Now that abort no longer calls fflush there is no reason to avoid locking
the stdio streams anywhere. This fixes a conformance issue and potential
heap corruption during exit.
Instead of using a special ELF section along with a linker script
directive to put the IO vtables within the RELRO section, the libio
vtables are all moved to an array marked as data.relro (so linker
will place in the RELRO segment without the need of extra directives).
To avoid static linking namespace issues and including all vtable
referenced objects, all required function pointers are set to weak alias.
Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
They are both used by __libc_freeres to free all library malloc
allocated resources to help tooling like mtrace or valgrind with
memory leak tracking.
The current scheme uses assembly markers and linker script entries
to consolidate the free routine function pointers in the RELRO segment
and to be freed buffers in BSS.
This patch changes it to use specific free functions for
libc_freeres_ptrs buffers and call the function pointer array directly
with call_function_static_weak.
It allows the removal of both the internal macros and the linker
script sections.
Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
C2x adds binary integer constants starting with 0b or 0B, and supports
those constants for the %i scanf format (in addition to the %b format,
which isn't yet implemented for scanf in glibc). Implement that scanf
support for glibc.
As with the strtol support, this is incompatible with previous C
standard versions, in that such an input string starting with 0b or 0B
was previously required to be parsed as 0 (with the rest of the input
potentially matching subsequent parts of the scanf format string).
Thus this patch adds 12 new __isoc23_* functions per long double
format (12, 24 or 36 depending on how many long double formats the
glibc configuration supports), with appropriate header redirection
support (generally very closely following that for the __isoc99_*
scanf functions - note that __GLIBC_USE (DEPRECATED_SCANF) takes
precedence over __GLIBC_USE (C2X_STRTOL), so the case of GNU
extensions to C89 continues to get old-style GNU %a and does not get
this new feature). The function names would remain as __isoc23_* even
if C2x ends up published in 2024 rather than 2023.
When scanf %b support is added, I think it will be appropriate for all
versions of scanf to follow C2x rules for inputs to the %b format
(given that there are no compatibility concerns for a new format).
Tested for x86_64 (full glibc testsuite). The first version was also
tested for powerpc (32-bit) and powerpc64le (stdio-common/ and wcsmbs/
tests), and with build-many-glibcs.py.
In the future, this will result in a compilation failure if the
macros are unexpectedly undefined (due to header inclusion ordering
or header inclusion missing altogether).
Assembler sources are more difficult to convert. In many cases,
they are hand-optimized for the mangling and no-mangling variants,
which is why they are not converted.
sysdeps/s390/s390-32/__longjmp.c and sysdeps/s390/s390-64/__longjmp.c
are special: These are C sources, but most of the implementation is
in assembler, so the PTR_DEMANGLE macro has to be undefined in some
cases, to match the assembler style.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This allows us to define a generic no-op version of PTR_MANGLE and
PTR_DEMANGLE. In the future, we can use PTR_MANGLE and PTR_DEMANGLE
unconditionally in C sources, avoiding an unintended loss of hardening
due to missing include files or unlucky header inclusion ordering.
In i386 and x86_64, we can avoid a <tls.h> dependency in the C
code by using the computed constant from <tcb-offsets.h>. <sysdep.h>
no longer includes these definitions, so there is no cyclic dependency
anymore when computing the <tcb-offsets.h> constants.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
On powerpc64le, long double can currently take two formats: the same as
double (-mlong-double-64) or IBM Extended Precision (default with
-mlong-double-128 or explicitly with -mabi=ibmlongdouble). The internal
implementation of printf-like functions is aware of these possibilities
and properly parses floating-point values from the variable arguments,
before making calls to __printf_fp and __printf_fphex. These functions
are also aware of the format possibilities and know how to convert both
formats to string.
When library support for TS 18661-3 was added to glibc, __printf_fp and
__printf_fphex were extended with support for an additional type
(__float128/_Float128) with a different format (binary128). Now that
powerpc64le is getting support for its third long double format, and
taking into account that this format is the same as the format of
__float128/_Float128, this patch extends __vfprintf_internal to properly
call __printf_fp and __printf_fphex with this new format.
Tested for powerpc64le (with additional patches to actually enable the
use of these preparations) and for x86_64.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The codecvt vtable is not a real vtable because it also contains the
conversion state data. Furthermore, wide stream support was added to
GCC 3.0, after a C++ ABI bump, so there is no compatibility
requirement with libstdc++.
This change removes several unmangled function pointers which could
be used with a corrupted FILE object to redirect execution. (libio
vtable verification did not cover the codecvt vtable.)
Reviewed-by: Yann Droneaud <ydroneaud@opteya.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
These variables are only used to determine if a stdio stream is
a pre-allocated stream, but it is possible to do so by comparing
a FILE * to all pre-allocated stream objects. As a result, it is
not necessary to keep those pointers in separate variables.
Behavior with symbol interposition is unchanged because _IO_stdin_,
_IO_stdout_, _IO_stderr_ are exported, and refer to objects outside of
libc if symbol interposition or copy relocations are involved. (The
removed variables _IO_stdin, _IO_stdout, _IO_stderr were not exported,
of course.)
According to ISO C99, passing the same buffer as source and destination
to sprintf, snprintf, vsprintf, or vsnprintf has undefined behavior.
Until the commit
commit 4e2f43f842
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:32:03 2018 -0500
Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)
a call to sprintf or vsprintf with overlapping buffers, for instance
vsprintf (buf, "%sTEXT", buf), would append `TEXT' into buf, while a
call to snprintf or vsnprintf would override the contents of buf.
After the aforementioned commit, the behavior of sprintf and vsprintf
changed (so that they also override the contents of buf).
This patch reverts this behavioral change, because it will likely break
applications that rely on the previous behavior, even though it is
undefined by ISO C. As noted by Szabolcs Nagy, this is used in SPEC2017
507.cactuBSSN_r/src/PUGH/PughUtils.c:
sprintf(mess," Size:");
for (i=0;i<dim+1;i++)
{
sprintf(mess,"%s %d",mess,pughGH->GFExtras[dim]->nsize[i]);
}
More important to notice is the fact that the overwriting of the
destination buffer is not the only behavior affected by the refactoring.
Before the refactoring, sprintf and vsprintf would use _IO_str_jumps,
whereas __sprintf_chk and __vsprintf_chk would use _IO_str_chk_jumps.
After the refactoring, all use _IO_str_chk_jumps, which would make
sprintf and vsprintf report buffer overflows and terminate the program.
This patch also reverts this behavior, by installing the appropriate
jump table for each *sprintf functions.
Apart from reverting the changes, this patch adds a test case that has
the old behavior hardcoded, so that regressions are noticed if something
else unintentionally changes the behavior.
Tested for powerpc64le.
On powerpc64le, long double can currently take two formats: the same as
double (-mlong-double-64) or IBM Extended Precision (default with
-mlong-double-128 or explicitly with -mabi=ibmlongdouble). The internal
implementation of scanf-like functions is aware of these possibilites
and, based on the format in use, properly calls __strtold_internal or
__strtod_internal, saving the return to a variable of type double or
long double.
When library support for TS 18661-3 was added to glibc, a new function,
__strtof128_internal, was added to enable reading of floating-point
values with IEEE binary128 format into the _Float128 type. Now that
powerpc64le is getting support for its third long double format, and
taking into account that this format is the same as the format of
_Float128, this patch extends __vfscanf_internal and __vfwscanf_internal
to call __strtof128_internal or __wcstof128_internal when appropriate.
The result gets saved into a variable of _Float128 type.
Tested for powerpc64le.
The _chk variants of all of the printf functions become much simpler.
This is the last thing that we needed _IO_acquire_lock_clear_flags2
for, so it can go as well. I took the opportunity to make the headers
included and the names of all local variables consistent across all the
affected files.
Since we ultimately want to get rid of __no_long_double as well, it
must be possible to get all of the nontrivial effects of the _chk
functions by calling the _internal functions with appropriate flags.
For most of the __(v)xprintf_chk functions, this is covered by
PRINTF_FORTIFY plus some up-front argument checks that can be
duplicated. However, __(v)sprintf_chk installs a custom jump table so
that it can crash instead of overflowing the output buffer. This
functionality is moved to __vsprintf_internal, which now has a
'maxlen' argument like __vsnprintf_internal; to get the unsafe
behavior of ordinary (v)sprintf, pass -1 for that argument.
obstack_printf_chk and obstack_vprintf_chk are no longer in the same
file.
As a side-effect of the unification of both fortified and non-fortified
vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk
and __vdprintf_chk, which was previously fixed only for dprintf and
vdprintf by the commit
commit 7ca890b88e
Author: Ulrich Drepper <drepper@redhat.com>
Date: Wed Feb 24 16:07:57 2010 -0800
Fix reporting of I/O errors in *dprintf functions.
This patch adds a test case to avoid regressions.
Tested for powerpc and powerpc64le.
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable. Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.
As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.
Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead. It also
turns out there were hardly any internal callers. _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.
Summary for the changes to each of the affected symbols:
_IO_vfprintf, _IO_vsprintf:
All internal calls removed, thus the internal declarations, as well
as uses of libc_hidden_proto and libc_hidden_def, were also removed.
The external symbol is now exposed via uses of ldbl_strong_alias
to __vfprintf_internal and __vsprintf_internal, respectively.
_IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
_IO_vfwprintf, _IO_vswprintf,
_IO_obstack_vprintf, _IO_obstack_printf:
All internal calls removed, thus declaration in internal headers
were also removed. They were never exported, so there are no
aliases tying them to the internal functions. I.e.: entirely gone.
__vsnprintf:
Internal calls were always preceded by macros such as
#define __vsnprintf _IO_vsnprintf, and
#define __vsnprintf vsnprintf
The macros were removed and their uses replaced with calls to the
new internal function __vsnprintf_internal. Since there were no
internal calls, the internal declaration was also removed. The
external symbol is preserved with ldbl_weak_alias to ___vsnprintf.
__vfwprintf:
All internal calls converted into calls to __vfwprintf_internal,
thus the internal declaration was removed. The function is now a
wrapper that calls __vfwprintf_internal. The external symbol is
preserved.
__vswprintf:
Similarly, but no external symbol.
__vasprintf, __vdprintf, __vfprintf, __vsprintf:
New internal wrappers. Not exported.
vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
vfwprintf, vswprintf,
obstack_vprintf, obstack_printf:
These functions used to be aliases to the respective _IO_* function,
they are now aliases to their respective __* functions.
Tested for powerpc and powerpc64le.
Change the callers of __vfscanf_internal and __vfwscanf_internal that
want C99-compliant behavior to communicate this via the new flags
argument, rather than setting bits on the FILE object. This also
means these functions do not need to do their own locking.
Tested for powerpc and powerpc64le.
There are two flags currently defined: SCANF_LDBL_IS_DBL is the mode
used by __nldbl_ scanf variants, and SCANF_ISOC99_A is the mode used
by __isoc99_ scanf variants. In this patch, the new functions honor
these flag bits if they're set, but they still also look at the
corresponding bits of environmental state, and callers all pass zero.
The new functions do *not* have the "errp" argument possessed by
_IO_vfscanf and _IO_vfwscanf. All internal callers passed NULL for
that argument. External callers could theoretically exist, so I
preserved wrappers, but they are flagged as compat symbols and they
don't preserve the three-way distinction among types of errors that
was formerly exposed. These functions probably should have been in
the list of deprecated _IO_ symbols in 2.27 NEWS -- they're not just
aliases for vfscanf and vfwscanf.
(It was necessary to introduce ldbl_compat_symbol for _IO_vfscanf.
Please check that part of the patch very carefully, I am still not
confident I understand all of the details of ldbl-opt.)
This patch also introduces helper inlines in libio/strfile.h that
encapsulate the process of initializing an _IO_strfile object for
reading. This allows us to call __vfscanf_internal directly from
sscanf, and __vfwscanf_internal directly from swscanf, without
duplicating the initialization code. (Previously, they called their
v-counterparts, but that won't work if we want to control *both* C99
mode and ldbl-is-dbl mode using the flags argument to__vfscanf_internal.)
It's still a little awkward, especially for wide strfiles, but it's
much better than what we had.
Tested for powerpc and powerpc64le.
This patch eliminates a number of #if 0 and #ifdef TODO blocks, macros
that are never used, macros that provide portability to substrates that
lack basic things like EINVAL and off_t, and other such debris.
I preserved IO_DEBUG and CHECK_FILE, even though as far as I can tell
IO_DEBUG is never defined and therefore CHECK_FILE never does
anything, because it seems like we might actually want to turn it _on_.
Installed stripped libraries and executables are unchanged, except,
again, that the line number of an assertion changes (this time it's
somewhere in fileops.c).
* libio/libio.h (_IO_pos_BAD, _IO_pos_0, _IO_pos_adjust):
Define here, unconditionally.
* libio/iolibio.h (_IO_pos_BAD): Don't define here.
* libio/libioP.h: Remove #if 0 blocks.
(_IO_pos_BAD, _IO_pos_0, _IO_pos_adjust): Don't define here.
(_IO_va_start, COERCE_FILE, MAYBE_SET_EINVAL): Don't define.
(CHECK_FILE): Don't use MAYBE_SET_EINVAL or COERCE_FILE. Fix style.
* libio/clearerr.c, libio/fputc.c, libio/getchar.c:
Assume weak_alias is always defined.
* libio/fileops.c, libio/genops.c, libio/oldfileops.c
* libio/oldpclose.c, libio/pclose.c, libio/wfileops.c:
Remove #if 0 and #ifdef TODO blocks.
Assume text_set_element is always defined.
* libio/iofdopen.c, libio/iogetdelim.c, libio/oldiofdopen.c
Use __set_errno (EINVAL) instead of MAYBE_SET_EINVAL.
* libio/tst-mmap-eofsync.c: Make #if 1 block unconditional.
This entirely mechanical (except for some indentation fixups) patch
replaces all uses of _IO_file_flags with _flags and removes the #define.
Installed stripped libraries and executables are unchanged by this patch.
* libio/libio.h (_IO_file_flags): Remove macro.
All uses changed to _flags.
This patch eliminates the "compatibility defines"
_IO_UNIFIED_JUMPTABLES (always defined to 1, used in a number of #ifs
which are therefore always false), _STDIO_USES_IOSTREAM (unused),
__HAVE_COLUMN (unused), _IO_BE (replaced with __glibc_unlikely), and
yet another redundant definition of EOF.
Installed stripped libraries are unchanged by this patch.
* libio/libio.h (_IO_UNIFIED_JUMPTABLES, _STDIO_USES_IOSTREAM)
(__HAVE_COLUMN, _IO_BE): Don't define.
(_IO_peekc_unlocked, _IO_getwc_unlocked, _IO_putwc_unlocked)
(_IO_fwide_maybe_incompatible): Use __glibc_unlikely.
* libio/libioP.h (EOF): Don't define.
* libio/iofdopen.c, libio/iofopen.c, libio/iopopen.c
* libio/iovdprintf.c, libio/oldiofdopen.c, libio/oldiofopen.c
* libio/oldiopopen.c, debug/vdprintf_chk.c: Remove #if block
testing _IO_UNIFIED_JUMPTABLES.
This patch mechanically removes all remaining uses, and the
definitions, of the following libio name aliases:
name replaced with
---- -------------
_IO_FILE FILE
_IO_fpos_t __fpos_t
_IO_fpos64_t __fpos64_t
_IO_size_t size_t
_IO_ssize_t ssize_t or __ssize_t
_IO_off_t off_t
_IO_off64_t off64_t
_IO_pid_t pid_t
_IO_uid_t uid_t
_IO_wint_t wint_t
_IO_va_list va_list or __gnuc_va_list
_IO_BUFSIZ BUFSIZ
_IO_cookie_io_functions_t cookie_io_functions_t
__io_read_fn cookie_read_function_t
__io_write_fn cookie_write_function_t
__io_seek_fn cookie_seek_function_t
__io_close_fn cookie_close_function_t
I used __fpos_t and __fpos64_t instead of fpos_t and fpos64_t because
the definitions of fpos_t and fpos64_t depend on the largefile mode.
I used __ssize_t and __gnuc_va_list in a handful of headers where
namespace cleanliness might be relevant even though they're
internal-use-only. In all other cases, I used the public-namespace
name.
There are a tiny handful of places where I left a use of 'struct _IO_FILE'
alone, because it was being used together with 'struct _IO_FILE_plus'
or 'struct _IO_FILE_complete' in the same arithmetic expression.
Because this patch was almost entirely done with search and replace, I
may have introduced indentation botches. I did proofread the diff,
but I may have missed something.
The ChangeLog below calls out all of the places where this was not a
pure search-and-replace change.
Installed stripped libraries and executables are unchanged by this patch,
except that some assertions in vfscanf.c change line numbers.
* libio/libio.h (_IO_FILE): Delete; all uses changed to FILE.
(_IO_fpos_t): Delete; all uses changed to __fpos_t.
(_IO_fpos64_t): Delete; all uses changed to __fpos64_t.
(_IO_size_t): Delete; all uses changed to size_t.
(_IO_ssize_t): Delete; all uses changed to ssize_t or __ssize_t.
(_IO_off_t): Delete; all uses changed to off_t.
(_IO_off64_t): Delete; all uses changed to off64_t.
(_IO_pid_t): Delete; all uses changed to pid_t.
(_IO_uid_t): Delete; all uses changed to uid_t.
(_IO_wint_t): Delete; all uses changed to wint_t.
(_IO_va_list): Delete; all uses changed to va_list or __gnuc_va_list.
(_IO_BUFSIZ): Delete; all uses changed to BUFSIZ.
(_IO_cookie_io_functions_t): Delete; all uses changed to
cookie_io_functions_t.
(__io_read_fn): Delete; all uses changed to cookie_read_function_t.
(__io_write_fn): Delete; all uses changed to cookie_write_function_t.
(__io_seek_fn): Delete; all uses changed to cookie_seek_function_t.
(__io_close_fn): Delete: all uses changed to cookie_close_function_t.
* libio/iofopncook.c: Remove unnecessary forward declarations.
* libio/iolibio.h: Correct outdated commentary.
* malloc/malloc.c (__malloc_stats): Remove unnecessary casts.
* stdio-common/fxprintf.c (__fxprintf_nocancel):
Remove unnecessary casts.
* stdio-common/getline.c: Use _IO_getdelim directly.
Don't redefine ssize_t.
* stdio-common/printf_fp.c, stdio_common/printf_fphex.c
* stdio-common/printf_size.c: Don't redefine size_t or FILE.
Remove outdated comments.
* stdio-common/vfscanf.c: Don't redefine va_list.
As requested by Adhemerval, this patch removes some preprocessor
conditionals from the libio headers that were only relevant when
building libio outside glibc.
Installed stripped libraries and executables are unchanged by this
patch.
* libio/iolibio.h, libio/libioP.h: Remove extern "C".
* libio/libio.h: Remove __BEGIN_DECLS and __END_DECLS.
Remove preprocessor conditionals on _LIBC and __USE_GNU,
which are always true, and __cplusplus, which is always false.
Nearly everything in _G_config.h is either junk or more appropriately
defined elsewhere:
* _G_fpos_t, _G_fpos64_t, and _G_BUFSIZ are already completely unused.
* All remaining uses of _G_va_list have been changed to __gnuc_va_list.
* The definition of _G_HAVE_ST_BLKSIZE/_IO_HAVE_ST_BLKSIZE has
been inlined into its sole use.
* The complete definition of _G_iconv_t has been moved to libio.h and
renamed _IO_iconv_t (all actual users used that name).
* _G_IO_IO_FILE_VERSION is vestigial; some code cares whether
_IO_stdin_used exists, but nothing looks at its value. I've
preserved the value as a hardwired constant in csu/init.c.
This means csu/init.c no longer needs to include anything.
* Many of the headers included by _G_config.h were already being
included directly by either either libio.h or stdio.h; the
remaining ones were moved to libio.h.
* _G_HAVE_MREMAP is still relevant, because mremap genuinely is a
Linux extension; it's not in POSIX and as far as I can tell it's
not available on the Hurd either. I also preserved _G_HAVE_MMAP,
since it's conceivable someone would want to port glibc to a
MMU-less, mmap-less environment in the future. Both are now always
defined to 1/0 as is the current convention, instead of the older
1/undef convention. These are the only symbols still defined in
_G_config.h.
* The actual inclusion of _G_config.h moves from libio.h to libioP.h,
as this is where a potential override of _G_HAVE_MMAP happens.
* The #ifdef logic in libioP.h controlling _IO_JUMPS_OFFSET has been
simplified.
After this patch, the only surviving _G_ symbols are the struct tag
names _G_fpos_t and _G_fpos64_t, which are preserved for the sake of
C++ mangled names in applications, and _G_HAVE_MMAP and _G_HAVE_MREMAP,
which do not seem worth renaming.
Installed stripped libraries are unchanged by this patch.
* bits/_G_config.h: Move back to sysdeps/generic/_G_config.h.
Delete all contents except for definitions of _G_HAVE_MMAP and
_G_HAVE_MREMAP. Add commentary explaining those two symbols.
* sysdeps/unix/sysv/linux/bits/_G_config.h: Move back to
sysdeps/unix/sysv/linux/_G_config.h. Make same content
change as above.
* libio/libio.h: Don't include bits/_G_config.h here.
Include stddef.h with __need_wchar_t defined. Include
bits/types/__mbstate_t.h, bits/types/wint_t.h, and gconv.h.
Define _IO_iconv_t here, directly.
Don't define _IO_HAVE_ST_BLKSIZE.
* libio/libioP.h: Include _G_config.h here. Move include of
shlib-compat.h up with rest of includes. Simplify conditionals
controlling definition of _IO_JUMPS_OFFSET.
* csu/init.c: Remove always-true #if around entire file.
Don't include stdio.h. Set _IO_stdin_used to hardwired
constant 0x20001, and update commentary.
* include/stdio.h, sysdeps/ieee754/ldbl-opt/nldbl-compat.h:
Replace all uses of _G_va_list with __gnuc_va_list.
* libio/filedoalloc.c: Use #if defined _STATBUF_ST_BLKSIZE
instead of #if _IO_HAVE_ST_BLKSIZE.
* libio/fileops.c: Test _G_HAVE_MREMAP with #if, not #ifdef.
* libio/iofdopen.c, libio/iofopen.c: Test _G_HAVE_MMAP with #if,
not #ifdef.
We can't go very far with libio cleanups as long as we still have
_IO_MTSAFE_IO, and I am not tackling that in this patch series,
but we can at least make the maze of stdio-related headers a
little less complicated.
In this patch, libio.h moves back out of bits/ into the top level of
the libio subdirectory, and is merged with libio/bits/libio-ldbl.h
(which also used to be installed) and include/libio.h. Since almost
no files include libio.h directly, this is quite straightforward.
libio.h is now always used with _LIBC defined, so all of the _LIBC ||
_GLIBCPP_USE_WCHAR_T conditionals are unnecessary. Similarly, the
ifdef nest surrounding the definition of _IO_fwide_maybe_incompatible
can collapse down to a single SHLIB_COMPAT check. I also took the
opportunity to add some checks for configuration botches to libio.h.
Installed stripped libraries are unchanged by this patch.
* libio/bits/libio.h: Move back to libio/libio.h and adjust
multiple-include guard to match.
Merge contents of libio/bits/libio-ldbl.h and include/libio.h
into this file.
Remove preprocessor conditionals that are always true and/or
redundant to other preprocessor conditionals in the same nest.
Include shlib-compat.h unconditionally.
Error out if _LIBC is not defined, or if _ISOMAC is defined,
or if _IO_MTSAFE_IO is defined but _IO_lock_t_defined is not
defined after including stdio.h.
Use __BEGIN_DECLS/__END_DECLS.
* libio/bits/libio-ldbl.h, include/bits/libio.h: Delete file.
* include/stdio.h, libio/iolibio.h, libio/libioP.h: Include
libio.h as <libio/libio.h> rather than as <bits/libio.h>.
We shipped 2.27 with libio.h and _G_config.h still installed but
issuing warnings when used. Let's stop installing them early in 2.28
so that we have plenty of time to think of another plan if there are
problems.
The public stdio.h had a genuine dependency on libio.h for the
complete definitions of FILE and cookie_io_functions_t, and a genuine
dependency on _G_config.h for the complete definitions of fpos_t and
fpos64_t; these are moved to single-type headers.
bits/types/struct_FILE.h also provides a handful of accessor and
bitflags macros so that code is not duplicated between bits/stdio.h
and libio.h. All the other _IO_ and _G_ names used by the public
stdio.h can be replaced with either public names or __-names.
In order to minimize the risk of breaking our own compatibility code,
bits/types/struct_FILE.h preserves the _IO_USE_OLD_IO_FILE mechanism
exactly as it was in libio.h, but you have to define _LIBC to use it,
or it'll error out. Similarly, _IO_lock_t_defined is preserved
exactly, but will error out if used without defining _LIBC.
Internally, include/stdio.h continues to include libio.h, and libio.h
scrupulously provides every _IO_* and _G_* name that it always did,
perhaps now defined in terms of the public names. This is how this
patch avoids touching dozens of files throughout glibc and becoming
entangled with the _IO_MTSAFE_IO mess. The remaining patches in this
series eliminate most of the _G_ names.
Tested on x86_64-linux; in addition to the test suite, I installed the
library in a sysroot and verified that a simple program that uses
stdio.h could be compiled against the installed library, and I also
verified that installed stripped libraries are unchanged.
* libio/bits/types/__fpos_t.h, libio/bits/types/__fpos64_t.h:
New single-type headers split from _G_config.h.
* libio/bits/types/cookie_io_functions_t.h
* libio/bits/types/struct_FILE.h
New single-type headers split from libio.h.
* libio/Makefile: Install the above new headers. Don't install
libio.h, _G_config.h, bits/libio.h, bits/_G_config.h, or
bits/libio-ldbl.h.
* libio/_G_config.h, libio/libio.h: Delete file.
* libio/bits/libio.h: Remove improper-inclusion guard.
Include stdio.h and don't repeat anything that it does.
Define _IO_fpos_t as __fpos_t, _IO_fpos64_t as __fpos64_t,
_IO_BUFSIZ as BUFSIZ, _IO_va_list as __gnuc_va_list,
__io_read_fn as cookie_read_function_t,
__io_write_fn as cookie_write_function_t,
__io_seek_fn as cookie_seek_function_t,
__io_close_fn as cookie_close_function_t,
and _IO_cookie_io_functions_t as cookie_io_functions_t.
Define _STDIO_USES_IOSTREAM, __HAVE_COLUMN, and _IO_file_flags
here, in the "compatibility defines" section. Remove an #if 0
block. Use the "body" macros from bits/types/struct_FILE.h to
define _IO_getc_unlocked, _IO_putc_unlocked, _IO_feof_unlocked,
and _IO_ferror_unlocked.
Move prototypes of __uflow and __overflow...
* libio/stdio.h: ...here. Don't include bits/libio.h.
Don't define _STDIO_USES_IOSTREAM. Get __gnuc_va_list
directly from stdarg.h. Include bits/types/__fpos_t.h,
bits/types/__fpos64_t.h, bits/types/struct_FILE.h,
and, when __USE_GNU, bits/types/cookie_io_functions_t.h.
Use __gnuc_va_list, not _G_va_list; __fpos_t, not _G_fpos_t;
__fpos64_t, not _G_fpos64_t; FILE, not struct _IO_FILE;
cookie_io_functions_t, not _IO_cookie_io_functions_t;
__ssize_t, not _IO_ssize_t. Unconditionally define
BUFSIZ as 8192 and EOF as (-1).
* libio/bits/stdio.h: Add multiple-include guard. Use the "body"
macros from bits/types/struct_FILE.h instead of _IO_* macros
from libio.h; use __gnuc_va_list instead of va_list and __ssize_t
instead of _IO_ssize_t.
* libio/bits/stdio2.h: Similarly.
* libio/iolibio.h: Add multiple-include guard.
Include bits/libio.h after stdio.h.
* libio/libioP.h: Add multiple-include guard.
Include stdio.h and bits/libio.h before iolibio.h.
* include/bits/types/__fpos_t.h, include/bits/types/__fpos64_t.h
* include/bits/types/cookie_io_functions_t.h
* include/bits/types/struct_FILE.h: New wrappers.
* bits/_G_config.h, sysdeps/unix/sysv/linux/_G_config.h:
Get definitions of _G_fpos_t and _G_fpos64_t from
bits/types/__fpos_t.h and bits/types/__fpos64_t.h
respectively. Remove improper-inclusion guards.
* conform/data/stdio.h-data: Update expectations of va_list.
* scripts/check-installed-headers.sh: Remove special case for
libio.h and _G_config.h.
Locking overhead can be significant in some stdio operations
that are common in single threaded applications.
This patch adds the _IO_FLAGS2_NEED_LOCK flag to indicate if
an _IO_FILE object needs to be locked and some of the stdio
functions just jump to their _unlocked variant when not. The
flag is set on all _IO_FILE objects when the first thread is
created. A new GLIBC_PRIVATE libc symbol, _IO_enable_locks,
was added to do this from libpthread.
The optimization can be applied to more stdio functions,
currently it is only applied to single flag check or single
non-wide-char standard operations. The flag should probably
be never set for files with _IO_USER_LOCK, but that's just a
further optimization, not a correctness requirement.
The optimization is valid in a single thread because stdio
operations are non-as-safe (so lock state is not observable
from a signal handler) and stdio locks are recursive (so lock
state is not observable via deadlock). The optimization is not
valid if a thread may be created while an stdio lock is taken
and thus it should be disabled if any user code may run during
an stdio operation (interposed malloc, printf hooks, etc).
This makes the optimization more complicated for some stdio
operations (e.g. printf), but those are bigger and thus less
important to optimize so this patch does not try to do that.
* libio/libio.h (_IO_FLAGS2_NEED_LOCK, _IO_need_lock): Define.
* libio/libioP.h (_IO_enable_locks): Declare.
* libio/Versions (_IO_enable_locks): New symbol.
* libio/genops.c (_IO_enable_locks): Define.
(_IO_old_init): Initialize flags2.
* libio/feof.c.c (_IO_feof): Avoid locking when not needed.
* libio/ferror.c (_IO_ferror): Likewise.
* libio/fputc.c (fputc): Likewise.
* libio/putc.c (_IO_putc): Likewise.
* libio/getc.c (_IO_getc): Likewise.
* libio/getchar.c (getchar): Likewise.
* libio/ioungetc.c (_IO_ungetc): Likewise.
* nptl/pthread_create.c (__pthread_create_2_1): Enable stdio locks.
* libio/iofopncook.c (_IO_fopencookie): Enable locking for the file.
* sysdeps/pthread/flockfile.c (__flockfile): Likewise.
* libio/iofopncook.c (_IO_cookie_read, _IO_cookie_write,
_IO_cookie_seek, _IO_cookie_close, _IO_old_cookie_seek)
[!PTR_DEMANGLE]: Do not call PTR_DEMANGLE.
(set_callbacks) [!PTR_MANGLE]: Do not call PTR_MANGLE.
* libio/vtables.c (_IO_vtable_check)
[!PTR_DEMANGLE]: Do not call PTR_DEMANGLE.
* libio/libioP.h (IO_set_accept_foreign_vtables)
[!PTR_MANGLE]: Do not call PTR_MANGLE.
This commit puts all libio vtables in a dedicated, read-only ELF
section, so that they are consecutive in memory. Before any indirect
jump, the vtable pointer is checked against the section boundaries,
and the process is terminated if the vtable pointer does not fall into
the special ELF section.
To enable backwards compatibility, a special flag variable
(_IO_accept_foreign_vtables), protected by the pointer guard, avoids
process termination if libio stream object constructor functions have
been called earlier. Such constructor functions are called by the GCC
2.95 libstdc++ library, and this mechanism ensures compatibility with
old binaries. Existing callers inside glibc of these functions are
adjusted to call the original functions, not the wrappers which enable
vtable compatiblity.
The compatibility mechanism is used to enable passing FILE * objects
across a static dlopen boundary, too.
ChangeLog:
2014-03-17 Will Newton <will.newton@linaro.org>
* libio/genops.c: Check whether
_IO_JUMPS_OFFSET is defined with #ifdef rather
than #if.
* libio/libioP.h: Likewise.
* stdio-common/vfprintf.c: Likewise.
ftell semantics are distinct from fseek(SEEK_CUR) especially when it
is called on a file handler that is not yet active. Due to this
caveat, much care needs to be taken while modifying the handler data
and hence, this first iteration on separating out ftell focusses on
maintaining handler data integrity at all times while it figures out
the current stream offset. The result is that it makes a syscall for
every offset request.
There is scope for optimizing this by caching offsets when we know
that the handler is active. A simple way to find out is when the
buffers have data. It is not so simple to find this out when the
buffer is empty without adding some kind of flag.