This patch fixes some hurd bits from commit afcf3cd8eb that added the
__access_noerrno internal symbol. It basically removes the nonrequired
__hurd_fail_noerrno (since the 'err' argument is ignored) and fixes
a typo for EACCES.
However, as stated on maillist [1] this __access_noerrno may still be
unsafe to run during initialization of tunables on the Hurd. The
access_common calls __hurd_file_name_lookup, which calls
__hurd_file_name_lookup_retry, which can set errno.
[1] https://sourceware.org/ml/libc-alpha/2016-11/msg00646.html
Implement an internal version of __access called __access_noerrno that
avoids setting errno. This is useful to check accessibility of files
very early on in process startup i.e. before TLS setup. This allows
tunables to replace MALLOC_CHECK_ safely (i.e. check existence of
/etc/suid-debug to enable/disable MALLOC_CHECK) and at the same time
initialize very early so that it can override IFUNCs.
Checked on x86_64.
* hurd/hurd.h (__hurd_fail_noerrno): New function.
* include/unistd.h [IS_IN (rtld) || !defined SHARED]: Declare
__access_noerrno.
* io/access.c (__access_noerrno): New function.
* sysdeps/mach/hurd/access.c (hurd_fail_seterrno): New function.
(hurd_fail_seterrno): Likewise.
(access_common): Likewise.
(__access_noerrno): Likewise.
* sysdeps/nacl/access.c (__access_noerrno): Likewise.
* sysdeps/unix/sysv/linux/access.c (__access_noerrno): Likewise.
* sysdeps/nacl/nacl-interfaces.h (NACL_CALL_NOERRNO): New
macro.
This patch implements a new posix_spawn{p} implementation for Linux. The main
difference is it uses the clone syscall directly with CLONE_VM and CLONE_VFORK
flags and a direct allocated stack. The new stack and start function solves
most the vfork limitation (possible parent clobber due stack spilling). The
remaning issue are related to signal handling:
1. That no signal handlers must run in child context, to avoid corrupt
parent's state.
2. Child must synchronize with parent to enforce stack deallocation and
to possible return execv issues.
The first one is solved by blocking all signals in child, even NPTL-internal
ones (SIGCANCEL and SIGSETXID). The second issue is done by a stack allocation
in parent and a synchronization with using a pipe or waitpid (in case or error).
The pipe has the advantage of allowing the child signal an exec error (checked
with new tst-spawn2 test).
There is an inherent race condition in pipe2 usage for architectures that do not
support the syscall directly. In such cases the a pipe plus fctnl is used
instead and it may lead to file descriptor leak in parent (as decribed by fcntl
documentation).
The child process stack is allocate with a mmap with MAP_STACK flag using
default architecture stack size. Although it is slower than use a stack buffer
from parent, it allows some slack for the compatibility code to run scripts
with no shebang (which may use a buffer with size depending of argument list
count).
Performance should be similar to the vfork default posix implementation and
way faster than fork path (vfork on mostly linux ports are basically
clone with CLONE_VM plus CLONE_VFORK). The only difference is the syscalls
required for the stack allocation/deallocation.
It fixes BZ#10354, BZ#14750, and BZ#18433.
Tested on i386, x86_64, powerpc64le, and aarch64.
[BZ #14750]
[BZ #10354]
[BZ #18433]
* include/sched.h (__clone): Add hidden prototype.
(__clone2): Likewise.
* include/unistd.h (__dup): Likewise.
* posix/Makefile (tests): Add tst-spawn2.
* posix/tst-spawn2.c: New file.
* sysdeps/posix/dup.c (__dup): Add hidden definition.
* sysdeps/unix/sysv/linux/aarch64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/alpha/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/hppa/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/i386/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/ia64/clone2.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/m68k/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/microblaze/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/mips/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/nios2/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/clone.S (__clone):
Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S (__clone):
Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/s390/s390-64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/sh/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc32/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/tile/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/x86_64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/nptl-signals.h
(____nptl_is_internal_signal): New function.
* sysdeps/unix/sysv/linux/spawni.c: New file.
Since internal unistd functions are only used internally in ld.so and
libc.so, they can be made hidden. __close, __getcwd, __getpid,
__libc_read and __libc_write can't be hidden in ld.so on Hurd since they
will be preempted by the ones in libc.so after bootstrap.
[BZ #19122]
* include/unistd.h [IS_IN (rtld)]: Include <dl-unistd.h>.
* sysdeps/generic/dl-unistd.h: New file.
* sysdeps/mach/hurd/dl-unistd.h: Likewise.
Various functions in XPG4 bring in references to getlogin_r, which is
not in XPG4; this is also a bug for some older POSIX versions which
aren't yet covered by the linknamespace tests. This patch fixes this
by making getlogin_r into a weak alias for __getlogin_r and using
__getlogin_r as needed.
Tested for x86_64 and x86 (testsuite, and that disassembly of
installed stripped shared libraries is unchanged by the patch).
[BZ #18527]
* login/getlogin_r.c (getlogin_r): Rename to __getlogin_r and
define as weak alias of __getlogin_r. Use libc_hidden_weak.
* sysdeps/mach/hurd/getlogin_r.c (getlogin_r): Likewise.
* sysdeps/unix/getlogin_r.c (getlogin_r): Likewise.
* sysdeps/unix/sysv/linux/getlogin_r.c (getlogin_r): Likewise.
* include/unistd.h (__getlogin_r): Declare. Use
libc_hidden_proto.
* posix/glob.c (glob): Call __getlogin_r instead of getlogin_r.
* conform/Makefile (test-xfail-XPG3/glob.h/linknamespace): Remove
variable.
(test-xfail-XPG3/wordexp.h/linknamespace): Likewise.
(test-xfail-XPG4/glob.h/linknamespace): Likewise.
(test-xfail-XPG4/wordexp.h/linknamespace): Likewise.
Continuing the removal of the obsolete INTDEF / INTVARDEF / INTUSE
mechanism, this patch replaces its use for __libc_enable_secure with
the use of rtld_hidden_data_def and rtld_hidden_proto.
Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch.
[BZ #14132]
* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
rtld_hidden_data_def instead of INTVARDEF.
(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
* elf/dl-deps.c (expand_dst): Likewise.
* elf/dl-load.c (_dl_dst_count): Likewise.
(_dl_dst_substitute): Likewise.
(decompose_rpath): Likewise.
(_dl_init_paths): Likewise.
(open_path): Likewise.
(_dl_map_object): Likewise.
* elf/rtld.c (dl_main): Likewise.
(process_dl_audit): Likewise.
(process_envvars): Likewise.
* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
Remove declaration.
(__libc_enable_secure): Use rtld_hidden_proto.
These internal knobs are not exposed as part of the public ABI, so mark
them hidden to avoid generating relocations against them.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
We can't assume sock_cloexec and pipe2 are bound together as the former
defines are found in glibc only while the latter are a combo of kernel
headers and glibc. So if we do a runtime detection of SOCK_CLOEXEC, but
pipe2() is a stub inside of glibc, we hit a problem. For example:
main()
{
getgrnam("portage");
if (!popen("ls", "r"))
perror("popen()");
}
getgrnam() will detect that the kernel supports SOCK_CLOEXEC and then set
both __have_sock_cloexec and __have_pipe2 to true. But if glibc was built
against older kernel headers where __NR_pipe2 does not exist, glibc will
have a ENOSYS stub for it. So popen() will always fail as glibc assumes
pipe2() works.
While this isn't too much of an issue for some arches as they added the
functionality to the kernel at the same time, not all arches are that
lucky.
Since the code already has dedicated names for each feature, delete the
defines wiring these three features together and make each one a proper
dedicated knob.
We've been carrying this in Gentoo since glibc-2.9.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
fopen should set the FD_CLOEXEC flag if requested evenif the kernel does
not support an aotmic operation.
freopen should reuse the file descriptor for the stream. This is
especially important for calls to change the standard streams (stin,
stdout, stderr).
The old implementation uses fd 0 to determine the login TTY. This
was needed because using /dev/tty it is not possible to deduce the
login TTY. For some time now there is the pseudo-file
/proc/self/loginuid which directly helps us to find the user. Prefer
using this file. It also works if stdin is closed, redirected, or
re-opened.
(__readlinkat_alias): New alias.
(readlinkat): New inline function.
* include/unistd.h (readlinkat): Add libc_hidden_proto.
* sysdeps/unix/sysv/linux/readlinkat.c (readlinkat): Add
libc_hidden_def.
* io/readlinkat.c (readlinkat): Likewise.
* debug/readlinkat_chk.c: New file.
* debug/Makefile (routines): Add readlinkat_chk.
* debug/Versions (libc): Export __readlinkat_chk@@GLIBC_2.5.
* debug/tst-chk1.c (do_test): Add readlinkat tests.
* nis/nss_nisplus/nisplus-netgrp.c: Cleanups.
code is possible. Move compatibility code in .text.compat section.
over gaih array. There is only one function to call in the moment.
2004-06-30 Ulrich Drepper <drepper@redhat.com>
* include/net/if.h: Handle if_nameindex and if_freenameindex with
libc_proto_hidden.
* sysdeps/unix/sysv/linux/netlinkaccess.h: New file.
* sysdeps/unix/sysv/linux/ifaddrs.c: Export netlink handling functions.
* sysdeps/unix/sysv/linux/if_index.c (if_nameindex): Implement using
netlink if possible. Fall back on ioctl method if necessary.
* include/unistd.h: Declare __truncate.
* sysdeps/generic/truncate.c: Also define __truncate.
* sysdeps/mach/hurd/truncate.c: Likewise.
* sysdeps/unix/common/syscalls.list: Likewise.
* sysdeps/unix/sysv/linux/truncate64.c: Use __truncate, not truncate.
* sysdeps/generic/enbl-secure.c (__libc_enable_secure_decided): New
variable.
(__libc_init_secure): Don't do anything if __libc_enable_secure_decided
is nonzero.
* include/unistd.h: Declare __libc_enable_secure_decided.
* elf/dl-support.c (_dl_aux_init): Recognize AT_UID, AT_EUID, AT_GID,
and AT_EGID. If all found, set __libc_enable_secure and
__libc_enable_secure_decided.
* include/libc-symbols.h: Change *hidden_proto macros to accept
option parameters and pass those to the attribute definition.
* include/unistd.h (_exit): Add __noreturn__ to libc_hidden_proto call.
* sysdeps/mach/hurd/_exit.c: Add libc_hidden_def.
* sysdeps/generic/_exit.c: Likewise.
2002-09-12 Jakub Jelinek <jakub@redhat.com>
* elf/rtld.c (struct dl_start_final_info): New.
(_dl_start_final): Change second argument to struct
dl_start_final_info *. Set start_time from info.
(_dl_start): Remove bootstrap_map variable, add info.
Define bootstrap_map as macro. If not DONT_USE_BOOTSTRAP_MAP,
store HP_TIMING_NOW result into info.start_time.
2002-09-14 Ulrich Drepper <drepper@redhat.com>
* include/unistd.h: Declare __exit_thread.
* sysdeps/generic/libc-start.c: Remove dummy_addr.
Wrap call to main in setjmp if HAVE_CANCELBUF is defined.
* sysdeps/unix/sysv/linux/exit-thread.S: New file.
* sysdeps/unix/sysv/linux/_exit.c: New file.
* sysdeps/unix/sysv/linux/i386/_exit.S: New file.
* sysdeps/unix/sysv/linux/Makefile [subdir==posix] (sysdep_routines):
Add exit-thread.
* configure.in: Add dl_iterate_phdr to test using -nostdlib.
file on [!RTLD_STAT64].
* sysdeps/mach/hurd/fxstat64.c: Likewise.
* sysdeps/mach/hurd/tmpfile.c (tmpfile64): Define as alias of tmpfile.
(__fdopen): Use INTUSE.
* sysdeps/mach/hurd/tmpfile64.c: New file, empty placeholder.
* stdio-common/tmpfile64.c: File removed.
* sysdeps/generic/tmpfile64.c: New file.
* sysdeps/generic/tmpfile.c (GEN_THIS): New macro, define to __GT_FILE
if not already defined.
(tmpfile): Use it in place of __GT_FILE.
* include/unistd.h: Declare __chown_internal.
* sysdeps/mach/hurd/sendfile64.c (sendfile64): Do real work here.
* sysdeps/mach/hurd/sendfile.c (sendfile): Call that.
2002-06-09 Roland McGrath <roland@frob.com>
Update to new Hurd RPC interfaces supporting 64-bit file sizes.
* sysdeps/mach/hurd/configure.in: Check for <hurd/version.h> with
value of HURD_INTERFACE_VERSION >= 20020609.
* sysdeps/mach/hurd/configure: Regenerated.
* shlib-versions (.*-.*-gnu-gnu.*): Set libhurduser=0.3.
* sysdeps/mach/hurd/xstatconv.c (xstat64_conv): Rewritten to
convert a struct stat64 into a struct stat and return 0 or -1
with errno set to EOVERFLOW.
* sysdeps/mach/hurd/statfsconv.c (statfs64_conv): Likewise
for struct statfs64 to struct statfs.
* sysdeps/mach/hurd/xstat.c (__xstat): Use converter and call ...
* sysdeps/mach/hurd/xstat64.c (__xstat64): ... this, real work here.
* sysdeps/mach/hurd/fxstat.c (__fxstat): Likewise.
* sysdeps/mach/hurd/fxstat64.c (__fxstat64): Likewise.
* sysdeps/mach/hurd/lxstat.c (__lxstat): Likewise.
* sysdeps/mach/hurd/lxstat64.c (__lxstat64): Likewise.
* sysdeps/mach/hurd/statfs.c (__statfs): Likewise.
* sysdeps/mach/hurd/statfs64.c (__statfs64): Likewise.
* sysdeps/mach/hurd/fstatfs.c (__fstatfs): Likewise.
* sysdeps/mach/hurd/fstatfs64.c (__fstatfs64): Likewise.
* sysdeps/mach/hurd/pwrite64.c (__libc_pwrite64): Do real work here.
* sysdeps/mach/hurd/pwrite.c (__libc_pwrite): Call that.
* sysdeps/mach/hurd/pread64.c (__libc_pread64): Do real work here.
* sysdeps/mach/hurd/pread.c (__libc_pread): Call that.
* sysdeps/mach/hurd/lseek64.c (__libc_lseek64): Do real work here.
* sysdeps/mach/hurd/lseek.c (__libc_lseek): Call that.
* sysdeps/mach/hurd/readdir64.c (__readdir64): Do real work here.
* sysdeps/mach/hurd/readdir.c (__readdir): Call that.
* sysdeps/mach/hurd/readdir64_r.c (__readdir64_r): Do real work here.
* sysdeps/mach/hurd/readdir_r.c (__readdir64_r): Call that.
* hurd/lookup-retry.c (__hurd_file_name_lookup_retry):
Use struct stat64 for io_stat argument.
* sysdeps/mach/hurd/readlink.c (__readlink): Likewise.
* hurd/fopenport.c (seekio): Remove EOVERFLOW check, pass POS directly
to io_seek.
* hurd/fd-read.c (_hurd_fd_read): Use loff_t for OFFSET argument.
* hurd/fd-write.c (_hurd_fd_write): Likewise.
* hurd/hurd/fd.h: Update decls.
* sysdeps/mach/hurd/getcwd.c
(_hurd_canonicalize_directory_name_internal): Use ino64_t
and struct dirent64.
* sysdeps/mach/hurd/dl-sysdep.c (open_file): Use struct stat64.
(__xstat): Renamed to __xstat64, use struct stat64 for argument.
(__fxstat): Renamed to __fxstat64, use struct stat64 for argument.
(__lseek): Renamed to __libc_lseek64, use off64_t for argument.
2002-06-08 Roland McGrath <roland@frob.com>
* sysdeps/mach/hurd/dirstream.h (struct __dirstream): Use size_t
instead of unsigned long int for __allocation and __size members.
2002-05-19 Ulrich Drepper <drepper@redhat.com>
Declare __getpgid_internaland define __getpgid macro if not NOT_IN_libc.
Declare __getpagesize_internaland define __getpagesize macro if not
NOT_IN_libc.
