Joseph Myers [Tue, 24 May 2016 17:44:46 +0000 (17:44 +0000)]
Do not raise "inexact" from generic floor (bug 15479).
C99 and C11 allow but do not require ceil, floor, round and trunc to
raise the "inexact" exception for noninteger arguments. TS 18661-1
requires that this exception not be raised by these functions. This
aligns them with general IEEE semantics, where "inexact" is only
raised if the final step of rounding the infinite-precision result to
the result type is inexact; for these functions, the
infinite-precision integer result is always representable in the
result type, so "inexact" should never be raised.
The generic implementations of ceil, floor and round functions contain
code to force "inexact" to be raised. This patch removes it for floor
functions to align them with TS 18661-1 in this regard. Note that
some architecture-specific versions may still raise "inexact", so the
tests are not updated and the bug is not yet fixed.
Tested for x86_64, x86 and mips64.
[BZ #15479]
* sysdeps/ieee754/dbl-64/s_floor.c: Do not mention "inexact"
exception in comment.
(huge): Remove variable.
(__floor): Do not force "inexact" exception.
* sysdeps/ieee754/dbl-64/wordsize-64/s_floor.c: Do not mention
"inexact" exception in comment.
(huge): Remove variable.
(__floor): Do not force "inexact" exception.
* sysdeps/ieee754/flt-32/s_floorf.c: Do not mention "inexact"
exception in comment.
(huge): Remove variable.
(__floorf): Do not force "inexact" exception.
* sysdeps/ieee754/ldbl-128/s_floorl.c: Do not mention "inexact"
exception in comment.
(huge): Remove variable.
(__floorl): Do not force "inexact" exception.
Joseph Myers [Tue, 24 May 2016 17:42:10 +0000 (17:42 +0000)]
Do not raise "inexact" from generic ceil (bug 15479).
C99 and C11 allow but do not require ceil, floor, round and trunc to
raise the "inexact" exception for noninteger arguments. TS 18661-1
requires that this exception not be raised by these functions. This
aligns them with general IEEE semantics, where "inexact" is only
raised if the final step of rounding the infinite-precision result to
the result type is inexact; for these functions, the
infinite-precision integer result is always representable in the
result type, so "inexact" should never be raised.
The generic implementations of ceil, floor and round functions contain
code to force "inexact" to be raised. This patch removes it for ceil
functions to align them with TS 18661-1 in this regard. Note that
some architecture-specific versions may still raise "inexact", so the
tests are not updated and the bug is not yet fixed.
Tested for x86_64, x86 and mips64.
[BZ #15479]
* sysdeps/ieee754/dbl-64/s_ceil.c: Do not mention "inexact"
exception in comment.
(huge): Remove variable.
(__ceil): Do not force "inexact" exception.
* sysdeps/ieee754/dbl-64/wordsize-64/s_ceil.c: Do not mention
"inexact" exception in comment.
(huge): Remove variable.
(__ceil): Do not force "inexact" exception.
* sysdeps/ieee754/flt-32/s_ceilf.c (huge): Remove variable.
(__ceilf): Do not force "inexact" exception.
* sysdeps/ieee754/ldbl-128/s_ceill.c: Do not mention "inexact"
exception in comment.
(huge): Remove variable.
(__ceill): Do not force "inexact" exception.
H.J. Lu [Tue, 24 May 2016 15:44:10 +0000 (08:44 -0700)]
Avoid an extra branch to PLT for -z now
When --enable-bind-now is used to configure glibc build, we can avoid
an extra branch to the PLT entry by using indirect branch via the GOT
slot instead, which is similar to the first instructuon in the PLT
entry. Changes in the shared library sizes in text sections:
Shared library Before (bytes) After (bytes)
libm.so 10608131060797
libmvec.so 160881 160805
libpthread.so 94992 94984
librt.so 25064 25048
* config.h.in (BIND_NOW): New.
* configure.ac (BIND_NOW): New. Defined for --enable-bind-now.
* configure: Regenerated.
* sysdeps/x86_64/sysdep.h (JUMPTARGET)[BIND_NOW]: Defined to
indirect branch via the GOT slot.
Stefan Liebler [Tue, 24 May 2016 08:39:13 +0000 (10:39 +0200)]
S390: Implement mempcpy with help of memcpy. [BZ #19765]
There exist optimized memcpy functions on s390, but no optimized mempcpy.
This patch adds mempcpy entry points in memcpy.S files, which
use the memcpy implementation. Now mempcpy itself is also an IFUNC function
as memcpy is and the variants are listed in ifunc-impl-list.c.
The s390 string.h does not define _HAVE_STRING_ARCH_mempcpy.
Instead mempcpy string/string.h inlines memcpy() + n.
If n is constant and small enough, GCC emits instructions like mvi or mvc
and avoids the function call to memcpy.
If n is not constant, then memcpy is called and n is added afterwards.
If _HAVE_STRING_ARCH_mempcpy would be defined, mempcpy would be called in
every case.
According to PR70140 "Inefficient expansion of __builtin_mempcpy"
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70140) GCC should handle a
call to mempcpy in the same way as memcpy. Then either the mempcpy macro
in string/string.h has to be removed or _HAVE_STRING_ARCH_mempcpy has to
be defined for S390.
ChangeLog:
[BZ #19765]
* sysdeps/s390/mempcpy.S: New File.
* sysdeps/s390/multiarch/mempcpy.c: Likewise.
* sysdeps/s390/multiarch/Makefile (sysdep_routines): Add mempcpy.
* sysdeps/s390/multiarch/ifunc-impl-list.c (__libc_ifunc_impl_list):
Add mempcpy variants.
* sysdeps/s390/s390-32/memcpy.S: Add mempcpy entry point.
(memcpy): Adjust to be usable from mempcpy entry point.
(__memcpy_mvcle): Likewise.
* sysdeps/s390/s390-64/memcpy.S: Likewise.
* sysdeps/s390/s390-32/multiarch/memcpy-s390.S: Add entry points
____mempcpy_z196, ____mempcpy_z10 and add __GI_ symbols for mempcpy.
(__memcpy_z196): Adjust to be usable from mempcpy entry point.
(__memcpy_z10): Likewise.
* sysdeps/s390/s390-64/multiarch/memcpy-s390x.S: Likewise.
Stefan Liebler [Tue, 24 May 2016 08:39:13 +0000 (10:39 +0200)]
S390: Do not call memcpy, memcmp, memset within libc.so via ifunc-plt.
On s390, the memcpy, memcmp, memset functions are IFUNC symbols,
which are created with s390_libc_ifunc-macro.
This macro creates a __GI_ symbol which is set to the
ifunced symbol. Thus calls within libc.so to e.g. memcpy
result in a call to *ABS*+0x954c0@plt stub and afterwards
to the resolved memcpy-ifunc-variant.
This patch sets the __GI_ symbol to the default-ifunc-variant
to avoid the plt call. The __GI_ symbols are now created at the
default variant of ifunced function.
Stefan Liebler [Tue, 24 May 2016 08:39:13 +0000 (10:39 +0200)]
S390: Use 64bit instruction to check for copies of > 1MB with mvcle.
The __memcpy_default variant on s390 64bit calculates the number of
256byte blocks in a 64bit register and checks, if they exceed 1MB
to jump to mvcle. Otherwise a mvc-loop is used. The compare-instruction
only checks a 32bit value.
This patch uses a 64bit compare.
ChangeLog:
* sysdeps/s390/s390-64/memcpy.S (memcpy):
Use cghi instead of chi to compare 64bit value.
Stefan Liebler [Tue, 24 May 2016 08:39:13 +0000 (10:39 +0200)]
S390: Use mvcle for copies > 1MB on 32bit with default memcpy variant.
If more than 255 bytes should be copied, the algorithm jumps away.
Before this patch, it jumps to the mvc-loop (.L_G5_12).
Now it jumps first to the "> 1MB" check, which jumps away to
__memcpy_mvcle. Otherwise, the mvc-loop (.L_G5_12) copies the bytes.
ChangeLog:
* sysdeps/s390/s390-32/memcpy.S (memcpy):
Jump to 1MB check before executing mvc-loop.
Florian Weimer [Tue, 24 May 2016 06:05:15 +0000 (08:05 +0200)]
malloc: Correct malloc alignment on 32-bit architectures [BZ #6527]
After the heap rewriting added in commit 4cf6c72fd2a482e7499c29162349810029632c3f (malloc: Rewrite dumped heap
for compatibility in __malloc_set_state), we can change malloc alignment
for new allocations because the alignment of old allocations no longer
matters.
We need to increase the malloc state version number, so that binaries
containing dumped heaps of the new layout will not try to run on
previous versions of glibc, resulting in obscure crashes.
This commit addresses a failure of tst-malloc-thread-fail on the
affected architectures (32-bit ppc and mips) because the test checks
pointer alignment.
Florian Weimer [Mon, 23 May 2016 18:18:34 +0000 (20:18 +0200)]
CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ #20112]
The call is technically in a loop, and under certain circumstances
(which are quite difficult to reproduce in a test case), alloca
can be invoked repeatedly during a single call to clntudp_call.
As a result, the available stack space can be exhausted (even
though individual alloca sizes are bounded implicitly by what
can fit into a UDP packet, as a side effect of the earlier
successful send operation).
Florian Weimer [Mon, 23 May 2016 17:43:09 +0000 (19:43 +0200)]
Make padding in struct sockaddr_storage explicit [BZ #20111]
This avoids aliasing issues with GCC 6 in -fno-strict-aliasing
mode. (With implicit padding, not all data is copied.)
This change makes it explicit that struct sockaddr_storage is
only 126 bytes large on m68k (unlike elsewhere, where we end up
with the requested 128 bytes). The new test case makes sure that
this does not happen on other architectures.
Joseph Myers [Mon, 23 May 2016 15:25:34 +0000 (15:25 +0000)]
conformtest: Correct some limits.h expectations for XPG3, XPG4.
The conform/ test of limits.h namespace for XPG3 was failing because
of NL_* and NZERO defines. Those symbols are EX-shaded, not
UX-shaded, so it's correct for them to be defined for XPG3; this patch
corrects the expectations accordingly. (Actually it looks like they
should not be listed as optional for these standards, but that's
another matter.)
Tested for x86_64 and x86.
* conform/data/limits.h-data (CHARCLASS_NAME_MAX): Also expect for
[XPG3 || XPG4].
(NL_ARGMAX): Also expect for [XPG3].
(NL_LANGMAX): Likewise.
(NL_MSGMAX): Likewise.
(NL_NMAX): Likewise.
(NL_SETMAX): Likewise.
(NL_TEXTMAX): Likewise.
(NZERO): Likewise.
(TMP_MAX): Likewise.
* conform/Makefile (test-xfail-XPG3/limits.h/conform): Remove
variable.
Joseph Myers [Mon, 23 May 2016 13:27:37 +0000 (13:27 +0000)]
Update sysdeps/unix/sysv/linux/bits/socket.h for Linux 4.6.
This patch updates sysdeps/unix/sysv/linux/bits/socket.h for new
constants added in Linux 4.6. AF_KCM / PF_KCM are added. SOL_KCM is
new, and I added a lot of SOL_* values postdating the last one present
in the header, since I saw no apparent reason for the set in glibc to
stop at SOL_IRDA. MSG_BATCH is added; Linux also has
MSG_SENDPAGE_NOTLAST which is not in glibc, but given the comment
starts "sendpage() internal" I presume it's correct for it not to be
in glibc.
(Note that this is a case where the Linux kernel header with userspace
relevant values is *not* a uapi header but include/linux/socket.h - I
don't know why, but at least this header, as well as uapi headers,
needs reviewing for glibc-relevant changes each release.)
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* sysdeps/unix/sysv/linux/bits/socket.h (PF_KCM): New macro.
(PF_MAX): Update value.
(AF_KCM): New macro.
(SOL_NETBEUI): Likewise.
(SOL_LLC): Likewise.
(SOL_DCCP): Likewise.
(SOL_NETLINK): Likewise.
(SOL_TIPC): Likewise.
(SOL_RXRPC): Likewise.
(SOL_PPPOL2TP): Likewise.
(SOL_BLUETOOTH): Likewise.
(SOL_PNPIPE): Likewise.
(SOL_RDS): Likewise.
(SOL_IUCV): Likewise.
(SOL_CAIF): Likewise.
(SOL_ALG): Likewise.
(SOL_NFC): Likewise.
(SOL_KCM): Likewise.
(MSG_BATCH): New enum value and macro.
Joseph Myers [Fri, 20 May 2016 19:45:06 +0000 (19:45 +0000)]
conformtest: Correct ftw.h expectations for XPG3, XPG4.
This patch corrects various conformtest expectations in ftw.h for XPG3
and XPG4.
Tested for x86_64 and x86.
* conform/data/ftw.h-data (struct FTW): Do not expect for [XPG3].
(FTW_DP): Do not expect for [XPG3 || XPG4].
(FTW_SL): Do not expect for [XPG3].
(FTW_SLN): Likewise.
(FTW_PHYS): Likewise.
(FTW_MOUNT): Likewise.
(FTW_DEPTH): Likewise.
(FTW_CHDIR): Likewise.
(nftw): Likewise.
* conform/Makefile (test-xfail-XPG3/ftw.h/conform): Remove
variable.
Joseph Myers [Thu, 19 May 2016 20:10:56 +0000 (20:10 +0000)]
Implement proper fmal for ldbl-128ibm (bug 13304).
ldbl-128ibm had an implementation of fmal that just did (x * y) + z in
most cases, with no attempt at actually being a fused operation.
This patch replaces it with a genuine fused operation. It is not
necessarily correctly rounding, but should produce a result at least
as accurate as the long double arithmetic operations in libgcc, which
I think is all that can reasonably be expected for such a non-IEEE
format where arithmetic is approximate rather than rounded according
to any particular rule for determining the exact result. Like the
libgcc arithmetic, it may produce spurious overflow and underflow
results, and it falls back to the libgcc multiplication in the case of
(finite, finite, zero).
This concludes the fixes for bug 13304; any subsequently found fma
issues should go in separate Bugzilla bugs. Various other pieces of
bug 13304 were fixed in past releases over the past several years.
Tested for powerpc.
[BZ #13304]
* sysdeps/ieee754/ldbl-128ibm/s_fmal.c: Include <fenv.h>,
<float.h>, <math_private.h> and <stdlib.h>.
(add_split): New function.
(mul_split): Likewise.
(ext_val): New typedef.
(store_ext_val): New function.
(mul_ext_val): New function.
(compare): New function.
(add_split_ext): New function.
(__fmal): After checking for Inf, NaN and zero, compute result as
an exact sum of scaled double values in round-to-nearest before
adding those up and adjusting for other rounding modes.
* math/auto-libm-test-in: Remove xfail-rounding:ldbl-128ibm from
tests of fma.
* math/auto-libm-test-out: Regenerated.
H.J. Lu [Thu, 19 May 2016 15:49:45 +0000 (08:49 -0700)]
Remove alignments on jump targets in memset
X86-64 memset-vec-unaligned-erms.S aligns many jump targets, which
increases code sizes, but not necessarily improve performance. As
memset benchtest data of align vs no align on various Intel and AMD
processors
Joseph Myers [Thu, 19 May 2016 14:35:41 +0000 (14:35 +0000)]
conformtest: Correct search.h expectations for XPG3.
This patch corrects some conformtest expectations for search.h for
XPG3.
Tested for x86_64 and x86.
* conform/data/search.h-data (insque): Do not expect for [XPG3].
(remque): Likewise.
* conform/Makefile (test-xfail-XPG3/search.h/conform): Remove
variable.
H.J. Lu [Wed, 18 May 2016 20:41:43 +0000 (13:41 -0700)]
Don't call internal __pthread_unwind via PLT
Add PTHREAD_UNWIND to replace JUMPTARGET(__pthread_unwind) and define
it to __GI___pthread_unwind within libpthread.
* sysdeps/unix/sysv/linux/x86_64/cancellation.S (PTHREAD_UNWIND):
New
(__pthread_unwind): Renamed to ...
(PTHREAD_UNWIND): This.
(__pthread_enable_asynccancel): Replace
JUMPTARGET(__pthread_unwind) with PTHREAD_UNWIND.
H.J. Lu [Wed, 18 May 2016 12:48:56 +0000 (05:48 -0700)]
Clear destination buffer updated by the previous run
Clear the destination buffer updated by the previous run in bench-memcpy.c
and test-memcpy.c to catch the error when the following implementations do
not copy anything.
[BZ #19907]
* benchtests/bench-memcpy.c (do_one_test): Clear the destination
buffer updated by the previous run.
* string/test-memcpy.c (do_one_test): Likewise.
* benchtests/bench-memmove.c (do_one_test): Add a comment.
* string/test-memmove.c (do_one_test): Likewise.
Joseph Myers [Tue, 17 May 2016 15:51:55 +0000 (15:51 +0000)]
Do not declare grantpt, ptsname, unlockpt in stdlib.h for XPG3 (bug 20094).
stdlib.h declares grantpt, ptsname, unlockpt for __USE_XOPEN. This
patch corrects the condition to __USE_XOPEN_EXTENDED (these functions
are new in XPG4).
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
[BZ #20094]
* stdlib/stdlib.h (grantpt): Declare if [__USE_XOPEN_EXTENDED],
not [__USE_XOPEN].
(unlockpt): Likewise.
(ptsname): Likewise.
* conform/Makefile (test-xfail-XPG3/stdlib.h/conform): Remove
variable.
Joseph Myers [Tue, 17 May 2016 15:48:29 +0000 (15:48 +0000)]
Fix stdlib.h rand_r namespace (bug 20074).
stdlib.h declares rand_r if __USE_POSIX; i.e., POSIX.1:1990. But
rand_r was added along with threads, so the condition should be
__USE_POSIX199506. This patch corrects the condition.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20074]
* stdlib/stdlib.h (rand_r): Declare if [__USE_POSIX199506], not if
[__USE_POSIX].
* conform/Makefile (test-xfail-XPG4/stdlib.h/conform): Remove
variable.
UNIX98 and XPG4 have ttyslot in <stdlib.h>. glibc, however, has it in
<unistd.h>, for __USE_MISC || (__USE_XOPEN_EXTENDED && !__USE_UNIX98),
but no supported standard has it in <unistd.h>.
This patch adds a properly conditioned declaration to <stdlib.h> (only
enabled for the relevant standards, not for __USE_MISC or __USE_GNU).
The <unistd.h> declaration is restricted to __USE_MISC. Some relevant
XFAILs are removed.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20051]
* posix/unistd.h [__USE_XOPEN_EXTENDED && !__USE_UNIX98]
(ttyslot): Do not declare.
* stdlib/stdlib.h [__USE_XOPEN_EXTENDED && !__USE_XOPEN2K]
(ttyslot): New prototype.
* conform/Makefile (test-xfail-XPG4/unistd.h/conform): Remove
variable.
(test-xfail-UNIX98/stdlib.h/conform): Likewise.
Stefan Liebler [Tue, 17 May 2016 08:45:48 +0000 (10:45 +0200)]
Fix tst-cancel17/tst-cancelx17, which sometimes segfaults while exiting.
The testcase tst-cancel[x]17 ends sometimes with a segmentation fault.
This happens in one of 10000 cases. Then the real testcase has already
exited with success and returned from do_test(). The segmentation fault
occurs after returning from main in _dl_fini().
In those cases, the aio_read(&a) was not canceled because the read
request was already in progress. In the meanwhile aio_write(ap) wrote
something to the pipe and the read request is able to read the
requested byte.
The read request hasn't finished before returning from do_test().
After it finishes, it writes the return value and error code from the
read syscall to the struct aiocb a, which lies on the stack of do_test.
The stack of the subsequent function call of _dl_fini or _dl_sort_fini,
which is inlined in _dl_fini is corrupted.
In case of S390, it reads a zero and decrements it by 1:
unsigned int k = nmaps - 1;
struct link_map **runp = maps[k]->l_initfini;
The load from unmapped memory leads to the segmentation fault.
The stack corruption also happens on other architectures.
I saw them e.g. on x86 and ppc, too.
This patch adds an aio_suspend call to ensure, that the read request
is finished before returning from do_test().
ChangeLog:
* nptl/tst-cancel17.c (do_test): Wait for finishing aio_read(&a).
Florian Weimer [Fri, 13 May 2016 14:55:01 +0000 (16:55 +0200)]
tst-mallocfork2: Fix race condition, use fewer resources
The first SIGUSR1 signal could arrive when sigusr1_sender_pid
was still 0. As a result, kill would send SIGSTOP to the
entire process group. This would cause the test to hang before
printing any output.
This commit also adds a sched_yield to the signal source, so that
it does not flood the parent process with signals it has never a
chance to handle.
Even with these changes, tst-mallocfork2 still fails reliably
after the fix in commit commit 56290d6e762c1194547e73ff0b948cd79d3a1e03
(Increase fork signal safety for single-threaded processes) is
backed out.
Joseph Myers [Fri, 13 May 2016 17:26:04 +0000 (17:26 +0000)]
conformtest: Correct some stdlib.h expectations for XPG3.
This patch corrects some spurious conformtest stdlib.h expectations
for XPG3 (not based on a full review of the expectations for that
standard, so other issues may remain).
Florian Weimer [Fri, 13 May 2016 12:16:39 +0000 (14:16 +0200)]
malloc: Rewrite dumped heap for compatibility in __malloc_set_state
This will allow us to change many aspects of the malloc implementation
while preserving compatibility with existing Emacs binaries.
As a result, existing Emacs binaries will have a larger RSS, and Emacs
needs a few more milliseconds to start. This overhead is specific
to Emacs (and will go away once Emacs switches to its internal malloc).
The new checks to make free and realloc compatible with the dumped heap
are confined to the mmap paths, which are already quite slow due to the
munmap overhead.
This commit weakens some security checks, but only for heap pointers
in the dumped main arena. By default, this area is empty, so those
checks are as effective as before.
Joseph Myers [Thu, 12 May 2016 20:47:15 +0000 (20:47 +0000)]
conformtest: Correct time.h XPG3 expectations.
This patch corrects spurious conformtest expectations of getdate and
getdate_err for XPG3. (This is not based on a full review of the
expectations, so there may be other issues where the header and tests
agree but are both incorrect.)
Tested for x86_64 and x86.
* conform/data/time.h-data (getdate_err): Do not expect for
[XPG3].
(getdate): Likewise.
* conform/Makefile (test-xfail-XPG3/time.h/conform): Remove
variable.
Joseph Myers [Thu, 12 May 2016 17:39:04 +0000 (17:39 +0000)]
conformtest: Correct some unistd.h expectations for XPG3, XPG4.
The conformtest tests of unistd.h fail for XPG3 because of various
expectations that are incorrect for XPG3. This patch corrects those
bogus expectations, and one bogus expectation for XPG4. (This is not
based on a full review of the standards so there may well still be
other bugs in the expectations for this header.)
Tested for x86_64 and x86.
* conform/data/unistd.h-data (F_LOCK): Do not expect for [XPG3].
(F_ULOCK): Likewise.
(F_TEST): Likewise.
(F_TLOCK): Likewise.
(useconds_t): Likewise.
(intptr_t): Do not expect for [XPG3] or [XPG4].
(brk): Do not expect for [XPG3]
(fchown): Likewise.
(fchdir): Likewise.
(ftruncate): Likewise.
(getdtablesize): Likewise.
(gethostid): Likewise.
(getpagesize): Likewise.
(getpgid): Likewise.
(getsid): Likewise.
(getwd): Likewise.
(lchown): Likewise.
(lockf): Likewise.
(readlink): Likewise.
(sbrk): Likewise.
(setpgrp): Likewise.
(setregid): Likewise.
(setreuid): Likewise.
(symlink): Likewise.
(sync): Likewise.
(truncate): Likewise.
(ualarm): Likewise.
(usleep): Likewise.
(vfork): Likewise.
* conform/Makefile (test-xfail-XPG3/unistd.h/conform): Remove
variable.
Joseph Myers [Thu, 12 May 2016 16:50:43 +0000 (16:50 +0000)]
Declare gethostname for XPG4 (bug 20054).
unistd.h declares gethostname for __USE_UNIX98 || __USE_XOPEN2K. But
it's also in XPG4 (XNS volume - C438 - not the main definitions of
system interfaces and headers in C435). This patch corrects the
condition.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20054]
* posix/unistd.h (gethostname): Declare if [__USE_XOPEN_EXTENDED],
not [__USE_UNIX98].
* conform/data/unistd.h-data (gethostname): Do not expect for
[XPG3].
Joseph Myers [Thu, 12 May 2016 16:46:55 +0000 (16:46 +0000)]
conformtest: Do not expect S_IF* in fcntl.h.
The conform/ tests for fcntl.h are failing for XPG3 and XPG4 because
of missing S_IFSOCK.
This is a case of a bogus test. The relevant wording requiring such
constants is, in current POSIX (and this requirement dates back as far
as XPG4), "The <fcntl.h> header shall define the symbolic constants
for file modes for use as values of mode_t as described in
<sys/stat.h>.". Note that this is *file modes* not *file types*.
That makes sense, since the point is presumably for use with functions
such as open that are declared in fcntl.h, where file modes are
relevant but file types aren't. So this patch removes all those
spurious S_IF* expectations for fcntl.h (the macros are generally
still *allowed* through the permission to make everything from
sys/stat.h visible).
Wilco Dijkstra [Thu, 12 May 2016 15:41:00 +0000 (16:41 +0100)]
This is an optimized memset for AArch64. Memset is split into 4 main cases:
small sets of up to 16 bytes, medium of 16..96 bytes which are fully unrolled.
Large memsets of more than 96 bytes align the destination and use an unrolled
loop processing 64 bytes per iteration. Memsets of zero of more than 256 use
the dc zva instruction, and there are faster versions for the common ZVA sizes
64 or 128. STP of Q registers is used to reduce codesize without loss of
performance.
The speedup on test-memset is 1% on Cortex-A57 and 8% on Cortex-A53.
* sysdeps/aarch64/memset.S (__memset):
Rewrite of optimized memset.
Florian Weimer [Thu, 12 May 2016 06:54:17 +0000 (08:54 +0200)]
Increase fork signal safety for single-threaded processes [BZ #19703]
This provides a band-aid and addresses the scenario where fork is
called from a signal handler while the process is in the malloc
subsystem (or has acquired the libio list lock). It does not
address the general issue of async-signal-safety of fork;
multi-threaded processes are not covered, and some glibc
subsystems have fork handlers which are not async-signal-safe.
Joseph Myers [Wed, 11 May 2016 18:05:37 +0000 (18:05 +0000)]
Declare tcgetsid for XPG4 (bug 20055).
termios.h should declare tcgetsid for XPG4, but only does so for
__USE_UNIX98 || __USE_XOPEN2K8 at present. This patch fixes the
declaration conditions. A spurious conformtest expectation of this
declaration for XPG3 is removed, and two XFAILs that are fixed by
these changes are also removed.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20055]
* termios/termios.h (pid_t): Define for [__USE_XOPEN_EXTENDED]
instead of [__USE_UNIX98].
(tcgetsid): Declare for [__USE_XOPEN_EXTENDED] instead of
[__USE_UNIX98].
* conform/data/termios.h-data (tcgetsid): Do not expect for
[XPG3].
* conform/Makefile (test-xfail-XPG3/termios.h/conform): Remove
variable.
(test-xfail-XPG4/termios.h/conform): Likewise.
Stefan Liebler [Wed, 11 May 2016 13:51:25 +0000 (15:51 +0200)]
S390: Use fPIC to avoid R_390_GOT12 relocation in gcrt1.o.
if glibc is build with -march=z900 | -march=z990,
the startup file gcrt1.o (used if you link with gcc -pg)
contains R_390_GOT12 | R_390_GOT20 relocations.
Thus, an entry in the GOT can be addressed relative to the GOT pointer
with a 12 | 20 bit displacement value.
The startup files should not contain R_390_GOT12,
R_390_GOT20 relocations, but R_390_GOTENT ones.
This patch removes the overrides of pic-ccflag and
the default pic-ccflag = -fPIC in Makeconfig
is used instead to get the R_390_GOTENT relocations in gcrt1.o.
H.J. Lu [Wed, 11 May 2016 12:49:09 +0000 (05:49 -0700)]
Remove x86 ifunc-defines.sym and rtld-global-offsets.sym
Merge x86 ifunc-defines.sym with x86 cpu-features-offsets.sym. Remove
x86 ifunc-defines.sym and rtld-global-offsets.sym. No code changes on
i686 and x86-64.
* sysdeps/i386/i686/multiarch/Makefile (gen-as-const-headers):
Remove ifunc-defines.sym.
* sysdeps/x86_64/multiarch/Makefile (gen-as-const-headers):
Likewise.
* sysdeps/i386/i686/multiarch/ifunc-defines.sym: Removed.
* sysdeps/x86/rtld-global-offsets.sym: Likewise.
* sysdeps/x86_64/multiarch/ifunc-defines.sym: Likewise.
* sysdeps/x86/Makefile (gen-as-const-headers): Remove
rtld-global-offsets.sym.
* sysdeps/x86_64/multiarch/ifunc-defines.sym: Merged with ...
* sysdeps/x86/cpu-features-offsets.sym: This.
* sysdeps/x86/cpu-features.h: Include <cpu-features-offsets.h>
instead of <ifunc-defines.h> and <rtld-global-offsets.h>.
Joseph Myers [Tue, 10 May 2016 21:52:08 +0000 (21:52 +0000)]
Fix sys/stat.h fchmod namespace (bug 20073).
sys/stat.h declares fchmod if __USE_POSIX (i.e. POSIX.1:1990). But it
was actually added in 1993 and also in XPG4. This patch changes the
conditions to the correct __USE_POSIX199309 || __USE_XOPEN_EXTENDED.
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
[BZ #20073]
* io/sys/stat.h (fchmod): Declare for
[__USE_POSIX199309 || __USE_XOPEN_EXTENDED], not [__USE_POSIX].
* conform/Makefile (test-xfail-XPG3/sys/stat.h/conform): Remove
variable.
Joseph Myers [Tue, 10 May 2016 17:48:23 +0000 (17:48 +0000)]
conformtest: Correct some sys/stat.h expectations for XPG3.
This patch fixes various conformtest sys/stat.h expectations that were
incorrect for XPG3 (not based on a full review, so not necessarily an
exhaustive set of such corrections). Most of these corrections fix
spurious failures shown in testing (but that for fchmod introduces a
correct failure, as that function is wrongly declared for XPG3, so
this doesn't eliminate any XFAILs).
Joseph Myers [Tue, 10 May 2016 15:20:09 +0000 (15:20 +0000)]
conformtest: Fix st_blksize, st_blocks expectations for XPG3, XPG4.
The conformtest expectations expect the struct stat fields st_blksize
and st_blocks to be of types blksize_t and blkcnt_t. But XPG4 does
not have those types, using long instead, and XPG3 does not have these
fields at all. This patch adjusts the expectations for those
standards, XFAILing them for XPG4 to allow for systems where the
typedefs don't correspond to long.
Tested for x86_64 and x86.
* conform/data/sys/stat.h-data (st_blksize): Do not expect for
[XPG3]. Expect type long and XFAIL for [XPG4].
(st_blocks): Likewise.
Joseph Myers [Tue, 10 May 2016 14:56:49 +0000 (14:56 +0000)]
Declare cuserid in unistd.h for UNIX98 and before (bug 20043).
For UNIX98 and older X/Open standards, unistd.h should have a
declaration of the legacy cuserid function, but such a declaration is
missing. This patch adds that missing declaration.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20043]
* posix/unistd.h [__USE_XOPEN && !__USE_XOPEN2K] (cuserid): New
prototype.
Joseph Myers [Mon, 9 May 2016 21:10:10 +0000 (21:10 +0000)]
conformtest: Remove some bogus sys/types.h expectations for XPG3 and XPG4.
The conformtest tests for sys/types.h for XPG3 and XPG4 fail because
of missing blksize_t. This is a bug in the expectations; that type is
not part of those standards. This patch stops the tests from
expecting it, and some other types that also are not part of XPG3 and
XPG4.
Tested for x86_64 and x86.
* conform/data/sys/types.h-data (blkcnt_t): Do not expect for
[XPG3 || XPG4].
(blksize_t): Likewise.
(clockid_t): Likewise.
* conform/Makefile (test-xfail-XPG3/sys/types.h/conform): Remove
variable.
(test-xfail-XPG4/sys/types.h/conform): Likewise.
Stefan Liebler [Mon, 9 May 2016 09:05:45 +0000 (11:05 +0200)]
S390: Add support for vdso getcpu symbol.
This patch adds support for symbol __kernel_getcpu in vDSO,
which is available with kernel 4.5.
Now sched_getcpu is using this symbol if available in mapped vDSO
by defining macro HAVE_GETCPU_VSYSCALL. If not available at runtime,
the former syscall is used.
H.J. Lu [Sun, 8 May 2016 15:49:02 +0000 (08:49 -0700)]
Move sysdeps/x86_64/cacheinfo.c to sysdeps/x86
Move sysdeps/x86_64/cacheinfo.c to sysdeps/x86. No code changes on x86
and x86_64.
* sysdeps/i386/cacheinfo.c: Include <sysdeps/x86/cacheinfo.c>
instead of <sysdeps/x86_64/cacheinfo.c>.
* sysdeps/x86_64/cacheinfo.c: Moved to ...
* sysdeps/x86/cacheinfo.c: Here.
Samuel Thibault [Wed, 4 May 2016 13:14:29 +0000 (15:14 +0200)]
aio: fix newp->running data race
* sysdeps/pthread/aio_misc.c (__aio_enqueue_request): Do not write
`running` field of `newp` when a thread was started to process it,
since that thread will not take `__aio_requests_mutex`, and the field
already has the proper value actually.
Florian Weimer [Wed, 4 May 2016 12:45:17 +0000 (14:45 +0200)]
getnameinfo: Return EAI_OVERFLOW in more cases [BZ #19787]
The AF_LOCAL and AF_INET/AF_INET6 non-numerci service conversion
did not return EAI_OVERFLOW if the supplied buffer was too small,
silently returning truncated data. In the AF_INET/AF_INET6
numeric cases, the snprintf return value checking was incorrect.
Florian Weimer [Wed, 4 May 2016 12:35:23 +0000 (14:35 +0200)]
getnameinfo: Avoid calling strnlen on uninitialized buffer
In the numeric AF_INET/AF_INET6 case, if inet_ntop fails
as the result of a short host buffer, we used to call strnlen
on the uninitialized host buffer.
The file sysdeps/powerpc/sysdeps.h defines aliases for condition register
operands. E.g.: 'cr7' means condition register 7. On the one hand, this
increases readability, as it makes it easier for readers to know whether the
operand is a condition register, a general purpose register or an immediate.
On the other hand, this permits that condition registers be written as if they
were general purpose, and vice-versa, thus reducing the readability of the
code.
This commit removes some of these unintentional misuses.
The changes have no effect on the final code. Checked with objdump.
Florian Weimer [Wed, 4 May 2016 10:09:35 +0000 (12:09 +0200)]
CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]
Instead, we store the data we need from the return value of
readdir in an object of the new type struct readdir_result.
This type is independent of the layout of struct dirent.
Joseph Myers [Tue, 3 May 2016 23:36:18 +0000 (23:36 +0000)]
Fix sys/time.h timespec namespace (bug 20041).
For UNIX98 and older standards, sys/time.h should not define struct
timespec, but does so via the inclusion of sys/select.h (which is a
new header in the 2001 edition of POSIX, and defines struct timespec
because of the declaration of pselect, a new function in the 2001
edition of POSIX). In turn, this affects some other headers that
themselves include sys/time.h.
This patch fixes this by conditioning the __need_timespec definition
in sys/select.h on __USE_XOPEN2K, the same condition used there for
the declaration of pselect (this has no effect on direct uses of
sys/select.h with feature test macros for any standard that includes
that header, since such standards result in __USE_XOPEN2K being
defined).
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20041]
* misc/sys/select.h (__need_timespec): Only define if
[__USE_XOPEN2K].
* conform/Makefile (test-xfail-XPG4/sys/time.h/conform): Remove
variable.
(test-xfail-XPG4/utmpx.h/conform): Likewise.
(test-xfail-UNIX98/sys/time.h/conform): Likewise.
(test-xfail-UNIX98/utmpx.h/conform): Likewise.
Joseph Myers [Mon, 2 May 2016 23:20:33 +0000 (23:20 +0000)]
Fix fcntl.h timespec namespace (bug 20023).
fcntl.h defines struct timespec if __USE_XOPEN || __USE_XOPEN2K8. But
(a) the subsequent bits/stat.h include only needs it if __USE_XOPEN2K8
and (b) older standards did not allow struct timespec here. (It's
allowed for newer standards by virtue of the permission to include
symbols from sys/stat.h. But sys/stat.h is only required to provide
struct timespec from the 2008 edition of POSIX onwards, and permitted
by the 2004 TC to the 2001 edition in anticipation of the addition of
nanosecond timestamp support to struct stat in the 2008 edition.)
This patch limits the timespec definition to the __USE_XOPEN2K8 case,
that being the only case where it is actually needed for the
<bits/stat.h> include.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
[BZ #20023]
* io/fcntl.h [__USE_XOPEN && !__USE_XOPEN2K8]: Do not include
<time.h>.
* conform/Makefile (test-xfail-UNIX98/fcntl.h/conform): Remove
variable.
(test-xfail-XOPEN2K/fcntl.h/conform): Likewise.
This patch fixes the clone CLONE_VM change from 0cb313f (BZ#19957)
where the commit changed the register that contains the save flags
argument to compare with (from r28 to r29). This patch changes
back to correct register.
Tested on powerpc32 (thanks to Tulio Magno Quites Machado Filho).
Florian Weimer [Mon, 2 May 2016 13:25:20 +0000 (15:25 +0200)]
hesiod: Always use thread-local resolver state [BZ #19573]
The Hesiod implementation imported into glibc was enhanced
to support caller-supplied resolver states. But its only
consumer is nss_hesiod, and it supplies the thread-local
resolver state. Therefore, this commit changes the Hesiod
implementation to use the thread-local resolver state (_res)
directly. This fixes bug 19573 because the Hesiod
implementation no longer has to initialize and free any
resolver state.
To avoid any risk of interposition of ABI-incompatible Hesiod
function implementations, this commit marks the Hesiod functions
as hidden. (They were already hidden using a linker version
script.)
== Justification ==
It is common today for users to rely on centrally-managed user stores for
handling their user accounts. However, much software existing today does
not have an innate understanding of such accounts. Instead, they commonly
rely on membership in known groups for managing access-control (for
example the "wheel" group on Fedora and RHEL systems or the "adm" group
on Debian-derived systems). In the present incarnation of nsswitch, the
only way to have such groups managed by a remote user store such as
FreeIPA or Active Directory would be to manually remove the groups from
/etc/group on the clients so that nsswitch would then move past nss_files
and into the SSSD, nss-ldap or other remote user database.
== Solution ==
With this patch, a new action is introduced for nsswitch:
NSS_ACTION_MERGE. To take advantage of it, one will add [SUCCESS=merge]
between two database entries in the nsswitch.conf file. When a group is
located in the first of the two group entries, processing will continue
on to the next one. If the group is also found in the next entry (and the
group name and GID are an exact match), the member list of the second
entry will be added to the group object to be returned.
== Implementation ==
After each DL_LOOKUP_FN() returns, the next action is checked. If the
function returned NSS_STATUS_SUCCESS and the next action is
NSS_ACTION_MERGE, a copy of the result buffer is saved for the next pass
through the loop. If on this next pass through the loop the database
returns another instance of a group matching both the group name and GID,
the member list is added to the previous list and it is returned as a
single object. If the following database does not contain the same group,
then the original is copied back into the destination buffer.
This patch implements merge functionality only for the group database.
For other databases, there is a default implementation that will return
the EINVAL errno if a merge is requested. The merge functionality can be
implemented for other databases at a later time if such is needed. Each
database must provide a unique implementation of the deep-copy and merge
functions.
If [SUCCESS=merge] is present in nsswitch.conf for a glibc version that
does not support it, glibc will process results up until that operation,
at which time it will return results if it has found them or else will
simply return an error. In practical terms, this ends up behaving like
the remainder of the nsswitch.conf line does not exist.
== Iterators ==
This feature does not modify the iterator functionality from its current
behavior. If getgrnam() or getgrgid() is called, glibc will iterate
through all entries in the `group` line in nsswitch.conf and display the
list of members without attempting to merge them. This is consistent with
the behavior of nss_files where if two separate lines are specified for
the same group in /etc/groups, getgrnam()/getgrgid() will display both.
Clients are already expected to handle this gracefully.
== No Premature Optimizations ==
The following is a list of places that might be eligible for
optimization, but were not overengineered for this initial contribution:
* Any situation where a merge may occur will result in one malloc() of
the same size as the input buffer.
* Any situation where a merge does occur will result in a second
malloc() to hold the list of pointers to member name strings.
* The list of members is simply concatenated together and is not tested
for uniqueness (which is identical to the behavior for nss_files,
which will simply return identical values if they both exist on the
line in the file. This could potentially be optimized to reduce space
usage in the buffer, but it is both complex and computationally
expensive to do so.
== Testing ==
I performed testing by running the getent utility against my newly-built
glibc and configuring /etc/nsswitch.conf with the following entry:
group: group: files [SUCCESS=merge] sss
In /etc/group I included the line:
wheel:x:10:sgallagh
I then configured my local SSSD using the id_provider=local to respond
with:
wheel:*:10:localuser,localuser2
I then ran `getent group wheel` against the newly-built glibc in
multiple situations and received the expected output as described
above:
* When SSSD was running.
* When SSSD was configured in nsswitch.conf but the daemon was not
running.
* When SSSD was configured in nsswitch.conf but nss_sss.so.2 was not
installed on the system.
* When the order of 'sss' and 'files' was reversed.
* All of the above with the [SUCCESS=merge] removed (to ensure no
regressions).
* All of the above with `getent group 10`.
* All of the above with `getent group` with and without
`enumerate=true` set in SSSD.
* All of the above with and without nscd enabled on the system.
This is due both how read and write operation update the buffer position,
taking in consideration buffer lenght instead of maximum position defined
by the open mode. This patch fixes it and also fixes fseek not returning
EINVAL for invalid whence modes.
Tested on x86_64 and i686.
[BZ #20012]
* libio/fmemopen.c (fmemopen_read): Use buffer maximum position, not
length to calculate the buffer to read.
(fmemopen_write): Set the buffer position based on bytes written.
(fmemopen_seek): Return EINVAL for invalid whence modes.
As discussed in libc-alpha [1] current clone with CLONE_VM (without
CLONE_THREAD set) will reset the pthread pid/tid fields to -1. The
issue is since memory is shared between the parent and child it will
clobber parent's cached pid/tid leading to internal inconsistencies
if the value is not restored.
And even it is restored it may lead to racy conditions when between
set/restore a thread might invoke pthread function that validate the
pthread with INVALID_TD_P/INVALID_NOT_TERMINATED_TD_P and thus get
wrong results.
As stated in BZ19957, previously reports of this behaviour was close
with EWONTFIX due the fact usage of clone outside glibc is tricky
since glibc requires consistent internal pthread, while using clone
directly may not provide it. However since now posix_spawn uses
clone (CLONE_VM) to fixes various issues related to previous vfork
usage this issue requires fixing.
The vfork implementation also does something similar, but instead
it negates and restores only the *pid* field and functions that
might access its value know to handle such case (getpid, raise
and pthread ones that uses INVALID_TD_P/INVALID_NOT_TERMINATED_TD_P
macros that check only *tid* field). Also vfork does not call
__clone directly, instead calling either __NR_vfork or __NR_clone
directly.
So this patch removes this clone behavior by avoiding setting
the pthread pid/tid field for CLONE_VM. There is no need to
check for CLONE_THREAD, since the minimum supported kernel in all
architecture implies that CLONE_VM must be used with CLONE_THREAD,
otherwise clone returns EINVAL.
Instead of current approach of:
int clone(int (*fn)(void *), void *child_stack, int flags, ...)
[...]
if (flags & CLONE_THREAD)
goto do_syscall;
pid_t new_value;
if (flags & CLONE_VM)
new_value = -1;
else
new_value = getpid ();
THREAD_SETMEM (THREAD_SELF, pid, new_value);
THREAD_SETMEM (THREAD_SELF, tid, new_value);
do_syscall:
[...]
The new approach uses:
int clone(int (*fn)(void *), void *child_stack, int flags, ...)
[...]
if (flags & CLONE_VM)
goto do_syscall;
pid_t new_value = getpid ();
THREAD_SETMEM (THREAD_SELF, pid, new_value);
THREAD_SETMEM (THREAD_SELF, tid, new_value);
do_syscall:
[...]
It also removes the linux tst-getpid2.c test which expects the previous
behavior and instead add another clone test.
Tested on x86_64, i686, x32, powerpc64le, aarch64, armhf, s390, and
s390x. I also did limited check on mips32 and sparc64 (using the new
added test).
I also got reviews from both m68k, hppa, and tile. So I presume for
these architecture the patch works.
The fixes for alpha, microblaze, sh, ia64, and nio2 have not been
tested.
Call __memset_power8 to pad, with zeros, the remaining bytes in the
dest string on __strncpy_power8 and __stpncpy_power8. This improves
performance when n is larger than the input string, giving ~30% gain for
larger strings without impacting much shorter strings.
CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion [BZ #20010]
When converting a struct hostent response to struct gaih_addrtuple, the
gethosts macro (which is called from gaih_inet) used alloca, without
malloc fallback for large responses. This commit changes this code to
use calloc unconditionally.
This commit also consolidated a second hostent-to-gaih_addrtuple
conversion loop (in gaih_inet) to use the new conversion function.
glob: Simplify the interface for the GLOB_ALTDIRFUNC callback gl_readdir
Previously, application code had to set up the d_namlen member if
the target supported it, involving conditional compilation. After
this change, glob will use the length of the string in d_name instead
of d_namlen to determine the file name length. All glibc targets
provide the d_type and d_ino members, and setting them as needed for
gl_readdir is straightforward.
Changing the behavior with regards to d_ino is left to a future
cleanup.
Joseph Myers [Thu, 28 Apr 2016 22:01:04 +0000 (22:01 +0000)]
Fix stdio.h namespace for pre-threads POSIX (bug 20014).
stdio.h declares flockfile, ftrylockfile, funlockfile, getc_unlocked,
getchar_unlocked, putc_unlocked and putchar_unlocked if __USE_POSIX,
with comments "These are defined in POSIX.1:1996.". But __USE_POSIX
is actually POSIX.1:1990, and these functions should not be declared
for 1990 / 1992 / 1993 POSIX, XPG3 or XPG4. This patch fixes stdio.h
to use __USE_POSIX199506 instead for those conditionals, as that is
the correct conditional for the version of POSIX that introduced
threads, and with threads those functions.
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
Joseph Myers [Thu, 28 Apr 2016 17:19:53 +0000 (17:19 +0000)]
conformtest: Add langinfo.h expectations for YESSTR, NOSTR.
The conformtest expectations for langinfo.h fail to include the YESSTR
and NOSTR constants that were present in UNIX98 and earlier XPG
standards. This patch adds those expectations, so fixing three
XFAILs.
Joseph Myers [Thu, 28 Apr 2016 17:00:52 +0000 (17:00 +0000)]
Also define off_t in stdio.h for UNIX98.
Similar to my previous fix for XOPEN2K
<https://sourceware.org/ml/libc-alpha/2016-04/msg00631.html>, now that
bugs in the conformtest expectations for stdio.h for UNIX98 have been
corrected, that case too fails because fseeko and ftello are now
correctly expected, but off_t is not defined. As in that fix, it
seems appropriate to define off_t in stdio.h for this standard as
well, and this patch does so.
Tested for x86_64 and x86 (testsuite, and that installed shared
libraries are unchanged by the patch).
* libio/stdio.h (off_t): Also define if [__USE_UNIX98].
[__USE_LARGEFILE64] (off64_t): Likewise.
* conform/Makefile (test-xfail-UNIX98/stdio.h/conform): Remove
variable.
git://sourceware.org / glibc.git / log