Commit Graph

34062 Commits

Author SHA1 Message Date
Aurelien Jarno
198bfee808 Only build libm with -fno-math-errno (bug 24024)
Commit 1294b1892e ("Add support for sqrt asm redirects") added the
-fno-math-errno flag to build most of the glibc in order to enable GCC
to inline math functions. Due to GCC bug #88576, saving and restoring
errno around calls to malloc are optimized-out. In turn this causes
strerror to set errno to ENOMEM if it get passed an invalid error number
and if malloc sets errno to ENOMEM (which might happen even if it
succeeds). This is not allowed by POSIX.

This patch changes the build flags, building only libm with
-fno-math-errno and all the remaining code with -fno-math-errno. This
should be safe as libm doesn't contain any code saving and restoring
errno around malloc. This patch can probably be reverted once the GCC
bug is fixed and available in stable releases.

Tested on x86-64, no regression in the testsuite.

Changelog:
	[BZ #24024]
	* Makeconfig: Build libm with -fno-math-errno but build the remaining
	code with -fmath-errno.
	* string/Makefile [$(build-shared)] (tests): Add test-strerror-errno.
	[$(build-shared)] (LDLIBS-test-strerror-errno): New variable.
	* string/test-strerror-errno.c: New file.

(cherry picked from commit 2ef4271688)
2019-01-08 21:06:25 +01:00
Martin Jansa
1e5c5303a5 sysdeps/ieee754/soft-fp: ignore maybe-uninitialized with -O [BZ #19444]
* with -O, -O1, -Os it fails with:

In file included from ../soft-fp/soft-fp.h:318,
                 from ../sysdeps/ieee754/soft-fp/s_fdiv.c:28:
../sysdeps/ieee754/soft-fp/s_fdiv.c: In function '__fdiv':
../soft-fp/op-2.h:98:25: error: 'R_f1' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        X##_f0 = (X##_f1 << (_FP_W_TYPE_SIZE - (N)) | X##_f0 >> (N) \
                         ^~
../sysdeps/ieee754/soft-fp/s_fdiv.c:38:14: note: 'R_f1' was declared here
   FP_DECL_D (R);
              ^
../soft-fp/op-2.h:37:36: note: in definition of macro '_FP_FRAC_DECL_2'
   _FP_W_TYPE X##_f0 _FP_ZERO_INIT, X##_f1 _FP_ZERO_INIT
                                    ^
../soft-fp/double.h:95:24: note: in expansion of macro '_FP_DECL'
 # define FP_DECL_D(X)  _FP_DECL (2, X)
                        ^~~~~~~~
../sysdeps/ieee754/soft-fp/s_fdiv.c:38:3: note: in expansion of macro 'FP_DECL_D'
   FP_DECL_D (R);
   ^~~~~~~~~
../soft-fp/op-2.h:101:17: error: 'R_f0' may be used uninitialized in this function [-Werror=maybe-uninitialized]
       : (X##_f0 << (_FP_W_TYPE_SIZE - (N))) != 0)); \
                 ^~
../sysdeps/ieee754/soft-fp/s_fdiv.c:38:14: note: 'R_f0' was declared here
   FP_DECL_D (R);
              ^
../soft-fp/op-2.h:37:14: note: in definition of macro '_FP_FRAC_DECL_2'
   _FP_W_TYPE X##_f0 _FP_ZERO_INIT, X##_f1 _FP_ZERO_INIT
              ^
../soft-fp/double.h:95:24: note: in expansion of macro '_FP_DECL'
 # define FP_DECL_D(X)  _FP_DECL (2, X)
                        ^~~~~~~~
../sysdeps/ieee754/soft-fp/s_fdiv.c:38:3: note: in expansion of macro 'FP_DECL_D'
   FP_DECL_D (R);
   ^~~~~~~~~

Build tested with Yocto for ARM, AARCH64, X86, X86_64, PPC, MIPS, MIPS64
with -O, -O1, -Os.
For AARCH64 it needs one more fix in locale for -Os.

	[BZ #19444]
	* sysdeps/ieee754/soft-fp/s_fdiv.c: Include <libc-diag.h> and use
	DIAG_PUSH_NEEDS_COMMENT, DIAG_IGNORE_NEEDS_COMMENT and
	DIAG_POP_NEEDS_COMMENT to disable -Wmaybe-uninitialized.

(cherry picked from commit 4a06ceea33)
2019-01-03 15:13:10 -02:00
Aurelien Jarno
2a8612b278 ARM: fix kernel assisted atomics with GCC 8 (bug 24034)
The pre-ARMv7 CPUs are missing atomic compare and exchange and/or
barrier instructions. Therefore those are implemented using kernel
assistance, calling a kernel function at a specific address, and passing
the arguments in the r0 to r4 registers. This is done by specifying
registers for local variables. The a_ptr variable is placed in the r2
register and declared with __typeof (mem). According to the GCC
documentation on local register variables, if mem is a constant pointer,
the compiler may substitute the variable with its initializer in asm
statements, which may cause the corresponding operand to appear in a
different register.

This happens in __libc_start_main with the pointer to the thread counter
for static binaries (but not the shared ones):

  # ifdef SHARED
        unsigned int *ptr = __libc_pthread_functions.ptr_nthreads;
  #  ifdef PTR_DEMANGLE
        PTR_DEMANGLE (ptr);
  #  endif
  # else
        extern unsigned int __nptl_nthreads __attribute ((weak));
        unsigned int *const ptr = &__nptl_nthreads;
  # endif

This causes static binaries using threads to crash when the GNU libc is
built with GCC 8 and most notably tst-cancel21-static.

To fix that, use the same trick than for the volatile qualifier,
defining a_ptr as a union.

Changelog:
	[BZ #24034]
	* sysdeps/unix/sysv/linux/arm/atomic-machine.h
	(__arm_assisted_compare_and_exchange_val_32_acq): Use uint32_t rather
	than __typeof (...) for the a_ptr variable.
(cherry picked from commit fe20bb1d60)
2019-01-03 15:59:14 +01:00
H.J. Lu
be62bbb621 riscv: Use __has_include__ to include <asm/syscalls.h> [BZ #24022]
<asm/syscalls.h> has been removed by

commit 27f8899d6002e11a6e2d995e29b8deab5aa9cc25
Author: David Abdurachmanov <david.abdurachmanov@gmail.com>
Date:   Thu Nov 8 20:02:39 2018 +0100

    riscv: add asm/unistd.h UAPI header

    Marcin Juszkiewicz reported issues while generating syscall table for riscv
    using 4.20-rc1. The patch refactors our unistd.h files to match some other
    architectures.

    - Add asm/unistd.h UAPI header, which has __ARCH_WANT_NEW_STAT only for 64-bit
    - Remove asm/syscalls.h UAPI header and merge to asm/unistd.h
    - Adjust kernel asm/unistd.h

    So now asm/unistd.h UAPI header should show all syscalls for riscv.

<asm/syscalls.h> may be restored by

Subject: [PATCH] riscv: restore asm/syscalls.h UAPI header
Date: Tue, 11 Dec 2018 09:09:35 +0100

UAPI header asm/syscalls.h was merged into UAPI asm/unistd.h header,
which did resolve issue with missing syscalls macros resulting in
glibc (2.28) build failure. It also broke glibc in a different way:
asm/syscalls.h is being used by glibc. I noticed this while doing
Fedora 30/Rawhide mass rebuild.

The patch returns asm/syscalls.h header and incl. it into asm/unistd.h.
I plan to send a patch to glibc to use asm/unistd.h instead of
asm/syscalls.h

In the meantime, we use __has_include__, which was added to GCC 5, to
check if <asm/syscalls.h> exists before including it.  Tested with
build-many-glibcs.py for riscv against kernel 4.19.12 and 4.20-rc7.

	[BZ #24022]
	* sysdeps/unix/sysv/linux/riscv/flush-icache.c: Check if
	<asm/syscalls.h> exists with __has_include__ before including it.

(cherry picked from commit 0b9c84906f)
2019-01-03 14:13:32 +01:00
Florian Weimer
bee4baf6d7 intl: Do not return NULL on asprintf failure in gettext [BZ #24018]
Fixes commit 9695dd0c93 ("DCIGETTEXT:
Use getcwd, asprintf to construct absolute pathname").

(cherry picked from commit 8c1aafc1f3)
2019-01-02 16:46:12 +01:00
Florian Weimer
8f83d095fa malloc: Always call memcpy in _int_realloc [BZ #24027]
This commit removes the custom memcpy implementation from _int_realloc
for small chunk sizes.  The ncopies variable has the wrong type, and
an integer wraparound could cause the existing code to copy too few
elements (leaving the new memory region mostly uninitialized).
Therefore, removing this code fixes bug 24027.

(cherry picked from commit b50dd3bc8c)
2019-01-01 10:46:55 +01:00
Aurelien Jarno
69b914a99e Update Alpha libm-test-ulps
Changelog:
	* sysdeps/alpha/fpu/libm-test-ulps: Regenerated.
2018-12-28 11:24:48 +01:00
Adhemerval Zanella
27e039455d m68k: Fix sigaction kernel definition (BZ #23967)
Commit b4a5d26d88 (linux: Consolidate sigaction implementation) added
a wrong kernel_sigaction definition for m68k, meant for __NR_sigaction
instead of __NR_rt_sigaction as used on generic Linux sigaction
implementation.  This patch fixes it by using the Linux generic
definition meant for the RT kernel ABI.

Checked the signal tests on emulated m68-linux-gnu (Aranym).  It fixes
the faulty signal/tst-sigaction and man works as expected.

	Adhemerval Zanella  <adhemerval.zanella@linaro.org>
	James Clarke  <jrtc27@jrtc27.com>

	[BZ #23967]
	* sysdeps/unix/sysv/linux/kernel_sigaction.h (HAS_SA_RESTORER):
	Define if SA_RESTORER is defined.
	(kernel_sigaction): Define sa_restorer if HAS_SA_RESTORER is defined.
	(SET_SA_RESTORER, RESET_SA_RESTORER): Define iff the macro are not
	already defined.
	* sysdeps/unix/sysv/linux/m68k/kernel_sigaction.h (SA_RESTORER,
	kernel_sigaction, SET_SA_RESTORER, RESET_SA_RESTORER): Remove
	definitions.
	(HAS_SA_RESTORER): Define.
	* sysdeps/unix/sysv/linux/sparc/kernel_sigaction.h (SA_RESTORER,
	SET_SA_RESTORER, RESET_SA_RESTORER): Remove definition.
	(HAS_SA_RESTORER): Define.
	* sysdeps/unix/sysv/linux/nios2/kernel_sigaction.h: Include generic
	kernel_sigaction after define SET_SA_RESTORER and RESET_SA_RESTORER.
	* sysdeps/unix/sysv/linux/powerpc/kernel_sigaction.h: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/sigaction.c: Likewise.

(cherry picked from commit 43a45c2d82)
2018-12-19 08:52:43 -02:00
Andreas Schwab
b4ce4476fc RISC-V: properly terminate call chain (bug 23125)
Mark the ra register as undefined in _start, so that unwinding through
main works correctly.  Also, don't use a tail call so that ra points after
the call to __libc_start_main, not after the previous call.

(cherry picked from commit 2dd12baa04)
2018-12-15 21:57:43 +01:00
Florian Weimer
1a8db070fa support: Do not require overflow builtin in support/blob_repeat.c
It is only available in GCC 5 and later.

Tested-by: Romain Naour <romain.naour@gmail.com>
(cherry picked from commit 0c1719e65b)
2018-12-15 19:09:25 +01:00
Andreas Schwab
4d7af7815a Fix rwlock stall with PREFER_WRITER_NONRECURSIVE_NP (bug 23861)
In the read lock function (__pthread_rwlock_rdlock_full) there was a
code path which would fail to reload __readers while waiting for
PTHREAD_RWLOCK_RWAITING to change. This failure to reload __readers
into a local value meant that various conditionals used the old value
of __readers and with only two threads left it could result in an
indefinite stall of one of the readers (waiting for PTHREAD_RWLOCK_RWAITING
to go to zero, but it never would).

(cherry picked from commit f21e8f8ca4)
2018-12-13 11:58:04 -05:00
Tulio Magno Quites Machado Filho
852620258d powerpc: Add missing CFI register information (bug #23614)
Add CFI information about the offset of registers stored in the stack
frame.

	[BZ #23614]
	* sysdeps/powerpc/powerpc64/addmul_1.S (FUNC): Add CFI offset for
	registers saved in the stack frame.
	* sysdeps/powerpc/powerpc64/lshift.S (__mpn_lshift): Likewise.
	* sysdeps/powerpc/powerpc64/mul_1.S (__mpn_mul_1): Likewise.

Signed-off-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Gabriel F. T. Gomes <gabriel@inconstante.eti.br>
(cherry picked from commit 1d880d4a9b)
2018-12-13 09:42:22 +01:00
DJ Delorie
ea16a6938d malloc: Add another test for tcache double free check.
This one tests for BZ#23907 where the double free
test didn't check the tcache bin bounds before dereferencing
the bin.

[BZ #23907]
* malloc/tst-tcfree3.c: New.
* malloc/Makefile: Add it.

(cherry picked from commit 7c9a7c6836)
2018-12-12 12:04:12 +01:00
Florian Weimer
b5a9a19b82 inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927]
(cherry picked from commit 899478c2bf)
2018-12-12 12:04:12 +01:00
Florian Weimer
4c2dada507 support: Implement <support/descriptors.h> to track file descriptors
(cherry picked from commit f255336a93)
2018-12-12 12:04:10 +01:00
Florian Weimer
874c28c9f5 support: Close original descriptors in support_capture_subprocess
(cherry picked from commit 02cd5c1a8d)
2018-12-12 12:03:36 +01:00
Florian Weimer
9dd07a91db support_quote_string: Do not use str parameter name
This avoids a build failure if this identifier is used as a macro
in a test.

(cherry picked from commit 47d8d9a217)
2018-12-12 12:03:36 +01:00
Florian Weimer
4718b053df support: Implement support_quote_string
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
(cherry picked from commit c74a91deaa)
2018-12-12 12:03:26 +01:00
Florian Weimer
5f1ae50a78 compat getdents64: Use correct offset for retry [BZ #23972]
d_off is the offset of the *next* entry, not the offset of the current
entry.

(cherry picked from commit 8d20a2f414)
2018-12-10 16:50:37 +01:00
Tulio Magno Quites Machado Filho
8c89e6b02d Fix _dl_profile_fixup data-dependency issue (Bug 23690)
There is a data-dependency between the fields of struct l_reloc_result
and the field used as the initialization guard. Users of the guard
expect writes to the structure to be observable when they also observe
the guard initialized. The solution for this problem is to use an acquire
and release load and store to ensure previous writes to the structure are
observable if the guard is initialized.

The previous implementation used DL_FIXUP_VALUE_ADDR (l_reloc_result->addr)
as the initialization guard, making it impossible for some architectures
to load and store it atomically, i.e. hppa and ia64, due to its larger size.

This commit adds an unsigned int to l_reloc_result to be used as the new
initialization guard of the struct, making it possible to load and store
it atomically in all architectures. The fix ensures that the values
observed in l_reloc_result are consistent and do not lead to crashes.
The algorithm is documented in the code in elf/dl-runtime.c
(_dl_profile_fixup). Not all data races have been eliminated.

Tested with build-many-glibcs and on powerpc, powerpc64, and powerpc64le.

	[BZ #23690]
	* elf/dl-runtime.c (_dl_profile_fixup): Guarantee memory
	modification order when accessing reloc_result->addr.
	* include/link.h (reloc_result): Add field init.
	* nptl/Makefile (tests): Add tst-audit-threads.
	(modules-names): Add tst-audit-threads-mod1 and
	tst-audit-threads-mod2.
	Add rules to build tst-audit-threads.
	* nptl/tst-audit-threads-mod1.c: New file.
	* nptl/tst-audit-threads-mod2.c: Likewise.
	* nptl/tst-audit-threads.c: Likewise.
	* nptl/tst-audit-threads.h: Likewise.

Signed-off-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit e5d262effe)
2018-12-07 09:05:49 -05:00
DJ Delorie
b8dd0f4278 malloc: tcache double free check
* malloc/malloc.c (tcache_entry): Add key field.
(tcache_put): Set it.
(tcache_get): Likewise.
(_int_free): Check for double free in tcache.
* malloc/tst-tcfree1.c: New.
* malloc/tst-tcfree2.c: New.
* malloc/Makefile: Run the new tests.
* manual/probes.texi: Document memory_tcache_double_free probe.

* dlfcn/dlerror.c (check_free): Prevent double frees.

(cherry picked from commit bcdaad21d4)

malloc: tcache: Validate tc_idx before checking for double-frees [BZ #23907]

The previous check could read beyond the end of the tcache entry
array.  If the e->key == tcache cookie check happened to pass, this
would result in crashes.

(cherry picked from commit affec03b71)
2018-11-28 15:45:42 -05:00
Florian Weimer
ce6ba630db CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
(cherry picked from commit d527c860f5)
2018-11-27 18:40:56 +01:00
Florian Weimer
f5cc21eaee Revert "malloc: tcache double free check" [BZ #23907]
This reverts commit 481a6cf0c2, the
backport of commit bcdaad21d4 on the
master branch.
2018-11-22 22:05:57 +01:00
DJ Delorie
481a6cf0c2 malloc: tcache double free check
* malloc/malloc.c (tcache_entry): Add key field.
(tcache_put): Set it.
(tcache_get): Likewise.
(_int_free): Check for double free in tcache.
* malloc/tst-tcfree1.c: New.
* malloc/tst-tcfree2.c: New.
* malloc/Makefile: Run the new tests.
* manual/probes.texi: Document memory_tcache_double_free probe.

* dlfcn/dlerror.c (check_free): Prevent double frees.
2018-11-20 14:01:18 -05:00
Florian Weimer
2c7078bfb9 support: Print timestamps in timeout handler
This is sometimes useful to determine if a test truly got stuck, or if
it was making progress (logging information to standard output) and
was merely slow to finish.

(cherry picked from commit 35e3fbc451)
2018-11-19 15:42:03 +01:00
Szabolcs Nagy
10f1519f6a Increase timeout of libio/tst-readline
Increase timeout from the default 20s to 100s. This test makes close to
20 million syscalls with distribution:

12327675 read
 4143204 lseek
  929475 close
  929471 openat
   92817 fstat
    1431 write
...

The default timeout assumes each can finish in 1us on average which
is not true on slow machines.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

	* libio/tst-readline.c (TIMEOUT): Define.

(cherry picked from commit ed643089cd)
2018-11-19 14:21:24 +01:00
Joseph Myers
f44c2ca5ea Update kernel version in syscall-names.list to 4.19.
Linux 4.19 does not add any new syscalls (some existing ones are added
to more architectures); this patch updates the version number in
syscall-names.list to reflect that it's still current for 4.19.

Tested with build-many-glibcs.py.

	* sysdeps/unix/sysv/linux/syscall-names.list: Update kernel
	version to 4.19.

(cherry picked from commit 029ad711b8)
2018-11-09 10:17:19 -05:00
Paul Eggert
e7388e5134 Fix tzfile low-memory assertion failure
[BZ #21716]
* time/tzfile.c (__tzfile_read): Check for memory exhaustion
when registering time zone abbreviations.

(cherry picked from commit e4e4fde51a)
2018-11-09 10:17:13 -05:00
Paul Pluzhnikov
9071be6b3f [BZ #20271] Add newlines in __libc_fatal calls.
(cherry picked from commit a6e8926f8d)
2018-11-09 10:17:07 -05:00
Florian Weimer
7d174f5353 nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
addinnetgrX may use the heap-allocated buffer, so free the buffer
in this function.

(cherry picked from commit 745664bd79)
2018-11-09 10:17:00 -05:00
Istvan Kurucsai
53a7e59405 malloc: Additional checks for unsorted bin integrity I.
On Thu, Jan 11, 2018 at 3:50 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 11/07/2017 04:27 PM, Istvan Kurucsai wrote:
>>
>> +          next = chunk_at_offset (victim, size);
>
>
> For new code, we prefer declarations with initializers.

Noted.

>> +          if (__glibc_unlikely (chunksize_nomask (victim) <= 2 * SIZE_SZ)
>> +              || __glibc_unlikely (chunksize_nomask (victim) >
>> av->system_mem))
>> +            malloc_printerr("malloc(): invalid size (unsorted)");
>> +          if (__glibc_unlikely (chunksize_nomask (next) < 2 * SIZE_SZ)
>> +              || __glibc_unlikely (chunksize_nomask (next) >
>> av->system_mem))
>> +            malloc_printerr("malloc(): invalid next size (unsorted)");
>> +          if (__glibc_unlikely ((prev_size (next) & ~(SIZE_BITS)) !=
>> size))
>> +            malloc_printerr("malloc(): mismatching next->prev_size
>> (unsorted)");
>
>
> I think this check is redundant because prev_size (next) and chunksize
> (victim) are loaded from the same memory location.

I'm fairly certain that it compares mchunk_size of victim against
mchunk_prev_size of the next chunk, i.e. the size of victim in its
header and footer.

>> +          if (__glibc_unlikely (bck->fd != victim)
>> +              || __glibc_unlikely (victim->fd != unsorted_chunks (av)))
>> +            malloc_printerr("malloc(): unsorted double linked list
>> corrupted");
>> +          if (__glibc_unlikely (prev_inuse(next)))
>> +            malloc_printerr("malloc(): invalid next->prev_inuse
>> (unsorted)");
>
>
> There's a missing space after malloc_printerr.

Noted.

> Why do you keep using chunksize_nomask?  We never investigated why the
> original code uses it.  It may have been an accident.

You are right, I don't think it makes a difference in these checks. So
the size local can be reused for the checks against victim. For next,
leaving it as such avoids the masking operation.

> Again, for non-main arenas, the checks against av->system_mem could be made
> tighter (against the heap size).  Maybe you could put the condition into a
> separate inline function?

We could also do a chunk boundary check similar to what I proposed in
the thread for the first patch in the series to be even more strict.
I'll gladly try to implement either but believe that refining these
checks would bring less benefits than in the case of the top chunk.
Intra-arena or intra-heap overlaps would still be doable here with
unsorted chunks and I don't see any way to counter that besides more
generic measures like randomizing allocations and your metadata
encoding patches.

I've attached a revised version with the above comments incorporated
but without the refined checks.

Thanks,
Istvan

From a12d5d40fd7aed5fa10fc444dcb819947b72b315 Mon Sep 17 00:00:00 2001
From: Istvan Kurucsai <pistukem@gmail.com>
Date: Tue, 16 Jan 2018 14:48:16 +0100
Subject: [PATCH v2 1/1] malloc: Additional checks for unsorted bin integrity
 I.

Ensure the following properties of chunks encountered during binning:
- victim chunk has reasonable size
- next chunk has reasonable size
- next->prev_size == victim->size
- valid double linked list
- PREV_INUSE of next chunk is unset

    * malloc/malloc.c (_int_malloc): Additional binning code checks.

(cherry picked from commit b90ddd08f6)
2018-11-09 10:16:51 -05:00
Moritz Eckert
7e40c3f804 malloc: Mitigate null-byte overflow attacks
* malloc/malloc.c (_int_free): Check for corrupt prev_size vs size.
(malloc_consolidate): Likewise.

(cherry picked from commit d6db68e66d)
2018-11-09 10:16:43 -05:00
Pochang Chen
510a25f2d2 malloc: Verify size of top chunk.
The House of Force is a well-known technique to exploit heap
overflow. In essence, this exploit takes three steps:
1. Overwrite the size of top chunk with very large value (e.g. -1).
2. Request x bytes from top chunk. As the size of top chunk
   is corrupted, x can be arbitrarily large and top chunk will
   still be offset by x.
3. The next allocation from top chunk will thus be controllable.

If we verify the size of top chunk at step 2, we can stop such attack.

(cherry picked from commit 30a17d8c95)
2018-11-09 10:16:35 -05:00
Joseph Myers
168035056e Update syscall-names.list for Linux 4.18.
This patch updates sysdeps/unix/sysv/linux/syscall-names.list for
Linux 4.18.  The io_pgetevents and rseq syscalls are added to the
kernel on various architectures, so need to be mentioned in this file.

Tested with build-many-glibcs.py.

	* sysdeps/unix/sysv/linux/syscall-names.list: Update kernel
	version to 4.18.
	(io_pgetevents): New syscall.
	(rseq): Likewise.

(cherry picked from commit 17b26500f9)
2018-11-09 10:16:19 -05:00
Alexandra Hájková
b21abc069f Add an additional test to resolv/tst-resolv-network.c
Test for the infinite loop in getnetbyname, bug #17630.

(cherry picked from commit ac8060265b)
2018-11-09 14:38:21 +01:00
H.J. Lu
3e8d8dd5af Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509]
Linkers group input note sections with the same name into one output
note section with the same name.  One output note section is placed in
one PT_NOTE segment.  Since new linkers merge input .note.gnu.property
sections into one output .note.gnu.property section, there is only
one NT_GNU_PROPERTY_TYPE_0 note in one PT_NOTE segment with new linkers.
Since older linkers treat input .note.gnu.property section as a generic
note section and just concatenate all input .note.gnu.property sections
into one output .note.gnu.property section without merging them, we may
see multiple NT_GNU_PROPERTY_TYPE_0 notes in one PT_NOTE segment with
older linkers.

When an older linker is used to created the program on CET-enabled OS,
the linker output has a single .note.gnu.property section with multiple
NT_GNU_PROPERTY_TYPE_0 notes, some of which have IBT and SHSTK enable
bits set even if the program isn't CET enabled.  Such programs will
crash on CET-enabled machines.  This patch updates the note parser:

1. Skip note parsing if a NT_GNU_PROPERTY_TYPE_0 note has been processed.
2. Check multiple NT_GNU_PROPERTY_TYPE_0 notes.

	[BZ #23509]
	* sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Skip
	note parsing if a NT_GNU_PROPERTY_TYPE_0 note has been processed.
	Update the l_cet field when processing NT_GNU_PROPERTY_TYPE_0 note.
	Check multiple NT_GNU_PROPERTY_TYPE_0 notes.
	* sysdeps/x86/link_map.h (l_cet): Expand to 3 bits,  Add
	lc_unknown.

(cherry picked from commit d524fa6c35)
2018-11-08 10:52:32 -08:00
Andreas Schwab
fc0e3393ff libanl: properly cleanup if first helper thread creation failed (bug 22927)
(cherry picked from commit bd3b0fbae3)
2018-11-06 16:12:07 +01:00
Adhemerval Zanella
65010329f2 x86: Fix Haswell CPU string flags (BZ#23709)
Th commit 'Disable TSX on some Haswell processors.' (2702856bf4) changed the
default flags for Haswell models.  Previously, new models were handled by the
default switch path, which assumed a Core i3/i5/i7 if AVX is available. After
the patch, Haswell models (0x3f, 0x3c, 0x45, 0x46) do not set the flags
Fast_Rep_String, Fast_Unaligned_Load, Fast_Unaligned_Copy, and
Prefer_PMINUB_for_stringop (only the TSX one).

This patch fixes it by disentangle the TSX flag handling from the memory
optimization ones.  The strstr case cited on patch now selects the
__strstr_sse2_unaligned as expected for the Haswell cpu.

Checked on x86_64-linux-gnu.

	[BZ #23709]
	* sysdeps/x86/cpu-features.c (init_cpu_features): Set TSX bits
	independently of other flags.

(cherry picked from commit c3d8dc45c9)
2018-11-02 10:56:00 +01:00
Florian Weimer
e1af1df694 stdlib/tst-strtod-overflow: Switch to support_blob_repeat
This is another test with an avoidable large memory allocation.

(cherry picked from commit 07da99aad9)
2018-11-02 10:47:16 +01:00
Florian Weimer
6c2b6e9e27 support_blob_repeat: Call mkstemp directory for the backing file
This avoids a warning during post-test cleanup.

(cherry picked from commit a91e9301c4)
2018-11-02 10:47:16 +01:00
Florian Weimer
69dcd992a0 stdlib/test-bz22786: Avoid memory leaks in the test itself
(cherry picked from commit 6070803053)
2018-11-02 10:47:16 +01:00
Florian Weimer
dcd52b94bf stdlib/test-bz22786: Avoid spurious test failures using alias mappings
On systems without enough random-access memory, stdlib/test-bz22786
will go deeply into swap and time out, even with a substantial
TIMEOUTFACTOR.  This commit adds a facility to construct repeating
strings with alias mappings, so that the requirement for physical
memory, and uses it in stdlib/test-bz22786.

(cherry picked from commit f5e7e95921)
2018-11-02 10:47:16 +01:00
Stefan Liebler
d0b6db4acf Test stdlib/test-bz22786 exits now with unsupported if malloc fails.
The test tries to allocate more than 2^31 bytes which will always fail on s390
as it has maximum 2^31bit of memory.
Before commit 6c3a8a9d86, this test returned
unsupported if malloc fails.  This patch re enables this behaviour.

Furthermore support_delete_temp_files() failed to remove the temp directory
in this case as it is not empty due to the created symlink.
Thus the creation of the symlink is moved behind malloc.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

ChangeLog:

	* stdlib/test-bz22786.c (do_test): Return EXIT_UNSUPPORTED
	if malloc fails.

(cherry picked from commit 3bad2358d6)
2018-11-02 10:47:16 +01:00
Paul Pluzhnikov
df11de9193 Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test.
(cherry picked from commit 6c3a8a9d86)
2018-11-02 10:47:07 +01:00
Szabolcs Nagy
5256ffc51e i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822]
When new symbol versions were introduced without SVID compatible
error handling the exp2f, log2f and powf symbols were accidentally
removed from the ia64 lim.a.  The regression was introduced by
the commits

f5f0f52651
New expf and exp2f version without SVID compat wrapper

72d3d28108
New symbol version for logf, log2f and powf without SVID compat

With WEAK_LIBM_ENTRY(foo), there is a hidden __foo and weak foo
symbol definition in both SHARED and !SHARED build.

	[BZ #23822]
	* sysdeps/ia64/fpu/e_exp2f.S (exp2f): Use WEAK_LIBM_ENTRY.
	* sysdeps/ia64/fpu/e_log2f.S (log2f): Likewise.
	* sysdeps/ia64/fpu/e_exp2f.S (powf): Likewise.

(cherry picked from commit ba5b14c761)
2018-10-26 15:49:30 +01:00
Florian Weimer
aff9b37712 conform: XFAIL siginfo_t si_band test on sparc64
We can use long int on sparcv9, but on sparc64, we must match the int
type used by the kernel (and not long int, as in POSIX).

(cherry picked from commit 7c5e34d7f1)
2018-10-26 09:19:40 +02:00
Ilya Yu. Malakhov
69d1e73d99 signal: Use correct type for si_band in siginfo_t [BZ #23562]
(cherry picked from commit f997b4be18)
2018-10-22 13:03:57 +02:00
Stefan Liebler
314e181dc9 Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275]
The race leads either to pthread_mutex_destroy returning EBUSY
or triggering an assertion (See description in bugzilla).

This patch is fixing the race by ensuring that the elision path is
used in all cases if elision is enabled by the GLIBC_TUNABLES framework.

The __kind variable in struct __pthread_mutex_s is accessed concurrently.
Therefore we are now using the atomic macros.

The new testcase tst-mutex10 is triggering the race on s390x and intel.
Presumably also on power, but I don't have access to a power machine
with lock-elision. At least the code for power is the same as on the other
two architectures.

ChangeLog:

	[BZ #23275]
	* nptl/tst-mutex10.c: New File.
	* nptl/Makefile (tests): Add tst-mutex10.
	(tst-mutex10-ENV): New variable.
	* sysdeps/unix/sysv/linux/s390/force-elision.h: (FORCE_ELISION):
	Ensure that elision path is used if elision is available.
	* sysdeps/unix/sysv/linux/powerpc/force-elision.h (FORCE_ELISION):
	Likewise.
	* sysdeps/unix/sysv/linux/x86/force-elision.h: (FORCE_ELISION):
	Likewise.
	* nptl/pthreadP.h (PTHREAD_MUTEX_TYPE, PTHREAD_MUTEX_TYPE_ELISION)
	(PTHREAD_MUTEX_PSHARED): Use atomic_load_relaxed.
	* nptl/pthread_mutex_consistent.c (pthread_mutex_consistent): Likewise.
	* nptl/pthread_mutex_getprioceiling.c (pthread_mutex_getprioceiling):
	Likewise.
	* nptl/pthread_mutex_lock.c (__pthread_mutex_lock_full)
	(__pthread_mutex_cond_lock_adjust): Likewise.
	* nptl/pthread_mutex_setprioceiling.c (pthread_mutex_setprioceiling):
	Likewise.
	* nptl/pthread_mutex_timedlock.c (__pthread_mutex_timedlock): Likewise.
	* nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock): Likewise.
	* nptl/pthread_mutex_unlock.c (__pthread_mutex_unlock_full): Likewise.
	* sysdeps/nptl/bits/thread-shared-types.h (struct __pthread_mutex_s):
	Add comments.
	* nptl/pthread_mutex_destroy.c (__pthread_mutex_destroy):
	Use atomic_load_relaxed and atomic_store_relaxed.
	* nptl/pthread_mutex_init.c (__pthread_mutex_init):
	Use atomic_store_relaxed.

(cherry picked from commit 403b4feb22)
2018-10-18 12:36:15 +02:00
H.J. Lu
5a74abda20 i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716]
When elf_machine_runtime_setup is called to set up resolver, it should
use _dl_runtime_resolve_shstk or _dl_runtime_profile_shstk if SHSTK is
enabled by kernel.

Tested on i686 with and without --enable-cet as well as on CET emulator
with --enable-cet.

	[BZ #23716]
	* sysdeps/i386/dl-cet.c: Removed.
	* sysdeps/i386/dl-machine.h (_dl_runtime_resolve_shstk): New
	prototype.
	(_dl_runtime_profile_shstk): Likewise.
	(elf_machine_runtime_setup): Use _dl_runtime_profile_shstk or
	_dl_runtime_resolve_shstk if SHSTK is enabled by kernel.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>

(cherry picked from commit 7b1f940676)
2018-10-09 19:35:50 -07:00
Rafal Luzynski
5473739a7b kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209).
Although CLDR says otherwise, it is confirmed by Oqaasileriffik, the
official Greenlandic language regulator, that this change is correct.

	[BZ #20209]
	* localedata/locales/kl_GL: (abday): Fix spelling of Sun (Sunday),
	should be "sap" rather than "sab".
	(day): Fix spelling of Sunday, should be "sapaat" rather than
	"sabaat".

(cherry picked from commit dae3ed958c)
2018-10-09 00:50:20 +02:00