Commit Graph

2207 Commits

Author SHA1 Message Date
Florian Weimer
f03b78fae4 nptl: Move pthread_mutex_consistent into libc
And deprecated pthread_mutex_consistent_np, its old name.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:50 +02:00
DJ Delorie
24eb3be5db NEWS: Add entry for CVE-2021-27645 2021-03-09 14:34:50 -05:00
Florian Weimer
851f32cf7b ld.so: Implement the --list-diagnostics option 2021-03-02 14:39:24 +01:00
Samuel Thibault
597d0267b5 NEWS: Add missing bug closures 2021-02-23 13:36:06 +01:00
Florian Weimer
e9fed2438a linux: Require /dev/shm as the shared memory file system
Previously, glibc would pick an arbitrary tmpfs file system from
/proc/mounts if /dev/shm was not available.  This could lead to
an unsuitable file system being picked for the backing storage for
shm_open, sem_open, and related functions.

This patch introduces a new function, __shm_get_name, which builds
the file name under the appropriate (now hard-coded) directory.  It is
called from the various shm_* and sem_* function.  Unlike the
SHM_GET_NAME macro it replaces, the callers handle the return values
and errno updates.  shm-directory.c is moved directly into the posix
subdirectory because it can be implemented directly using POSIX
functionality.  It resides in libc because it is needed by both
librt and nptl/htl.

In the sem_open implementation, tmpfname is initialized directly
from a string constant.  This happens to remove one alloca call.

Checked on x86_64-linux-gnu.
2021-02-08 14:10:42 -03:00
H.J. Lu
57fb02b2cf Move _SC_MINSIGSTKSZ/_SC_SIGSTKSZ entry in NEWS
Move _SC_MINSIGSTKSZ/_SC_SIGSTKSZ entry to 2.34 section.
2021-02-01 16:44:38 -08:00
H.J. Lu
6c57d32048 sysconf: Add _SC_MINSIGSTKSZ/_SC_SIGSTKSZ [BZ #20305]
Add _SC_MINSIGSTKSZ for the minimum signal stack size derived from
AT_MINSIGSTKSZ, which is the minimum number of bytes of free stack
space required in order to gurantee successful, non-nested handling
of a single signal whose handler is an empty function, and _SC_SIGSTKSZ
which is the suggested minimum number of bytes of stack space required
for a signal stack.

If AT_MINSIGSTKSZ isn't available, sysconf (_SC_MINSIGSTKSZ) returns
MINSIGSTKSZ.  On Linux/x86 with XSAVE, the signal frame used by kernel
is composed of the following areas and laid out as:

 ------------------------------
 | alignment padding          |
 ------------------------------
 | xsave buffer               |
 ------------------------------
 | fsave header (32-bit only) |
 ------------------------------
 | siginfo + ucontext         |
 ------------------------------

Compute AT_MINSIGSTKSZ value as size of xsave buffer + size of fsave
header (32-bit only) + size of siginfo and ucontext + alignment padding.

If _SC_SIGSTKSZ_SOURCE or _GNU_SOURCE are defined, MINSIGSTKSZ and SIGSTKSZ
are redefined as

/* Default stack size for a signal handler: sysconf (SC_SIGSTKSZ).  */
 # undef SIGSTKSZ
 # define SIGSTKSZ sysconf (_SC_SIGSTKSZ)

/* Minimum stack size for a signal handler: SIGSTKSZ.  */
 # undef MINSIGSTKSZ
 # define MINSIGSTKSZ SIGSTKSZ

Compilation will fail if the source assumes constant MINSIGSTKSZ or
SIGSTKSZ.

The reason for not simply increasing the kernel's MINSIGSTKSZ #define
(apart from the fact that it is rarely used, due to glibc's shadowing
definitions) was that userspace binaries will have baked in the old
value of the constant and may be making assumptions about it.

For example, the type (char [MINSIGSTKSZ]) changes if this #define
changes.  This could be a problem if an newly built library tries to
memcpy() or dump such an object defined by and old binary.
Bounds-checking and the stack sizes passed to things like sigaltstack()
and makecontext() could similarly go wrong.
2021-02-01 11:00:52 -08:00
Adhemerval Zanella
2edf8f3d75 Open master branch for glibc 2.34 development 2021-02-01 14:16:46 -03:00
Adhemerval Zanella
5e25920fb2 Update NEWS with bugs 2021-02-01 14:15:23 -03:00
Florian Weimer
934c48a05b NEWS: Fix typo in CVE-2021-3326 entry 2021-01-29 19:13:25 +01:00
Florian Weimer
d7f4f3f5fb NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) 2021-01-29 18:03:24 +01:00
Florian Weimer
570bb42376 NEWS: Add entry for glibc-hwcaps and deprecate legacy hwcaps 2021-01-29 17:43:31 +01:00
H.J. Lu
86f65dffc2 ld.so: Add --list-tunables to print tunable values
Pass --list-tunables to ld.so to print tunables with min and max values.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-01-15 05:59:10 -08:00
Siddhesh Poyarekar
18b640c570 Update NEWS for CVE-2019-25013. 2021-01-08 09:20:29 +05:30
Paul Eggert
9fcdec7386 Update copyright dates not handled by scripts/update-copyrights.
I've updated copyright dates in glibc for 2021.  This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files.  As well as the usual annual
updates, mainly dates in --version output (minus csu/version.c which
previously had to be handled manually but is now successfully updated
by update-copyrights), there is a small change to the copyright notice
in NEWS which should let NEWS get updated automatically next year.

Please remember to include 2021 in the dates for any new files added
in future (which means updating any existing uncommitted patches you
have that add new files to use the new copyright dates in them).
2021-01-02 12:17:34 -08:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Siddhesh Poyarekar
c43c579612 Introduce _FORTIFY_SOURCE=3
Introduce a new _FORTIFY_SOURCE level of 3 to enable additional
fortifications that may have a noticeable performance impact, allowing
more fortification coverage at the cost of some performance.

With llvm 9.0 or later, this will replace the use of
__builtin_object_size with __builtin_dynamic_object_size.

__builtin_dynamic_object_size
-----------------------------

__builtin_dynamic_object_size is an LLVM builtin that is similar to
__builtin_object_size.  In addition to what __builtin_object_size
does, i.e. replace the builtin call with a constant object size,
__builtin_dynamic_object_size will replace the call site with an
expression that evaluates to the object size, thus expanding its
applicability.  In practice, __builtin_dynamic_object_size evaluates
these expressions through malloc/calloc calls that it can associate
with the object being evaluated.

A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss
this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of
__builtin_dynamic_object_size is able to emit __memcpy_chk with the
allocation size expression passed into the function:

void *copy_obj (const void *src, size_t alloc, size_t copysize)
{
  void *obj = malloc (alloc);
  memcpy (obj, src, copysize);
  return obj;
}

Limitations
-----------

If the object was allocated elsewhere that the compiler cannot see, or
if it was allocated in the function with a function that the compiler
does not recognize as an allocator then __builtin_dynamic_object_size
also returns -1.

Further, the expression used to compute object size may be non-trivial
and may potentially incur a noticeable performance impact.  These
fortifications are hence enabled at a new _FORTIFY_SOURCE level to
allow developers to make a choice on the tradeoff according to their
environment.
2020-12-31 16:55:21 +05:30
Stefan Liebler
844b4d8b4b s390x: Require GCC 7.1 or later to build glibc.
GCC 6.5 fails to correctly build ldconfig with recent ld.so.cache
commits, e.g.:
785969a047
elf: Implement a string table for ldconfig, with tail merging

If glibc is build with gcc 6.5.0:
__builtin_add_overflow is used in
<glibc>/elf/stringtable.c:stringtable_finalize()
which leads to ldconfig failing with "String table is too large".
This is also recognizable in following tests:
FAIL: elf/tst-glibc-hwcaps-cache
FAIL: elf/tst-glibc-hwcaps-prepend-cache
FAIL: elf/tst-ldconfig-X
FAIL: elf/tst-ldconfig-bad-aux-cache
FAIL: elf/tst-ldconfig-ld_so_conf-update
FAIL: elf/tst-stringtable

See gcc "Bug 98269 - gcc 6.5.0 __builtin_add_overflow() with small
uint32_t values incorrectly detects overflow"
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98269)
2020-12-17 16:18:04 +01:00
Marius Hillenbrand
f88242af19 S390: Derive float_t from FLT_EVAL_METHOD
float_t supposedly represents the type that is used to evaluate float
expressions internally. While the isa supports single-precision float
operations, the port of glibc to s390 incorrectly deferred to the
generic definitions which, back then, tied float_t to double. gcc by
default evaluates float in single precision, so that scenario violates
the C standard (sections 5.2.4.2.2 and 7.12 in C11/C17). With
-fexcess-precision=standard, gcc evaluates float in double precision,
which aligns with the standard yet at the cost of added conversion
instructions.

With this patch, we drop the s390-specific definition of float_t and
defer to the default behavior, which aligns float_t with the
compiler-defined FLT_EVAL_METHOD in a standard-compliant way.

Checked on s390x-linux-gnu with 31-bit and 64-bit builds.
2020-12-09 16:26:46 +01:00
Paul Zimmermann
4d3a77c735 Fixed typos in "NEWS for version 2.32" 2020-12-08 20:26:32 +05:30
Siddhesh Poyarekar
38a9e93cb1 Add NEWS entry for CVE-2020-29562 (BZ #26923)
BZ #26923 now has a CVE entry, so add a NEWS entry for it.
2020-12-08 20:04:35 +05:30
Shuo Wang
fdb724f903 Fix typo in NEWS file 2020-11-30 15:47:47 +05:30
Florian Weimer
05d38b3ef5 NEWS entry for commit b4f020c9b4 2020-11-25 15:53:01 +01:00
Arjun Shankar
9a99c68214 iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]
The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
share converter logic (iconvdata/ibm1364.c) which would reject
redundant shift sequences when processing input in these character
sets.  This led to a hang in the iconv program (CVE-2020-27618).

This commit adjusts the converter to ignore redundant shift sequences
and adds test cases for iconv_prog hangs that would be triggered upon
their rejection.  This brings the implementation in line with other
converters that also ignore redundant shift sequences (e.g. IBM930
etc., fixed in commit 692de4b396).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-11-04 12:19:38 +01:00
Adhemerval Zanella
0ce51bef34 Remove NEWS entry about ftime removal
Now that it was reinstate with 30a0b167d3.
2020-10-27 10:43:37 -03:00
Jonathan Wakely
ce643e6fe9 Fix typo in NEWS file 2020-10-26 11:46:00 +00:00
Adhemerval Zanella
ab5ee31e14 Move vtimes to a compatibility symbol
I couldn't pinpoint which standard has added it, but no other POSIX
system supports it and/or no longer provide it.  The 'struct vtimes'
also has a lot of drawbacks due its limited internal type size.

I couldn't also see find any project that actually uses this symbol,
either in some dignostic way (such as sanitizer).  So I think it should
be safer to just move to compat symbol, instead of deprecated.  The
idea it to avoid new ports to export such broken interface (riscv32
for instance).

Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-10-19 16:44:20 -03:00
Adhemerval Zanella
d6fa317099 Add NEWS entry for ftime compatibility move 2020-10-16 15:16:06 -03:00
Florian Weimer
56f8d44294 elf: Do not search HWCAP subdirectories in statically linked binaries
This functionality does not seem to be useful since static dlopen
is mostly used for iconv/character set conversion and NSS support.
gconv modules are loaded with full paths anyway, so that the
HWCAP subdirectory logic does not apply.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-07 16:40:23 +02:00
Florian Weimer
27fe5f2e67 Linux: Require properly configured /dev/pts for PTYs
Current systems do not have BSD terminals, so the fallback code in
posix_openpt/getpt does not do anything.  Also remove the file system
check for /dev/pts.  Current systems always have a devpts file system
mounted there if /dev/ptmx exists.

grantpt is now essentially a no-op.  It only verifies that the
argument is a ptmx-descriptor.  Therefore, this change indirectly
addresses bug 24941.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-10-07 14:55:50 +02:00
Vincent Mihalkovic
c670278934 ld.so: add an --argv0 option [BZ #16124] 2020-09-29 12:34:40 +02:00
DJ Delorie
cdf645427d Update mallinfo2 ABI, and test
This patch adds the ABI-related bits to reflect the new mallinfo2
function, and adds a test case to verify basic functionality.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-09-17 18:49:30 -04:00
H.J. Lu
9620398097 x86: Install <sys/platform/x86.h> [BZ #26124]
Install <sys/platform/x86.h> so that programmers can do

 #if __has_include(<sys/platform/x86.h>)
 #include <sys/platform/x86.h>
 #endif
 ...

   if (CPU_FEATURE_USABLE (SSE2))
 ...
   if (CPU_FEATURE_USABLE (AVX2))
 ...

<sys/platform/x86.h> exports only:

enum
{
  COMMON_CPUID_INDEX_1 = 0,
  COMMON_CPUID_INDEX_7,
  COMMON_CPUID_INDEX_80000001,
  COMMON_CPUID_INDEX_D_ECX_1,
  COMMON_CPUID_INDEX_80000007,
  COMMON_CPUID_INDEX_80000008,
  COMMON_CPUID_INDEX_7_ECX_1,
  /* Keep the following line at the end.  */
  COMMON_CPUID_INDEX_MAX
};

struct cpuid_features
{
  struct cpuid_registers cpuid;
  struct cpuid_registers usable;
};

struct cpu_features
{
  struct cpu_features_basic basic;
  struct cpuid_features features[COMMON_CPUID_INDEX_MAX];
};

/* Get a pointer to the CPU features structure.  */
extern const struct cpu_features *__x86_get_cpu_features
  (unsigned int max) __attribute__ ((const));

Since all feature checks are done through macros, programs compiled with
a newer <sys/platform/x86.h> are compatible with the older glibc binaries
as long as the layout of struct cpu_features is identical.  The features
array can be expanded with backward binary compatibility for both .o and
.so files.  When COMMON_CPUID_INDEX_MAX is increased to support new
processor features, __x86_get_cpu_features in the older glibc binaries
returns NULL and HAS_CPU_FEATURE/CPU_FEATURE_USABLE return false on the
new processor feature.  No new symbol version is neeeded.

Both CPU_FEATURE_USABLE and HAS_CPU_FEATURE are provided.  HAS_CPU_FEATURE
can be used to identify processor features.

Note: Although GCC has __builtin_cpu_supports, it only supports a subset
of <sys/platform/x86.h> and it is equivalent to CPU_FEATURE_USABLE.  It
doesn't support HAS_CPU_FEATURE.
2020-09-11 17:20:52 -07:00
Alistair Francis
389f6854eb Documentation for the RISC-V 32-bit port
There is already RISC-V 64-bit port information in the documentation.
Let's add some documentation entries for the RISC-V 32-bit as well.

Reviewed-by: Maciej W. Rozycki <macro@wdc.com>
2020-08-27 08:17:44 -07:00
Carlos O'Donell
4c56bcbceb Open master branch for glibc 2.33 development.
Happy hacking!
2020-08-04 23:41:43 -04:00
Carlos O'Donell
923adfcb58 Update NEWS with bugs. 2020-08-04 20:39:09 -04:00
Szabolcs Nagy
42c9e9af22 aarch64: update NEWS about branch protection
After some discussions it seems the original news was not clear
and that it is valid to manually pass the branch protection flags
iff GCC target libs are built with them too. The main difference
between manually passing the flags and using the configure
option is that the latter also makes branch protection the
default in GCC which may not be desirable in some cases.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-08-03 22:37:23 +01:00
Aurelien Jarno
17a0126abf Add NEWS entry for CVE-2016-10228 (bug 19519) 2020-08-03 23:24:38 +02:00
Florian Weimer
7f1a08cff8 Move NEWS entry for CVE-2020-1751 to the 2.31 section
It was fixed in commit d937694059
("Fix array overflow in backtrace on PowerPC (bug 25423)"), which
went into glibc 2.31.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-31 12:59:19 +02:00
Florian Weimer
89c255294a NEWS: Deprecate weak libpthread symbols for single-threaded checks
Recommend the new __libc_single_thread variable instead.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-31 12:59:03 +02:00
Florian Weimer
20fb7452c0 NEWS: Deprecate nss_hesiod
Storing user databases in DNS, without client-side DNSSEC validation,
is problematic from a security point of view.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-31 12:58:56 +02:00
Florian Weimer
efedd1ed3d Linux: Remove rseq support
The kernel ABI is not finalized, and there are now various proposals
to change the size of struct rseq, which would make the glibc ABI
dependent on the version of the kernels used for building glibc.
This is of course not acceptable.

This reverts commit 48699da1c4 ("elf:
Support at least 32-byte alignment in static dlopen"), commit
8f4632deb3 ("Linux: rseq registration
tests"), commit 6e29cb3f61 ("Linux: Use
rseq in sched_getcpu if available"), and commit
0c76fc3c2b ("Linux: Perform rseq
registration at C startup and thread creation"), resolving the conflicts
introduced by the ARC port and the TLS static surplus changes.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-16 17:55:35 +02:00
Aurelien Jarno
17400c4bcd Add NEWS entry for CVE-2020-6096 (bug 25620)
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-16 06:56:59 +02:00
Petr Vorel
5500cdba40 Remove --enable-obsolete-rpc configure flag
Sun RPC was removed from glibc. This includes rpcgen program, librpcsvc,
and Sun RPC headers. Also test for bug #20790 was removed
(test for rpcgen).

Backward compatibility for old programs is kept only for architectures
and ABIs that have been added in or before version 2.28.

libtirpc is mature enough, librpcsvc and rpcgen are provided in
rpcsvc-proto project.

NOTE: libnsl code depends on Sun RPC (installed libnsl headers use
installed Sun RPC headers), thus --enable-obsolete-rpc was a dependency
for --enable-obsolete-nsl (removed in a previous commit).

The arc ABI list file has to be updated because the port was added
with the sunrpc symbols

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-13 19:36:35 +02:00
Florian Weimer
e72b98e6f8 malloc: Deprecate more hook-related functionality
__morecore, __after_morecore_hook, and __default_morecore had not
been deprecated in commit 7d17596c19
("Mark malloc hook variables as deprecated"), probably by accident.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-13 09:58:37 +02:00
Vineet Gupta
758caf3736 Documentation for ARC port
(a) ABI doc:
    https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/wiki/files/ARCv2_ABI.pdf

(b) Programmer's Reference Manual (PRM) : needs a download request to be filled
    https://www.synopsys.com/dw/ipdir.php?ds=arc-hs44-hs46-hs48
    https://www.synopsys.com/dw/doc.php/ds/cc/programmers-reference-manual-ARC-HS.pdf

As of port merge (and Florian's patch to fix static TLS), glibc testsuite
(cross-test setup) has following failures:

FAIL: elf/tst-audit14
FAIL: elf/tst-audit15
FAIL: elf/tst-audit16
FAIL: elf/tst-ldconfig-ld_so_conf-update
FAIL: elf/tst-libc_dlvsym
FAIL: elf/tst-libc_dlvsym-static
FAIL: iconv/test-iconvconfig		# Needs gconv installed
FAIL: io/ftwtest			# Requires execution by non-root
FAIL: io/tst-lockf
FAIL: libio/tst-wfile-sync
FAIL: locale/tst-localedef-path-norm
FAIL: nptl/test-cond-printers		# needs Python3 and target GDB on target
FAIL: nptl/test-condattr-printers	#    ditto
FAIL: nptl/test-mutex-printers		#    ditto
FAIL: nptl/test-mutexattr-printers	#    ditto
FAIL: nptl/test-rwlock-printers		#    ditto
FAIL: nptl/test-rwlockattr-printers	#    ditto
FAIL: nptl/tst-umask1			# passes if run natively on target (NFS ACLv3 support needed)
FAIL: nss/bug-erange
FAIL: nss/tst-nss-files-hosts-getent
FAIL: nss/tst-nss-files-hosts-multi
FAIL: posix/bug-ga2
FAIL: posix/globtest			# require same user on target and host
FAIL: posix/tst-getaddrinfo5
FAIL: stdio-common/tst-vfprintf-width-prec
FAIL: stdio-common/tst-vfprintf-width-prec-alloc
FAIL: stdio-common/tst-vfprintf-width-prec-mem
FAIL: string/tst-strerror
FAIL: string/tst-strsignal
FAIL: sunrpc/bug20790			# missing cpp on target
FAIL: timezone/tst-tzset

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-07-10 16:31:58 -07:00
Mike FABIAN
936c9666ae Add NEWS entry for Update to Unicode 13.0.0 [BZ #25819]
Unicode 13.0.0 Support: Character encoding, character type info, and
transliteration tables are all updated to Unicode 13.0.0, using
the generator scripts contributed by Mike FABIAN (Red Hat).

Total added characters in newly generated CHARMAP: 5930
Total added characters in newly generated WIDTH: 5536
2020-07-10 11:56:33 +02:00
Petr Vorel
ae7a94e5e3 Remove --enable-obsolete-nsl configure flag
this means that *always* libnsl is only built as shared library for
backward compatibility and the NSS modules libnss_nis and libnss_nisplus
are not built at all, libnsl's headers aren't installed.

This compatibility is kept only for architectures and ABIs that have
been added in or before version 2.28.

Replacement implementations based on TIRPC, which additionally support
IPv6, are available from <https://github.com/thkukuk/>.

This change does not affect libnss_compat which does not depended
on libnsl since 2.27 and thus can be used without NIS.

libnsl code depends on Sun RPC, e.g. on --enable-obsolete-rpc (installed
libnsl headers use installed Sun RPC headers), which will be removed in
the following commit.
2020-07-08 17:25:57 +02:00
Szabolcs Nagy
a2a83bf6d9 aarch64: add NEWS entry about branch protection support
This is a new security feature that relies on architecture
extensions and needs glibc to be built with a gcc configured
with branch protection.
2020-07-08 15:02:38 +01:00
Florian Weimer
94d9c76e4a nss: Remove cryptographic key support from nss_files, nss_nis, nss_nisplus
The interface has hard-coded buffer sizes and is therefore tied to
DES.  It also does not match current practice where different
services on the same host use different key material.

This change simplifies removal of the sunrpc code.
2020-07-07 20:20:22 +02:00