Tell the compiler that xmalloc family of allocators always return
non-NULL. xrealloc in locale/programs also always returns non-NULL,
but that conflicts with default realloc behaviour and that of xrealloc
in libsupport, so keep it as is for now and resolve the differences
later.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Remove all malloc hook uses from core malloc functions and move it
into a new library libc_malloc_debug.so. With this, the hooks now no
longer have any effect on the core library.
libc_malloc_debug.so is a malloc interposer that needs to be preloaded
to get hooks functionality back so that the debugging features that
depend on the hooks, i.e. malloc-check, mcheck and mtrace work again.
Without the preloaded DSO these debugging features will be nops.
These features will be ported away from hooks in subsequent patches.
Similarly, legacy applications that need hooks functionality need to
preload libc_malloc_debug.so.
The symbols exported by libc_malloc_debug.so are maintained at exactly
the same version as libc.so.
Finally, static binaries will no longer be able to use malloc
debugging features since they cannot preload the debugging DSO.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
As a result, is not necessary to specify __attribute__ ((nocommon))
on individual definitions.
GCC 10 defaults to -fno-common on all architectures except ARC,
but this change is compatible with older GCC versions and ARC, too.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
librt.so is no longer installed for PTHREAD_IN_LIBC, and tests
are not linked against it. $(librt) is introduced globally for
shared tests that need to be linked for both PTHREAD_IN_LIBC
and !PTHREAD_IN_LIBC.
GLIBC_PRIVATE symbols that were needed during the transition are
removed again.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
For !__ASSUME_TIME64_SYSCALLS there is no need to issue a 64-bit syscall
if the provided timeout fits in a 32-bit one. The 64-bit usage should
be rare since the timeout is a relative one. This also avoids the need
to use supports_time64() (which breaks the usage case of live migration
like CRIU or similar).
It also fixes an issue on 32-bit select call for !__ASSUME_PSELECT
(microblase with older kernels only) where the expected timeout
is a 'struct timeval' instead of 'struct timespec'.
Checked on i686-linux-gnu on a 4.15 kernel and on a 5.11 kernel
(with and without --enable-kernel=5.1) and on x86_64-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
For !__ASSUME_TIME64_SYSCALLS there is no need to issue a 64-bit syscall
if the provided timeout fits in a 32-bit one. The 64-bit usage should
be rare since the timeout is a relative one. This also avoids the need
to use supports_time64() (which breaks the usage case of live migration
like CRIU or similar).
Checked on i686-linux-gnu on a 4.15 kernel and on a 5.11 kernel
(with and without --enable-kernel=5.1) and on x86_64-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
A new build flag, _TIME_BITS, enables the usage of the newer 64-bit
time symbols for legacy ABI (where 32-bit time_t is default). The 64
bit time support is only enabled if LFS (_FILE_OFFSET_BITS=64) is
also used.
Different than LFS support, the y2038 symbols are added only for the
required ABIs (armhf, csky, hppa, i386, m68k, microblaze, mips32,
mips64-n32, nios2, powerpc32, sparc32, s390-32, and sh). The ABIs with
64-bit time support are unchanged, both for symbol and types
redirection.
On Linux the full 64-bit time support requires a minimum of kernel
version v5.1. Otherwise, the 32-bit fallbacks are used and might
results in error with overflow return code (EOVERFLOW).
The i686-gnu does not yet support 64-bit time.
This patch exports following rediretions to support 64-bit time:
* libc:
adjtime
adjtimex
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
cnd_timedwait
ctime
ctime_r
difftime
fstat
fstatat
futimens
futimes
futimesat
getitimer
getrusage
gettimeofday
gmtime
gmtime_r
localtime
localtime_r
lstat_time
lutimes
mktime
msgctl
mtx_timedlock
nanosleep
nanosleep
ntp_gettime
ntp_gettimex
ppoll
pselec
pselect
pthread_clockjoin_np
pthread_cond_clockwait
pthread_cond_timedwait
pthread_mutex_clocklock
pthread_mutex_timedlock
pthread_rwlock_clockrdlock
pthread_rwlock_clockwrlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_timedjoin_np
recvmmsg
sched_rr_get_interval
select
sem_clockwait
semctl
semtimedop
sem_timedwait
setitimer
settimeofday
shmctl
sigtimedwait
stat
thrd_sleep
time
timegm
timerfd_gettime
timerfd_settime
timespec_get
utime
utimensat
utimes
utimes
wait3
wait4
* librt:
aio_suspend
mq_timedreceive
mq_timedsend
timer_gettime
timer_settime
* libanl:
gai_suspend
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
This commit removes the ELF constructor and internal variables from
dlfcn/dlfcn.c. The file now serves the same purpose as
nptl/libpthread-compat.c, so it is renamed to dlfcn/libdl-compat.c.
The use of libdl-shared-only-routines ensures that libdl.a is empty.
This commit adjusts the test suite not to use $(libdl). The libdl.so
symbolic link is no longer installed.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To help detect common kinds of memory (and other resource) management
bugs, GCC 11 adds support for the detection of mismatched calls to
allocation and deallocation functions. At each call site to a known
deallocation function GCC checks the set of allocation functions
the former can be paired with and, if the two don't match, issues
a -Wmismatched-dealloc warning (something similar happens in C++
for mismatched calls to new and delete). GCC also uses the same
mechanism to detect attempts to deallocate objects not allocated
by any allocation function (or pointers past the first byte into
allocated objects) by -Wfree-nonheap-object.
This support is enabled for built-in functions like malloc and free.
To extend it beyond those, GCC extends attribute malloc to designate
a deallocation function to which pointers returned from the allocation
function may be passed to deallocate the allocated objects. Another,
optional argument designates the positional argument to which
the pointer must be passed.
This change is the first step in enabling this extended support for
Glibc.
In a default build for x86_64, size decreased by 24 bytes:
1883294 to 1883270.
Aditionally, avoids repeating the number printing logic in multiple
places.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This change continues the improvements to compile-time out of bounds
checking by decorating more APIs with either attribute access, or by
explicitly providing the array bound in APIs such as tmpnam() that
expect arrays of some minimum size as arguments. (The latter feature
is new in GCC 11.)
The only effects of the attribute and/or the array bound is to check
and diagnose calls to the functions that fail to provide a sufficient
number of elements, and the definitions of the functions that access
elements outside the specified bounds. (There is no interplay with
_FORTIFY_SOURCE here yet.)
Tested with GCC 7 through 11 on x86_64-linux.
The symbols were moved using move-symbol-to-libc.py.
Both functions are moved at the same time because they depend
on internal functions in sysdeps/pthread/sem_routines.c, which
are moved in this commit as well. Additional hidden prototypes
are required to avoid check-localplt failures.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
GCC 11 warns when a pointer to an uninitialized object is passed
to a function that takes a const-qualified argument. This is done
on the assumption that most such functions read from the object.
For the rare case of a function that doesn't, GCC 11 extends
attribute access to add a new mode called none.
POSIX pthread_setspecific() is one such rare function that takes
a const void* argument but that doesn't read from the object it
points to. To suppress the -Wmaybe-uninitialized issued by GCC
11 when the address of an uninitialized object is passed to it
(e.g., the result of malloc()), this change #defines
__attr_access_none in cdefs.h and uses the macro on the function
in sysdeps/htl/pthread.h and sysdeps/nptl/pthread.h.
No new symbol version is required because there was a forwarder.
The symbol has been moved using scripts/move-symbol-to-libc.py.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The syslog open the '/dev/console' for LOG_CONS without O_CLOEXEC,
which might leak in multithread programs that call fork.
Checked on x86_64-linux-gnu.
MSG_NOSIGNAL was added on POSIX 2008 and Hurd seems to support it.
The SIGPIPE handling also makes the implementation not thread-safe
(due the sigaction usage).
Checked on x86_64-linux-gnu.
POSIX states for syslog [1]:
"Values of the priority argument are formed by OR'ing together a
severity-level value and an optional facility value. If no
facility value is specified, the current default facility value is
used."
So the patch fixes an existing violation of the openlog interface contract
where it is ignoring the facility argument when the value is zero
It allows the use LOG_KERN by calling openlog prior syslog usage.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
[1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/syslog.html
The commit 2433d39b69, which added time64 support to select, changed
the function to use __NR_pselect6 (or __NR_pelect6_time64) on all
architectures. However, on architectures where the symbol was
implemented with __NR_select the kernel normalizes the passed timeout
instead of return EINVAL. For instance, the input timeval
{ 0, 5000000 } is interpreted as { 5, 0 }.
And as indicated by BZ #27651, this semantic seems to be expected
and changing it results in some performance issues (most likely
the program does not check the return code and keeps issuing
select with unormalized tv_usec argument).
To avoid a different semantic depending whether which syscall the
architecture used to issue, select now always normalize the timeout
input. This is a slight change for some ABIs (for instance aarch64).
Checked on x86_64-linux-gnu and i686-linux-gnu.
Instead of polling the stderr, create two pipes and fork to check
if child timeout as expected similar to tst-pselect.c. Also lower
the timeout value.
Checked on x86_64-linux-gnu.
This change adds new test to assess select()'s timeout related
functionality (the rdfs set provides valid fd - stderr - but during
normal program operation there is no data to be read, so one just
waits for timeout).
To be more specific - two use cases are checked:
- if select() times out immediately when passed struct timeval has
zero values of tv_usec and tv_sec.
- if select() times out after timeout specified in passed argument
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This will be used to consolidate the libgcc_s access for backtrace
and pthread_cancel.
Unlike the existing backtrace implementations, it provides some
hardening based on pointer mangling.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
It adds __glibc_has_builtin, __glibc_has_extension, and
__attribute_maybe_unused__ alongsize with some fixes.
The differences are:
--- glibc
+++ gnulib
@@ -259,7 +259,9 @@
# define __attribute_const__ /* Ignore */
#endif
-#if __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__)
+#if defined __STDC_VERSION__ && 201710L < __STDC_VERSION__
+# define __attribute_maybe_unused__ [[__maybe_unused__]]
+#elif __GNUC_PREREQ (2,7) || __glibc_has_attribute (__unused__)
# define __attribute_maybe_unused__ __attribute__ ((__unused__))
#else
# define __attribute_maybe_unused__ /* Ignore */
@@ -485,7 +487,7 @@
/* The #ifndef lets Gnulib avoid including these on non-glibc
platforms, where the includes typically do not exist. */
-#ifdef __GLIBC__
+#ifndef __WORDSIZE
# include <bits/wordsize.h>
# include <bits/long-double.h>
#endif
The [[__attribute_maybe_unused__]] attribute removal __ is due Joseph
questioning gcc support with -std=c2x or -std=gnu2x [1].
The _WORDSIZE replacement by __GLIBC__ is because it does not play
well with internal cdefs.h that also uses
__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI.
Checked on x86_64-linux-gnu.
[1] https://sourceware.org/pipermail/libc-alpha/2021-January/121600.html
Extern symbol access in position independent code usually involves GOT
indirection which needs RELATIVE reloc in a static linked PIE. (On
some targets this is avoided e.g. because the linker can relax a GOT
access to a pc-relative access, but this is not generally true.) Code
that runs before static PIE self relocation must avoid relying on
dynamic relocations which can be ensured by using hidden visibility.
However we cannot just make all symbols hidden:
On i386, all calls to IFUNC functions must go through PLT and calls to
hidden functions CANNOT go through PLT in PIE since EBX used in PIE PLT
may not be set up for local calls to hidden IFUNC functions.
This patch aims to make symbol references hidden in code that is used
before and by _dl_relocate_static_pie when building a static PIE libc.
Note: for an object that is used in the startup code, its references
and definition may not have consistent visibility: it is only forced
hidden in the startup code.
This is needed for fixing bug 27072.
Co-authored-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
__putc_unlocked is guaranteed to be inlined all the time as opposed to
fputc_unlocked, which does not get inlined when glibc is built with
-Os.
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
Introduce a new _FORTIFY_SOURCE level of 3 to enable additional
fortifications that may have a noticeable performance impact, allowing
more fortification coverage at the cost of some performance.
With llvm 9.0 or later, this will replace the use of
__builtin_object_size with __builtin_dynamic_object_size.
__builtin_dynamic_object_size
-----------------------------
__builtin_dynamic_object_size is an LLVM builtin that is similar to
__builtin_object_size. In addition to what __builtin_object_size
does, i.e. replace the builtin call with a constant object size,
__builtin_dynamic_object_size will replace the call site with an
expression that evaluates to the object size, thus expanding its
applicability. In practice, __builtin_dynamic_object_size evaluates
these expressions through malloc/calloc calls that it can associate
with the object being evaluated.
A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss
this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of
__builtin_dynamic_object_size is able to emit __memcpy_chk with the
allocation size expression passed into the function:
void *copy_obj (const void *src, size_t alloc, size_t copysize)
{
void *obj = malloc (alloc);
memcpy (obj, src, copysize);
return obj;
}
Limitations
-----------
If the object was allocated elsewhere that the compiler cannot see, or
if it was allocated in the function with a function that the compiler
does not recognize as an allocator then __builtin_dynamic_object_size
also returns -1.
Further, the expression used to compute object size may be non-trivial
and may potentially incur a noticeable performance impact. These
fortifications are hence enabled at a new _FORTIFY_SOURCE level to
allow developers to make a choice on the tradeoff according to their
environment.
The addmntent function replicates elements of struct mnt on stack
using alloca, which is unsafe. Put characters directly into the
stream, escaping them as they're being written out.
Also add a test to check all escaped characters with addmntent and
getmntent.
Change sbrk to fail for !__libc_initial (in the generic
implementation). As a result, sbrk is (relatively) safe to use
for the __libc_initial case (from the main libc). It is therefore
no longer necessary to avoid using it in that case (or updating the
brk cache), and the __libc_initial flag does not need to be updated
as part of dlmopen or static dlopen.
As before, direct brk system calls on Linux may lead to memory
corruption.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The tls.h inclusion is not really required and limits possible
definition on more arch specific headers.
This is a cleanup to allow inline functions on sysdep.h, more
specifically on i386 and ia64 which requires to access some tls
definitions its own.
No semantic changes expected, checked with a build against all
affected ABIs.
GCC 11 introduces a -Wstringop-overflow warning for calls to functions
with an array argument passed as a pointer to memory not large enough
for that array. This includes the __sigsetjmp calls from
pthread_cleanup_push macros, because those use a structure in
__pthread_unwind_buf_t, which has a common initial subsequence with
jmp_buf but does not include the saved signal mask; this is OK in this
case because the second argument to __sigsetjmp is 0 so the signal
mask is not accessed.
To avoid this warning, use a function alias __sigsetjmp_cancel with
first argument an array of exactly the type used in the calls to the
function, if using GCC 11 or later. With older compilers, continue to
use __sigsetjmp with a cast, to avoid any issues with compilers
predating the returns_twice attribute not applying the same special
handling to __sigsetjmp_cancel as to __sigsetjmp.
Tested with build-many-glibcs.py for arm-linux-gnueabi that this fixes
the testsuite build failures.
The explicit error return value (without in-band signaling) avoids
complicated steps to detect errors based on whether errno has been
updated.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
The __THROW macro and friends expand to "throw ()" for C++ code, but
that syntax is deprecated in C++11 and no longer supported at all since
C++20. In order for glibc headers to be compatible with C++20,
"noexcept" should be used instead.
This patch uses "noexcept (true)" rather than just "noexcept", which is
semantically equivalent, but avoids any possibility of parsing
ambiguities if the next preprocessor token happens to be an opening
parenthesis. This is probably unnecessary, but it seems safer to be
cautious.
It replaces the internal usage of __{f,l}xstat{at}{64} with the
__{f,l}stat{at}{64}. It should not change the generate code since
sys/stat.h explicit defines redirections to internal calls back to
xstat* symbols.
Checked with a build for all affected ABIs. I also check on
x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Properly serialize the access to the global state shared between the
syslog functions, to avoid races in multithreaded processes. Protect a
local allocation in the __vsyslog_internal function from leaking during
cancellation.
The variable is placed in libc.so, and it can be true only in
an outer libc, not libcs loaded via dlmopen or static dlopen.
Since thread creation from inner namespaces does not work,
pthread_create can update __libc_single_threaded directly.
Using __libc_early_init and its initial flag, implementation of this
variable is very straightforward. A future version may reset the flag
during fork (but not in an inner namespace), or after joining all
threads except one.
Reviewed-by: DJ Delorie <dj@redhat.com>
Adds the access attribute newly introduced in GCC 10 to the subset of
function declarations that are already covered by _FORTIFY_SOURCE and
that don't have corresponding GCC built-in equivalents.
Reviewed-by: DJ Delorie <dj@redhat.com>
Improve the commentary to aid future developers who will stumble
upon this novel, yet not always perfect, mechanism to support
alternative formats for long double.
Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to
__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work
has settled down. The command used was
git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \
xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g'
Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
This change should not have an effect because the system call was
never defined. Also add the misssing attribute_compat_text_section
attribute to the sstk function (a minor optimization). Also update the
NEWS file to document the change.
Fixes commit 9cc93ba097
("misc: Turn sstk into a compat symbol").
It is not implemented anywhere. There is an osf_sstk system call on
alpha, but it is not used to implement sstk, and the system call
is not implemented on Linux, either.
Add a test to pass 64-bit long arguments to syscall with undefined upper
32 bits on x32.
Tested on i386, x86-64 and x32 as well as with build-many-glibcs.py.
The new type struct fd_to_filename makes the allocation of the
backing storage explicit.
Hurd uses /dev/fd, not /proc/self/fd.
Co-Authored-By: Paul Eggert <eggert@cs.ucla.edu>
All functions that have a format string, which can consume a long double
argument, must have one version for each long double format supported on
a platform. On powerpc64le, these functions currently have two versions
(i.e.: long double with the same format as double, and long double with
IBM Extended Precision format). Support for a third long double format
option (i.e. long double with IEEE long double format) is being prepared
and all the aforementioned functions now have a third version (not yet
exported on the master branch, but the code is in).
For these functions to get selected (during build time), references to
them in user programs (or dependent libraries) must get redirected to
the aforementioned new versions of the functions. This patch installs
the header magic required to perform such redirections.
Notice, however, that since the redirections only happen when
__LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including
powerpc64le) currently does it, no redirections actually happen.
Redirections and the exporting of the new functions will happen at the
same time (when powerpc64le adds ldbl-128ibm-compat to their Implies.
Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
This patch adds IEEE long double versions of q*cvt* functions for
powerpc64le. Unlike all other long double to/from string conversion
functions, these do not rely on internal functions that can take
floating-point numbers with different formats and act on them
accordingly, instead, the related files are rebuilt with the
-mabi=ieeelongdouble compiler flag set.
Having -mabi=ieeelongdouble passed to the compiler causes the object
files to be marked with a .gnu_attribute that is incompatible with the
.gnu_attribute in files built with -mabi=ibmlongdouble (the default).
The difference causes error messages similar to the following:
ld: libc_pic.a(s_isinfl.os) uses IBM long double,
libc_pic.a(ieee128-qefgcvt_r.os) uses IEEE long double.
collect2: error: ld returned 1 exit status
make[2]: *** [../Makerules:649: libc_pic.os] Error 1
Although this warning is useful in other situations, the library
actually needs to have functions with different long double formats, so
.gnu_attribute generation is explicitly disabled for these files with
the use of -mno-gnu-attribute.
Tested for powerpc64le on the branch that actually enables the
sysdeps/ieee754/ldbl-128ibm-compat for powerpc64le.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
This patch refactors the *cvt functions implementation in a way that
makes it easier to re-use them for implementing the IEEE long double on
powerpc64le. By removing the macros that generate the function names
(APPEND combined with FUNC_PREFIX), the new code makes it easier to
define new function names, such as __qecvtieee128.
Tested that installed stripped binaries for all build-many-glibcs
targets remain identical before and after this patch. Also tested for
powerpc64le and x86_64.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
This patch refactors the *cvt functions implementation in a way that
makes it easier to re-use them for implementing the IEEE long double on
powerpc64le. By splitting the implementation per se in one file
(efgcvt-template.c) and the alias definitions in others (e.g. efgcvt.c),
the new code makes it easier to define new function names, such as
__qecvtieee128.
Tested that installed stripped binaries for all build-many-glibcs
targets remain identical before and after this patch. Also tested for
powerpc64le and x86_64.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
The generic pselect implementation has the very specific race condition
that motived the creation of the pselect syscall (no atomicity in
signal mask set/reset). Using it as generic implementation is
counterproductive Also currently only microblaze uses it as fallback
when used on kernel prior 3.15.
This patch moves the generic implementation to a microblaze specific
one, sets the generic internal as a ENOSYS, and cleanups the Linux
generic implementation.
The microblaze implementation mimics the previous Linux generic one,
where it either uses pselect6 directly if __ASSUME_PSELECT or a
first try pselect6 then the fallback otherwise.
Checked on x86_64-linux-gnu and microblaze-linux-gnu.
This causes issues when using clang with -frewrite-includes to e.g.,
submit the translation unit to a distributed compiler.
In my case, I was building Firefox using sccache.
See [1] for a reduced test-case since I initially thought this was a
clang bug, and [2] for more context.
Apparently doing this is invalid C++ per [cpp.cond], which mentions [3]:
> The #ifdef and #ifndef directives, and the defined conditional
> inclusion operator, shall treat __has_include and __has_cpp_attribute
> as if they were the names of defined macros. The identifiers
> __has_include and __has_cpp_attribute shall not appear in any context
> not mentioned in this subclause.
[1]: https://bugs.llvm.org/show_bug.cgi?id=43982
[2]: https://bugs.llvm.org/show_bug.cgi?id=37990
[3]: http://eel.is/c++draft/cpp.cond#7.sentence-2
Change-Id: Id4b8ee19176a9e4624b533087ba870c418f27e60
As for gettimeofday, time will be implemented based on clock_gettime
on all platforms and internal code should use clock_gettime
directly. In addition to removing a layer of indirection, this will
allow us to remove the PLT-bypass gunk for gettimeofday.
The changed code always assumes __clock_gettime (CLOCK_REALTIME)
or __clock_gettime (CLOCK_REALTIME_COARSE) (for Linux case) cannot
fail, using the same rationale for gettimeofday change. And internal
helper was added (time_now).
Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, and powerpc-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Historically autofs mounts were not included in mount table
listings. This is the case in other SysV autofs implementations
and was also the case with Linux autofs.
But now that /etc/mtab is a symlink to the proc filesystem
mount table the autofs mount entries appear in the mount table
on Linux.
Prior to the symlinking of /etc/mtab mount table it was
sufficient to call mount(2) and simply not update /etc/mtab
to exclude autofs mounts from mount listings.
Also, with the symlinking of /etc/mtab we have seen a shift in
usage toward using the proc mount tables directly.
But the autofs mount entries need to be retained when coming
from the proc file system for applications that need them
(largely autofs file system users themselves) so filtering out
these entries within the kernel itself can't be done. So it
needs be done in user space.
There are three reasons to omit the autofs mount entries.
One is that certain types of auto-mounts have an autofs mount
for every entry in their autofs mount map and these maps can
be quite large. This leads to mount table listings containing
a lot of unnecessary entries.
Also, this change in behaviour between autofs implementations
can cause problems for applications that use getmntent(3) in
other OS implementations as well as Linux.
Lastly, there's very little that user space can do with autofs
mount entries since this must be left to the autofs mount owner,
typically the automount daemon. But it can also lead to attempts
to access automount managed paths resulting mounts being triggered
when they aren't needed or mounts staying mounted for much longer
thay they need be. While the point of this change ins't to help
with these problems (and it can be quite a problem) it may be
a welcome side effect.
So the Linux autofs file system has been modified to accept a
pseudo mount option of "ignore" (as is used in other OS
implementations) so that user space can use this as a hint to
skip autofs entries on reading the mount table.
The Linux autofs automount daemon used getmntent(3) itself and
has been modified to use the proc file system directly so that
it can "ignore" mount option.
The use of this mount option is opt-in and a configuration
option has been added which defaults to not use this option
so if there are applications that need these entries, other
than autofs itself, they can be retained. Also, since this
filtering is based on an added mount option earlier versions
of Linux autofs iand other autofs file system users will not
use the option and so won't be affected by the change.
Both the buffer and struct mntent are now allocated on the heap.
This results in a slight reduction of RSS usage.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
It doesn't make sense to remove all the internal uses of time.
It's still a standard ISO C function, and its callers don't need
sub-second resolution and would be unnecessarily complicated if
they had to declare a struct timespec instead of just a time_t.
However, a handful of places were using the vestigial "result"
argument instead of the return value, which is slightly less
efficient and also looks strange. Correct this.
* misc/syslog.c (__vsyslog_internal)
* time/getdate.c (__getdate_r)
* time/tst_wcsftime.c (main):
Use return value of time, not its argument.
* string/strfry.c (strfry)
* sysdeps/mach/sleep.c (__sleep):
Remove unnecessary casts of NULL in calls to time.
This is currently ineffective with GCC because of GCC PR 80005, but
it makes sense to anticipate a fix for this defect.
Suggested by Zack Weinberg.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The twalk function is very difficult to use in a multi-threaded
program because there is no way to pass external state to the
iterator function.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This patch adds test cases for the compatibility versions of the
functions: err, errx, verr, verrx, warn, warnx, vwarn, vwarnx (from
err.h), error, and error_at_line (from error.h), when long double has
the same format as double (-mlong-double-64).
Tested for powerpc, powerpc64 and powerpc64le.
On platforms where long double may have the same format as double
(-mlong-double-64), error and error_at_line do not take that into
account and might produce wrong output if a long double conversion is
requested by the format string ('%Lf'). This patch adds compatibility
functions for this situation and redirects calls via header magic.
Tested for powerpc, powerpc64 and powerpc64le.
When support for long double format with 128-bits (-mlong-double-128)
was added for platforms where long double had the same format as double,
such as powerpc, compatibility versions for the functions listed in the
commit title were missed. Since the older format of long double can
still be used (with -mlong-double-64), using these functions with a
format string that requests the printing of long double variables will
produce wrong outputs.
This patch adds the missing compatibility functions and header magic to
redirect calls to them when -mlong-double-64 is in use.
Tested for powerpc, powerpc64 and powerpc64le.
Since the introduction of explicit flags in the internal implementation
of the printf family of functions, the 'mode' parameter can be used to
select which format long double parameters have (with the mode flag:
PRINTF_LDBL_IS_DBL). This patch uses this feature in the implementation
of some functions in argp.h, err.h, and error.h (only those that take a
format string and positional parameters). Future patches will add
support for 'nldbl' and 'ieee128' versions of these functions.
Tested for powerpc64le and x86_64.
This patch adds fall-through comments in some cases where -Wextra
produces implicit-fallthrough warnings.
The patch is non-exhaustive. Apart from architecture-specific code
for non-x86_64 architectures, it does not change sunrpc/xdr.c (legacy
code, probably should have such changes, but left to be dealt with
separately), or places that already had comments about the
fall-through but not matching the form expected by
-Wimplicit-fallthrough=3 (the default level with -Wextra; my
inclination is to adjust those comments to match rather than
downgrading to -Wimplicit-fallthrough=1 to allow any comment), or one
place where I thought the implicit fallthrough was not correct and so
should be handled separately as a bug fix. I think the key thing to
consider in review of this patch is whether the fall-through is indeed
intended and correct in each place where such a comment is added.
Tested for x86_64.
* elf/dl-exception.c (_dl_exception_create_format): Add
fall-through comments.
* elf/ldconfig.c (parse_conf_include): Likewise.
* elf/rtld.c (print_statistics): Likewise.
* locale/programs/charmap.c (parse_charmap): Likewise.
* misc/mntent_r.c (__getmntent_r): Likewise.
* posix/wordexp.c (parse_arith): Likewise.
(parse_backtick): Likewise.
* resolv/ns_ttl.c (ns_parse_ttl): Likewise.
* sysdeps/x86/cpu-features.c (init_cpu_features): Likewise.
* sysdeps/x86_64/dl-machine.h (elf_machine_rela): Likewise.
The test case misc/tst-efgcvt.c only tests the double variants of the
Old-fashioned System V number-to-string functions: ecvt, fcvt, and their
re-entrant counterparts. With a few macros, the code can be reused for
the long double versions of these functions. A future patch will reuse
it again for IEEE long double on powerpc64le.
Tested for powerpc and powerpc64le.
__nldbl___vsyslog_chk will ultimately want to pass PRINTF_LDBL_IS_DBL
down to __vfprintf_internal *as well as* possibly setting PRINTF_FORTIFY.
To make that possible, we need a __vsyslog_internal that takes the
same flags as printf. The code in misc/syslog.c does also get a
little simpler.
Tested for powerpc and powerpc64le.
GCC 9 has gained an enhancement to help detect attribute mismatches
between alias declarations and their targets. It consists of a new
warning, -Wattribute-alias, an enhancement to an existing warning,
-Wmissing-attributes, and a new attribute called copy.
The purpose of the warnings is to help identify either possible bugs
(an alias declared with more restrictive attributes than its target
promises) or optimization or diagnostic opportunities (an alias target
missing some attributes that it could be declared with that might
benefit analysis and code generation). The purpose of the new
attribute is to easily apply (almost) the same set of attributes
to one declaration as those already present on another.
As expected (and intended) the enhancement triggers warnings for
many alias declarations in Glibc code. This change, tested on
x86_64-linux, avoids all instances of the new warnings by making
use of the attribute where appropriate. To fully benefit from
the enhancement Glibc will need to be compiled with
-Wattribute-alias=2 and remaining warnings reviewed and dealt with
(there are a couple of thousand but most should be straightforward
to deal with).
ChangeLog:
* include/libc-symbols.h (__attribute_copy__): Define macro unless
it's already defined.
(_strong_alias): Use __attribute_copy__.
(_weak_alias, __hidden_ver1, __hidden_nolink2): Same.
* misc/sys/cdefs.h (__attribute_copy__): New macro.
* sysdeps/x86_64/multiarch/memchr.c (memchr): Use __attribute_copy__.
* sysdeps/x86_64/multiarch/memcmp.c (memcmp): Same.
* sysdeps/x86_64/multiarch/mempcpy.c (mempcpy): Same.
* sysdeps/x86_64/multiarch/memset.c (memset): Same.
* sysdeps/x86_64/multiarch/stpcpy.c (stpcpy): Same.
* sysdeps/x86_64/multiarch/strcat.c (strcat): Same.
* sysdeps/x86_64/multiarch/strchr.c (strchr): Same.
* sysdeps/x86_64/multiarch/strcmp.c (strcmp): Same.
* sysdeps/x86_64/multiarch/strcpy.c (strcpy): Same.
* sysdeps/x86_64/multiarch/strcspn.c (strcspn): Same.
* sysdeps/x86_64/multiarch/strlen.c (strlen): Same.
* sysdeps/x86_64/multiarch/strncmp.c (strncmp): Same.
* sysdeps/x86_64/multiarch/strncpy.c (strncpy): Same.
* sysdeps/x86_64/multiarch/strnlen.c (strnlen): Same.
* sysdeps/x86_64/multiarch/strpbrk.c (strpbrk): Same.
* sysdeps/x86_64/multiarch/strrchr.c (strrchr): Same.
* sysdeps/x86_64/multiarch/strspn.c (strspn): Same.
The function do_test, in tst-efgcvt.c, increments an error counter for
each error that it finds, then returns it to the test framework.
However, the test framework does not expect an error count as return,
but zero for a passing test, one for a failing test, or 77 for an
unsupported test. Alternatively, the framework provides the function
support_record_failure that records errors, which then allows the test
program to return zero unconditionally.
This patch removes the error counter, replaces each increment of the
counter with a call to support_record_failure, and makes do_test
unconditionally return zero.
Tested for powerpc64le (as-is and with a patched results table to check
that the error reporting actually works).
* misc/tst-efgcvt.c: Include support/check.h and
support/test-driver.c. Do not include test-skeleton.c.
(error_count): Remove.
(output_error): Replace increments to error_count with calls to
support_record_failure.
(output_r_error): Likewise.
(special): Likewise.
(do_test): Unconditionally return zero.
(TEST_FUNCTION): Remove.
The commit
commit 1df872fd74
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed Nov 7 12:42:44 2018 +0100
support: Implement TEST_COMPARE_STRING
added the new macro TEST_COMPARE_STRING, which compares the output of
functions under test against expected strings, and, when there's a
mismatch, automatically reports an error and prints the differences.
This patch adapts recently added test cases to use this new macro.
Tested for powerpc64le (as is, and locally patched to intentionally fail
and produce error output).
* argp/tst-ldbl-argp.c (do_one_test): Use TEST_COMPARE_STRING,
instead of manually comparing and reporting mismatching strings.
* misc/tst-ldbl-error.c (do_one_test): Likewise.
* misc/tst-ldbl-warn.c (do_one_test): Likewise.
Similarly to what has been done for argp_error, and argp_failure, as
well as for warn, warnx, vwarn, and vwarnx, this patch adds new tests
for the following functions: err, errx, verr, verrx, error, and
error_at_line. The new tests check that the conversion of long double
variables into string works correctly on the default format of the type.
Future patches will reuse these tests for other formats that long double
can take.
Tested for powerpc64le.
* misc/Makefile (tests): Add tst-ldbl-error.
* misc/tst-ldbl-error.c: New file.
Similarly to what has been done for argp_error and argp_failure, this
patch patch adds new tests for the warn, warnx, vwarn, and vwarnx
functions. The new tests use the format string to request the
conversion of long double parameters into string. Currently, these
tests only check that the default format of the long double type works.
Future patches will extend the test for platforms that can have an
optional format for long double.
Tested for powerpc64le.
* misc/Makefile (tests): Add tst-ldbl-warn.
* misc/tst-ldbl-warn.c: New file.
Commit 7a16bdbb9f uses IOV_MAX, which is not defined on hurd.
Checked on a build for i686-gnu.
* misc/tst-preadvwritev2-common.c (IOV_MAX): Define if not
defined.
The fallback code of Linux wrapper for preadv2/pwritev2 executes
regardless of the errno code for preadv2, instead of the case where
the syscall is not supported.
This fixes it by calling the fallback code iff errno is ENOSYS. The
patch also adds tests for both invalid file descriptor and invalid
iov_len and vector count.
The only discrepancy between preadv2 and fallback code regarding
error reporting is when an invalid flags are used. The fallback code
bails out earlier with ENOTSUP instead of EINVAL/EBADF when the syscall
is used.
Checked on x86_64-linux-gnu on a 4.4.0 and 4.15.0 kernel.
[BZ #23579]
* misc/tst-preadvwritev2-common.c (do_test_with_invalid_fd): New
test.
* misc/tst-preadvwritev2.c, misc/tst-preadvwritev64v2.c (do_test):
Call do_test_with_invalid_fd.
* sysdeps/unix/sysv/linux/preadv2.c (preadv2): Use fallback code iff
errno is ENOSYS.
* sysdeps/unix/sysv/linux/preadv64v2.c (preadv64v2): Likewise.
* sysdeps/unix/sysv/linux/pwritev2.c (pwritev2): Likewise.
* sysdeps/unix/sysv/linux/pwritev64v2.c (pwritev64v2): Likewise.
Add <bits/indirect-return.h> and include it in <ucontext.h>.
__INDIRECT_RETURN defined in <bits/indirect-return.h> indicates if
swapcontext requires special compiler treatment. The default
__INDIRECT_RETURN is empty.
On x86, when shadow stack is enabled, __INDIRECT_RETURN is defined
with indirect_return attribute, which has been added to GCC 9, to
indicate that swapcontext returns via indirect branch. Otherwise
__INDIRECT_RETURN is defined with returns_twice attribute.
When shadow stack is enabled, remove always_inline attribute from
prepare_test_buffer in string/tst-xbzero-opt.c to avoid:
tst-xbzero-opt.c: In function ‘prepare_test_buffer’:
tst-xbzero-opt.c:105:1: error: function ‘prepare_test_buffer’ can never be inlined because it uses setjmp
prepare_test_buffer (unsigned char *buf)
when indirect_return attribute isn't available.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* bits/indirect-return.h: New file.
* misc/sys/cdefs.h (__glibc_has_attribute): New.
* sysdeps/x86/bits/indirect-return.h: Likewise.
* stdlib/Makefile (headers): Add bits/indirect-return.h.
* stdlib/ucontext.h: Include <bits/indirect-return.h>.
(swapcontext): Add __INDIRECT_RETURN.
* string/tst-xbzero-opt.c (ALWAYS_INLINE): New.
(prepare_test_buffer): Use it.
As for sysctl, ustat has been deprecated in favor of {f}statfs. Also
some newer ports which uses generic interface builds a stub version that
returns ENOSYS.
This patch deprecates ustat interface by removing ustat.h related headers,
adding a compatibility symbol, and avoiding new ports to build and provide
the symbol.
Checked on x86_64-linux-gnu and i686-linux-gnu. Also checked with a
check-abi on all affected ABIs.
* NEWS: Add ustat.h deprecation entry.
* bits/ustat.h: Remove file.
* misc/sys/ustat.h: Likewise.
* misc/ustat.h: Likewise.
* sysdeps/unix/sysv/linux/generic/ustat.c: Likewise.
* misc/Makefile (headers): Remove ustat.h and sys/ustat.h.
* misc/ustat.c (__ustat): Rename to __old_ustat and export only in
compatibility mode.
* sysdeps/unix/sysv/linux/ustat.c (__ustat): Likewise.
* sysdeps/unix/sysv/linux/mips/ustat.c: Define DEV_TO_KDEV and use
generic Linux implementation.
Continuing the fixes for linknamespace and localplt test failures with
-Os that arise from functions not being inlined in that case, this
patch fixes such failures for putc_unlocked and fputc_unlocked.
libc_hidden_* are used for both functions, while namespace issues are
addressed by making putc_unlocked a weak alias of hidden
__putc_unlocked, which is called in the one place where namespace
issues arise (and defined as an inline function in include/stdio.h).
Tested for x86_64 (both without -Os to make sure that case continues
to work, and with -Os to make sure all the relevant linknamespace and
localplt test failures are resolved). This completes fixing the -Os
linknamespace failures (at least for x86_64); localplt failures remain
after this patch.
2018-02-19 Joseph Myers <joseph@codesourcery.com>
[BZ #15105]
[BZ #19463]
* libio/fputc_u.c (fputc_unlocked): Use libc_hidden_def.
* libio/putc_u.c (putc_unlocked): Rename to __putc_unlocked and
define as weak alias of __putc_unlocked. Use libc_hidden_weak.
* include/stdio.h [!_ISOMAC] (fputc_unlocked): Use
libc_hidden_proto.
[!_ISOMAC] (putc_unlocked): Likewise.
[!_ISOMAC] (__putc_unlocked): Declare as hidden function, and
define inline if [__USE_EXTERN_INLINES].
* misc/syslog.c (__vsyslog_chk): Call __putc_unlocked instead of
putc_unlocked.
Continuing the fixes for linknamespace and localplt test failures with
-Os that arise from functions not being inlined in that case, this
patch fixes such failures for getc_unlocked.
__getc_unlocked already exists; this patch makes it explicitly hidden,
calls it where needed for namespace reasons, adds an inline function
for it when inline functions are used and adds libc_hidden_proto /
libc_hidden_weak for getc_unlocked.
Tested for x86_64 (both without -Os to make sure that case continues
to work, and with -Os to make sure all the relevant linknamespace and
localplt test failures are resolved). Because of other such failures
that remain after this patch, neither of the bugs can yet be closed.
[BZ #15105]
[BZ #19463]
* libio/getc_u.c (getc_unlocked): Use libc_hidden_weak.
* include/stdio.h [!_ISOMAC] (__getc_unlocked): Use
attribute_hidden, and define inline if [__USE_EXTERN_INLINES].
[!_ISOMAC] (getc_unlocked): Use libc_hidden_proto.
* misc/getttyent.c (__getttyent): Call __getc_unlocked instead of
getc_unlocked.
* time/tzfile.c (__tzfile_read): Likewise.
This completes the deprecation and removal of this inclusion, which
was begun in the 2.25 release.
* posix/sys/types.h: Don't include sys/sysmacros.h.
* misc/sys/sysmacros.h: Remove the conditional deprecation
warnings for the macros defined by this header.
Building with -Os produces linknamespace and localplt failures for,
among other functions, gnu_dev_major, gnu_dev_minor and
gnu_dev_makedev.
The issue is that those functions are not inlined when building with
-Os. While one could force them to be inlined in that case, it seems
more natural to fix this issue similarly to other namespace issues.
Thus, this patch makes gnu_dev_* into weak aliases for hidden symbols
__gnu_dev_*; __gnu_dev_* are then defined as inlines in the internal
include/sys/sysmacros.h, and uses of gnu_dev_* (often via the macros
major, minor and makedev) for which there are namespace issues are
changed to use __gnu_dev_*; where there are no namespace issues, use
of libc_hidden_proto serves to avoid unnecessary local PLT entry use.
Tested for x86_64, (a) without -Os, to verify the testsuite continues
to pass without problems and that the functions called under their new
names continue to be inlined as expected in that case; (b) with -Os,
to verify that the linknamespace and localplt failures in question go
away (but because of other such failures present, neither of the
relevant bugs can yet be closed).
[BZ #15105]
[BZ #19463]
* include/sys/sysmacros.h [!_ISOMAC]
(__SYSMACROS_NEED_IMPLEMENTATION): Define macro.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC]
(_SYS_SYSMACROS_H_WRAPPER): Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (gnu_dev_major): Use
libc_hidden_proto.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (gnu_dev_minor): Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (gnu_dev_makedev):
Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__SYSMACROS_DECL_TEMPL):
Undefine and redefine to add use __gnu_dev_ prefix.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__SYSMACROS_IMPL_TEMPL):
Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__gnu_dev_major): Declare
and define as hidden inline function.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__gnu_dev_minor):
Likewise.
[!_SYS_SYSMACROS_H_WRAPPER && !_ISOMAC] (__gnu_dev_makedev):
Likewise.
* misc/makedev.c (OUT_OF_LINE_IMPL_TEMPL): Use __gnu_dev_ prefix.
(gnu_dev_major): Use weak_alias and libc_hidden_weak.
(gnu_dev_minor): Likewise.
(gnu_dev_makedev): Likewise.
* csu/check_fds.c (check_one_fd): Use __gnu_dev_makedev instead of
makedev.
* posix/wordexp.c (exec_comm_child): Likewise.
* sysdeps/mach/hurd/xmknodat.c (__xmknodat): Use __gnu_dev_minor
instead of minor and __gnu_dev_major instead of major.
* sysdeps/unix/sysv/linux/device-nrs.h (DEV_TTY_P): Use
__gnu_dev_major instead of major.
* sysdeps/unix/sysv/linux/pathconf.c (distinguish_extX): Use
__gnu_dev_major instead of gnu_dev_major and __gnu_dev_minor
instead of gnu_dev_minor.
* sysdeps/unix/sysv/linux/ptsname.c (MASTER_P): Likewise.
(SLAVE_P): Likewise.
(__ptsname_internal): Use __gnu_dev_minor instead of minor.
* sysdeps/unix/sysv/linux/ttyname.h (is_pty): Use __gnu_dev_major
instead of major.