Commit Graph

36338 Commits

Author SHA1 Message Date
Adhemerval Zanella
aa03f722f3 linux: Add {f}stat{at} y2038 support
A new struct __stat{64}_t64 type is added with the required
__timespec64 time definition.  Only LFS is added, 64-bit time with
32-bit offsets is not supposed to be supported (no existing glibc
configuration supports such a combination).  It is done with an extra
__NR_statx call plus a conversion to the new __stat{64}_t64 type.
The statx call is done only for 32-bit time_t ABIs.

Internally some extra routines to copy from/to struct stat{64}
to struct __stat{64} used on multiple implementations (stat, fstat,
lstat, and fstatat) are added on a extra implementation
(stat_t64_cp.c).  Alse some extra routines to copy from statx to
__stat{64} is added on statx_cp.c.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:07 -03:00
Adhemerval Zanella
20b39d5946 linux: Move {f}xstat{at} to compat symbols
They are no interna uses anymore.  The riscv32 ABI was added on 2.33,
so it is safe to remove the old __{f,l}stat{at} symbols and just
provide the newer {f,l}stat{at} ones.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:07 -03:00
Adhemerval Zanella
6073bae64c linux: Disentangle fstatat from fxstatat
It implements all the required syscall for the all Linux kABIS on
fstatat{64} instead of calling fxstatat{64}.

On non-LFS implementation, it handles 3 cases:

  1. New kABIs which uses generic pre 64-bit time Linux ABI (csky and
     nios): it issues __NR_fstat64 plus handle the overflow on st_ino,
     st_size, or st_blocks.

  2. Old KABIs with old non-LFS support (arm, i386, hppa, m68k,
     microblaze, mips32, s390, sh, powerpc, and sparc32): it issues
     __NR_fstatat64 and convert the result to struct stat.

  3. 64-bit kABI outliers (mips64 and mips64-n32): it issues
     __NR_newfstatat and convert the result to struct stat.

The generic LFS implementation handles multiple cases:

  1. XSTAT_IS_XSTAT64 being 1:

    1.1. 64-bit kABI (aarch64, ia64, powerpc64*, s390x, riscv64, and
         x86_64): it issues __NR_newfstatat.

    1.2. 64-bit kABI outlier (alpha): it issues __NR_fstatat64.

    1.3. 64-bit kABI outlier where struct stat64 does not match kernel
         one (sparc64): it issues __NR_fstatat64 and convert the result
         to struct stat64.

    1.4. 32-bit kABI with default 64-bit time_t (arc, riscv32): it
         issues __NR_statx and convert the result to struct stat64.

  2. Old ABIs with XSTAT_IS_XSTAT64 being 0:

    2.1. All kABIs with non-LFS support (arm, csky, i386, hppa, m68k,
         microblaze, nios2, sh, powerpc32, and sparc32): it issues
         __NR_fstatat64.

    2.2. 64-bit kABI outliers (mips64 and mips64-n32): it issues
         __NR_newfstatat and convert the result to struct stat64.

It allows to remove all the hidden definitions from the {f,l}xstat{64}
(some are still kept because Hurd requires it).

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
30f1c74394 linux: Implement {l}fstat{at} in terms of fstatat
Both fstatat and fstata64 calls the old fxstatat and fxstatat64
repectivelly with _STAT_VER, the one currently exported as default
for all ABIs.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
d892723830 linux: Move the struct stat{64} to struct_stat.h
The common definitions are moved to a Linux generic stat.h while the
struct stat{64} definition are moved to a arch-specific struct_stat.h
header.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
589260cef8 Remove mknod wrapper functions, move them to symbols
This patch removes the mknod and mknodat static wrapper and add the
symbols on the libc with the expected names.

Both the prototypes of the internal symbol linked by the static
wrappers and the inline redirectors are also removed from the installed
sys/stat.h header file.  The wrapper implementation license LGPL
exception is also removed since it is no longer statically linked to
binaries.

Internally the _STAT_VER* definitions are moved to the arch-specific
xstatver.h file.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
8ed005daf0 Remove stat wrapper functions, move them to exported symbols
This patch removes the stat, stat64, lstat, lstat64, fstat, fstat64,
fstatat, and fstatat64 static wrapper and add the symbol on the libc
with the expected names.

Both the prototypes of the internal symbol linked by the static
wrappers and the inline redirectors are also removed from the installed
sys/stat.h header file.  The wrapper implementation license LGPL
exception is also removed since it is no longer statically linked to
binaries.

Internally the _STAT_VER* definitions are moved to a arch-specific
xstatver.h file.  The internal defines that redirects internals
{f}stat{at} to their {f}xstat{at} counterparts are removed for Linux
(!NO_RTLD_HIDDEN).  Hurd still requires them since {f}stat{at} pulls
extra objects that makes the loader build fail otherwise (I haven't
dig into why exactly).

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
H.J. Lu
428985c436 <sys/platform/x86.h>: Add FSRCS/FSRS/FZLRM support
Add Fast Short REP CMP and SCA (FSRCS), Fast Short REP STO (FSRS) and
Fast Zero-Length REP MOV (FZLRM) support to <sys/platform/x86.h>.
2020-10-09 11:52:30 -07:00
H.J. Lu
c712401bc6 <sys/platform/x86.h>: Add Intel HRESET support
Add Intel HRESET support to <sys/platform/x86.h>.
2020-10-09 11:52:30 -07:00
H.J. Lu
875a50ff63 <sys/platform/x86.h>: Add AVX-VNNI support
Add AVX-VNNI support to <sys/platform/x86.h>.
2020-10-09 11:52:30 -07:00
H.J. Lu
ebe454bcca <sys/platform/x86.h>: Add AVX512_FP16 support
Add AVX512_FP16 support to <sys/platform/x86.h>.
2020-10-09 11:52:30 -07:00
H.J. Lu
7674695cf7 <sys/platform/x86.h>: Add Intel UINTR support
Add Intel UINTR support to <sys/platform/x86.h>.
2020-10-09 11:52:30 -07:00
Florian Weimer
bb5fd5ce64 elf: Do not pass GLRO(dl_platform), GLRO(dl_platformlen) to _dl_important_hwcaps
In the current code, the function can easily obtain the information
on its own.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-10-09 10:22:19 +02:00
Florian Weimer
647103ea3a elf: Enhance ld.so --help to print HWCAP subdirectories
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-09 10:21:32 +02:00
Florian Weimer
10b39a5124 elf: Add library search path information to ld.so --help
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-09 10:19:09 +02:00
Martin Sebor
c5db00dc30 sunrpc: Adjust RPC function declarations to match Sun's (bug 26686]
Building Glibc with the latest GCC 11 shows a number of instances
of the new -Warray-parameter warning designed to encourage
consistency in the forms of array arguments in redeclarations of
the same function (and, ultimately, to enable the detection of out
of bounds accesses via such arguments).

To avoid the subset of these warnings for the RPC APIs, this patch
changes the declarations of these functions to match both their
definitions and the Oracle RPC documentation.

Besides avoiding the -Warray-parameter warnings the effect of this
change is for GCC to issue warnings when either the functions are
passed an array with fewer than MAXNETNAMELEN + 1 elements, or when
the functions themselves access elements outside the array bounds.
2020-10-08 12:53:09 -06:00
Martin Sebor
3eff7504ca Avoid GCC 11 -Warray-parameter warnings [BZ #26686].
Building Glibc with the latest GCC 11 also shows a couple of instances
of the new -Warray-parameter warning in the thread db APIs.

To avoid these, this patch changes the deefinitions of the two functions
to match their definitions.
2020-10-08 12:46:03 -06:00
Florian Weimer
50b1b7a390 elf: Make __rtld_env_path_list and __rtld_search_dirs global variables
They have been renamed from env_path_list and rtld_search_dirs to
avoid linknamespace issues.

This change will allow future use these variables in diagnostics.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 17:12:28 +02:00
Florian Weimer
db03874df9 elf: Print the full name of the dynamic loader in the ld.so help message
This requires defining a macro for the full path, matching the
-Wl,--dynamic-link= arguments used for linking glibc programs,
and ldd script.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 17:12:05 +02:00
Florian Weimer
ca52c56abf elf: Use the term "program interpreter" in the ld.so help message
This is the term that the ELF standard itself uses.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 15:44:23 +02:00
Florian Weimer
1a945ba5ad scripts/update-copyrights: Update csu/version.c, elf/dl-usage.c
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 15:37:59 +02:00
Florian Weimer
542923d949 elf: Implement ld.so --version
This prints out version information for the dynamic loader and
exits immediately, without further command line processing
(which seems to match what some GNU tools do).

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 15:33:00 +02:00
Adhemerval Zanella
addff78f1f nptl: Add missing cancellation flags on lockf
It also removes CFLAGS-lockf.c duplicate rule.  It fixes
nptl/tst-cancelx16 on mips64-linux-gnu.
2020-10-08 10:29:15 -03:00
Adhemerval Zanella
ebcff89a98 Update mips64 libm-test-ulps 2020-10-08 10:29:15 -03:00
Adhemerval Zanella
601f40d37b Update alpha libm-test-ulps 2020-10-08 10:29:15 -03:00
Florian Weimer
e0f1a58f3d elf: Implement ld.so --help
--help processing is deferred to the point where the executable has
been loaded, so that it is possible to eventually include information
from the main executable in the help output.

As suggested in the GNU command-line interface guidelines, the help
message is printed to standard output, and the exit status is
successful.

Handle usage errors closer to the GNU command-line interface
guidelines.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 15:00:39 +02:00
Florian Weimer
27316f4a23 elf: Record whether paths come from LD_LIBRARY_PATH or --library-path
This allows more precise LD_DEBUG diagnostics.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 14:29:49 +02:00
Florian Weimer
9590a71adc elf: Move ld.so error/help output to _dl_usage
Also add a comment to elf/Makefile, explaining why we cannot use
config.status for autoconf template processing.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 13:38:23 +02:00
Florian Weimer
2bf9e641fd elf: Extract command-line/environment variables state from rtld.c
Introduce struct dl_main_state and move it to <dl-main.h>.  Rename
enum mode to enum rtld_mode and add the rtld_mode_ prefix to the enum
constants.

This avoids the need for putting state that is only needed during
startup into the ld.so data segment.
2020-10-08 12:05:47 +02:00
Florian Weimer
72d36ffd7d elf: Implement __rtld_malloc_is_complete
In some cases, it is difficult to determine the kind of malloc
based on the execution context, so a function to determine that
is helpful.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 11:00:42 +02:00
Andreas Schwab
c0e9ddf59e __vfscanf_internal: fix aliasing violation (bug 26690)
As noted in <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97264>, the cast
in the call to the read_int function is an aliasing violation.  Change the
type of local variable f to a pointer to unsigned, which allows to
eliminate most casts while only adding three new ones.
2020-10-08 10:09:30 +02:00
Andreas Schwab
8f8052c2aa Revert "Fix missing redirects in testsuite targets"
This reverts commit d5afb38503.  The log files are actually created by the
various shell scripts that drive the tests.
2020-10-08 10:09:30 +02:00
Adhemerval Zanella
a04689ee7a nptl: Add missing cancellation flags on futex_internal and pselect32
It fixes the tst-cancelx{4,5} and tst-cancel24-{static} regression on
some platforms (arm and sparc32).

Checked on arm-linux-gnueabihf and sparcv9-linux-gnu.
2020-10-07 15:24:04 -03:00
Florian Weimer
b31d4355ae elf: Implement _dl_write
The generic version is parallel to _dl_writev.  It cannot use
_dl_writev directly because the errno value needs to be obtained
under a lock.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-07 16:41:30 +02:00
Florian Weimer
56f8d44294 elf: Do not search HWCAP subdirectories in statically linked binaries
This functionality does not seem to be useful since static dlopen
is mostly used for iconv/character set conversion and NSS support.
gconv modules are loaded with full paths anyway, so that the
HWCAP subdirectory logic does not apply.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-07 16:40:23 +02:00
Florian Weimer
27fe5f2e67 Linux: Require properly configured /dev/pts for PTYs
Current systems do not have BSD terminals, so the fallback code in
posix_openpt/getpt does not do anything.  Also remove the file system
check for /dev/pts.  Current systems always have a devpts file system
mounted there if /dev/ptmx exists.

grantpt is now essentially a no-op.  It only verifies that the
argument is a ptmx-descriptor.  Therefore, this change indirectly
addresses bug 24941.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-10-07 14:55:50 +02:00
Florian Weimer
0f9793a556 Linux: unlockpt needs to fail with EINVAL, not ENOTTY (bug 26053)
The EINVAL error code is mandated by POSIX and documented in the
manual.  Also clean up the unlockpt implementation a bit, assuming
that TIOCSPTLCK is always defined.

Enhance login/tst-grantpt to cover unlockpt corner cases.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-10-07 10:56:00 +02:00
Florian Weimer
c42b7058a2 login/tst-grantpt: Convert to support framework, more error checking
The test now requires working /dev/pts pseudo-terminals.

A new subtest (test_not_ptmx) attempts to call grantpt on a
pseudo-terminal that is not a ptmx device.  POSIX requires an EINVAL
error in this case.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-10-07 10:53:29 +02:00
Adhemerval Zanella
7a887dd537 posix: Fix -Warray-bounds instances building timer_create [BZ #26687]
GCC 11 -Warray-bounds triggers invalid warnings when building
Linux timer_create.c:

../sysdeps/unix/sysv/linux/timer_create.c: In function '__timer_create_new':
../sysdeps/unix/sysv/linux/timer_create.c:83:17: warning: array subscript 'struct timer[0]' is partly outside array bounds of 'unsigned char[8]' [-Warray-bounds]
   83 |             newp->sigev_notify = (evp != NULL
      |                 ^~
../sysdeps/unix/sysv/linux/timer_create.c:59:47: note: referencing an object of size 8 allocated by 'malloc'
   59 |         struct timer *newp = (struct timer *) malloc (offsetof (struct timer,
      |                                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   60 |                                                                 thrfunc));
      |                                                                 ~~~~~~~~~

The struct allocated for !SIGEV_THREAD timers only requires two 'int'
fields (sigev_notify and ktimerid) and the offsetof trick tries minimize
the memory usage by only allocation the required size.  However,
although the resulting size is suffice for !SIGEV_THREAD time, accessing
the partially allocated object is error-prone and UB.

This patch fixes both issues by embedding the information whether
the timer if a SIGEV_THREAD in the returned 'timer_t'.  For
!SIGEV_THREAD, the resulting 'timer_t' is the returned kernel timer
identifer (kernel_timer_t), while for SIGEV_THREAD it uses the fact
malloc returns at least _Alignof (max_align_t) pointers plus that
valid kernel_timer_t are always positive to set MSB bit of the returned
'timer_t' to indicate the timer handles a SIGEV_THREAD.

It allows to remove the memory allocation for !SIGEV_THREAD and also
remove the 'sigev_notify' field from 'struct timer'.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-10-06 15:29:35 -03:00
H.J. Lu
862897d2ad Replace Minumum/minumum with Minimum/minimum
Replace Minumum/minumum in comments with Minimum/minimum.
2020-10-06 05:15:11 -07:00
DJ Delorie
78e09591a5 Optimize scripts/merge-test-results.sh
The inner loop is called thousands of times per "make check" even
if there's otherwise nothing to do.  Avoid calling /bin/head all
those times when a builtin will do.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-10-05 17:16:03 -04:00
Joseph Myers
19302b27bd Fix GCC 11 -Warray-parameter warning for __sigsetjmp (bug 26647)
This patch fixes part of bug 26647 (-Werror=array-parameter error
building with GCC 11 because of __sigsetjmp being declared using an
array parameter in one header and a pointer parameter in another).

The fix is to split the struct __jmp_buf_tag definition out to a
separate bits/types/ header so it can be included in pthread.h, so
that pthread.h can declare __sigsetjmp with the type contents visible,
so can use an array (as in setjmp.h) rather than a pointer in the
declaration.

Note that several other build failures with GCC 11 remain.  This does
not fix the jmp_buf-related -Wstringop-overflow errors (also discussed
in bug 26647), or -Warray-parameter errors for other functions (bug
26686), or -Warray-bounds errors (bug 26687).

Tested, with older compilers, natively for x86_64 and with
build-many-glibc.py for aarch64-linux-gnu.  Tested with
build-many-glibcs.py with GCC mainline for aarch64-linux-gnu that this
gets past the -Warray-parameter issue for __sigsetjmp (with the next
build failure being the other one discussed in bug 26647).
2020-10-05 16:46:46 +00:00
Jonathan Wakely
5bb2e5300b manual: Fix typo 2020-10-05 17:29:46 +01:00
Lukasz Majewski
3102e28bd1 y2038: nptl: Convert pthread_rwlock_{clock|timed}{rd|wr}lock to support 64 bit time
The pthread_rwlock_clockrdlock, pthread_rwlock_clockwrlock,
pthread_rwlock_timedrdlock and pthread_rwlock_timedwrlock have been converted
to support 64 bit time.

This change uses new futex_abstimed_wait64 function in
./sysdeps/nptl/futex-helpers.c, which uses futex_time64 where possible.

The pthread_rwlock_{clock|timed}{rd|wr}lock only accepts absolute time.
Moreover, there is no need to check for NULL passed as *abstime pointer to the
syscalls as those calls have exported symbols marked with __nonull attribute
for abstime.

For systems with __TIMESIZE != 64 && __WORDSIZE == 32:
- Conversions between 64 bit time to 32 bit are necessary
- Redirection to pthread_rwlock_{clock|timed}{rd|wr}lock will provide support
  for 64 bit time

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
  https://github.com/lmajewski/meta-y2038 and run tests:
  https://github.com/lmajewski/y2038-tests/commits/master

Above tests were performed with Y2038 redirection applied as well as without
to test the proper usage of both __pthread_rwlock_{clock|timed}{rd|wr}lock64
and __pthread_rwlock_{clock|timed}{rd|wr}lock.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2020-10-04 17:13:46 +02:00
Lukasz Majewski
b2cdadde4d Y2038: nptl: Provide futex_abstimed_wait64 supporting 64 bit time
This is the helper function, which uses struct __timespec64
to provide 64 bit absolute time to futex syscalls.

The aim of this function is to move convoluted pre-processor
macro code from sysdeps/nptl/lowlevellock-futex.h to C
function in futex-internal.c

The futex_abstimed_wait64 function has been put into a separate
file on the purpose - to avoid issues apparent on the m68k
architecture related to small number of available registers (there
is not enough registers to put all necessary arguments in them if
the above function would be added to futex-internal.h with
__always_inline attribute).

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2020-10-04 17:12:41 +02:00
Adhemerval Zanella
be9b0b9a01 sysvipc: Return EINVAL for invalid msgctl commands
It avoids regressions on possible future commands that might require
additional libc support.  The downside is new commands added by newer
kernels will need further glibc support.

Checked on x86_64-linux-gnu and i686-linux-gnu (Linux v4.15 and v5.4).
2020-10-02 16:11:59 -03:00
Adhemerval Zanella
20a00dbefc sysvipc: Fix IPC_INFO and MSG_INFO handling [BZ #26639]
Both commands are Linux extensions where the third argument is a
'struct msginfo' instead of 'struct msqid_ds' and its information
does not contain any time related fields (so there is no need to
extra conversion for __IPC_TIME64.

The regression testcase checks for Linux specifix SysV ipc message
control extension.  For IPC_INFO/MSG_INFO it tries to match the values
against the tunable /proc values and for MSG_STAT/MSG_STAT_ANY it
check if the create message queue is within the global list returned
by the kernel.

Checked on x86_64-linux-gnu and on i686-linux-gnu (Linux v5.4 and on
Linux v4.15).
2020-10-02 16:11:55 -03:00
Adhemerval Zanella
a16d2abd49 sysvipc: Return EINVAL for invalid semctl commands
It avoids regressions on possible future commands that might require
additional libc support.  The downside is new commands added by newer
kernels will need further glibc support.

Checked on x86_64-linux-gnu and i686-linux-gnu (Linux v4.15 and v5.4).
2020-10-02 16:11:55 -03:00
Dmitry V. Levin
574500a108 sysvipc: Fix SEM_STAT_ANY kernel argument pass [BZ #26637]
Handle SEM_STAT_ANY the same way as SEM_STAT so that the buffer argument
of SEM_STAT_ANY is properly passed to the kernel and back.

The regression testcase checks for Linux specifix SysV ipc message
control extension.  For IPC_INFO/SEM_INFO it tries to match the values
against the tunable /proc values and for SEM_STAT/SEM_STAT_ANY it
check if the create message queue is within the global list returned
by the kernel.

Checked on x86_64-linux-gnu and on i686-linux-gnu (Linux v5.4 and on
Linux v4.15).

Co-authored-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-02 16:11:49 -03:00
Szabolcs Nagy
238032ead6 aarch64: enforce >=64K guard size [BZ #26691]
There are several compiler implementations that allow large stack
allocations to jump over the guard page at the end of the stack and
corrupt memory beyond that. See CVE-2017-1000364.

Compilers can emit code to probe the stack such that the guard page
cannot be skipped, but on aarch64 the probe interval is 64K by default
instead of the minimum supported page size (4K).

This patch enforces at least 64K guard on aarch64 unless the guard
is disabled by setting its size to 0.  For backward compatibility
reasons the increased guard is not reported, so it is only observable
by exhausting the address space or parsing /proc/self/maps on linux.

On other targets the patch has no effect. If the stack probe interval
is larger than a page size on a target then ARCH_MIN_GUARD_SIZE can
be defined to get large enough stack guard on libc allocated stacks.

The patch does not affect threads with user allocated stacks.

Fixes bug 26691.
2020-10-02 09:57:44 +01:00