support DL_NNS (== 16) number of dynamic link namespaces, if we
assume 192 bytes of TLS are reserved for libc use and 144 bytes
are reserved for other system libraries that use IE TLS.

A new tunable is introduced to control the number of supported
namespaces and to adjust the surplus static TLS size as follows:

surplus_tls = 192 * (rtld.nns-1) + 144 * rtld.nns + 512

The default is rtld.nns == 4 and then the surplus TLS size is the
same as before, so the behaviour is unchanged by default. If an
application creates more namespaces than the rtld.nns setting
allows, then it is not guaranteed to work, but the limit is not
checked. So existing usage will continue to work, but in the
future if an application creates more than 4 dynamic link
namespaces then the tunable will need to be set.

In this patch DL_NNS is a fixed value and provides a maximum to
the rtld.nns setting.

Static linking used fixed 2048 bytes surplus TLS, this is changed
so the same contract is used as for dynamic linking.  With static
linking DL_NNS == 1 so rtld.nns tunable is forced to 1, so by
default the surplus TLS is reduced to 144 + 512 = 656 bytes. This
change is not expected to cause problems.

Tested on aarch64-linux-gnu and x86_64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-08 17:32:56 +01:00
Petr Vorel
ae7a94e5e3 Remove --enable-obsolete-nsl configure flag
this means that *always* libnsl is only built as shared library for
backward compatibility and the NSS modules libnss_nis and libnss_nisplus
are not built at all, libnsl's headers aren't installed.

This compatibility is kept only for architectures and ABIs that have
been added in or before version 2.28.

Replacement implementations based on TIRPC, which additionally support
IPv6, are available from <https://github.com/thkukuk/>.

This change does not affect libnss_compat which does not depended
on libnsl since 2.27 and thus can be used without NIS.

libnsl code depends on Sun RPC, e.g. on --enable-obsolete-rpc (installed
libnsl headers use installed Sun RPC headers), which will be removed in
the following commit.
2020-07-08 17:25:57 +02:00
Florian Weimer
acb527929d Move non-deprecated RPC-related functions from sunrpc to inet
This includes bindresvport and the NSS-related RPC functions.  This will
simplify the removal of the sunrpc functionality because these functions
no longer have to be treated specially.
2020-07-08 17:25:57 +02:00
Szabolcs Nagy
a2a83bf6d9 aarch64: add NEWS entry about branch protection support
This is a new security feature that relies on architecture
extensions and needs glibc to be built with a gcc configured
with branch protection.
2020-07-08 15:02:38 +01:00
Szabolcs Nagy
d174ec248d aarch64: redefine RETURN_ADDRESS to strip PAC
RETURN_ADDRESS is used at several places in glibc to mean a valid
code address of the call site, but with pac-ret it may contain a
pointer authentication code (PAC), so its definition is adjusted.

This is gcc PR target/94891: __builtin_return_address should not
expose signed pointers to user code where it can cause ABI issues.
In glibc RETURN_ADDRESS is only changed if it is built with pac-ret.
There is no detection for the specific gcc issue because it is
hard to test and the additional xpac does not cause problems.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 15:02:38 +01:00
Szabolcs Nagy
c94767712b aarch64: fix pac-ret support in _mcount
Currently gcc -pg -mbranch-protection=pac-ret passes signed return
address to _mcount, so _mcount now has to always strip pac from the
frompc since that's from user code that may be built with pac-ret.

This is gcc PR target/94791: signed pointers should not escape and get
passed across extern call boundaries, since that's an ABI break, but
because existing gcc has this issue we work it around in glibc until
that is resolved. This is compatible with a fixed gcc and it is a nop
on systems without PAuth support. The bug was introduced in gcc-7 with
-msign-return-address=non-leaf|all support which in gcc-9 got renamed
to -mbranch-protection=pac-ret|pac-ret+leaf|standard.

strip_pac uses inline asm instead of __builtin_aarch64_xpaclri since
that is not a documented api and not available in all supported gccs.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 15:02:38 +01:00
Szabolcs Nagy
1be3d6eb82 aarch64: Add pac-ret support to assembly files
Use return address signing in assembly files for functions that save
LR when pac-ret is enabled in the compiler.

The GNU property note for PAC-RET is not meaningful to the dynamic
linker so it is not strictly required, but it may be used to track
the security property of binaries. (The PAC-RET property is only set
if BTI is set too because BTI implies working GNU property support.)

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-07-08 15:02:38 +01:00
Szabolcs Nagy
9e1751e6d6 aarch64: configure check for pac-ret code generation
Return address signing requires unwinder support, which is
present in libgcc since >=gcc-7, however due to bugs the
support may be broken in <gcc-10 (and similarly there may
be issues in custom unwinders), so pac-ret is not always
safe to use. So in assembly code glibc should only use
pac-ret if the compiler uses it too. Unfortunately there
is no predefined feature macro for it set by the compiler
so pac-ret is inferred from the code generation.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-07-08 15:02:38 +01:00
Szabolcs Nagy
de9301c02e aarch64: ensure objects are BTI compatible
When glibc is built with branch protection (i.e. with a gcc configured
with --enable-standard-branch-protection), all glibc binaries should
be BTI compatible and marked as such.

It is easy to link BTI incompatible objects by accident and this is
silent currently which is usually not the expectation, so this is
changed into a link error. (There is no linker flag for failing on
BTI incompatible inputs so all warnings are turned into fatal errors
outside the test system when building glibc with branch protection.)

Unfortunately, outlined atomic functions are not BTI compatible in
libgcc (PR libgcc/96001), so to build glibc with current gcc use
'CC=gcc -mno-outline-atomics', this should be fixed in libgcc soon
and then glibc can be built and tested without such workarounds.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-07-08 15:02:38 +01:00
Sudakshina Das
605338745b aarch64: enable BTI at runtime
Binaries can opt-in to using BTI via an ELF object file marking.
The dynamic linker has to then mprotect the executable segments
with PROT_BTI. In case of static linked executables or in case
of the dynamic linker itself, PROT_BTI protection is done by the
operating system.

On AArch64 glibc uses PT_GNU_PROPERTY instead of PT_NOTE to check
the properties of a binary because PT_NOTE can be unreliable with
old linkers (old linkers just append the notes of input objects
together and add them to the output without checking them for
consistency which means multiple incompatible GNU property notes
can be present in PT_NOTE).

BTI property is handled in the loader even if glibc is not built
with BTI support, so in theory user code can be BTI protected
independently of glibc. In practice though user binaries are not
marked with the BTI property if glibc has no support because the
static linked libc objects (crt files, libc_nonshared.a) are
unmarked.

This patch relies on Linux userspace API that is not yet in a
linux release but in v5.8-rc1 so scheduled to be in Linux 5.8.

Co-authored-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 15:02:37 +01:00
Szabolcs Nagy
5f846c8b0d aarch64: fix RTLD_START for BTI
Tailcalls must use x16 or x17 for the indirect branch instruction
to be compatible with code that uses BTI c at function entries.
(Other forms of indirect branches can only land on BTI j.)

Also added a BTI c at the ELF entry point of rtld, this is not
strictly necessary since the kernel does not use indirect branch
to get there, but it seems safest once building glibc itself with
BTI is supported.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 15:02:37 +01:00
Szabolcs Nagy
fddbd7c0ef aarch64: fix swapcontext for BTI
setcontext returns to the specified context via an indirect jump,
so there should be a BTI j.

In case of getcontext (and all other returns_twice functions) the
compiler adds BTI j at the call site, but swapcontext is a normal
c call that is currently not handled specially by the compiler.

So we change swapcontext such that the saved context returns to a
local address that has BTI j and then swapcontext returns to the
caller via a normal RET. For this we save the original return
address in the slot for x1 of the context because x1 need not be
preserved by swapcontext but it is restored when the context saved
by swapcontext is resumed.

The alternative fix (which is done on x86) would make swapcontext
special in the compiler so BTI j is emitted at call sites, on
x86 there is an indirect_return attribute for this, on AArch64
we would have to use returns_twice. It was decided against because
such fix may need user code updates: the attribute has to be added
when swapcontext is called via a function pointer and it breaks
always_inline functions with swapcontext.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 15:02:37 +01:00
Sudakshina Das
91181954f9 aarch64: Add BTI support to assembly files
To enable building glibc with branch protection, assembly code
needs BTI landing pads and ELF object file markings in the form
of a GNU property note.

The landing pads are unconditionally added to all functions that
may be indirectly called. When the code segment is not mapped
with PROT_BTI these instructions are nops. They are kept in the
code when BTI is not supported so that the layout of performance
critical code is unchanged across configurations.

The GNU property notes are only added when there is support for
BTI in the toolchain, because old binutils does not handle the
notes right. (Does not know how to merge them nor to put them in
PT_GNU_PROPERTY segment instead of PT_NOTE, and some versions
of binutils emit warnings about the unknown GNU property. In
such cases the produced libc binaries would not have valid
ELF marking so BTI would not be enabled.)

Note: functions using ENTRY or ENTRY_ALIGN now start with an
additional BTI c, so alignment of the following code changes,
but ENTRY_ALIGN_AND_PAD was fixed so there is no change to the
existing code layout. Some string functions may need to be
tuned for optimal performance after this commit.

Co-authored-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-07-08 15:02:37 +01:00
Szabolcs Nagy
2a4c2dde49 aarch64: Rename place holder .S files to .c
The compiler can add required elf markings based on CFLAGS
but the assembler cannot, so using C code for empty files
creates less of a maintenance problem.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 15:02:37 +01:00
Szabolcs Nagy
1b0a4f58f5 aarch64: configure test for BTI support
Check BTI support in the compiler and linker.  The check also
requires READELF that understands the BTI GNU property note.
It is expected to succeed with gcc >=gcc-9 configured with
--enable-standard-branch-protection and binutils >=binutils-2.33.

Note: passing -mbranch-protection=bti in CFLAGS when building glibc
may not be enough to get a glibc that supports BTI because crtbegin*
and crtend* provided by the compiler needs to be BTI compatible too.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 15:02:37 +01:00
Szabolcs Nagy
dbfefbdc3a Rewrite abi-note.S in C.
Using C code allows the compiler to add target specific object file
markings based on CFLAGS.

The arm specific abi-note.S is removed and similar object file fix
up will be avoided on AArch64 with standard branch protection.
2020-07-08 15:02:37 +01:00
Szabolcs Nagy
c7aa8596de rtld: Clean up PT_NOTE and add PT_GNU_PROPERTY handling
Add generic code to handle PT_GNU_PROPERTY notes. Invalid
content is ignored, _dl_process_pt_gnu_property is always called
after PT_LOAD segments are mapped and it has no failure modes.
Currently only one NT_GNU_PROPERTY_TYPE_0 note is handled, which
contains target specific properties: the _dl_process_gnu_property
hook is called for each property.

The old _dl_process_pt_note and _rtld_process_pt_note differ in how
the program header is read.  The old _dl_process_pt_note is called
before PT_LOAD segments are mapped and _rtld_process_pt_note is called
after PT_LOAD segments are mapped. The old _rtld_process_pt_note is
removed and _dl_process_pt_note is always called after PT_LOAD
segments are mapped and now it has no failure modes.

The program headers are scanned backwards so that PT_NOTE can be
skipped if PT_GNU_PROPERTY exists.

Co-Authored-By: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-08 14:28:53 +01:00
Adhemerval Zanella
c1e63c7214 string: Move tst-strsignal tst-strerror to tests-container
Both tests require libc.mo translation files which might not be
installed on the system.

Checked on x86_64-linux-gnu.
2020-07-08 10:23:14 -03:00
Florian Weimer
5b2deed8a5 string: Fix prototype mismatch in sigabbrev_np, __sigdescr_np
GCC 6 does not ignore the const specifier on the return type.
2020-07-08 14:19:58 +02:00
Alexander Anisimov
beea361050 arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
Unsigned branch instructions could be used for r2 to fix the wrong
behavior when a negative length is passed to memcpy.
This commit fixes the armv7 version.
2020-07-08 14:18:31 +02:00
Evgeny Eremin
79a4fa341b arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
Unsigned branch instructions could be used for r2 to fix the wrong
behavior when a negative length is passed to memcpy and memmove.
This commit fixes the generic arm implementation of memcpy amd memmove.
2020-07-08 14:18:19 +02:00