On some architectures, the parts of math_private.h relating to the
floating-point environment are in a separate file fenv_private.h
included from math_private.h. As this is purely an
architecture-specific convention used by several architectures,
however, all such architectures still need their own math_private.h,
even if it has nothing to do beyond #include <fenv_private.h> and
peculiarity of including the i386 file directly instead of having a
shared file in sysdeps/x86.
This patch makes the fenv_private.h name an architecture-independent
convention in glibc. The include of fenv_private.h from
math_private.h becomes architecture-independent (until callers are
updated to include fenv_private.h directly so the include from
math_private.h is no longer needed). Some architecture math_private.h
headers are removed if no longer needed, or renamed to fenv_private.h
if all they define belongs in that header; architecture fenv_private.h
headers now do require #include_next <fenv_private.h>. The i386
fenv_private.h file moves to sysdeps/x86/fpu/ to reflect how it is
actually shared with x86_64. The generic math_private.h gets a new
include of <stdbool.h>, as needed for bool in some prototypes in that
header (previously that was indirectly included via include/fenv.h,
which now only gets included too late in math_private.h, after those
prototypes).
Tested for x86_64 and x86, and tested with build-many-glibcs.py that
installed stripped shared libraries are unchanged by the patch.
* sysdeps/aarch64/fpu/fenv_private.h: New file. Based on ....
* sysdeps/aarch64/fpu/math_private.h: ... this file. All contents
moved to fenv_private.h except for ...
(TOINT_INTRINSICS): Kept in math_private.h.
(roundtoint): Likewise.
(converttoint): Likewise.
* sysdeps/arm/fenv_private.h: Change multiple-include guard to
[ARM_FENV_PRIVATE_H]. Include next <fenv_private.h>.
* sysdeps/arm/math_private.h: Remove.
* sysdeps/generic/fenv_private.h: New file. Contents moved from
....
* sysdeps/generic/math_private.h: ... this file. Include
<stdbool.h>. Do not include <fenv.h> or <get-rounding-mode.h>.
Include <fenv_private.h>. Remove functions and macros moved to
fenv_private.h.
* sysdeps/i386/fpu/math_private.h: Remove.
* sysdeps/mips/math_private.h: Move to ....
* sysdeps/mips/fpu/fenv_private.h: ... here. Change
multiple-include guard to [MIPS_FENV_PRIVATE_H]. Remove
[__mips_hard_float] conditional. Include next <fenv_private.h>.
* sysdeps/powerpc/fpu/fenv_private.h: Change multiple-include
guard to [POWERPC_FENV_PRIVATE_H]. Include next <fenv_private.h>.
* sysdeps/powerpc/fpu/math_private.h: Do not include
<fenv_private.h>.
* sysdeps/riscv/rvf/math_private.h: Move to ....
* sysdeps/riscv/rvf/fenv_private.h: ... here. Change
multiple-include guard to [RISCV_FENV_PRIVATE_H]. Include next
<fenv_private.h>.
* sysdeps/sparc/fpu/fenv_private.h: Change multiple-include guard
to [SPARC_FENV_PRIVATE_H]. Include next <fenv_private.h>.
* sysdeps/sparc/fpu/math_private.h: Remove.
* sysdeps/i386/fpu/fenv_private.h: Move to ....
* sysdeps/x86/fpu/fenv_private.h: ... here. Change
multiple-include guard to [X86_FENV_PRIVATE_H]. Include next
<fenv_private.h>.
* sysdeps/x86_64/fpu/math_private.h: Do not include
<sysdeps/i386/fpu/fenv_private.h>.
As done in commit 284f42bc77, memcmp
can be used after memchr to avoid the initialization overhead of the
two-way algorithm for the first match. This has shown improvement
>40% for first match.
Completing the move of macros out of math-tests.h to smaller headers
following typo-proof conventions instead of using #ifndef, this patch
moves the EXCEPTION_SET_FORCES_TRAP macro out to its own
math-tests-trap-force.h header.
Tested with build-many-glibcs.py.
* sysdeps/generic/math-tests-trap-force.h: New file.
* sysdeps/generic/math-tests.h: Include <math-tests-trap-force.h>.
(EXCEPTION_SET_FORCES_TRAP): Do not define here.
* sysdeps/powerpc/math-tests.h: Remove file.
* sysdeps/powerpc/fpu/math-tests-trap-force.h: New file.
Continuing moving macros out of math-tests.h to smaller headers
following typo-proof conventions instead of using #ifndef, this patch
moves the EXCEPTION_ENABLE_SUPPORTED macro out to its own
math-tests-trap.h header.
Tested with build-many-glibcs.py.
* sysdeps/generic/math-tests-trap.h: New file.
* sysdeps/generic/math-tests.h: Include <math-tests-trap.h>.
(EXCEPTION_ENABLE_SUPPORTED): Do not define here.
* sysdeps/aarch64/math-tests.h: Remove file.
* sysdeps/arm/math-tests.h: Likewise.
* sysdeps/riscv/math-tests.h: Likewise.
* sysdeps/aarch64/math-tests-trap.h: New file.
* sysdeps/arm/math-tests-trap.h: Likewise.
* sysdeps/riscv/math-tests-trap.h: Likewise.
Continuing moving macros out of math-tests.h to smaller headers
following typo-proof conventions instead of using #ifndef, this patch
moves the EXCEPTION_TESTS_* macros for individual types out to their
own sysdeps header.
As with ROUNDING_TESTS_*, there is no need to define these macros if
FE_ALL_EXCEPT == 0 and the individual exception macros are undefined;
thus, math-tests-exceptions.h headers are only needed for soft-float
ARM and RISC-V, while the other cases that defined these macros do not
need to do so (and the associated math-tests.h headers are thus
removed without needing replacement by math-tests-exceptions.h
headers).
Tested with build-many-glibcs.py.
* sysdeps/generic/math-tests-exceptions.h: New file.
* sysdeps/generic/math-tests.h: Include <math-tests-exceptions.h>.
(EXCEPTION_TESTS_float): Do not define here.
(EXCEPTION_TESTS_double): Likewise.
(EXCEPTION_TESTS_long_double): Likewise.
(EXCEPTION_TESTS_float128): Likewise.
* sysdeps/arm/math-tests.h [__SOFTFP__] (EXCEPTION_TESTS_float):
Likewise.
[__SOFTFP__] (EXCEPTION_TESTS_double): Likewise.
[__SOFTFP__] (EXCEPTION_TESTS_long_double): Likewise.
* sysdeps/arm/nofpu/math-tests-exceptions.h: New file.
* sysdeps/m68k/coldfire/math-tests.h: Remove file.
* sysdeps/mips/math-tests.h: Likewise.
* sysdeps/nios2/math-tests.h: Likewise.
* sysdeps/riscv/math-tests.h [!__riscv_flen]
(EXCEPTION_TESTS_float): Do not define here.
[!__riscv_flen] (EXCEPTION_TESTS_double): Likewise.
[!__riscv_flen] (EXCEPTION_TESTS_long_double): Likewise.
* sysdeps/riscv/nofpu/math-tests-exceptions.h: New file.
The NEWS entry for sinf improvements is listed for 2.28, while it was
committed in 2.29, so move it there and mention tanf.
Committed as obvious.
* NEWS: Move optimized sinf entry to 2.29.
Speedup tanf range reduction by using the new sincosf range
reduction algorithm. Overall code quality is improved due to
inlining, so there is a speedup even if no range reduction is
required.
tanf throughput gains on Cortex-A72:
* |x| < M_PI_4 : 1.1x
* |x| < M_PI_2 : 1.2x
* |x| < 2 * M_PI: 1.5x
* |x| < 120.0 : 1.6x
* |x| < Inf : 12.1x
* sysdeps/ieee754/flt-32/s_tanf.c (__tanf): Use fast range reduction.
This patch completes the move of ROUNDING_TESTS_* macros to typo-proof
conventions by stopping redefining them in test-*-vlen*.h. Instead,
libm-test-driver.c is made to check TEST_MATHVEC when setting
non-to-nearest rounding modes.
Tested for x86_64.
* math/test-double-vlen2.h: Don't include <math-tests-rounding.h>.
(ROUNDING_TESTS_double): Remove.
* math/test-double-vlen4.h: Don't include <math-tests-rounding.h>.
(ROUNDING_TESTS_double): Remove.
* math/test-double-vlen8.h: Don't include <math-tests-rounding.h>.
(ROUNDING_TESTS_double): Remove.
* math/test-float-vlen16.h: Don't include <math-tests-rounding.h>.
(ROUNDING_TESTS_float): Remove.
* math/test-float-vlen4.h: Don't include <math-tests-rounding.h>.
(ROUNDING_TESTS_float): Remove.
* math/test-float-vlen8.h: Don't include <math-tests-rounding.h>.
(ROUNDING_TESTS_float): Remove.
* math/libm-test-driver.c (IF_ROUND_INIT_FE_DOWNWARD): Check
!TEST_MATHVEC here.
(IF_ROUND_INIT_FE_TOWARDZERO): Likewise.
(IF_ROUND_INIT_FE_UPWARD): Likewise.
Continuing moving macros out of math-tests.h to smaller headers
following typo-proof conventions instead of using #ifndef, this patch
moves the ROUNDING_TESTS_* macros for individual types out to their
own sysdeps header.
In the soft-float case where FE_TONEAREST is the only rounding mode
macro defined, there is no need to define ROUNDING_TESTS_*; it is only
necessary when rounding modes macros are defined that may not be
supported at runtime. Thus, the ROUNDING_TESTS_* definitions for some
configurations are just removed, not moved to new
math-tests-rounding.h headers; the only architectures needing
math-tests-rounding.h are those where the macros are defined in
bits/fenv.h because of the possibility of a soft-float compilation
using a hard-float glibc with the same ABI (i.e., ARM and RISC-V).
The test-*-vlen*.h headers, by using #undef, do not yet follow
typo-proof conventions (but they no longer implicitly rely on being
included before math-tests.h, and this area can always be cleaned up
further in future).
Tested with build-many-glibcs.py.
* sysdeps/generic/math-tests-rounding.h: New file.
* sysdeps/generic/math-tests.h: Include <math-tests-rounding.h>.
(ROUNDING_TESTS_float): Do not define here.
(ROUNDING_TESTS_double): Likewise.
(ROUNDING_TESTS_long_double): Likewise.
(ROUNDING_TESTS_float128): Likewise.
* math/test-double-vlen2.h: Include <math-tests-rounding.h>.
(ROUNDING_TESTS_double): Undefine before defining.
* math/test-double-vlen4.h: Include <math-tests-rounding.h>.
(ROUNDING_TESTS_double): Undefine before defining.
* math/test-double-vlen8.h: Include <math-tests-rounding.h>.
(ROUNDING_TESTS_double): Undefine before defining.
* math/test-float-vlen16.h: Include <math-tests-rounding.h>.
(ROUNDING_TESTS_float): Undefine before defining.
* math/test-float-vlen4.h: Include <math-tests-rounding.h>.
(ROUNDING_TESTS_float): Undefine before defining.
* math/test-float-vlen8.h: Include <math-tests-rounding.h>.
(ROUNDING_TESTS_float): Undefine before defining.
* sysdeps/arm/nofpu/math-tests-rounding.h: New file.
* sysdeps/arm/math-tests.h [__SOFTFP__] (ROUNDING_TESTS_float): Do
not define here.
[__SOFTFP__] (ROUNDING_TESTS_double): Likewise.
[__SOFTFP__] (ROUNDING_TESTS_long_double): Likewise.
* sysdeps/riscv/nofpu/math-tests-rounding.h: New file.
* sysdeps/riscv/math-tests.h [!__riscv_flen]
(ROUNDING_TESTS_float): Do not define here.
[!__riscv_flen] (ROUNDING_TESTS_double): Likewise.
[!__risv_flen] (ROUNDING_TESTS_long_double): Likewise.
* sysdeps/m68k/coldfire/math-tests.h [!__mcffpu__]
(ROUNDING_TESTS_float): Likewise.
[!__mcffpu__] (ROUNDING_TESTS_double): Likewise.
[!__mcffpu__] (ROUNDING_TESTS_long_double): Likewise.
* sysdeps/mips/math-tests.h [__mips_soft_float]
(ROUNDING_TESTS_float): Likewise.
[__mips_soft_float] (ROUNDING_TESTS_double): Likewise.
[__mips_soft_float] (ROUNDING_TESTS_long_double): Likewise.
* sysdeps/nios2/math-tests.h (ROUNDING_TESTS_float): Likewise.
(ROUNDING_TESTS_double): Likewise.
(ROUNDING_TESTS_long_double): Likewise.
This patch adds the PF_XDP, AF_XDP and SOL_XDP macros from Linux 4.18 to
sysdeps/unix/sysv/linux/bits/socket.h.
* sysdeps/unix/sysv/linux/bits/socket.h (PF_MAX): Set to 45.
(PF_XDP): New macro.
(AF_XDP): New macro.
(SOL_XDP): New macro.
This patch adds constants from netinet/tcp.h in Linux 4.18, and an
associated struct tcp_zerocopy_receive, to sysdeps/gnu/netinet/tcp.h.
The new TCP_REPAIR_* constants seemed sufficiently related to those
already present to include them.
Note that this patch does not include additions to struct tcp_info;
there are many other elements in this structure in the Linux kernel
that are not included in the glibc version (which was last extended in
2007, it seems). Such additions to the end of the structure may be OK
with the expected way it is used (size passed explicitly to the kernel
with getsockopt), but in principle any change to the size of a type
provided by glibc is an ABI change for external applications /
libraries using that type in their ABIs, and has the associated risks
of such a change.
Tested for x86_64.
* sysdeps/gnu/netinet/tcp.h (TCP_ZEROCOPY_RECEIVE): New macro.
(TCP_INQ): Likewise.
(TCP_CM_INQ): Likewise.
(TCP_REPAIR_ON): Likewise.
(TCP_REPAIR_OFF): Likewise.
(TCP_REPAIR_OFF_NO_WP): Likewise.
(struct tcp_zerocopy_receive): New type.
This patch updates struct signalfd_siginfo in sys/signalfd.h with new
members from Linux 4.18 (plus ssi_addr_lsb, added to the kernel in
2.6.37 without being added to sys/signalfd.h at that time). The
__pad2 member name follows the kernel and the existing __pad name.
Tested for x86_64.
* sysdeps/unix/sysv/linux/sys/signalfd.h (struct
signalfd_siginfo): Add ssi_addr_lsb, ssi_syscall, ssi_call_addr
and ssi_arch members.
This patch adds two new constants from Linux 4.18 to elf.h,
NT_VMCOREDD and AT_MINSIGSTKSZ.
Tested for x86_64.
* elf/elf.c (NT_VMCOREDD): New macro.
(AT_MINSIGSTKSZ): Likewise.
New generic optimization of sinf and cosf introduced by commit
599cf39766 shows improvement
compared to powerpc specific assembly version. Hence removing
the powerpc assembly versions to make use of generic code.
On Thu, Jan 11, 2018 at 3:50 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 11/07/2017 04:27 PM, Istvan Kurucsai wrote:
>>
>> + next = chunk_at_offset (victim, size);
>
>
> For new code, we prefer declarations with initializers.
Noted.
>> + if (__glibc_unlikely (chunksize_nomask (victim) <= 2 * SIZE_SZ)
>> + || __glibc_unlikely (chunksize_nomask (victim) >
>> av->system_mem))
>> + malloc_printerr("malloc(): invalid size (unsorted)");
>> + if (__glibc_unlikely (chunksize_nomask (next) < 2 * SIZE_SZ)
>> + || __glibc_unlikely (chunksize_nomask (next) >
>> av->system_mem))
>> + malloc_printerr("malloc(): invalid next size (unsorted)");
>> + if (__glibc_unlikely ((prev_size (next) & ~(SIZE_BITS)) !=
>> size))
>> + malloc_printerr("malloc(): mismatching next->prev_size
>> (unsorted)");
>
>
> I think this check is redundant because prev_size (next) and chunksize
> (victim) are loaded from the same memory location.
I'm fairly certain that it compares mchunk_size of victim against
mchunk_prev_size of the next chunk, i.e. the size of victim in its
header and footer.
>> + if (__glibc_unlikely (bck->fd != victim)
>> + || __glibc_unlikely (victim->fd != unsorted_chunks (av)))
>> + malloc_printerr("malloc(): unsorted double linked list
>> corrupted");
>> + if (__glibc_unlikely (prev_inuse(next)))
>> + malloc_printerr("malloc(): invalid next->prev_inuse
>> (unsorted)");
>
>
> There's a missing space after malloc_printerr.
Noted.
> Why do you keep using chunksize_nomask? We never investigated why the
> original code uses it. It may have been an accident.
You are right, I don't think it makes a difference in these checks. So
the size local can be reused for the checks against victim. For next,
leaving it as such avoids the masking operation.
> Again, for non-main arenas, the checks against av->system_mem could be made
> tighter (against the heap size). Maybe you could put the condition into a
> separate inline function?
We could also do a chunk boundary check similar to what I proposed in
the thread for the first patch in the series to be even more strict.
I'll gladly try to implement either but believe that refining these
checks would bring less benefits than in the case of the top chunk.
Intra-arena or intra-heap overlaps would still be doable here with
unsorted chunks and I don't see any way to counter that besides more
generic measures like randomizing allocations and your metadata
encoding patches.
I've attached a revised version with the above comments incorporated
but without the refined checks.
Thanks,
Istvan
From a12d5d40fd7aed5fa10fc444dcb819947b72b315 Mon Sep 17 00:00:00 2001
From: Istvan Kurucsai <pistukem@gmail.com>
Date: Tue, 16 Jan 2018 14:48:16 +0100
Subject: [PATCH v2 1/1] malloc: Additional checks for unsorted bin integrity
I.
Ensure the following properties of chunks encountered during binning:
- victim chunk has reasonable size
- next chunk has reasonable size
- next->prev_size == victim->size
- valid double linked list
- PREV_INUSE of next chunk is unset
* malloc/malloc.c (_int_malloc): Additional binning code checks.
The House of Force is a well-known technique to exploit heap
overflow. In essence, this exploit takes three steps:
1. Overwrite the size of top chunk with very large value (e.g. -1).
2. Request x bytes from top chunk. As the size of top chunk
is corrupted, x can be arbitrarily large and top chunk will
still be offset by x.
3. The next allocation from top chunk will thus be controllable.
If we verify the size of top chunk at step 2, we can stop such attack.
This patch moves little endian specific POWER9 optimization files to
sysdeps/powerpc/powerpc64/le and creates POWER9 ifunc functions
only for little endian.
This variant of strlen uses vector loads and operations to reduce the
size of the code and also eliminate the non-ascii fallback. This
works very well for falkor because of its two vector units and
efficient vector ops. In the best case it reduces latency of cases in
bench-strlen by 48%, with gains throughout the benchmark.
strlen-walk also sees uniform gains in the 5%-15% range.
Overall the routine appears to work better than the stock one for falkor
regardless of the benchmark, length of string or cache state.
The same cannot be said of a53 and a72 though. a53 performance was
greatly reduced and for a72 it was a bit of a mixed bag, slightly on the
negative side but I reckon it might be fast in some situations.
* sysdeps/aarch64/strlen.S (__strlen): Rename to STRLEN.
[!STRLEN](STRLEN): Set to __strlen.
* sysdeps/aarch64/multiarch/strlen.c: New file.
* sysdeps/aarch64/multiarch/strlen_generic.S: Likewise.
* sysdeps/aarch64/multiarch/strlen_asimd.S: Likewise.
* sysdeps/aarch64/multiarch/ifunc-impl-list.c
(__libc_ifunc_impl_list): Add strlen.
* sysdeps/aarch64/multiarch/Makefile (sysdep_routines): Add
strlen_generic and strlen_asimd.
Reviewed-By: szabolcs.nagy@arm.com
CC: pinskia@gmail.com
The internal functions __kernel_sinf and __kernel_cosf are used only by
lgammaf_r. Removing the internal functions and using the generic sinf
and cosf is better overall. Benchmarking on Cortex-A72 shows the generic
sinf and cosf are 1.4x and 2.3x faster in the range |x| < PI/4, and 0.66x
and 1.1x for |x| < PI/2, so it should make lgammaf_r faster on average.
GLIBC regression tests pass on AArch64.
* sysdeps/ieee754/flt-32/e_lgammaf_r.c (sin_pif): Use __sinf/__cosf.
* sysdeps/ieee754/flt-32/k_cosf.c (__kernel_cosf): Remove all code.
* sysdeps/ieee754/flt-32/k_sinf.c (__kernel_sinf): Likewise.
Fix a few missing spaces, it's now identical to the regenerated version.
Passes GLIBC tests on x64.
* sysdeps/x86_64/fpu/libm-test-ulps: Regenerate to fix spaces.
The second patch improves performance of sinf and cosf using the same
algorithms and polynomials. The returned values are identical to sincosf
for the same input. ULP definitions for AArch64 and x64 are updated.
sinf/cosf througput gains on Cortex-A72:
* |x| < 0x1p-12 : 1.2x
* |x| < M_PI_4 : 1.8x
* |x| < 2 * M_PI: 1.7x
* |x| < 120.0 : 2.3x
* |x| < Inf : 3.0x
* NEWS: Mention sinf, cosf, sincosf.
* sysdeps/aarch64/libm-test-ulps: Update ULP for sinf, cosf, sincosf.
* sysdeps/x86_64/fpu/libm-test-ulps: Update ULP for sinf and cosf.
* sysdeps/x86_64/fpu/multiarch/s_sincosf-fma.c: Add definitions of
constants rather than including generic sincosf.h.
* sysdeps/x86_64/fpu/s_sincosf_data.c: Remove.
* sysdeps/ieee754/flt-32/s_cosf.c (cosf): Rewrite.
* sysdeps/ieee754/flt-32/s_sincosf.h (reduced_sin): Remove.
(reduced_cos): Remove.
(sinf_poly): New function.
* sysdeps/ieee754/flt-32/s_sinf.c (sinf): Rewrite.
