These are called from the kernel with the stack at a carefully-
chosen location so that the stack frame can be restored: they must not
move the stack pointer lest garbage be restored into the registers.
We explicitly inhibit protection for SPARC and for signal/sigreturn.c:
other arches either define their sigreturn stubs in .S files, or (i386,
x86_64, mips) use macros expanding to top-level asm blocks and explicit
labels in the text section to mock up a "function" without telling the
compiler that one is there at all.
Add a hidden __stack_chk_fail_local alias to libc.so,
and make sure that on targets which use __stack_chk_fail,
this does not introduce a local PLT reference into libc.so.
With all the machinery we just added, we can easily arrange to work even
when the compiler passes in -fstack-protector automatically: all the
necessary bits of glibc are always compiled with -fno-stack-protector
now.
So tear out the check in configure, and add appropriate calls to
-fno-stack-protector in tests that need them (largely those that use
-nostdlib), since we don't yet have a __stack_chk_fail that those
tests can rely upon. (GCC often provides one, but we cannot rely on
this, especially not when bootstrapping.)
When stack protection is disabled, explicitly pass -fno-stack-protector
to everything, to stop a compiler hacked to enable it from inserting
calls to __stack_chk_fail via the PLT in every object file.
The previous commit prevented rtld itself from being built with
-fstack-protector, but this is not quite enough. We identify which
objects belong in rtld via a test link and analysis of the resulting
mapfile. That link is necessarily done against objects that are
stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail,
and all the libc and libio code they use.
To stop this happening, use --defsym in the test librtld.map-production
link to force the linker to predefine these two symbols (to 0, but it
could be to anything). (In a real link, this would of course be
catastrophic, but these object files are never used for anything else.)
The startup code in csu/, and the brk and sbrk functions are
needed very early in initialization of a statically-linked program,
before the stack guard is initialized; TLS initialization also uses
memcpy, which cannot overrun its own stack. Mark all of these as
-fno-stack-protector.
We also finally introduce @libc_cv_ssp@ and @no_stack_protector@, both
substituted by the configury changes made earlier, to detect the case
when -fno-stack-protector is supported by the compiler, and
unconditionally pass it in when this is the case, whether or not
--enable-stack-protector is passed to configure. (This means that
it'll even work when the compiler's been hacked to pass
-fstack-protector by default, unless the hackage is so broken that
it does so in a way that is impossible to override.)
When dynamically linking, ifunc resolvers are called before TLS is
initialized, so they cannot be safely stack-protected.
We avoid disabling stack-protection on large numbers of files by
using __attribute__ ((__optimize__ ("-fno-stack-protector")))
to turn it off just for the resolvers themselves. (We provide
the attribute even when statically linking, because we will later
use it elsewhere too.)
The address of the stack canary is stored in a per-thread variable,
which means that we must ensure that the TLS area is intialized before
calling any -fstack-protector'ed functions. For dynamically linked
applications, we ensure this (in a later patch) by disabling
-fstack-protector for the whole dynamic linker, but for static
applications, the AT_ENTRY address is called directly by the kernel, so
we must deal with the problem differently.
In static appliations, __libc_setup_tls performs the TCB setup and TLS
initialization, so this commit arranges for it to be called early and
unconditionally. The call (and the stack guard initialization) is
before the DL_SYSDEP_OSCHECK hook, which if set will probably call
functions which are stack-protected (it does on Linux and NaCL too). We
also move apply_irel up, so that we can still safely call functions that
require ifuncs while in __libc_setup_tls (though if stack-protection is
enabled we still have to avoid calling functions that are not
stack-protected at this stage).
This adds =all and =strong, with obvious semantics, defaulting to off.
We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.
We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts. (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)
We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value
appropriate for the stack-protection level in use for each file in
particular.
The value of CPPFLAGS provided by the environment may have optimizations
that interfere with the pretty printer test requirements. To override
such optimizations the pretty printer tests must also specify CPPFLAGS.
The existing pretty printer tests are fixed and the
README.pretty-printers is updated with the new requirement.
The fix in commit 312be3f9f5 resolved
several cancellation issues in several APIs. This regression test is
designed to double check that at least getpwuid_r remainds correctly
implemented and does not provide additional unintended cancellation
points that may leave locks in an inconsistent state.
There is at least one use case where during exit a library destructor
might call dlclose() on a valid handle and have it fail with an
assertion. We must allow this case, it is a valid handle, and dlclose()
should not fail with an assert. In the future we might be able to return
an error that the dlclose() could not be completed because the opened
library has already been unloaded and destructors have run as part of
exit processing.
For more details see:
https://www.sourceware.org/ml/libc-alpha/2016-12/msg00859.html
If GDB prints an error message for a "python" command, include
that error message in the test log output, to simplify diagnosing
GDB/Python detection issues.
Add a configure check that looks for python3 and python in that order
since we had agreed in the past to prefer python3 over python in all
our code. The patch also adjusts invocations through the various
Makefiles to use the set variable.
* configure.ac: Check for python3 or python.
* configure: Regenerated.
* config.make.in (PYTHON): New variable.
* benchtests/Makefile: Don't define PYTHON.
(bench): Define target only if PYTHON was defined.
* Rules: Don't define PYTHON.
Define pretty printer targets only if PYTHON was defined.
(tests-printers): Add to tests-unsupported if PYTHON is not
found.
(python-flags, python-invoke): Remove.
(tests-printers-out): Use PYTHON instead of python-invoke.
The NEWS entry for the feature test macro
__STDC_WANT_IEC_60559_BFP_EXT__ describes the state of support for
that TS as "most features from that TS are not supported by the GNU C
Library". This patch updates it to say "not all features from that TS
are supported by the GNU C Library".
(The functions not yet supported are the fromfp functions - I'm
working on them, but they may not be done before the freeze - and the
functions round result to narrower type - which definitely won't be
started for 2.25, since they require significant infrastructure work.
That's 30 functions, which is less than half the number of functions
in the TS, so saying "most" now seems inaccurate.)
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
This patch updates texinfo.tex and various miscellaneous scripts to
their latest upstream versions. (There may be another update in early
January to bring in 2017 copyright dates, if the upstream versions get
updated with such dates promptly.)
Tested for x86_64.
* manual/texinfo.tex: Update to version 2016-09-18.18 with
trailing whitespace removed.
* scripts/config.guess: Update to version 2016-10-02.
* scripts/config.sub: Update to version 2016-11-19.
* scripts/install-sh: Update to version 2016-01-11.22.
* scripts/mkinstalldirs: Update to version 2016-01-11.22.
* scripts/move-if-change: Update to version 2016-01-11 22:04.
Currently strsep calls strpbrk is is now a veneer to strcspn. Calling
strcspn directly is faster. Since it handles a delimiter string of size
1 as a special case, this is not needed in strsep itself. Although this
means there is a slightly higher overhead if the delimiter size is 1,
all other cases are slightly faster. The overall performance gain is 5-10%
on AArch64.
The string/bits/string2.h header contains optimizations for constant
delimiters of size 1-3. Benchmarking these showed similar performance for
size 1 (since in all cases strchr/strchrnul is used), while size 2 and 3
can give up to 2x speedup for small input strings. However if these cases
are common it seems much better to add this optimization to strcspn.
So move these header optimizations to string-inlines.c.
Improve the strsep benchmark so that it actually benchmarks something.
The current version contains a delimiter character at every position in the
input string, so there is very little work to do, and the extremely inefficent
simple_strsep implementation appears fastest in every case. The new version
has either no match in the input for the fail case and a match halfway in the
input for the success case. The input is then restored so that each iteration
does exactly the same amount of work. Reduce the number of testcases since
simple_strsep takes a lot of time now.
* benchtests/bench-strsep.c (oldstrsep): Add old implementation.
(do_one_test) Restore original string so iteration works.
* string/string-inlines.c (do_test): Create better input strings.
(test_main) Reduce number of testruns.
* string/string-inlines.c (__old_strsep_1c): New function.
(__old_strsep_2c): Likewise.
(__old_strsep_3c): Likewise.
* string/strsep.c (__strsep): Remove case of small delim string.
Call strcspn directly rather than strpbrk.
* string/bits/string2.h (__strsep): Remove define.
(__strsep_1c): Remove.
(__strsep_2c): Remove.
(__strsep_3c): Remove.
(strsep): Remove.
* sysdeps/unix/sysv/linux/internal_statvfs.c
(__statvfs_getflags): Rename to __strsep.
Commit 7a5e3d9d63 (elf: Assume TLS is
initialized in _dl_map_object_from_fd) removed the last call of
_dl_tls_setup, but did not remove the function itself.
With stack protection enabled, these files have external symbol
references for the first time, so the fact that they are not compiled
with -fPIE and are then linked into a -pie binary starts to hurt.
Stack-protection on .o files in csu/ must be suppressed for the sake of
library startup code. This also suppresses stack-protection in tests
(which are also covered by CFLAGS-.o), though this is neither necessary
nor desirable.
So impose the rule that .o files in csu/ are necessarily C startup code,
and move the few tests in there into misc/ instead.
Texinfo @vindex commands add entries to the Variable and Constant
Macro Index. Similarly, @items in @vtables are automatically indexed.
A number of @tables exist where all @items are @vindexed or all @items
are variables, but not indexed, suggesting an optimization by
converting such @tables to @vtables and dropping the @vindex.
Using a @vtable provides a context for processing @items whereby it
can be known the @items should have header and standards annotations.
This commit converts @tables of such @items to @vtables in order to
establish a framework for automated processing.
A pleasant consequence of these changes is that @items previously
lacking a @vindex are present in the Variable and Constant Macro Index
now. @vindex entries previously detected by summary.awk will still be
detected as @items with appropriate annotations.
The @vtable of the NSS databases is converted to a @table because 1)
those @items are not variables (and will no longer appear in the
Variable and Constant Macro Index) and 2) they do not need header and
standards annotations, so the incorrect context is fixed.
* manual/nss.texi: Change incorrect @vtable to @table.
* manual/arith.texi: Convert @tables of variables to @vtables
and remove unnecessary indexing.
* manual/filesys.texi: Likewise.
* manual/llio.texi: Likewise.
* manual/memory.texi: Likewise.
* manual/process.texi: Likewise.
* manual/resource.texi: Likewise.
* manual/search.texi: Likewise.
* manual/signal.texi: Likewise.
* manual/socket.texi: Likewise.
* manual/stdio.texi: Likewise.
* manual/sysinfo.texi: Likewise.
* manual/syslog.texi: Likewise.
* manual/terminal.texi: Likewise.
* manual/time.texi: Likewise.
* manual/users.texi: Likewise.
TS 18661-1 defines roundeven functions that round a floating-point
number to the nearest integer, in that floating-point type, with ties
rounding to even (whereas the round functions round ties away from
zero). As with other such functions, they raise no exceptions apart
from "invalid" for signaling NaNs. There was a previous user request
for this functionality in glibc in
<https://sourceware.org/ml/libc-help/2015-02/msg00005.html>.
This patch implements these functions for glibc. The implementations
use integer bit-manipulation (or roundeven on the high and low parts,
in the IBM long double case). It's possible that there may be faster
approaches on some architectures (in particular, on AArch64 the frintn
instruction should do exactly what's required); I'll leave it to
architecture maintainers or others interested to implement such
architecture-specific versions if desired. (Where architectures have
instructions to round to nearest integer in the current rounding mode,
implementations saving and restoring the rounding mode - and dealing
with exceptions if those instructions generate "inexact" - are also
possible, though their performance depends on the cost of manipulating
exceptions / rounding mode state.)
Tested for x86_64, x86, mips64 and powerpc.
* math/bits/mathcalls.h [__GLIBC_USE (IEC_60559_BFP_EXT)]
(roundeven): New declaration.
* math/tgmath.h [__GLIBC_USE (IEC_60559_BFP_EXT)] (roundeven): New
macro.
* math/Versions (roundeven): New libm symbol at version
GLIBC_2.25.
(roundevenf): Likewise.
(roundevenl): Likewise.
* math/Makefile (libm-calls): Add s_roundevenF.
* math/libm-test.inc (roundeven_test_data): New array.
(roundeven_test): New function.
(main): Call roundeven_test.
* math/test-tgmath.c (NCALLS): Increase to 134.
(F(compile_test)): Call roundeven.
(F(roundeven)): New function.
* manual/arith.texi (Rounding Functions): Document roundeven,
roundevenf and roundevenl.
* manual/libm-err-tab.pl (@all_functions): Add roundeven.
* include/math.h (roundeven): Use libm_hidden_proto.
* sysdeps/ieee754/dbl-64/s_roundeven.c: New file.
* sysdeps/ieee754/dbl-64/wordsize-64/s_roundeven.c: Likewise.
* sysdeps/ieee754/flt-32/s_roundevenf.c: Likewise.
* sysdeps/ieee754/ldbl-128/s_roundevenl.c: Likewise.
* sysdeps/ieee754/ldbl-128ibm/s_roundevenl.c: Likewise.
* sysdeps/ieee754/ldbl-96/s_roundevenl.c: Likewise.
* sysdeps/ieee754/ldbl-opt/Makefile (libnldbl-calls): Add
roundeven.
(CFLAGS-nldbl-roundeven.c): New variable.
* sysdeps/ieee754/ldbl-opt/nldbl-roundeven.c: New file.
* sysdeps/nacl/libm.abilist: Update.
* sysdeps/unix/sysv/linux/aarch64/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/alpha/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/arm/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/hppa/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/i386/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/ia64/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/m68k/coldfire/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/m68k/m680x0/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/microblaze/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/nios2/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libm.abilist:
Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libm.abilist:
Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libm-le.abilist:
Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libm.abilist:
Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/s390/s390-64/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/sh/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc32/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libm.abilist:
Likewise.
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libm.abilist:
Likewise.
* sysdeps/unix/sysv/linux/tile/tilepro/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/x86_64/64/libm.abilist: Likewise.
* sysdeps/unix/sysv/linux/x86_64/x32/libm.abilist: Likewise.
In order to support float128 tests, the calls to snprintf, which does
not support the type __float128, are replaced with calls to
strfrom{f,d,l}.
Tested for powerpc64le, s390, and x64_64.
This patch decrements the adapt_count while unlocking the futex
instead of before aquiring the futex as it is done on power, too.
Furthermore a transaction is only started if the futex is currently free.
This check is done after starting the transaction, too.
If the futex is not free and the transaction nesting depth is one,
we can simply end the started transaction instead of aborting it.
The implementation of this check was faulty as it always ended the
started transaction. By using the fallback path, the the outermost
transaction was aborted. Now the outermost transaction is aborted
directly.
This patch also adds some commentary and aligns the code in
elision-trylock.c to the code in elision-lock.c as possible.
ChangeLog:
* sysdeps/unix/sysv/linux/s390/lowlevellock.h
(__lll_unlock_elision, lll_unlock_elision): Add adapt_count argument.
* sysdeps/unix/sysv/linux/s390/elision-lock.c:
(__lll_lock_elision): Decrement adapt_count while unlocking
instead of before locking.
* sysdeps/unix/sysv/linux/s390/elision-trylock.c
(__lll_trylock_elision): Likewise.
* sysdeps/unix/sysv/linux/s390/elision-unlock.c:
(__lll_unlock_elision): Likewise.
This patch implements __libc_tbegin_retry macro which is equivalent to
gcc builtin __builtin_tbegin_retry, except the changes which were applied
to __libc_tbegin in the previous patch.
If tbegin aborts with _HTM_TBEGIN_TRANSIENT. Then this macros restores
the fpc, fprs and automatically retries up to retry_cnt tbegins.
Further saving of the state is omitted as it is already saved in the
first round. Before retrying a further transaction, the
transaction-abort-assist instruction is used to support the cpu.
This macro is now used in function __lll_lock_elision.
ChangeLog:
* sysdeps/unix/sysv/linux/s390/htm.h(__libc_tbegin_retry): New macro.
* sysdeps/unix/sysv/linux/s390/elision-lock.c (__lll_lock_elision):
Use __libc_tbegin_retry macro.
This patch defines __libc_tbegin, __libc_tend, __libc_tabort and
__libc_tx_nesting_depth in htm.h which replaces the direct usage of
equivalent gcc builtins.
We have to use an own inline assembly instead of __builtin_tbegin,
as tbegin has to filter program interruptions which can't be done with
the builtin. Before this change, e.g. a segmentation fault within a
transaction, leads to a coredump where the instruction pointer points
behind the tbegin instruction instead of real failing one.
Now the transaction aborts and the code should be reexecuted by the
fallback path without transactions. The segmentation fault will
produce a coredump with the real failing instruction.
The fpc is not saved before starting the transaction. If e.g. the
rounging mode is changed and the transaction is aborting afterwards,
the builtin will not restore the fpc. This is now done with the
__libc_tbegin macro.
Now the call saved fprs have to be saved / restored in the
__libc_tbegin macro. Using the gcc builtin had forced the saving /
restoring of fprs at begin / end of e.g. __lll_lock_elision function.
The new macro saves these fprs before tbegin instruction and only
restores them on a transaction abort. Restoring is not needed on
a successfully started transaction.
The used inline assembly does not clobber the fprs / vrs!
Clobbering the latter ones would force the compiler to save / restore
the call saved fprs as those overlap with the vrs, but they only
need to be restored if the transaction fails. Thus the user of the
tbegin macros has to compile the file / function with -msoft-float.
It prevents gcc from using fprs / vrs.
ChangeLog:
* sysdeps/unix/sysv/linux/s390/Makefile (elision-CFLAGS):
Add -msoft-float.
* sysdeps/unix/sysv/linux/s390/htm.h: New File.
* sysdeps/unix/sysv/linux/s390/elision-lock.c:
Use __libc_t* transaction macros instead of __builtin_t*.
* sysdeps/unix/sysv/linux/s390/elision-trylock.c: Likewise.
* sysdeps/unix/sysv/linux/s390/elision-unlock.c: Likewise.
This uses atomic operations to access lock elision metadata that is accessed
concurrently (ie, adapt_count fields). The size of the data is less than a
word but accessed only with atomic loads and stores.
See also x86 commit ca6e601a9d:
"Use C11-like atomics instead of plain memory accesses in x86 lock elision."
ChangeLog:
* sysdeps/unix/sysv/linux/s390/elision-lock.c
(__lll_lock_elision): Use atomics to load / store adapt_count.
* sysdeps/unix/sysv/linux/s390/elision-trylock.c
(__lll_trylock_elision): Likewise.
Some targets fail to apply dead store elimination to the
memset call in setup_ordinary_clear. Before this commit,
this causes the test case to fail. Instead, the test case
now logs lack of memset elimination as an informational
message.
Assume that Thread 1 waits to acquire a robust mutex using futexes to
block (and thus sets the FUTEX_WAITERS flag), and is unblocked when this
mutex is released. If Thread 2 concurrently acquires the lock and is
killed, Thread 1 can recover from the died owner but fail to restore the
FUTEX_WAITERS flag. This can lead to a Thread 3 that also blocked using
futexes at the same time as Thread 1 to not get woken up because
FUTEX_WAITERS is not set anymore.
The fix for this is to ensure that we continue to preserve the
FUTEX_WAITERS flag whenever we may have set it or shared it with another
thread. This is the same requirement as in the algorithm for normal
mutexes, only that the robust mutexes need additional handling for died
owners and thus preserving the FUTEX_WAITERS flag cannot be done just in
the futex slowpath code.
[BZ #20973]
* nptl/pthread_mutex_lock.c (__pthread_mutex_lock_full): Fix lost
wake-up in robust mutexes.
* nptl/pthread_mutex_timedlock.c (pthread_mutex_timedlock): Likewise.
This patch adds fmaxf and fminf benchtests. It is based on
math/s_fmax_template.c implementation which checks for basically four
different classes:
1. if x is greater or equal than y.
2. if x is less than y.
3. if x or y is signaling.
4. if y is nan.
Cases 1 and 2 are used for default input number (by mixing normal double
numbers and infinity), while case 3 and 4 are used each for on for a
benchmark class.
Checked on x86_64-linux-gnu and powerpc64-linux-gnu.
* benchtests/Makefile (bench-math): Add fminf and fmaxf.
(CFLAGS-bench-fmaxf.c): New rule.
(CFLAGS-bench-fminf.c): Likewise.
* benchtests/fmaxf-inputs: New file.
* benchtests/fminf-inputs: Likewise.
This patch adds fmax and fmin benchtests. It is based math/s_fmax_template.c
implementation which checks for basically four different classes:
1. if x is greater or equal than y.
2. if x is less than y.
3. if x or y is signaling.
4. if y is nan.
Cases 1 and 2 are used for default input number (by mixing normal double
numbers and infinity), while case 3 and 4 are used each for on for a
benchmark class.
Checked on x86_64-linux-gnu and powerpc64-linux-gnu.
* benchtests/Makefile (bench-math): Add fmin and fmax.
(CFLAGS-bench-fmax.c): New rule.
(CFLAGS-bench-fmin.c): New rule.
* benchtests/fmax-inputs: New file.
* benchtests/fmin-inputs: Likewise.
Patch disables Intel TSX on some Haswell processors to avoid TSX
on kernels that weren't updated with the latest microcode package
(which disables broken feature by default).
* sysdeps/x86/cpu-features.c (get_common_indeces): Add
stepping identification.
(init_cpu_features): Add handle of Haswell.
* assert/assert.h (assert): Rewrite assert's definition so that
a s/==/=/ typo, e.g., assert(errno = ENOENT) is not hidden from
gcc's -Wparentheses by assert-added parentheses. The new definition
uses "if (expr) /* empty */; else __assert_fail...", so
gcc -Wall will now detect that type of error in an assert, too.
The __STRICT_ANSI__ disjunct is to make this work also with both
-ansi and -pedantic, which would reject the use of ({...}).
I would have preferred to use __extension__ to mark that, but
doing so would mistakenly suppress warnings about any extension
in the user-supplied "expr".
E.g., "assert ( ({1;}) )" must continue to evoke a warning.
Benchsets in benchtests use test-skeleton, so they too need to be
linked against the new libsupport DSO.
* benchtests/Makefile (binaries-benchset): Depend on libsupport
DSO.
Without -B, python invocations may result in generation of pyc files
for modules within the source tree, which does not work well when the
source tree is read-only.
2016-12-17 Martin Galvan <martingalvan@sourceware.org>
* Rules (python-flags, python-invoke): New.
($(test-printers-out)): Use $(python-flags).
TS 18661-1 says that "Whether a signaling NaN input causes a domain
error is implementation-defined.". Considering it a domain error
would (given glibc's math_errhandling definition) mean setting errno
to EDOM. glibc consistently does not set errno for sNaN inputs
(unless it does so for qNaN as well, i.e. iseqsig), so this patch adds
documentation of the implementation-defined choice not to treat this
case as a domain error.
* manual/arith.texi (Math Error Reporting): Document that sNaN
arguments are not considered domain errors.
explicit_bzero(s, n) is the same as memset(s, 0, n), except that the
compiler is not allowed to delete a call to explicit_bzero even if the
memory pointed to by 's' is dead after the call. Right now, this effect
is achieved externally by having explicit_bzero be a function whose
semantics are unknown to the compiler, and internally, with a no-op
asm statement that clobbers memory. This does mean that small
explicit_bzero operations cannot be expanded inline as small memset
operations can, but on the other hand, small memset operations do get
deleted by the compiler. Hopefully full compiler support for
explicit_bzero will happen relatively soon.
There are two new tests: test-explicit_bzero.c verifies the
visible semantics in the same way as the existing test-bzero.c,
and tst-xbzero-opt.c verifies the not-being-optimized-out property.
The latter is conceptually based on a test written by Matthew Dempsky
for the OpenBSD regression suite.
The crypt() implementation has an immediate use for this new feature.
We avoid having to add a GLIBC_PRIVATE alias for explicit_bzero
by running all of libcrypt's calls through the fortified variant,
__explicit_bzero_chk, which is in the impl namespace anyway. Currently
I'm not aware of anything in libc proper that needs this, but the
glue is all in place if it does become necessary. The legacy DES
implementation wasn't bothering to clear its buffers, so I added that,
mostly for consistency's sake.
* string/explicit_bzero.c: New routine.
* string/test-explicit_bzero.c, string/tst-xbzero-opt.c: New tests.
* string/Makefile (routines, strop-tests, tests): Add them.
* string/test-memset.c: Add ifdeffage for testing explicit_bzero.
* string/string.h [__USE_MISC]: Declare explicit_bzero.
* debug/explicit_bzero_chk.c: New routine.
* debug/Makefile (routines): Add it.
* debug/tst-chk1.c: Test fortification of explicit_bzero.
* string/bits/string3.h: Fortify explicit_bzero.
* manual/string.texi: Document explicit_bzero.
* NEWS: Mention addition of explicit_bzero.
* crypt/crypt-entry.c (__crypt_r): Clear key-dependent intermediate
data before returning, using explicit_bzero.
* crypt/md5-crypt.c (__md5_crypt_r): Likewise.
* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
* include/string.h: Redirect internal uses of explicit_bzero
to __explicit_bzero_chk[_internal].
* string/Versions [GLIBC_2.25]: Add explicit_bzero.
* debug/Versions [GLIBC_2.25]: Add __explicit_bzero_chk.
* sysdeps/arm/nacl/libc.abilist
* sysdeps/unix/sysv/linux/aarch64/libc.abilist
* sysdeps/unix/sysv/linux/alpha/libc.abilist
* sysdeps/unix/sysv/linux/arm/libc.abilist
* sysdeps/unix/sysv/linux/hppa/libc.abilist
* sysdeps/unix/sysv/linux/i386/libc.abilist
* sysdeps/unix/sysv/linux/ia64/libc.abilist
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist
* sysdeps/unix/sysv/linux/microblaze/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
* sysdeps/unix/sysv/linux/nios2/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist
* sysdeps/unix/sysv/linux/sh/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist:
Add entries for explicit_bzero and __explicit_bzero_chk.
TS 18661-1 defines a macro FE_SNANS_ALWAYS_SIGNAL in <fenv.h>, to
indicate that the recommended practice regarding sNaNs (that
operations always produce a qNaN output with "invalid" exception, even
in the fmax / fmin / hypot / pow cases where a qNaN input would not
result in qNaN output) is followed.
Now that those functions with C99 special cases for NaNs have been
fixed not to apply those special cases to sNaN, only to qNaN, glibc
follows that recommended practice. This patch makes it define the
corresponding macro.
Since compiler optimizations may affect whether sNaNs behave as
expected and the macro relates to both language and library features,
it is only defined if __SUPPORT_SNAN__ is defined (which GCC defines
for -fsignaling-nans). It is also not defined if FE_INVALID is
undefined, since the recommended practice specifically refers to
raising the "invalid" exception, so it seems inappropriate to define
the macro for soft-float cases without support for exceptions.
(Further refinement would be possible in cases where bits/fenv.h is
shared by configurations both with and without exceptions support.)
Tested for x86_64 and x86, and also did compile-only testing for nios2
to cover the no-exceptions case.
* math/fenv.h
[__GLIBC_USE (IEC_60559_BFP_EXT) && FE_INVALID && __SUPPORT_SNAN__]
(FE_SNANS_ALWAYS_SIGNAL): New macro.
* math/test-fe-snans-always-signal.c: New file.
* math/Makefile (tests): Add test-fe-snans-always-signal.
(CFLAGS-test-fe-snans-always-signal.c): New variable.
* manual/arith.texi (Infinity and NaN): Document
FE_SNANS_ALWAYS_SIGNAL.
When build-many-glibcs.py re-execs itself with execv, any buffered
output on stdout may be lost (in particular, messages intended to go
to a bot's log about the re-exec taking place). This patch makes it
flush stdout before execv, similar to the flush before running a
subprocess from the bot that is done to ensure output appears in the
right order.
* scripts/build-many-glibcs.py (Context.exec_self): Flush stdout
before calling execv.
Current optimized powercp64/power7 memchr uses a strategy to check for
p versus align(p+n) (where 'p' is the input char pointer and n the
maximum size to check for the byte) without taking care for possible
overflow on the pointer addition in case of large 'n'.
It was triggered by 3038145ca2 where default rawmemchr (used to
created ppc64 rawmemchr in ifunc selection) now uses memchr (p, c, (size_t)-1)
on its implementation.
This patch fixes it by implement a satured addition where overflows
sets the maximum pointer size to UINTPTR_MAX.
Checked on powerpc64le-linux-gnu.
[BZ# 20971]
* sysdeps/powerpc/powerpc64/power7/memchr.S (__memchr): Avoid
overflow in pointer addition.
* string/test-memchr.c (do_test): Add an argument to pass as
the size on memchr.
(test_main): Add check for SIZE_MAX.