Created attachment 5671 [details] the test program, to be run in gdb as described There appears to be a race in the implementation of sem_post/sem_wait on AMD64 (nptl/sysdeps/unix/sysv/linux/x86_64/sem_post.S in the source code) which sometimes causes sem_post to access freed memory and to fail with EINVAL. In a nutshell, if sem_post happens to go to sleep right after it increments sem->value but before it looks at sem->nwaiters, another thread can sail through a sem_wait without blocking and destroy the semaphore, so that when the sem_post thread wakes up and looks at sem->nwaiters, it is looking at already-freed (and possibly unmapped) memory. The bug was originally filed as gentoo bug 93366 ( http://bugs.gentoo.org/show_bug.cgi?id=93366 ). It's extremely hard to reproduce, and I don't have a simple program that can demonstrate the problem reliably by just running it (for less than a million years). But it can be reproduced consistently either by hacking up the sem_post source code and adding a sleep() at a crucial point, or by carefully stopping and resuming the threads in a debugger with thread-specific breakpoints. I'll include instructions for doing the latter using gdb >=7.1. We're observing the problem on an AMD64 machine running RHEL5.3 Linux, with glibc-2.5-34.el5_3.1 and gcc-4.1.2-44.el5, which I know is ancient but I also downloaded the most current glibc source code today and compiled the sem_post.S and sem_wait.S from it, and I can still reproduce the problem using those. Here are the instructions for reproducing the problem using gdb 7.1 or 7.2 on the attached program (gdb 7.0.1 and earlier fail with a supposed syntax error on the "b *(sem_post+18) thread 3"). % gcc -Wall -g semtest.c -lpthread -o semtest % gdb ./semtest # per http://sourceware.org/gdb/onlinedocs/gdb/Non_002dStop-Mode.html ... # Enable the async interface. set target-async 1 # If using the CLI, pagination breaks non-stop. set pagination off # Finally, turn it on! set non-stop on b waiter b poster r # thread 2 stops in waiter # thread 3 stops in poster t 2 b sem_wait thread 2 c # thread 2 (waiter) stops at the beginning of sem_wait(varsem) disas sem_post # look for the "cmpq $0x0,0x8(%rdi)" and put a breakpoint there. # in older versions it's sem_post+4; # in newer versions it's sem_post+18. t 3 b *(sem_post+18) thread 3 <-- or sem_post+4 or whatever c # thread 3 (poster) stops at the breakpoint inside sem_post, # after incrementing varsem->value (4-byte value 0 bytes into the object) # but before looking at varsem->nwaiters (8-byte value 8 bytes into the object) t 2 b free thread 2 c # thread 2 (waiter) sails through the sem_wait without blocking, # calls sem_destroy(varsem), # trashes the memory, # and stops at the beginning of free t 3 c # thread 3 (poster) resumes in the middle of sem_post, # looks at varsem->nwaiters and sees it's nonzero (trash) # so it makes the FUTEX_WAKE syscall which returns EINVAL, # the program exits with error message # "sem_post() in poster: Invalid argument" I hope I am not overinflating this bug's severity by calling it "critical" ("major" would feel more appropriate to me, but there seems to be no "major" option, only "normal" and "critical"). Although failure is rare, we are about to be forced to implement our own semaphores rather than using the posix semaphores because of this bug, so it does seem rather severe.
Why would this at all be a bug? The fact that the sem_wait succeeds doesn't indicate at all that the semaphore is unused and destroying an unused semaphore is of course completely illegal. Your code is wrong in assuming what it does. You have to wait for the sem_post call to also return before destroying the semaphore.
(In reply to comment #1) > Why would this at all be a bug? The fact that the sem_wait succeeds doesn't > indicate at all that the semaphore is unused and destroying an unused semaphore > is of course completely illegal. Your code is wrong in assuming what it does. > You have to wait for the sem_post call to also return before destroying the > semaphore. Hi Ulrich, Thanks for looking at this. We're not completely confident that this usage is legal... but we're not convinced yet that it's illegal either. In our program, the sem_post itself is intended to indicate to the waiting thread that it's safe to destroy the semaphore (and, in a real program, to destroy some associated resource as well). If the waiter thread has to wait for the sem_post call to return, as you say, what would be a mechanism for doing that? Another semaphore? Would you agree that then either the semaphore, or the semaphore-that-protects-the-semaphore, etc. would need to be an object that persists significantly longer than the resources being protected? Maybe this is a reasonable or necessary restriction, but it's a significant one, and if it's intentional, it would be very helpful to have it documented. Various manual pages I've seen which come close to mentioning it, and which seem to me to (weakly) to imply my usage is legal, are: sem_destroy man page from my RHEL5.3 distribution (man-pages-2.39-12.el5): "Destroying a semaphore that other processes or threads are currently blocked on (in sem_wait(3)) produces undefined behaviour." (doesn't mention sem_post, but it seems like this would be the appropriate place to mention it if it's illegal, and the fact that it doesn't mention it seems to imply it's legal). Various other sem_destroy man pages, such as the one from Open Group Base Specifications (http://pubs.opengroup.org/onlinepubs/009695399/functions/sem_destroy.html) say: "It is safe to destroy an initialized semaphore upon which no threads are currently blocked. The effect of destroying a semaphore upon which other threads are currently blocked is undefined." (the most literal reading of this implies that in my case, it's safe to destroy the semaphore, since it's certainly the case that no threads are currently blocked on it). The pthread_mutex_destroy man page (from man-pages-2.39-12.el5): "It shall be safe to destroy an initialized mutex that is unlocked. Attempting to destroy a locked mutex results in undefined behavior." (again, a literal reading of this implies my usage is safe. of course this is talking about mutexes, not semaphores, but I imagine all the same limitations and considerations apply). The pthread_cond_destroy man page (from man-pages-2.39-12.el5): "It shall be safe to destroy an initialized condition variable upon which no threads are currently blocked. Attempting to destroy a condition variable upon which other threads are currently blocked results in undefined behavior." (my comment on this would be the same as for pthread_mutex above) Unfortunately I don't have access to the pthreads standard... does it take a definite position on this? If it does, it would be great to have that clarification added to all these man pages so that future programmers will have no doubts about it. Thanks, Don Hatch
Upon further reading, I see that the pthread_mutex_destroy man page and the pthread_cond_destroy man page both explicitly say that doing the analogous thing to a mutex or condition variable is legal. From the same pthread_mutex_destroy man page that I quoted earlier (from man-pages-2.39-12.el5): "A mutex can be destroyed immediately after it is unlocked. For example, consider the following code: [...] In this case obj is reference counted and obj_done() is called whenever a reference to the object is dropped. Implementations are required to allow an object to be destroyed and freed and potentially unmapped (for example, lines A and B) immediately after the object is unlocked (line C)." From the same pthread_cond_destroy man page that I quoted earlier (from man-pages-2.39-12.el5): "A condition variable can be destroyed immediately after all the threads that are blocked on it are awakened. For example, consider the following code: [...] In this example, the condition variable and its list element may be freed (line B) immediately after all threads waiting for it are awakened (line A), since the mutex and the code ensure that no other thread can touch the element to be deleted. So if it's really the case that posix semaphores don't provide the same guarantee (or even if the spec says they do but the current implementation doesn't), I think we can get that guarantee by implementing our own semaphores in terms of mutexes and/or condition variables (that is assuming the implementation of mutexes and condition variables really does conform to the above quoted passages).
There cannot be any question that it is illegal. You pass a pointer to the semaphore to sem_post and just because it is half-finished and a sem_wait succeeds this doesn't mean the call must be done. As I said, only when the sem_post call also returns is the semaphore unused.
(In reply to comment #4) > There cannot be any question that it is illegal. You pass a pointer to the > semaphore to sem_post and just because it is half-finished and a sem_wait > succeeds this doesn't mean the call must be done. As I said, only when the > sem_post call also returns is the semaphore unused. Hi Ulrich, Sorry if it seems I am belaboring this. I understand your assertion; it's the same thing you said in your first reply (Comment 1), right? But it's not clear to me on what basis you are making this assertion. Is it based on the spec, or are you stating what you believe to be common sense and obvious? If it is from the spec, please say so (quoting the relevant passage if possible) and that will end the discussion. (And I will open a bug report against the man page, asking for it to be amended to include the clarifying passage from the spec.) But if you are arguing from common sense, then I think you are certainly wrong about it being obvious or the only reasonable interpretation. One could equally well say from common sense "you pass to mutex_unlock a pointer to the mutex and just because it is half-finished and a subsequent mutex lock-and-unlock in another thread succeeds this doesn't mean the call must be done... only when the first mutex_unlock call also returns is the mutex unused"... and yet the spec very explicitly disagrees (as I quoted from the man page, which I assume is taken from the spec). Similarly for condition variables. All this leads me to believe that it was likely the intent of the spec authors to say that, in general, it is legal and legitimate usage to destroy any lock-like object as soon as it is released for the last time by another thread (which is always *before* the releasing function literally returns in that other thread). So it is on that basis that I say I believe it may be the intent of the spec that my usage is legal, contrary to your assertion. If you are still sure this is not the case, would you please elaborate on your reasoning? Thanks.
Ulrich does not understand your question because he is assuming you are an idiot. In particular, he is not reading your bug report carefully enough to recognize that the behavior you have identified is a fundamental race rendering semaphores useless. It is a pretty simple question, really. Given a semaphore initialized to zero, one thread that makes one call to sem_wait, and another that makes one call to sem_post. Which thread can safely destroy the semaphore? Obviously, the thread calling sem_post cannot destroy the semaphore because it cannot know that sem_wait has returned. You have shown that the one calling sem_wait cannot destroy it either because of this broken implementation. So neither thread can destroy the semaphore without adding some additional synchronization mechanism. Ulrich says the behavior is not broken, which as you rightly point out is ludicrous. But that's Ulrich for you.
After reading this bug report and followup comments, I have identified and fixed the corresponding bug in musl's implementation of POSIX semaphores. The fix is very easy and the same approach could easily be used to fix glibc/NPTL. There is not yet a release with the fix, but you can see the commit/diff in our git repository at: http://git.etalabs.net/cgi-bin/gitweb.cgi?p=musl;a=commitdiff;h=88c4e720317845a8e01aee03f142ba82674cd23d;hp=88798393cab009ce78fe498051072db71ba9d035 The basic idea is that a waiter stores a flag that it's waiting in the atomic semaphore value field, in addition to incrementing the waiter count. This way sem_post can see "old" waiters by examining the waiters count *before* atomically upping the semaphore value, and can see a "last minute" waiter in the old semaphore value when it atomically replaces it with compare-and-swap. The same approach works for fixing the corresponding bug in mutexes and rwlocks. Note that a similar bug also exists for barriers, and I have a clean solution for non-process-shared barriers, but no solution for process-shared barriers that's not subject to failure cases.
We have been getting the same problem on an Amazon EC2 instance running a Fedora 8 (2.6.21.7-5.fc8 kernel-xen) based image with glibc.i686 2.7-2, using the nosegneg variant. The program aborts when sem_post() returns an error and has been averaging one failure every three months. Having seen this bug report, I have been testing with a program based on the original reporters source. On an EC2 instance I have not had it run for more than 4 hours before failing (I have not seen a failure on bare metal). When a failure does occur the strace output shows the futex() syscall has been made with an invalid operation: 12072 futex(0x9152098, 0x1010101 /* FUTEX_??? */, 1) = -1 ENOSYS (Function not implemented) presumably because the PRIVATE field has been overwritten. From the glibc source repository it appears that this race was introduced when the change was made to make sem_post() only call FUTEX_WAKE when there are threads waiting. In fact, with the test program forced to use the old implementation (using .symver) I haven't had it fail. If the value and nwaiters were next to each other then they could both be accessed atomically using cmpxchg8b (on i586 and later). Perhaps then somebody skilled in the art could eliminate the race condition?
Created attachment 6206 [details] EC2 test program
Reviewing...
Hi, Just checking in to see if anyone has had a chance to look into this one at all. Many thanks in advance. Piotr
(In reply to comment #11) > Hi, > > Just checking in to see if anyone has had a chance to look into this one at > all. Many thanks in advance. > > Piotr Can anyone comment on this one, please? Thanks Piotr
Created attachment 7196 [details] A simpler test program
I've also run into this bug. Appears to be the cause of random failures in our scientific computing framework's parallel back end that have kept us from declaring it production ready for quite some time. I reproduced in debian jessie with eglibc 2.17. I've attached an even simpler test-case for purposes of reproducing in gdb (simple.c). Gdb instructions below. set target-async 1 set pagination off set non-stop on b poster b sem_wait r disas sem_post # half-finish the sem-post b *(sem_post+18) thread 2 t 2 c # run the sem_wait, destroy, and trash memory b free thread 1 t 1 c # finish the sem_post and get an error t 2 c
I'm not looking at this right now, but someone should review this if we want a change in 2.19 which is open now.
The cause of the EINVAL is that orl PRIVATE(%rdi), %esi is being performed after the semaphore value is changed. To be correct, nothing can be read from the semaphore value after the atomic instruction which changes the semaphore value. Moving the check for number of waiters to before the atomic operation, however, introduces a race condition which is even worse. There are ways around this, such as the approach we use in musl (having both a waiters counter and a new-waiter flag on the atomic so that the waiters count can be read first), but such approaches would be fairly invasive and would require careful review. I think we could fix the most common manifestation of this bug simply by moving the load of the PRIVATE field to take place before the atomic instruction. With that change, the only observably incorrect behavior possible would be invalid memory access (SIGSEGV or SIGBUS) if the storage for the semaphore was actually unmapped (munmap or negative sbrk). This is still a possibility, and thus still a bug which should be fixed, but it's much less likely/common than the EINVAL issue that was actually reported.
This is conceptually related to Bug 13690, whose resolution depends on the outcome of a POSIX request for clarification. The same kind of wording that needs to be clarified for that bug is not present in the semaphore specification, but it's essentially the same question of when POSIX synchronization objects can be safely destroyed. Therefore, I think it's good to wait for a result of the clarification request.
*** Bug 260998 has been marked as a duplicate of this bug. *** Seen from the domain http://volichat.com Page where seen: http://volichat.com/adult-chat-rooms Marked for reference. Resolved as fixed @bugzilla.
Now that the austin group have clarified the expected behaviour of mutexes (http://austingroupbugs.net/view.php?id=811) can progress be made on fixing this?
That's already work in progress.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 042e1521c794a945edc43b5bfa7e69ad70420524 (commit) from a8db092ec0c6742a9d41e1715946e90d4edfeec1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=042e1521c794a945edc43b5bfa7e69ad70420524 commit 042e1521c794a945edc43b5bfa7e69ad70420524 Author: Carlos O'Donell <carlos@systemhalted.org> Date: Wed Jan 21 00:46:16 2015 -0500 Fix semaphore destruction (bug 12674). This commit fixes semaphore destruction by either using 64b atomic operations (where available), or by using two separate fields when only 32b atomic operations are available. In the latter case, we keep a conservative estimate of whether there are any waiting threads in one bit of the field that counts the number of available tokens, thus allowing sem_post to atomically both add a token and determine whether it needs to call futex_wake. See: https://sourceware.org/ml/libc-alpha/2014-12/msg00155.html ----------------------------------------------------------------------- Summary of changes: ChangeLog | 52 +++ NEWS | 25 +- nptl/DESIGN-sem.txt | 46 -- nptl/Makefile | 5 +- nptl/sem_getvalue.c | 26 +- nptl/sem_init.c | 35 +- nptl/sem_open.c | 9 +- nptl/sem_post.c | 67 +++- nptl/sem_timedwait.c | 96 +---- nptl/sem_trywait.c | 50 --- nptl/sem_wait.c | 101 ++--- nptl/sem_waitcommon.c | 467 +++++++++++++++++++++ nptl/structsem.sym | 12 - nptl/tst-sem11.c | 9 +- nptl/tst-sem13.c | 18 +- sysdeps/nptl/internaltypes.h | 24 +- sysdeps/unix/sysv/linux/alpha/sem_post.c | 5 - sysdeps/unix/sysv/linux/i386/i486/sem_post.S | 150 ------- sysdeps/unix/sysv/linux/i386/i486/sem_timedwait.S | 327 -------------- sysdeps/unix/sysv/linux/i386/i486/sem_trywait.S | 67 --- sysdeps/unix/sysv/linux/i386/i486/sem_wait.S | 343 --------------- sysdeps/unix/sysv/linux/i386/i586/sem_post.S | 19 - sysdeps/unix/sysv/linux/i386/i586/sem_timedwait.S | 19 - sysdeps/unix/sysv/linux/i386/i586/sem_trywait.S | 19 - sysdeps/unix/sysv/linux/i386/i586/sem_wait.S | 19 - sysdeps/unix/sysv/linux/i386/i686/sem_post.S | 19 - sysdeps/unix/sysv/linux/i386/i686/sem_timedwait.S | 19 - sysdeps/unix/sysv/linux/i386/i686/sem_trywait.S | 19 - sysdeps/unix/sysv/linux/i386/i686/sem_wait.S | 19 - sysdeps/unix/sysv/linux/powerpc/sem_post.c | 71 ---- sysdeps/unix/sysv/linux/x86_64/sem_post.S | 75 ---- sysdeps/unix/sysv/linux/x86_64/sem_timedwait.S | 380 ----------------- sysdeps/unix/sysv/linux/x86_64/sem_trywait.S | 47 -- sysdeps/unix/sysv/linux/x86_64/sem_wait.S | 176 -------- 34 files changed, 732 insertions(+), 2103 deletions(-) delete mode 100644 nptl/DESIGN-sem.txt delete mode 100644 nptl/sem_trywait.c create mode 100644 nptl/sem_waitcommon.c delete mode 100644 nptl/structsem.sym delete mode 100644 sysdeps/unix/sysv/linux/alpha/sem_post.c delete mode 100644 sysdeps/unix/sysv/linux/i386/i486/sem_post.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i486/sem_timedwait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i486/sem_trywait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i486/sem_wait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i586/sem_post.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i586/sem_timedwait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i586/sem_trywait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i586/sem_wait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i686/sem_post.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i686/sem_timedwait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i686/sem_trywait.S delete mode 100644 sysdeps/unix/sysv/linux/i386/i686/sem_wait.S delete mode 100644 sysdeps/unix/sysv/linux/powerpc/sem_post.c delete mode 100644 sysdeps/unix/sysv/linux/x86_64/sem_post.S delete mode 100644 sysdeps/unix/sysv/linux/x86_64/sem_timedwait.S delete mode 100644 sysdeps/unix/sysv/linux/x86_64/sem_trywait.S delete mode 100644 sysdeps/unix/sysv/linux/x86_64/sem_wait.S
Fixed by commit 042e1521c794a945edc43b5bfa7e69ad70420524
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The annotated tag, glibc-2.21 has been created at dee233133daf497cdb3a507a7da9d88414820a1f (tag) tagging 4e42b5b8f89f0e288e68be7ad70f9525aebc2cff (commit) replaces glibc-2.20 tagged by Carlos O'Donell on Fri Feb 6 01:42:58 2015 -0500 - Log ----------------------------------------------------------------- The GNU C Library ================= The GNU C Library version 2.21 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2008. It is also internationalized and has one of the most complete internationalization interfaces known. The GNU C Library webpage is at http://www.gnu.org/software/libc/ Packages for the 2.21 release may be downloaded from: http://ftpmirror.gnu.org/libc/ http://ftp.gnu.org/gnu/libc/ The mirror list is at http://www.gnu.org/order/ftp.html NEWS for version 2.21 ===================== * The following bugs are resolved with this release: 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498, 15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16618, 16619, 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647, 17653, 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719, 17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747, 17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797, 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, 17892. * CVE-2015-1472 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. * A new semaphore algorithm has been implemented in generic C code for all machines. Previous custom assembly implementations of semaphore were difficult to reason about or ensure that they were safe. The new version of semaphore supports machines with 64-bit or 32-bit atomic operations. The new semaphore algorithm is used by sem_init, sem_open, sem_post, sem_wait, sem_timedwait, sem_trywait, and sem_getvalue. * Port to Altera Nios II has been contributed by Mentor Graphics. * Optimized strcpy, stpcpy, strncpy, stpncpy, strcmp, and strncmp implementations for powerpc64/powerpc64le. Implemented by Adhemerval Zanella (IBM). * Added support for TSX lock elision of pthread mutexes on powerpc32, powerpc64 and powerpc64le. This may improve lock scaling of existing programs on HTM capable systems. The lock elision code is only enabled with --enable-lock-elision=yes. Also, the TSX lock elision implementation for powerpc will issue a transaction abort on every syscall to avoid side effects being visible outside transactions. * Optimized strcpy, stpcpy, strchrnul and strrchr implementations for AArch64. Contributed by ARM Ltd. * i386 memcpy functions optimized with SSE2 unaligned load/store. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for command substitution when the applicaiton did not request it. The implementation now checks WRDE_NOCMD immediately before executing the shell and returns the error WRDE_CMDSUB as expected. * CVE-2012-3406 printf-style functions could run into a stack overflow when processing format strings with a large number of format specifiers. * CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.6. Older GCC versions, and non-GNU compilers, can still be used to compile programs using the GNU C Library. * The GNU C Library is now built with -Werror by default. This can be disabled by configuring with --disable-werror. * New locales: tu_IN, bh_IN, raj_IN, ce_RU. * The obsolete sigvec function has been removed. This was the original 4.2BSD interface that inspired the POSIX.1 sigaction interface, which programs have been using instead for about 25 years. Of course, ABI compatibility for old binaries using sigvec remains intact. * Merged gettext 0.19.3 into the intl subdirectory. This fixes building with newer versions of bison. * Support for MIPS o32 FPXX, FP64A and FP64 ABI Extensions. The original MIPS o32 hard-float ABI requires an FPU where double-precision registers overlay two consecutive single-precision registers. MIPS32R2 introduced a new FPU mode (FR=1) where double-precision registers extend the corresponding single-precision registers which is incompatible with the o32 hard-float ABI. The MIPS SIMD ASE and the MIPSR6 architecture both require the use of FR=1 making a transition necessary. New o32 ABI extensions enable users to migrate over time from the original o32 ABI through to the updated o32 FP64 ABI. To achieve this the dynamic linker now tracks the ABI of any loaded object and verifies that new objects are compatible. Mode transitions will also be requested as required and unsupportable objects will be rejected. The ABI checks include both soft and hard float ABIs for o32, n32 and n64. GCC 5 with GNU binutils 2.25 onwards: It is strongly recommended that all o32 system libraries are built using the new o32 FPXX ABI (-mfpxx) to facilitate the transition as this is compatible with the original and all new o32 ABI extensions. Configure a MIPS GCC compiler using --with-fp-32=xx to set this by default. Contributors ============ This release was made possible by the contributions of many people. The maintainers are grateful to everyone who has contributed changes or bug reports. These include: Adhemerval Zanella Alan Hayward Alexandre Oliva Allan McRae Anders Kaseorg Andreas Krebbel Andreas Schwab Andrew Pinski Andrew Senkevich Anton Blanchard Arjun Shankar Aurelien Jarno Bram Brooks Moses Carlos O'Donell Chris Metcalf Chung-Lin Tang David Holsgrove David S. Miller Eric Biggers Florian Weimer Gratian Crisan H.J. Lu J. Brown James Lemke Jeff Law Jose E. Marchesi Joseph Myers Kaz Kojima Kostya Serebryany Leonhard Holz Ma Shimiao Maciej W. Rozycki Marcus Shawcroft Marek Polacek Martin Sebor Matthew Fortune Mike Frysinger Ondřej Bílka Paul Eggert Paul Pluzhnikov Petar Jovanovic Pravin Satpute Rajalakshmi Srinivasaraghavan Rasmus Villemoes Renlin Li Richard Earnshaw Richard Henderson Roland McGrath Ryan Cumming Samuel Thibault Siddhesh Poyarekar Stefan Liebler Steve Ellcey Tatiana Udalova Tim Lammens Tom de Vries Torvald Riegel Vladimir A. Nazarenko Wilco Dijkstra Will Newton -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJU1GKVAAoJECXvCkNsKkr/4IYIAMfU5+NN2z44R2SeRlH+bSZG rGCF7rUzUOY+ePVNdgOH2cUKfxuLyMU6aao/IVQ863VHW1Ct/x2goVU22oqnVmvP FeElVxZyzx7iCqipqyaobj0Fm/b563/4yQ+BEOjH39Sj5Ii5kY6PcQQslMJWIH5R /nHmO048ZAlx/vGWTczAR50HOW1z8H1gilWm8SBkq2BJ8UndhSXCVpThCdMGfeBF NUxUl2aSt3eghA0SWD3WgRzRR0vU9RHuNQ5k5ggjjRPtipa8DP04t0Bk7/QiLhj1 M2upSS7r4ceZZuFGX8oYVn3f0lTajpOOeuX7SBnKIgQ8cDXtSHST6yPMAbsJRB4= =odoa -----END PGP SIGNATURE----- Adhemerval Zanella (35): PowerPC: multiarch bzero cleanup for PPC64 PowerPC: memset optimization for POWER8/PPC64 powerpc: remove linux lowlevellock.h powerpc: Fix encoding of POWER8 instruction powerpc: Simplify encoding of POWER8 instruction libio: Refactor tst-fmemopen to use test-skeleton.c powerpc: Fix missing barriers in atomic_exchange_and_add_{acq,rel} powerpc: Add powerpc64 strspn optimization powerpc: Add powerpc64 strcspn optimization powerpc: Add powerpc64 strpbrk optimization libio: Fix buffer overrun in tst-ftell-active-handler libio: Fix variable aligment in tst-ftell-active-handler powerpc: Fix lgammal_r overflow warnings Fix __sendmmsg prototype guards stdio-common: Include <libc-internal.h> in some tests Function declaration cleanup mips: Fix __libc_pread prototype powerpc: Fix compiler warning on some syscalls powerpc: Add the lock elision using HTM powerpc: Add adaptive elision to rwlocks powerpc: abort transaction in syscalls powerpc: Fix Copyright dates and CL entry Add x86 32 bit vDSO time function support powerpc: Optimized st{r,p}cpy for POWER8/PPC64 powerpc: Optimized strcat for POWER8/PPC64 powerpc: Optimized strncat for POWER7/PPC64 powerpc: Optimized st{r,p}ncpy for POWER8/PPC64 powerpc: Optimized strcmp for POWER8/PPC64 powerpc: Optimized strncmp for POWER8/PPC64 powerpc: Fix POWER7/PPC64 performance regression on LE BZ #16418: Fix powerpc get_clockfreq raciness powerpc: Fix ifuncmain6pie failure with GCC 4.9 powerpc: Fix powerpc64 build failure with binutils 2.22 powerpc: Fix fsqrt build in libm [BZ#16576] powerpc: Fix fesetexceptflag [BZ#17885] Alan Hayward (1): [AArch64] Add ipc.h. Alexandre Oliva (6): Require check-safety.sh to pass; wish for check that all fns are documented manual: cuserid is mtasurace if not passed a string ctermid: return string literal, document MT-Safety pitfall BZ#14498: fix infinite loop in nss_db_getservbyname BZ#16469: don't drop trailing dot in res_nquerydomain(..., name, NULL, ...) BZ#16469: resolv: skip leading dot in domain to search Allan McRae (5): Open development for 2.21 Update Russian translation Update French translation stdio-common/Makefile: readd bug26 testcase Label CVE-2014-9402 in NEWS Anders Kaseorg (2): manual: Remove incorrect claim that qsort() can be stabilized manual: Correct guarantee about pointers compared by qsort() Andreas Krebbel (2): stdlib/longlong.h: Add __udiv_w_sdiv prototype. iconv: Suppress array out of bounds warning. Andreas Schwab (20): Handle zero prefix length in getifaddrs (BZ #17371) Fix misdetected Slow_SSE4_2 cpu feature bit (bug 17501) Don't error out writing a multibyte character to an unbuffered stream (bug 17522) Remove unused include m68k: don't expect PLT reference to __tls_get_addr Don't touch user-controlled stdio locks in forked child (bug 12847) Update NEWS Remove duplication from gconv-modules Properly handle forced elision in pthread_mutex_trylock (bug 16657) Remove obsolete comment Constify string parameters Fix printf format error Fix changelog typo m68k: remove @PLTPC from _dl_init call Remove 17581 from NEWS m68k: force inlining bswap functions m68k: fix missing definition of __feraiseexcept m68k/coldfire: avoid warning about volatile register variables ia64: avoid set-but-not-used warning Include <signal.h> in sysdeps/nptl/allocrtsig.c Andrew Pinski (1): AArch64: Reformat inline-asm in elf_machine_load_address Andrew Senkevich (4): Update minimal required bunutils version to 2.22 i386: memcpy functions with SSE2 unaligned load/store i386: Fix build by GCC 5.0 Remove duplicated -frounding-math Anton Blanchard (1): powerpc: Fix __arch_compare_and_exchange_bool_64_rel Arjun Shankar (6): New test for ftime Write errors to stdout and not stderr in nptl/tst-setuid3.c Modify several tests to use test-skeleton.c Modify stdio-common/tst-fseek.c to use test-skeleton.c Modify stdlib/tst-bsearch.c to use test-skeleton.c Modify libio/tst-fopenloc.c to use test-skeleton.c Aurelien Jarno (2): resolv: improve comments about nserv and nservall resolv: fix rotate option Bram (1): Fix segmentation fault when LD_LIBRARY_PATH contains only non-existings paths Brooks Moses (1): sysdeps/x86_64/start.S doesn't have a .size elf directive for _start. Carlos O'Donell (22): HPPA: Transition to new non-addon NPTL. HPPA: Add c++-types.data. Correctly size profiling reloc table (bug 17411) hppa: Make __SIGRTMIN 32 (ABI break). elf/dl-load.c: Use __strdup. manual/llio.texi: Add Linux-specific comments for write(). Run check-localpltk/textrel/execstack over ld.so. manual/llio.texi: Comment on write atomicity. CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. Expand comments in elf/ldconfig.c (search_dir) Use ALIGN_UP in nptl/nptl-init.c Fix indenting in bits/ioctl-types.h. Update libc.pot: Regenerate INSTALL. Fix semaphore destruction (bug 12674). Fix recursive dlopen. tst-getpw: Rewrite. Update copyright year to 2015 for new files. hppa: Remove warnings and fix conformance errors. glibc 2.21 pre-release update. hppa: Sync with pthread.h. Update version.h and include/features.h for 2.21 release Chris Metcalf (32): tile: remove linux lowlevellock.h tilegx: optimize string copy_byte() internal function tilegx: provide optimized strnlen, strstr, and strcasestr tile: add support for _SC_LEVEL*CACHE* sysconf() queries tile: optimize memcmp tile: make the prolog of clone() more conformant tile: add clock_gettime support via vDSO tile: fix copyright header blocks in just-committed files tile: add inhibit_loop_to_libcall to string functions math: increase timeout for math/atest-*.c iconvdata/tst-loading: bump up timeout to 10s tilegx: fix strstr to build and link better tile: provide localplt.data with __tls_get_addr optional tile: remove localplt.data and use generic one again. tile: separate ffsll from ffs Update NEWS and ChangeLog with two tile bug fixes. tilegx: remove implicit boolean conversion in strstr. Fix namespace conformance issue with Bessel functions. NEWS: mention bug fix for 17747. tilegx: enable wordsize-64 support for ieee745 dbl-64. tilegx32: avoid a a -Werror warning from unwinding tilegx: fix sysdep.h to avoid a redefinition warning linux/clock_settime: remove unnecessary vDSO definitions tile: add no-op fe*() routines for libc internal use posix/Makefile: use $(objpfx) for files in before-compile. tile: prefer inlines to macros in math_private.h. Fix a couple of -Wundef warnings. Fix some warnings in the absence of FP round/exception support lround: provide cast for wordsize-64 version if needed tile: check error properly for vDSO calls posix/regcomp: initialize union structure tag to avoid warning tilegx32: set __HAVE_64B_ATOMICS to 0 Chung-Lin Tang (4): Add Nios II definitions to elf/elf.h. Remove divide from _ELF_DYNAMIC_DO_RELOC in elf/dynamic-link.h. Commit nios2 port to master. Function name typo error in non-PIC case, fixed in this patch. David Holsgrove (3): MicroBlaze: Fix integer-pointer conversion warning MicroBlaze: Fix volatile-register-var warning in READ_THREAD_POINTER MicroBlaze: Avoid pointer to integer conversion warning David S. Miller (6): Fix sparc build. Fix array bounds warnings in elf_get_dyanmic_info() on sparc with gcc-4.6 Fix soft-fp build warning on sparc about strict aliasing. Fix scanf15.c testsuite build on sparc. Fix sparc semaphore implementation after recent changes. Fix two bugs in sparc atomics. Eric Biggers (1): setenv fix memory leak when setting large, duplicate string (BZ #17658) Florian Weimer (6): Turn on -Werror=implicit-function-declaration malloc: additional unlink hardening for non-small bins [BZ #17344] Complete the removal of __gconv_translit_find Update NEWS for bug 17608 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] iconvdata/run-iconv-test.sh: Actually test iconv modules Gratian Crisan (1): arm: Re-enable PI futex support for ARM kernels >= 3.14.3 H.J. Lu (27): Require autoconf 2.69 Resize DTV if the current DTV isn't big enough Mention fix for PR 13862 Replace 1L with (mp_limb_t) 1 Compile s_llround.c with -Wno-error for x32 build Replace -Wno-error with -fno-builtin-lround Remove @PLT from "call _dl_init@PLT" in _dl_start_user Add hidden __tls_get_addr/___tls_get_addr alias Replace %ld with %jd and cast to intmax_t Replace %ld with %jd and cast to intmax_t Replace %ld with %jd and cast to intmax_t Replace %ld with %jd and cast to intmax_t Replace %ld/%lu with %jd/%ju and cast to intmax_t/uintmax_t Replace %ld with %jd and cast to intmax_t Replace %ld with %jd and cast to intmax_t Replace %ld with %jd and cast to intmax_t Replace %ld with %jd and cast to intmax_t Mention fix for BZ #17732 Mention i386 memcpy with SSE2 unaligned load/store Don't check PI_STATIC_AND_HIDDEN in i386 dl-machine.h Define CLOCKS_PER_SEC type to the type clock_t Mention bug fix for BZ #17806 Use uint64_t and (uint64_t) 1 for 64-bit int Also use uint64_t in __new_sem_wait_fast Treat model numbers 0x4a/0x4d as Silvermont Also treat model numbers 0x5a/0x5d as Silvermont Use AVX unaligned memcpy only if AVX2 is available J. Brown (1): Recognize recent x86 CPUs in string.h James Lemke (2): Fix for test "malloc_usable_size: expected 7 but got 11" Fix for test "malloc_usable_size: expected 7 but got 11" Jeff Law (1): CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] Jose E. Marchesi (1): Fix sparc struct fpu definition. Joseph Myers (141): Add new Linux 3.16 constants to netinet/udp.h. Move architecture-specific shlib-versions entries to sysdeps files. Move OS-specific shlib-versions entries to sysdeps files. Use %ifdef in sysdeps/unix/sysv/linux/powerpc/powerpc64/shlib-versions. Remove configuration name patterns from shlib-versions. Remove bitrotten --enable-oldest-abi (bug 6652). soft-fp: Correct _FP_TO_INT formatting. soft-fp: Fix comment formatting. Move some setrlimit definitions to syscalls.list (bug 14138). Clean up gnu/lib-names.h generation (bug 14171). Remove shlib-versions entries redundant with DEFAULT entries. Run tst-ld-sse-use.sh with bash. Move some *at definitions to syscalls.list (bug 14138). Move execve to syscalls.list (bug 14138). Move some chown / lchown / fchown definitions to syscalls.list (bug 14138). Support and use mixed compat/non-compat aliases in syscalls.list. Don't use INTUSE with __adjtimex (bug 14132). soft-fp: Remove FP_CLEAR_EXCEPTIONS. soft-fp: Make extensions of subnormals from XFmode to TFmode signal underflow if traps enabled. soft-fp: Refactor exception handling for comparisons. soft-fp: Fix _FP_TO_INT latent bug in overflow handling. soft-fp: Add FP_DENORM_ZERO. Remove stray *_internal aliases (bug 14132). Don't use INTDEF/INTUSE with __cxa_atexit (bug 14132). soft-fp: Support more precise "invalid" exceptions. soft-fp: Support rsigned == 2 in _FP_TO_INT. soft-fp: Use parentheses around macro arguments. Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132). Remove CANCEL-FCT-WAIVE and CANCEL-FILE-WAIVE. conformtest: clean up POSIX expections for sys/utsname.h, sys/wait.h. Move readv and writev definitions to syscalls.list (bug 14138). Don't use INTDEF with __ldexpf (bug 14132). Don't use INTDEF for powerpc32 compat symbols (bug 14132). Move some chown / lchown / fchown definitions to syscalls.list (bug 14138). Move get*id and getgroups definitions to syscalls.list (bug 14138). Move setfsgid/setfsuid definitions to syscalls.list (bug 14138). Don't use INTDEF/INTUSE in unwind-dw2-fde.c (bug 14132). Remove __libc_creat function name. Remove __libc_readv and __libc_writev function names. Move powerpc64 pread/pwrite definitions to syscalls.list (bug 14138). Add bug 15215 to NEWS; move bug 17344 to correct version's list in NEWS. Remove __libc_pselect alias. Update autoconf version requirement in install.texi. Make aclocal.m4 comment mention updating install.texi for autoconf version. Remove __libc_nanosleep function name. soft-fp: Add _FP_TO_INT_ROUND. Don't use INTDEF/INTUSE with _dl_argv (bug 14132). Don't use INTDEF/INTUSE with _dl_init (bug 14132). Don't use INTDEF/INTUSE with _dl_mcount (bug 14132). Remove INTDEF / INTUSE / INTVARDEF (bug 14132). Remove __libc_waitpid function name. Fix tzfile.c namespace (bug 17583). Fix __getcwd rewinddir namespace (bug 17584). Fix malloc_info namespace (bug 17570). Fix qsort_r namespace (bug 17571). Fix x86_64 rawmemchr namespace (bug 17572). Fix stpcpy / mempcpy namespace (bug 17573). Fix __printf_fp wmemset namespace (bug 17574). Fix __get_nprocs fgets_unlocked namespace (bug 17582). Fix locale memmem namespace (bug 17585). Fix localealias.c fgets_unlocked namespace (bug 17589). Add tests for namespace for static linking. Fix strtoll / strtoull namespace for 32-bit (bug 17594). Use prototype definition for __strtol. Fix build of C mempcpy and stpcpy. Require GCC 4.6 or later to build glibc. Only declare __sigpause in installed signal.h when necessary. Remove ARM __GNUC_PREREQ(4,4) conditionals. Remove x86_64 __GNUC_PREREQ (4, 6) conditional. Fix libm mpone, mptwo namespace (bug 17616). Fix perror fileno namespace (bug 17633). Fix warning in posix/bug-regex31.c. Fix warning in stdio-common/tst-printf-round.c. Fix warning in setjmp/jmpbug.c. Fix test-strchr.c warnings for wide string testing. Remove TEST_IFUNC, tests-ifunc and *-ifunc.c tests. Fix warnings in fwscanf / rewind tests. FIx ldbl-128ibm frexpl for 32-bit systems (bug 16619, bug 16740). Fix sysdeps/unix/sysv/linux/arm/libc-do-syscall.S warning. Fix nptl/tst-cancel-self-cancelstate.c warning. Fix sysdeps/mips/__longjmp.c warning. Avoid warnings for unused results in nscd/connections.c. Fix nss/tst-nss-test1.c format warning. Fix stdio-common/tst-fmemopen.c format warnings. Fix dlfcn/failtestmod.c warning. Fix libio/bug-ungetwc1.c warning. Avoid deprecated sigblock in misc/tst-pselect.c. Make linknamespace tests check only relevant libraries. Fix elf/tst-unique4lib.cc warning. Fix fgets_unlocked namespace issues (bug 17664). Remove excess declarations from unistd.h for XPG3/XPG4 (bug 17665). Fix warning in posix/tst-getopt_long1.c. Fix -Waddress warnings in nptl/tst-mutex1.c. Fix warning in nptl/tst-stack4.c. Fix getifaddrs, freeifaddrs namespace (bug 17668). Remove some linknamespace test XFAILs. Fix linknamespace getdate_err handling. Fix linknamespace h_errno handling. Fix pthreads getrlimit, gettimeofday namespace (bug 17682). Add macros for diagnostic control, use for scanf %a tests. Disable -Wdiv-by-zero for some tests in stdio-common/tst-unlockedio.c. Disable -Wdeprecated-declarations for register_printf_function calls in tst-printfsz.c. Use -Werror by default, add --disable-werror. Fix tst-ftell-active-handler.c warning. Fix strftime wcschr namespace (bug 17634). Fix MIPS sigaction build. Fix MIPS waitid build. Clean up localedata tests printf formats, don't use -Wno-format. Add more headers to include/ for conform tests. Move semaphore.h to sysdeps/pthread/. Remove some semaphore.h linknamespace XFAILs. Fix resolver if_* namespace (bug 17717). Fix x86_64 memrchr namespace (bug 17719). Fix resolver inet_* namespace (bug 17722). Fix profil_counter namespace (bug 17725). Fix resolver bind, getsockname namespace (bug 17733). Split __kernel_standard* functions (fixes bug 17724). Make __ASSUME_UTIMES hppa-specific. Fix libm feraiseexcept namespace (bug 17723). Clean up powerpc fegetround / __fegetround inlines. Fix libm fegetenv namespace (bug 17748). Update copyright dates with scripts/update-copyrights. Update copyright dates not handled by scripts/update-copyrights. Use single year in copyright notice in banner in ntpl/version.c. Fix MIPS bits/fcntl.h namespace (bug 17780). Fix MIPS sa_flags type (bug 17781). Fix MIPS TIOCSER_TEMT namespace (bug 17782). Fix libm fegetround namespace (bug 17748). Fix wordsize-64 posix_fadvise64, posix_fallocate64 namespace (bug 17777). Fix isblank / isascii / toascii namespace (bug 17635). Fix ARM posix_fadvise64 namespace (bug 17793). Fix MIPS n64 posix_fadvise namespace (bug 17796). Fix libm feholdexcept namespace (bug 17748). Fix libm fesetenv namespace (bug 17748). Fix libm fesetround namespace (bug 17748). Fix libm feupdateenv namespace (bug 17748). Fix ldbl-96 scalblnl for subnormal arguments (bug 17834). Fix ldbl-96 scalblnl underflowing results (bug 17803). Fix powerpc-nofpu fesetenv namespace (bug 17748). soft-fp: Use __label__ for all labels within macros. Disable 64-bit atomics for MIPS n32. Kaz Kojima (1): * Fix SH specific compiler warnings which are for integer-pointer Kostya Serebryany (3): remove nested function hack_digit remove nested functions from elf/dl-deps.c remove nested functions from elf/dl-load.c Leonhard Holz (4): strcoll: improve performance by removing the cache (#15884) Fix tst-strcoll-overflow returning before timeout (BZ #17506) Speed up strcoll by inlining Fix memory handling in strxfrm_l [BZ #16009] Ma Shimiao (1): manual: fix addmntent's MT-Safety race annotation Maciej W. Rozycki (1): MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference Marcus Shawcroft (1): Fix ChangeLog formatting of previous commit. Marek Polacek (1): Fix tst_wcscpy.c test. Martin Sebor (1): Clarify math/README.libm-test. Add "How to read the test output." Matthew Fortune (5): Add a hook to enable load-time inspection of program headers Add support for MIPS O32 FPXX and .MIPS.abiflags Fix MIPS variable PAGE_SIZE bug (16191) NEWS for MIPS ABIs MicroBlaze: Fix BZ17791 - Remove fixed page size macros and others Mike Frysinger (1): arm: drop EABI check Ondřej Bílka (8): Sync recvmmsg prototype with kernel usage. Fix typo in changelog. Return allocated array instead of unallocated. Simplify strncat. Clean up check_pf allocation pattern. addresses Add changelog Suppress warning in string/tester.c for gcc 4.9 Revert "Suppress warning in string/tester.c for gcc 4.9" Paul Eggert (1): fnmatch: work around GCC compiler warning bug with uninit var Paul Pluzhnikov (1): CVE-2015-1472: wscanf allocates too little memory Petar Jovanovic (1): mips: Do not use jal to reach __libc_start_main Pravin Satpute (2): New locale ce_RU (BZ #17192) New locale raj_IN (#16857) Rajalakshmi Srinivasaraghavan (3): powerpc: strtok{_r} optimization for powerpc64 powerpc: POWER7 strcpy optimization for unaligned strings powerpc: Optimize POWER7 strcmp trailing checks Rasmus Villemoes (1): Fix prototype of eventfd. Renlin Li (1): [AArch64] End frame record chain correctly. Richard Earnshaw (5): [AArch64] Add optimized strchrnul. [AArch64] Fix strchrnul clobbering v15 * string/stpcpy.c (__stpcpy): Rewrite using strlen and memcpy. AArch64 optimized implementation of strrchr. AArch64: Optimized implementations of strcpy and stpcpy. Richard Henderson (2): alpha: Fix soft-fp breakage Add -Wno-trampolines as needed Roland McGrath (62): Move findidx nested functions to top-level. Don't use a nested function in rpmatch. Minor cleanup in ld-ctype.c Minor cleanup in locale.c Remove unnecessarily nested function in do_lookup_unique. BZ#17460: Fix buffer overrun in nscd --help. Remove sysdeps/arm/soft-fp directory. Fix NPTL build error when missing __NR_set_robust_list. NPTL: Conditionalize more uses of SIGCANCEL and SIGSETXID. NPTL: Conditionalize direct futex syscall uses. NPTL: Clean up THREAD_SYSINFO macros. Remove obsolete TLS_DEFINE_INIT_TP fallback. Make internal lock-init macros return void. NPTL: Add some missing #include's NPTL: Clean up gratuitous Linuxism in libpthread.so entry point. Tiny refactoring in fts to eliminate a warning. Avoid local PLT reference in __nptl_main. ARM: Use movw/movt more when available Rework some nscd code not to use variable-length struct types. Prototypify htonl and htons definitions. Rework compiler version check in configure. Clean up wchar_t conversion code in iconv program. Clean up internal ctype.h header. BZ#17496: Fix gnu/lib-names.h dependency. NPTL: Move __libc_multiple_threads_ptr defn to nptl-init.c Remove sigvec. NPTL: Refactor createthread.c NPTL: Move Linux-specific createthread.c to sysdeps. NPTL: Add stub createthread.c Test that pthread_create diagnoses invalid scheduling parameters. NPTL: Don't (re)validate sched_priority in pthread_create. NPTL: Refactor scheduler setup in pthread_create. NPTL: Conditionalize asynchronous cancellation support on [SIGCANCEL]. NPTL: Use __libc_fatal in unwind.c. NPTL: Fix pthread_create regression from default-sched.h refactoring. De-warning a few stubs. Fix -Wformat-security warnings in posix/regexbug1.c Eliminate -Wno-format from printf/scanf tests. Suppress -Wformat-security in tst-error1.c. Refactor shm_{open,unlink} code to separate Linux-specific directory choice from POSIX-generic code. Fix NPTL build for !__ASSUME_SET_ROBUST_LIST case. NPTL: Add stubs for Linux-only extension functions. NPTL: Refactor named semaphore code to use shm-directory.h Use pragmas rather than makefiles for necessary options for unwind code. Revert "Use pragmas rather than makefiles for necessary options for unwind code." Use PTR_MANGLE on libgcc unwinder function pointers. Remove explicit inline on malloc perturb functions. Fix stub __if_freenameindex build error. NPTL: Remove gratuitous Linuxisms from gai_misc.h. NPTL: Move fork state variables to initializer files. ARM: Consolidate with generic unwinder wrapper code NPTL: Refactor cpu_set_t validation to be sysdeps-controlled Add stub sys/procfs.h file NPTL: Fixed missed conditionalization of setxid hooey. NPTL: Fix generic pthread_sigmask. Fix copyright year on new stub sys/procfs.h file. Clean up allocrtsig code. Some #include cleanup in aio/timer code. Fix shm-directory.h #include. Remove some references to bcopy/bcmp/bzero. Add missing libc_hidden_def to stub getrlimit64. Add missing libc_hidden_weak to stub if_nameindex, if_freenameindex. Ryan Cumming (1): Define CLOCK_TAI on Linux (bug 17608) Samuel Thibault (1): hurd: Fix dlopening libraries from static programs Siddhesh Poyarekar (53): Return failure in getnetgrent only when all netgroups have been searched (#17363) Enhance tst-xmmymm.sh to detect zmm register usage in ld.so (BZ #16194) Fix typo in macro names in sysconf.c Add correct variable names for _POSIX_IPV6 and _POSIX_RAW_SOCKETS Remove _POSIX_REGEX_VERSION Revert to defining __extern_inline only for gcc-4.3+ (BZ #17266) Add NEWS entry for previous commit Fix memory leak in error path of do_ftell_wide (BZ #17370) Make __extern_always_inline usable on clang++ again Assume that all _[PS]C_* and _CS_* macros are always defined Include .interp section only for libc.so Remove CFLAGS for interp.c Fix infinite loop in check_pf (BZ #12926) Fix up incorrect formatting in last commit Fix stack alignment when loader is invoked directly Use GOT instead of GOT12 all over Add new macro IN_MODULE to identify module in which source is built Fix -Wundef warning in SHLIB_COMPAT Auto-generate libc-modules.h Use MODULE_NAME in stap-probe instead of IN_LIB Remove IN_LIB Define IN_MODULE for translation units that define NOT_IN_libc Remove IS_IN_libc Remove IS_IN_ldconfig Remove IS_IN_nscd Remove IS_IN_libdl Remove IS_IN_librt Remove IS_IN_libpthread Remove IS_IN_libm Remove IS_IN_rtld Remove last place for definition of IS_IN_* macros Remove NOT_IN_libc Use IS_IN internally only Don't use __warn_memset_zero_len for gcc-5.0 or newer Update NEWS for previous two commits ftell: seek to end only when there are unflushed bytes (BZ #17647) tst-ftell-active-handler: Open file with O_TRUNC for w modes Reset cached offset when reading to end of stream (BZ #17653) Fix up function definition style Fix date in ChangeLog Fix another typo in the ChangeLog Fix 'array subscript is above array bounds' warning in res_send.c Fix the 'array subscript is above array bounds' warning correctly Remove Wundef warnings for specification macros Add _POSIX namespace SYSCONF macros to posix-conf-vars.list Use posix-conf-vars.list to generate spec array Make type for spec variable size as size_t Use one-dimension arrays in gen-posix-conf-vars.awk Remove uses of sprintf in gen-posix-conf-vars.awk Fix typo in ChangeLog [s390] Define a __tls_get_addr macro to avoid declaring it again Initialize nscd stats data [BZ #17892] Fix up ChangeLog formatting Stefan Liebler (13): S/390: Get rid of warning: the comparision will always evaluate as false. S/390: Get rid of warning unused variable in dl-machine.h. S/390: Add SystemTap probes to longjmp and setjmp. S/390: dl-machine.h: Use numbered labels in inline assembly. Add missing include of libc-internal.h. S/390: Get rid of assembler warning value truncated. Get rid of warning inlining failed in call to maybe_swap_uint32 Get rid of warning comparision will always evaluate as true resolv: Suppress maybe uninitialized warning Get rid of format warning in tst-widetext.c. Get rid of format warning in bug-vfprintf-nargs.c. S390: Get rid of linknamespace failures for string functions. S390: Get rid of linknamespace failures for utmp functions. Steve Ellcey (19): Modify ABI tests in MIPS preconfigure. Put mips preconfigure code inside mips* case statement. * sysdeps/mips/strcmp.S: New. Remove extra whitespace from end of line. 2014-12-10 Steve Ellcey <sellcey@imgtec.com> 2014-12-11 Steve Ellcey <sellcey@imgtec.com> * sysdeps/mips/dl-trampoline.c: Modify switch expression to have 2014-12-17 Steve Ellcey <sellcey@imgtec.com> 2014-12-19 Steve Ellcey <sellcey@imgtec.com> 2014-12-19 Steve Ellcey <sellcey@imgtec.com> Remove trailing white space. Add missing ChangeLog entries from Friday (Dec 19, 2014). Remove trailing whitespace. 2014-12-22 Steve Ellcey <sellcey@imgtec.com> Fix preprocessor indentation in sysdeps/mips/memcpy.S. 2015-01-05 Steve Ellcey <sellcey@imgtec.com> 2015-01-05 Steve Ellcey <sellcey@imgtec.com> 2015-01-05 Steve Ellcey <sellcey@imgtec.com> Merge branch 'master' of ssh://sourceware.org/git/glibc Tatiana Udalova (1): New Bhilodi and Tulu locales (BZ #17475) Tim Lammens (1): Fix memory leak in libio/wfileops.c do_ftell_wide [BZ #17370] Tom de Vries (1): Fix crossreference to nonexistent node BSD Handler Torvald Riegel (24): pthread_once: Clean up constants. pthread_once: Add fast path and remove x86 variants. Fix SPARC atomic_write_barrier. powerpc: Change atomic_write_barrier to have release semantics. Add arch-specific configuration for C11 atomics support. Add atomic operations similar to those provided by C11. Add tests for C11-like atomic operations. Use C11 atomics in pthread_once. microblaze: 64b atomic operations are not supported. Fix synchronization of TPP min/max priorities. Remove custom pthread_once implementation on sh. Remove custom pthread_once implementation on s390. Fix nptl/tst-mutex5.c: Do not skip tests if elision is enabled. Fix nptl/tst-sem4: always start with a fresh semaphore. Add comments for the generic lowlevellock implementation. Fix warning in elf/tst-unique4lib.cc. Fix warning in misc/tst-mntent2.c. Ignore warning in string/tester.c. sh: Remove custom lowlevellock, barrier, condvar, and rwlock implementations. Use generic lowlevellock-futex.h in x86_64 lowlevellock.h. i386: Move futex functions from lowlevellock.h to lowlevellock-futex.h. MicroBlaze: Remove custom pthread_once implementation on microblaze. MicroBlaze: Remove custom lowlevellock.h. Fix wake-up in sysdeps/nptl/fork.c. Vladimir A. Nazarenko (1): Fix incorrect mount table entry parsing in __getmntent_r Wilco Dijkstra (18): Remove spaces. Remove an unused include. Cleanup fesetexceptflag to use the same logic as the ARM version. No functional changes. Cleanup feclearexcept to use the same logic as the ARM version. No functional changes. Cleanup fedisableexcept to use the same logic as the ARM version. No functional changes. Cleanup feenableexcept to use the same logic as the ARM version. No functional changes. Call get_rounding_mode rather than duplicating functionality. Call libc_feholdexcept_aarch64 from math_private.h rather than duplicating functionality. Call libc_fetestexcept_aarch64 from math_private.h rather than duplicating functionality. This patch improves strcat performance by using strlen and strcpy. Strlen has a fast C This patch improves strncat performance by using strlen. Strlen has a fast C implementation, so Improve strcpy performance. Improve performance of strncpy. Fix typo. Call libc_fesetround_aarch64. Call libc_fetestexcept_aarch64. Optimize to reduce FPCR/FPSR accesses. Optimize to avoid an unnecessary FPCR read. Will Newton (10): ARM: Don't define _SYS_AUXV_H in sysdep.h Allow cross-building of tests stdlib/tst-strtod-round.c: Fix build on ARM benchtests: Add malloc microbenchmark AArch64: Update relocations for ILP32 AArch64: Use ELF macros rather than Elf64 throughout intl: Merge with gettext version 0.19.3 Bump required version of texinfo to 4.7 Require bison 2.7 or newer for regenerating intl/plural.y ARM: Remove configure check for binutils 2.21 for ARMv7 -----------------------------------------------------------------------