Commit Graph

180 Commits

Author SHA1 Message Date
Paul Eggert
dff8da6b3e Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
H.J. Lu
541641a3de x86/cet: Enable shadow stack during startup
Previously, CET was enabled by kernel before passing control to user
space and the startup code must disable CET if applications or shared
libraries aren't CET enabled.  Since the current kernel only supports
shadow stack and won't enable shadow stack before passing control to
user space, we need to enable shadow stack during startup if the
application and all shared library are shadow stack enabled.  There
is no need to disable shadow stack at startup.  Shadow stack can only
be enabled in a function which will never return.  Otherwise, shadow
stack will underflow at the function return.

1. GL(dl_x86_feature_1) is set to the CET features which are supported
by the processor and are not disabled by the tunable.  Only non-zero
features in GL(dl_x86_feature_1) should be enabled.  After enabling
shadow stack with ARCH_SHSTK_ENABLE, ARCH_SHSTK_STATUS is used to check
if shadow stack is really enabled.
2. Use ARCH_SHSTK_ENABLE in RTLD_START in dynamic executable.  It is
safe since RTLD_START never returns.
3. Call arch_prctl (ARCH_SHSTK_ENABLE) from ARCH_SETUP_TLS in static
executable.  Since the start function using ARCH_SETUP_TLS never returns,
it is safe to enable shadow stack in ARCH_SETUP_TLS.
2024-01-01 05:22:48 -08:00
H.J. Lu
edb5e0c8f9 x86/cet: Sync with Linux kernel 6.6 shadow stack interface
Sync with Linux kernel 6.6 shadow stack interface.  Since only x86-64 is
supported, i386 shadow stack codes are unchanged and CET shouldn't be
enabled for i386.

1. When the shadow stack base in TCB is unset, the default shadow stack
is in use.  Use the current shadow stack pointer as the marker for the
default shadow stack. It is used to identify if the current shadow stack
is the same as the target shadow stack when switching ucontexts.  If yes,
INCSSP will be used to unwind shadow stack.  Otherwise, shadow stack
restore token will be used.
2. Allocate shadow stack with the map_shadow_stack syscall.  Since there
is no function to explicitly release ucontext, there is no place to
release shadow stack allocated by map_shadow_stack in ucontext functions.
Such shadow stacks will be leaked.
3. Rename arch_prctl CET commands to ARCH_SHSTK_XXX.
4. Rewrite the CET control functions with the current kernel shadow stack
interface.

Since CET is no longer enabled by kernel, a separate patch will enable
shadow stack during startup.
2024-01-01 05:22:48 -08:00
H.J. Lu
1a23b39f9d x86/cet: Update tst-cet-vfork-1
Change tst-cet-vfork-1.c to verify that vfork child return triggers
SIGSEGV due to shadow stack mismatch.
2023-12-20 04:57:21 -08:00
Adhemerval Zanella
cb8c78b2ff linux: Add MMAP_ABOVE4G from Linux 6.6 to sys/mman.h
x86 added the flag (29f890d1050fc099f) for CET enabled.

Also update tst-mman-consts.py test.
2023-11-03 10:01:46 -03:00
Joseph Myers
b163fca6c3 Add PTRACE_SET_SYSCALL_USER_DISPATCH_CONFIG etc. from Linux 6.4 to sys/ptrace.h
Linux 6.4 adds new constants PTRACE_SET_SYSCALL_USER_DISPATCH_CONFIG
and PTRACE_GET_SYSCALL_USER_DISPATCH_CONFIG.  Add those to all
relevant sys/ptrace.h headers, along with adding the associated
argument structure to bits/ptrace-shared.h (named struct
__ptrace_sud_config there following the usual convention for such
structures).

Tested for x86_64 and with build-many-glibcs.py.
2023-08-08 14:38:22 +00:00
Sergey Bugaev
45e2483a6c x86: Make dl-cache.h and readelflib.c not Linux-specific
These files could be useful to any port that wants to use ld.so.cache.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2023-06-26 10:04:31 -03:00
Paul Pluzhnikov
d13733c166 Fix misspellings in sysdeps/unix -- BZ 25337
Applying this commit results in bit-identical rebuild of
libc.so.6 math/libm.so.6 elf/ld-linux-x86-64.so.2 mathvec/libmvec.so.1

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-05-23 11:59:23 +00:00
H.J. Lu
743113d42e x86: Set FSGSBASE to active if enabled by kernel
Linux kernel uses AT_HWCAP2 to indicate if FSGSBASE instructions are
enabled.  If the HWCAP2_FSGSBASE bit in AT_HWCAP2 is set, FSGSBASE
instructions can be used in user space.  Define dl_check_hwcap2 to set
the FSGSBASE feature to active on Linux when the HWCAP2_FSGSBASE bit is
set.

Add a test to verify that FSGSBASE is active on current kernels.
NB: This test will fail if the kernel doesn't set the HWCAP2_FSGSBASE
bit in AT_HWCAP2 while fsgsbase shows up in /proc/cpuinfo.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-04-03 11:36:48 -07:00
Adhemerval Zanella Netto
33237fe83d Remove --enable-tunables configure option
And make always supported.  The configure option was added on glibc 2.25
and some features require it (such as hwcap mask, huge pages support, and
lock elisition tuning).  It also simplifies the build permutations.

Changes from v1:
 * Remove glibc.rtld.dynamic_sort changes, it is orthogonal and needs
   more discussion.
 * Cleanup more code.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-03-29 14:33:06 -03:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Andreas Schwab
954b8f3895 Expose all MAP_ constants in <sys/mman.h> unconditionally (bug 29375)
POSIX reserves the MAP_ prefix for <sys/mman.h>, so there is no need to
conditionalize their definitions on feature test macros.
2022-10-10 09:30:24 +02:00
Adhemerval Zanella
c628c22963 elf: Remove ldconfig kernel version check
Now that it was removed on libc.so.
2022-05-16 15:03:49 -03:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Adhemerval Zanella
a4b4131355 Set default __TIMESIZE default to 64
This is expected size for newer ABIs.
2021-12-23 11:41:08 -03:00
Florian Weimer
95e114a091 nptl: Add rseq registration
The rseq area is placed directly into struct pthread.  rseq
registration failure is not treated as an error, so it is possible
that threads run with inconsistent registration status.

<sys/rseq.h> is not yet installed as a public header.

Co-Authored-By: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-12-09 09:49:32 +01:00
Adhemerval Zanella
bc801b3a40 setjmp: Replace jmp_buf-macros.h with jmp_buf-macros.sym
It requires less boilerplate code for newer ports.  The _Static_assert
checks from internal setjmp are moved to its own internal test since
setjmp.h is included early by multiple headers (to generate
rtld-sizes.sym).

The riscv jmp_buf-macros.h check is also redundant, it is already
done by riscv configure.ac.

Checked with a build for the affected architectures.
2021-11-22 13:43:22 -03:00
Siddhesh Poyarekar
30891f35fa Remove "Contributed by" lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date.  Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.

Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions.  These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.

The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively.  These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:

https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc
https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-09-03 22:06:44 +05:30
Joseph Myers
98149b16d6 Add PTRACE_GET_RSEQ_CONFIGURATION from Linux 5.13 to sys/ptrace.h
Linux 5.13 adds a PTRACE_GET_RSEQ_CONFIGURATION constant, with an
associated ptrace_rseq_configuration structure.

Add this constant to the various sys/ptrace.h headers in glibc, with
the structure in bits/ptrace-shared.h (named struct
__ptrace_rseq_configuration in glibc, as with other such structures).

Tested for x86_64, and with build-many-glibcs.py.
2021-08-09 16:51:38 +00:00
Florian Weimer
3c79234c7a nptl: Move pthreadP.h into sysdeps directory
This mirrors the situation on Hurd.  These directories are on
the include search part, so #include <pthreadP.h> works after this
change on both Hurd and nptl.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-22 09:51:10 +02:00
Adhemerval Zanella
f98beb65f5 y2038: Use a common definition for semid_ds
Instead of replicate the same definitions from struct_semid64_ds.h
on the multiple struct_semid_ds.h, use a common header which is included
when required (struct_semid64_ds_helper.h).

The __USE_TIME_BITS64 is not defined internally yet, although the
internal header is used when building the 64-bit semctl implementation.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-06-15 10:42:11 -03:00
Lukasz Majewski
4e8521333b y2038: Use a common definition for stat
Instead of replicate the same definitions from struct_stat_time64.h
on the multiple struct_stat.h, use a common header which is included
when required (struct_stat_time64_helper.h).  The 64-bit time support
is added only for LFS support.

The __USE_TIME_BITS64 is not defined internally yet, although the
internal header is used when building the 64-bit stat implementations.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-06-15 10:42:11 -03:00
Florian Weimer
60d5e40ab2 x86: Remove low-level lock optimization
The current approach is to do this optimizations at a higher level,
in generic code, so that single-threaded cases can be specifically
targeted.

Furthermore, using IS_IN (libc) as a compile-time indicator that
all locks are private is no longer correct once process-shared lock
implementations are moved into libc.

The generic <lowlevellock.h> is not compatible with assembler code
(obviously), so it's necessary to remove two long-unused #includes.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:51 +02:00
Adhemerval Zanella
5a3140b489 x86: Restore compile-time check for shadow stack pointer in longjmp 2021-04-21 19:49:50 +02:00
Florian Weimer
5a664d7ae8 nptl: Move elision implementations into libc
The elision interfaces are closely aligned between the targets that
implement them, so declare them in the generic <lowlevellock.h>
file.

Empty .c stubs are provided, so that fewer makefile updates
under sysdeps are needed.  Also simplify initialization via
__libc_early_init.

The symbols __lll_clocklock_elision, __lll_lock_elision,
__lll_trylock_elision, __lll_unlock_elision, __pthread_force_elision
move into libc.  For the time being, non-hidden references are used
from libpthread to access them, but once that part of libpthread
is moved into libc, hidden symbols will be used again.  (Hidden
references seem desirable to reduce the likelihood of transactions
aborts.)
2021-02-23 14:59:34 +01:00
H.J. Lu
6c57d32048 sysconf: Add _SC_MINSIGSTKSZ/_SC_SIGSTKSZ [BZ #20305]
Add _SC_MINSIGSTKSZ for the minimum signal stack size derived from
AT_MINSIGSTKSZ, which is the minimum number of bytes of free stack
space required in order to gurantee successful, non-nested handling
of a single signal whose handler is an empty function, and _SC_SIGSTKSZ
which is the suggested minimum number of bytes of stack space required
for a signal stack.

If AT_MINSIGSTKSZ isn't available, sysconf (_SC_MINSIGSTKSZ) returns
MINSIGSTKSZ.  On Linux/x86 with XSAVE, the signal frame used by kernel
is composed of the following areas and laid out as:

 ------------------------------
 | alignment padding          |
 ------------------------------
 | xsave buffer               |
 ------------------------------
 | fsave header (32-bit only) |
 ------------------------------
 | siginfo + ucontext         |
 ------------------------------

Compute AT_MINSIGSTKSZ value as size of xsave buffer + size of fsave
header (32-bit only) + size of siginfo and ucontext + alignment padding.

If _SC_SIGSTKSZ_SOURCE or _GNU_SOURCE are defined, MINSIGSTKSZ and SIGSTKSZ
are redefined as

/* Default stack size for a signal handler: sysconf (SC_SIGSTKSZ).  */
 # undef SIGSTKSZ
 # define SIGSTKSZ sysconf (_SC_SIGSTKSZ)

/* Minimum stack size for a signal handler: SIGSTKSZ.  */
 # undef MINSIGSTKSZ
 # define MINSIGSTKSZ SIGSTKSZ

Compilation will fail if the source assumes constant MINSIGSTKSZ or
SIGSTKSZ.

The reason for not simply increasing the kernel's MINSIGSTKSZ #define
(apart from the fact that it is rarely used, due to glibc's shadowing
definitions) was that userspace binaries will have baked in the old
value of the constant and may be making assumptions about it.

For example, the type (char [MINSIGSTKSZ]) changes if this #define
changes.  This could be a problem if an newly built library tries to
memcpy() or dump such an object defined by and old binary.
Bounds-checking and the stack sizes passed to things like sigaltstack()
and makecontext() could similarly go wrong.
2021-02-01 11:00:52 -08:00
H.J. Lu
efbbd9c33a ldconfig/x86: Store ISA level in cache and aux cache
Store ISA level in the portion of the unused upper 32 bits of the hwcaps
field in cache and the unused pad field in aux cache.  ISA level is stored
and checked only for shared objects in glibc-hwcaps subdirectories.  The
shared objects in the default directories aren't checked since there are
no fallbacks for these shared objects.

Tested on x86-64-v2, x86-64-v3 and x86-64-v4 machines with
--disable-hardcoded-path-in-tests and --enable-hardcoded-path-in-tests.
2021-01-13 05:51:17 -08:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
H.J. Lu
088e962537 x86: Rename readelflib.c
Rename linux/i386/readelflib.c to linux/x86/readelflib.c and remove
x86_64/readelflib.c.
2020-12-06 06:38:09 -08:00
Lukasz Majewski
75c4044b9a y2038: linux: Provide __time64 implementation
In the glibc the time function can use vDSO (on power and x86 the
USE_IFUNC_TIME is defined), time syscall or 'default' time() from
./time/time.c (as a fallback).

In this patch the last function (time) has been refactored and moved
to ./sysdeps/unix/sysv/linux/time.c to be Linux specific.

The new __time64 explicit 64 bit function for providing 64 bit value of
seconds after epoch (by internally calling __clock_gettime64) has been
introduced.

Moreover, a 32 bit version - __time has been refactored to internally
use __time64.

The __time is now supposed to be used on systems still supporting 32 bit
time (__TIMESIZE != 64) - hence the necessary check for time_t potential
overflow.

The iFUNC vDSO direct call optimization has been removed from both i686 and
powerpc32 (USE_IFUNC_TIME is not defined for those architectures
anymore). The Linux kernel does not provide a y2038 safe implementation of
time neither it plans to provide it in the future, __clock_gettime64
should be used instead. Keeping support for this optimization would require
to handle another build permutation (!__ASSUME_TIME64_SYSCALLS &&
USE_IFUNC_TIME which adds more complexity and has limited use (since the
idea is to eventually have a y2038 safe glibc build).

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
https://github.com/lmajewski/meta-y2038 and run tests:
https://github.com/lmajewski/y2038-tests/commits/master

Above tests were performed with Y2038 redirection applied as well as
without to test proper usage of both __time64 and __time.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-10-19 16:01:37 +02:00
H.J. Lu
c02695d776 x86/CET: Update vfork to prevent child return
Child of vfork should either call _exit or one of the exec family of
functions.  But normally there is nothing to prevent child of vfork from
return of the vfork-calling function.  Simpilfy x86 vfork when shadow
stack is in use to introduce mismatched shadow stack in child of vfork
to trigger SIGSEGV when the child returns from the function in which
vfork was called.
2020-10-15 04:00:36 -07:00
Lukasz Majewski
29e9874a04 y2038: nptl: Convert pthread_mutex_{clock|timed}lock to support 64 bit
The pthread_mutex_clocklock and pthread_mutex_timedlock have been converted
to support 64 bit time.

This change uses:
- New __futex_clocklock_wait64 (instead of lll_timedwait)

from ./sysdeps/nptl/futex-helpers.c and

- New __futex_clocklock64 function (instead of lll_clocklock)
- New futex_lock_pi64

defined in sysdeps/nptl/futex-internal.h

The pthread_mutex_{clock|timed}lock only accepts absolute time.
Moreover, there is no need to check for NULL passed as *abstime pointer to the
syscalls as those calls have exported symbols marked with __nonull attribute
for abstime.

Some architectures - namely x86, powerpc and s390 - do support lock elision.
For those - adjustments have been made in arch specific elision-*.c files
to use __futex_clocklock64 instead of lll_clocklock.
The __lll_lock_elision (aliased to __lll_clocklock_elision in e.g.
sysdeps/unix/sysv/linux/s390/elision-timed.c) just uses, in this patch
provided, __futex_clocklock64.

For systems with __TIMESIZE != 64 && __WORDSIZE == 32:
- Conversions between 64 bit time to 32 bit are necessary
- Redirection to pthread_mutex_{clock|timed}lock will provide support for 64
bit time

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-15 09:35:43 +02:00
Adhemerval Zanella
d892723830 linux: Move the struct stat{64} to struct_stat.h
The common definitions are moved to a Linux generic stat.h while the
struct stat{64} definition are moved to a arch-specific struct_stat.h
header.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
589260cef8 Remove mknod wrapper functions, move them to symbols
This patch removes the mknod and mknodat static wrapper and add the
symbols on the libc with the expected names.

Both the prototypes of the internal symbol linked by the static
wrappers and the inline redirectors are also removed from the installed
sys/stat.h header file.  The wrapper implementation license LGPL
exception is also removed since it is no longer statically linked to
binaries.

Internally the _STAT_VER* definitions are moved to the arch-specific
xstatver.h file.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
8ed005daf0 Remove stat wrapper functions, move them to exported symbols
This patch removes the stat, stat64, lstat, lstat64, fstat, fstat64,
fstatat, and fstatat64 static wrapper and add the symbol on the libc
with the expected names.

Both the prototypes of the internal symbol linked by the static
wrappers and the inline redirectors are also removed from the installed
sys/stat.h header file.  The wrapper implementation license LGPL
exception is also removed since it is no longer statically linked to
binaries.

Internally the _STAT_VER* definitions are moved to a arch-specific
xstatver.h file.  The internal defines that redirects internals
{f}stat{at} to their {f}xstat{at} counterparts are removed for Linux
(!NO_RTLD_HIDDEN).  Hurd still requires them since {f}stat{at} pulls
extra objects that makes the loader build fail otherwise (I haven't
dig into why exactly).

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Florian Weimer
efedd1ed3d Linux: Remove rseq support
The kernel ABI is not finalized, and there are now various proposals
to change the size of struct rseq, which would make the glibc ABI
dependent on the version of the kernels used for building glibc.
This is of course not acceptable.

This reverts commit 48699da1c4 ("elf:
Support at least 32-byte alignment in static dlopen"), commit
8f4632deb3 ("Linux: rseq registration
tests"), commit 6e29cb3f61 ("Linux: Use
rseq in sched_getcpu if available"), and commit
0c76fc3c2b ("Linux: Perform rseq
registration at C startup and thread creation"), resolving the conflicts
introduced by the ARC port and the TLS static surplus changes.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-16 17:55:35 +02:00
H.J. Lu
107e6a3c22 x86: Support usable check for all CPU features
Support usable check for all CPU features with the following changes:

1. Change struct cpu_features to

struct cpuid_features
{
  struct cpuid_registers cpuid;
  struct cpuid_registers usable;
};

struct cpu_features
{
  struct cpu_features_basic basic;
  struct cpuid_features features[COMMON_CPUID_INDEX_MAX];
  unsigned int preferred[PREFERRED_FEATURE_INDEX_MAX];
...
};

so that there is a usable bit for each cpuid bit.
2. After the cpuid bits have been initialized, copy the known bits to the
usable bits.  EAX/EBX from INDEX_1 and EAX from INDEX_7 aren't used for
CPU feature detection.
3. Clear the usable bits which require OS support.
4. If the feature is supported by OS, copy its cpuid bit to its usable
bit.
5. Replace HAS_CPU_FEATURE and CPU_FEATURES_CPU_P with CPU_FEATURE_USABLE
and CPU_FEATURE_USABLE_P to check if a feature is usable.
6. Add DEPR_FPU_CS_DS for INDEX_7_EBX_13.
7. Unset MPX feature since it has been deprecated.

The results are

1. If the feature is known and doesn't requre OS support, its usable bit
is copied from the cpuid bit.
2. Otherwise, its usable bit is copied from the cpuid bit only if the
feature is known to supported by OS.
3. CPU_FEATURE_USABLE/CPU_FEATURE_USABLE_P are used to check if the
feature can be used.
4. HAS_CPU_FEATURE/CPU_FEATURE_CPU_P are used to check if CPU supports
the feature.
2020-07-13 06:05:16 -07:00
Adhemerval Zanella
dba950e317 sysv: linux: Add 64-bit time_t variant for semctl
Different than others 64-bit time_t syscalls, the SysIPC interface
does not provide a new set of syscall for y2038 safeness.  Instead it
uses unused fields in semid_ds structure to return the high bits for
the timestamps.

To provide a y2038 safe interface a new symbol __semctl64 is added
and __semctl is change to call it instead (it adds some extra buffer
copying for the 32 bit time_t implementation).

Two new structures are added:

  1. kernel_semid64_ds: used internally only on 32-bit architectures
     to issue the syscall.  A handful of architectures (hppa, i386,
     mips, powerpc32, sparc32) require specific implementations due
     their kernel ABI.

  2. semid_ds64: this is only for __TIMESIZE != 64 to use along with
     the 64-bit semctl.  It is different than the kernel struct because
     the exported 64-bit time_t might require different alignment
     depending on the architecture ABI.

So the resulting implementation does:

  1. For 64-bit architectures it assumes semid_ds already contains
     64-bit time_t fields and will result in just the __semctl symbol
     using the __semctl64 code.  The semid_ds argument is passed as-is
     to the syscall.

  2. For 32-bit architectures with default 64-bit time_t (newer ABIs
     such riscv32 or arc), it will also result in only one exported
     symbol but with the required high/low handling.

     It might be possible to optimize it further to avoid the
     kernel_semid64_ds to semun transformation if the exported ABI
     for the architectures matches the expected kernel ABI, but the
     implementation is already complex enough and don't think this
     should be a hotspot in any case.

  3. Finally for 32-bit architecture with both 32-bit and 64-bit time_t
     support we follow the already set way to provide one symbol with
     64-bit time_t support and implement the 32-bit time_t support
     using the 64-bit one.

     The default 32-bit symbol will allocate and copy the semid_ds
     over multiple buffers, but this should be deprecated in favor
     of the __semctl64 anyway.

Checked on i686-linux-gnu and x86_64-linux-gnu.  I also did some sniff
tests on powerpc, powerpc64, mips, mips64, armhf, sparcv9, and
sparc64.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Vineet Gupta <vgupta@synopsys.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2020-07-09 12:05:35 -03:00
Adhemerval Zanella
f26d456b98 linux: Fix __NSIG_WORDS and add __NSIG_BYTES
The __NSIG_WORDS value is based on minimum number of words to hold
the maximum number of signals supported by the architecture.

This patch also adds __NSIG_BYTES, which is the number of bytes
required to represent the supported number of signals.  It is used in
syscalls which takes a sigset_t.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Mathieu Desnoyers
0c76fc3c2b Linux: Perform rseq registration at C startup and thread creation
Register rseq TLS for each thread (including main), and unregister for
each thread (excluding main).  "rseq" stands for Restartable Sequences.

See the rseq(2) man page proposed here:
  https://lkml.org/lkml/2018/9/19/647

Those are based on glibc master branch commit 3ee1e0ec5c.
The rseq system call was merged into Linux 4.18.

The TLS_STATIC_SURPLUS define is increased to leave additional room for
dlopen'd initial-exec TLS, which keeps elf/tst-auditmany working.

The increase (76 bytes) is larger than 32 bytes because it has not been
increased in quite a while.  The cost in terms of additional TLS storage
is quite significant, but it will also obscure some initial-exec-related
dlopen failures.
2020-07-06 10:21:16 +02:00
H.J. Lu
9e38f455a6 x86: Add --enable-cet=permissive
When CET is enabled, it is an error to dlopen a non CET enabled shared
library in CET enabled application.  It may be desirable to make CET
permissive, that is disable CET when dlopening a non CET enabled shared
library.  With the new --enable-cet=permissive configure option, CET is
disabled when dlopening a non CET enabled shared library.

Add DEFAULT_DL_X86_CET_CONTROL to config.h.in:

 /* The default value of x86 CET control.  */
 #define DEFAULT_DL_X86_CET_CONTROL cet_elf_property

which enables CET features based on ELF property note.

--enable-cet=permissive it to

 /* The default value of x86 CET control.  */
 #define DEFAULT_DL_X86_CET_CONTROL cet_permissive

which enables CET features permissively.

Update tst-cet-legacy-5a, tst-cet-legacy-5b, tst-cet-legacy-6a and
tst-cet-legacy-6b to check --enable-cet and --enable-cet=permissive.
2020-05-18 08:38:53 -07:00
H.J. Lu
674ea88294 x86: Move CET control to _dl_x86_feature_control [BZ #25887]
1. Include <dl-procruntime.c> to get architecture specific initializer in
rtld_global.
2. Change _dl_x86_feature_1[2] to _dl_x86_feature_1.
3. Add _dl_x86_feature_control after _dl_x86_feature_1, which is a
struct of 2 bitfields for IBT and SHSTK control

This fixes [BZ #25887].
2020-05-18 06:15:02 -07:00
Alistair Francis
05332ac38b semctl: Remove the sem-pad.h file
Remove the sem-pad.h file and instead have architectures override the
struct semid_ds via the bits/types/struct_semid_ds.h file.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-04-29 08:29:30 -07:00
Florian Weimer
076f09afba Linux: Remove <sys/sysctl.h> and the sysctl function
Linux 5.5 remove the system call in commit
61a47c1ad3a4dc6882f01ebdc88138ac62d0df03 ("Linux: Remove
<sys/sysctl.h>").  Therefore, the compat function is just a stub that
sets ENOSYS.

Due to SHLIB_COMPAT, new ports will not add the sysctl function anymore
automatically.

x32 already lacks the sysctl function, so an empty sysctl.c file is
used to suppress it.  Otherwise, a new compat symbol would be added.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-04-15 17:17:32 +02:00
Alistair Francis
1c634e677f sysv: Define __KERNEL_OLD_TIMEVAL_MATCHES_TIMEVAL64
On y2038 safe 32-bit systems the Linux kernel expects itimerval
and rusage to use a 32-bit time_t, even though the other time_t's
are 64-bit. There are currently no plans to make 64-bit time_t versions
of these structs.

There are also other occurrences where the time passed to the kernel via
timeval doesn't match the wordsize.

To handle these cases let's define a new macro
__KERNEL_OLD_TIMEVAL_MATCHES_TIMEVAL64. This macro specifies if the
kernel's old_timeval matches the new timeval64. This should be 1 for
64-bit architectures except for Alpha's osf syscalls. The define should
be 0 for 32-bit architectures and Alpha's osf syscalls.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-04-02 09:21:05 -07:00
H.J. Lu
1fabdb9908 x86: Remove ARCH_CET_LEGACY_BITMAP [BZ #25397]
Since legacy bitmap doesn't cover jitted code generated by legacy JIT
engine, it isn't very useful.  This patch removes ARCH_CET_LEGACY_BITMAP
and treats indirect branch tracking similar to shadow stack by removing
legacy bitmap support.

Tested on CET Linux/x86-64 and non-CET Linux/x86-64.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-03-18 04:35:54 -07:00
Lukasz Majewski
7455b70027 y2038: linux: Provide __gettimeofday64 implementation
In the glibc the gettimeofday can use vDSO (on power and x86 the
USE_IFUNC_GETTIMEOFDAY is defined), gettimeofday syscall or 'default'
___gettimeofday() from ./time/gettime.c (as a fallback).

In this patch the last function (___gettimeofday) has been refactored and
moved to ./sysdeps/unix/sysv/linux/gettimeofday.c to be Linux specific.

The new __gettimeofday64 explicit 64 bit function for getting 64 bit time from
the kernel (by internally calling __clock_gettime64) has been introduced.

Moreover, a 32 bit version - __gettimeofday has been refactored to internally
use __gettimeofday64.

The __gettimeofday is now supposed to be used on systems still supporting 32
bit time (__TIMESIZE != 64) - hence the necessary check for time_t potential
overflow and conversion of struct __timeval64 to 32 bit struct timespec.

The iFUNC vDSO direct call optimization has been removed from both i686 and
powerpc32 (USE_IFUNC_GETTIMEOFDAY is not defined for those architectures
anymore). The Linux kernel does not provide a y2038 safe implementation of
gettimeofday neither it plans to provide it in the future, clock_gettime64
should be used instead. Keeping support for this optimization would require
to handle another build permutation (!__ASSUME_TIME64_SYSCALLS &&
USE_IFUNC_GETTIMEOFDAY) which adds more complexity and has limited use
(since the idea is to eventually have a y2038 safe glibc build).

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
  https://github.com/lmajewski/meta-y2038 and run tests:
  https://github.com/lmajewski/y2038-tests/commits/master

Above tests were performed with Y2038 redirection applied as well as without
to test proper usage of both __gettimeofday64 and __gettimeofday.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
[Including some commit message improvement]
2020-02-18 23:55:47 +01:00
Adhemerval Zanella
bc2eb9321e linux: Remove INTERNAL_SYSCALL_DECL
With all Linux ABIs using the expected Linux kABI to indicate
syscalls errors, the INTERNAL_SYSCALL_DECL is an empty declaration
on all ports.

This patch removes the 'err' argument on INTERNAL_SYSCALL* macro
and remove the INTERNAL_SYSCALL_DECL usage.

Checked with a build against all affected ABIs.
2020-02-14 21:12:45 -03:00
Lukasz Majewski
3fced064f2 y2038: Define __suseconds64_t type to be used with struct __timeval64
The __suseconds64_t type is supposed to be the 64 bit type across all
architectures.

It would be mostly used internally in the glibc - however, when passed to
Linux kernel (very unlikely), if necessary, it shall be converted to 32
bit type (i.e. __suseconds_t)

Build tests:
./src/scripts/build-many-glibcs.py glibcs

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-02-07 17:55:07 +01:00
Adhemerval Zanella
1bdda52fe9 elf: Move vDSO setup to rtld (BZ#24967)
This patch moves the vDSO setup from libc to loader code, just after
the vDSO link_map setup.  For static case the initialization
is moved to _dl_non_dynamic_init instead.

Instead of using the mangled pointer, the vDSO data is set as
attribute_relro (on _rtld_global_ro for shared or _dl_vdso_* for
static).  It is read-only even with partial relro.

It fixes BZ#24967 now that the vDSO pointer is setup earlier than
malloc interposition is called.

Also, vDSO calls should not be a problem for static dlopen as
indicated by BZ#20802.  The vDSO pointer would be zero-initialized
and the syscall will be issued instead.

Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu, powerpc64-linux-gnu,
powerpc-linux-gnu, s390x-linux-gnu, sparc64-linux-gnu, and
sparcv9-linux-gnu.  I also run some tests on mips.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-03 11:22:07 -03:00