Commit Graph

40817 Commits

Author SHA1 Message Date
Arjun Shankar
ddf542da94 syslog: Fix integer overflow in __vsyslog_internal (CVE-2023-6780)
__vsyslog_internal calculated a buffer size by adding two integers, but
did not first check if the addition would overflow.  This commit fixes
that.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2024-01-30 15:53:37 +01:00
Arjun Shankar
7e5a0c286d syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
__vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation.  If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.  This commit fixes that.

All snprintf/vsnprintf calls are checked for negative return values and
the function silently returns upon encountering them.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-30 15:53:37 +01:00
Arjun Shankar
6bd0e4efcc syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.  This commit fixes that.  It also adds a new regression test
that uses glibc.malloc.check.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2024-01-30 15:53:37 +01:00
Joseph Myers
8aeec0eb5a Use binutils 2.42 branch in build-many-glibcs.py
This patch makes build-many-glibcs.py use binutils 2.42 branch.

Tested with build-many-glibcs.py (host-libraries, compilers and glibcs
builds).
2024-01-30 14:20:35 +00:00
Andreas Schwab
9c72830eb3 elf: correct relocation statistics for !ELF_MACHINE_START_ADDRESS
Fixes: 6628c742b2 ("elf: Remove prelink support")
2024-01-29 18:27:35 +01:00
Carlos O'Donell
ae49a7b29a Relicense IBM portions of resolv/base64.c resolv/res_debug.c.
This change relicenses the IBM portions of resolv/base64.c and
resolv/res_debug.c to a new license that does not have use-limited
patent language.  The top-level LICENSE file is updated with the
license.

The relicensing was approved by IBM.

Signed-off-by: Brad Topol, IBM Director of Open Technologies <btopol@us.ibm.com>
Signed-off-by: Richard Fontana <rfontana@redhat.com>
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
2024-01-26 13:33:36 -05:00
Mike FABIAN
5176a830e7 localedata: Use consistent values for grouping and mon_grouping
Resolves: BZ # 31205

Adapt test cases in test-grouping_iterator.c
2024-01-25 11:41:02 +01:00
Dennis Brendel
c06c8aeb61 manual: fix order of arguments of memalign and aligned_alloc (Bug 27547)
On the summary page the order of the function arguments was reversed, but it is
in correct order in the other places of the manual.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-24 12:10:38 -05:00
Florian Weimer
486452affb manual, NEWS: Document malloc side effect of dynamic TLS changes
The increased malloc subsystem usage is a side effect of
commit d2123d6827 ("elf: Fix slow tls
access after dlopen [BZ #19924]").

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2024-01-24 09:34:15 +01:00
Florian Weimer
aeb497d1fe NEWS: Update temporary files ignored by ldconfig
Fixes commit 2aa0974d25 ("elf: ldconfig
should skip temporary files created by package managers") and
commit cfb5a97a93 ("ldconfig: Fixes for
skipping temporary files.").

Reported-by: Guillem Jover <guillem@debian.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-24 09:34:15 +01:00
Andreas K. Hüttel
e73ac3fca1
po: Incorporate translations (sr)
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-01-23 22:28:23 +01:00
Adhemerval Zanella
77c6a2717d string: Disable stack protector for memset in early static initialization
For ports that use the default memset, the compiler might generate early
calls before the stack protector is initialized (for instance, riscv
with -fstack-protector-all on _dl_aux_init).

Checked on riscv64-linux-gnu-rv64imafdc-lp64d.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-23 10:22:59 -03:00
Xi Ruoyao
dfa3394a60 qsort: Fix a typo causing unnecessary malloc/free (BZ 31276)
In qsort_r we allocate a buffer sized QSORT_STACK_SIZE (1024) on stack
and we intend to use it if all elements can fit into it.  But there is a
typo:

    if (total_size < sizeof buf)
      buf = tmp;
    else
      /* allocate a buffer on heap and use it ... */

Here "buf" is a pointer, thus sizeof buf is just 4 or 8, instead of
1024.  There is also a minor issue that we should use "<=" instead of
"<".

This bug is detected debugging some strange heap corruption running the
Ruby-3.3.0 test suite (on an experimental Linux From Scratch build using
Binutils-2.41.90 and Glibc trunk, and also Fedora Rawhide [1]).  It
seems Ruby is doing some wild "optimization" by jumping into somewhere
in qsort_r instead of calling it normally, resulting in a double free of
buf if we allocate it on heap.  The issue can be reproduced
deterministically with:

    LD_PRELOAD=/usr/lib/libc_malloc_debug.so MALLOC_CHECK_=3 \
    LD_LIBRARY_PATH=. ./ruby test/runner.rb test/ruby/test_enum.rb

in Ruby-3.3.0 tree after building it.  This change would hide the issue
for Ruby, but Ruby is likely still buggy (if using this "optimization"
sorting larger arrays).

[1]:https://kojipkgs.fedoraproject.org/work/tasks/9729/111889729/build.log

Signed-off-by: Xi Ruoyao <xry111@xry111.site>
2024-01-23 05:17:31 -08:00
Andreas Schwab
6edaa12b41 riscv: add support for static PIE
In order to support static PIE the startup code must avoid relocations
before __libc_start_main is called.
2024-01-22 14:58:23 +01:00
Adhemerval Zanella
bcf2abd43b sh: Fix static build with --enable-fortify
For static the internal symbols should not be prepended with the
internal __GI_.

Checked with a make check for sh4-linux-gnu.
2024-01-22 10:04:53 -03:00
Adhemerval Zanella
926a4bdbb5 sparc: Fix sparc64 memmove length comparison (BZ 31266)
The small counts copy bytes comparsion should be unsigned (as the
memmove size argument).  It fixes string/tst-memmove-overflow on
sparcv9, where the input size triggers an invalid code path.

Checked on sparc64-linux-gnu and sparcv9-linux-gnu.
2024-01-22 09:34:50 -03:00
Adhemerval Zanella
369efd8177 sparc64: Remove unwind information from signal return stubs [BZ#31244]
Similar to sparc32 fix, remove the unwind information on the signal
return stubs.  This fixes the regressions:

FAIL: nptl/tst-cancel24-static
FAIL: nptl/tst-cond8-static
FAIL: nptl/tst-mutex8-static
FAIL: nptl/tst-mutexpi8-static
FAIL: nptl/tst-mutexpi9

On sparc64-linux-gnu.
2024-01-22 09:34:50 -03:00
Adhemerval Zanella
dd57f5e7b6 sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574)
The sparc32 is always 32 bits.

Checked on sparcv9-linux-gnu.
2024-01-22 09:34:50 -03:00
Adhemerval Zanella
3bffe5aa2d Use --disable-default-pie for sparc in build-many-glibcs.py
The staticcally built binaries fails without this option [1].

Checked on sparc64-linux-gnu and sparcv9-linux-gnu.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=29575
2024-01-22 09:34:50 -03:00
Joseph Myers
b86cb494f9 Further build-many-glibcs.py fixes for utcnow() deprecation
It turns out that the replacement of datetime.datetime.utcnow(), for a
warning produced early in running build-many-glibcs.py with Python
3.12, (a) wasn't complete (there were other uses elsewhere in the
script also needing updating) and (b) broke reading of build-time from
build-state.json, because an aware datetime was written out including
+00:00 for the timezone, which was not expected by the strptime call.

Fix the first by making the change to
datetime.datetime.now(datetime.timezone.utc) for all the remaining
utcnow() calls.  Fix the second by using strftime with an explicit
format instead of just str() when formatting build times for
build-state.json and and email subjects, and then setting the timezone
explicitly when reading from build-state.json.  (Other uses, in
particular messages output by the bot, continue to use str() as the
precise format should not matter in those cases; it shouldn't actually
matter for email subjects either but it seems a good idea to keep
those short.)

Tested with a bot-cycle run and checking the format of times in
build-state.json afterwards.
2024-01-19 13:30:34 +00:00
Daniel Cederman
87d921e270 sparc: Do not test preservation of NaN payloads for LEON
The FPU used by LEON does not preserve NaN payload. This change allows
the math/test-*-canonicalize tests to pass on LEON.

Signed-off-by: Daniel Cederman <cederman@gaisler.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-18 08:27:44 -03:00
Daniel Cederman
45f7ea26c1 sparc: Force calculation that raises exception
Use the math_force_eval() macro to force the calculation to complete and
raise the exception.

With this change the math/test-fenv test pass.

Signed-off-by: Daniel Cederman <cederman@gaisler.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-18 08:27:44 -03:00
Daniel Cederman
a8f7c77970 sparc: Fix llrint and llround missing exceptions on SPARC V8
Conversions from a float to a long long on SPARC v8 uses a libgcc function
that may not raise the correct exceptions on overflow. It also may raise
spurious "inexact" exceptions on non overflow cases. This patch fixes the
problem in the same way as for RV32.

Signed-off-by: Daniel Cederman <cederman@gaisler.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-18 08:27:44 -03:00
Daniel Cederman
7bd06985c0 sparc: Remove unwind information from signal return stubs [BZ #31244]
The functions were previously written in C, but were not compiled
with unwind information. The ENTRY/END macros includes .cfi_startproc
and .cfi_endproc which adds unwind information. This caused the
tests cleanup-8 and cleanup-10 in the GCC testsuite to fail.
This patch adds a version of the ENTRY/END macros without the
CFI instructions that can be used instead.

sigaction registers a restorer address that is located two instructions
before the stub function. This patch adds a two instruction padding to
avoid that the unwinder accesses the unwind information from the function
that the linker has placed right before it in memory. This fixes an issue
with pthread_cancel that caused tst-mutex8-static (and other tests) to fail.

Signed-off-by: Daniel Cederman <cederman@gaisler.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-18 08:27:44 -03:00
Daniel Cederman
82a35070ec sparc: Prevent stfsr from directly following floating-point instruction
On LEON, if the stfsr instruction is immediately following a floating-point
operation instruction in a running program, with no other instruction in
between the two, the stfsr might behave as if the order was reversed
between the two instructions and the stfsr occurred before the
floating-point operation.

Add a nop instruction before the stfsr to prevent this from happening.

Signed-off-by: Daniel Cederman <cederman@gaisler.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-18 08:27:44 -03:00
Daniel Cederman
3bb1350c36 sparc: Use existing macros to avoid code duplication
Macros for using inline assembly to access the fp state register exists
in both fenv_private.h and in fpu_control.h. Let fenv_private.h use the
macros from fpu_control.h

Signed-off-by: Daniel Cederman <cederman@gaisler.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-18 08:27:43 -03:00
Mike FABIAN
8393f4f72b localedata: renamed: aa_ER@saaho -> ssy_ER
Resolves: BZ # 19956
2024-01-18 11:44:38 +01:00
Mike FABIAN
f1ff1fbfbf Define ISO 639-3 "ssy" (Saho)
Related: BZ # 19956

References:
https://iso639-3.sil.org/code/ssy
https://en.wikipedia.org/wiki/Saho_language
2024-01-18 11:01:10 +01:00
Mike FABIAN
8e474d5e40 localedata: add crh_RU, Crimean Tartar language in the Cyrillic script as used in Russia.
Resolves: BZ # 24386
2024-01-18 09:18:57 +01:00
Mike FABIAN
ce787f36e6 localedata: tr_TR, ku_TR: Sync with CLDR: “Turkey” -> “Türkiye”
Resolves: BZ # 31257
2024-01-18 08:30:34 +01:00
Mike FABIAN
70e26de105 localedata: miq_NI: Shorten month names in abmon
Resolves: BZ # 23172
2024-01-18 07:56:24 +01:00
Joseph Myers
6511b579a5 Update kernel version to 6.7 in header constant tests
This patch updates the kernel version in the tests tst-mman-consts.py,
tst-mount-consts.py and tst-pidfd-consts.py to 6.7.  (There are no new
constants covered by these tests in 6.7 that need any other header
changes.)

Tested with build-many-glibcs.py.
2024-01-17 21:15:37 +00:00
Mike FABIAN
ce77e6919f localedata: add gbm_IN locale
Resolves: BZ # 19479
2024-01-17 17:50:33 +01:00
Mike FABIAN
692dfa8729 Define ISO 639-3 "gbm" (Garhwali)
Related: BZ # 19479

References:
https://iso639-3.sil.org/code/gbm
https://en.wikipedia.org/wiki/Garhwali_language
2024-01-17 17:19:31 +01:00
Joseph Myers
df11c05be9 Update syscall lists for Linux 6.7
Linux 6.7 adds the futex_requeue, futex_wait and futex_wake syscalls,
and enables map_shadow_stack for architectures previously missing it.
Update syscall-names.list and regenerate the arch-syscall.h headers
with build-many-glibcs.py update-syscalls.

Tested with build-many-glibcs.py.
2024-01-17 15:38:54 +00:00
Joseph Myers
5b5982028b Use Linux 6.7 in build-many-glibcs.py
This patch makes build-many-glibcs.py use Linux 6.7.

Tested with build-many-glibcs.py (host-libraries, compilers and glibcs
builds).
2024-01-17 11:35:35 +00:00
Adhemerval Zanella
31bd548650 stdlib: Remove unused is_aligned function from qsort.c
Checked on x86_64-linux-gnu.
2024-01-17 08:08:56 -03:00
H.J. Lu
e2803cfd8b NEWS: Mention PLT rewrite on x86-64
Mention PLT rewrite on x86-64 for glibc 2.39.
2024-01-16 11:03:45 -08:00
Kuan-Wei Chiu
1bb28b7b4f stdlib: Verify heapsort for two-element cases
Adjust the testing approach to start from scenarios with only 2
elements, as insertion sort no longer handles such cases.

Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-16 11:00:51 -03:00
Kuan-Wei Chiu
74d2731a5f stdlib: Fix heapsort for cases with exactly two elements
When malloc fails to allocate a buffer and falls back to heapsort, the
current heapsort implementation does not perform sorting when there are
exactly two elements. Heapsort is now skipped only when there is
exactly one element.

Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-16 11:00:51 -03:00
Mike FABIAN
9d2703c109 localedata: anp_IN: Fix abbreviated month names
Resolves: BZ # 31239

The correct abbreviated month names were apparently given in the comment above `abmon`.
But the value of `abmon` was apparently just copied from the value of `mon` and this
mistake was hard to see because code point notation <Uxxxx> was used. After converting
to UTF-8 it was obvious that there was apparently a copy and paste mistake.
2024-01-15 23:12:48 +01:00
Adhemerval Zanella
709fbd3ec3 stdlib: Reinstate stable mergesort implementation on qsort
The mergesort removal from qsort implementation (commit 03bf8357e8)
had the side-effect of making sorting nonstable.  Although neither
POSIX nor C standard specify that qsort should be stable, it seems
that it has become an instance of Hyrum's law where multiple programs
expect it.

Also, the resulting introsort implementation is not faster than
the previous mergesort (which makes the change even less appealing).

This patch restores the previous mergesort implementation, with the
exception of machinery that checks the resulting allocation against
the _SC_PHYS_PAGES (it only adds complexity and the heuristic not
always make sense depending on the system configuration and load).
The alloca usage was replaced with a fixed-size buffer.

For the fallback mechanism, the implementation uses heapsort.  It is
simpler than quicksort, and it does not suffer from adversarial
inputs.  With memory overcommit, it should be rarely triggered.

The drawback is mergesort requires O(n) extra space, and since it is
allocated with malloc the function is AS-signal-unsafe.  It should be
feasible to change it to use mmap, although I am not sure how urgent
it is.  The heapsort is also nonstable, so programs that require a
stable sort would still be subject to this latent issue.

The tst-qsort5 is removed since it will not create quicksort adversarial
inputs with the current qsort_r implementation.

Checked on x86_64-linux-gnu and aarch64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-01-15 15:58:35 -03:00
H.J. Lu
457bd9cf2e x86-64: Check if mprotect works before rewriting PLT
Systemd execution environment configuration may prohibit changing a memory
mapping to become executable:

MemoryDenyWriteExecute=
Takes a boolean argument. If set, attempts to create memory mappings
that are writable and executable at the same time, or to change existing
memory mappings to become executable, or mapping shared memory segments
as executable, are prohibited.

When it is set, systemd service stops working if PLT rewrite is enabled.
Check if mprotect works before rewriting PLT.  This fixes BZ #31230.
This also works with SELinux when deny_execmem is on.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-15 06:59:23 -08:00
Szabolcs Nagy
7100d9ae21 aarch64: Add NEWS entry about libmvec for 2.39
Auto-vectorizing scalar calls is now supported.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-15 14:54:30 +00:00
Mike FABIAN
064c708c78 localedata/unicode-gen/utf8_gen.py: fix Hangul syllable name
Resolves: BZ # 29506
2024-01-14 11:42:28 +01:00
Sunil K Pandey
9d94997b5f x86_64: Optimize ffsll function code size.
Ffsll function randomly regress by ~20%, depending on how code gets
aligned in memory.  Ffsll function code size is 17 bytes.  Since default
function alignment is 16 bytes, it can load on 16, 32, 48 or 64 bytes
aligned memory.  When ffsll function load at 16, 32 or 64 bytes aligned
memory, entire code fits in single 64 bytes cache line.  When ffsll
function load at 48 bytes aligned memory, it splits in two cache line,
hence random regression.

Ffsll function size reduction from 17 bytes to 12 bytes ensures that it
will always fit in single 64 bytes cache line.

This patch fixes ffsll function random performance regression.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-13 12:20:08 -08:00
Mike FABIAN
fe6c8bab3a localedata: Remove redundant comments 2024-01-13 00:54:40 +01:00
Yanzhang Wang
e0590f41fe RISC-V: Enable static-pie.
This patch referents the commit 374cef3 to add static-pie support. And
because the dummy link map is used when relocating ourselves, so need
not to set __global_pointer$ at this time.

It will also check whether toolchain supports to build static-pie.
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-12 15:11:45 -03:00
Adhemerval Zanella
061eaf0244 linux: Fix fstat64 on alpha and sparc64
The 551101e824 change is incorrect for
alpha and sparc, since __NR_stat is defined by both kABI.  Use
__NR_newfstat to check whether to fallback to __NR_fstat64 (similar
to what fstatat64 does).

Checked on sparc64-linux-gnu.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-01-12 15:11:11 -03:00
Wilco Dijkstra
08ddd26814 math: remove exp10 wrappers
Remove the error handling wrapper from exp10.  This is very similar to
the changes done to exp and exp2, except that we also need to handle
pow10 and pow10l.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-01-12 16:02:12 +00:00