There were two copies of the bulk of the code to handle long options.
Now there is only one. (Yes, this is in aid of merging from gnulib.)
The change to bug-getopt4.c clarifies the error messages when the test
fails.
* posix/getopt.c (process_long_option): New function split out
from _getopt_internal_r.
(_getopt_internal_r): Replace both copies of the long-option
processing code with calls to process_long_option.
* posix/bug-getopt4.c (one_test): Print argv[0] in error messages.
(do_test): Differentiate argv[0] in the two subtests.
_getopt_data.__posixly_correct is completely redundant to
_getopt_data.__ordering, and some work that logically belongs in
_getopt_initialize was being done by _getopt_internal_r, making the
code harder to understand.
As a side effect, getenv will no longer be called if the first
character of the options string is '+' or '-', which is probably a
Good Thing. (Perhaps we should have a flag character that
specifically asks for the permutation behavior?)
* posix/getopt_int.h (_getopt_data): Remove __posixly_correct field.
* posix/getopt.c (_getopt_internal_r): Move some initialization code...
(_getopt_initialize): ...here. Don't set d->__posixly_correct.
For standards compliance, getopt, getopt_long, and getopt_long_only in
glibc have to take 'char *const *argv' even though they can mutate the
array. gnulib has tried to clean this up as much as possible: all the
internal functions use 'char **argv', and when used standalone, so do
getopt_long and getopt_long_only.
Also brought over are __nonnull annotations, corrections to documentation,
and apparently it is no longer necessary to worry about conflicting
prototypes for getopt. The macroification of the definitions of
getopt and __posix_getopt goes beyond what is currently in gnulib.
At this point getopt1.c and getopt_int.h are identical to their gnulib
versions.
* posix/getopt.h: Add backup definition of __nonnull for
consistency with gnulib. Define __getopt_argv_const to const
if not already defined.
(getopt): Update doc comment from gnulib. Prototype
unconditionally. Add __nonnull annotation.
(__posix_getopt): Add __nonnull annotation.
(getopt_long, getopt_long_only): Use __getopt_argv_const in
prototypes for consistency with gnulib. Add __nonnull
annotations.
* posix/getopt.c (_getopt_initialize, _getopt_internal_r)
(getopt_internal): Change 'argv' argument to type 'char **'.
Remove now-unnecessary casts.
(getopt, __posix_getopt): Eliminate repetition with a macro.
Cast 'argv' to 'char **' when calling _getopt_internal.
* posix/getopt1.c (getopt_long, getopt_long_only):
Use __getopt_argv_const for consistency with gnulib.
Cast 'argv' to 'char **' when calling _getopt_internal.
(_getopt_long_r, _getopt_long_only_r):
Change 'argv' argument to type 'char **'.
(main): Constify 'long_options'.
* posix/getopt_int.h (getopt_internal, _getopt_internal_r)
(_getopt_long_r, _getopt_long_only_r):
Change 'argv' argument to type 'char **'.
getopt can print a whole bunch of error messages, and when used
standalone (from gnulib) it uses fprintf to do that. But fprintf is a
cancellation point and getopt isn't, and also applying fprintf to a
stream in wide-character mode is not allowed.
glibc has an internal function called __fxprintf that writes a narrow
format string to a stream regardless of mode, but it only handles
ASCII format strings, and it's still a cancellation point. getopt's
messages are translated, so they might not be ASCII. So getopt has an
error message to an asprintf buffer, monkeys with internal flag bits
on stderr to disable cancellation, and then calls
__fxprintf(stderr, "%s", buffer). There isn't even a helper function,
the code is duplicated every time.
This patch fixes __fxprintf to handle arbitrary multibyte format
strings, and adds a variant __fxprintf_nocancel that does the same
thing but also isn't a cancellation point. (It still _works_ by
monkeying with internal flag bits on the FILE, but that's not really a
layering violation for code in stdio-common.) All of the #ifdef _LIBC
blocks can then be reduced to their standalone versions with a little
help from some macros at the top of the file.
I also wrote a test case to verify that getopt really isn't a
cancellation point, and I'm glad I did, because it found two bugs, one
of which wasn't even to do with cancellation (see previous patch).
* stdio-common/fxprintf.c (__fxprintf_nocancel): New function.
(locked_vfxprintf): New helper function. Handle arbitrary
multibyte strings, not just ASCII.
* include/stdio.h: Declare __fxprintf_nocancel.
* posix/getopt.c: When _LIBC is defined, define fprintf to
__fxprintf_nocancel, flockfile to _IO_flockfile, and
funlockfile to _IO_funlockfile. When neither _LIBC nor
_POSIX_THREAD_SAFE_FUNCTIONS is defined, define flockfile and
funlockfile as no-ops. (_getopt_internal_r): Remove all
internal #ifdef _LIBC blocks; the standalone error-printing
code can now be used for libc as well. Add an
flockfile/funlockfile pair around one case where the error
message is printed in several chunks. Don't use fputc.
* posix/tst-getopt-cancel.c: New test.
* posix/Makefile: Run it.
getopt_long contains an undocumented (AFAICT) feature in which, if you
put "W;" in the short-options list, then '-W foo' and '-Wfoo' are
treated as equivalent to '--foo'. This is implemented with a partial
second copy of the code for handling long options, and that code
increments optind one too many times when recovering from an ambiguous
abbreviated option, which can cause the main loop to walk past the end
of argv and crash.
I discovered this while writing a test case that tries to exercise all
of getopt's error reporting paths; I wouldn't be surprised to learn
that this feature is never used by real applications.
* posix/getopt.c (_getopt_internal_r): Don't increment
d->optind a second time when reporting ambiguous -W options.
This covers changes with little or no consequences when the code is
used in glibc.
* posix/getopt_int.h: Include getopt.h.
Use impl-namespace names for all arguments to _getopt_internal and
_getopt_internal_r.
Declare __ordering enum outside the struct.
Harmonize comments with gnulib.
* posix/getopt1.c: Simplify #ifdeffage at top of file. Remove
ELIDE_CODE logic entirely. Move inclusion of stdlib.h to
#ifdef TEST block and make unconditional. Do not define NULL.
* posix/getopt.c: Partial merge from gnulib, covering the
initial includes and global declarations, commentary, and
a couple of semantically-neutral code changes.
I'm not sure whether this is official GNU style now, but `...' quotes
haven't looked properly balanced in most people's terminal fonts since
2001ish? and gnulib has chosen to switch over to '...' quotes.
I'm merging this separately from the other changes in gnulib because
it's very mechanical.
* posix/getopt.c, posix/getopt.h, posix/getopt1.c, posix/getopt_int.h:
Use '...' instead of `...' for quotation marks inside
comments and strings.
glibc's implementation of getopt includes code to parse an environment
variable named _XXX_GNU_nonoption_argv_flags_ (where XXX is the
current process's PID in decimal); but all of it has been #ifdefed out
since 2001, with no official way to turn it back on.
According to commentary in our config.h.in, bash version 2.0 set this
environment variable to indicate argv elements that were the result of
glob expansion and therefore should not be treated as options, but the
feature was "disabled later" because "it caused problems". According
to bash's CHANGES file, "later" was release 2.01; it gives no more
detail about what the problems were.
Version 2.0 of bash was released on the last day of 1996, and version
2.01 in June of 1997. Twenty years later, I think it is safe to
assume that this environment variable isn't coming back.
* config.h.in (USE_NONOPTION_FLAGS): Remove.
* csu/init-first.c: Remove all #ifdef USE_NONOPTION_FLAGS blocks.
* sysdeps/mach/hurd/i386/init-first.c: Likewise.
* posix/getopt_int.h: Likewise.
* posix/getopt.c: Likewise. Also remove SWAP_FLAGS and the
__libc_argc and __libc_argv externs, which were only used by
#ifdef USE_NONOPTION_FLAGS blocks.
* posix/getopt_init.c: Remove file.
* posix/Makefile (routines): Remove getopt_init.
* include/getopt.h: Don't declare __getopt_initialize_environment.
* manual/getopt.texi: Remove mention of USE_NONOPTION_FLAGS in
a comment.
This patch fixes multiple issues of test-errno.c (9a56f87183):
- Rename Linux test-errno.c to test-errno-linux.c to avoid build
the same source for both tests.
- Add a mlock check for 32 bits build running on 64 bits kernels.
Althuough man pages states that mlock fails with EINVAL if final
address overflows, kernels does not return it for aforementioned
condition (it returns ENOMEM instead). Although it seems to be
a kernel issue for compat syscall handling, I think it is worth
to still check syscall return and document the behavior.
- Initialize option lenght for setsockopt check.
- Change open test from EINVAL to EISDIR.
Checked on x86_64-linux-gnu and i686-linux-gnu (running on 64 bits
kernel).
* posix/test-errno.c (do_test): Initialize setsockopt optlen.
* sysdeps/unix/sysv/linux/test-errno.c: Move to ...
* sysdeps/unix/sysv/linux/test-errno-linux.c: ... here.
(test_wrp_rv): Fix format.
(test_wrp_rv2): New macro.
(do_test): Handle mlock return on 64 bits kernels with 32 bits
binaries.
calls with constant strings shows a small (~10%) performance gain, strdup is
typically used in error reporting code, so not performance critical.
Remove the now unused __need_malloc_and_calloc related defines from stdlib.h.
Rename existing uses of str(n)dup to __str(n)dup so it no longer needs to be
redirected to a builtin. Also building GLIBC with -Os now no longer shows
localplt or linkname space failures (partial fix for BZ #15105 and BZ #19463).
[BZ #15105]
[BZ #19463]
* elf/dl-cache.c (_dl_load_cache_lookup): Use __strdup.
* inet/rcmd.c (rcmd_af): Likewise.
* inet/rexec.c (rexec_af): Likewise.
* intl/dcigettext.c (_LIBC): Likewise.
* intl/finddomain.c (_nl_find_domain): Use strdup expansion.
* locale/loadarchive.c (_nl_load_locale_from_archive): Use __strdup.
* locale/setlocale.c (setlocale): Likewise.
* posix/spawn_faction_addopen.c
(posix_spawn_file_actions_addopen): Likewise.
* stdlib/putenv.c (putenv): Use __strndup.
* sunrpc/svc_simple.c (__registerrpc): Use __strdup.
* sysdeps/posix/getaddrinfo.c (gaih_inet): Use __strdup/__strndup.
* include/stdlib.h (__need_malloc_and_calloc): Remove uses.
(__Need_M_And_C) Remove define/undef.
* stdlib/stdlib.h (__need_malloc_and_calloc): Remove uses.
(__malloc_and_calloc_defined): Remove define.
* string/bits/string2.h (__strdup): Remove define.
(strdup): Likewise.
(__strndup): Likewise.
(strndup): Likewise.
This patch adds tests for POSIX and Linux specific syscalls
that implemented with syscall templates machinery. The reason
of tests is to receive the expected error code and test if
it's handled properly by glibc.
2017-03-08 Yury Norov <ynorov@caviumnetworks.com>
Zack Weinberg <zackw@panix.com>
* posix/test-errno.c: New file.
* posix/Makefile (tests): Add test-errno.
* sysdeps/unix/sysv/linux/test-errno.c: New file.
* sysdeps/unix/sysv/linux/Makefile (tests): Add test-errno.
posix/wordexp-test.c used libc-internal.h for PTR_ALIGN_DOWN; similar
to what was done with libc-diag.h, I have split the definitions of
cast_to_integer, ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and PTR_ALIGN_DOWN
to a new header, libc-pointer-arith.h.
It then occurred to me that the remaining declarations in libc-internal.h
are mostly to do with early initialization, and probably most of the
files including it, even in the core code, don't need it anymore. Indeed,
only 19 files actually need what remains of libc-internal.h. 23 others
need libc-diag.h instead, and 12 need libc-pointer-arith.h instead.
No file needs more than one of them, and 16 don't need any of them!
So, with this patch, libc-internal.h stops including libc-diag.h as
well as losing the pointer arithmetic macros, and all including files
are adjusted.
* include/libc-pointer-arith.h: New file. Define
cast_to_integer, ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and
PTR_ALIGN_DOWN here.
* include/libc-internal.h: Definitions of above macros
moved from here. Don't include libc-diag.h anymore either.
* posix/wordexp-test.c: Include stdint.h and libc-pointer-arith.h.
Don't include libc-internal.h.
* debug/pcprofile.c, elf/dl-tunables.c, elf/soinit.c, io/openat.c
* io/openat64.c, misc/ptrace.c, nptl/pthread_clock_gettime.c
* nptl/pthread_clock_settime.c, nptl/pthread_cond_common.c
* string/strcoll_l.c, sysdeps/nacl/brk.c
* sysdeps/unix/clock_settime.c
* sysdeps/unix/sysv/linux/i386/get_clockfreq.c
* sysdeps/unix/sysv/linux/ia64/get_clockfreq.c
* sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c
* sysdeps/unix/sysv/linux/sparc/sparc64/get_clockfreq.c:
Don't include libc-internal.h.
* elf/get-dynamic-info.h, iconv/loop.c
* iconvdata/iso-2022-cn-ext.c, locale/weight.h, locale/weightwc.h
* misc/reboot.c, nis/nis_table.c, nptl_db/thread_dbP.h
* nscd/connections.c, resolv/res_send.c, soft-fp/fmadf4.c
* soft-fp/fmasf4.c, soft-fp/fmatf4.c, stdio-common/vfscanf.c
* sysdeps/ieee754/dbl-64/e_lgamma_r.c
* sysdeps/ieee754/dbl-64/k_rem_pio2.c
* sysdeps/ieee754/flt-32/e_lgammaf_r.c
* sysdeps/ieee754/flt-32/k_rem_pio2f.c
* sysdeps/ieee754/ldbl-128/k_tanl.c
* sysdeps/ieee754/ldbl-128ibm/k_tanl.c
* sysdeps/ieee754/ldbl-96/e_lgammal_r.c
* sysdeps/ieee754/ldbl-96/k_tanl.c, sysdeps/nptl/futex-internal.h:
Include libc-diag.h instead of libc-internal.h.
* elf/dl-load.c, elf/dl-reloc.c, locale/programs/locarchive.c
* nptl/nptl-init.c, string/strcspn.c, string/strspn.c
* malloc/malloc.c, sysdeps/i386/nptl/tls.h
* sysdeps/nacl/dl-map-segments.h, sysdeps/x86_64/atomic-machine.h
* sysdeps/unix/sysv/linux/spawni.c
* sysdeps/x86_64/nptl/tls.h:
Include libc-pointer-arith.h instead of libc-internal.h.
* elf/get-dynamic-info.h, sysdeps/nacl/dl-map-segments.h
* sysdeps/x86_64/atomic-machine.h:
Add multiple include guard.
Quite a few tests include libc-internal.h just for the DIAG_* macros.
Split those macros to their own file, which can be included safely in
_ISOMAC mode. I also moved ignore_value, since it seems logically
related, even though I didn't notice any tests needing it.
Also add -Wnonnull suppressions to two tests that _should_ have them,
but the error is masked when compiling against internal headers.
* include/libc-diag.h: New file. Define ignore_value,
DIAG_PUSH_NEEDS_COMMENT, DIAG_POP_NEEDS_COMMENT,
DIAG_IGNORE_NEEDS_COMMENT, and DIAG_IGNORE_Os_NEEDS_COMMENT here.
* include/libc-internal.h: Definitions of above macros moved from
here. Include libc-diag.h. Add copyright notice.
* malloc/tst-malloc.c, malloc/tst-memcheck.c, malloc/tst-realloc.c
* misc/tst-error1.c, posix/tst-dir.c, stdio-common/bug21.c
* stdio-common/scanf14.c, stdio-common/scanf4.c, stdio-common/scanf7.c
* stdio-common/test-vfprintf.c, stdio-common/tst-printf.c
* stdio-common/tst-printfsz.c, stdio-common/tst-sprintf.c
* stdio-common/tst-unlockedio.c, stdio-common/tstdiomisc.c
* stdlib/bug-getcontext.c, string/tester.c, string/tst-endian.c
* time/tst-strptime2.c, wcsmbs/tst-wcstof.c:
Include libc-diag.h instead of libc-internal.h.
* stdlib/tst-environ.c: Include libc-diag.h. Suppress -Wnonnull for
call to unsetenv (NULL).
* nptl/tst-mutex1.c: Include libc-diag.h. Suppress -Wnonnull for
call to pthread_mutexattr_destroy (NULL).
* crypt/md5.h: Test _LIBC with #if defined, not #if.
* dirent/opendir-tst1.c: Include sys/stat.h.
* dirent/tst-fdopendir.c: Include sys/stat.h.
* dirent/tst-fdopendir2.c: Include stdlib.h.
* dirent/tst-scandir.c: Include stdbool.h.
* elf/tst-auditmod1.c: Include link.h and stddef.h.
* elf/tst-tls15.c: Include stdlib.h.
* elf/tst-tls16.c: Include stdlib.h.
* elf/tst-tls17.c: Include stdlib.h.
* elf/tst-tls18.c: Include stdlib.h.
* iconv/tst-iconv6.c: Include endian.h.
* iconvdata/bug-iconv11.c: Include limits.h.
* io/test-utime.c: Include stdint.h.
* io/tst-faccessat.c: Include sys/stat.h.
* io/tst-fchmodat.c: Include sys/stat.h.
* io/tst-fchownat.c: Include sys/stat.h.
* io/tst-fstatat.c: Include sys/stat.h.
* io/tst-futimesat.c: Include sys/stat.h.
* io/tst-linkat.c: Include sys/stat.h.
* io/tst-mkdirat.c: Include sys/stat.h and stdbool.h.
* io/tst-mkfifoat.c: Include sys/stat.h and stdbool.h.
* io/tst-mknodat.c: Include sys/stat.h and stdbool.h.
* io/tst-openat.c: Include stdbool.h.
* io/tst-readlinkat.c: Include sys/stat.h.
* io/tst-renameat.c: Include sys/stat.h.
* io/tst-symlinkat.c: Include sys/stat.h.
* io/tst-unlinkat.c: Include stdbool.h.
* libio/bug-memstream1.c: Include stdlib.h.
* libio/bug-wmemstream1.c: Include stdlib.h.
* libio/tst-fwrite-error.c: Include stdlib.h.
* libio/tst-memstream1.c: Include stdlib.h.
* libio/tst-memstream2.c: Include stdlib.h.
* libio/tst-memstream3.c: Include stdlib.h.
* malloc/tst-interpose-aux.c: Include stdint.h.
* misc/tst-preadvwritev-common.c: Include sys/stat.h.
* nptl/tst-basic7.c: Include limits.h.
* nptl/tst-cancel25.c: Include pthread.h, not pthreadP.h.
* nptl/tst-cancel4.c: Include stddef.h, limits.h, and sys/stat.h.
* nptl/tst-cancel4_1.c: Include stddef.h.
* nptl/tst-cancel4_2.c: Include stddef.h.
* nptl/tst-cond16.c: Include limits.h.
Use sysconf(_SC_PAGESIZE) instead of __getpagesize.
* nptl/tst-cond18.c: Include limits.h.
Use sysconf(_SC_PAGESIZE) instead of __getpagesize.
* nptl/tst-cond4.c: Include stdint.h.
* nptl/tst-cond6.c: Include stdint.h.
* nptl/tst-stack2.c: Include limits.h.
* nptl/tst-stackguard1.c: Include stddef.h.
* nptl/tst-tls4.c: Include stdint.h. Don't include tls.h.
* nptl/tst-tls4moda.c: Include stddef.h.
Don't include stdio.h, unistd.h, or tls.h.
* nptl/tst-tls4modb.c: Include stddef.h.
Don't include stdio.h, unistd.h, or tls.h.
* nptl/tst-tls5.h: Include stddef.h. Don't include stdlib.h or tls.h.
* posix/tst-getaddrinfo2.c: Include stdio.h.
* posix/tst-getaddrinfo5.c: Include stdio.h.
* posix/tst-pathconf.c: Include sys/stat.h.
* posix/tst-posix_fadvise-common.c: Include stdint.h.
* posix/tst-preadwrite-common.c: Include sys/stat.h.
* posix/tst-regex.c: Include stdint.h.
Don't include spawn.h or spawn_int.h.
* posix/tst-regexloc.c: Don't include spawn.h or spawn_int.h.
* posix/tst-vfork3.c: Include sys/stat.h.
* resolv/tst-bug18665-tcp.c: Include stdlib.h.
* resolv/tst-res_hconf_reorder.c: Include stdlib.h.
* resolv/tst-resolv-search.c: Include stdlib.h.
* stdio-common/tst-fmemopen2.c: Include stdint.h.
* stdio-common/tst-vfprintf-width-prec.c: Include stdlib.h.
* stdlib/test-canon.c: Include sys/stat.h.
* stdlib/tst-tls-atexit.c: Include stdbool.h.
* string/test-memchr.c: Include stdint.h.
* string/tst-cmp.c: Include stdint.h.
* sysdeps/pthread/tst-timer.c: Include stdint.h.
* sysdeps/unix/sysv/linux/tst-sync_file_range.c: Include stdint.h.
* sysdeps/wordsize-64/tst-writev.c: Include limits.h and stdint.h.
* sysdeps/x86_64/fpu/math-tests-arch.h: Include cpu-features.h.
Don't include init-arch.h.
* sysdeps/x86_64/multiarch/test-multiarch.h: Include cpu-features.h.
Don't include init-arch.h.
* sysdeps/x86_64/tst-auditmod10b.c: Include link.h and stddef.h.
* sysdeps/x86_64/tst-auditmod3b.c: Include link.h and stddef.h.
* sysdeps/x86_64/tst-auditmod4b.c: Include link.h and stddef.h.
* sysdeps/x86_64/tst-auditmod5b.c: Include link.h and stddef.h.
* sysdeps/x86_64/tst-auditmod6b.c: Include link.h and stddef.h.
* sysdeps/x86_64/tst-auditmod6c.c: Include link.h and stddef.h.
* sysdeps/x86_64/tst-auditmod7b.c: Include link.h and stddef.h.
* time/clocktest.c: Include stdint.h.
* time/tst-posixtz.c: Include stdint.h.
* timezone/tst-timezone.c: Include stdint.h.
bits/types.h has no sysdeps variants, so it should be in the
subdirectory that installs it (namely, posix).
* bits/types.h: Move to posix/bits.
* include/bits/types.h: New wrapper.
The new test driver in <support/test-driver.c> has feature parity with
the old one. The main difference is that its hooking mechanism is
based on functions and function pointers instead of macros. This
commit also implements a new environment variable, TEST_COREDUMPS,
which disables the code which disables coredumps (that is, it enables
them if the invocation environment has not disabled them).
<test-skeleton.c> defines wrapper functions so that it is possible to
use existing macros with the new-style hook functionality.
This commit changes only a few test cases to the new test driver, to
make sure that it works as expected.
For many years, the only effect of these macros has been to make
unistd.h declare getlogin_r. _POSIX_C_SOURCE >= 199506L also causes
this function to be declared. However, people who don't carefully
read all the headers might be confused into thinking they need to
define _REENTRANT for any threaded code (as was indeed the case a long
time ago).
Therefore, remove __USE_REENTRANT, and make _REENTRANT and _THREAD_SAFE
into synonyms for _POSIX_C_SOURCE=199506L. This will only affect
programs that don't select a higher conformance level some other way.
For instance, -std=c89 -D_REENTRANT will see a change in visible
declarations, but -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT won't,
and -D_REENTRANT all by itself also won't, because _DEFAULT_SOURCE
implies _POSIX_C_SOURCE > 199506.
* include/features.h: Remove __USE_REENTRANT. Treat _REENTRANT
and _THREAD_SAFE the same as _POSIX_C_SOURCE=199506L, if a higher
POSIX conformance level has not been selected by other macros.
* NEWS, manual/creature.texi: Document this change.
* posix/unistd.h, posix/bits/unistd.h: Don't check __USE_REENTRANT.
* include/libc-symbols.h: Don't define _REENTRANT.
* scripts/check-installed-headers.sh: Don't undefine _REENTRANT.
Commit 6c9e1be87a wrongly fixes BZ#20847 by lefting the else branch
on maybe_script_execute to still being able to invalid write on stack
allocated buffer. It happens if execvp{e} is executed with an empty
arguments list ({ NULL }) and although manual states first argument
should be the script name itself, by convention, old and current
implementation allows it.
This patch fixes the issue by just account for arguments and not the
final 'NULL' (since the 'argv + 1' will indeed ignored the script name).
The empty argument list is handled in a special case with a minimum
allocated size. The patch also adds extra tests for such case in
tst-vfork3.
Tested on x86_64.
[BZ #20847]
* posix/execvpe.c (maybe_script_execute): Remove write past allocated
array bounds for else branch.
(__execvpe): Style fixes.
* posix/tst-vfork3.c (run_script): New function.
(create_script): Likewise.
(do_test): Use run_script internal function.
(do_prepare): Use create_script internal function.
This patch fixes an invalid write out or stack allocated buffer in
2 places at execvpe implementation:
1. On 'maybe_script_execute' function where it allocates the new
argument list and it does not account that a minimum of argc
plus 3 elements (default shell path, script name, arguments,
and ending null pointer) should be considered. The straightforward
fix is just to take account of the correct list size on argument
copy.
2. On '__execvpe' where the executable file name lenght may not
account for ending '\0' and thus subsequent path creation may
write past array bounds because it requires to add the terminating
null. The fix is to change how to calculate the executable name
size to add the final '\0' and adjust the rest of the code
accordingly.
As described in GCC bug report 78433 [1], these issues were masked off by
GCC because it allocated several bytes more than necessary so that many
off-by-one bugs went unnoticed.
Checked on x86_64 with a latest GCC (7.0.0 20161121) with -O3 on CFLAGS.
[BZ #20847]
* posix/execvpe.c (maybe_script_execute): Remove write past allocated
array bounds.
(__execvpe): Likewise.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78433
THis patch consolidates all Linux ftruncate implementation on
sysdeps/unix/sysv/linux/ftruncate{64}.c. It is based on
{INTERNAL,INLINE}_SYSCALL patch [1] to simplify the syscall construction.
General idea is to build ftruncate iff __OFF_T_MATCHES_OFF64_T is not
defined, otherwise ftruncate64 will be build and ftruncate will be an
alias. The fallocate will use old compat syscall and pass 32-bit off_t
argument, while fallocate64 will handle the correct off64_t passing using
__ALIGNMENT_ARG and SYSCALL_LL64 macros.
Tested on x86_64, i386, aarch64, and armhf.
* posix/tst-truncate-common.c: New file.
* posix/tst-truncate.c: Use tst-truncate-common.c.
* posix/tst-truncate64.c: Likewise and add LFS tests.
* sysdeps/unix/sysv/linux/arm/ftruncate64.c: Remove file.
* sysdeps/unix/sysv/linux/generic/wordsize-32/ftruncate.c: Likewise.
* sysdeps/unix/sysv/linux/generic/wordsize-32/ftruncate64.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/ftruncate64.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/ftruncate64.c: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/ftruncate64.c: Likewise.
* sysdeps/unix/sysv/linux/wordsize-64/ftruncate64.c: Likewise.
* sysdeps/unix/sysv/linux/ftruncate.c: New file.
* sysdeps/unix/sysv/linux/ftruncate64.c (__ftruncate64): Use
INLINE_SYSCALL_CALL, __ALIGNMENT_ARG and SYSCALL_LL64 macros.
[__OFF_T_MATCHES_OFF64_T] (ftruncate): Add alias.
* sysdeps/unix/sysv/linux/mips/mips64/syscalls.list (ftruncate):
Remove.
* sysdeps/unix/sysv/linux/wordsize-64/syscalls.list (ftruncate):
Likewise.
[1] https://sourceware.org/ml/libc-alpha/2016-08/msg00646.html
This patch consolidates mostly of the Linux posix_fadvise{64} implementations
on sysdeps/unix/sysv/linux/posix_fadvise{64}.c. It still keeps arch-specific
files for:
* S390-32: it uses a packed structure to pass all the arguments on syscall.
It is the only supported port that implements __NR_fadvise64_64 in this
way.
* ARM: it does not implement __NR_fadvise64 (as other 32-bits ports), so
posix_fadvise calls internal posix_fadvise64 symbol.
* MIPS64 n64: it requires a different version number that other ports.
The new macro SYSCALL_LL{64} is used to handle the offset argument and
INTERNAL_SYSCALL_CALL to handle passing the correct number of expect
arguments.
The default Linux adds two new defines a port can use to control how
__NR_fadvise64_64 passes the kernel arguments:
* __ASSUME_FADVISE64_64_6ARG: the 'advise' argument is moved on second
position. This is the case of powerpc32 and arm to avoid implement
7 argument syscall.
* __ASSUME_FADVISE64_64_NO_ALIGN: for ABIs that defines
__ASSUME_ALIGNED_REGISTER_PAIRS packs the offset without the leading
'0'. This is the case of tile 32 bits.
ARM also defines __NR_fadvise64_64 as __NR_arm_fadvise64_64 (which is also
handled on arch kernel-feature.h).
Tested on x86_64, x32, i686, armhf, and aarch64.
* posix/Makefile (tests): Add tst-posix_fadvise and tst-posix_fadvise64.
* posix/tst-posix_fadvise.c: New file.
* posix/tst-posix_fadvise64.c: Likewise.
* posix/tst-posix_fadvise-common.c: Likewise.
* sysdeps/unix/sysv/linux/arm/kernel-features.h
(__ASSUME_FADVISE64_64_6ARG): Define.
* sysdeps/unix/sysv/linux/powerpc/kernel-features.h
[!__powerpc64__] (__ASSUME_FADVISE64_64_6ARG): Add define.
* sysdeps/unix/sysv/linux/arm/posix_fadvise64.c: Remove file.
* sysdeps/unix/sysv/linux/generic/wordsize-32/posix_fadvise.c: Likewise.
* sysdeps/unix/sysv/linux/i386/posix_fadvise64.S: Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/posix_fadvise.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips32/posix_fadvise64.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n32/posix_fadvise.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n32/posix_fadvise64.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n64/posix_fadvise.c: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/posix_fadvise.c: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/posix_fadvise64.c:
Likewise.
* sysdeps/unix/sysv/linux/wordsize-64/posix_fadvise.c: Likewise.
* sysdeps/unix/sysv/linux/wordsize-64/posix_fadvise64.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n64/posix_fadvise64.c
(SHLIB_COMPAT(libc, GLIBC_2_2, GLIBC_2_3_3) [__posix_fadvise64_l64]:
Alias to __posix_fadvise64_l32.
(SHLIB_COMPAT(libc, GLIBC_2_2, GLIBC_2_3_3) [__posix_fadvise64_l32]:
Add compat definition to posix_fadvise64.
(SHLIB_COMPAT(libc, GLIBC_2_2, GLIBC_2_3_3) [__posix_fadvise64_l64]:
Add versioned definition to posix_fadvise64.
* sysdeps/unix/sysv/linux/posix_fadvise.c (posix_fadvise): Build iff
__OFF_T_MATCHES_OFF64_T is defined, use INTERNAL_SYSCALL_CALL, add
__ASSUME_FADVISE64_64_6ARG/__ASSUME_FADVISE64_64_NO_ALIGN support.
* sysdeps/unix/sysv/linux/posix_fadvise64.c (posix_fadvise64): Add
__ASSUME_FADVISE64_64_NO_ALIGN support and use INTERNAL_SYSCALL_CALL.
On posix_spawn open file action (issued by posix_spawn_file_actions_addopen)
POSIX states that if fildes was already an open file descriptor, it shall be
closed before the new file is openedi [1]. This avoid pontential issues when
posix_spawn plus addopen action is called with the process already at maximum
number of file descriptor opened and also for multiple actions on single-open
special paths (like /dev/watchdog).
This fixes its behavior on Linux posix_spawn implementation and also adds
a tests to check for its behavior.
Checked on x86_64.
* posix/Makefile (tests): Add tst-spawn3.
* posix/tst-spawn3.c: New file.
* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor
if it is already opened for open action.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
Many headers are expected to expose a subset of the type definitions
in time.h. time.h has a whole bunch of messy logic for conditionally
defining some its types and structs, but, as best I can tell, this
has never worked 100%. In particular, __need_timespec is ineffective
if _TIME_H has already been defined, which means that if you compile
#include <time.h>
#include <sched.h>
with e.g. -fsyntax-only -std=c89 -Wall -Wsystem-headers, you will get
In file included from test.c:2:0:
/usr/include/sched.h:74:57: warning: "struct timespec" declared inside
parameter list will not be visible outside of this definition or declaration
extern int sched_rr_get_interval (__pid_t __pid, struct timespec *__t) __THROW;
^~~~~~~~
And if you want to _use_ sched_rr_get_interval in a TU compiled that
way, you're hosed.
This patch replaces all of that with small bits/types/TYPE.h headers
as introduced earlier. time.h and bits/time.h are now *much* simpler,
and a lot of other headers are slightly simpler.
* time/time.h, bits/time.h, sysdeps/unix/sysv/linux/bits/time.h:
Remove all logic conditional on __need macros. Move all the
conditionally defined types to their own headers...
* time/bits/types/clock_t.h: Define clock_t here.
* time/bits/types/clockid_t.h: Define clockid_t here.
* time/bits/types/struct_itimerspec.h: Define struct itimerspec here.
* time/bits/types/struct_timespec.h: Define struct timespec here.
* time/bits/types/struct_timeval.h: Define struct timeval here.
* time/bits/types/struct_tm.h: Define struct tm here.
* time/bits/types/time_t.h: Define time_t here.
* time/bits/types/timer_t.h: Define timer_t here.
* time/Makefile: Install the new headers.
* bits/resource.h, io/fcntl.h, io/sys/poll.h, io/sys/stat.h
* io/utime.h, misc/sys/select.h, posix/sched.h, posix/sys/times.h
* posix/sys/types.h, resolv/netdb.h, rt/aio.h, rt/mqueue.h
* signal/signal.h, pthread/semaphore.h, sysdeps/nptl/pthread.h
* sysdeps/unix/sysv/linux/alpha/bits/resource.h
* sysdeps/unix/sysv/linux/alpha/sys/acct.h
* sysdeps/unix/sysv/linux/bits/resource.h
* sysdeps/unix/sysv/linux/bits/timex.h
* sysdeps/unix/sysv/linux/mips/bits/resource.h
* sysdeps/unix/sysv/linux/net/ppp_defs.h
* sysdeps/unix/sysv/linux/sparc/bits/resource.h
* sysdeps/unix/sysv/linux/sys/acct.h
* sysdeps/unix/sysv/linux/sys/timerfd.h
* sysvipc/sys/msg.h, sysvipc/sys/sem.h, sysvipc/sys/shm.h
* time/sys/time.h, time/sys/timeb.h
Use the new bits/types headers.
* include/time.h: Remove __need logic.
* include/bits/time.h
* include/bits/types/clock_t.h, include/bits/types/clockid_t.h
* include/bits/types/time_t.h, include/bits/types/timer_t.h
* include/bits/types/struct_itimerspec.h
* include/bits/types/struct_timespec.h
* include/bits/types/struct_timeval.h
* include/bits/types/struct_tm.h:
New wrapper headers.
Some headers did not include all of their prerequisite headers.
* rpcsvc/nislib.h: Include rpcsvc/nis.h.
* sysdeps/unix/sysv/linux/netrose/rose.h:
Include sys/socket.h and netax25/ax25.h.
<endian.h> only defines BYTE_ORDER, BIG_ENDIAN, LITTLE_ENDIAN,
etc. under __USE_MISC; glibc's headers should use __BYTE_ORDER,
__BIG_ENDIAN, __LITTLE_ENDIAN, etc. instead.
* inet/netinet/icmp6.h, inet/netinet/ip6.h
* resolv/arpa/nameser_compat.h:
Use __BYTE_ORDER etc. instead of BYTE_ORDER etc.
sys/types.h only conditionally defines caddr_t and clockid_t.
* sysdeps/unix/sysv/linux/sys/quota.h:
Use __caddr_t instead of caddr_t.
* sysdeps/unix/sysv/linux/sys/timerfd.h:
Use __clockid_t instead of clockid_t.
Remove a #warning that was the sole actual problem with using sys/ipc.h
without _GNU_SOURCE/_XOPEN_SOURCE.
* sysvipc/sys/ipc.h: Remove unnecessary #warning.
_LIBC, __USE_XOPEN2K8, and __STDC_VERSION__ are not always defined.
It seems to me that _LIBC should not appear in installed headers, but
avoiding that for argp specifically would require more surgery than
feels appropriate for this patch set. It's possible that
"#ifdef _LIBC" would be sufficient, but I wanted to be conservative.
All three versions of bits/socket.h want to know whether __flexarr
will produce a real flexible array member -- specifically, one that
doesn't alter sizeof(the structure containing it). They were testing
for this with a complicated #if condition that did not agree with
sys/cdefs.h and that tripped -Wundef warnings under -std=c90.
I added a new macro to sys/cdefs.h, __glibc_c99_flexarr_available,
which reveals exactly what these headers want to know. I also took
the opportunity to flatten the rather messy conditional nest defining
__flexarr.
* argp/argp.h: Check whether _LIBC is defined before expanding it.
* posix/glob.h: Check whether __USE_XOPEN2K8 is defined instead
of expanding it.
* misc/sys/cdefs.h: Tidy up conditional nest defining __flexarr.
Define __glibc_c99_flexarr_available to 1 when the compiler
supports C99-compatible flexible array members, 0 otherwise.
* sysdeps/unix/sysv/linux/bits/socket.h
* sysdeps/mach/hurd/bits/socket.h
* bits/socket.h: Use __glibc_c99_flexarr_available in
definitions of struct cmsghdr and CMSG_DATA.
The macros defined by <sys/sysmacros.h> are not part of POSIX nor XSI, and
their names frequently collide with user code; see for instance glibc bug
19239 and Red Hat bug 130601. <stdlib.h> includes <sys/types.h> under
_GNU_SOURCE, and C++ code presently cannot avoid being compiled under
_GNU_SOURCE, exacerbating the problem.
* NEWS: Inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated.
* misc/sys/sysmacros.h: If __SYSMACROS_DEPRECATED_INCLUSION is defined,
define major, minor, and makedev to issue deprecation warnings on use.
If __SYSMACROS_DEPRECATED_INCLUSION is *not* defined, suppress
previously-activated deprecation warnings for these macros and prevent
subsequent inclusions of this header from having any effect.
* posix/sys/types.h: Define __SYSMACROS_DEPRECATED_INCLUSION before
including <sys/sysmacros.h>, and undefine it again afterward.
Presently sys/sysmacros.h is entirely defined in sysdeps. This would
mean that the deprecation logic coming up in the next patch would have
to be written twice (in generic/ and unix/sysv/linux/). To avoid that,
hoist all but the unavoidably system-dependent logic to misc/, leaving a
bits/ header behind. This also promotes the Linux-specific encoding of
dev_t, which accommodates 32-bit major and minor numbers in a 64-bit dev_t,
to generic, as glibc's dev_t is always 64 bits wide.
The former Linux implementation used inline functions to avoid evaluating
arguments more than once. After this change, all platforms use inline
functions, which means that three new symbols are added to the generic ABI.
(These symbols are in the user namespace, which is how they have always
been on Linux. They begin with "gnu_dev_", so collisions with user code
are pretty unlikely.)
New ports henceforth need only provide a bits/sysmacros.h defining
internal macros __SYSMACROS_{DECLARE,DEFINE}_{MAJOR,MINOR,MAKEDEV}.
This is only necessary if the kernel encoding is incompatible with
the now-generic encoding (for instance, it would be necessary for
FreeBSD).
While I was at it, I added a basic round-trip test for these functions.
* sysdeps/generic/sys/sysmacros.h: Delete file.
* sysdeps/unix/sysv/linux/makedev.c: Delete file.
* sysdeps/unix/sysv/linux/sys/sysmacros.h: Move file ...
* bits/sysmacros.h: ... here; this encoding is now the generic
encoding. Now defines only the following macros:
__SYSMACROS_DECLARE_MAJOR, __SYSMACROS_DEFINE_MAJOR,
__SYSMACROS_DECLARE_MINOR, __SYSMACROS_DEFINE_MINOR,
__SYSMACROS_DECLARE_MAKEDEV, __SYSMACROS_DEFINE_MAKEDEV.
* misc/sys/sysmacros.h, misc/makedev.c: New files that use
bits/sysmacros.h and the above new macros to generate the
public implementations of major, minor, and makedev.
* misc/tst-makedev.c: New test.
* include/sys/sysmacros.h: New wrapper.
* misc/Makefile (headers): Add sys/sysmacros.h, bits/sysmacros.h.
(routines): Add makedev.
(tests): Add tst-makedev.
* misc/Versions [GLIBC_2.25]: Add gnu_dev_major, gnu_dev_minor,
gnu_dev_makedev.
* posix/Makefile (headers): Remove sys/sysmacros.h.
* sysdeps/unix/sysv/linux/Makefile (sysdep_routines): Remove makedev.
* sysdeps/arm/nacl/libc.abilist: Add GLIBC_2.25,
gnu_dev_major, gnu_dev_makedev, gnu_dev_minor.
* sysdeps/unix/sysv/linux/aarch64/libc.abilist
* sysdeps/unix/sysv/linux/alpha/libc.abilist
* sysdeps/unix/sysv/linux/arm/libc.abilist
* sysdeps/unix/sysv/linux/hppa/libc.abilist
* sysdeps/unix/sysv/linux/i386/libc.abilist
* sysdeps/unix/sysv/linux/ia64/libc.abilist
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist
* sysdeps/unix/sysv/linux/microblaze/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
* sysdeps/unix/sysv/linux/nios2/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist
* sysdeps/unix/sysv/linux/sh/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist:
Add GLIBC_2.25.
Test p{read,write}64 with offset > 4GB. Since it is not an error for a
successful pread/pwrite call to transfer fewer bytes than requested, we
should check if the return value is -1. No need to close and unlink
temporary file, which is handled by test-skeleton.c.
[BZ #20350]
* posix/tst-preadwrite.c: Renamed to ...
* posix/tst-preadwrite-common.c: This.
(PREAD): Removed.
(PWRITE): Likewise.
(STRINGIFY): Likewise.
(STRINGIFY2): Likewise.
(do_prepare): Make it static and remove function arguments.
(do_test): Likewise.
(PREPARE): Updated.
(TEST_FUNCTION): New.
(name): Make it static.
(fd): Likewise.
(do_prepare): Use create_temp_file.
(do_test): Renamed to ...
(do_test_with_offset): This. Make it static and accept offset.
Properly check return value of PWRITE and PREAD. Return bytes
read. Don't close fd nor unlink name.
* posix/tst-preadwrite.c: Rewrite.
* posix/tst-preadwrite64.c: Likewise.
getconf has the capability to do a runtime check for environment
support in cases where there is optional support for an environment
(_POSIX_V7_ILP32_OFF32 on x86_64 for example) and this is indicated by
not defining the _POSIX_V7_ILP32_OFF32 macro, which results in getconf
doing an additional execve of _POSIX_V7_ILP32_OFF32 in the
$GETCONF_DIR.
The default bits/environments.h however does not leave any environment
macros undefined, which means that no such additional execve is
needed. gcc trunk catches this as a build failure since it finds that
the code block inside switch(specs[i].num) is not reachable. Avoid
this error by not bothering about the additional exec (and looking in
specific environments) when all environments are defined.
Tested on aarch64.
* posix/getconf.c: Define ALL_ENVIRONMENTS_DEFINED if all
environment macros are defined.
(main): Avoid execve if ALL_ENVIRONMENTS_DEFINED is defined.
UNIX98 and XPG4 have ttyslot in <stdlib.h>. glibc, however, has it in
<unistd.h>, for __USE_MISC || (__USE_XOPEN_EXTENDED && !__USE_UNIX98),
but no supported standard has it in <unistd.h>.
This patch adds a properly conditioned declaration to <stdlib.h> (only
enabled for the relevant standards, not for __USE_MISC or __USE_GNU).
The <unistd.h> declaration is restricted to __USE_MISC. Some relevant
XFAILs are removed.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20051]
* posix/unistd.h [__USE_XOPEN_EXTENDED && !__USE_UNIX98]
(ttyslot): Do not declare.
* stdlib/stdlib.h [__USE_XOPEN_EXTENDED && !__USE_XOPEN2K]
(ttyslot): New prototype.
* conform/Makefile (test-xfail-XPG4/unistd.h/conform): Remove
variable.
(test-xfail-UNIX98/stdlib.h/conform): Likewise.
unistd.h declares gethostname for __USE_UNIX98 || __USE_XOPEN2K. But
it's also in XPG4 (XNS volume - C438 - not the main definitions of
system interfaces and headers in C435). This patch corrects the
condition.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20054]
* posix/unistd.h (gethostname): Declare if [__USE_XOPEN_EXTENDED],
not [__USE_UNIX98].
* conform/data/unistd.h-data (gethostname): Do not expect for
[XPG3].
For UNIX98 (only), unistd.h should declare pthread_atfork, but that
declaration is missing. This patch adds it.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20044]
* posix/unistd.h [__USE_UNIX98 && !__USE_XOPEN2K]
(pthread_atfork): New prototype.
* conform/Makefile (test-xfail-UNIX98/unistd.h/conform): Remove
variable.
For UNIX98 and older X/Open standards, unistd.h should have a
declaration of the legacy cuserid function, but such a declaration is
missing. This patch adds that missing declaration.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20043]
* posix/unistd.h [__USE_XOPEN && !__USE_XOPEN2K] (cuserid): New
prototype.
Instead, we store the data we need from the return value of
readdir in an object of the new type struct readdir_result.
This type is independent of the layout of struct dirent.
Previously, application code had to set up the d_namlen member if
the target supported it, involving conditional compilation. After
this change, glob will use the length of the string in d_name instead
of d_namlen to determine the file name length. All glibc targets
provide the d_type and d_ino members, and setting them as needed for
gl_readdir is straightforward.
Changing the behavior with regards to d_ino is left to a future
cleanup.
The overloading approach in the W* macros was incompatible with
integer expressions of a type different from int. Applications
using union wait and these macros will have to migrate to the
POSIX-specified int status type.
Current Linux posix_spawn spawn do not test if the pid argument is
valid before trying to update it for success case. This patch fixes
it.
Tested on x86_64 and i686.
* sysdeps/unix/sysv/linux/spawni.c (__spawnix): Fix invalid memory
access where posix_spawn success and pid argument is null.
* posix/tst-spawn.c (do_test): Add posix_spawn null pid argument for
success case.
This patch fixes the posix/tst-execvpe5 invocation when GLIBC is
configured with --enable-hardcoded-path-in-tests which fails with:
$ cat posix/tst-execvpe5.out
Wrong number of arguments (4)
Checked on x86-64 and powerpc64le.
* posix/tst-execvpe5.c (do_test): Fix fix test invocation when
configured with --enable-hardcoded-path-in-tests.
This patch implements a new posix_spawn{p} implementation for Linux. The main
difference is it uses the clone syscall directly with CLONE_VM and CLONE_VFORK
flags and a direct allocated stack. The new stack and start function solves
most the vfork limitation (possible parent clobber due stack spilling). The
remaning issue are related to signal handling:
1. That no signal handlers must run in child context, to avoid corrupt
parent's state.
2. Child must synchronize with parent to enforce stack deallocation and
to possible return execv issues.
The first one is solved by blocking all signals in child, even NPTL-internal
ones (SIGCANCEL and SIGSETXID). The second issue is done by a stack allocation
in parent and a synchronization with using a pipe or waitpid (in case or error).
The pipe has the advantage of allowing the child signal an exec error (checked
with new tst-spawn2 test).
There is an inherent race condition in pipe2 usage for architectures that do not
support the syscall directly. In such cases the a pipe plus fctnl is used
instead and it may lead to file descriptor leak in parent (as decribed by fcntl
documentation).
The child process stack is allocate with a mmap with MAP_STACK flag using
default architecture stack size. Although it is slower than use a stack buffer
from parent, it allows some slack for the compatibility code to run scripts
with no shebang (which may use a buffer with size depending of argument list
count).
Performance should be similar to the vfork default posix implementation and
way faster than fork path (vfork on mostly linux ports are basically
clone with CLONE_VM plus CLONE_VFORK). The only difference is the syscalls
required for the stack allocation/deallocation.
It fixes BZ#10354, BZ#14750, and BZ#18433.
Tested on i386, x86_64, powerpc64le, and aarch64.
[BZ #14750]
[BZ #10354]
[BZ #18433]
* include/sched.h (__clone): Add hidden prototype.
(__clone2): Likewise.
* include/unistd.h (__dup): Likewise.
* posix/Makefile (tests): Add tst-spawn2.
* posix/tst-spawn2.c: New file.
* sysdeps/posix/dup.c (__dup): Add hidden definition.
* sysdeps/unix/sysv/linux/aarch64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/alpha/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/hppa/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/i386/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/ia64/clone2.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/m68k/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/microblaze/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/mips/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/nios2/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/clone.S (__clone):
Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S (__clone):
Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/s390/s390-64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/sh/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc32/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/tile/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/x86_64/clone.S (__clone): Likewise.
* sysdeps/unix/sysv/linux/nptl-signals.h
(____nptl_is_internal_signal): New function.
* sysdeps/unix/sysv/linux/spawni.c: New file.
This patch removes all the dynamic allocation on execvpe code and
instead use direct stack allocation. This is QoI approach to make
it possible use in scenarios where memory is shared with parent
(vfork or clone with CLONE_VM).
For default process spawn (script file without a shebang), stack
allocation is bounded by NAME_MAX plus PATH_MAX plus 1. Large
file arguments returns an error (ENAMETOOLONG). This differs than
current GLIBC pratice in general, but it used to limit stack
allocation for large inputs. Also, path in PATH environment variable
larger than PATH_MAX are ignored.
The shell direct execution exeception, where execve returns ENOEXEC,
might requires a large stack allocation due large input argument list.
Tested on i686, x86_64, powerpc64le, and aarch64.
* posix/execvpe.c (__execvpe): Remove dynamic allocation.
* posix/Makefile (tests): Add tst-execvpe{1,2,3,4,5,6}.
* posix/tst-execvp1.c (do_test): Use a macro to call execvp.
* posix/tst-execvp2.c (do_test): Likewise.
* posix/tst-execvp3.c (do_test): Likewise.
* posix/tst-execvp4.c (do_test): Likewise.
* posix/tst-execvpe1.c: New file.
* posix/tst-execvpe2.c: Likewise.
* posix/tst-execvpe3.c: Likewise.
* posix/tst-execvpe4.c: Likewise.
* posix/tst-execvpe5.c: Likewise.
* posix/tst-execvpe6.c: Likewise.
GLIBC execl{e,p} implementation might use malloc if the total number of
arguments exceed initial assumption size (1024). This might lead to
issues in two situations:
1. execl/execle is stated to be async-signal-safe by POSIX [1]. However
if execl is used in a signal handler with a large argument set (that
may call malloc internally) and if the resulting call fails it might
lead malloc in the program in a bad state.
2. If the functions are used in a vfork/clone(VFORK) situation it also
might issue malloc internal bad state.
This patch fixes it by using stack allocation instead. It also fixes
BZ#19534.
Tested on x86_64.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html
[BZ #19534]
* posix/execl.c (execl): Remove dynamic memory allocation.
* posix/execle.c (execle): Likewise.
* posix/execlp.c (execlp): Likewise.
The build of posix/tst-dir.c fails due to undefined DIAG_* macros.
The usage of the macros were introduced in recent commit
7584a3f96d
"Deprecate readdir_r, readdir64_r [BZ #19056]".
This patch adds the missing header libc-internal.h.
