Florian Weimer [Thu, 31 Oct 2019 17:48:43 +0000 (18:48 +0100)]
Move _dl_open_check to its original place in dl_open_worker
This reverts the non-test change from commit d0093c5cefb7f7a4143f
("Call _dl_open_check after relocation [BZ #24259]"), given that
the underlying bug has been fixed properly in commit 61b74477fa7f63
("Remove all loaded objects if dlopen fails, ignoring NODELETE
[BZ #20839]").
Tested on x86-64-linux-gnu, with and without --enable-cet.
Florian Weimer [Thu, 31 Oct 2019 18:30:19 +0000 (19:30 +0100)]
Block signals during the initial part of dlopen
Lazy binding in a signal handler that interrupts a dlopen sees
intermediate dynamic linker state. This has likely been always
unsafe, but with the new pending NODELETE state, this is clearly
incorrect. Other threads are excluded via the loader lock, but the
current thread is not. Blocking signals until right before ELF
constructors run is the safe thing to do.
Florian Weimer [Wed, 13 Nov 2019 14:44:56 +0000 (15:44 +0100)]
Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]
This introduces a “pending NODELETE” state in the link map, which is
flipped to the persistent NODELETE state late in dlopen, via
activate_nodelete. During initial relocation, symbol binding
records pending NODELETE state only. dlclose ignores pending NODELETE
state. Taken together, this results that a partially completed dlopen
is rolled back completely because new NODELETE mappings are unloaded.
Florian Weimer [Wed, 27 Nov 2019 15:37:17 +0000 (16:37 +0100)]
Avoid late dlopen failure due to scope, TLS slotinfo updates [BZ #25112]
This change splits the scope and TLS slotinfo updates in dlopen into
two parts: one to resize the data structures, and one to actually apply
the update. The call to add_to_global_resize in dl_open_worker is moved
before the demarcation point at which no further memory allocations are
allowed.
_dl_add_to_slotinfo is adjusted to make the list update optional. There
is some optimization possibility here because we could grow the slotinfo
list of arrays in a single call, one the largest TLS modid is known.
This commit does not fix the fatal meory allocation failure in
_dl_update_slotinfo. Ideally, this error during dlopen should be
recoverable.
The update order of scopes and TLS data structures is retained, although
it appears to be more correct to fully initialize TLS first, and then
expose symbols in the newly loaded objects via the scope update.
Florian Weimer [Thu, 31 Oct 2019 17:25:39 +0000 (18:25 +0100)]
Avoid late failure in dlopen in global scope update [BZ #25112]
The call to add_to_global in dl_open_worker happens after running ELF
constructors for new objects. At this point, proper recovery from
malloc failure would be quite complicated: We would have to run the
ELF destructors and close all opened objects, something that we
currently do not do.
Instead, this change splits add_to_global into two phases,
add_to_global_resize (which can raise an exception, called before ELF
constructors run), and add_to_global_update (which cannot, called
after ELF constructors). A complication arises due to recursive
dlopen: After the inner dlopen consumes some space, the pre-allocation
in the outer dlopen may no longer be sufficient. A new member in the
namespace structure, _ns_global_scope_pending_adds keeps track of the
maximum number of objects that need to be added to the global scope.
This enables the inner add_to_global_resize call to take into account
the needs of an outer dlopen.
Most code in the dynamic linker assumes that the number of global
scope entries fits into an unsigned int (matching the r_nlist member
of struct r_scop_elem). Therefore, change the type of
_ns_global_scope_alloc to unsigned int (from size_t), and add overflow
checks.
Florian Weimer [Wed, 27 Nov 2019 15:20:47 +0000 (16:20 +0100)]
Lazy binding failures during dlopen/dlclose must be fatal [BZ #24304]
If a lazy binding failure happens during the execution of an ELF
constructor or destructor, the dynamic loader catches the error
and reports it using the dlerror mechanism. This is undesirable
because there could be other constructors and destructors that
need processing (which are skipped), and the process is in an
inconsistent state at this point. Therefore, we have to issue
a fatal dynamic loader error error and terminate the process.
Note that the _dl_catch_exception in _dl_open is just an inner catch,
to roll back some state locally. If called from dlopen, there is
still an outer catch, which is why calling _dl_init via call_dl_init
and a no-exception is required and cannot be avoiding by moving the
_dl_init call directly into _dl_open.
_dl_fini does not need changes because it does not install an error
handler, so errors are already fatal there.
Florian Weimer [Wed, 30 Oct 2019 16:26:58 +0000 (17:26 +0100)]
resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications. For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.
This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.
The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.
Florian Weimer [Fri, 8 Nov 2019 14:48:51 +0000 (15:48 +0100)]
dlsym: Do not determine caller link map if not needed
Obtaining the link map is potentially very slow because it requires
iterating over all loaded objects in the current implementation. If
the caller supplied an explicit handle (i.e., not one of the RTLD_*
constants), the dlsym implementation does not need the identity of the
caller (except in the special case of auditing), so this change
avoids computing it in that case.
Even in the minimal case (dlsym called from a main program linked with
-dl), this shows a small speedup, perhaps around five percent. The
performance improvement can be arbitrarily large in principle (if
_dl_find_dso_for_object has to iterate over many link maps).
Florian Weimer [Fri, 22 Nov 2019 21:10:42 +0000 (22:10 +0100)]
libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]
Commit c402355dfa7807b8e0adb27c009135a7e2b9f1b0 ("libio: Disable
vtable validation in case of interposition [BZ #23313]") only covered
the interposable glibc 2.1 handles, in libio/stdfiles.c. The
parallel code in libio/oldstdfiles.c needs similar detection logic.
Similarly to __vfprintf_internal and __vfscanf_internal, the internal
implementation of syslog functions (__vsyslog_internal) takes a
'mode_flags' parameter used to select the format of long double
parameters. This patch adds variants of the syslog functions that set
'mode_flags' to PRINTF_LDBL_USES_FLOAT128, thus enabling the correct
printing of long double values on powerpc64le, when long double has IEEE
binary128 format (-mabi=ieeelongdouble).
Tested for powerpc64le.
Reviewed-by: Florian Weimer <fweimer@redhat.com> Reviewed-by: Joseph Myers <joseph@codesourcery.com> Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
Similarly to the functions from the *printf family, this patch adds
implementations for __obstack_*printf* functions that set the
'mode_flags' parameter to PRINTF_LDBL_USES_FLOAT128, before making calls
to __vfprintf_internal (indirectly through __obstack_vprintf_internal).
Tested for powerpc64le.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
ldbl-128ibm-compat: Reuse tests for err.h and error.h functions
Commit IDs 9771e6cb5102 and 7597b0c7f711 added tests for the functions
from err.h and error.h that can take long double parameters.
Afterwards, commit ID f0eaf8627654 reused them on architectures that
changed the long double format from the same as double to something else
(i.e.: architectures that imply ldbl-opt). This patch reuses it again
for IEEE long double on powerpc64le.
Tested for powerpc64le.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
Use the recently added, internal functions, __error_at_line_internal and
__error_internal, to provide error.h functions that can take long double
arguments with IEEE binary128 format on platforms where long double can
also take double format or some non-IEEE format (currently, this means
powerpc64le).
Tested for powerpc64le.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
Use the recently added, internal functions, __vwarnx_internal and
__vwarn_internal, to provide err.h functions that can take long double
arguments with IEEE binary128 format on platforms where long double can
also take double format or some non-IEEE format (currently, this means
powerpc64le).
Tested for powerpc64le.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
ldbl-128ibm-compat: Add argp_error and argp_failure
Use the recently added, internal functions, __argp_error_internal and
__argp_failure_internal, to provide argp_error and argp_failure that can
take long double arguments with IEEE binary128 format on platforms where
long double can also take double format or some non-IEEE format
(currently, this means powerpc64le).
Tested for powerpc64le.
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
This patch removes the arch-specific atomic instruction, relying on
compiler builtins. The __sparc32_atomic_locks support is removed
and a configure check is added to check if compiler uses libatomic
to implement CAS.
It also removes the sparc specific sem_* and pthread_barrier_*
implementations. It in turn allows buidling against a LEON3/LEON4
sparcv8 target, although it will still be incompatible with generic
sparcv9.
Checked on sparcv9-linux-gnu and sparc64-linux-gnu. I also checked
with build against sparcv8-linux-gnu with -mcpu=leon3.
Stefan Liebler [Wed, 27 Nov 2019 11:35:40 +0000 (12:35 +0100)]
S390: Fix handling of needles crossing a page in strstr z15 ifunc-variant. [BZ #25226]
If the specified needle crosses a page-boundary, the s390-z15 ifunc variant of
strstr truncates the needle which results in invalid results.
This is fixed by loading the needle beyond the page boundary to v18 instead of v16.
The bug is sometimes observable in test-strstr.c in check1 and check2 as the
haystack and needle is stored on stack. Thus the needle can be on a page boundary.
check2 is now extended to test haystack / needles located on stack, at end of page
and on two pages.
Sandra Loosemore [Thu, 21 Nov 2019 02:10:40 +0000 (19:10 -0700)]
Compile elf/rtld.c with -fno-tree-loop-distribute-patterns.
In GCC 10, the default at -O2 is now -ftree-loop-distribute-patterns.
This optimization causes GCC to "helpfully" convert the hand-written
loop in _dl_start into a call to memset, which is not available that
early in program startup. Similar problems in other places in GLIBC
have been addressed by explicitly building with
-fno-tree-loop-distribute-patterns, but this one may have been
overlooked previously because it only affects targets where
HAVE_BUILTIN_MEMSET is not defined.
This patch fixes a bug observed on nios2-linux-gnu target that caused
all programs to segv on startup.
Now that both pthread_mutex_t and pthread_rwlock_t static initializer
are parametrized in their own headers HPPA pthread.h is identical to
generic nptl one.
This patch adds a default pthread-offsets.h based on default
thread definitions from struct_mutex.h and struct_rwlock.h.
The idea is to simplify new ports inclusion.
This patch adds a default pthreadtypes-arch.h, the idea is to simpify
new ports inclusion and an override is required only if the architecture
adds some arch-specific extensions or requirement.
The default values on the new generic header are based on current
architecture define value and they are not optimal compared to current
code requirements as below.
- On 64 bits __SIZEOF_PTHREAD_BARRIER_T is defined as 32 while is
sizeof (struct pthread_barrier) is 20 bytes.
- On 32 bits __SIZEOF_PTHREAD_ATTR_T is defined as 36 while
sizeof (struct pthread_attr) is 32.
The default values are not changed so the generic header could be
used by some architectures.
This patch adds a new generic __pthread_rwlock_arch_t definition meant
to be used by new ports. Its layout mimics the current usage on some
64 bits ports and it allows some ports to use the generic definition.
The arch __pthread_rwlock_arch_t definition is moved from
pthreadtypes-arch.h to another arch-specific header (struct_rwlock.h).
Also the static intialization macro for pthread_rwlock_t is set to use
an arch defined on (__PTHREAD_RWLOCK_INITIALIZER) which simplifies its
implementation.
The default pthread_rwlock_t layout differs from current ports with:
1. Internal layout is the same for 32 bits and 64 bits.
2. Internal flag is an unsigned short so it should not required
additional padding to align for word boundary (if it is the case
for the ABI).
The current way of defining the common mutex definition for POSIX and
C11 on pthreadtypes-arch.h (added by commit 06be6368da16104be5) is
not really the best options for newer ports. It requires define some
misleading flags that should be always defined as 0
(__PTHREAD_COMPAT_PADDING_MID and __PTHREAD_COMPAT_PADDING_END), it
exposes options used solely for linuxthreads compat mode
(__PTHREAD_MUTEX_USE_UNION and __PTHREAD_MUTEX_NUSERS_AFTER_KIND), and
requires newer ports to explicit define them (adding more boilerplate
code).
This patch adds a new default __pthread_mutex_s definition meant to
be used by newer ports. Its layout mimics the current usage on both
32 and 64 bits ports and it allows most ports to use the generic
definition. Only ports that use some arch-specific definition (such
as hardware lock-elision or linuxthreads compat) requires specific
headers.
For 32 bit, the generic definitions mimic the other 32-bit ports
of using an union to define the fields uses on adaptive and robust
mutexes (thus not allowing both usage at same time) and by using a
single linked-list for robust mutexes. Both decisions seemed to
follow what recent ports have done and make the resulting
pthread_mutex_t/mtx_t object smaller.
Also the static intialization macro for pthread_mutex_t is set to use
a macro __PTHREAD_MUTEX_INITIALIZER where the architecture can redefine
in its struct_mutex.h if it requires additional fields to be
initialized.
The new rwlock implementation added by cc25c8b4c1196 (2.25) removed
support for lock-elision. This patch removes remaining the
arch-specific unused definitions.
nptl: Add tests for internal pthread_rwlock_t offsets
This patch new build tests to check for internal fields offsets for
internal pthread_rwlock_t definition. Althoug the '__data.__flags'
field layout should be preserved due static initializators, the patch
also adds tests for the futexes that may be used in a shared memory
(although using different libc version in such scenario is not really
supported).
The offsets of pthread_mutex_t __data.__nusers, __data.__spins,
__data.elision, __data.list are not required to be constant over
the releases. Only the __data.__kind is used for static
initializers.
This patch also adds an additional size check for __data.__kind.
Rafał Lużyński [Tue, 1 Oct 2019 20:11:47 +0000 (22:11 +0200)]
ru_UA locale: use copy "ru_RU" in LC_TIME (bug 25044)
Replacing incorrect abbreviated weekday names "Пнд", "Вто", "Срд"...
with correct ones "Пн", "Вт", "Ср"... makes the LC_TIME sections in
those two locales almost identical. The only remaining difference
was that ab_alt_mon elements in ru_UA were lowercase while in ru_RU
they had the first letter uppercase, the latter was pointed as
a better choice by a native speaker. This commit unifies LC_TIME
between ru_RU and ru_UA.
arm: Fix armv7 selection after 'Split BE/LE abilist'
It adds the missing Implies for armv7, armv6, armv6t2 after the
commit 1673ba87fefe019c. Without the Implies a build with the
compiler targeting the aforementioned architecture does not select
the arch-specific optimization including the ifunc selectors.
I checked with a build against armv5, armv6, armv6t2, armv7, and
armv7-neon for both LE and BE. For armv6 and armv7 I also checked
that both sysdeps selection and the resulting implementation built
is the expected ones.
ldbl-128ibm-compat: Add wide character scanning functions
Similarly to what was done for regular character scanning functions,
this patch uses the new mode mask, SCANF_LDBL_USES_FLOAT128, in the
'mode' argument of the wide characters scanning function,
__vfwscanf_internal (which is also extended to support scanning
floating-point values with IEEE binary128, by redirecting calls to
__wcstold_internal to __wcstof128_internal).
Tested for powerpc64le.
Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
ldbl-128ibm-compat: Add regular character scanning functions
The 'mode' argument to __vfscanf_internal allows the selection of the
long double format for all long double arguments requested by the format
string. Currently, there are two possibilities: long double with the
same format as double or long double as something else. The 'something
else' format varies between architectures, and on powerpc64le, it means
IBM Extended Precision format.
In preparation for the third option of long double format on
powerpc64le, this patch uses the new mode mask,
SCANF_LDBL_USES_FLOAT128, which tells __vfscanf_internal to call
__strtof128_internal, instead of __strtold_internal, and save the output
into a _Float128 variable.
Tested for powerpc64le.
Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
The format string can request positional parameters, instead of relying
on the order in which they appear as arguments. Since this has an
effect on how the type of each argument is determined, this patch
extends the test cases to use positional parameters with mixed double
and long double types, to verify that the IEEE long double
implementations of *printf work correctly in this scenario.
Tested for powerpc64le.
Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
A single format string can take double and long double parameters at the
same time. Internally, these parameters are routed to the same
function, which correctly reads them and calls the underlying functions
responsible for the actual conversion to string. This patch adds a new
case to test this scenario.
Tested for powerpc64le.
Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
Similarly to what was done for the regular character, fortified printing
functions, this patch combines the mode masks PRINTF_LDBL_USES_FLOAT128
and PRINTF_FORTIFY to provide wide character versions of fortified
printf functions. It also adds two flavors of test cases: one that
explicitly calls the fortified functions, and another that reuses the
non-fortified test, but defining _FORTIFY_SOURCE as 2. The first
guarantees that the implementations are actually being tested
(independently of what's in bits/wchar2.h), whereas the second
guarantees that the redirections calls the correct function in the IBM
and IEEE long double cases.
Tested for powerpc64le.
Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
Since the introduction of internal functions with explicit flags for the
printf family of functions, the 'mode' parameter can be used to select
which format long double parameters have (with the mode flags:
PRINTF_LDBL_IS_DBL and PRINTF_LDBL_USES_FLOAT128), as well as to select
whether to check for overflows (mode flag: PRINTF_FORTIFY).
This patch combines PRINTF_LDBL_USES_FLOAT128 and PRINTF_FORTIFY to
provide the IEEE binary128 version of printf-like function for platforms
where long double can take this format, in addition to the double format
and to some non-ieee format (currently, this means powerpc64le).
There are two flavors of test cases provided with this patch: one that
explicitly calls the fortified functions, for instance __asprintf_chk,
and another that reuses the non-fortified test, but defining
_FORTIFY_SOURCE as 2. The first guarantees that the implementations are
actually being tested (in bits/stdio2.h, vprintf gets redirected to
__vfprintf_chk, which would leave __vprintf_chk untested), whereas the
second guarantees that the redirections calls the correct function in
the IBM and IEEE long double cases.
Tested for powerpc64le.
Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
ldbl-128ibm-compat: Add wide character printing functions
Similarly to what was done for regular character printing functions,
this patch uses the new mode mask, PRINTF_LDBL_USES_FLOAT128, in the
'mode' argument of the wide characters printing function,
__vfwprintf_internal (which is also extended to support printing
floating-point values with IEEE binary128, by saving floating-point
values into variables of type __float128 and adjusting the parameters to
__printf_fp and __printf_fphex as if it was a call from a wide-character
version of strfromf128 (even though such version does not exist)).
Tested for powerpc64le.
Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
ldbl-128ibm-compat: Add regular character printing functions
The 'mode' argument to __vfprintf_internal allows the selection of the
long double format for all long double arguments requested by the format
string. Currently, there are two possibilities: long double with the
same format as double or long double as something else. The 'something
else' format varies between architectures, and on powerpc64le, it means
IBM Extended Precision format.
In preparation for the third option of long double format on
powerpc64le, this patch uses the new mode mask,
PRINTF_LDBL_USES_FLOAT128, which tells __vfprintf_internal to save the
floating-point values into variables of type __float128 and adjusts the
parameters to __printf_fp and __printf_fphex as if it was a call from
strfromf128.
Many files from the stdio-common, wcsmbs, argp, misc, and libio
directories will have IEEE binary128 counterparts. Setting the correct
compiler options to these files (original and counterparts) would
produce a large amount of repetitive Makefile rules. To avoid this
repetition, this patch adds a Makefile routine that iterates over the
files adding or removing the appropriate flags.
Tested for powerpc64le.
Reviewed-By: Florian Weimer <fweimer@redhat.com> Reviewed-By: Joseph Myers <joseph@codesourcery.com> Reviewed-By: Paul E. Murphy <murphyp@linux.ibm.com>
Use C99-compliant scanf under _GNU_SOURCE with modern compilers.
added the DEPRECATED_SCANF macro to select when redirections of *scanf
functions to their ISO C99 compliant versions should happen, it
accidentally missed doing it for vfwscanf, vwscanf, and vswscanf.
Tested for powerpc64le and with build-many-glibcs (i686-linux-gnu and
nios2-linux-gnu are failing with current master, and with this patch,
but I didn't see a regression).
The generic pselect implementation has the very specific race condition
that motived the creation of the pselect syscall (no atomicity in
signal mask set/reset). Using it as generic implementation is
counterproductive Also currently only microblaze uses it as fallback
when used on kernel prior 3.15.
This patch moves the generic implementation to a microblaze specific
one, sets the generic internal as a ENOSYS, and cleanups the Linux
generic implementation.
The microblaze implementation mimics the previous Linux generic one,
where it either uses pselect6 directly if __ASSUME_PSELECT or a
first try pselect6 then the fallback otherwise.
Checked on x86_64-linux-gnu and microblaze-linux-gnu.
Paul A. Clarke [Thu, 21 Nov 2019 17:57:41 +0000 (11:57 -0600)]
Remove duplicate inline implementation of issignalingf
Very recent commit 854e91bf6b4221f424ffa13b9ef50f35623b7b74 enabled
inline of issignalingf() in general (__issignalingf in include/math.h).
There is another implementation for an inline use of issignalingf
(issignalingf_inline in sysdeps/ieee754/flt-32/math_config.h)
which could instead make use of the new enablement.
Replace the use of issignalingf_inline with __issignaling. Using
issignaling (instead of __issignalingf) will allow future enhancements
to the type-generic implementation, issignaling, to be automatically
adopted.
The implementations are slightly different, and compile to slightly
different code, but I measured no significant performance difference.
The second implementation was brought to my attention by: Suggested-by: Joseph Myers <joseph@codesourcery.com> Reviewed-by: Joseph Myers <joseph@codesourcery.com>
Don't use a custom wrapper macro around __has_include (bug 25189).
This causes issues when using clang with -frewrite-includes to e.g.,
submit the translation unit to a distributed compiler.
In my case, I was building Firefox using sccache.
See [1] for a reduced test-case since I initially thought this was a
clang bug, and [2] for more context.
Apparently doing this is invalid C++ per [cpp.cond], which mentions [3]:
> The #ifdef and #ifndef directives, and the defined conditional
> inclusion operator, shall treat __has_include and __has_cpp_attribute
> as if they were the names of defined macros. The identifiers
> __has_include and __has_cpp_attribute shall not appear in any context
> not mentioned in this subclause.
Florian Weimer [Thu, 31 Oct 2019 12:28:49 +0000 (13:28 +0100)]
Introduce DL_LOOKUP_FOR_RELOCATE flag for _dl_lookup_symbol_x
This will allow changes in dependency processing during non-lazy
binding, for more precise processing of NODELETE objects: During
initial relocation in dlopen, the fate of NODELETE objects is still
unclear, so objects which are depended upon by NODELETE objects
cannot immediately be marked as NODELETE.
rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
The problem was introduced in glibc 2.23, in commit b9eb92ab05204df772eb4929eccd018637c9f3e9
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
Florian Weimer [Thu, 31 Oct 2019 12:23:06 +0000 (13:23 +0100)]
Enhance _dl_catch_exception to allow disabling exception handling
In some cases, it is necessary to introduce noexcept regions
where raised dynamic loader exceptions (e.g., from lazy binding)
are fatal, despite being nested in a code region with an active
exception handler. This change enhances _dl_catch_exception with
to provide such a capability. The existing function is reused,
so that it is not necessary to introduce yet another function with
a similar purpose.
Florian Weimer [Sun, 3 Nov 2019 10:20:23 +0000 (11:20 +0100)]
Avoid zero-length array at the end of struct link_map [BZ #25097]
l_audit ends up as an internal array with _rtld_global, and GCC 10
warns about this.
This commit does not change the layout of _rtld_global, so it is
suitable for backporting. Future changes could allocate more of the
audit state dynamically and remove it from always-allocated data
structures, to optimize the common case of inactive auditing.
Florian Weimer [Sat, 2 Nov 2019 19:04:02 +0000 (20:04 +0100)]
Introduce link_map_audit_state accessor function
To improve GCC 10 compatibility, it is necessary to remove the l_audit
zero-length array from the end of struct link_map. In preparation of
that, this commit introduces an accessor function for the audit state,
so that it is possible to change the representation of the audit state
without adjusting the code that accesses it.
Florian Weimer [Sun, 3 Nov 2019 10:39:56 +0000 (11:39 +0100)]
Redefine _IO_iconv_t to store a single gconv step pointer [BZ #25097]
libio can only deal with gconv conversions which consist of a single
step. Not using __gconv_info simplifies the data structures somewhat.
This eliminates a new GCC 10 warning about subscribing an inner
zero-length array.
Tested on x86_64-linux-gnu with mainline GCC. Built with
build-many-glibcs.py, also with mainline GCC. Due to GCC PR 92039,
there are failures left on 32-bit architectures with float128 support.
Krzysztof Koch [Wed, 13 Nov 2019 11:57:17 +0000 (11:57 +0000)]
Add new script for plotting string benchmark JSON output
Add a script for visualizing the JSON output generated by existing
glibc string microbenchmarks.
Overview:
plot_strings.py is capable of plotting benchmark results in the
following formats, which are controlled with the -p or --plot argument:
1. absolute timings (-p time): plot the timings as they are in the
input benchmark results file.
2. relative timings (-p rel): plot relative timing difference with
respect to a chosen ifunc (controlled with -b argument).
3. performance relative to max (-p max): for each varied parameter
value, plot 1/timing as the percentage of the maximum value out of
the plotted ifuncs.
4. throughput (-p thru): plot varied parameter value over timing
For all types of graphs, there is an option to explicitly specify
the subset of ifuncs to plot using the --ifuncs parameter.
For plot types 1. and 4. one can hide/expose exact benchmark figures
using the --values flag.
When plotting relative timing differences between ifuncs, the first
ifunc listed in the input JSON file is the baseline, unless the
baseline implementation is explicitly chosen with the --baseline
parameter. For the ease of reading, the script marks the statistically
insignificant range on the graphs. The default is +-5% but this
value can be controlled with the --threshold parameter.
To accommodate for the heterogeneity in benchmark results files,
one can control i.e the x-axis scale, the resolution (dpi) of the
generated figures or the key to access the varied parameter value
in the JSON file. The corresponding options are --logarithmic,
--resolution or --key. The --key parameter ensures that plot_strings.py
works with all files which pass JSON schema validation. The schema
can be chosen with the --schema parameter.
If a window manager is available, one can enable interactive
figure display using the --display flag.
Finally, one can use the --grid flag to enable grid lines in the
generated figures.
Implementation:
plot_strings.py traverses the JSON tree until a 'results' array
is found and generates a separate figure for each such array.
The figure is then saved to a file in one of the available formats
(controlled with the --extension parameter).
As the tree is traversed, the recursive function tracks the metadata
about the test being run, so that each figure has a unique and
meaningful title and filename.
While plot_strings.py works with existing benchmarks, provisions
have been made to allow adding more structure and metadata to these
benchmarks. Currently, many benchmarks produce multiple timing values
for the same value of the varied parameter (typically 'length').
Mutiple data points for the same parameter usually mean that some other
parameter was varied as well, for example, if memmove's src and dst
buffers overlap or not (see bench-memmove-walk.c and
bench-memmove-walk.out).
Unfortunately, this information is not exposed in the benchmark output
file, so plot_strings.py has to resort to computing the geometric mean
of these multiple values. In the process, useful information about the
benchmark configuration is lost. Also, averaging the timings for
different alignments can hide useful characterstics of the benchmarked
ifuncs.
Testing:
plot_strings.py has been tested on all existing string microbenchmarks
which produce results in JSON format. The script was tested on both
Windows 10 and Ubuntu 16.04.2 LTS. It runs on both python 2 and 3
(2.7.12 and 3.5.12 tested).
Useful commands:
1. Plot timings for all ifuncs in bench-strlen.out:
$ ./plot_strings.py bench-strlen.out
2. Display help:
$ ./plot_strings.py -h
3. Plot throughput for __memset_avx512_unaligned_erms and
__memset_avx512_unaligned. Save the generated figure in pdf format to
'results/'. Use logarithmic x-axis scale, show grid lines and expose
the performance numbers:
$ ./plot_strings.py bench.out -o results/ -lgv -e pdf -p thru \
-i __memset_avx512_unaligned_erms __memset_avx512_unaligned
4. Plot relative timings for all ifuncs in bench.out with __generic_memset
as baseline. Display percentage difference threshold of +-10%:
$ ./plot_strings.py bench.out -p rel -b __generic_memset -t 10
Discussion:
1. I would like to propose relaxing the benchout_strings.schema.json
to allow specifying either a 'results' array with 'timings' (as before)
or a 'variants' array. See below example:
'variants' array consists of objects such that each object has a 'name'
attribute to describe the configuration of a particular test in the
benchmark. This can be a description, for example, of how the parameter
was varied or what was the buffer alignment tested. The 'name' attribute
is then followed by another 'variants' array or a 'results' array.
The nesting of variants allows arbitrary grouping of benchmark timings,
while allowing description of these groups. Using recusion, it is
possible to proceduraly create titles and filenames for the figures being
generated.
Florian Weimer [Tue, 12 Nov 2019 11:25:49 +0000 (12:25 +0100)]
login: Use pread64 in utmp implementation
This reduces the possible error scenarios considerably because
no longer can file seek fail, leaving the file descriptor in an
inconsistent state and out of sync with the cache.
As a result, it is possible to avoid setting file_offset to -1
to make an error persistent. Instead, subsequent calls will retry
the operation and report any errors returned by the kernel.
This change also avoids reading the file from the start if pututline
is called multiple times, to work around lock acquisition failures
due to timeouts.
Florian Weimer [Thu, 31 Oct 2019 12:28:26 +0000 (13:28 +0100)]
Clarify purpose of assert in _dl_lookup_symbol_x
Only one of the currently defined flags is incompatible with versioned
symbol lookups, so it makes sense to check for that flag and not its
complement.
Reviewed-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Gabriel F. T. Gomes <gabrielftg@linux.ibm.com>
Change-Id: I3384349cef90cfd91862ebc34a4053f0c0a99404
Krzysztof Koch [Tue, 5 Nov 2019 17:35:18 +0000 (17:35 +0000)]
aarch64: Increase small and medium cases for __memcpy_generic
Increase the upper bound on medium cases from 96 to 128 bytes.
Now, up to 128 bytes are copied unrolled.
Increase the upper bound on small cases from 16 to 32 bytes so that
copies of 17-32 bytes are not impacted by the larger medium case.
Benchmarking:
The attached figures show relative timing difference with respect
to 'memcpy_generic', which is the existing implementation.
'memcpy_med_128' denotes the the version of memcpy_generic with
only the medium case enlarged. The 'memcpy_med_128_small_32' numbers
are for the version of memcpy_generic submitted in this patch, which
has both medium and small cases enlarged. The figures were generated
using the script from:
https://www.sourceware.org/ml/libc-alpha/2019-10/msg00563.html
Depending on the platform, the performance improvement in the
bench-memcpy-random.c benchmark ranges from 6% to 20% between
the original and final version of memcpy.S
Tested against GLIBC testsuite and randomized tests.
Florian Weimer [Tue, 12 Nov 2019 11:02:57 +0000 (12:02 +0100)]
login: Introduce matches_last_entry to utmp processing
This simplifies internal_getut_nolock and fixes a regression,
introduced in commit be6b16d975683e6cca57852cd4cfe715b2a9d8b1
("login: Acquire write lock early in pututline [BZ #24882]")
in pututxline because __utmp_equal can only compare process-related
utmp entries.
Florian Weimer [Tue, 12 Nov 2019 11:41:34 +0000 (12:41 +0100)]
slotinfo in struct dtv_slotinfo_list should be flexible array [BZ #25097]
GCC 10 will warn about subscribing inner length zero arrays. Use a GCC
extension in csu/libc-tls.c to allocate space for the static_slotinfo
variable. Adjust nptl_db so that the type description machinery does
not attempt to determine the size of the flexible array member slotinfo.
Joseph Myers [Mon, 11 Nov 2019 15:04:48 +0000 (15:04 +0000)]
Declare asctime_r, ctime_r, gmtime_r, localtime_r for C2X.
C2X adds the asctime_r, ctime_r, gmtime_r and localtime_r functions.
This patch duly adds __GLIBC_USE (ISOC2X) to the conditions under
which <time.h> declares them.
Lukasz Majewski [Tue, 29 Oct 2019 14:08:00 +0000 (15:08 +0100)]
y2038: linux: Provide __ppoll64 implementation
This patch provides new __ppoll64 explicit 64 bit function for handling polling
events (with struct timespec specified timeout) for a set of file descriptors.
Moreover, a 32 bit version - __ppoll has been refactored to internally use
__ppoll64.
The __ppoll is now supposed to be used on systems still supporting 32 bit time
(__TIMESIZE != 64) - hence the necessary conversion to 64 bit struct
__timespec64.
The new ppoll_time64 syscall available from Linux 5.1+ has been used, when
applicable.
The Linux kernel checks if passed tv_nsec value overflows, so there is no need
to repeat it in the glibc.
When ppoll syscall on systems supporting 32 bit time ABI is used, the check is
performed if passed data (which may have 64 bit tv_sec) fits into 32 bit range.
Build tests:
- The code has been tested on x86_64/x86 (native compilation):
make PARALLELMFLAGS="-j8" && make check PARALLELMFLAGS="-j8" && \\
make xcheck PARALLELMFLAGS="-j8"
- The glibc has been build tested (make PARALLELMFLAGS="-j8") for
x86 (i386), x86_64-x32, and armv7
Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
https://github.com/lmajewski/meta-y2038 and run tests:
https://github.com/lmajewski/y2038-tests/commits/master
- Use of cross-test-ssh.sh for ARM (armv7):
make PARALLELMFLAGS="-j8" test-wrapper='./cross-test-ssh.sh root@192.168.7.2' xcheck
Linux kernel, headers and minimal kernel version for glibc build test
matrix:
- Linux v5.1 (with ppoll_time64) and glibc build with v5.1 as
minimal kernel version (--enable-kernel="5.1.0")
The __ASSUME_TIME64_SYSCALLS flag defined.
- Linux v5.1 and default minimal kernel version
The __ASSUME_TIME64_SYSCALLS not defined, but kernel supports ppoll_time64
syscall.
- Linux v4.19 (no ppoll_time64 support) with default minimal kernel version for
contemporary glibc
This kernel doesn't support ppoll_time64 syscall, so the fallback to ppoll is
tested.
Above tests were performed with Y2038 redirection applied as well as without
(so the __TIMESIZE != 64 execution path is checked as well).
Andreas Schwab [Wed, 30 Oct 2019 09:38:36 +0000 (10:38 +0100)]
Fix array bounds violation in regex matcher (bug 25149)
If the regex has more subexpressions than the number of elements allocated
in the regmatch_t array passed to regexec then proceed_next_node may
access the regmatch_t array outside its bounds.
No testcase added because even without this bug it would then crash in
pop_fail_stack which is bug 11053.
Alistair Francis [Fri, 21 Jun 2019 20:00:23 +0000 (13:00 -0700)]
sysdeps/clock_nanosleep: Use clock_nanosleep_time64 if avaliable
The clock_nanosleep syscall is not supported on newer 32-bit platforms (such
as RV32). To fix this issue let's use clock_nanosleep_time64 if it is
avaliable.
Florian Weimer [Thu, 7 Nov 2019 17:15:18 +0000 (18:15 +0100)]
login: Acquire write lock early in pututline [BZ #24882]
It has been reported that due to lack of fairness in POSIX file
locking, the current reader-to-writer lock upgrade can result in
lack of forward progress. Acquiring the write lock directly
hopefully avoids this issue if there are only writers.
This also fixes bug 24882 due to the cache revalidation in
__libc_pututline.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Change-Id: I57e31ae30719e609a53505a0924dda101d46372e
nptl: Add missing placeholder abi symbol from nanosleep move
Adds the __libpthread_version_placeholder symbol with the same version
of nanosleep/__nanosleep that was removed by 79a547b162657b3f and that
is not provided by other symbols.
Florian Weimer [Thu, 7 Nov 2019 08:53:41 +0000 (09:53 +0100)]
login: Remove double-assignment of fl.l_whence in try_file_lock
Since l_whence is the second member of struct flock, it is written
twice. The double-assignment is technically undefined behavior due to
the lack of a sequence point.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Change-Id: I2baf9e70690e723c61051b25ccbd510aec15976c
liqingqing [Thu, 7 Nov 2019 00:26:54 +0000 (00:26 +0000)]
math: enhance the endloop condition of function handle_input_flag
In the function handle_input_flag, the end-loop condition is not
correct, because when the loop variable i equals 16
(num_input_flag_types), then input_flags[16] will be out of bounds.
(This issue is only relevant with invalid input files to
gen-auto-libm-tests.)
The generic version is straightforward. For Hurd, its nanosleep
implementation is moved to clock_nanosleep with adjustments from
generic unix implementation.
The generic clock_nanosleep unix version is also removed since
it calls nanosleep.
Checked on x86_64-linux-gnu and powerpc64le-linux-gnu.
Checked on x86_64-linux-gnu and powerpc64le-linux-gnu. I also checked
the libpthread.so .gnu.version_d entries for every ABI affected and
all of them contains the required versions (including for architectures
which exports __nanosleep with a different version).
Stefan Liebler [Wed, 6 Nov 2019 07:07:40 +0000 (08:07 +0100)]
S390: Fp comparison are now raising FE_INVALID with gcc 10.
The s390 gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77918
"S390: Floating point comparisons don't raise invalid for unordered operands."
is fixed with gcc 10. Thus we conditionally set FIX_COMPARE_INVALID
to 0 or 1.
Arjun Shankar [Tue, 5 Nov 2019 15:41:25 +0000 (16:41 +0100)]
Fix run-one-test so that it runs elf tests
The `test' make target passes a trailing slash in the subdir argument. This
does not play well with elf/rtld-Rules which looks for `elf' without any
trailing slash, and therefore doesn't find a match when running an elf test
individually. This commit removes the trailing slash from the invocation.
Mike Crowe [Mon, 4 Nov 2019 19:36:21 +0000 (16:36 -0300)]
nptl: Fix niggles with pthread_clockjoin_np
Joseph Myers spotted[1] that 69ca4b54c151cec42ccca5e05790efc1a8206b47 added
pthread_clockjoin_np to sysdeps/nptl/pthread.h but not to its hppa-specific
equivalent sysdeps/unix/sysv/linux/hppa/pthread.h.
Rafal Luzynski spotted[2] typos in the NEWS entry and manual updates too.
Florian Weimer spotted[3] that the clockid parameter was not using a
reserved identifier in pthread.h.
hppa: Align __clone stack argument to 8 bytes (Bug 25066)
The hppa architecture requires strict alignment for loads and stores.
As a result, the minimum stack alignment that will work is 8 bytes.
This patch adjusts __clone() to align the stack argument passed to it.
It also adjusts slightly some formatting.
Lukasz Majewski [Thu, 24 Oct 2019 12:34:46 +0000 (14:34 +0200)]
y2038: linux: Provide __futimens64 implementation
This patch provides new __futimens64 explicit 64 bit function for
setting access and modification time of file (by using its file descriptor).
Moreover, a 32 bit version - __futimens has been refactored to internally use
__futimens64.
The __futimens is now supposed to be used on systems still supporting
32 bit time (__TIMESIZE != 64) - hence the necessary conversions to 64 bit
struct __timespec64.
When pointer to struct __timespec64 is NULL - the file access and modification
time is set to the current one (by the kernel) and no conversions from struct
timespec to __timespec64 are performed.
The __futimens64 reuses __utimensat64_helper defined for __utimensat64.
The test procedure for __futimens64 is the same as for __utimensat64 conversion
patch.
Lukasz Majewski [Thu, 24 Oct 2019 10:12:16 +0000 (12:12 +0200)]
y2038: linux: Provide __utimensat64 implementation
This patch provides new __utimensat64 explicit 64 bit function for
setting access and modification time of a file. Moreover, a 32 bit version
- __utimensat has been refactored to internally use __utimensat64.
The __utimensat is now supposed to be used on systems still supporting
32 bit time (__TIMESIZE != 64) - hence the necessary conversions to 64 bit
struct __timespec64.
When pointer to struct __timespec64 is NULL - the file access and modification
time is set to the current one and no conversions from struct timespec to
__timespec64 are performed.
The new utimensat_time64 syscall available from Linux 5.1+ has been used,
when applicable.
The new helper function - __utimensat64_helper - has been introduced to
facilitate code re-usage on function providing futimens syscall handling.
The Linux kernel checks if passed tv_nsec value overflows, so there is no
need to repeat it in glibc.
When utimensat syscall on systems supporting 32 bit time ABI is used,
the check is performed if passed data (which may have 64 bit tv_sec) fits
into 32 bit range.
Build tests:
- The code has been tested on x86_64/x86 (native compilation):
make PARALLELMFLAGS="-j8" && make xcheck PARALLELMFLAGS="-j8"
- The glibc has been build tested (make PARALLELMFLAGS="-j8") for
x86 (i386), x86_64-x32, and armv7
Run-time tests:
- Run specific tests on ARM/x86 32bit systems (qemu):
https://github.com/lmajewski/meta-y2038 and run tests:
https://github.com/lmajewski/y2038-tests/commits/master
- Use of cross-test-ssh.sh for ARM (armv7):
make PARALLELMFLAGS="-j8" test-wrapper='./cross-test-ssh.sh root@192.168.7.2' xcheck
Linux kernel, headers and minimal kernel version for glibc build test
matrix:
- Linux v5.1 (with utimensat_time64) and glibc build with v5.1 as
minimal kernel version (--enable-kernel="5.1.0")
The __ASSUME_TIME64_SYSCALLS flag defined.
- Linux v5.1 and default minimal kernel version
The __ASSUME_TIME64_SYSCALLS not defined, but kernel supports utimensat_time64
syscall.
- Linux v4.19 (no utimensat_time64 support) with default minimal kernel
version for contemporary glibc
This kernel doesn't support utimensat_time64 syscall, so the fallback
to utimensat is tested.
The above tests were performed with Y2038 redirection applied as well as
without (so the __TIMESIZE != 64 execution path is checked as well).
Mike Crowe [Thu, 31 Oct 2019 13:05:17 +0000 (10:05 -0300)]
nptl: Add pthread_timedjoin_np, pthread_clockjoin_np NULL timeout test
Passing NULL as the timeout parameter to pthread_timedjoin_np has resulted
in it behaving like pthread_join for a long time. Since that is now the
documented behaviour, we ought to test that both it and the new
pthread_clockjoin_np support it.
Mike Crowe [Thu, 31 Oct 2019 13:03:21 +0000 (10:03 -0300)]
nptl: Add pthread_clockjoin_np
Introduce pthread_clockjoin_np as a version of pthread_timedjoin_np that
accepts a clockid_t parameter to indicate which clock the timeout should be
measured against. This mirrors the recently-added POSIX-proposed "clock"
wait functions.