platform/upstream/glibc.git
17 months agoscripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3
Adhemerval Zanella [Thu, 20 Jul 2023 14:35:54 +0000 (11:35 -0300)]
scripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3

The 30379efad1 added _FORTIFY_SOURCE checks without check if compiler
does support all used fortify levels.  This patch fixes it by first
checking at configure time the maximum support fortify level and using
it instead of a pre-defined one.

Checked on x86_64 with gcc 11, 12, and 13.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Tested-by: Florian Weimer <fweimer@redhat.com>
17 months agoconfigure: Disable building libcrypt by default
Siddhesh Poyarekar [Mon, 17 Jul 2023 16:44:17 +0000 (12:44 -0400)]
configure: Disable building libcrypt by default

We mentioned eventual dropping of libcrypt in the 2.28 NEWS.  Actually
put that plan in motion by first disabling building libcrypt by default.
note in NEWS that the library will be dropped completely in a future
release.

Also add a couple of builds into build-many-glibcs.py.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Andreas K. Hüttel <dilfridge@gentoo.org>
17 months agonptl: Make tst-tls3mod.so explicitly lazy
Arsen Arsenović [Wed, 19 Jul 2023 19:24:37 +0000 (21:24 +0200)]
nptl: Make tst-tls3mod.so explicitly lazy

Fixes the following test-time errors, that lead to FAILs, on toolchains
that set -z now out o the box, such as the one used on Gentoo Hardened:

  .../build-x86-x86_64-pc-linux-gnu-nptl $ grep '' nptl/tst-tls3*.out
  nptl/tst-tls3.out:dlopen failed
  nptl/tst-tls3-malloc.out:dlopen failed

Reviewed-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
17 months agomake ‘struct pthread’ a complete type
Paul Eggert [Wed, 19 Jul 2023 21:09:26 +0000 (14:09 -0700)]
make ‘struct pthread’ a complete type

* nptl/descr.h (struct pthread): Remove end_padding member, which
made this type incomplete.
(PTHREAD_STRUCT_END_PADDING): Stop using end_padding.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agoscripts: Add fortify checks on installed headers
Adhemerval Zanella [Wed, 19 Jul 2023 14:37:01 +0000 (11:37 -0300)]
scripts: Add fortify checks on installed headers

The _FORTIFY_SOURCE is used as default by some system compilers,
and there is no way to check if some fortify extension does not
trigger any conformance issue.

Checked on x86_64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
17 months agoUpdate x86_64 libm-test-ulps (x32 ABI)
Andreas K. Hüttel [Wed, 19 Jul 2023 14:56:54 +0000 (16:56 +0200)]
Update x86_64 libm-test-ulps (x32 ABI)

Based on feedback by Mike Gilbert <floppym@gentoo.org>
Linux-6.1.38-dist x86_64 AMD Phenom-tm- II X6 1055T Processor
-march=amdfam10
failures occur for x32 ABI

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
17 months agoFix getting return address in elf/tst-audit28.c.
Stefan Liebler [Thu, 13 Jul 2023 13:13:48 +0000 (15:13 +0200)]
Fix getting return address in elf/tst-audit28.c.

Starting with commit 1bcfe0f732066ae5336b252295591ebe7e51c301, the
test was enhanced and the object for __builtin_return_address (0)
is searched with _dl_find_object.

Unfortunately on e.g. s390 (31bit), a postprocessing step is needed
as the highest bit has to be masked out.  This can be done with
__builtin_extract_return_addr.

Without this postprocessing, _dl_find_object returns with -1 and the
content of dlfo is invalid, which may lead to segfaults in basename.
Therefore those checks are now only done on success.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
17 months ago[PATCH v1] x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
Noah Goldstein [Tue, 18 Jul 2023 15:27:59 +0000 (10:27 -0500)]
[PATCH v1] x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.

On some machines we end up with incomplete cache information. This can
make the new calculation of `sizeof(total-L3)/custom-divisor` end up
lower than intended (and lower than the prior value). So reintroduce
the old bound as a lower bound to avoid potentially regressing code
where we don't have complete information to make the decision.
Reviewed-by: DJ Delorie <dj@redhat.com>
17 months agox86: Fix slight bug in `shared_per_thread` cache size calculation.
Noah Goldstein [Tue, 18 Jul 2023 04:14:33 +0000 (23:14 -0500)]
x86: Fix slight bug in `shared_per_thread` cache size calculation.

After:
```
    commit af992e7abdc9049714da76cae1e5e18bc4838fb8
    Author: Noah Goldstein <goldstein.w.n@gmail.com>
    Date:   Wed Jun 7 13:18:01 2023 -0500

        x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
```

Split `shared` (cumulative cache size) from `shared_per_thread` (cache
size per socket), the `shared_per_thread` *can* be slightly off from
the previous calculation.

Previously we added `core` even if `threads_l2` was invalid, and only
used `threads_l2` to divide `core` if it was present. The changed
version only included `core` if `threads_l2` was valid.

This change restores the old behavior if `threads_l2` is invalid by
adding the entire value of `core`.
Reviewed-by: DJ Delorie <dj@redhat.com>
17 months agoUpdate i686 libm-test-ulps (again)
Andreas K. Hüttel [Tue, 18 Jul 2023 23:32:13 +0000 (01:32 +0200)]
Update i686 libm-test-ulps (again)

Based on feedback by Arsen Arsenović <arsen@gentoo.org>
Linux-6.1.38-gentoo-dist-hardened x86_64 AMD Ryzen 7 3800X 8-Core Processor
-march=x86-64-v2

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
17 months agoUpdate i686 libm-test-ulps
Andreas K. Hüttel [Tue, 18 Jul 2023 21:12:24 +0000 (23:12 +0200)]
Update i686 libm-test-ulps

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
17 months agoMerge translations (de, ro, uk, zh_TW)
Andreas K. Hüttel [Tue, 18 Jul 2023 19:22:19 +0000 (21:22 +0200)]
Merge translations (de, ro, uk, zh_TW)

Line numbers, version numbers, template date changed everywhere
Nontrivial changes in de, ro, uk, zh_TW

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
17 months agoRegenerate libc.pot
Andreas K. Hüttel [Mon, 17 Jul 2023 18:39:38 +0000 (20:39 +0200)]
Regenerate libc.pot

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
17 months agoconfigure: Use autoconf 2.71
Siddhesh Poyarekar [Thu, 29 Jun 2023 18:34:16 +0000 (14:34 -0400)]
configure: Use autoconf 2.71

Bump autoconf requirement to 2.71 to allow regenerating configure on
more recent distributions.  autoconf 2.71 has been in Fedora since F36
and is the current version in Debian stable (bookworm).  It appears to
be current in Gentoo as well.

All sysdeps configure and preconfigure scripts have also been
regenerated; all changes are trivial transformations that do not affect
functionality.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
17 months agoUpdate sparc libm-test-ulps
Adhemerval Zanella [Mon, 17 Jul 2023 13:09:44 +0000 (10:09 -0300)]
Update sparc libm-test-ulps

17 months agos390: Add the clone3 wrapper
Adhemerval Zanella [Thu, 13 Jul 2023 13:26:34 +0000 (10:26 -0300)]
s390: Add the clone3 wrapper

It follows the internal signature:

  extern int clone3 (struct clone_args *__cl_args, size_t __size,
                     int (*__func) (void *__arg), void *__arg);

Checked on s390x-linux-gnu and s390-linux-gnu.

17 months agomanual: Fix typos in struct dl_find_object
Bert Wesarg [Thu, 13 Jul 2023 10:26:59 +0000 (12:26 +0200)]
manual: Fix typos in struct dl_find_object

Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>
17 months agosparc: Fix la_symbind for bind-now (BZ 23734)
Adhemerval Zanella [Mon, 10 Jul 2023 20:01:00 +0000 (17:01 -0300)]
sparc: Fix la_symbind for bind-now (BZ 23734)

The sparc ABI has multiple cases on how to handle JMP_SLOT relocations,
(sparc_fixup_plt/sparc64_fixup_plt).  For BINDNOW, _dl_audit_symbind
will be responsible to setup the final relocation value; while for
lazy binding _dl_fixup/_dl_profile_fixup will call the audit callback
and tail cail elf_machine_fixup_plt (which will call
sparc64_fixup_plt).

This patch fixes by issuing the SPARC specific routine on bindnow and
forwarding the audit value to elf_machine_fixup_plt for lazy resolution.
It fixes the la_symbind for bind-now tests on sparc64 and sparcv9:

  elf/tst-audit24a
  elf/tst-audit24b
  elf/tst-audit24c
  elf/tst-audit24d

Checked on sparc64-linux-gnu and sparcv9-linux-gnu.
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
17 months agoi386: make debug wrappers compatible with static PIE
Andreas Schwab [Wed, 12 Jul 2023 09:29:34 +0000 (11:29 +0200)]
i386: make debug wrappers compatible with static PIE

Static PIE requires the use of PLT relocation.

17 months agoLoongArch: Fix soft-float bug about _dl_runtime_resolve{,lsx,lasx}
caiyinyu [Tue, 11 Jul 2023 03:57:12 +0000 (11:57 +0800)]
LoongArch: Fix soft-float bug about _dl_runtime_resolve{,lsx,lasx}

17 months agoLoongArch: Add vector implementation for _dl_runtime_resolve.
caiyinyu [Wed, 5 Jul 2023 08:38:05 +0000 (16:38 +0800)]
LoongArch: Add vector implementation for _dl_runtime_resolve.

17 months agoLoongArch: config: Added HAVE_LOONGARCH_VEC_ASM.
caiyinyu [Thu, 6 Jul 2023 08:30:52 +0000 (16:30 +0800)]
LoongArch: config: Added HAVE_LOONGARCH_VEC_ASM.

This patch checks if assembler supports vector instructions to
generate LASX/LSX code or not, and then define HAVE_LOONGARCH_VEC_ASM macro

We have added support for vector instructions in binutils-2.41
See:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=75b2f521b101d974354f6ce9ed7c054d8b2e3b7a

commit 75b2f521b101d974354f6ce9ed7c054d8b2e3b7a
Author: mengqinggang <mengqinggang@loongson.cn>
Date:   Thu Jun 22 10:35:28 2023 +0800

LoongArch: gas: Add lsx and lasx instructions support

gas/ChangeLog:

        * config/tc-loongarch.c (md_parse_option): Add lsx and lasx option.
        (loongarch_after_parse_args): Add lsx and lasx option.

opcodes/ChangeLog:

        * loongarch-opc.c (struct loongarch_ase): Add lsx and lasx
        instructions.

17 months agosysdeps: Add missing hidden definitions for i386
Frédéric Bérat [Thu, 6 Jul 2023 17:14:59 +0000 (19:14 +0200)]
sysdeps: Add missing hidden definitions for i386

Add missing libc_hidden_builtin_def for memset_chk and MEMCPY_CHK on
i386.

17 months agosysdeps/s390: Exclude fortified routines from being built with _FORTIFY_SOURCE
Frédéric Bérat [Fri, 7 Jul 2023 14:20:48 +0000 (16:20 +0200)]
sysdeps/s390: Exclude fortified routines from being built with _FORTIFY_SOURCE

Depending on build configuration, the [routine]-c.c files may be chosen
to provide fortified routines implementation. While [routines].c
implementation were automatically excluded, the [routines]-c.c ones were
not. This patch fixes that by adding these file to the list to be
filtered.

17 months agoTranslations: Add new ro support and update others.
Carlos O'Donell [Fri, 7 Jul 2023 15:27:08 +0000 (11:27 -0400)]
Translations: Add new ro support and update others.

This brings in the new Romanian language translations, and updates
nine other translations. Important translations in this update
include the Italian and Japanese translations for ESTALE which
remove the mention of "NFS" from the error message translation.

17 months agoelf: _dl_find_object may return 1 during early startup (bug 30515)
Florian Weimer [Fri, 7 Jul 2023 08:11:26 +0000 (10:11 +0200)]
elf: _dl_find_object may return 1 during early startup (bug 30515)

Success is reported with a 0 return value, and failure is -1.
Enhance the kitchen sink test elf/tst-audit28 to cover
_dl_find_object as well.

Fixes commit 5d28a8962dcb ("elf: Add _dl_find_object function")
and bug 30515.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
17 months agoLoongArch: config: Rewrite check on static PIE.
caiyinyu [Thu, 6 Jul 2023 09:25:43 +0000 (17:25 +0800)]
LoongArch: config: Rewrite check on static PIE.

It's better to add "\" before "EOF" and remove "\"
before "$".

17 months agoRevert "hppa: Drop 16-byte pthread lock alignment"
John David Anglin [Thu, 6 Jul 2023 15:47:50 +0000 (15:47 +0000)]
Revert "hppa: Drop 16-byte pthread lock alignment"

This change reverts commits c4468cd3995b4236ea886901109b194641132b08
and ab991a3d1b401ded6bd4f027352da8262b021a11.

17 months agorealloc: Limit chunk reuse to only growing requests [BZ #30579]
Siddhesh Poyarekar [Thu, 6 Jul 2023 15:09:44 +0000 (11:09 -0400)]
realloc: Limit chunk reuse to only growing requests [BZ #30579]

The trim_threshold is too aggressive a heuristic to decide if chunk
reuse is OK for reallocated memory; for repeated small, shrinking
allocations it leads to internal fragmentation and for repeated larger
allocations that fragmentation may blow up even worse due to the dynamic
nature of the threshold.

Limit reuse only when it is within the alignment padding, which is 2 *
size_t for heap allocations and a page size for mmapped allocations.
There's the added wrinkle of THP, but this fix ignores it for now,
pessimizing that case in favor of keeping fragmentation low.

This resolves BZ #30579.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reported-by: Nicolas Dusart <nicolas@freedelity.be>
Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
17 months agovfscanf-internal: Remove potentially unbounded allocas
Adhemerval Zanella [Tue, 27 Jun 2023 18:05:56 +0000 (14:05 -0400)]
vfscanf-internal: Remove potentially unbounded allocas

Some locales define a list of mapping pairs of alternate digits and
separators for input digits (to_inpunct).  This require the scanf
to create a list of all possible inputs for the optional type
modifier 'I'.

Checked on x86_64-linux-gnu.

Reviewed-by: Joe Simmons-Talbott <josimmon@redhat.com>
17 months agofileops: Don't process ,ccs= as individual mode flags (BZ#18906)
Joe Simmons-Talbott [Wed, 5 Jul 2023 21:23:28 +0000 (21:23 +0000)]
fileops: Don't process ,ccs= as individual mode flags (BZ#18906)

In processing the first 7 individual characters of the mode for fopen
if ,ccs= is used those characters will be processed as well.  Stop
processing individual mode flags once a comma is encountered.  This has
the effect of requiring ,ccs= to be the last mode flag in the mode
string.  Add a testcase to check that the ,ccs= mode flag is not
processed as individual mode flags.

Reviewed-by: DJ Delorie <dj@redhat.com>
17 months agosysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result
Frédéric Bérat [Mon, 19 Jun 2023 12:56:49 +0000 (14:56 +0200)]
sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result

Return value from *scanf and *asprintf routines are now properly checked
in test-scanf-ldbl-compat-template.c and test-printf-ldbl-compat.c.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agolibio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE
Frédéric Bérat [Wed, 28 Jun 2023 07:08:44 +0000 (09:08 +0200)]
libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE

The change is meant to avoid unwanted PLT entry for the fgets_unlocked
routine when _FORTIFY_SOURCE is set.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agolibio/bits/stdio2.h: Clearly separate declaration from definitions
Frédéric Bérat [Wed, 28 Jun 2023 07:07:26 +0000 (09:07 +0200)]
libio/bits/stdio2.h: Clearly separate declaration from definitions

Move declarations from libio/bits/stdio.h to existing
libio/bits/stdio2-decl.h. This will enable future use of
__REDIRECT_FORTIFY in place of some __REDIRECT.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agomisc/bits/syslog.h: Clearly separate declaration from definition
Frédéric Bérat [Wed, 26 Apr 2023 09:59:08 +0000 (11:59 +0200)]
misc/bits/syslog.h: Clearly separate declaration from definition

This allows to include bits/syslog-decl.h in include/sys/syslog.h and
therefore be able to create the libc_hidden_builtin_proto (__syslog_chk)
prototype.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agomisc/bits/select2.h: Clearly separate declaration from definitions
Frédéric Bérat [Wed, 26 Apr 2023 09:48:56 +0000 (11:48 +0200)]
misc/bits/select2.h: Clearly separate declaration from definitions

The __fdelt_chk declaration needs to be available so that
libc_hidden_proto can be used while not redefining __FD_ELT.
Thus, misc/bits/select-decl.h is created to hold the corresponding
prototypes.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agounistd: Avoid PLT entries with _FORTIFY_SOURCE
Frédéric Bérat [Wed, 7 Jun 2023 09:34:36 +0000 (11:34 +0200)]
unistd: Avoid PLT entries with _FORTIFY_SOURCE

The change is meant to avoid unwanted PLT entries for the read_chk,
getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agoposix/bits/unistd.h: Clearly separate declaration from definitions
Frédéric Bérat [Wed, 26 Apr 2023 09:45:11 +0000 (11:45 +0200)]
posix/bits/unistd.h: Clearly separate declaration from definitions

This change is similar to what was done for bits/wchar2.h.
Routines declaration are moved into a dedicated bits/unistd-decl.h file
which is then included into the bits/unistd.h file.

This will allow to adapt the files so that PLT entries are not created when
_FORTIFY_SOURCE is enabled.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agowchar: Avoid PLT entries with _FORTIFY_SOURCE
Frédéric Bérat [Wed, 7 Jun 2023 09:06:50 +0000 (11:06 +0200)]
wchar: Avoid PLT entries with _FORTIFY_SOURCE

The change is meant to avoid unwanted PLT entries for the wmemset and
wcrtomb routines when _FORTIFY_SOURCE is set.

On top of that, ensure that *_chk routines have their hidden builtin
definitions available.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agomisc/sys/cdefs.h: Create FORTIFY redirects for internal calls
Frédéric Bérat [Wed, 26 Apr 2023 09:32:04 +0000 (11:32 +0200)]
misc/sys/cdefs.h: Create FORTIFY redirects for internal calls

The __REDIRECT* macros are creating aliases which may lead to unwanted
PLT entries when fortification is enabled.
To prevent these entries, the REDIRECT alias should be set to point to the
existing __GI_* aliases.
This is done transparently by creating a __REDIRECT_FORTIFY* version of
these macros, that can be overwritten internally when necessary.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agostdio: Ensure *_chk routines have their hidden builtin definition available
Frédéric Bérat [Wed, 26 Apr 2023 15:26:51 +0000 (17:26 +0200)]
stdio: Ensure *_chk routines have their hidden builtin definition available

If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
there are unwanted PLT entries in libc.so.

There is a special case with __asprintf_chk:
If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
if it isn't, ppc64le isn't building due to multiple asm redirections.

This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
isn't for s390x. This header creates redirections, which are not
compatible with the ones generated using libc_hidden_def.
Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
create a simple strong alias (e.g. as done on x86_64), but a versioned
alias, leading to ABI breakage.

This results in errors on s390x:
/usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference
to `__asprintf_chk'

Original __asprintf_chk symbols:
00000000001395b0 T __asprintf_chk
0000000000177e90 T __nldbl___asprintf_chk

__asprintf_chk symbols with ldbl_* macros:
000000000012d590 t ___asprintf_chk
000000000012d590 t __asprintf_chk@@GLIBC_2.4
000000000012d590 t __GI___asprintf_chk
000000000012d590 t __GL____asprintf_chk___asprintf_chk
0000000000172240 T __nldbl___asprintf_chk

__asprintf_chk symbols with the patch:
000000000012d590 t ___asprintf_chk
000000000012d590 T __asprintf_chk
000000000012d590 t __GI___asprintf_chk
0000000000172240 T __nldbl___asprintf_chk

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
17 months agostring: Ensure *_chk routines have their hidden builtin definition available
Frédéric Bérat [Thu, 20 Apr 2023 12:07:52 +0000 (14:07 +0200)]
string: Ensure *_chk routines have their hidden builtin definition available

If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
there are unwanted PLT entries in libc.so.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agosysdeps: Ensure ieee128*_chk routines to be properly named
Frédéric Bérat [Fri, 16 Jun 2023 14:53:29 +0000 (16:53 +0200)]
sysdeps: Ensure ieee128*_chk routines to be properly named

The *_chk routines naming doesn't match the name that would be generated
using libc_hidden_ldbl_proto. Since the macro is needed for some of
these *_chk functions for _FORTIFY_SOURCE to be enabled, that needed to
be fixed.
While at it, all the *_chk function get renamed appropriately for
consistency, even if not strictly necessary.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
17 months agoExclude routines from fortification
Frédéric Bérat [Fri, 17 Mar 2023 09:17:28 +0000 (10:17 +0100)]
Exclude routines from fortification

Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
be excluded from the fortification.

On top of that:
 - some tests explicitly verify that some level of fortification works
   appropriately, we therefore shouldn't modify the level set for them.
 - some objects need to be build with optimization disabled, which
   prevents _FORTIFY_SOURCE to be used for them.

Assembler files that implement architecture specific versions of the
fortified routines were not excluded from _FORTIFY_SOURCE as there is no
C header included that would impact their behavior.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agoAllow glibc to be built with _FORTIFY_SOURCE
Frédéric Bérat [Fri, 17 Mar 2023 09:14:50 +0000 (10:14 +0100)]
Allow glibc to be built with _FORTIFY_SOURCE

Add --enable-fortify-source option.

It is now possible to enable fortification through a configure option.
The level may be given as parameter, if none is provided, the configure
script will determine what is the highest level possible that can be set
considering GCC built-ins availability and set it.
If level is explicitly set to 3, configure checks if the compiler
supports the built-in function necessary for it or raise an error if it
isn't.

If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is
forcibly undefined (and therefore disabled).

The result of the configure checks are new variables, ${fortify_source}
and ${no_fortify_source} that can be used to appropriately populate
CFLAGS.

A dedicated patch will follow to make use of this variable in Makefiles
when necessary.

Updated NEWS and INSTALL.

Adding dedicated x86_64 variant that enables the configuration.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 months agomanual: Update documentation of strerror and related functions
Florian Weimer [Mon, 3 Jul 2023 10:36:56 +0000 (12:36 +0200)]
manual: Update documentation of strerror and related functions

The current implementation of strerror is thread-safe, but this
has implications for the lifetime of the return string.

Describe the strerror_l function.  Describe both variants of the
strerror_r function.  Mention the lifetime of the returned string
for strerrorname_np and strerrordesc_np.  Clarify that perror
output depends on the current locale.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
17 months agomanual: Enhance documentation of the <ctype.h> functions
Florian Weimer [Mon, 3 Jul 2023 10:36:56 +0000 (12:36 +0200)]
manual: Enhance documentation of the <ctype.h> functions

Describe the problems with signed characters, and the glibc extension
to deal with most of them.  Mention that the is* functions return
zero for the special argument EOF.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
17 months agoAlways do locking when accessing streams (bug 15142, bug 14697)
Andreas Schwab [Tue, 30 Jan 2018 09:16:00 +0000 (10:16 +0100)]
Always do locking when accessing streams (bug 15142, bug 14697)

Now that abort no longer calls fflush there is no reason to avoid locking
the stdio streams anywhere.  This fixes a conformance issue and potential
heap corruption during exit.

17 months agohurd: Implement MAP_EXCL
Sergey Bugaev [Sun, 25 Jun 2023 23:17:51 +0000 (02:17 +0300)]
hurd: Implement MAP_EXCL

MAP_FIXED is defined to silently replace any existing mappings at the
address range being mapped over. This, however, is a dangerous, and only
rarely desired behavior.

Various Unix systems provide replacements or additions to MAP_FIXED:

* SerenityOS and Linux provide MAP_FIXED_NOREPLACE. If the address space
  already contains a mapping in the requested range, Linux returns
  EEXIST. SerenityOS returns ENOMEM, however that is a bug, as the
  MAP_FIXED_NOREPLACE implementation is intended to be compatible with
  Linux.

* FreeBSD provides the MAP_EXCL flag that has to be used in combination
  with MAP_FIXED. It returns EINVAL if the requested range already
  contains existing mappings. This is directly analogous to the O_EXCL
  flag in the open () call.

* DragonFly BSD, NetBSD, and OpenBSD provide MAP_TRYFIXED, but with
  different semantics. DragonFly BSD returns ENOMEM if the requested
  range already contains existing mappings. NetBSD does not return an
  error, but instead creates the mapping at a different address if the
  requested range contains mappings. OpenBSD behaves the same, but also
  notes that this is the default behavior even without MAP_TRYFIXED
  (which is the case on the Hurd too).

Since the Hurd leans closer to the BSD side, add MAP_EXCL as the primary
API to request the behavior of not replacing existing mappings. Declare
MAP_FIXED_NOREPLACE and MAP_TRYFIXED as aliases of (MAP_FIXED|MAP_EXCL),
so any existing software that checks for either of those macros will
pick them up automatically. For compatibility with Linux, return EEXIST
if a mapping already exists.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230625231751.404120-5-bugaevc@gmail.com>

17 months agohurd: Fix mapping at address 0 with MAP_FIXED
Sergey Bugaev [Sun, 25 Jun 2023 23:17:50 +0000 (02:17 +0300)]
hurd: Fix mapping at address 0 with MAP_FIXED

Zero address passed to mmap () typically means the caller doesn't have
any specific preferred address. Not so if MAP_FIXED is passed: in this
case 0 means literal 0. Fix this case to pass anywhere = 0 into vm_map.

Also add some documentation.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230625231751.404120-4-bugaevc@gmail.com>

17 months agohurd: Fix calling vm_deallocate (NULL)
Sergey Bugaev [Sun, 25 Jun 2023 23:17:49 +0000 (02:17 +0300)]
hurd: Fix calling vm_deallocate (NULL)

Only call vm_deallocate when we do have the old buffer, and check for
unexpected errors.

Spotted while debugging a msgids/readdir issue on x86_64-gnu.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230625231751.404120-3-bugaevc@gmail.com>

17 months agohurd: Map brk non-executable
Sergey Bugaev [Sun, 25 Jun 2023 23:17:48 +0000 (02:17 +0300)]
hurd: Map brk non-executable

The rest of the heap (backed by individual pages) is already mapped RW.
Mapping these pages RWX presents a security hazard.

Also, in another branch memory gets allocated using vm_allocate, which
sets memory protection to VM_PROT_DEFAULT (which is RW). The mismatch
between protections prevents Mach from coalescing the VM map entries.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230625231751.404120-2-bugaevc@gmail.com>

17 months agohtl: Let Mach place thread stacks
Sergey Bugaev [Sun, 25 Jun 2023 23:17:47 +0000 (02:17 +0300)]
htl: Let Mach place thread stacks

Instead of trying to allocate a thread stack at a specific address,
looping over the address space, just set the ANYWHERE flag in
vm_allocate (). The previous behavior:

- defeats ASLR (for Mach versions that support ASLR),
- is particularly slow if the lower 4 GB of the address space are mapped
  inaccessible, as we're planning to do on 64-bit Hurd,
- is just silly.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230625231751.404120-1-bugaevc@gmail.com>

17 months agomach: strerror must not return NULL (bug 30555)
Samuel Thibault [Sun, 2 Jul 2023 11:27:51 +0000 (11:27 +0000)]
mach: strerror must not return NULL (bug 30555)

This follows 1d44530a5be2 ("string: strerror must not return NULL (bug 30555)"):

«
    For strerror, this fixes commit 28aff047818eb1726394296d27b ("string:
    Implement strerror in terms of strerror_l").  This commit avoids
    returning NULL for strerror_l as well, although POSIX allows this
    behavior for strerror_l.
»

17 months agohppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later)
John David Anglin [Sat, 1 Jul 2023 18:26:18 +0000 (18:26 +0000)]
hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later)

17 months agosupport: Build with exceptions and asynchronous unwind tables [BZ #30587]
John David Anglin [Sat, 1 Jul 2023 13:29:53 +0000 (13:29 +0000)]
support: Build with exceptions and asynchronous unwind tables [BZ #30587]

Changing tst-cleanup4.c to use xread instead of read caused
the nptl/tst-cleanupx4 test to fail.  The routines in libsupport.a
need to be built with exception handling and asynchronous unwind
table support.

v2: Use "CFLAGS-.oS" instead of "override CFLAGS".

17 months agohurd: Make getrandom return ENOSYS when /dev/random is not set up
Samuel Thibault [Sat, 1 Jul 2023 12:23:40 +0000 (14:23 +0200)]
hurd: Make getrandom return ENOSYS when /dev/random is not set up

So that callers (e.g. __arc4random_buf) don't try calling it again.

17 months agoStop applying a GCC-specific workaround on clang [BZ #30550]
Tulio Magno Quites Machado Filho [Tue, 13 Jun 2023 21:56:33 +0000 (18:56 -0300)]
Stop applying a GCC-specific workaround on clang [BZ #30550]

GCC was the only compiler affected by the issue with
__builtin_isinf_sign and float128.

Fix BZ #30550.

Reported-by: Qiu Chaofan <qiucofan@cn.ibm.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>
17 months agold.so: Always use MAP_COPY to map the first segment [BZ #30452]
H.J. Lu [Thu, 22 Jun 2023 21:30:31 +0000 (14:30 -0700)]
ld.so: Always use MAP_COPY to map the first segment [BZ #30452]

The first segment in a shared library may be read-only, not executable.
To support LD_PREFER_MAP_32BIT_EXEC on such shared libraries, we also
check MAP_DENYWRITE to decide if MAP_32BIT should be passed to mmap.
Normally the first segment is mapped with MAP_COPY, which is defined
as (MAP_PRIVATE | MAP_DENYWRITE).  But if the segment alignment is
greater than the page size, MAP_COPY isn't used to allocate enough
space to ensure that the segment can be properly aligned.  Map the
first segment with MAP_COPY in this case to fix BZ #30452.

17 months agosetenv.c: Get rid of alloca.
Joe Simmons-Talbott [Fri, 30 Jun 2023 14:31:45 +0000 (14:31 +0000)]
setenv.c: Get rid of alloca.

Use malloc rather than alloca to avoid potential stack overflow.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
17 months agoAdd checks for wday, yday and new date formats
Martin Coufal [Mon, 19 Jun 2023 14:05:21 +0000 (16:05 +0200)]
Add checks for wday, yday and new date formats

tm time struct contains tm_wday and tm_yday that were previously not
checked in this test.  Also added new test cases for date formats
containing %D, %R or %h.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
17 months agoaarch64: Add vector implementations of exp routines
Joe Ramsay [Wed, 28 Jun 2023 11:19:39 +0000 (12:19 +0100)]
aarch64: Add vector implementations of exp routines

Optimised implementations for single and double precision, Advanced
SIMD and SVE, copied from Arm Optimized Routines.

As previously, data tables are used via a barrier to prevent
overly aggressive constant inlining. Special-case handlers are
marked NOINLINE to avoid incurring the penalty of switching call
standards unnecessarily.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
17 months agoaarch64: Add vector implementations of log routines
Joe Ramsay [Wed, 28 Jun 2023 11:19:38 +0000 (12:19 +0100)]
aarch64: Add vector implementations of log routines

Optimised implementations for single and double precision, Advanced
SIMD and SVE, copied from Arm Optimized Routines. Log lookup table
added as HIDDEN symbol to allow it to be shared between AdvSIMD and
SVE variants.

As previously, data tables are used via a barrier to prevent
overly aggressive constant inlining. Special-case handlers are
marked NOINLINE to avoid incurring the penalty of switching call
standards unnecessarily.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
17 months agoaarch64: Add vector implementations of sin routines
Joe Ramsay [Wed, 28 Jun 2023 11:19:37 +0000 (12:19 +0100)]
aarch64: Add vector implementations of sin routines

Optimised implementations for single and double precision, Advanced
SIMD and SVE, copied from Arm Optimized Routines.

As previously, data tables are used via a barrier to prevent
overly aggressive constant inlining. Special-case handlers are
marked NOINLINE to avoid incurring the penalty of switching call
standards unnecessarily.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
17 months agoaarch64: Add vector implementations of cos routines
Joe Ramsay [Wed, 28 Jun 2023 11:19:36 +0000 (12:19 +0100)]
aarch64: Add vector implementations of cos routines

Replace the loop-over-scalar placeholder routines with optimised
implementations from Arm Optimized Routines (AOR).

Also add some headers containing utilities for aarch64 libmvec
routines, and update libm-test-ulps.

Data tables for new routines are used via a pointer with a
barrier on it, in order to prevent overly aggressive constant
inlining in GCC. This allows a single adrp, combined with offset
loads, to be used for every constant in the table.

Special-case handlers are marked NOINLINE in order to confine the
save/restore overhead of switching from vector to normal calling
standard. This way we only incur the extra memory access in the
exceptional cases. NOINLINE definitions have been moved to
math_private.h in order to reduce duplication.

AOR exposes a config option, WANT_SIMD_EXCEPT, to enable
selective masking (and later fixing up) of invalid lanes, in
order to trigger fp exceptions correctly (AdvSIMD only). This is
tested and maintained in AOR, however it is configured off at
source level here for performance reasons. We keep the
WANT_SIMD_EXCEPT blocks in routine sources to greatly simplify
the upstreaming process from AOR to glibc.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
17 months agoSwitch to UTF-8 for INSTALL
Paul Eggert [Thu, 29 Jun 2023 16:20:41 +0000 (09:20 -0700)]
Switch to UTF-8 for INSTALL

This makes it slightly easier to read, and these days
everybody can read UTF-8.

17 months agoMake sure INSTALL is ASCII plaintext
Siddhesh Poyarekar [Thu, 29 Jun 2023 15:07:52 +0000 (11:07 -0400)]
Make sure INSTALL is ASCII plaintext

Add --disable-encoding to makeinfo flags so that it does not generate
unicode quote glyphs.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agoUpdate syscall lists for Linux 6.4
Joseph Myers [Wed, 28 Jun 2023 21:22:14 +0000 (21:22 +0000)]
Update syscall lists for Linux 6.4

Linux 6.4 adds the riscv_hwprobe syscall on riscv and enables
memfd_secret on s390.  Update syscall-names.list and regenerate the
arch-syscall.h headers with build-many-glibcs.py update-syscalls.

Tested with build-many-glibcs.py.

18 months agolinux: Return unsupported if procfs can not be mount on tst-ttyname-namespace
Adhemerval Zanella [Mon, 12 Jun 2023 18:30:14 +0000 (15:30 -0300)]
linux: Return unsupported if procfs can not be mount on tst-ttyname-namespace

Trying to mount procfs can fail due multiples reasons: proc is locked
due the container configuration, mount syscall is filtered by a
Linux Secuirty Module, or any other security or hardening mechanism
that Linux might eventually add.

The tests does require a new procfs without binding to parent, and
to fully fix it would require to change how the container was created
(which is out of the scope of the test itself).  Instead of trying to
foresee any possible scenario, if procfs can not be mount fail with
unsupported.

Checked on aarch64-linux-gnu.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agolinux: Split tst-ttyname
Adhemerval Zanella [Mon, 12 Jun 2023 18:30:13 +0000 (15:30 -0300)]
linux: Split tst-ttyname

The tst-ttyname-direct.c checks the ttyname with procfs mounted in
bind mode (MS_BIND|MS_REC), while tst-ttyname-namespace.c checks
with procfs mount with MS_NOSUID|MS_NOEXEC|MS_NODEV in a new
namespace.

Checked on x86_64-linux-gnu and aarch64-linux-gnu.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agoUse Linux 6.4 in build-many-glibcs.py
Joseph Myers [Tue, 27 Jun 2023 13:49:38 +0000 (13:49 +0000)]
Use Linux 6.4 in build-many-glibcs.py

This patch makes build-many-glibcs.py use Linux 6.4.

Tested with build-many-glibcs.py (host-libraries, compilers and glibcs
builds).

18 months agox86: Adjust Linux x32 dl-cache inclusion path
Adhemerval Zanella [Mon, 26 Jun 2023 19:48:07 +0000 (16:48 -0300)]
x86: Adjust Linux x32 dl-cache inclusion path

It fixes the x32 build failure introduced by 45e2483a6c.

Checked on a x86_64-linux-gnu-x32 build.

18 months agoelf: Update list of RISC-V relocations
Andreas Schwab [Thu, 22 Jun 2023 10:16:33 +0000 (12:16 +0200)]
elf: Update list of RISC-V relocations

18 months agoFix tests-clean Makefile target (bug 30545)
Maxim Kuvyrkov [Thu, 15 Jun 2023 15:25:47 +0000 (15:25 +0000)]
Fix tests-clean Makefile target (bug 30545)

This patch improves tests-clean Makefile target to reliably clean
test artifacts from a build directory.  Before this patch tests-clean
missed around 3k (out of total 9k) .out and .test-result files.

Signed-off-by: Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
18 months agocheck_native: Get rid of alloca
Joe Simmons-Talbott [Tue, 13 Jun 2023 14:05:03 +0000 (10:05 -0400)]
check_native: Get rid of alloca

Use malloc rather than alloca to avoid potential stack overflow.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
18 months agoifaddrs: Get rid of alloca
Joe Simmons-Talbott [Wed, 21 Jun 2023 20:00:53 +0000 (16:00 -0400)]
ifaddrs: Get rid of alloca

Use scratch_buffer and malloc rather than alloca to avoid potential stack
overflows.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
18 months agox86: Make dl-cache.h and readelflib.c not Linux-specific
Sergey Bugaev [Sat, 17 Jun 2023 16:40:26 +0000 (19:40 +0300)]
x86: Make dl-cache.h and readelflib.c not Linux-specific

These files could be useful to any port that wants to use ld.so.cache.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
18 months agoelf: Port ldconfig away from stack-allocated paths
Sergey Bugaev [Sat, 17 Jun 2023 16:40:25 +0000 (19:40 +0300)]
elf: Port ldconfig away from stack-allocated paths

ldconfig was allocating PATH_MAX bytes on the stack for the library file
name. The issues with PATH_MAX usage are well documented [0][1]; even if
a program does not rely on paths being limited to PATH_MAX bytes,
allocating 4096 bytes on the stack for paths that are typically rather
short (strlen ("/lib64/libc.so.6") is 16) is wasteful and dangerous.

[0]: https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html
[1]: https://eklitzke.org/path-max-is-tricky

Instead, make use of asprintf to dynamically allocate memory of just the
right size on the heap.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
18 months agoCall "CST" a time zone abbreviation, not a name
Paul Eggert [Thu, 22 Jun 2023 20:44:50 +0000 (13:44 -0700)]
Call "CST" a time zone abbreviation, not a name

In documentation, call strings like "CST" time zone abbreviations, not
time zone names.  This terminology is more precise, and is what tzdb uses.
A string like "CST" is ambiguous and does not fully name a time zone.

18 months agobenchtests: fix warn unused result
Frederic Berat [Tue, 20 Jun 2023 18:19:09 +0000 (20:19 +0200)]
benchtests: fix warn unused result

Few tests needed to properly check for asprintf and system calls return
values with _FORTIFY_SOURCE enabled.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agosysdeps/powerpc/fpu/tst-setcontext-fpscr.c: Fix warn unused result
Frederic Berat [Tue, 20 Jun 2023 18:19:08 +0000 (20:19 +0200)]
sysdeps/powerpc/fpu/tst-setcontext-fpscr.c: Fix warn unused result

The fread routine return value needs to be checked when fortification
is enabled, hence use xfread helper.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agort/tst-mqueue4.c: Fix wrong number of argument for mq_open
Frederic Berat [Tue, 20 Jun 2023 18:19:06 +0000 (20:19 +0200)]
rt/tst-mqueue4.c: Fix wrong number of argument for mq_open

The mq_open routine should only get either 2 or 4 arguments, this test
wrongly passed 3.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agodebug/readlink{, at}_chk.c: Harmonize declaration and definition
Frederic Berat [Tue, 20 Jun 2023 18:19:03 +0000 (20:19 +0200)]
debug/readlink{, at}_chk.c: Harmonize declaration and definition

The declaration and definition of these routines aren't consistent.

Make the definition of __readlink_chk and __readlinkat_chk match the
declaration of the routines they fortify.  While there are no problems
today this avoids any future potential problems related to the mismatch.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agowcsmbs/bits/wchar2{, -decl}.h: Clearly separate declaration from definitions
Frederic Berat [Tue, 20 Jun 2023 18:18:59 +0000 (20:18 +0200)]
wcsmbs/bits/wchar2{, -decl}.h: Clearly separate declaration from definitions

This will enable __REDIRECT_FORTIFY* macros to be used when _FORTIFY_SOURCE
is set.

Routine declarations that were in bits/wchar2.h are moved into the
bits/wchar2-decl.h file.
The file is now included into include/wchar.h irrespectively from
fortification.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agostdio-common: tests: Incorrect maxlen parameter for swprintf
Frederic Berat [Tue, 20 Jun 2023 18:18:53 +0000 (20:18 +0200)]
stdio-common: tests: Incorrect maxlen parameter for swprintf

Few tests using swprintf are passing incorrect maxlen parameter.
This triggers an abort when _FORTIFY_SOURCE is enabled.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agosysdeps/{i386, x86_64}/mempcpy_chk.S: fix linknamespace for __mempcpy_chk
Frederic Berat [Tue, 20 Jun 2023 18:18:52 +0000 (20:18 +0200)]
sysdeps/{i386, x86_64}/mempcpy_chk.S: fix linknamespace for __mempcpy_chk

On i386 and x86_64, for libc.a specifically, __mempcpy_chk calls
mempcpy which leads POSIX routines to call non-POSIX mempcpy indirectly.

This leads the linknamespace test to fail when glibc is built with
__FORTIFY_SOURCE=3.

Since calling mempcpy doesn't bring any benefit for libc.a, directly
call __mempcpy instead.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agohurd: readv: Get rid of alloca
Joe Simmons-Talbott [Mon, 19 Jun 2023 14:43:34 +0000 (10:43 -0400)]
hurd: readv: Get rid of alloca

Replace alloca with a scratch_buffer to avoid potential stack overflows.

Checked on i686-gnu and x86_64-linux-gnu
Message-Id: <20230619144334.2902429-1-josimmon@redhat.com>

18 months agohurd: writev: Add back cleanup handler
Joe Simmons-Talbott [Mon, 19 Jun 2023 14:38:42 +0000 (10:38 -0400)]
hurd: writev: Add back cleanup handler

There is a potential memory leak for large writes due to writev being a
"shall occur" cancellation point.  Add back the cleanup handler removed
in cf30aa43a5917f441c9438aaee201c53c8e1d76b.

Checked on i686-gnu and x86_64-linux-gnu.
Message-Id: <20230619143842.2901522-1-josimmon@redhat.com>

18 months agoFix misspellings -- BZ 25337
Paul Pluzhnikov [Mon, 19 Jun 2023 21:58:33 +0000 (21:58 +0000)]
Fix misspellings -- BZ 25337

18 months agoC2x scanf %b support
Joseph Myers [Mon, 19 Jun 2023 19:40:34 +0000 (19:40 +0000)]
C2x scanf %b support

ISO C2x defines scanf %b for input of binary integers (with an
optional 0b or 0B prefix).  Implement such support, along with the
corresponding SCNb* macros in <inttypes.h>.  Unlike the support for
binary integers with 0b or 0B prefix with scanf %i, this is supported
in all versions of scanf (independent of the standards mode used for
compilation), because there are no backwards compatibility concerns
(%b wasn't previously a supported format) the way there were for %i.

Tested for x86_64 and x86.

18 months agoC2x printf %wN, %wfN support (bug 24466)
Joseph Myers [Mon, 19 Jun 2023 18:52:12 +0000 (18:52 +0000)]
C2x printf %wN, %wfN support (bug 24466)

ISO C2x defines printf length modifiers wN (for intN_t / int_leastN_t
/ uintN_t / uint_leastN_t) and wfN (for int_fastN_t / uint_fastN_t).
Add support for those length modifiers (such a feature was previously
requested in bug 24466).  scanf support is to be added separately.
GCC 13 has format checking support for these modifiers.

When used with the support for registering format specifiers, these
modifiers are translated to existing flags in struct printf_info,
rather than trying to add some way of distinguishing them without
breaking the printf_info ABI.  C2x requires an error to be returned
for unsupported values of N; this is implemented for printf-family
functions, but the parse_printf_format interface doesn't support error
returns, so such an error gets discarded by that function.

Tested for x86_64 and x86.

18 months agotests: replace system by xsystem
Frédéric Bérat [Wed, 14 Jun 2023 08:52:07 +0000 (10:52 +0200)]
tests: replace system by xsystem

With fortification enabled, system calls return result needs to be checked,
has it gets the __wur macro enabled.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agotests: replace read by xread
Frédéric Bérat [Wed, 14 Jun 2023 08:52:06 +0000 (10:52 +0200)]
tests: replace read by xread

With fortification enabled, read calls return result needs to be checked,
has it gets the __wur macro enabled.

Note on read call removal from  sysdeps/pthread/tst-cancel20.c and
sysdeps/pthread/tst-cancel21.c:
It is assumed that this second read call was there to overcome the race
condition between pipe closure and thread cancellation that could happen
in the original code. Since this race condition got fixed by
d0e3ffb7a58854248f1d5e737610d50cd0a60f46 the second call seems
superfluous. Hence, instead of checking for the return value of read, it
looks reasonable to simply remove it.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agohurd: writev: Get rid of alloca
Joe Simmons-Talbott [Thu, 8 Jun 2023 15:58:43 +0000 (11:58 -0400)]
hurd: writev: Get rid of alloca

Use a scratch_buffer rather than alloca to avoid potential stack
overflows.

Checked on i686-gnu and x86_64-linux-gnu
Message-Id: <20230608155844.976554-1-josimmon@redhat.com>

18 months agograntpt: Get rid of alloca
Joe Simmons-Talbott [Tue, 13 Jun 2023 19:16:31 +0000 (15:16 -0400)]
grantpt: Get rid of alloca

Replace alloca with a scratch_buffer to avoid potential stack overflows.
Message-Id: <20230613191631.1080455-1-josimmon@redhat.com>

18 months agostring: strerror must not return NULL (bug 30555)
Florian Weimer [Thu, 15 Jun 2023 10:08:22 +0000 (12:08 +0200)]
string: strerror must not return NULL (bug 30555)

For strerror, this fixes commit 28aff047818eb1726394296d27b ("string:
Implement strerror in terms of strerror_l").  This commit avoids
returning NULL for strerror_l as well, although POSIX allows this
behavior for strerror_l.

Reviewed-by: Arjun Shankar <arjun@redhat.com>
18 months agohurd: Add strlcpy, strlcat, wcslcpy, wcslcat to libc.abilist
Florian Weimer [Thu, 15 Jun 2023 08:05:25 +0000 (10:05 +0200)]
hurd: Add strlcpy, strlcat, wcslcpy, wcslcat to libc.abilist

18 months agomanual: Manual update for strlcat, strlcpy, wcslcat, wclscpy
Paul Eggert [Wed, 14 Jun 2023 16:10:27 +0000 (18:10 +0200)]
manual: Manual update for strlcat, strlcpy, wcslcat, wclscpy

Co-authored-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agoAdd the wcslcpy, wcslcat functions
Florian Weimer [Wed, 14 Jun 2023 16:10:24 +0000 (18:10 +0200)]
Add the wcslcpy, wcslcat functions

These functions are about to be added to POSIX, under Austin Group
issue 986.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
18 months agoImplement strlcpy and strlcat [BZ #178]
Florian Weimer [Wed, 14 Jun 2023 16:10:08 +0000 (18:10 +0200)]
Implement strlcpy and strlcat [BZ #178]

These functions are about to be added to POSIX, under Austin Group
issue 986.

The fortified strlcat implementation does not raise SIGABRT if the
destination buffer does not contain a null terminator, it just
inherits the non-failing regular strlcat behavior.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>