While debugging a kernel warning, Thomas Gleixner, Sebastian Sewior and
Heiko Carstens found a bug in pthread_mutex_trylock due to misordered
instructions:
140: a5 1b 00 01 oill %r1,1
144: e5 48 a0 f0 00 00 mvghi 240(%r10),0 <--- THREAD_SETMEM (THREAD_SELF, robust_head.list_op_pending, NULL);
14a: e3 10 a0 e0 00 24 stg %r1,224(%r10) <--- last THREAD_SETMEM of ENQUEUE_MUTEX_PI
vs (with compiler barriers):
140: a5 1b 00 01 oill %r1,1
144: e3 10 a0 e0 00 24 stg %r1,224(%r10)
14a: e5 48 a0 f0 00 00 mvghi 240(%r10),0
Please have a look at the discussion:
"Re: WARN_ON_ONCE(!new_owner) within wake_futex_pi() triggerede"
(https://lore.kernel.org/lkml/20190202112006.GB3381@osiris/)
This patch is introducing the same compiler barriers and comments
for pthread_mutex_trylock as introduced for pthread_mutex_lock and
pthread_mutex_timedlock by commit 8f9450a0b7
"Add compiler barriers around modifications of the robust mutex list."
ChangeLog:
[BZ #24180]
* nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock):
Do not use a statement expression in array_length, so that
array_length can be used at file scope and as a constant expression.
Instead, put the _Static_assert into a struct (as a declaration),
and nest this in the expression using a sizeof expression.
One group of warnings seen with -Wextra is warnings for static or
inline not at the start of a declaration (-Wold-style-declaration).
This patch fixes various such cases for inline, ensuring it comes at
the start of the declaration (after any static). A common case of the
fix is "static inline <type> __always_inline"; the definition of
__always_inline starts with __inline, so the natural change is to
"static __always_inline <type>". Other cases of the warning may be
harder to fix (one pattern is a function definition that gets
rewritten to be static by an including file, "#define funcname static
wrapped_funcname" or similar), but it seems worth fixing these cases
with inline anyway.
Tested for x86_64.
* elf/dl-load.h (_dl_postprocess_loadcmd): Use __always_inline
before return type, without separate inline.
* elf/dl-tunables.c (maybe_enable_malloc_check): Likewise.
* elf/dl-tunables.h (tunable_is_name): Likewise.
* malloc/malloc.c (do_set_trim_threshold): Likewise.
(do_set_top_pad): Likewise.
(do_set_mmap_threshold): Likewise.
(do_set_mmaps_max): Likewise.
(do_set_mallopt_check): Likewise.
(do_set_perturb_byte): Likewise.
(do_set_arena_test): Likewise.
(do_set_arena_max): Likewise.
(do_set_tcache_max): Likewise.
(do_set_tcache_count): Likewise.
(do_set_tcache_unsorted_limit): Likewise.
* nis/nis_subr.c (count_dots): Likewise.
* nptl/allocatestack.c (advise_stack_range): Likewise.
* sysdeps/ieee754/dbl-64/s_sin.c (do_cos): Likewise.
(do_sin): Likewise.
(reduce_sincos): Likewise.
(do_sincos): Likewise.
* sysdeps/unix/sysv/linux/x86/elision-conf.c
(do_set_elision_enable): Likewise.
(TUNABLE_CALLBACK_FNDECL): Likewise.
In the i386 case, it appears that the sole remaining LIBC_PROBE was
removed in commit a9fe4c5aa8 ("Support
six-argument syscalls from C for 32-bit x86, use generic
lowlevellock-futex.h (bug 18138)."), when
sysdeps/unix/sysv/linux/i386/lowlevellock-futex.h was replaced with
the generic version.
For x86_64, the relevant change is commit
76f71081cd ("Use generic
lowlevellock-futex.h in x86_64 lowlevellock.h."), again by using the
generic version of <lowlevellock-futex.h>.
Tested on i386 and x86_64, with and without --enable-systemtap.
On big endian systems the test fails with:
tst-bz24153.c:88: numeric comparison failure
left: 1660944385 (0x63000001); from: ch
right: 99 (0x63); from: L'c'
tst-bz24153.c:90: numeric comparison failure
left: 1677721601 (0x64000001); from: ch
right: 100 (0x64); from: L'd'
error: 2 test failures
One 'char' ("%c") is stored to the 'wchar_t *':
ch = 0x00000001 | 0x63000000
This patch is using "%lc" as format specifier to read a wchar_t.
ChangeLog:
* libio/tst-bz24153.c (wide): Use wide char format specifier.
The recent commit 65f7767a91
has introduced __wmemcmp and the weak alias wmemcmp.
This patch also introduces those symbols if glibc is build
with CFLAGS="-march=z13" where the ifunc is omitted.
ChangeLog:
* sysdeps/s390/wmemcmp-vx.S: Add strong alias to
__wmemcmp and weak alias to wmemcmp.
The alignment of TLS variables is wrong if accessed from within a thread
for architectures with tls variant TLS_TCB_AT_TP.
For the main thread the static tls data is properly aligned.
For other threads the alignment depends on the alignment of the thread
pointer as the static tls data is located relative to this pointer.
This patch adds this alignment for TLS_TCB_AT_TP variants in the same way
as it is already done for TLS_DTV_AT_TP. The thread pointer is also already
properly aligned if the user provides its own stack for the new thread.
This patch extends the testcase nptl/tst-tls1.c in order to check the
alignment of the tls variables and it adds a pthread_create invocation
with a user provided stack.
The test itself is migrated from test-skeleton.c to test-driver.c
and the missing support functions xpthread_attr_setstack and xposix_memalign
are added.
ChangeLog:
[BZ #23403]
* nptl/allocatestack.c (allocate_stack): Align pointer pd for
TLS_TCB_AT_TP tls variant.
* nptl/tst-tls1.c: Migrate to support/test-driver.c.
Add alignment checks.
* support/Makefile (libsupport-routines): Add xposix_memalign and
xpthread_setstack.
* support/support.h: Add xposix_memalign.
* support/xthread.h: Add xpthread_attr_setstack.
* support/xposix_memalign.c: New File.
* support/xpthread_attr_setstack.c: Likewise.
With the default "nor" constraint, current GCC will use the "o"
constraint for constants, after emitting the constant to memory. That
results in unparseable Systemtap probe notes such as "-4@.L1052".
Removing the "o" alternative and using "nr" instead avoids this.
One of the warnings that appears with -Wextra is "ordered comparison
of pointer with integer zero" in malloc.c:tcache_get, for the
assertion:
assert (tcache->entries[tc_idx] > 0);
Indeed, a "> 0" comparison does not make sense for
tcache->entries[tc_idx], which is a pointer. My guess is that
tcache->counts[tc_idx] is what's intended here, and this patch changes
the assertion accordingly.
Tested for x86_64.
* malloc/malloc.c (tcache_get): Compare tcache->counts[tc_idx]
with 0, not tcache->entries[tc_idx].
I'm looking at the warnings from building glibc with -Wextra, to see
if we could use -Wextra by default, possibly with a few of its
warnings disabled, and so benefit from warnings in -Wextra but not in
-Wall. (The vast bulk of the extra warnings so produced are from
-Wunused-parameter -Wsign-compare -Wmissing-field-initializers
-Wtype-limits, so I expect those would be disabled at least at first.)
Various miscellaneous warnings show up with -Wextra that it clearly
seems to make sense to fix independent of whether we add -Wextra to
the normal options for building glibc. This patch fixes one:
"initialized field overwritten [-Woverride-init]" in nscd.
Tested for x86_64.
* nscd/connections.c (reqinfo): Initialize SHUTDOWN element only
once.
This fixes the same bug in fnmatch that was fixed by commit 7e2f0d2d77 for
regexp matching. As a side effect it also removes the use of an unbound
VLA.
Since the size argument is unsigned. we should use unsigned Jcc
instructions, instead of signed, to check size.
Tested on x86-64 and x32, with and without --disable-multi-arch.
[BZ #24155]
CVE-2019-7309
* NEWS: Updated for CVE-2019-7309.
* sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the
upper 32 bits of RDX register for x32. Use unsigned Jcc
instructions, instead of signed.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2.
* sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test.
By ordering the suballocations by decreasing alignment, alignment
gaps can be avoided.
Also use __glibc_unlikely for reading the transitions and type
indexes. In the 8-byte case, two reads are now needed because the
transitions and type indexes are no longer adjacent. The separate
call to __fread_unlocked does not matter from a performance point of
view because __tzfile_read is only invoked rarely.
The computation of tzspec_len is moved in front of the total_size
computation, so that the allocation size computation and the
suballocations are next to each other. Also add an assert that
tzspec_len is positive when it is actually used later.
When running the testsuite, building stdlib/isomac.c outputs the
following warning:
gcc -O -D_GNU_SOURCE -DIS_IN_build -include /home/aurel32/glibc-build/config.h isomac.c -o /home/aurel32/glibc-build/stdlib/isomac
isomac.c: In function ‘get_null_defines’:
isomac.c:260:3: warning: implicit declaration of function ‘close’; did you mean ‘pclose’? [-Wimplicit-function-declaration]
close (fd);
^~~~~
pclose
Fix that by adding the <unistd.h> include.
Changelog:
* stdlib/isomac.c: Include <unistd.h>.
The GMT offset can be outside the range of a 16-bit int type, which
is presumably the reason why long int was used in struct tm. We
cannot change struct tm, but we can change the internal type for
the offset.
On Linux, we define _POSIX_PRIORITY_SCHEDULING, but functions such
as sched_setparam and sched_setscheduler apply to individual threads,
not processes.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
As discussed during development for glibc 2.29, when we increased the
required minimum GCC version for building glibc to GCC 5, working
purely based on the times at which such requirements have been
increased in the past it would be appropriate for glibc 2.30 to
require GCC 6 (matching GCC 4.9 having been required for glibc 2.26).
Naming 6.2 specifically as the minimum version then means a separate
version requirement no longer needs to be specified for powerpc64le.
Thus, this patch increases the minimum to 6.2, removing the
documentation of the separate requirement for powerpc64le. It does
not remove the powerpc64le configure test, or any __GNUC_PREREQ that
could be removed as not being in installed headers or files shared
with gnulib; I think such cleanups are best done separately.
Tested for x86_64.
* configure.ac (libc_cv_compiler_ok): Require GCC 6.2 or later.
* configure: Regenerated.
* manual/install.texi (Tools for Compilation): Update minimum GCC
version.
* INSTALL: Regenerated.
Clock_gettime, settime and getres implementations are unncessarily
complex due to using defines and C file inclusion. Simplify the
code by replacing the redundant defines and removing the inclusion,
making it much easier to understand. No functional changes.
* sysdeps/posix/clock_getres.c (__clock_getres): Cleanup.
* sysdeps/unix/clock_gettime.c (__clock_gettime): Cleanup.
* sysdeps/unix/clock_settime.c (__clock_settime): Cleanup.
* sysdeps/unix/sysv/linux/clock_getres.c (__clock_getres): Cleanup.
* sysdeps/unix/sysv/linux/clock_gettime.c (__clock_gettime): Cleanup.
* sysdeps/unix/sysv/linux/clock_settime.c (__clock_settime): Cleanup.
This version uses general register based memory instruction to load
data, because vector register based is slightly slower in emag.
Character-matching is performed on 16-byte (both size and alignment)
memory block in parallel each iteration.
* sysdeps/aarch64/memchr.S (__memchr): Rename to MEMCHR.
[!MEMCHR](MEMCHR): Set to __memchr.
* sysdeps/aarch64/multiarch/Makefile (sysdep_routines):
Add memchr_generic and memchr_nosimd.
* sysdeps/aarch64/multiarch/ifunc-impl-list.c
(__libc_ifunc_impl_list): Add memchr ifuncs.
* sysdeps/aarch64/multiarch/memchr.c: New file.
* sysdeps/aarch64/multiarch/memchr_generic.S: Likewise.
* sysdeps/aarch64/multiarch/memchr_nosimd.S: Likewise.
This version uses general register based memory store instead of
vector register based, for the former is faster than the latter
in emag.
The fact that DC ZVA size in emag is 64-byte, is used by IFUNC
dispatch to select this memset, so that cost of runtime-check on
DC ZVA size can be saved.
* sysdeps/aarch64/multiarch/Makefile (sysdep_routines):
Add memset_emag.
* sysdeps/aarch64/multiarch/ifunc-impl-list.c
(__libc_ifunc_impl_list): Add __memset_emag to memset ifunc.
* sysdeps/aarch64/multiarch/memset.c (libc_ifunc):
Add IS_EMAG check for ifunc dispatch.
* sysdeps/aarch64/multiarch/memset_base64.S: New file.
* sysdeps/aarch64/multiarch/memset_emag.S: New file.
Emag is a 64-bit CPU core released by AmpereComputing.
Add its name to cpu list, and corresponding macro as utilities for
later IFUNC dispatch.
* manual/tunables.texi (Tunable glibc.cpu.name): Add emag.
* sysdeps/unix/sysv/linux/aarch64/cpu-features.c (cpu_list):
Add emag.
* sysdeps/unix/sysv/linux/aarch64/cpu-features.h (IS_EMAG):
New macro.
From time to time I get fails in tst-spawn like:
tst-spawn.c:111: numeric comparison failure
left: 0 (0x0); from: xlseek (fd2, 0, SEEK_CUR)
right: 28 (0x1c); from: strlen (fd2string)
error: 1 test failures
tst-spawn.c:252: numeric comparison failure
left: 1 (0x1); from: WEXITSTATUS (status)
right: 0 (0x0); from: 0
error: 1 test failures
It turned out, that a child process is testing it's open file descriptors
with e.g. a sequence of testing the current position, setting the position
to zero and reading a specific amount of bytes.
Unfortunately starting with commit 2a69f853c0
the test is spawning a second child process which is sharing some of the
file descriptors. If the test sequence as mentioned above is running in parallel
it leads to test failures.
As the second call of posix_spawn shall test a NULL pid argument,
this patch is just moving the waitpid of the first child
before the posix_spawn of the second child.
ChangeLog:
* posix/tst-spawn do_test(): Move waitpid before posix_spawn.
For a full analysis of both the pthread_rwlock_tryrdlock() stall
and the pthread_rwlock_trywrlock() stall see:
https://sourceware.org/bugzilla/show_bug.cgi?id=23844#c14
In the pthread_rwlock_trydlock() function we fail to inspect for
PTHREAD_RWLOCK_FUTEX_USED in __wrphase_futex and wake the waiting
readers.
In the pthread_rwlock_trywrlock() function we write 1 to
__wrphase_futex and loose the setting of the PTHREAD_RWLOCK_FUTEX_USED
bit, again failing to wake waiting readers during unlock.
The fix in the case of pthread_rwlock_trydlock() is to check for
PTHREAD_RWLOCK_FUTEX_USED and wake the readers.
The fix in the case of pthread_rwlock_trywrlock() is to only write
1 to __wrphase_futex if we installed the write phase, since all other
readers would be spinning waiting for this step.
We add two new tests, one exercises the stall for
pthread_rwlock_trywrlock() which is easy to exercise, and one exercises
the stall for pthread_rwlock_trydlock() which is harder to exercise.
The pthread_rwlock_trywrlock() test fails consistently without the fix,
and passes after. The pthread_rwlock_tryrdlock() test fails roughly
5-10% of the time without the fix, and passes all the time after.
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
Signed-off-by: Torvald Riegel <triegel@redhat.com>
Signed-off-by: Rik Prohaska <prohaska7@gmail.com>
Co-authored-by: Torvald Riegel <triegel@redhat.com>
Co-authored-by: Rik Prohaska <prohaska7@gmail.com>
GLIBC explicitly allows one to assign a new FILE pointer to stdout and
other standard streams. printf and wprintf were honouring assignment to
stdout and using the new value, but puts, putchar, and wide char variants
did not.
The stdout part is fixed here. The stdin part will be fixed in a followup.
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
* posix/regexec.c (proceed_next_node):
Do not read past end of input buffer.
If /etc/aliases ends with a continuation line (a line that starts
with whitespace) which does not have a trailing newline character,
the file parser would crash due to a null pointer dereference.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* NEWS: Add the list of bugs fixed in 2.29.
* manual/contrib.texi: Update contributors list with some more
names.
* manual/install.texi: Update latest versions of packages
tested.
* INSTALL: Regenerated.
There was missing restore of $f3 before the return from the function
via the $y_is_neg path. This caused the math/big testcase from Go-1.11
testsuite (that includes lots of corner cases that exercise remqu) FAIL.
[BZ #24130]
* sysdeps/alpha/remqu.S (__remqu): Add missing restore
of $f3 register on $y_is_neg path.
The full representation of the alternative calendar year (%EY)
typically includes an internal use of "%Ey". As a GNU extension,
apply any flags on "%EY" (e.g. "%_EY", "%-EY") to the internal "%Ey",
allowing users of "%EY" to control how the year is padded.
Reviewed-by: Rafal Luzynski <digitalfreak@lingonborough.com>
Reviewed-by: Zack Weinberg <zackw@panix.com>
ChangeLog:
[BZ #24096]
* manual/time.texi (strftime): Document "%EC" and "%EY".
* time/Makefile (tests): Add tst-strftime2.
(LOCALES): Add ja_JP.UTF-8, lo_LA.UTF-8, and th_TH.UTF-8.
* time/strftime_l.c (__strftime_internal): Add argument yr_spec to
override padding for "%Ey".
If an optional flag ('_' or '-') is specified to "%EY", interpret the
"%Ey" in the subformat as if decorated with that flag.
* time/tst-strftime2.c: New file.
In Japanese locales, strftime's alternative year format (%Ey) produces
a year numbered within a time period called an _era_. A new era
typically begins when a new emperor is enthroned. The result of "%Ey"
is therefore usually a one- or two-digit number.
Many programs that display Japanese era dates assume that the era year
is two digits wide. To improve how these programs display dates
during the first nine years of a new era, change "%Ey" to pad one-
digit numbers on the left with a zero. This change applies to all
locales. It is expected to be harmless for other locales that use the
alternative year format (e.g. lo_LA and th_TH, in which "%Ey" produces
the year of the Buddhist calendar) as those calendars' year numbers
are already more than two digits wide, and this is not expected to
change.
This change needs to be in place before 2019-05-01 CE, as a new era is
scheduled to begin on that date.
Reviewed-by: Zack Weinberg <zackw@panix.com>
Reviewed-by: Rafal Luzynski <digitalfreak@lingonborough.com>
ChangeLog:
[BZ #23758]
* manual/time.texi (strftime): Document "%Ey".
* time/strftime_l.c (__strftime_internal): Set the default width
padding with zero of "%Ey" to 2.
Hurd does not support MAP_NORESERVE and MAP_STACK.
Checked on i686-gnu build.
* support/xsigstack.c (MAP_NORESERVE, MAP_STACK): Define if they
are not defined.