Commit Graph

97 Commits

Author SHA1 Message Date
Fangrui Song
be9240c84c elf: Remove __libc_init_secure
After 73fc4e28b9,
__libc_enable_secure_decided is always 0 and a statically linked
executable may overwrite __libc_enable_secure without considering
AT_SECURE.

The __libc_enable_secure has been correctly initialized in _dl_aux_init,
so just remove __libc_enable_secure_decided and __libc_init_secure.
This allows us to remove some startup_get*id functions from
22b79ed7f4.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 3e9acce8c5)
2022-05-19 12:13:52 +02:00
Adhemerval Zanella
882d6e17bc posix: Add posix_spawn_file_actions_addclosefrom_np
This patch adds a way to close a range of file descriptors on
posix_spawn as a new file action.  The API is similar to the one
provided by Solaris 11 [1], where the file action causes the all open
file descriptors greater than or equal to input on to be closed when
the new process is spawned.

The function posix_spawn_file_actions_addclosefrom_np is safe to be
implemented by iterating over /proc/self/fd, since the Linux spawni.c
helper process does not use CLONE_FILES, so its has own file descriptor
table and any failure (in /proc operation) aborts the process creation
and returns an error to the caller.

I am aware that this file action might be redundant to the current
approach of POSIX in promoting O_CLOEXEC in more interfaces. However
O_CLOEXEC is still not the default and for some specific usages, the
caller needs to close all possible file descriptors to avoid them
leaking.  Some examples are CPython (discussed in BZ#10353) and OpenJDK
jspawnhelper [2] (where OpenJDK spawns a helper process to exactly
closes all file descriptors).  Most likely any environment which calls
functions that might open file descriptor under the hood and aim to use
posix_spawn might face the same requirement.

Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.

[1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html
[2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-07-08 14:08:15 -03:00
Adhemerval Zanella
607449506f io: Add closefrom [BZ #10353]
The function closes all open file descriptors greater than or equal to
input argument.  Negative values are clamped to 0, i.e, it will close
all file descriptors.

As indicated by the bug report, this is a common symbol provided by
different systems (Solaris, OpenBSD, NetBSD, FreeBSD) and, although
its has inherent issues with not taking in consideration internal libc
file descriptors (such as syslog), this is also a common feature used
in multiple projects [1][2][3][4][5].

The Linux fallback implementation iterates over /proc and close all
file descriptors sequentially.  Although it was raised the questioning
whether getdents on /proc/self/fd might return disjointed entries
when file descriptor are closed; it does not seems the case on my
testing on multiple kernel (v4.18, v5.4, v5.9) and the same strategy
is used on different projects [1][2][3][5].

Also, the interface is set a fail-safe meaning that a failure in the
fallback results in a process abort.

Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.

[1] 5238e95759/src/basic/fd-util.c (L217)
[2] ddf4b77e11/src/lxc/start.c (L236)
[3] 9e4f2f3a6b/Modules/_posixsubprocess.c (L220)
[4] 5f47c0613e/src/libstd/sys/unix/process2.rs (L303-L308)
[5] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-07-08 14:08:14 -03:00
Adhemerval Zanella
9a75654037 posix: Consolidate fork implementation
The Linux nptl implementation is used as base for generic fork
implementation to handle the internal locks and mutexes.  The
system specific bits are moved a new internal _Fork symbol.

(This new implementation will be used to provide a async-signal-safe
_Fork now that POSIX has clarified that fork might not be
async-signal-safe [1]).

For Hurd it means that the __nss_database_fork_prepare_parent and
__nss_database_fork_subprocess will be run in a slight different
order.

[1] https://austingroupbugs.net/view.php?id=62
2021-06-24 10:02:06 -03:00
Florian Weimer
412b05fec9 Add hidden prototypes for fsync, fdatasync
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-22 09:51:14 +02:00
Samuel Thibault
4d4bb451d5 hurd: Add execveat 2021-05-18 09:36:00 +00:00
Érico Nogueira
05ae46ee7a linux: implement ttyname as a wrapper around ttyname_r.
Big win in binary size and avoids duplicating the logic in multiple
places.

On x86_64, dropped from 1883206 to 1881790, a 1416 byte decrease.

Also changed logic to track if ttyname_buf has been allocated by
checking if it's NULL instead of tracking buflen as an additional
variable.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-07 13:56:02 -03:00
Adhemerval Zanella
4c8cb283ec nptl: Remove pwrite from libpthread
The libc version is identical and built with same flags, it is also
uses as the default version.

Checked on x86_64-linux-gnu.
2021-03-26 13:37:18 -03:00
Adhemerval Zanella
dd795c6c24 nptl: Remove pread from libpthread
The libc version is identical and built with same flags, it is also
uses as the default version.

Checked on x86_64-linux-gnu.
2021-03-26 13:37:18 -03:00
Adhemerval Zanella
c5c3588475 nptl: Remove lseek from libpthread
The libc version is identical and built with same flags.  The libc
version is set as the default version.

The libpthread compat symbol requires to mask it when building the
loader object otherwise ld might complain about a missing
versioned symbol (as for alpha).

Checked on x86_64-linux-gnu.
2021-03-26 13:36:17 -03:00
Samuel Thibault
3d3316b1de hurd: keep only required PLTs in ld.so
We need NO_RTLD_HIDDEN because of the need for PLT calls in ld.so.
See Roland's comment in
https://sourceware.org/bugzilla/show_bug.cgi?id=15605
"in the Hurd it's crucial that calls like __mmap be the libc ones
instead of the rtld-local ones after the bootstrap phase, when the
dynamic linker is being used for dlopen and the like."

We used to just avoid all hidden use in the rtld ; this commit switches to
keeping only those that should use PLT calls, i.e. essentially those defined in
sysdeps/mach/hurd/dl-sysdep.c:

__assert_fail
__assert_perror_fail
__*stat64
_exit

This fixes a few startup issues, notably the call to __tunable_get_val that is
made before PLTs are set up.
2020-11-11 02:36:22 +01:00
Samuel Thibault
dd67928700 hurd: Fix ld.so __access override from libc
ld.so symbols to be overriden by libc need to be extern to really get
overriden. __access happens to have never been exposed, putting it to
GLIBC_PRIVATE.
2019-12-01 21:05:56 +00:00
Samuel Thibault
db25266c92 hurd: Fix ld.so __getcwd override from libc
ld.so symbols to be overriden by libc need to be extern to really get
overriden. __getcwd happens to have never been exposed, putting it to
GLIBC_PRIVATE.
2019-12-01 21:05:51 +00:00
Samuel Thibault
45f33aac78 hurd: Fix linknamespace of spawni
* include/unistd.h (__confstr): Add prototype and hidden prototype.
	* posix/confstr.c (confstr): Rename to __confstr.
	(__confstr): Add hidden def.
	(confstr): Add weak alias for __confstr.
	* sysdeps/mach/hurd/spawni.c (__spawni): Call __confstr instead of
	confstr.
2018-12-07 20:21:45 +01:00
Adhemerval Zanella
283d985122 posix: Fix posix_spawnp to not execute invalid binaries in non compat mode (BZ#23264)
Current posix_spawnp implementation wrongly tries to execute invalid
binaries (for instance script without shebang) as a shell script in
non compat mode.  It was a regression introduced by
9ff72da471 when __spawni started to use
__execvpe instead of __execve (glibc __execvpe try to execute ENOEXEC
as shell script regardless).

This patch fixes it by using an internal symbol (__execvpex) with the
faulty semantic (since compat mode is handled by spawni.c itself).

It was reported by Daniel Drake on libc-help [1].

Checked on x86_64-linux-gnu and i686-linux-gnu.

	[BZ #23264]
	* include/unistd.h (__execvpex): New prototype.
	* posix/Makefile (tests): Add tst-spawn4.
	(tests-internal): Add tst-spawn4-compat.
	* posix/execvpe.c (__execvpe_common, __execvpex): New functions.
	* posix/tst-spawn4-compat.c: New file.
	* posix/tst-spawn4.c: Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni): Do not interpret invalid
	binaries as shell scripts.
	* sysdeps/posix/spawni.c (__spawni): Likewise.

[1] https://sourceware.org/ml/libc-help/2018-06/msg00012.html
2018-06-08 17:27:46 -03:00
Samuel Thibault
09085ede12 hurd: Implement faccessat without AT_EACCESS flag
* hurd/hurd/fd.h: Include <fcntl.h>
(__hurd_at_flags): New function.
* hurd/lookup-at.c (__file_name_lookup_at): Replace flag computation
with call to __hurd_at_flags.
* include/unistd.h (__faccessat, __faccessat_noerrno): Add declaration.
* sysdeps/mach/hurd/access.c (access_common): Move implementation to
__faccessat
(hurd_fail_seterrno, hurd_fail_noerrno): Move to sysdeps/mach/hurd/faccessat.c.
(__access_noerrno): Use __faccessat_common instead of access_common.
(__access): Likewise.
* sysdeps/mach/hurd/euidaccess.c (__euidaccess): Replace implementation
with a call to __faccessat.
* sysdeps/mach/hurd/faccessat.c (faccessat): Rename into...
(__faccessat_common): ... this. Move implementation of __access into it when
AT_FLAGS does not contain AT_EACCESS. Make it call __hurd_at_flags, add
reauthenticate_cwdir_at helper to implement AT mechanism.
(__faccessat_noerrno): New function, just calls __faccessat_common.
(__faccessat): New function, just calls __faccessat_common.
(faccessat): Define weak alias.
2018-01-10 02:03:28 +01:00
H.J. Lu
7ec4b39ac4 Mark internal unistd functions with attribute_hidden [BZ #18822]
Mark internal unistd functions with attribute_hidden to allow direct
access to them within libc.so and libc.a without using GOT nor PLT.

	[BZ #18822]
	* include/unistd.h (__access): Add attribute_hidden.
	(__lseek64): Likewise.
	(__libc_pread64): Likewise.
	(__pipe2): Likewise.
	(__sleep): Likewise.
	(__chdir): Likewise.
	(__fchdir): Likewise.
	(__getcwd): Likewise.
	(__rmdir): Likewise.
	(__execvpe): Likewise.
	(__execve): Likewise.
	(__setsid): Likewise.
	(__getuid): Likewise.
	(__geteuid): Likewise.
	(__getgid): Likewise.
	(__getegid): Likewise.
	(__getgroups): Likewise.
	(__group_member): Likewise.
	(__ttyname_r): Likewise.
	(__isatty): Likewise.
	(__readlink): Likewise.
	(__unlink): Likewise.
	(__gethostname): Likewise.
	(__profil): Likewise.
	(__getdtablesize): Likewise.
	(__brk): Likewise.
	(__ftruncate): Likewise.
	(__ftruncate64): Likewise.
2017-10-01 15:12:04 -07:00
Samuel Thibault
52a1f1814e hurd: Fix revoke' symbol exposition from unlockpt'
`revoke' is MISC only, it should not be exposed along `unlockpt' which is
XOPEN.

	* include/unistd.h (__revoke): New declaration.
	* misc/revoke.c (revoke): Rename to __revoke, and redefine as weak
	alias.
	* sysdeps/mach/hurd/revoke.c (revoke): Likewise.
	* sysdeps/unix/bsd/unlockpt.c (unlockpt): Use __revoke instead of
	revoke.
2017-09-28 00:49:05 +02:00
Adhemerval Zanella
08d6eb46ca Consolidate non cancellable pause call
This patch consolidates all the non cancellable pause calls to use
the __pause_nocancel identifier.  For non cancellable targets it will
be just a macro to call the default respective symbol while on Linux
will be a internal one.

Checked on x86_64-linux-gnu, x86_64-linux-gnu-x32, and i686-linux-gnu.

	* nptl/pthread_mutex_lock.c (__pthread_mutex_lock_full): Replace
	pause_not_cancel with __pause_nocancel.
	* sysdeps/generic/not-cancel.h (pause_not_cancel): Remove macro.
	(__pause_nocancel): New macro.
	* sysdeps/unix/sysv/linux/not-cancel.h (pause_not_cancel): Remove
	macro.
	(__pause_nocancel): New prototype.
	* sysdeps/unix/sysv/linux/pause.c (__pause_nocancel): New function.
2017-08-22 14:25:03 -03:00
Adhemerval Zanella
95a7339258 tunables: Use direct syscall for access (BZ#21744)
The function maybe_enable_malloc_check, which is called by
__tunables_init, calls __access_noerrno.  It isn't problem when
symbol is is in ld.so, which has a special version of __access_noerrno
without stack protector.  But when glibc is built with stack protector,
maybe_enable_malloc_check in libc.a can't call the regular version of
__access_noerrno with stack protector.

This patch changes how Linux defines the __access_noerrno to be an
inline call instead and thus preventing defining different build
rules for ld/static and shared.

	H.J. Lu  <hongjiu.lu@intel.com>
	Adhemerval Zanella  <adhemerval.zanella@linaro.org>

	[BZ #21744]
	* elf/dl-tunables.c: Include not-errno.h header.
	* include/unistd.h (__access_noerrno): Remove definition.
	* sysdeps/unix/sysv/linux/access.c (__access_noerrno): Likewise.
	* sysdeps/generic/not-errno.h: New file.
	* sysdeps/unix/sysv/linux/not-errno.h: Likewise.
2017-07-24 11:21:07 -03:00
Zack Weinberg
7c3018f9e4 Suppress internal declarations for most of the testsuite.
This patch adds a new build module called 'testsuite'.
IS_IN (testsuite) implies _ISOMAC, as do IS_IN_build and __cplusplus
(which means several ad-hoc tests for __cplusplus can go away).
libc-symbols.h now suppresses almost all of *itself* when _ISOMAC is
defined; in particular, _ISOMAC mode does not get config.h
automatically anymore.

There are still quite a few tests that need to see internal gunk of
one variety or another.  For them, we now have 'tests-internal' and
'test-internal-extras'; files in this category will still be compiled
with MODULE_NAME=nonlib, and everything proceeds as it always has.
The bulk of this patch is moving tests from 'tests' to
'tests-internal'.  There is also 'tests-static-internal', which has
the same effect on files in 'tests-static', and 'modules-names-tests',
which has the *inverse* effect on files in 'modules-names' (it's
inverted because most of the things in modules-names are *not* tests).
For both of these, the file must appear in *both* the new variable and
the old one.

There is also now a special case for when libc-symbols.h is included
without MODULE_NAME being defined at all.  (This happens during the
creation of libc-modules.h, and also when preprocessing Versions
files.)  When this happens, IS_IN is set to be always false and
_ISOMAC is *not* defined, which was the status quo, but now it's
explicit.

The remaining changes to C source files in this patch seemed likely to
cause problems in the absence of the main change.  They should be
relatively self-explanatory.  In a few cases I duplicated a definition
from an internal header rather than move the test to tests-internal;
this was a judgement call each time and I'm happy to change those
however reviewers feel is more appropriate.

	* Makerules: New subdir configuration variables 'tests-internal'
	and 'test-internal-extras'.  Test files in these categories will
	still be compiled with MODULE_NAME=nonlib.  Test files in the
	existing categories (tests, xtests, test-srcs, test-extras) are
	now compiled with MODULE_NAME=testsuite.
	New subdir configuration variable 'modules-names-tests'.  Files
	which are in both 'modules-names' and 'modules-names-tests' will
	be compiled with MODULE_NAME=testsuite instead of
	MODULE_NAME=extramodules.
	(gen-as-const-headers): Move to tests-internal.
	(do-tests-clean, common-mostlyclean): Support tests-internal.
	* Makeconfig (built-modules): Add testsuite.
	* Makefile: Change libof-check-installed-headers-c and
	libof-check-installed-headers-cxx to 'testsuite'.
	* Rules: Likewise.  Support tests-internal.
	* benchtests/strcoll-inputs/filelist#en_US.UTF-8:
	Remove extra-modules.mk.

	* config.h.in: Don't check for __OPTIMIZE__ or __FAST_MATH__ here.
	* include/libc-symbols.h: Move definitions of _GNU_SOURCE,
	PASTE_NAME, PASTE_NAME1, IN_MODULE, IS_IN, and IS_IN_LIB to the
	very top of the file and rationalize their order.
	If MODULE_NAME is not defined at all, define IS_IN to always be
	false, and don't define _ISOMAC.
	If any of IS_IN (testsuite), IS_IN_build, or __cplusplus are
	true, define _ISOMAC and suppress everything else in this file,
	starting with the inclusion of config.h.
	Do check for inappropriate definitions of __OPTIMIZE__ and
	__FAST_MATH__ here, but only if _ISOMAC is not defined.
        Correct some out-of-date commentary.

	* include/math.h: If _ISOMAC is defined, undefine NO_LONG_DOUBLE
	and _Mlong_double_ before including math.h.
	* include/string.h: If _ISOMAC is defined, don't expose
	_STRING_ARCH_unaligned. Move a comment to a more appropriate
	location.

	* include/errno.h, include/stdio.h, include/stdlib.h, include/string.h
	* include/time.h, include/unistd.h, include/wchar.h: No need to
	check __cplusplus nor use __BEGIN_DECLS/__END_DECLS.

	* misc/sys/cdefs.h (__NTHNL): New macro.
	* sysdeps/m68k/m680x0/fpu/bits/mathinline.h
	(__m81_defun): Use __NTHNL to avoid errors with GCC 6.

	* elf/tst-env-setuid-tunables.c: Include config.h with _LIBC
	defined, for HAVE_TUNABLES.
	* inet/tst-checks-posix.c: No need to define _ISOMAC.
	* intl/tst-gettext2.c: Provide own definition of N_.
	* math/test-signgam-finite-c99.c: No need to define _ISOMAC.
	* math/test-signgam-main.c: No need to define _ISOMAC.
	* stdlib/tst-strtod.c: Convert to test-driver. Split locale_test to...
	* stdlib/tst-strtod1i.c: ...this new file.
	* stdlib/tst-strtod5.c: Convert to test-driver and add copyright notice.
        Split tests of __strtod_internal to...
	* stdlib/tst-strtod5i.c: ...this new file.
	* string/test-string.h: Include stdint.h. Duplicate definition of
	inhibit_loop_to_libcall here (from libc-symbols.h).
	* string/test-strstr.c: Provide dummy definition of
	libc_hidden_builtin_def when including strstr.c.
	* sysdeps/ia64/fpu/libm-symbols.h: Suppress entire file in _ISOMAC
	mode; no need to test __STRICT_ANSI__ nor __cplusplus as well.
	* sysdeps/x86_64/fpu/math-tests-arch.h: Include cpu-features.h.
	Don't include init-arch.h.
	* sysdeps/x86_64/multiarch/test-multiarch.h: Include cpu-features.h.
	Don't include init-arch.h.

	* elf/Makefile: Move tst-ptrguard1-static, tst-stackguard1-static,
	tst-tls1-static, tst-tls2-static, tst-tls3-static, loadtest,
	unload, unload2, circleload1, neededtest, neededtest2,
	neededtest3, neededtest4, tst-tls1, tst-tls2, tst-tls3,
	tst-tls6, tst-tls7, tst-tls8, tst-dlmopen2, tst-ptrguard1,
	tst-stackguard1, tst-_dl_addr_inside_object, and all of the
	ifunc tests to tests-internal.
	Don't add $(modules-names) to test-extras.
	* inet/Makefile: Move tst-inet6_scopeid_pton to tests-internal.
	Add tst-deadline to tests-static-internal.
	* malloc/Makefile: Move tst-mallocstate and tst-scratch_buffer to
	tests-internal.
	* misc/Makefile: Move tst-atomic and tst-atomic-long to tests-internal.
	* nptl/Makefile: Move tst-typesizes, tst-rwlock19, tst-sem11,
	tst-sem12, tst-sem13, tst-barrier5, tst-signal7, tst-tls3,
	tst-tls3-malloc, tst-tls5, tst-stackguard1, tst-sem11-static,
	tst-sem12-static, and tst-stackguard1-static to tests-internal.
        Link tests-internal with libpthread also.
	Don't add $(modules-names) to test-extras.
	* nss/Makefile: Move tst-field to tests-internal.
	* posix/Makefile: Move bug-regex5, bug-regex20, bug-regex33,
	tst-rfc3484, tst-rfc3484-2, and tst-rfc3484-3 to tests-internal.
	* stdlib/Makefile: Move tst-strtod1i, tst-strtod3, tst-strtod4,
	tst-strtod5i, tst-tls-atexit, and tst-tls-atexit-nodelete to
	tests-internal.
        * sunrpc/Makefile: Move tst-svc_register to tests-internal.
	* sysdeps/powerpc/Makefile: Move test-get_hwcap and
	test-get_hwcap-static to tests-internal.
	* sysdeps/unix/sysv/linux/Makefile: Move tst-setgetname to
	tests-internal.
	* sysdeps/x86_64/fpu/Makefile: Add all libmvec test modules to
	modules-names-tests.
2017-05-11 19:27:59 -04:00
Adhemerval Zanella
dfaaee33ba Consolidate Linux write syscall
This patch consolidates the write Linux syscall implementation on
sysdeps/unix/sysv/linux/write.c.

Checked on i686-linux-gnu, x86_64-linux-gnu, x86_64-linux-gnux32,
arch64-linux-gnu, arm-linux-gnueabihf, and powerpc64le-linux-gnu.

	* include/unistd.h (write): Add hidden proto.
	* io/Makefile (CFLAGS-write.c): New rule.
	* nptl/Makefile (CFLAGS-write.c): Likewise.
	* sysdeps/unix/sysv/linux/write.c: New file.
2017-05-11 17:27:30 -03:00
Adhemerval Zanella
f6a191a6ee Consolidate Linux read syscall
This patch consolidates the read Linux syscall implementation on
sysdeps/unix/sysv/linux/read.c.  This leads to a different frame
pointer creation on some architectures:

  * It fixes BZ#21428 on aarch64, since now the returned address
    for the read syscall can be correctly found out by
    backtrace_symbols.

  * It makes tst-backtrace{5,6} fails on powerpc due an issue on
    its custom backtrace implementation.  It is fixed on subsequent
    patch from this set.

Checked on i686-linux-gnu, x86_64-linux-gnu, x86_64-linux-gnux32,
arch64-linux-gnu, arm-linux-gnueabihf, and powerpc64le-linux-gnu.

	[BZ #21428]
	* include/unistd.h (read): Add hidden proto.
	* io/Makefile (CFLAGS-read.c): New rule.
	* nptl/Makefile (CFLAGS-read.c): New rule.
	* sysdeps/unix/sysv/linux/read.c: New file.
2017-05-11 17:27:30 -03:00
Adhemerval Zanella
827b823783 posix: Fix internal p{read,write} plt usage
This patch adds internal alias for __pread, __pread64, and __pwrite
following the already in place one for __pwrite64.  This is not used
in any implementation but on microblaze on preadv/pwritev fallback
(since it does not define __ASSUME_PREADV).

In fact it was signaled by commit c35db50ff5 which update the expected
localptl.data for the architecture based on resulted value.  This patch
updates the plt for microblaze now that p{read,write}{64} are correctly
routed to use internal alias.

Checked on x86_64-linux-gnu and a build for all supported architectures
(no all variants although).

	* include/unistd.h (__pread): Add libc_hidden_proto.
	(__pread64): Likewise.
	(__pwrite): Likewise.
	* sysdeps/unix/sysv/linux/microblaze/localplt.data [libc.so]
	(__pread64): Remove.
	* sysdeps/unix/sysv/linux/pread.c (__pread64): Add libc_hidden_weak.
	* sysdeps/unix/sysv/linux/pread64.c (__pread64): Likewise.
	* sysdeps/unix/sysv/linux/pwrite.c (__pwrite): Likewise.
2017-05-02 14:57:40 -03:00
Florian Weimer
b48061e1a5 Assume that dup3 is available 2017-04-18 14:42:19 +02:00
Florian Weimer
46d8874d5b Assume that pipe2 is always available
The Debian patches for Hurd (which are already required to build
glibc before this commit) contain an implementation of pipe2.
2017-04-18 14:09:01 +02:00
Adhemerval Zanella
e92bd6e362 Fix hurd __access_noerrno implementation.
This patch fixes some hurd bits from commit afcf3cd8eb that added the
__access_noerrno internal symbol.  It basically removes the nonrequired
__hurd_fail_noerrno (since the 'err' argument is ignored) and fixes
a typo for EACCES.

However, as stated on maillist [1] this __access_noerrno may still be
unsafe to run during initialization of tunables on the Hurd.  The
access_common calls __hurd_file_name_lookup, which calls
__hurd_file_name_lookup_retry, which can set errno.

[1] https://sourceware.org/ml/libc-alpha/2016-11/msg00646.html
2016-11-18 16:49:08 -02:00
Adhemerval Zanella
afcf3cd8eb New internal function __access_noerrno
Implement an internal version of __access called __access_noerrno that
avoids setting errno.  This is useful to check accessibility of files
very early on in process startup i.e. before TLS setup.  This allows
tunables to replace MALLOC_CHECK_ safely (i.e. check existence of
/etc/suid-debug to enable/disable MALLOC_CHECK) and at the same time
initialize very early so that it can override IFUNCs.

Checked on x86_64.

	* hurd/hurd.h (__hurd_fail_noerrno): New function.
	* include/unistd.h [IS_IN (rtld) || !defined SHARED]: Declare
	__access_noerrno.
	* io/access.c (__access_noerrno): New function.
	* sysdeps/mach/hurd/access.c (hurd_fail_seterrno): New function.
	(hurd_fail_seterrno): Likewise.
	(access_common): Likewise.
	(__access_noerrno): Likewise.
	* sysdeps/nacl/access.c (__access_noerrno): Likewise.
	* sysdeps/unix/sysv/linux/access.c (__access_noerrno): Likewise.
	* sysdeps/nacl/nacl-interfaces.h (NACL_CALL_NOERRNO): New
	macro.
2016-11-16 15:53:58 -02:00
Adhemerval Zanella
9ff72da471 posix: New Linux posix_spawn{p} implementation
This patch implements a new posix_spawn{p} implementation for Linux.  The main
difference is it uses the clone syscall directly with CLONE_VM and CLONE_VFORK
flags and a direct allocated stack.  The new stack and start function solves
most the vfork limitation (possible parent clobber due stack spilling).  The
remaning issue are related to signal handling:

  1. That no signal handlers must run in child context, to avoid corrupt
     parent's state.
  2. Child must synchronize with parent to enforce stack deallocation and
     to possible return execv issues.

The first one is solved by blocking all signals in child, even NPTL-internal
ones (SIGCANCEL and SIGSETXID).  The second issue is done by a stack allocation
in parent and a synchronization with using a pipe or waitpid (in case or error).
The pipe has the advantage of allowing the child signal an exec error (checked
with new tst-spawn2 test).

There is an inherent race condition in pipe2 usage for architectures that do not
support the syscall directly.  In such cases the a pipe plus fctnl is used
instead and it may lead to file descriptor leak in parent (as decribed by fcntl
documentation).

The child process stack is allocate with a mmap with MAP_STACK flag using
default architecture stack size.  Although it is slower than use a stack buffer
from parent, it allows some slack for the compatibility code to run scripts
with no shebang (which may use a buffer with size depending of argument list
count).

Performance should be similar to the vfork default posix implementation and
way faster than fork path (vfork on mostly linux ports are basically
clone with CLONE_VM plus CLONE_VFORK).  The only difference is the syscalls
required for the stack allocation/deallocation.

It fixes BZ#10354, BZ#14750, and BZ#18433.

Tested on i386, x86_64, powerpc64le, and aarch64.

	[BZ #14750]
	[BZ #10354]
	[BZ #18433]
	* include/sched.h (__clone): Add hidden prototype.
	(__clone2): Likewise.
	* include/unistd.h (__dup): Likewise.
	* posix/Makefile (tests): Add tst-spawn2.
	* posix/tst-spawn2.c: New file.
	* sysdeps/posix/dup.c (__dup): Add hidden definition.
	* sysdeps/unix/sysv/linux/aarch64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/alpha/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/hppa/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/i386/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/ia64/clone2.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/m68k/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/microblaze/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/mips/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/nios2/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/clone.S (__clone):
	Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S (__clone):
	Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/sh/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc32/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/tile/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/x86_64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/nptl-signals.h
	(____nptl_is_internal_signal): New function.
	* sysdeps/unix/sysv/linux/spawni.c: New file.
2016-03-07 11:53:47 +07:00
H.J. Lu
730bbab2c3 Mark internal unistd functions hidden in ld.so
Since internal unistd functions are only used internally in ld.so and
libc.so, they can be made hidden.  __close, __getcwd, __getpid,
__libc_read and __libc_write can't be hidden in ld.so on Hurd since they
will be preempted by the ones in libc.so after bootstrap.

	[BZ #19122]
	* include/unistd.h [IS_IN (rtld)]: Include <dl-unistd.h>.
	* sysdeps/generic/dl-unistd.h: New file.
	* sysdeps/mach/hurd/dl-unistd.h: Likewise.
2016-01-06 12:54:10 -08:00
Florian Weimer
52fb79d6cd Assume that SOCK_CLOEXEC is available and works
This fixes (harmless) data races when accessing the various
__have_sock_cloexec variables.
2015-10-17 12:02:37 +02:00
Roland McGrath
af85d409a2 PLT avoidance for _exit in rtld. 2015-07-09 15:25:47 -07:00
Joseph Myers
5371d99e87 Fix getlogin_r namespace (bug 18527).
Various functions in XPG4 bring in references to getlogin_r, which is
not in XPG4; this is also a bug for some older POSIX versions which
aren't yet covered by the linknamespace tests.  This patch fixes this
by making getlogin_r into a weak alias for __getlogin_r and using
__getlogin_r as needed.

Tested for x86_64 and x86 (testsuite, and that disassembly of
installed stripped shared libraries is unchanged by the patch).

	[BZ #18527]
	* login/getlogin_r.c (getlogin_r): Rename to __getlogin_r and
	define as weak alias of __getlogin_r.  Use libc_hidden_weak.
	* sysdeps/mach/hurd/getlogin_r.c (getlogin_r): Likewise.
	* sysdeps/unix/getlogin_r.c (getlogin_r): Likewise.
	* sysdeps/unix/sysv/linux/getlogin_r.c (getlogin_r): Likewise.
	* include/unistd.h (__getlogin_r): Declare.  Use
	libc_hidden_proto.
	* posix/glob.c (glob): Call __getlogin_r instead of getlogin_r.
	* conform/Makefile (test-xfail-XPG3/glob.h/linknamespace): Remove
	variable.
	(test-xfail-XPG3/wordexp.h/linknamespace): Likewise.
	(test-xfail-XPG4/glob.h/linknamespace): Likewise.
	(test-xfail-XPG4/wordexp.h/linknamespace): Likewise.
2015-06-12 20:02:30 +00:00
Joseph Myers
6bc6bd3b10 Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132).
Continuing the removal of the obsolete INTDEF / INTVARDEF / INTUSE
mechanism, this patch replaces its use for __libc_enable_secure with
the use of rtld_hidden_data_def and rtld_hidden_proto.

Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch.

	[BZ #14132]
	* elf/dl-sysdep.c (__libc_enable_secure): Use rtld_hidden_data_def
	instead of INTVARDEF.
	(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
	* sysdeps/mach/hurd/dl-sysdep.c (__libc_enable_secure): Use
	rtld_hidden_data_def instead of INTVARDEF.
	(_dl_sysdep_start): Do not use INTUSE with __libc_enable_secure.
	* elf/dl-deps.c (expand_dst): Likewise.
	* elf/dl-load.c (_dl_dst_count): Likewise.
	(_dl_dst_substitute): Likewise.
	(decompose_rpath): Likewise.
	(_dl_init_paths): Likewise.
	(open_path): Likewise.
	(_dl_map_object): Likewise.
	* elf/rtld.c (dl_main): Likewise.
	(process_dl_audit): Likewise.
	(process_envvars): Likewise.
	* include/unistd.h [IS_IN_rtld] (__libc_enable_secure_internal):
	Remove declaration.
	(__libc_enable_secure): Use rtld_hidden_proto.
2014-10-10 11:13:11 +00:00
Roland McGrath
e0db65176f Clean up __exit_thread. 2014-05-13 09:49:20 -07:00
Mike Frysinger
493387d21f add attribute_hidden to __have_{sock_cloexec,pipe2,dup3
These internal knobs are not exposed as part of the public ABI, so mark
them hidden to avoid generating relocations against them.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2012-08-18 01:54:12 -04:00
Mike Frysinger
a277af22ea split assume pipe2/dup3/sock_cloexec knobs
We can't assume sock_cloexec and pipe2 are bound together as the former
defines are found in glibc only while the latter are a combo of kernel
headers and glibc.  So if we do a runtime detection of SOCK_CLOEXEC, but
pipe2() is a stub inside of glibc, we hit a problem.  For example:

main()
{
	getgrnam("portage");
	if (!popen("ls", "r"))
		perror("popen()");
}

getgrnam() will detect that the kernel supports SOCK_CLOEXEC and then set
both __have_sock_cloexec and __have_pipe2 to true.  But if glibc was built
against older kernel headers where __NR_pipe2 does not exist, glibc will
have a ENOSYS stub for it.  So popen() will always fail as glibc assumes
pipe2() works.

While this isn't too much of an issue for some arches as they added the
functionality to the kernel at the same time, not all arches are that
lucky.

Since the code already has dedicated names for each feature, delete the
defines wiring these three features together and make each one a proper
dedicated knob.

We've been carrying this in Gentoo since glibc-2.9.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2012-08-18 00:35:47 -04:00
Roland McGrath
bea9b19322 Fix lots of bitrot for stub configurations. 2012-07-30 16:34:33 -07:00
Thomas Schwinge
5aa3a74a59 Hurd: dup3 2012-05-10 15:57:23 -07:00
Ulrich Drepper
3134156779 First steps to get conformtest fully working 2012-02-25 23:18:39 -05:00
Ulrich Drepper
a784e50247 Remove pre-ISO C support
No more __const.
2012-01-07 23:57:22 -05:00
Roland McGrath
95b7042bac Fix __readlink declaration. 2011-11-11 10:04:54 -08:00
Ulrich Drepper
94b7cc3711 Fix a few problems in fopen and freopen
fopen should set the FD_CLOEXEC flag if requested evenif the kernel does
not support an aotmic operation.

freopen should reuse the file descriptor for the stream.  This is
especially important for calls to change the standard streams (stin,
stdout, stderr).
2011-05-15 15:28:46 -04:00
Ulrich Drepper
c8727fa6e5 Fix Linux getlogin{_r,} implementation
The old implementation uses fd 0 to determine the login TTY.  This
was needed because using /dev/tty it is not possible to deduce the
login TTY.  For some time now there is the pseudo-file
/proc/self/loginuid which directly helps us to find the user.  Prefer
using this file.  It also works if stdin is closed, redirected, or
re-opened.
2010-03-24 17:02:57 -07:00
Duncan Simpson
30a2dfd518 Make include/unistd.h suitable for C++ test cases. 2009-07-23 12:39:17 -07:00
Ulrich Drepper
8275067de1 Add missing __execvpe prototype.
Avoids warnings.
2009-06-02 07:11:51 -07:00
Ulrich Drepper
d6e0c2a67d * sysdeps/unix/sysv/linux/syscalls.list: Add __pipe2 alias.
* io/pipe2.c: Likewise.
	* sysdeps/unix/sysv/linux/kernel-features.h: Define __ASSUME_PIPE2
	instead of __ASSUME_PACCEPT.
	* include/unistd.h: Declare __have_pipe2.
	* libio/iopopen.c: Implement "e" flag.
	* libio/Makefile (tests): Add tst-popen1.
	* libio/tst-popen1.c: New file.
2008-07-27 18:26:13 +00:00
Roland McGrath
b32e6700d0 2006-07-30 Roland McGrath <roland@redhat.com>
* include/unistd.h (__pause_nocancel): Add attribute_hidden.
	* include/time.h (__nanosleep_nocancel): Likewise.
2006-07-31 05:57:52 +00:00
Ulrich Drepper
d5ba53f907 * sysdeps/unix/sysv/linux/kernel-features.h: Define
__ASSUME_FUTEX_LOCK_PI.
	* include/time.h: Declare __nanosleep_nocancel.
	* include/unistd.h: Declare __pause_nocancel.
2006-07-29 05:07:43 +00:00
Ulrich Drepper
a346370d58 * posix/bits/unistd.h (__readlinkat_chk): New prototype.
(__readlinkat_alias): New alias.
	(readlinkat): New inline function.
	* include/unistd.h (readlinkat): Add libc_hidden_proto.
	* sysdeps/unix/sysv/linux/readlinkat.c (readlinkat): Add
	libc_hidden_def.
	* io/readlinkat.c (readlinkat): Likewise.
	* debug/readlinkat_chk.c: New file.
	* debug/Makefile (routines): Add readlinkat_chk.
	* debug/Versions (libc): Export __readlinkat_chk@@GLIBC_2.5.
	* debug/tst-chk1.c (do_test): Add readlinkat tests.

	* nis/nss_nisplus/nisplus-netgrp.c: Cleanups.
	code is possible.  Move compatibility code in .text.compat section.
	over gaih array.  There is only one function to call in the moment.
2006-04-24 17:01:40 +00:00