Commit Graph

35310 Commits

Author SHA1 Message Date
Stefan Liebler
9f234eafe8 Always use wordsize-64 version of s_ceil.c.
This patch replaces s_ceil.c in sysdeps/dbl-64 with the one in
sysdeps/dbl-64/wordsize-64 and removes the latter one.
The code is not changed except changes in code style.

Also adjusted the include path in x86_64 and sparc64 files.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-11 15:12:13 +01:00
Stefan Liebler
95b0c2c431 Always use wordsize-64 version of s_floor.c.
This patch replaces s_floor.c in sysdeps/dbl-64 with the one in
sysdeps/dbl-64/wordsize-64 and removes the latter one.
The code is not changed except changes in code style.

Also adjusted the include path in x86_64 and sparc64 files.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-11 15:12:12 +01:00
Stefan Liebler
ab48bdd098 Always use wordsize-64 version of s_rint.c.
This patch replaces s_rint.c in sysdeps/dbl-64 with the one in
sysdeps/dbl-64/wordsize-64 and removes the latter one.
The code is not changed except changes in code style.

Also adjusted the include path in x86_64 file.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-11 15:12:12 +01:00
Stefan Liebler
af123aa950 Always use wordsize-64 version of s_nearbyint.c.
This patch replaces s_nearbyint.c in sysdeps/dbl-64 with the one in
sysdeps/dbl-64/wordsize-64 and removes the latter one.
The code is not changed except changes in code style.

Also adjusted the include path in x86_64 file.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-11 15:12:11 +01:00
Florian Weimer
b5a1271c76 ldconfig: Do not print a warning for a missing ld.so.conf file
The configuration file is not needed for working system, so printing a
warning is not helpful.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-11 09:19:39 +01:00
Samuel Thibault
e46efff895 hurd: Fix using altstack while in an RPC call to be aborted
* sysdeps/mach/hurd/i386/trampoline.c (_hurd_setup_sighandler): Always check
for interrupted code being with esp pointing at mach_msg arguments, even
when using an altstack. If we need to abort the RPC we will need
this.
2019-12-11 00:33:36 +01:00
Carlos O'Donell
83fe078130 Fix failure when CFLAGS contains -DNDEBUG (Bug 25251)
Building tests with -DNDEBUG in CFLAGS, gcc 9.2.1 issues the following error:
tst-assert-c++.cc: In function ‘int do_test()’:
tst-assert-c++.cc:66:12: error: unused variable ‘value’ [-Werror=unused-variable]
   66 |     no_int value;
      |            ^~~~~
tst-assert-c++.cc:71:18: error: unused variable ‘value’ [-Werror=unused-variable]
   71 |     bool_and_int value;
      |                  ^~~~~

The assert has been disabled by building glibc with CFLAGS, CXXFLAGS,
and CPPFLAGS with -DNDEBUG which removes the assert and leaves the
value unused.

We never want the assert disabled because that's the point of the
test, so we undefine NDEBUG before including assert.h to ensure that
we get assert correctly defined.
2019-12-10 12:22:42 -05:00
Adhemerval Zanella
0487ebed22 nptl: Add more missing placeholder abi symbol from nanosleep move
This patch adds the missing __libpthread_version_placeholder for
GLIBC_2.2.6 version from the nanosleep implementation move from
libpthread to libc (79a547b162).

It also fixes the wrong compat symbol definitions added by changing
back the version used on vfork check and remove the
__libpthread_version_placeholder added on some ABI (4f4bb489e0).

The __libpthread_version_placeholder is also refactored to make it
simpler to add new compat_symbols by adding a new macro
compat_symbol_unique which uses the compiler extension __COUNTER__
to generate unique strong alias to be used with compat_symbol.

Checked with a updated-abi on the all affected abis of the nanosleep
move.

Change-Id: I347a4dbdc931bb42b359456932dd1e17aa4d4078
2019-12-09 15:04:56 -03:00
Andreas Schwab
7badf7b06f sysdeps/riscv/start.S: rename .Lload_gp to load_gp (bug 24376)
Renaming the symbol keeps the label in the symbol table as a normal local
label, so that `objdump -d' can pick it up as an anchor.
2019-12-09 12:05:26 +01:00
Lukasz Majewski
cae1635a70 y2038: linux: Provide __timer_settime64 implementation
This patch provides new __timer_settime64 explicit 64 bit function for setting
flags, interval and value of specified timer.
Moreover, a 32 bit version - __timer_settime has been refactored to internally
use __timer_settime64.

The __timer_settime is now supposed to be used on systems still supporting 32
bit time (__TIMESIZE != 64) - hence the necessary conversion to 64 bit struct
__timespec64 from struct timespec (and opposite when old_value pointer is
provided).

The new __timer_settime64 syscall available from Linux 5.1+ has been used, when
applicable.

The original INLINE_SYSCALL() macro has been replaced with
INLINE_SYSCALL_CALL() to avoid explicit passing the number of arguments.

Build tests:
- The code has been tested on x86_64/x86 (native compilation):
make PARALLELMFLAGS="-j8" && make check PARALLELMFLAGS="-j8" && \\
make xcheck PARALLELMFLAGS="-j8"

- The glibc has been build tested (make PARALLELMFLAGS="-j8") for
x86 (i386), x86_64-x32, and armv7

Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
  https://github.com/lmajewski/meta-y2038 and run tests:
  https://github.com/lmajewski/y2038-tests/commits/master

- Use of cross-test-ssh.sh for ARM (armv7):
  make PARALLELMFLAGS="-j8" test-wrapper='./cross-test-ssh.sh root@192.168.7.2' xcheck

Linux kernel, headers and minimal kernel version for glibc build test
matrix:
- Linux v5.1 (with timer_settime64) and glibc build with v5.1 as
  minimal kernel version (--enable-kernel="5.1.0")
  The __ASSUME_TIME64_SYSCALLS flag defined.

- Linux v5.1 and default minimal kernel version
  The __ASSUME_TIME64_SYSCALLS not defined, but kernel supports timer_settime64
  syscall.

- Linux v4.19 (no timer_settime64 support) with default minimal kernel version
  for contemporary glibc (3.2.0)
  This kernel doesn't support timer_settime64 syscall, so the fallback to
  timer_settime is tested.

Above tests were performed with Y2038 redirection applied as well as without
(so the __TIMESIZE != 64 execution path is checked as well).

No regressions were observed.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-05 23:16:54 +01:00
Lukasz Majewski
562cdc19c7 y2038: linux: Provide __timer_gettime64 implementation
This patch provides new __timer_gettime64 explicit 64 bit function for reading
status of specified timer. To be more precise - the remaining time and interval
set with timer_settime.
Moreover, a 32 bit version - __timer_gettime has been refactored to internally
use __timer_gettime64.

The __timer_gettime is now supposed to be used on systems still supporting 32
bit time (__TIMESIZE != 64) - hence the necessary conversion from 64 bit struct
__timespec64 to struct timespec.

The new __timer_gettime64 syscall available from Linux 5.1+ has been used, when
applicable.

The original INLINE_SYSCALL() macro has been replaced with
INLINE_SYSCALL_CALL() to avoid explicit passing the number of arguments.

Build tests:
- The code has been tested on x86_64/x86 (native compilation):
make PARALLELMFLAGS="-j8" && make check PARALLELMFLAGS="-j8" && \\
make xcheck PARALLELMFLAGS="-j8"

- The glibc has been build tested (make PARALLELMFLAGS="-j8") for
x86 (i386), x86_64-x32, and armv7

Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
  https://github.com/lmajewski/meta-y2038 and run tests:
  https://github.com/lmajewski/y2038-tests/commits/master

- Use of cross-test-ssh.sh for ARM (armv7):
  make PARALLELMFLAGS="-j8" test-wrapper='./cross-test-ssh.sh root@192.168.7.2' xcheck

Linux kernel, headers and minimal kernel version for glibc build test
matrix:
- Linux v5.1 (with timer_gettime64) and glibc build with v5.1 as
  minimal kernel version (--enable-kernel="5.1.0")
  The __ASSUME_TIME64_SYSCALLS flag defined.

- Linux v5.1 and default minimal kernel version
  The __ASSUME_TIME64_SYSCALLS not defined, but kernel supports timer_gettime64
  syscall.

- Linux v4.19 (no timer_gettime64 support) with default minimal kernel version
  for contemporary glibc (3.2.0)
  This kernel doesn't support timer_gettime64 syscall, so the fallback to
  timer_gettime is tested.

Above tests were performed with Y2038 redirection applied as well as without
(so the __TIMESIZE != 64 execution path is checked as well).

No regressions were observed.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-05 23:16:54 +01:00
Lukasz Majewski
ab65136e72 timer: Decouple x86_64 specific timer_settime from generic Linux implementation
The x86_64 specific timer_settime implementation (from
./linux/x86_64/timer_settime.c) reused the Linux generic one (from
./linux/timer_settime.c) to implement handling some compatible timers
(previously defined in librt, now in libc).

As the generic implementation now is going to also support new (available
from Linux 5.1+) timer_settime64 syscall, those two implementations have
been decoupled for easier conversion.

The original INLINE_SYSCALL() macro has been replaced with
INLINE_SYSCALL_CALL() to avoid explicit passing the number of arguments.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-05 23:16:54 +01:00
Lukasz Majewski
115959290f timer: Decouple x86_64 specific timer_gettime from generic Linux implementation
The x86_64 specific timer_gettime implementation (from
./linux/x86_64/timer_gettime.c) reused the Linux generic one (from
./linux/timer_gettime.c) to implement handling some compatible timers
(previously defined in librt, now in libc).

As the generic implementation now is going to also support new (available
from Linux 5.1+) timer_gettime64 syscall, those two implementations have
been decoupled for easier conversion.

The original INLINE_SYSCALL() macro has been replaced with
INLINE_SYSCALL_CALL() to avoid explicit passing the number of arguments.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-05 23:16:54 +01:00
Lukasz Majewski
4b135425d8 time: Introduce glibc's internal struct __itimerspec64
This change provides the glibc's internal struct itimerspec representation,
which is explicitly supporting 64 bit time (by using struct __timespec64).

Such representation is necessary to provide correct time after Y2038
(time_t overflow) on devices with __TIMESIZE == 32.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-05 23:16:54 +01:00
DJ Delorie
16554464bc Correct range checking in mallopt/mxfast/tcache [BZ #25194]
do_set_tcache_max, do_set_mxfast:
Fix two instances of comparing "size_t < 0"
Both cases have upper limit, so the "negative value" case
is already handled via overflow semantics.

do_set_tcache_max, do_set_tcache_count:
Fix return value on error.  Note: currently not used.

mallopt:
pass return value of helper functions to user.  Behavior should
only be actually changed for mxfast, where we restore the old
(pre-tunables) behavior.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-05 16:46:37 -05:00
Florian Weimer
1f7525d924 misc/test-errno-linux: Handle EINVAL from quotactl
In commit 3dd4d40b420846dd35869ccc8f8627feef2cff32 ("xfs: Sanity check
flags of Q_XQUOTARM call"), Linux 5.4 added checking for the flags
argument, causing the test to fail due to too restrictive test
expectations.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-05 17:29:42 +01:00
Kamlesh Kumar
953ceff17a <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
Without the asm redirects, strchr et al. are not const-correct.

libc++ has a wrapper header that works with and without
__CORRECT_ISO_CPP_STRING_H_PROTO (using a Clang extension).  But when
Clang is used with libstdc++ or just C headers, the overloaded functions
with the correct types are not declared.

This change does not impact current GCC (with libstdc++ or libc++).
2019-12-05 16:50:00 +01:00
Adhemerval Zanella
066d80a7cd build-many-glibcs.py: Move sparcv8 to extra_glibcs
It also fixes the sparcv9-linux-gnu-disable-multi-arch configuration.
The resulting sparc possible build permutations are:

  - sparc64-linux-gnu
  - sparcv9-linux-gnu
  - sparcv8-linux-gnu-leon3 (from extra_glibcs)
  - sparc64-linux-gnu-disable-multi-arch (from extra_glibcs)
  - sparcv9-linux-gnu-disable-multi-arch (from extra_glibcs)
2019-12-05 08:51:58 -03:00
Alistair Francis
ec138c67cb sysdeps/clock_gettime: Use clock_gettime64 if avaliable
With the clock_gettime64 call we prefer to use vDSO. There is no call
to clock_gettime64 on glibc with older headers and kernel 5.1+ if it
doesn't support vDSO.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-04 09:43:40 -08:00
Alistair Francis
f6fbce7dd7 sysdeps: Add clock_gettime64 vDSO
Add support for the clock_gettim64 vDSO calls. These are protected by
the HAVE_CLOCK_GETTIME64_VSYSCALL define.

HAVE_CLOCK_GETTIME64_VSYSCALL should be defined for 32-bit platforms
(WORDSIZE == 32) that only run on the 5.1 kernel or later. WORDSIZE ==
64 platforms can use #define __vdso_clock_gettime64 __vdso_clock_gettime
and use the __vdso_clock_gettime syscall as they don't have a
__vdso_clock_gettime64 call.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2019-12-04 09:43:40 -08:00
Gabriel F. T. Gomes
d0bc5b725d Do not use ld.so to open statically linked programs in debugglibc.sh
Debugging programs that have been dynamically linked against an
uninstalled glibc requires unusual steps, such as letting gdb know where
the thread db library is located and explicitly calling the loader.
However, when the program under test is statically linked, these steps
are not required (as a matter of fact, using the dynamic loader to run a
statically linked program is wrong and will fail), and gdb should be
called the usual way.

This patch modifies debugglibc.sh so that it checks if the program under
test is statically linked, then runs the debugger appropriately.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-04 09:17:06 -03:00
Gabriel F. T. Gomes
6ef1bab699 Attach to test in container from debugglibc.sh
Some test cases are meant to be ran inside the container infrastructure
and make check automatically runs them as such.  However, running a
single test case in a container without make check is useful.

This patch adds a new --tool option to testrun.sh that makes this easy,
as well as it adds a new option (-c or --in-container) to debugglibc.sh,
which causes the program under test to be ran in a container (with
WAIT_FOR_DEBUGGER=1), then automatically attaches GDB to it.

Automatically detecting if a test case is supposed to be ran inside a
container is harder (if not impossible), as Carlos pointed out [1],
however, this patch makes it easier to do it manually:

  Using testrun.sh with containerized test:

    $ ./testrun.sh --tool=container /absolute/path/to/program

  Using debugglibc.sh with containerized test:

    $ ./debugglibc.sh -c /absolute/path/to/program

Note: running these commands with relative paths causes error and
warning messages to be displayed, although the test case might succeed.

For example, with relative path:

  $ ./testrun.sh --tool=container elf/tst-ldconfig-bad-aux-cache
  error: subprocess failed: execv
  error:   unexpected error output from subprocess
  /sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory
  info: f    0    1064   /var/cache/ldconfig/aux-cache            20 aux-cache
  [...]

Whereas with absolute paths, the errors and warnings are gone:

  $ ./testrun.sh --tool=container $PWD/elf/tst-ldconfig-bad-aux-cache
  info: f    0    1064   /var/cache/ldconfig/aux-cache            20 aux-cache
  [...]

[1] https://sourceware.org/ml/libc-alpha/2019-11/msg00873.html

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-04 09:16:42 -03:00
Florian Weimer
8b196ac4b8 Expand $(as-needed) and $(no-as-needed) throughout the build system
Since commit a3cc4f48e9 ("Remove
--as-needed configure test."), --as-needed support is no longer
optional.

The macros are not much shorter and do not provide documentary
value, either, so this commit removes them.
2019-12-03 21:37:50 +01:00
Florian Weimer
9fb8139079 x86: Assume --enable-cet if GCC defaults to CET [BZ #25225]
This links in CET support if GCC defaults to CET.  Otherwise, __CET__
is defined, yet CET functionality is not compiled and linked into the
dynamic loader, resulting in a linker failure due to undefined
references to _dl_cet_check and _dl_open_check.
2019-12-03 18:48:18 +01:00
Gabriel F. T. Gomes
39c977b23e ldbl-128ibm-compat: Add tests for strfroml, strtold, and wcstold
Since the commit

commit 86a0f56158
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date:   Thu Jun 28 13:57:50 2018 +0530

    ldbl-128ibm-compat: Introduce ieee128 symbols

IEEE long double versions of strfroml, strtold, and wcstold have been
prepared, but not exposed (which will only happen when the full support
for IEEE long double is complete).  This patch adds tests for these
functions in both IBM and IEEE long double mode.

Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
2019-12-03 13:30:42 -03:00
Gabriel F. T. Gomes
80a19b003e ldbl-128ibm-compat: Add tests for strfmon and strfmon_l
This patch adds elementary tests to check that strfmon and strfmon_l
correctly evaluate long double values with IBM Extended Precision and
IEEE binary128 format.

Tested for powerpc64le.

Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
2019-12-03 13:30:42 -03:00
Rajalakshmi Srinivasaraghavan
66fa30828a ldbl-128ibm-compat: Add strfmon_l with IEEE long double format
Similarly to what has been done for printf-like functions, more
specifically to the internal implementation in __vfprintf_internal, this
patch extends __vstrfmon_l_internal to deal with long double values with
binary128 format (as a third format option and reusing the float128
implementation).

Tested for powerpc64le, powerpc64, x86_64, and with build-many-glibcs.

Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
2019-12-03 13:30:37 -03:00
Gabriel F. T. Gomes
5d39f37b26 ldbl-128ibm-compat: Replace http with https in new files
Several commits to the ldbl-128ibm-compat directory added new files
where the URL in the copyright notice pointed to an http, rather than to
an https, address.  This happened because I copied the notices before
commit ID 5a82c74822.  This trivial patch fixes this issue.
2019-12-03 13:00:57 -03:00
Florian Weimer
4db71d2f98 elf: Do not run IFUNC resolvers for LD_DEBUG=unused [BZ #24214]
This commit adds missing skip_ifunc checks to aarch64, arm, i386,
sparc, and x86_64.  A new test case ensures that IRELATIVE IFUNC
resolvers do not run in various diagnostic modes of the dynamic
loader.

Reviewed-By: Szabolcs Nagy <szabolcs.nagy@arm.com>
2019-12-02 14:55:22 +01:00
Florian Weimer
61a7c9df71 elf/tst-dlopenfail: Disable --no-as-needed for tst-dlopenfailmod1.so
Otherwise, the shared object dependency which triggers the load
failure is dropped, invalidating the test.
2019-12-02 14:54:38 +01:00
Samuel Thibault
dd67928700 hurd: Fix ld.so __access override from libc
ld.so symbols to be overriden by libc need to be extern to really get
overriden. __access happens to have never been exposed, putting it to
GLIBC_PRIVATE.
2019-12-01 21:05:56 +00:00
Samuel Thibault
db25266c92 hurd: Fix ld.so __getcwd override from libc
ld.so symbols to be overriden by libc need to be extern to really get
overriden. __getcwd happens to have never been exposed, putting it to
GLIBC_PRIVATE.
2019-12-01 21:05:51 +00:00
Samuel Thibault
892badc9bb hurd: Make __sigprocmask GLIBC_PRIVATE
We do not need to expose it.
2019-12-01 19:20:51 +00:00
Samuel Thibault
d51ca7d6ad hurd: Fix renameat2 error
renameat2 has to exclude RENAME_EXCHANGE | RENAME_NOREPLACE with EINVAL,
as tested by stdio-common/tst-renameat2.
2019-12-01 16:46:59 +00:00
Samuel Thibault
563202976e hurd: make strerror(0) coherent with other ports
Some tests assume that it is "Success", and it is not necessarily
related to the kernel anyway.
2019-12-01 16:36:43 +00:00
Samuel Thibault
d5ed9ba29a hurd: Fix ld.so link
Since a2e8aa0d9e ("Block signals during the initial part of dlopen") dl_open
uses sigprocmask, so we need a stub implementation.
2019-12-01 16:17:22 +00:00
Joseph Myers
26e14efdb8 Update kernel version to 5.4 in tst-mman-consts.py.
This patch updates the kernel version in the test tst-mman-consts.py
to 5.4.  (There are no new constants covered by this test in 5.4 that
need any other header changes.)

Tested with build-many-glibcs.py.
2019-11-29 14:18:26 +00:00
Joseph Myers
96958e2700 Update SOMAXCONN value from Linux 5.4.
Linux 5.4 changes the SOMAXCONN value from 128 to 4096 (this isn't in
a uapi header; various constants related to the kernel/userspace
interface, including this one, are in the non-uapi linux/socket.h
header).

This patch increases the value in glibc.  As I understand it, it is
safe to use a higher value even with older kernels (the kernel will
simply adjust the value passed to listen to be no more than the value
supported in the kernel), and SOMAXCONN is actually only a default for
a sysctl value in the kernel that can be changed at runtime.  So I
think updating the value in glibc is a reasonable and safe thing to
do.

Tested for x86_64.
2019-11-29 14:17:15 +00:00
Joseph Myers
a331150af6 Update syscall-names.list for Linux 5.4.
This patch updates syscall-names.list for Linux 5.4.  There are no new
syscalls, so this is just a matter of updating the version number
listed in the file.

Tested with build-many-glibcs.py.
2019-11-28 20:32:09 +00:00
Joseph Myers
cdf203668e Fix syntax error in build-many-glibcs.py.
The recent SPARC changes caused a syntax error:

    'ccopts': '-m32 -mlong-double-128 -mcpu=v9'}],
                                                ^
SyntaxError: invalid syntax

Fixed by this patch.
2019-11-28 17:22:22 +00:00
Joseph Myers
aa9452a3b1 Define MADV_COLD and MADV_PAGEOUT from Linux 5.4.
Linux 5.4 adds constants MADV_COLD and MADV_PAGEOUT (defined with the
same values on all architectures).  This patch adds them to
bits/mman-linux.h.

Tested for x86_64.
2019-11-28 14:54:22 +00:00
Florian Weimer
e37c2cf299 Move _dl_open_check to its original place in dl_open_worker
This reverts the non-test change from commit d0093c5cef
("Call _dl_open_check after relocation [BZ #24259]"), given that
the underlying bug has been fixed properly in commit 61b74477fa7f63
("Remove all loaded objects if dlopen fails, ignoring NODELETE
[BZ #20839]").

Tested on x86-64-linux-gnu, with and without --enable-cet.

Change-Id: I995a6cfb89f25d2b0cf5e606428c2a93eb48fc33
2019-11-27 20:55:35 +01:00
Florian Weimer
a2e8aa0d9e Block signals during the initial part of dlopen
Lazy binding in a signal handler that interrupts a dlopen sees
intermediate dynamic linker state.  This has likely been always
unsafe, but with the new pending NODELETE state, this is clearly
incorrect.  Other threads are excluded via the loader lock, but the
current thread is not.  Blocking signals until right before ELF
constructors run is the safe thing to do.

Change-Id: Iad079080ebe7442c13313ba11dc2797953faef35
2019-11-27 20:55:35 +01:00
Florian Weimer
f63b73814f Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]
This introduces a “pending NODELETE” state in the link map, which is
flipped to the persistent NODELETE state late in dlopen, via
activate_nodelete.    During initial relocation, symbol binding
records pending NODELETE state only.  dlclose ignores pending NODELETE
state.  Taken together, this results that a partially completed dlopen
is rolled back completely because new NODELETE mappings are unloaded.

Tested on x86_64-linux-gnu and i386-linux-gnu.

Change-Id: Ib2a3d86af6f92d75baca65431d74783ee0dbc292
2019-11-27 20:55:35 +01:00
Florian Weimer
a509eb117f Avoid late dlopen failure due to scope, TLS slotinfo updates [BZ #25112]
This change splits the scope and TLS slotinfo updates in dlopen into
two parts: one to resize the data structures, and one to actually apply
the update.  The call to add_to_global_resize in dl_open_worker is moved
before the demarcation point at which no further memory allocations are
allowed.

_dl_add_to_slotinfo is adjusted to make the list update optional.  There
is some optimization possibility here because we could grow the slotinfo
list of arrays in a single call, one the largest TLS modid is known.

This commit does not fix the fatal meory allocation failure in
_dl_update_slotinfo.  Ideally, this error during dlopen should be
recoverable.

The update order of scopes and TLS data structures is retained, although
it appears to be more correct to fully initialize TLS first, and then
expose symbols in the newly loaded objects via the scope update.

Tested on x86_64-linux-gnu.

Change-Id: I240c58387dabda3ca1bcab48b02115175fa83d6c
2019-11-27 20:55:35 +01:00
Florian Weimer
440b7f8653 Avoid late failure in dlopen in global scope update [BZ #25112]
The call to add_to_global in dl_open_worker happens after running ELF
constructors for new objects.  At this point, proper recovery from
malloc failure would be quite complicated: We would have to run the
ELF destructors and close all opened objects, something that we
currently do not do.

Instead, this change splits add_to_global into two phases,
add_to_global_resize (which can raise an exception, called before ELF
constructors run), and add_to_global_update (which cannot, called
after ELF constructors).  A complication arises due to recursive
dlopen: After the inner dlopen consumes some space, the pre-allocation
in the outer dlopen may no longer be sufficient.  A new member in the
namespace structure, _ns_global_scope_pending_adds keeps track of the
maximum number of objects that need to be added to the global scope.
This enables the inner add_to_global_resize call to take into account
the needs of an outer dlopen.

Most code in the dynamic linker assumes that the number of global
scope entries fits into an unsigned int (matching the r_nlist member
of struct r_scop_elem).  Therefore, change the type of
_ns_global_scope_alloc to unsigned int (from size_t), and add overflow
checks.

Change-Id: Ie08e2f318510d5a6a4bcb1c315f46791b5b77524
2019-11-27 20:55:35 +01:00
Florian Weimer
79e0cd7b3c Lazy binding failures during dlopen/dlclose must be fatal [BZ #24304]
If a lazy binding failure happens during the execution of an ELF
constructor or destructor, the dynamic loader catches the error
and reports it using the dlerror mechanism.  This is undesirable
because there could be other constructors and destructors that
need processing (which are skipped), and the process is in an
inconsistent state at this point.  Therefore, we have to issue
a fatal dynamic loader error error and terminate the process.

Note that the _dl_catch_exception in _dl_open is just an inner catch,
to roll back some state locally.  If called from dlopen, there is
still an outer catch, which is why calling _dl_init via call_dl_init
and a no-exception is required and cannot be avoiding by moving the
_dl_init call directly into _dl_open.

_dl_fini does not need changes because it does not install an error
handler, so errors are already fatal there.

Change-Id: I6b1addfe2e30f50a1781595f046f44173db9491a
2019-11-27 20:55:35 +01:00
Florian Weimer
446997ff14 resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications.  For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.

This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.

The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.

Tested on x86_64-linux-gnu.

Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
2019-11-27 20:54:37 +01:00
Florian Weimer
4a2ab5843a dlsym: Do not determine caller link map if not needed
Obtaining the link map is potentially very slow because it requires
iterating over all loaded objects in the current implementation.  If
the caller supplied an explicit handle (i.e., not one of the RTLD_*
constants), the dlsym implementation does not need the identity of the
caller (except in the special case of auditing), so this change
avoids computing it in that case.

Even in the minimal case (dlsym called from a main program linked with
-dl), this shows a small speedup, perhaps around five percent.  The
performance improvement can be arbitrarily large in principle (if
_dl_find_dso_for_object has to iterate over many link maps).

Change-Id: Ide5d9e2cc7ac25a0ffae8fb4c26def0c898efa29
2019-11-27 20:19:22 +01:00
Florian Weimer
cb61630ed7 libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]
Commit c402355dfa ("libio: Disable
vtable validation in case of interposition [BZ #23313]") only covered
the interposable glibc 2.1 handles, in libio/stdfiles.c.  The
parallel code in libio/oldstdfiles.c needs similar detection logic.

Fixes (again) commit db3476aff1
("libio: Implement vtable verification [BZ #20191]").

Change-Id: Ief6f9f17e91d1f7263421c56a7dc018f4f595c21
2019-11-27 20:16:22 +01:00