posix: Fix posix_spawnp to not execute invalid binaries in non compat mode (BZ#23264)
Current posix_spawnp implementation wrongly tries to execute invalid
binaries (for instance script without shebang) as a shell script in
non compat mode. It was a regression introduced by 9ff72da471a509a8c19791efe469f47fa6977410 when __spawni started to use
__execvpe instead of __execve (glibc __execvpe try to execute ENOEXEC
as shell script regardless).
This patch fixes it by using an internal symbol (__execvpex) with the
faulty semantic (since compat mode is handled by spawni.c itself).
It was reported by Daniel Drake on libc-help [1].
Checked on x86_64-linux-gnu and i686-linux-gnu.
[BZ #23264]
* include/unistd.h (__execvpex): New prototype.
* posix/Makefile (tests): Add tst-spawn4.
(tests-internal): Add tst-spawn4-compat.
* posix/execvpe.c (__execvpe_common, __execvpex): New functions.
* posix/tst-spawn4-compat.c: New file.
* posix/tst-spawn4.c: Likewise.
* sysdeps/unix/sysv/linux/spawni.c (__spawni): Do not interpret invalid
binaries as shell scripts.
* sysdeps/posix/spawni.c (__spawni): Likewise.
Florian Weimer [Fri, 1 Jun 2018 08:43:06 +0000 (10:43 +0200)]
libio: Avoid _allocate_buffer, _free_buffer function pointers [BZ #23236]
These unmangled function pointers reside on the heap and could
be targeted by exploit writers, effectively bypassing libio vtable
validation. Instead, we ignore these pointers and always call
malloc or free.
In theory, this is a backwards-incompatible change, but using the
global heap instead of the user-supplied callback functions should
have little application impact. (The old libstdc++ implementation
exposed this functionality via a public, undocumented constructor
in its strstreambuf class.)
Paul Pluzhnikov [Sun, 6 May 2018 01:08:27 +0000 (18:08 -0700)]
Fix stack overflow with huge PT_NOTE segment [BZ #20419]
A PT_NOTE in a binary could be arbitratily large, so using alloca
for it may cause stack overflow. If the note is larger than
__MAX_ALLOCA_CUTOFF, use dynamically allocated memory to read it in.
2018-05-05 Paul Pluzhnikov <ppluzhnikov@google.com>
Stefan Liebler [Fri, 4 May 2018 08:00:59 +0000 (10:00 +0200)]
Fix blocking pthread_join. [BZ #23137]
On s390 (31bit) if glibc is build with -Os, pthread_join sometimes
blocks indefinitely. This is e.g. observable with
testcase intl/tst-gettext6.
pthread_join is calling lll_wait_tid(tid), which performs the futex-wait
syscall in a loop as long as tid != 0 (thread is alive).
On s390 (and build with -Os), tid is loaded from memory before
comparing against zero and then the tid is loaded a second time
in order to pass it to the futex-wait-syscall.
If the thread exits in between, then the futex-wait-syscall is
called with the value zero and it waits until a futex-wake occurs.
As the thread is already exited, there won't be a futex-wake.
In lll_wait_tid, the tid is stored to the local variable __tid,
which is then used as argument for the futex-wait-syscall.
But unfortunately the compiler is allowed to reload the value
from memory.
With this patch, the tid is loaded with atomic_load_acquire.
Then the compiler is not allowed to reload the value for __tid from memory.
ChangeLog:
[BZ #23137]
* sysdeps/nptl/lowlevellock.h (lll_wait_tid):
Use atomic_load_acquire to load __tid.
Joseph Myers [Tue, 24 Apr 2018 12:11:35 +0000 (12:11 +0000)]
Add PTRACE_SECCOMP_GET_METADATA from Linux 4.16 to sys/ptrace.h.
This patch adds the PTRACE_SECCOMP_GET_METADATA constant from Linux
4.16 to all relevant sys/ptrace.h files. A type struct
__ptrace_seccomp_metadata, analogous to other such types, is also
added.
manual: Various fixes to the mbstouwcs example, and mbrtowc update
The example did not work because the null byte was not converted, and
mbrtowc was called with a zero-length input string. This results in a
(size_t) -2 return value, so the function always returns NULL.
The size computation for the heap allocation of the result was
incorrect because it did not deal with integer overflow.
Error checking was missing, and the allocated memory was not freed on
error paths. All error returns now set errno. (Note that there is an
assumption that free does not clobber errno.)
The slightly unportable comparision against (size_t) -2 to catch both
(size_t) -1 and (size_t) -2 return values is gone as well.
A null wide character needs to be stored in the result explicitly, to
terminate it.
The description in the manual is updated to deal with these finer
points. The (size_t) -2 behavior (consuming the input bytes) matches
what is specified in ISO C11.
Jesse Hathaway [Tue, 27 Mar 2018 21:17:59 +0000 (21:17 +0000)]
getlogin_r: return early when linux sentinel value is set
When there is no login uid Linux sets /proc/self/loginid to the sentinel
value of, (uid_t) -1. If this is set we can return early and avoid
needlessly looking up the sentinel value in any configured nss
databases.
Checked on aarch64-linux-gnu.
* sysdeps/unix/sysv/linux/getlogin_r.c (__getlogin_r_loginuid): Return
early when linux sentinel value is set.
Joseph Myers [Tue, 20 Mar 2018 18:25:24 +0000 (18:25 +0000)]
Fix signed integer overflow in random_r (bug 17343).
Bug 17343 reports that stdlib/random_r.c has code with undefined
behavior because of signed integer overflow on int32_t. This patch
changes the code so that the possibly overflowing computations use
unsigned arithmetic instead.
Note that the bug report refers to "Most code" in that file. The
places changed in this patch are the only ones I found where I think
such overflow can occur.
Tested for x86_64 and x86.
[BZ #17343]
* stdlib/random_r.c (__random_r): Use unsigned arithmetic for
possibly overflowing computations.
This simple test uses sigaction to define a signal handler. It then
uses sigaction again to fetch the information about the same signal
handler, and check that they are consistent. This is enough to detect
mismatches between struct kernel_sigaction and the kernel version of
struct sigaction, like in BZ #23069.
Changelog:
* signal/tst-sigaction.c: New file to test BZ #23069.
* signal/Makefile (tests): Fix indentation. Add tst-sigaction.
RISC-V: fix struct kernel_sigaction to match the kernel version [BZ #23069]
The RISC-V kernel doesn't define SA_RESTORER, hence the kernel version
of struct sigaction doesn't have the sa_restorer field. The default
kernel_sigaction.h therefore can't be used.
This patch adds a RISC-V specific version of kernel_sigaction.h to fix
the issue. This fixes for example the libnih testsuite.
Note that this patch is not needed in master as the bug has been fixed
by commit b4a5d26d8835 ("linux: Consolidate sigaction implementation").
Rafal Luzynski [Thu, 15 Mar 2018 02:29:07 +0000 (03:29 +0100)]
NEWS: Add entries for bugs: 22848, 22932, 22937, 22963.
Alternative (nominative/genitive) month names have been added to the
Catalan and Czech locale data and the abbreviated alternative names to
Catalan and Greek.
As spotted by GNOME translation team, Greek language has the actually
visible difference between the abbreviated nominative and the abbreviated
genitive case for some month names. Examples:
A GNOME translator asked to use the same abbreviated month names
as provided by CLDR. This sounds reasonable. See the discussion:
https://bugzilla.gnome.org/show_bug.cgi?id=793645#c27
[BZ #22932]
* localedata/locales/lt_LT (abmon): Synchronize with CLDR.
This patch fixes the i386 sa_restorer field initialization for sigaction
syscall for kernel with vDSO. As described in bug report, i386 Linux
(and compat on x86_64) interprets SA_RESTORER clear with nonzero
sa_restorer as a request for stack switching if the SS segment is 'funny'.
This means that anything that tries to mix glibc's signal handling with
segmentation (for instance through modify_ldt syscall) is randomly broken
depending on what values lands in sa_restorer.
The testcase added is based on Linux test tools/testing/selftests/x86/ldt_gdt.c,
more specifically in do_multicpu_tests function. The main changes are:
- C11 atomics instead of plain access.
- Remove x86_64 support which simplifies the syscall handling and fallbacks.
- Replicate only the test required to trigger the issue.
Checked on i686-linux-gnu.
[BZ #21269]
* sysdeps/unix/sysv/linux/i386/Makefile (tests): Add tst-bz21269.
* sysdeps/unix/sysv/linux/i386/sigaction.c (SET_SA_RESTORER): Clear
sa_restorer for vDSO case.
* sysdeps/unix/sysv/linux/i386/tst-bz21269.c: New file.
DJ Delorie [Fri, 2 Mar 2018 04:20:45 +0000 (23:20 -0500)]
[BZ #22342] Fix netgroup cache keys.
Unlike other nscd caches, the netgroup cache contains two types of
records - those for "iterate through a netgroup" (i.e. setnetgrent())
and those for "is this user in this netgroup" (i.e. innetgr()),
i.e. full and partial records. The timeout code assumes these records
have the same key for the group name, so that the collection of records
that is "this netgroup" can be expired as a unit.
However, the keys are not the same, as the in-netgroup key is generated
by nscd rather than being passed to it from elsewhere, and is generated
without the trailing NUL. All other keys have the trailing NUL, and as
noted in the linked BZ, debug statements confirm that two keys for the
same netgroup are added to the cache with two different lengths.
The result of this is that as records in the cache expire, the purge
code only cleans out one of the two types of entries, resulting in
stale, possibly incorrect, and possibly inconsistent cache data.
The patch simply includes the existing NUL in the computation for the
key length ('key' points to the char after the NUL, and 'group' to the
first char of the group, so 'key-group' includes the first char to the
NUL, inclusive).
[BZ #22342]
* nscd/netgroupcache.c (addinnetgrX): Include trailing NUL in
key value.
powerpc: Undefine Linux ptrace macros that conflict with __ptrace_request
Linux ptrace headers define macros whose tokens conflict with the
constants of enum __ptrace_request causing build errors when
asm/ptrace.h or linux/ptrace.h are included before sys/ptrace.h.
* sysdeps/unix/sysv/linux/powerpc/sys/ptrace.h: Undefine Linux
macros used in __ptrace_request.
Rical Jasan [Mon, 19 Feb 2018 11:30:06 +0000 (03:30 -0800)]
manual: Document missing feature test macros.
Several feature test macros are documented in features.h but absent in
the manual, and some documented macros accept undocumented values.
This commit updates the manual to mention all the accepted macros,
along with any values that hold special meaning.
* manual/creature.texi (_POSIX_C_SOURCE): Document special
values of 199606L, 200112L, and 200809L.
(_XOPEN_SOURCE): Document special values of 600 and 700.
(_ISOC11_SOURCE): Document macro.
(_ATFILE_SOURCE): Likewise.
(_FORTIFY_SOURCE): Likewise.
Aurelien Jarno [Thu, 8 Mar 2018 23:14:27 +0000 (00:14 +0100)]
sparc32: Add nop before __startcontext to stop unwinding [BZ #22919]
On sparc32 tst-makecontext fails, as backtrace called within a context
created by makecontext to yield infinite backtrace.
Fix that the same way than nios2 by adding a nop just before
__startcontext. This is needed as otherwise FDE lookup just repeatedly
finds __setcontext's FDE in an infinite loop, due to the convention of
using 'address - 1' for FDE lookup.
Some SPE opcodes clashes with some recent PowerISA opcodes and
until recently gas did not complain about it. However binutils
recently changed it and now VLE configured gas does not support to
assembler some instruction that might class with VLE (HTM for
instance). It also does not help that glibc build hardware lock
elision support as default (regardless of assembler support).
Although runtime will not actually enables TLE on SPE hardware
(since kernel will not advertise it), I see little advantage on
adding HTM support on SPE built glibc. SPE uses an incompatible
ABI which does not allow share the same build with default
powerpc and HTM code slows down SPE without any benefict.
This patch fixes it by only building HTM when SPE configuration
is not used.
Checked with a powerpc-linux-gnuspe build. I also did some sniff
tests on a e500 hardware without any issue.
[BZ #22926]
* sysdeps/powerpc/powerpc32/sysdep.h (ABORT_TRANSACTION_IMPL): Define
empty for __SPE__.
* sysdeps/powerpc/sysdep.h (ABORT_TRANSACTION): Likewise.
* sysdeps/unix/sysv/linux/powerpc/elision-lock.c (__lll_lock_elision):
Do not build hardware transactional code for __SPE__.
* sysdeps/unix/sysv/linux/powerpc/elision-trylock.c
(__lll_trylock_elision): Likewise.
* sysdeps/unix/sysv/linux/powerpc/elision-unlock.c
(__lll_unlock_elision): Likewise.
Rical Jasan [Fri, 16 Feb 2018 16:47:20 +0000 (08:47 -0800)]
manual: Improve documentation of get_current_dir_name. [BZ #6889]
This is a minor rewording to clarify the behaviour of
get_current_dir_name. Additionally, the @vindex is moved above the
@deftypefun so that following links give a better result with regard
to context.
Rical Jasan [Fri, 16 Feb 2018 16:21:47 +0000 (08:21 -0800)]
manual: Fix a syntax error.
The opening parenthesis for function arguments in an @deftypefun need
to be separated from the function name. This isn't just a matter of
the GNU coding style---it causes the "(void" (in this case) to be
rendered as a part of the function name, causing a visual defect, and
also results in a warning to the following effect during `make pdf':
Rical Jasan [Wed, 24 Jan 2018 09:03:38 +0000 (01:03 -0800)]
manual: Fix Texinfo warnings about improper node names.
A number of cross-references to the GCC info manual cause Texinfo
warnings; e.g.:
./creature.texi:11: warning: @xref node name should not contain `.'
This is due to "gcc.info" being used in the INFO-FILE-NAME (fourth)
argument. Changing it to "gcc" removes these warnings. (Manually
confirmed equivalent behaviour for make info, html, and pdf.)
* manual/creature.texi: Convert references to gcc.info to gcc.
* manual/stdio.texi: Likewise.
* manual/string.texi: Likewise.
Aurelien Jarno [Sun, 18 Feb 2018 17:23:14 +0000 (18:23 +0100)]
Fix posix/tst-glob_lstat_compat on alpha [BZ #22818]
The tst-glob_lstat_compat test needs to run tests on the previous
version of glob. On alpha, there are three versions of glob, GLIBC_2.0,
GLIBC_2.1 and GLIBC_2.27, while on other architectures there are only
the GLIBC_2.0 and GLIBC_2.27 version. Therefore on alpha the previous
version is GLIBC_2.1 and not GLIBC_2.0.
Dmitry V. Levin [Fri, 29 Dec 2017 23:19:32 +0000 (23:19 +0000)]
linux/aarch64: sync sys/ptrace.h with Linux 4.15 [BZ #22433]
Remove compat-specific constants that were never exported by kernel
headers under these names. Before linux commit v3.7-rc1~16^2~1 they
were exported with COMPAT_ prefix, and since that commit they are not
exported at all.
* sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h (__ptrace_request):
Remove arm-specific PTRACE_GET_THREAD_AREA, PTRACE_GETHBPREGS,
and PTRACE_SETHBPREGS.
DJ Delorie [Fri, 9 Feb 2018 23:37:15 +0000 (18:37 -0500)]
[RISC-V] Fix parsing flags in ELF64 files.
When ldconfig reads Elf64 files to determine the ABI, it used the
Elf32 type, so read the wrong location, and stored the wrong ABI
type in the cache, making the cache useless. This patch uses
an Elf64 type for Elf64 objects instead.
Note that pre-patch caches might need to be manually removed and
regenerated to get the correct ABIs stored.
[BZ #22827]
* sysdeps/unix/sysv/linux/riscv/readelflib.c (process_elf_file): Use
64-bit ELF type for 64-bit ELF objects.
These tests require a new thread stack size set to a value (0x20000)
lower than the architecture minimum (0x30000). Set the stack size
to PTHREAD_STACK_MIN in this case.
Checked on ia64-linux-gnu.
* stdlib/test-atexit-race-common.c (do_test): Check stack size
against PTHREAD_STACK_MIN.
Rafal Luzynski [Thu, 1 Feb 2018 00:45:43 +0000 (01:45 +0100)]
NEWS: List the languages which use the alternative months.
[BZ #10871]
* NEWS: List the languages which actually use the alternative
months feature in this release. Also explain that "alt_mon" and
"ab_alt_mon" are optional.
Il'ya Malakhov [Wed, 31 Jan 2018 22:32:19 +0000 (14:32 -0800)]
crypt: Fix badsalttest test (Bug 22765)
The value of 'cd.initialized' is left uninitialized before the
first invocation of 'crypt_r ()' in this test despite the fact
that it should be set to zero according to the API.
Samuel Thibault [Mon, 29 Jan 2018 21:49:45 +0000 (22:49 +0100)]
malloc: Use assert.h's assert macro
This avoids assert definition conflicts if some of the headers used by
malloc.c happens to include assert.h. Malloc still needs a malloc-avoiding
implementation, which we get by redirecting __assert_fail to malloc's
__malloc_assert.
* malloc/malloc.c: Include <assert.h>.
(assert): Do not define.
[!defined NDEBUG] (__assert_fail): Define to __malloc_assert.
Samuel Thibault [Sun, 28 Jan 2018 22:30:15 +0000 (23:30 +0100)]
hurd: Add expected ABI lists
* hurd/Versions: Fix version when _hurd_exec_paths was added.
* mach/Versions: Fix version when __mach_host_self_ was added.
* sysdeps/mach/hurd/i386/ld.abilist: New file.
* sysdeps/mach/hurd/i386/libBrokenLocale.abilist: New file.
* sysdeps/mach/hurd/i386/libanl.abilist: New file.
* sysdeps/mach/hurd/i386/libc.abilist: New file.
* sysdeps/mach/hurd/i386/libcrypt.abilist: New file.
* sysdeps/mach/hurd/i386/libdl.abilist: New file.
* sysdeps/mach/hurd/i386/libm.abilist: New file.
* sysdeps/mach/hurd/i386/libnsl.abilist: New file.
* sysdeps/mach/hurd/i386/libresolv.abilist: New file.
* sysdeps/mach/hurd/i386/librt.abilist: New file.
* sysdeps/mach/hurd/i386/libutil.abilist: New file.
Palmer Dabbelt [Mon, 29 Jan 2018 18:30:24 +0000 (10:30 -0800)]
RISC-V: Build Infastructure
This patch lays out the top-level orginazition of the RISC-V port. It
contains all the Implies files as well as various other fragments of
build infastructure for the RISC-V port. This contains the only change
to a shared file: config.h.in.
RISC-V is a family of base ISAs with optional extensions. The base ISAs
are RV32I and RV64I, which are 32-bit and 64-bit integer-only ISAs, but
this port currently only supports RV64I based systems. Support for
RISC-V lives in in sysdeps/riscv. In addition to these ISAs, our glibc
port supports most of the currently-defined extensions: the A extension
for atomics, the M extension for multiplication, the C extension for
compressed instructions, and the F/D extensions for single/double
precision IEEE floating-point. Most of these extensions are handled by
GCC, but glibc defines various floating-point wrappers and emulation
routines as well as some atomic wrappers.
We support running glibc-based programs on Linux, the support for which
lives in sysdeps/unix/sysv/linux/riscv.
Palmer Dabbelt [Mon, 29 Jan 2018 18:29:57 +0000 (10:29 -0800)]
RISC-V: Add ABI Lists
I started with the aarch64 ABI lists and manually went through each
difference, ensuring that the missing entries had been deprecated along
the line. Darius generated the ulps files by running the test cases on QEMU.
Palmer Dabbelt [Mon, 29 Jan 2018 18:28:32 +0000 (10:28 -0800)]
RISC-V: Linux ABI
Linux-specific code that is required for maintaining ABI compatibility.
This doesn't contain the actual system call interface, that is split out
in order to avoid having a patch that's too big.
Palmer Dabbelt [Mon, 29 Jan 2018 18:27:17 +0000 (10:27 -0800)]
RISC-V: Atomic and Locking Routines
This patch implements various atomic and locking routines on RISC-V. We
mandate the A extension on Linux-capable RISC-V systems, so this can
rely on always having the various atomic instructions availiable.
Palmer Dabbelt [Mon, 29 Jan 2018 17:27:10 +0000 (09:27 -0800)]
RISC-V: Hard Float Support
This patch contains hardware floating-point support for the RISC-V ISA.
While we currently only support hard-float systems with both the F and D
extensions, I've left the F-specific code split out into seperate
folders in order to ease adding support for F-only and RV32I-based
systems in the future. I gave this a quick once-over and believe I've
removed all the code that implements RV32IF, RV32IFD, and RV64IF
targets.
Palmer Dabbelt [Mon, 29 Jan 2018 18:26:35 +0000 (10:26 -0800)]
RISC-V: Generic <math.h> and soft-fp Routines
This patch contains the miscellaneous math routines and headers we have
implemented for RISC-V. This includes things from <math.h> that aren't
completely ISA-generic, floating-point bit manipulation, and soft-fp
hooks.
Palmer Dabbelt [Mon, 29 Jan 2018 18:25:58 +0000 (10:25 -0800)]
RISC-V: Thread-Local Storage Support
This patch implements TLS support for RISC-V. We support all four
standard TLS addressing modes (LE, IE, LD, and GD) when running on
Linux via NPTL. There is a draft psABI document that defines our TLS
ABI here
This is meant to contain all the RISC-V code that needs to explicitly
name registers or manage in-memory structure layout. This does not
contain any of the Linux-specific code.
Palmer Dabbelt [Mon, 29 Jan 2018 18:25:23 +0000 (10:25 -0800)]
Add documentation for __riscv_flush_icache
This function is used by GCC to enforce ordering between data writes and
instruction fetches, and while we'd prefer that users rely on the GCC
intrinsic when possible this is user visible in case that's not
possible.
2018-01-29 Palmer Dabbelt <palmer@sifive.com>
* manual/platform.texi: Add RISC-V documenation for
__riscv_flush_icache.
projects / thirdparty / glibc.git / log
