Mike Kelly [Mon, 2 Feb 2026 07:25:02 +0000 (07:25 +0000)]
hurd: handling pending signals could result in corruption of FPU state
Handling a pending signal calls _hurd_setup_sighandler() once again
after the initial signal handling. In this case a pointer to the
previous sigcontext is available to supply the interrupted thread's
original basic state, fpu state and fpu XSTATE. The original XSTATE
was not being preserved by the pending signal but instead overwritten
with the active XSTATE. XSTATE register values modified by the
signal handling code could therefore be wrongly propogated back to
the interrupted user code.
Wilco Dijkstra [Tue, 27 Jan 2026 14:28:35 +0000 (14:28 +0000)]
AArch64: Add if('fastmath') to math-vector-fortran.h [BZ #33226]
Only enable vector math functions with -ffast-math by adding if('fastmath').
This uses a new annotation supported by GCC 16 (PR 118955). If an older
compiler is used, it will disable the math function without an error.
This fixes BZ #33226.
Weihong Ye [Tue, 3 Feb 2026 17:09:03 +0000 (17:09 +0000)]
AArch64: Optimize memcpy for Kunpeng 950 processor
For copies ≤64 bytes, the implementation remains consistent with memcpy_sve.
For 65–128 bytes, it removes the 96-byte branch and reorders instructions,
improving performance by 18–32%. For >128 bytes, it aligns the destination
to a 32-byte boundary and uses Pre-indexed load/store instructions to reduce
address-update overhead.
All benchmarks report execution time (lower is better). Geomean results
(__memcpy_generic → this patch):
- bench-memcpy: 16.74 → 12.11 (28% faster)
- bench-memcpy-large: 24287 → 23302 (4% faster)
- bench-memcpy-random: 107693 → 72153 (33% faster)
Florian Weimer [Mon, 2 Feb 2026 20:15:48 +0000 (21:15 +0100)]
elf: Add test case for LD_PROFILE/LD_PROFILE_OUTPUT interaction
This verifies that LD_PROFILE is correctly ignored if LD_PROFILE_OUTPUT
is not set.
The test was initially auto-generated, then heavily edited and re-edited
for brevity and clarity. The test uses glibc-specific interfaces
(including one that did not exist at all a couple of hours ago), so
this should be unproblematic.
Florian Weimer [Mon, 2 Feb 2026 20:15:48 +0000 (21:15 +0100)]
support: Add support_spawn_wrap and related functionality
It allows us to write test cases in C that run tests with
dynamic linker wrapping.
The iconv test case was auto-generated. The posix_spawn usage
is mechanical, and the interface it tests is newly added in this
commit, so this should be acceptable.
open tst-gnu2-tls2mod0.so
open tst-gnu2-tls2mod1.so
open tst-gnu2-tls2mod2.so
close tst-gnu2-tls2mod0.so
close tst-gnu2-tls2mod1.so
open tst-gnu2-tls2mod0.so
open tst-gnu2-tls2mod1.so
Didn't expect signal from child: got `Aborted'
Because AFTER_TLSDESC_CALL might clobber caller-saved registers and
the zero array might call the memset function resolution, which itself
might clobber some vector registers.
The AFTER_TLSDESC_CALL calls memset and memcmp, and both the
lazy resolution and the routines themselves can clobber the
caller-saved registes used in the tests.
Checked on arm-linux-gnueabihf (armv7-a vpfv4 / QEMU).
Luca Boccassi [Wed, 28 Jan 2026 15:37:56 +0000 (15:37 +0000)]
linux: use PIDFD_GET_INFO ioctl for pidfd_getpid() if available
Linux v6.13 introduced a new ioctl to query info from a pidfd.
The advantage of this vs. parsing /proc/ is that it works even
when procfs is not mounted. It's also a single syscall, and doesn't
need manual string parsing. Use it when available.
Avinal Kumar [Mon, 5 Jan 2026 13:29:27 +0000 (18:59 +0530)]
elf: Fix ambiguous error message for --f in sotruss [BZ #25257]
The sotruss utility printed an incomplete error message when the
ambiguous option --f was used. The message did not list the possible
matching options, making it unclear how to resolve the ambiguity.
This commit corrects the error message to report all valid alternatives.
Example after this change:
$ sotruss --f /bin/true
sotruss: option '--f' is ambiguous; possibilities: '--from' '--follow'
Try `sotruss --help' or `sotruss --usage' for more information.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
math: Order signed zeros in f{max,min}mag{f,l,f128}
The functions are documented to behave like fmax/fmin when the
arguments have the same absolute value.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
The C standard (at least from C99 until C23) does not require
fmin/fmax to order zeros by their sign, so glibc's previous behavior
was entirely standards-conforming. However, the standard does
recommend that zeros be ordered in a footnote, saying:
"If possible, fmax is sensitive to the sign of zero, for example
fmax(−0.0, +0.0) ideally returns +0."
As this is indeed possible (and not too complicated), implement it as
a quality-of-implementation improvement. It also remove possible
deviations between architectures, where for some architectures that
has direct mapping instruction (USE_FMA*_BUILTIN) they already do
the ordering.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Co-authored-by: James Y Knight <jyknight@google.com> Reviewed-by: Wilco Dijkstra <Wilco.Dijkstra@arm.com>
The sNaN handling on i386 was not properly implemented or tested due to
ABI and compiler constraints [1] [2], and although GCC has an open bug
to try to fix at least the sNaN in the function call arguments [3], it
will most likely never be fixed.
To simplify the fix or the order signed zeros and make f{fmin,fmax} behave
semantically equal to the rest of the f{min,max}* function, this patch
removes all i386 assembly optimizations. The f{min,max} functions should
not be hotspots in any meaningful code people are running on i386 nowadays.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Avinal Kumar [Mon, 2 Feb 2026 15:26:13 +0000 (16:26 +0100)]
manual: Document //TRANSLIT and //IGNORE support in iconv_open [BZ #3794]
The //TRANSLIT and //IGNORE suffix supported by iconv_open
was not documented in the glibc manual. This commit adds the
documentation for the suffixes.
Arjun Shankar [Mon, 26 Jan 2026 12:49:37 +0000 (13:49 +0100)]
dlfcn: Add dlinfo request type RTLD_DI_ORIGIN_PATH (bug #24298)
The existing dlinfo request type RTLD_DI_ORIGIN used for querying the
value of the '$ORIGIN' dynamic string token is prone to buffer
overflows.
This commit adds a new request type named RTLD_DI_ORIGIN_PATH that
returns a pointer to the dynamic string token (i.e. the 'l_origin' field
in the link map) instead. The dlinfo manual is updated with the new
request type, and the description of RTLD_DI_ORIGIN is updated to
recommend RTLD_DI_ORIGIN_PATH instead.
A test for the new request type is also added to tst-dlinfo.
Aurelien Jarno [Tue, 20 Jan 2026 17:25:08 +0000 (18:25 +0100)]
Fix ldbl-128ibm ceill, floorl, roundl and truncl zero-sign handling
When the result of ceill, floorl, roundl and truncl is zero, the sign of
the result must match the sign of the input. For the IBM 128-bit long
double format, the sign is determined by the high part.
Ensure the correct sign when the high part is the result of
computations, by copying the sign from the input high part to the output
high part. On POWER, this conveniently maps to the fcpsgn instruction.
In addition add test for the values provided in BZ #33623, and for the
opposite value when the result is 0.
Florian Weimer [Sat, 24 Jan 2026 09:29:39 +0000 (10:29 +0100)]
support: Reinitialize containers if /etc is present
This prevents test failures because configuration file leftovers
unexpectedly change glibc for future tests. Whether this
triggers depends on test execution order.
Adding postclean.req files manually (before this change) appears
too error-prone.
posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281 / BZ 33814)
The wordexp fails to properly initialize the input wordexp_t when
WRDE_REUSE is used. The wordexp_t struct is properly freed, but
reuses the old wc_wordc value and updates the we_wordv in the
wrong position. A later wordfree will then call free with an
invalid pointer.
Xi Ruoyao [Thu, 15 Jan 2026 08:24:57 +0000 (16:24 +0800)]
Linux: fix tst-copy_file_range-large failure in 32-bit glibc build on 64-bit kernel [BZ 33790]
Reported-by: H. J. Lu <hjl.tools@gmail.com> Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Florian Weimer <fweimer@redhat.com> Tested-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Florian Weimer [Thu, 15 Jan 2026 21:29:46 +0000 (22:29 +0100)]
elf: Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set (bug 33797)
The previous default for LD_PROFILE_OUTPUT, /var/tmp, is insecure
because it's typically a 1777 directory, and other systems could
place malicious files there which interfere with execution.
Requiring the user to specify a profiling directory mitigates
the impact of bug 33797. Clear LD_PROFILE_OUTPUT alongside
with LD_PROFILE.
Rework the test not to use predictable file names.
Carlos O'Donell [Thu, 15 Jan 2026 20:09:38 +0000 (15:09 -0500)]
resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915)
The default network value of zero for net was never tested for and
results in a DNS query constructed from uninitialized stack bytes.
The solution is to provide a default query for the case where net
is zero.
Adding a test case for this was straight forward given the existence of
tst-resolv-network and if the test is added without the fix you observe
this failure:
FAIL: resolv/tst-resolv-network
original exit status 1
error: tst-resolv-network.c:174: invalid QNAME: \146\218\129\128
error: 1 test failures
With a random QNAME resulting from the use of uninitialized stack bytes.
After the fix the test passes.
Additionally verified using wireshark before and after to ensure
on-the-wire bytes for the DNS query were as expected.
The change to cap valid sizes to PTRDIFF_MAX inadvertently dropped the
overflow check for alignment in memalign functions, _mid_memalign and
_int_memalign. Reinstate the overflow check in _int_memalign, aligned
with the PTRDIFF_MAX change since that is directly responsible for the
CVE. The missing _mid_memalign check is not relevant (and does not have
a security impact) and may need a different approach to fully resolve,
so it has been omitted.
CVE-Id: CVE-2026-0861
Vulnerable-Commit: 9bf8e29ca136094f73f69f725f15c51facc97206 Reported-by: Igor Morgenstern, Aisle Research Fixes: BZ #33796 Reviewed-by: Wilco Dijkstra <Wilco.Dijkstra@arm.com> Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
tst-mallocfork calls fork from a signal handler, leading to sporadic
deadlocks when multi-threaded since fork is not AS-safe when
multi-threading. This commit therefore adds tst-mallocfork to the
appropriate exception list.
In permissive mode, during audit module handling, check_gcs is unaware
that it is handling audit modules rather than the binary itself. It
causes the loader to fail to load the audit module, rather than
loading it and disabling GCS.
Also extends GCS tests with 4 LD_AUDIT tests:
1. tst-gcs-audit-disabled: checks if the audit module without GCS
marking is loaded with default gcs support.
2. tst-gcs-audit-enforced: checks if the audit module without GCS
marking is not loaded when GCS is enforced.
3. tst-gcs-audit-optional: checks if the audit module without GCS
marking is loaded when GCS is optional.
4. tst-gcs-audit-override: check if the audit modules without GCS
marking is loaded when GCS is overrided.
Checked on aarch64-linux-gnu with Linux 6.18 on Apple M4 emulated (for
BTI support) and on qemu 10.1.50 simulated (for GCS).
Sachin Monga [Mon, 12 Jan 2026 17:40:15 +0000 (12:40 -0500)]
ldbl-128ibm-compat: Add local aliases for printf family symbols
When the compiler selects IEEE-128 long double ABI(-mabi=ieeelongdouble),
calls to printf, fprintf, sprintf and snprintf are redirected to the
__printfieee128, __fprintfieee128, __sprintfieee128 and __snprintfieee128
symbols respectively. This causes "break printf" (and others) in
GDB to fail because the original symbol names do not exist as global
symbols in libc.so.6.
Fix this by adding local symbol aliases in the ieee128 compatibility
files so that the original symbol names are present in the symbol table
again. This restores the expected GDB behavior ("break printf" works)
without requiring dynamic symbols or versioned compatibility symbols.
The 13cfd77bf5 change broke the b5d88fa6c3 fix by removing the symbol
to __symbol redirections. Although it works for -O2 with both gcc
and clang, with -Os without the redirection, the libcall might still
be issued.
This patch reinstates the b5d88fa6c3 fix, with a modification that
allows each ifunc variant to control which trunc to issue. This is
required for clang, which defines HAVE_X86_INLINE_TRUNC to 1 (meaning
that trunc will always be lowered to the instruction on -Os).
Checked on x86_64-linux-gnu with -O2 and -Os with gcc-15 and clang-18.
The CORE-MATH c423b9a3 commit made atanh to use a slight different
muldd_acc and polydd (which uses muldd_acc internally) compared
to previous version.
The new tests were suggested by Paul Zimmermann (although I did
not see any regression).
Checked on x86_64-linux-gnu, x86_64-linux-gnu-v3, aarch64-linux-gnu,
and i686-linux-gnu.
Reviewed-by: Paul Zimmermann <Paul.Zimmermann@inria.fr>
The CORE-MATH c423b9a3 commit made atanh to use a slight different
muldd_acc, mulddd, and polydd (which uses muldd_acc internally)
compare to asinh and acosh.
The new tests were suggested by Paul Zimmermann (although I did
not see any regression).
Checked on x86_64-linux-gnu, x86_64-linux-gnu-v3, aarch64-linux-gnu,
and i686-linux-gnu.
Reviewed-by: Paul Zimmermann <Paul.Zimmermann@inria.fr>
The muldd was renamed to muldd_acc to avoid deviate from CORE-MATH
(the symbol and logic in replicated on multiple implementation,
different than glibc we consolidate it on ddcoremath.h).
Checked on x86_64-linux-gnu, x86_64-linux-gnu-v3, aarch64-linux-gnu,
and i686-linux-gnu.
Reviewed-by: Paul Zimmermann <Paul.Zimmermann@inria.fr>
Samuel Thibault [Sun, 11 Jan 2026 01:00:25 +0000 (02:00 +0100)]
hurd: Fix sigreturn clobbering some xmm registers
__sigreturn2 uses _hurd_sigstate_unlock after restoring the interrupted
xmm values, we thus need it not to touch xmm. It makes sense to inline
sigstate_is_global_rcv _hurd_sigstate_lock/unlock anyway. unlock calls
gsync_wake, so we need to avoid xmm there as well.
Xi Ruoyao [Thu, 8 Jan 2026 07:27:53 +0000 (15:27 +0800)]
Linux: fix copy_file_range test on Linux >= 6.18
On Linux >= 6.18, the kernel submits the new COPY_FILE_RANGE_64
operation to the fuse implementation for large files. There is a
fall-back routine to COPY_FILE_RANGE but it's only used if
COPY_FILE_RANGE_64 returns ENOSYS.
So, return ENOSYS instead of EIO for "unsupported" operations in order
to make the kernel do the correct thing for this case and maybe in case
that a new operation is added into the kernel fuse interface in the
future.
Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Florian Weimer <fweimer@redhat.com>
Yury Khrustalev [Wed, 10 Dec 2025 15:00:26 +0000 (15:00 +0000)]
aarch64: Fix PT_GNU_PROPERTY checks for static exe (BZ 33713)
All checks related to the PT_GNU_PROPERTY bits would be skipped
if the binary had no PT_GNU_PROPERTY note at all. This meant that
enforcing an abort when some bits are not present was not possible.
Paul Eggert [Sat, 3 Jan 2026 18:27:52 +0000 (10:27 -0800)]
Better terminology for ‘long double’ in manual
* manual/math.texi (Mathematical Constants):
Don’t say that long double is “the same as” double, as the
types remain distinct (problem reported by Keith Thompson).
Also, don’t imply that float is the “narrowest”, as floating
point types don’t have widths in Standard C. Instead, talk
about precision and exponent range.
Paul Eggert [Thu, 1 Jan 2026 21:19:24 +0000 (13:19 -0800)]
Pass glibc pre-commit checks
This is needed for the next patch which updates copyright dates.
* elf/sprof.c:
* sysdeps/unix/sysv/linux/tst-pidfd_getinfo.c:
Remove trailing white space.
* misc/tst-atomic.c: Remove trailing empty line.
projects / thirdparty / glibc.git / log
