Commit Graph

36549 Commits

Author SHA1 Message Date
Szabolcs Nagy
c6b0165327 elf: Fix failure handling in _dl_map_object_from_fd
The failure paths in _dl_map_object_from_fd did not clean every
potentially allocated resource up.

Handle l_phdr, l_libname and mapped segments in the common failure
handling code.

There are various bits that may not be cleaned properly on failure
(e.g. executable stack, incomplete dl_map_segments) fixing those
need further changes.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-15 10:13:46 +00:00
Szabolcs Nagy
cb5648b00f elf: inline lose for error handling
_dl_map_object_from_fd has complex error handling with cleanups.
It was managed by a separate function to avoid code bloat at
every failure case, but since the code was changed to use gotos
there is no longer such code bloat from inlining.

Maintaining a separate error handling function is harder as it
needs to access local state which has to be passed down. And the
same lose function was used in open_verify which is error prone.

The goto labels are changed since there is no longer a call.
The new code generates slightly smaller binary.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-15 10:13:12 +00:00
Joseph Myers
e182654151 Remove strtoimax, strtoumax, wcstoimax, wcstoumax inlines
inttypes.h has inline implementations of the strtoimax, strtoumax,
wcstoimax and wcstoumax functions, despite the corresponding stdlib.h
and wchar.h inlines having been removed in 2007 (commit
9b2e9577b2).

Remove those inlines, thereby eliminating all references to the
corresponding __*_internal functions from installed headers (so they
could be made into compat symbols in future if desired).

Tested for x86_64 and x86.
2020-12-14 17:51:38 +00:00
DJ Delorie
d2e929a907 nsswitch: handle missing actions properly
Some internal functions need to know if a database has a nonzero
list of actions; success getting the database does not guarantee
that.  Add checks for such as needed.

Skip the ":" in each nsswitch.conf line so as not to add a dummy
action libnss_:.so

See also https://bugzilla.redhat.com/show_bug.cgi?id=1906066

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-14 12:19:43 -05:00
H.J. Lu
2ee7711bdd x86: Remove the default REP MOVSB threshold tunable value [BZ #27061]
Since we can't tell if the tunable value is set by user or not:

https://sourceware.org/bugzilla/show_bug.cgi?id=27069

remove the default REP MOVSB threshold tunable value so that the correct
default value will be set correctly by init_cacheinfo ().

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-12-14 07:31:00 -08:00
Mark Wielaard
5a96fe2e02 elf.h: Remove SHF_GNU_BUILD_NOTE.
SHF_GNU_BUILD_NOTE was a binutils experiment.  And it is no longer
needed. It was also removed from binutils.
2020-12-12 14:39:44 +01:00
Dmitry V. Levin
30bc003316 elf.h: fix spelling typos in comments
Since elf.h is a public header file copied to other projects,
try to make it free from spelling typos.

This change fixes the following spelling typos in comments of elf.h:

Auxialiary -> Auxiliary
tenatively -> tentatively
compatability -> compatibility
2020-12-12 00:30:00 +00:00
Jonny Grant
2ea6af7447 Fix spelling and grammar in several comments 2020-12-12 01:16:56 +01:00
W. Hashimoto
0e00b35704 malloc: Detect infinite-loop in _int_free when freeing tcache [BZ#27052]
If linked-list of tcache contains a loop, it invokes infinite
loop in _int_free when freeing tcache. The PoC which invokes
such infinite loop is on the Bugzilla(#27052). This loop
should terminate when the loop exceeds mp_.tcache_count and
the program should abort. The affected glibc version is
2.29 or later.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-12-11 16:59:10 -05:00
Szabolcs Nagy
751acde7ec elf: Fix dl-load.c
Rebasing broke commit 38a3836011
it was supposed to move code.
2020-12-11 17:35:16 +00:00
Florian Weimer
9ffa50b26b elf: Include libc.so.6 as main program in dependency sort (bug 20972)
_dl_map_object_deps always sorts the initially loaded object first
during dependency sorting.  This means it is relocated last in
dl_open_worker.  This results in crashes in IFUNC resolvers without
lazy bindings if libraries are preloaded that refer to IFUNCs in
libc.so.6: the resolvers are called when libc.so.6 has not been
relocated yet, so references to _rtld_global_ro etc. crash.

The fix is to check against the libc.so.6 link map recorded by the
__libc_early_init framework, and let it participate in the dependency
sort.

This fixes bug 20972.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-12-11 18:31:04 +01:00
Florian Weimer
cb81264fd9 support: Add support_slibdir_prefix variable
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-12-11 18:30:57 +01:00
Szabolcs Nagy
cd543b5eb3 aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831]
Re-mmap executable segments if possible instead of using mprotect
to add PROT_BTI. This allows using BTI protection with security
policies that prevent mprotect with PROT_EXEC.

If the fd of the ELF module is not available because it was kernel
mapped then mprotect is used and failures are ignored.  To protect
the main executable even when mprotect is filtered the linux kernel
 will have to be changed to add PROT_BTI to it.

The delayed failure reporting is mainly needed because currently
_dl_process_gnu_properties does not propagate failures such that
the required cleanups happen. Using the link_map_machine struct for
error propagation is not ideal, but this seemed to be the least
intrusive solution.

Fixes bug 26831.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-12-11 15:46:02 +00:00
Szabolcs Nagy
c00452d775 elf: Pass the fd to note processing
To handle GNU property notes on aarch64 some segments need to
be mmaped again, so the fd of the loaded ELF module is needed.

When the fd is not available (kernel loaded modules), then -1
is passed.

The fd is passed to both _dl_process_pt_gnu_property and
_dl_process_pt_note for consistency. Target specific note
processing functions are updated accordingly.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-12-11 15:45:37 +00:00
Szabolcs Nagy
38a3836011 elf: Move note processing after l_phdr is updated
Program headers are processed in two pass: after the first pass
load segments are mmapped so in the second pass target specific
note processing logic can access the notes.

The second pass is moved later so various link_map fields are
set up that may be useful for note processing such as l_phdr.
The second pass should be before the fd is closed so that is
available.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-12-11 15:45:19 +00:00
Szabolcs Nagy
8b8f616e6a aarch64: align address for BTI protection [BZ #26988]
Handle unaligned executable load segments (the bfd linker is not
expected to produce such binaries, but other linkers may).

Computing the mapping bounds follows _dl_map_object_from_fd more
closely now.

Fixes bug 26988.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-12-11 15:04:39 +00:00
Szabolcs Nagy
72739c79f6 aarch64: Fix missing BTI protection from dependencies [BZ #26926]
The _dl_open_check and _rtld_main_check hooks are not called on the
dependencies of a loaded module, so BTI protection was missed on
every module other than the main executable and directly dlopened
libraries.

The fix just iterates over dependencies to enable BTI.

Fixes bug 26926.
2020-12-11 14:52:13 +00:00
Stefan Liebler
6f19927b98 Fix linknamespace errors in nss_database.c if build with -Os.
Starting with recent commits, I get 43 conform/.../linknamespace FAILs:
- nss: Introduce <nss_module.h>
- <nss_action.h>: New abstraction for combining NSS modules and NSS actions
- nss: Implement <nss_database.h> (see nss/nss_database.c)
- nsswitch: use new internal API (core)
- nsswitch: user new internal API (tests)
- nsswitch: use new internal API (callers)

e.g. conform/XPG42/wordexp.h/linknamespace.out
[initial] wordexp -> [libc.a(wordexp.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_database_get -> [libc.a(nss_database.o)] feof_unlocked
[initial] wordexp -> [libc.a(wordexp.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_database_get -> [libc.a(nss_database.o)] ferror_unlocked

This patch is just using __ferror_unlocked and __feof_unlocked instead of the
non "__" prefixed ones.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-12-11 09:43:18 +01:00
Dmitry V. Levin
14ef9c185b treewide: fix incorrect spelling of indices in comments
Replace 'indeces' with 'indices', the most annoying of these typos were
those found in elf.h which is a public header file copied to other
projects.
2020-12-11 02:00:00 +00:00
Adhemerval Zanella
720480934a linux: Consolidate brk implementation
It removes all the arch-specific assembly implementation.  The
outliers are alpha, where its kernel ABI explict return -ENOMEM
in case of failure; and i686, where it can't use
"call *%gs:SYSINFO_OFFSET" during statup in static PIE.

Also some ABIs exports an additional ___brk_addr symbol and to
handle it an internal HAVE_INTERNAL_BRK_ADDR_SYMBOL is added.

Checked on x86_64-linux-gnu, i686-linux-gnu, adn with builsd for
the affected ABIs.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-12-10 17:42:37 -03:00
Florian Weimer
880433de13 elf: Include <sys/param.h> in cache.c
The roundup macro is defined there.  Relying on an indirect
definition is brittle.
2020-12-10 15:47:26 +01:00
Florian Weimer
fdf8fbca45 s390x: Add glibc-hwcaps support
Subdirectories z13, z14, z15 can be selected, mostly based on the
level of support for vector instructions.

Co-Authored-By: Stefan Liebler <stli@linux.ibm.com>
2020-12-10 13:51:18 +01:00
Florian Weimer
1bb8d05b9c elf: Fix run-time dependencies of tst-dlopen-fail-2
The misattributed dependencies can cause failures in parallel testing
if the dependencies have not been built yet.

Fixes commit a332bd1518
("elf: Add elf/tst-dlopenfail-2 [BZ #25396]").
2020-12-10 12:44:25 +01:00
Stefan Liebler
4b2e40a925 Handle out-of-memory case in svc_tcp.c/svc_unix.c:rendezvous_request.
If glibc is build with -O3 on at least 390 (-m31) or x86 (-m32),
gcc 11 dumps this warning:
svc_tcp.c: In function 'rendezvous_request':
svc_tcp.c:274:3: error: 'memcpy' offset [0, 15] is out of the bounds [0, 0] [-Werror=array-bounds]
  274 |   memcpy (&xprt->xp_raddr, &addr, sizeof (addr));
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

In out-of-memory case, if one of the mallocs in makefd_xprt function
returns NULL, a message is dumped, makefd_xprt returns NULL
and the subsequent memcpy would copy to NULL.

Instead of a segfaulting, we delay a bit (see also __svc_accept_failed
and Bug 14889 (CVE-2011-4609) - svc_run() produces high cpu usage when
accept() fails with EMFILE (CVE-2011-4609).

The same applies to svc_unix.c.
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-10 11:11:20 +01:00
Florian Weimer
0d4ed9d40e elf: Fix incorrect comparison in sort_priorities_by_name
Reported-By: Stefan Liebler <stli@linux.ibm.com>
2020-12-09 18:56:14 +01:00
Marius Hillenbrand
f88242af19 S390: Derive float_t from FLT_EVAL_METHOD
float_t supposedly represents the type that is used to evaluate float
expressions internally. While the isa supports single-precision float
operations, the port of glibc to s390 incorrectly deferred to the
generic definitions which, back then, tied float_t to double. gcc by
default evaluates float in single precision, so that scenario violates
the C standard (sections 5.2.4.2.2 and 7.12 in C11/C17). With
-fexcess-precision=standard, gcc evaluates float in double precision,
which aligns with the standard yet at the cost of added conversion
instructions.

With this patch, we drop the s390-specific definition of float_t and
defer to the default behavior, which aligns float_t with the
compiler-defined FLT_EVAL_METHOD in a standard-compliant way.

Checked on s390x-linux-gnu with 31-bit and 64-bit builds.
2020-12-09 16:26:46 +01:00
Andreas Schwab
b5eeca8cfd Fix parsing of /sys/devices/system/cpu/online (bug 25859)
The file contains comma-separated ranges, not spaces.
2020-12-09 15:32:29 +01:00
Joseph Myers
224b419d1e Make strtoimax, strtoumax, wcstoimax, wcstoumax into aliases
The functions strtoimax, strtoumax, wcstoimax, wcstoumax currently
have three implementations each (wordsize-32, wordsize-64 and dummy
implementation in stdlib/ using #error), defining the functions as
thin wrappers round corresponding *_internal functions.  Simplify the
code by changing them into aliases of functions such as strtol and
wcstoull.  This is more consistent with how e.g. imaxdiv is handled.

Tested for x86_64 and x86.
2020-12-08 18:15:27 +00:00
Paul Zimmermann
4d3a77c735 Fixed typos in "NEWS for version 2.32" 2020-12-08 20:26:32 +05:30
Siddhesh Poyarekar
38a9e93cb1 Add NEWS entry for CVE-2020-29562 (BZ #26923)
BZ #26923 now has a CVE entry, so add a NEWS entry for it.
2020-12-08 20:04:35 +05:30
Michael Colavita
228edd356f iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
Previously, in UCS4 conversion routines we limit the number of
characters we examine to the minimum of the number of characters in the
input and the number of characters in the output. This is not the
correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
an output character when we skip a code unit. Instead, track the input
and output pointers and terminate the loop when either reaches its
limit.

This resolves assertion failures when resetting the input buffer in a step of
iconv, which assumes that the input will be fully consumed given sufficient
output space.
2020-12-07 22:23:26 +05:30
H.J. Lu
088e962537 x86: Rename readelflib.c
Rename linux/i386/readelflib.c to linux/x86/readelflib.c and remove
x86_64/readelflib.c.
2020-12-06 06:38:09 -08:00
DJ Delorie
f4f3b09111 nsswitch: use new internal API (callers)
Stitch new ABI and types throughout all NSS callers.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:16:32 -05:00
DJ Delorie
6eceded941 nsswitch: user new internal API (tests)
Testsuite support and new test for new API.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:16:01 -05:00
DJ Delorie
f8847d83e1 nsswitch: use new internal API (core)
Core changes to switch the NSS internals to use the new API.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:15:53 -05:00
Florian Weimer
fa78feca47 nss: Implement <nss_database.h>
This code manages the mappings of the available databases in NSS
(i.e. passwd, hosts, netgroup, etc) with the actions that should
be taken to do a query on those databases.

This is the main API between query functions scattered throughout
glibc and the underlying code (actions, modules, etc).

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:15:44 -05:00
Florian Weimer
fd5b9b4458 <nss_action.h>: New abstraction for combining NSS modules and NSS actions
nss_action manages a set of lists of actions; these are the portions
of the lines in nsswitch.conf to the right of the colons, like
"dns [!UNAVAIL=return] files".  Each permutation of actions and
conditionals is cached for reuse, which limits memory growth, and
refers to the static list of modules managed by nss_modules.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:15:29 -05:00
Florian Weimer
171689dac7 nss: Introduce <nss_module.h>
This provides the struct nss_module type, which combines the old
struct service_library type with the known_function tree, by
statically allocating space for all function pointers.

struct nss_module is fairly large (536 bytes), but it will be
shared across NSS databases.  The old known_function handling
had non-some per-function overhead (at least 32 bytes per looked-up
function, but more for long function anmes), so overall, this is not
too bad.  Resolving all functions at load time simplifies locking,
and the repeated lookups should be fast because the caches are hot
at this point.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:15:05 -05:00
Florian Weimer
7dc2f14bb3 Add scripts/move-symbol-to-libc.py
This helper script can be used to move symbols to libc.abilist across
all architectures, while preserving their symbol version.
2020-12-04 19:33:36 +01:00
Florian Weimer
4c38c1a229 powerpc64le: Add glibc-hwcaps support
The "power10" and "power9" subdirectories are selected in a way
that matches the -mcpu=power10 and -mcpu=power9 options of GCC.
2020-12-04 14:50:49 +01:00
H.J. Lu
93fda28693 x86: Adjust tst-cpu-features-supports.c for GCC 11
Check HAS_CPU_FEATURE instead of CPU_FEATURE_USABLE for FSGSBASE, IBT,
LM, SHSTK and XSAVES since FSGSBASE requires kernel support, IBT/SHSTK/LM
require OS support and XSAVES is supervisor-mode only.
2020-12-04 05:12:55 -08:00
H.J. Lu
2976082a38 x86: Set RDRAND usable if CPU supports RDRAND
Set RDRAND usable if CPU supports RDRAND.
2020-12-04 05:03:42 -08:00
Matheus Castanho
4f4bd9e47b elf: Add missing <stddef.h> header to elf/dl-hwcaps.h
The lack of this header makes size_t unavailable on builds configured
with --disable-tunables, causing compilation errors.
2020-12-04 09:52:02 -03:00
Lukasz Majewski
135ca0a7cd lowlevellock-futex: Remove not used macros
Following macros: lll_futex_timed_lock_pi, lll_futex_clock_wait_bitset,
lll_futex_wait_requeue_pi, lll_futex_timed_wait_requeue_pi are not
used anymore so are eligible for removal.

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2020-12-04 10:04:38 +01:00
Lukasz Majewski
4ec2e73803 futex: Remove not used futex_reltimed_wait{_cancelable}
After gai_suspend and aio_suspend conversion to support 64 bit time and
hence rewriting the code to use only absolute variants of futex wait
functions (i.e. __futex_abstimed_wait64 and __futex_abstimed_wait_cancelable64)
futex_reltimed_wait{_cancelable} are not needed anymore and can be removed.

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2020-12-04 10:04:38 +01:00
Lukasz Majewski
47f78f3683 y2038: Convert gai_suspend to support 64 bit time
This change uses (in gai_misc.h):
- __futex_abstimed_wait64 (instead of futex_reltimed_wait)
- __futex_abstimed_wait_cancellable64
    	(instead of futex_reltimed_wait_cancellable)
        from ./sysdeps/nptl/futex-helpers.h

The gai_suspend() accepts relative timeout, which then is converted to
absolute one.

The i686-gnu port (HURD) do not define DONT_NEED_GAI_MISC_COND and as it
doesn't (yet) support 64 bit time it uses not converted
pthread_cond_timedwait().

The __gai_suspend() is supposed to be run on ports with __TIMESIZE !=64 and
__WORDSIZE==32. It internally utilizes __gai_suspend_time64() and hence the
conversion from 32 bit struct timespec to 64 bit one is required.

For ports supporting 64 bit time the __gai_suspend_time64() will be used
either via alias (to __gai_suspend when __TIMESIZE==64) or redirection
(when -D_TIME_BITS=64 is passed).

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
2020-12-04 10:04:38 +01:00
Lukasz Majewski
94551be902 symbols: Add defines for libanl's libanl_hidden_{def|proto}
The __gai_suspend_time64, which supports 64 bit time on ports with
__WORDSIZE == 32 && __TIMESIZE != 64, shall be exported from libanl
(the same library from which original gai_suspend is exported).

Up till now there were no defines for this library. This commit adds
them.
2020-12-04 10:04:38 +01:00
Florian Weimer
f267e1c9dd x86_64: Add glibc-hwcaps support
The subdirectories match those in the x86-64 psABI:

77566eb03b

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-04 09:36:02 +01:00
Florian Weimer
600d9e0c87 elf: Add glibc-hwcaps subdirectory support to ld.so cache processing
This recognizes the DL_CACHE_HWCAP_EXTENSION flag in cache entries,
and picks the supported cache entry with the highest priority.

The elf/tst-glibc-hwcaps-prepend-cache test documents a non-desired
aspect of the current cache implementation: If the cache selects a DSO
that does not exist on disk, _dl_map_object falls back to open_path,
which may or may not find an alternative implementation.  This is an
existing limitation that also applies to the legacy hwcaps processing
for ld.so.cache.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-04 09:35:43 +01:00
Florian Weimer
b44ac4f4c7 elf: Process glibc-hwcaps subdirectories in ldconfig
Libraries from these subdirectories are added to the cache
with a special hwcap bit DL_CACHE_HWCAP_EXTENSION, so that
they are ignored by older dynamic loaders.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-04 09:16:41 +01:00