review.tizen.org Git - platform/upstream/glibc.git/log

posix: Replace posix_spawnattr_tc{get,set}pgrp_np with posix_spawn_file_actions_addtcsetpgrp_np

The posix_spawnattr_tcsetpgrp_np works on a file descriptor (the
controlling terminal), so it would make more sense to actually fit
it on the file actions API.

Also, POSIX_SPAWN_TCSETPGROUP is not really required since it is
implicit by the presence of tcsetpgrp file action.

The posix/tst-spawn6.c is also fixed when TTY can is not present.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

or1k: Define PI_STATIC_AND_HIDDEN

PI_STATIC_AND_HIDDEN means that references to static functions, data
and symbols with hidden visibility do not need any run-time relocations
after the final link, with the build flags used by glibc.

OpenRISC follows this so enabled PI_STATIC_AND_HIDDEN by adding
configure.ac and generating configure.

Suggested-by: Florian Weimer <fweimer@redhat.com>

SET_RELHOOK: merge i386 and x86_64, and move to sysdeps/mach/hurd/x86

It is not Hurd-specific, but H.J. Lu wants it there.

Also, dc.a can be used to avoid hardcoding .long vs .quad and thus use
the same implementation for i386 and x86_64.

elf: Fix runtime linker auditing on aarch64 (BZ #26643)

The rtld audit support show two problems on aarch64:

  1. _dl_runtime_resolve does not preserve x8, the indirect result
      location register, which might generate wrong result calls
      depending of the function signature.

  2. The NEON Q registers pushed onto the stack by _dl_runtime_resolve
     were twice the size of D registers extracted from the stack frame by
     _dl_runtime_profile.

While 2. might result in wrong information passed on the PLT tracing,
1. generates wrong runtime behaviour.

The aarch64 rtld audit support is changed to:

  * Both La_aarch64_regs and La_aarch64_retval are expanded to include
    both x8 and the full sized NEON V registers, as defined by the
    ABI.

  * dl_runtime_profile needed to extract registers saved by
    _dl_runtime_resolve and put them into the new correctly sized
    La_aarch64_regs structure.

  * The LAV_CURRENT check is change to only accept new audit modules
    to avoid the undefined behavior of not save/restore x8.

  * Different than other architectures, audit modules older than
    LAV_CURRENT are rejected (both La_aarch64_regs and La_aarch64_retval
    changed their layout and there are no requirements to support multiple
    audit interface with the inherent aarch64 issues).

  * A new field is also reserved on both La_aarch64_regs and
    La_aarch64_retval to support variant pcs symbols.

Similar to x86, a new La_aarch64_vector type to represent the NEON
register is added on the La_aarch64_regs (so each type can be accessed
directly).

Since LAV_CURRENT was already bumped to support bind-now, there is
no need to increase it again.

Checked on aarch64-linux-gnu.

Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

elf: Issue la_symbind for bind-now (BZ #23734)

The audit symbind callback is not called for binaries built with
-Wl,-z,now or when LD_BIND_NOW=1 is used, nor the PLT tracking callbacks
(plt_enter and plt_exit) since this would change the expected
program semantics (where no PLT is expected) and would have performance
implications (such as for BZ#15533).

LAV_CURRENT is also bumped to indicate the audit ABI change (where
la_symbind flags are set by the loader to indicate no possible PLT
trace).

To handle powerpc64 ELFv1 function descriptor, _dl_audit_symbind
requires to know whether bind-now is used so the symbol value is
updated to function text segment instead of the OPD (for lazy binding
this is done by PPC64_LOAD_FUNCPTR on _dl_runtime_resolve).

Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
powerpc64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

elf: Fix initial-exec TLS access on audit modules (BZ #28096)

For audit modules and dependencies with initial-exec TLS, we can not
set the initial TLS image on default loader initialization because it
would already be set by the audit setup. However, subsequent thread
creation would need to follow the default behaviour.

This patch fixes it by setting l_auditing link_map field not only
for the audit modules, but also for all its dependencies. This is
used on _dl_allocate_tls_init to avoid the static TLS initialization
at load time.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

elf: Add la_activity during application exit

la_activity is not called during application exit, even though
la_objclose is.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

localedata: Adjust C.UTF-8 to align with C/POSIX.

We have had one downstream report from Canonical [1] that
an rrdtool test was broken by the differences in LC_TIME
that we had in the non-builtin C locale (C.UTF-8). If one
application has an issue there are going to be others, and
so with this commit we review and fix all the issues that
cause the builtin C locale to be different from C.UTF-8,
which includes:
* mon_decimal_point should be empty e.g. ""
- Depends on mon_decimal_point_wc fix.
* negative_sign should be empty e.g. ""
* week should be aligned with the builtin C/POSIX locale
* d_fmt corrected with escaped slashes e.g. "%m//%d//%y"
* yesstr and nostr should be empty e.g. ""
* country_ab2 and country_ab3 should be empty e.g. ""

We bump LC_IDENTIFICATION version and adjust the date to
indicate the change in the locale.

A new tst-c-utf8-consistency test is added to ensure
consistency between C/POSIX and C.UTF-8.

Tested on x86_64 and i686 without regression.

[1] https://sourceware.org/pipermail/libc-alpha/2022-January/135703.html

Co-authored-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>

localedef: Fix handling of empty mon_decimal_point (Bug 28847)

The handling of mon_decimal_point is incorrect when it comes to
handling the empty "" value.  The existing parser in monetary_read()
will correctly handle setting the non-wide-character value and the
wide-character value e.g. STR_ELEM_WC(mon_decimal_point) if they are
set in the locale definition.  However, in monetary_finish() we have
conflicting TEST_ELEM() which sets a default value (if the locale
definition doesn't include one), and subsequent code which looks for
mon_decimal_point to be NULL to issue a specific error message and set
the defaults. The latter is unused because TEST_ELEM() always sets a
default.  The simplest solution is to remove the TEST_ELEM() check,
and allow the existing check to look to see if mon_decimal_point is
NULL and set an appropriate default.  The final fix is to move the
setting of mon_decimal_point_wc so it occurs only when
mon_decimal_point is being set to a default, keeping both values
consistent. There is no way to tell the difference between
mon_decimal_point_wc having been set to the empty string and not
having been defined at all, for that distinction we must use
mon_decimal_point being NULL or "", and so we must logically set
the default together with mon_decimal_point.

Lastly, there are more fixes similar to this that could be made to
ld-monetary.c, but we avoid that in order to fix just the code
required for mon_decimal_point, which impacts the ability for C.UTF-8
to set mon_decimal_point to "", since without this fix we end up with
an inconsistent setting of mon_decimal_point set to "", but
mon_decimal_point_wc set to "." which is incorrect.

Tested on x86_64 and i686 without regression.
Reviewed-by: Florian Weimer <fweimer@redhat.com>

malloc: Fix tst-mallocalign1 macro spacing.

Reported by Andreas Schwab <schwab@linux-m68k.org>

elf: Add <dl-r_debug.h>

Add <dl-r_debug.h> to get the adddress of the r_debug structure after
relocation and its offset before relocation from the PT_DYNAMIC segment
to support DT_DEBUG, DT_MIPS_RLD_MAP_REL and DT_MIPS_RLD_MAP.

Co-developed-by: Xi Ruoyao <xry111@mengyan1223.wang>

Mention _FORTIFY_SOURCE=3 for gcc12 in NEWS

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779]

The test leaks bits from the freed pointer via the return value
in ret, and the compiler correctly identifies this issue.
We switch the test to use TEST_VERIFY and terminate the test
if any of the pointers return an unexpected alignment.

This fixes another -Wuse-after-free error when compiling glibc
with gcc 12.

Tested on x86_64 and i686 without regression.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Update libc.pot for 2.35 release.

tst-socket-timestamp-compat.c: Check __TIMESIZE [BZ #28837]

time_t size is defined by __TIMESIZE, not __WORDSIZE. Check __TIMESIZE,
instead of __WORDSIZE, for time_t size. This fixes BZ #28837.

Add prelink removal plan on NEWS

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Linux: Only generate 64 bit timestamps for 64 bit time_t recvmsg/recvmmsg

The timestamps created by __convert_scm_timestamps only make sense for
64 bit time_t programs, 32 bit time_t programs will ignore 64 bit time_t
timestamps since SO_TIMESTAMP will be defined to old values (either by
glibc or kernel headers).

Worse, if the buffer is not suffice MSG_CTRUNC is set to indicate it
(which breaks some programs [1]).

This patch makes only 64 bit time_t recvmsg and recvmmsg to call
__convert_scm_timestamps. Also, the assumption to called it is changed
from __ASSUME_TIME64_SYSCALLS to __TIMESIZE != 64 since the setsockopt
might be called by libraries built without __TIME_BITS=64. The
MSG_CTRUNC is only set for the 64 bit symbols, it should happen only
if 64 bit time_t programs run older kernels.

Checked on x86_64-linux-gnu and i686-linux-gnu.

[1] https://github.com/systemd/systemd/pull/20567

Reviewed-by: Florian Weimer <fweimer@redhat.com>

linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350)

The __convert_scm_timestamps only updates the control message last
pointer for SOL_SOCKET type, so if the message control buffer contains
multiple ancillary message types the converted timestamp one might
overwrite a valid message.

The test checks if the extra ancillary space is correctly handled
by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
time_t converted message the control buffer should be marked with
MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
ancillary data.

Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
4.15 kernel.

Co-authored-by: Fabian Vogt <fvogt@suse.de>
Reviewed-by: Florian Weimer <fweimer@redhat.com>

support: Add support_socket_so_timestamp_time64

Check if the socket support 64-bit network packages timestamps
(SO_TIMESTAMP and SO_TIMESTAMPNS). This will be used on recvmsg
and recvmmsg tests to check if the timestamp should be generated.

Reviewed-by: Florian Weimer <fweimer@redhat.com>

Fix elf/loadfail test build dependencies

There was no direct or indirect make dependency on testobj3.so so the
test could fail with

/B/elf/loadfail: failed to load shared object: testobj3.so: cannot open
shared object file: No such file or directory

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader)

The glibc 2.34 release really should have added a GLIBC_2.34
symbol to the dynamic loader. With it, we could move functions such
as dlopen or pthread_key_create that work on process-global state
into the dynamic loader (once we have fixed a longstanding issue
with static linking). Without the GLIBC_2.34 symbol, yet another
new symbol version would be needed because old glibc will fail to
load binaries due to the missing symbol version in ld.so that newly
linked programs will require.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

x86: Use CHECK_FEATURE_PRESENT to check HLE [BZ #27398]

HLE is disabled on blacklisted CPUs. Use CHECK_FEATURE_PRESENT, instead
of CHECK_FEATURE_ACTIVE, to check HLE.

Guard tst-valgrind-smoke.out with run-built-tests

Prevent tst-valgrind-smoke from running when run-built-tests is not yes.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

hurd: Add posix_spawnattr_tc{get,set}pgrp_np on libc.abilist

Commit 342cc934a3bf74ac missed the update-abi for the ABI.

Avoid -Wuse-after-free in tests [BZ #26779].

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

elf: Replace tst-p_alignmod1-editX with a python script

This avoid the cross-compiling breakage when the test should not run
($(run-built-tests) equal to no).

Checked on x86_64-linux-gnu and i686-linux-gnu as well with a cross
compile to aarch64-linux-gnu and powerpc64-linux-gnu.

stdlib: Avoid -Wuse-after-free in __add_to_environ [BZ #26779]

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

io: Fix use-after-free in ftw [BZ #26779]

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

intl: Avoid -Wuse-after-free [BZ #26779]

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

elf: Fix use-after-free in ldconfig [BZ #26779]

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

posix: Add terminal control setting support for posix_spawn

Currently there is no proper way to set the controlling terminal through
posix_spawn in race free manner [1].  This forces shell implementations
to keep using fork+exec when launching background process groups,
even when using posix_spawn yields better performance.

This patch adds a new GNU extension so the creating process can
configure the created process terminal group.  This is done with a new
flag, POSIX_SPAWN_TCSETPGROUP, along with two new attribute functions:
posix_spawnattr_tcsetpgrp_np, and posix_spawnattr_tcgetpgrp_np.
The function sets a new attribute, spawn-tcgroupfd, that references to
the controlling terminal.

The controlling terminal is set after the spawn-pgroup attribute, and
uses the spawn-tcgroupfd along with current creating process group
(so it is composable with POSIX_SPAWN_SETPGROUP).

To create a process and set the controlling terminal, one can use the
following sequence:

    posix_spawnattr_t attr;
    posix_spawnattr_init (&attr);
    posix_spawnattr_setflags (&attr, POSIX_SPAWN_TCSETPGROUP);
    posix_spawnattr_tcsetpgrp_np (&attr, tcfd);

If the idea is also to create a new process groups:

    posix_spawnattr_t attr;
    posix_spawnattr_init (&attr);
    posix_spawnattr_setflags (&attr, POSIX_SPAWN_TCSETPGROUP
     | POSIX_SPAWN_SETPGROUP);
    posix_spawnattr_tcsetpgrp_np (&attr, tcfd);
    posix_spawnattr_setpgroup (&attr, 0);

The controlling terminal file descriptor is ignored if the new flag is
not set.

This interface is slight different than the one provided by QNX [2],
which only provides the POSIX_SPAWN_TCSETPGROUP flag.  The QNX
documentation does not specify how the controlling terminal is obtained
nor how it iteracts with POSIX_SPAWN_SETPGROUP.  Since a glibc
implementation is library based, it is more straightforward and avoid
requires additional file descriptor operations to request the caller
to setup the controlling terminal file descriptor (and it also allows
a bit less error handling by posix_spawn).

Checked on x86_64-linux-gnu and i686-linux-gnu.

[1] https://github.com/ksh93/ksh/issues/79
[2] https://www.qnx.com/developers/docs/7.0.0/index.html#com.qnx.doc.neutrino.lib_ref/topic/p/posix_spawn.html

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

Linux: Detect user namespace support in io/tst-getcwd-smallbuff

Otherwise the test fails with certain container runtimes.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Fix handling of unterminated bracket expressions in fnmatch (bug 28792)

When fnmatch processes a bracket expression, and eventually finds it to be
unterminated, it should rescan it, treating the starting bracket as a
normal character. That didn't happen when a matching character was found
while scanning the bracket expression.

realpath: Avoid overwriting preexisting error (CVE-2021-3998)

Set errno and failure for paths that are too long only if no other error
occurred earlier.

Related: BZ #28770

Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

elf: Add a test for PT_LOAD segments with invalid p_align [BZ #28688]

Build tst-p_alignmod3.so with 256 byte page size and verify that it is
rejected with a proper error message.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

elf: Add a test for PT_LOAD segments with p_align == 1 [BZ #28688]

Add tst-p_alignmod2-edit to edit the copy of tst-p_alignmod-base.so to
set p_align of the first PT_LOAD segment to 1 and verify that the shared
library can be loaded normally.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

elf: Add a test for PT_LOAD segments with mixed p_align [BZ #28676]

Add tst-p_alignmod1-edit to edit the copy of tst-p_alignmod-base.so to
reduce p_align of the first PT_LOAD segment by half and verify that the
shared library is mapped with the maximum p_align of all PT_LOAD segments.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

Add and use link-test-modules-rpath-link [BZ #28455]

DT_RUNPATH is only used to find the immediate dependencies of the
executable or shared object containing the DT_RUNPATH entry:

1. Define link-test-modules-rpath-link if $(build-hardcoded-path-in-tests)
is yes.
2. Use $(link-test-modules-rpath-link) in build-module-helper so that
test modules can dlopen modules with DT_RUNPATH.
3. Add a test to show why link-test-modules-rpath-link is needed.

This partially fixes BZ #28455.

tst-realpath-toolong: Fix hurd build

Define PATH_MAX to a constant if it isn't already defined, like in hurd.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)

No valid path returned by getcwd would fit into 1 byte, so reject the
size early and return NULL with errno set to ERANGE.  This change is
prompted by CVE-2021-3999, which describes a single byte buffer
underflow and overflow when all of the following conditions are met:

- The buffer size (i.e. the second argument of getcwd) is 1 byte
- The current working directory is too long
- '/' is also mounted on the current working directory

Sequence of events:

- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
  because the linux kernel checks for name length before it checks
  buffer size

- The code falls back to the generic getcwd in sysdeps/posix

- In the generic func, the buf[0] is set to '\0' on line 250

- this while loop on line 262 is bypassed:

    while (!(thisdev == rootdev && thisino == rootino))

  since the rootfs (/) is bind mounted onto the directory and the flow
  goes on to line 449, where it puts a '/' in the byte before the
  buffer.

- Finally on line 458, it moves 2 bytes (the underflowed byte and the
  '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.

- buf is returned on line 469 and errno is not set.

This resolves BZ #28769.

Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Add valgrind smoke test

Check if whether valgrind is available in the test environment.
If not, skip the test. Run smoke tests with valgrind to verify dynamic loader.
First, check if algrind works with the system ld.so in the test
environment. Then run the actual test inside the test environment,
using the just build ld.so and new libraries.

Co-authored-by: Mark Wielaard <mark@klomp.org>

htl: Fix cleaning the reply port

If any RPC fails, the reply port will already be deallocated.
__pthread_thread_terminate thus has to defer taking its name until the very last
__thread_terminate_release which doesn't reply a message. But then we
have to read from the pthread structure.

This introduces __pthread_dealloc_finish() which does the recording of
the thread termination, so the slot can be reused really only just before
the __thread_terminate_release call. Only the real thread can set it, so
let's decouple this from the pthread_state by just removing the
PTHREAD_TERMINATED state and add a terminated field.

elf: Properly align all PT_LOAD segments [BZ #28676]

Linker may set p_align of a PT_LOAD segment larger than p_align of the
first PT_LOAD segment to satisfy a section alignment:

Elf file type is DYN (Shared object file)
Entry point 0x0
There are 10 program headers, starting at offset 64

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000834 0x0000000000000834  R E    0x1000
  LOAD           0x0000000000000e00 0x0000000000001e00 0x0000000000001e00
                 0x0000000000000230 0x0000000000000230  RW     0x1000
  LOAD           0x0000000000400000 0x0000000000400000 0x0000000000400000
                 0x0000000000000004 0x0000000000000008  RW     0x400000
...

Section to Segment mapping:
  Segment Sections...
   00     .note.gnu.property .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame
   01     .init_array .fini_array .data.rel.ro .dynamic .got .got.plt
   02     .data .bss

We should align the first PT_LOAD segment to the maximum p_align of all
PT_LOAD segments, similar to the kernel commit:

commit ce81bb256a224259ab686742a6284930cbe4f1fa
Author: Chris Kennelly <ckennelly@google.com>
Date:   Thu Oct 15 20:12:32 2020 -0700

    fs/binfmt_elf: use PT_LOAD p_align values for suitable start address

This fixes BZ #28676.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX [BZ #28770]

realpath returns an allocated string when the result exceeds PATH_MAX,
which is unexpected when its second argument is not NULL. This results
in the second argument (resolved) being uninitialized and also results
in a memory leak since the caller expects resolved to be the same as the
returned value.

Return NULL and set errno to ENAMETOOLONG if the result exceeds
PATH_MAX. This fixes [BZ #28770], which is CVE-2021-3998.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

support: Add helpers to create paths longer than PATH_MAX

Add new helpers support_create_and_chdir_toolong_temp_directory and
support_chdir_toolong_temp_directory to create and descend into
directory trees longer than PATH_MAX.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

nptl: Effectively skip CAS in spinlock loop

The commit:
"Add LLL_MUTEX_READ_LOCK [BZ #28537]"
SHA1: d672a98a1af106bd68deb15576710cd61363f7a6

introduced LLL_MUTEX_READ_LOCK, to skip CAS in spinlock loop
if atomic load fails. But, "continue" inside of do-while loop
does not skip the evaluation of escape expression, thus CAS
is not skipped.

Replace do-while with while and skip LLL_MUTEX_TRYLOCK if
LLL_MUTEX_READ_LOCK fails.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

mips: Move DT_MIPS into <ldsodefs.h>

ELF_MACHINE_XHASH_SETUP in that file needs it.

Fixes commit c90363403b57b3b7919061851cb3e6d9c85e784a
("elf: Move _dl_setup_hash to its own file").

x86_64: Document libmvec vector functions accuracy [BZ #28766]

Document maximum 4 ulps accuracy for x86_64 libmvec functions.
This fixes BZ #28766.

Reviewed-By: Paul Zimmermann <Paul.Zimmermann@inria.fr>

x86: Black list more Intel CPUs for TSX [BZ #27398]

Disable TSX and enable RTM_ALWAYS_ABORT for Intel CPUs listed in:

https://www.intel.com/content/www/us/en/support/articles/000059422/processors.html

This fixes BZ #27398.

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>

elf: Fix tst-align3

The elf/tst-align3.c declares the function using a wrong prototype.

Checked on aarch64-linux-gnu.

elf: Move _dl_setup_hash to its own file

And compile it with the early CFLAGS. _dl_setup_hash is called
very early for the ld.so link map, so it should be compiled
differently.

Reviewed-by: Stefan Liebler <stli@linux.ibm.com>
Tested-by: Stefan Liebler <stli@linux.ibm.com>

htl: Fix build error in annexc

We were getting

../scripts/evaluate-test.sh posix/annexc $? true false > /usr/src/glibc-upstream/build/posix/annexc.test-result
In file included from ../include/pthread.h:1,
                 from <stdin>:1:
../sysdeps/htl/include/pthread.h:7:62: error: missing binary operator before token "("
    7 | # if defined __USE_EXTERN_INLINES && defined _LIBC && !IS_IN (libsupport)
      |                                                              ^

elf: Reinstate tst-audit17

9926f6e2eeb3 ("elf: Skip tst-auditlogmod-* if the linker doesn't support
--depaudit [BZ #28 151]") dropped the test by mistake.

x86: use default cache size if it cannot be determined [BZ #28784]

In some cases (e.g QEMU, non-Intel/AMD CPU) the cache information can
not be retrieved and the corresponding values are set to 0.

Commit 2d651eb9265d ("x86: Move x86 processor cache info to
cpu_features") changed the behaviour in such case by defining the
__x86_shared_cache_size and __x86_data_cache_size variables to 0 instead
of using the default values. This cause an issue with the i686 SSE2
optimized bzero/routine which assumes that the cache size is at least
128 bytes, and otherwise tries to zero/set the whole address space minus
128 bytes.

Fix that by restoring the original code to only update
__x86_shared_cache_size and __x86_data_cache_size variables if the
corresponding cache sizes are not zero.

Fixes bug 28784
Fixes commit 2d651eb9265d

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

rt/tst-mqueue*: Return UNSUPPORTED when mq_open fails with ENOSYS

Rather than returning 0 or a failure.

Linux: Add epoll_pwait2 (BZ #27359)

It is similar to epoll_wait, with the difference the timeout has
nanosecond resoluting by using struct timespec instead of int.

Although Linux interface only provides 64 bit time_t support, old
32 bit interface is also provided (so keep in sync with current
practice and to no force opt-in on 64 bit time_t).

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>

Properly handle --disable-default-pie [BZ #28780]

When --disable-default-pie is used, all glibc programs and the testsuite
should be built as position dependent executables (non-PIE), regardless
if the build compiler supports PIE or static PIE.

When --disable-default-pie is used, don't build static PIE by default.

This fixes BZ #28780.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

elf: Fix 64 time_t support for installed statically binaries

The usage of internal static symbol for statically linked binaries
does not work correctly for objects built with -D_TIME_BITS=64,
since the internal definition does not provide the expected aliases.

This patch makes it to use the default stat functions instead (which
uses the default 64 time_t alias and types).

Checked on i686-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

Revert "elf: Fix 64 time_t support for installed statically binaries"

This reverts commit 0b8e83eb1455f3c0332eeb1f96fbc262fbd054e0.

CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)

The sunrpc function svcunix_create suffers from a stack-based buffer
overflow with overlong pathname arguments.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)

Processing an overlong pathname in the sunrpc clnt_create function
results in a stack-based buffer overflow.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

socket: Add the __sockaddr_un_set function

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

elf/tst-dl_find_object: Disable subtests for non-contiguous maps (bug 28732)

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

elf: Set l_contiguous to 1 for the main map in more cases

l_contiguous was not initialized at all for the main map and
always 0. This commit adds code to check if the LOAD segments
are adjacent to each other, and sets l_contiguous accordingly.
This helps _dl_find_object because it is more efficient if the
main mapping is contiguous.

Note that not all (PIE or non-PIE) binaries are contiguous in this
way because BFD ld creates executables with LOAD holes:

ELF LOAD segments creating holes in the process image on GNU/Linux
https://sourceware.org/pipermail/binutils/2022-January/119082.html
https://sourceware.org/bugzilla/show_bug.cgi?id=28743

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

elf: Introduce rtld_setup_main_map

This function collects most of the processing needed to initialize
the link map for the main executable.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

hurd: Make RPC input array parameters const

This follows mig's cf4bcc3f1435 ("Also add const qualifiers on server
side")

hurd: optimize exec cleanup

When ports are nul we do not need to request their deallocation. It is
also useless to look for them in portnames.

hurd: Add __rtld_execve

It trivially execs with the same dtable, portarray and intarray, and only
has to take care of deallocating / destroying ports (file, notably).

hurd: Fix exec() leak on proc_task2proc failure

env is allocated after args, so should be freed before it.

htl: Hide __pthread_attr's __schedparam type [BZ #23088]

The content of the structure is only used internally, so we can make
__pthread_attr_getschedparam and __pthread_attr_setschedparam convert
between the public sched_param type and an internal __sched_param.

This allows to avoid to spuriously expose the sched_param type.

This fixes BZ #23088.

htl: Clear kernel_thread field before releasing the thread structure

Otherwise this is a use-after-free.

hurd: drop SA_SIGINFO availability xfail

BZ #23089 was fixed by d865ff74ba09 ("hurd: implement SA_SIGINFO signal
handlers")

hurd: Fix timer/clock_getres crash on NULL res parameter

POSIX allows res to be NULL.

hurd: Fix pthread_kill on exiting/ted thread

We have to drop the kernel_thread port from the thread structure, to
avoid pthread_kill's call to _hurd_thread_sigstate trying to reference
it and fail.

[hurd] Drop spurious #ifdef SHARED

The whole file is already #ifdef SHARED

[hurd] Call _dl_sort_maps_init in _dl_sysdep_start

This follows 15a0c5730d1d ("elf: Fix slow DSO sorting behavior in
dynamic loader (BZ #17645)").

elf tst-dl_find_object: Fix typo

mod1 was xdlclose()d a few lines above.

s390x: Use <gcc-macros.h> in early HWCAP check

This is required so that the checks still work if $(early-cflags)
selects a different ISA level.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

x86: Add x86-64-vN check to early startup

This ISA level covers the glibc build itself. <dl-hwcap-check.h>
cannot be used because this check (by design) happens before
DL_PLATFORM_INIT and the x86 CPU flags initialization.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

powerpc64le: Use <gcc-macros.h> in early HWCAP check

This is required so that the checks still work if $(early-cflags)
selects a different ISA level.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

Add --with-rtld-early-cflags configure option

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

elf: Split dl-printf.c from dl-misc.c

This allows to use different compiler flags for the diagnostics
code.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

elf/Makefile: Reflow and sort most variable assignments

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

Generate gcc-macros.h

The file can be used to check the effect of the default compiler
flags on code generation even in areas of the build that uses
non-default compiler flags.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

x86: HAVE_X86_LAHF_SAHF, HAVE_X86_MOVBE and -march=x86-64-vN (bug 28782)

HAVE_X86_LAHF_SAHF is implied by x86-64-v2, and HAVE_X86_MOVBE by
x86-64-v3.

The individual flag does not appear in -fverbose-asm flag output
even if the ISA level implies it.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

math: Add more inputs to atan2 accuracy tests [BZ #28765]

This patch adds following inputs:

0x1.bcab29da0e947p-54 0x1.bc41f4d2294b8p-54
0x1.a11891ec004d4p-348 0x1.814830510be26p-348
0x1.b836ed678be29p-588 0x1.b7be6f5a03a8cp-588
0x1.a83f842ef3f73p-633 0x1.a799d8a6677ep-633

to atan2 tests and updates x86_64 double atan2 ulps.

This fixes BZ #28765.

Reviewed-By: Paul Zimmermann <Paul.Zimmermann@inria.fr>

Disable debuginfod in printer tests [BZ #28757]

With gdb-11.1-6.fc35.x86_64, I got

FAIL: nptl/test-cond-printers
FAIL: nptl/test-condattr-printers
FAIL: nptl/test-mutex-printers
FAIL: nptl/test-mutexattr-printers
FAIL: nptl/test-rwlock-printers
FAIL: nptl/test-rwlockattr-printers

$ cat nptl/test-condattr-printers.out
Error: Response does not match the expected pattern.
Command: start
Expected pattern: main
Response: Temporary breakpoint 1 at 0x11d5: file test-condattr-printers.c, line 43.
Starting program: /export/build/gnu/tools-build/glibc-cet-gitlab/build-x86_64-linux/nptl/test-condattr-printers

This GDB supports auto-downloading debuginfo from the following URLs:
https://debuginfod.fedoraproject.org/
Enable debuginfod for this session? (y or [n])

Disable debuginfod to avoid GDB messages. This fixes BZ #28757.

Reviewed-by: Florian Weimer <fweimer@redhat.com>

Update syscall lists for Linux 5.16

Linux 5.16 has one new syscall, futex_waitv. Update
syscall-names.list and regenerate the arch-syscall.h headers with
build-many-glibcs.py update-syscalls.

Tested with build-many-glibcs.py.

i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bug 28771)

The configure check for CAN_USE_REGISTER_ASM_EBP tried to compile a
simple function that uses %ebp as an inline assembly operand.  If
compilation failed, CAN_USE_REGISTER_ASM_EBP was set 0, which
eventually had these consequences:

(1) %ebx was avoided as an inline assembly operand, with an
    assembler macro hack to avoid unnecessary register moves.
(2) %ebp was avoided as an inline assembly operand, using an
    out-of-line syscall function for 6-argument system calls.

(1) is no longer needed for any GCC version that is supported for
building glibc.  %ebx can be used directly as a register operand.
Therefore, this commit removes the %ebx avoidance completely.  This
avoids the assembler macro hack, which turns out to be incompatible
with the current Systemtap probe macros (which switch to .altmacro
unconditionally).

(2) is still needed in many build configurations.  The existing
configure check cannot really capture that because the simple function
succeeds to compile, while the full glibc build still fails.
Therefore, this commit removes the check, the CAN_USE_REGISTER_ASM_EBP
macro, and uses the out-of-line syscall function for 6-argument system
calls unconditionally.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

stdlib: Fix formatting of tests list in Makefile

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Florian Weimer <fweimer@redhat.com>

stdlib: Sort tests in Makefile

Put one test per line and sort them.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

x86_64: Fix SSE4.2 libmvec atan2 function accuracy [BZ #28765]

This patch fixes SSE4.2 libmvec atan2 function accuracy for following
inputs to less than 4 ulps.

{0x1.bcab29da0e947p-54,0x1.bc41f4d2294b8p-54} 4.19888 ulps
{0x1.b836ed678be29p-588,0x1.b7be6f5a03a8cp-588} 4.09889 ulps

This fixes BZ #28765.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

debug: Synchronize feature guards in fortified functions [BZ #28746]

Some functions (e.g. stpcpy, pread64, etc.) had moved to POSIX in the
main headers as they got incorporated into the standard, but their
fortified variants remained under __USE_GNU. As a result, these
functions did not get fortified when _GNU_SOURCE was not defined.

Add test wrappers that check all functions tested in tst-chk0 at all
levels with _GNU_SOURCE undefined and then use the failures to (1)
exclude checks for _GNU_SOURCE functions in these tests and (2) Fix
feature macro guards in the fortified function headers so that they're
the same as the ones in the main headers.

This fixes BZ #28746.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

debug: Autogenerate _FORTIFY_SOURCE tests

Rename debug/tst-chk1.c to debug/tst-fortify.c and add make hackery to
autogenerate tests with different macros enabled to build and run the
same test with different configurations as well as different
fortification levels.

The change also ends up expanding the -lfs tests to include
_FORTIFY_SOURCE=3.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

Do not build libresolv module with 64 bit time_t flags

It is not used to build installed programs. It also fixes
resolv/tst-p_secstodate on big endian machines.

Checked on i686-linux-gnu and powerpc-linux-gnu-power4.

Revert "linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ #28350)"

This reverts commit 21e0f45c7d73df6fe30c77ffcc9f81410e2ee369.

Revert "support: Add support_socket_so_timestamp_time64"

This reverts commit a4cf12360fb7a8eae4fa4923763309b7f10797c3.

timezone: Fix tst-bz28707 Makefile rule

The $(testdata)/XT5 rule is ambiguous and it may not be correct
evaluated.

linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ #28350)

The __convert_scm_timestamps() only updates the control message last
pointer for SOL_SOCKET type, so if the message control buffer contains
multiple ancillary message types the converted timestamp one might
overwrite a valid message.

The test check if the extra ancillary space is correctly handled
by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
time_t converted message the control buffer should be marked with
MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
ancillary data.

Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
4.15 kernel.

Co-authored-by: Fabian Vogt <fvogt@suse.de>