Sam James [Tue, 10 Dec 2024 01:21:46 +0000 (01:21 +0000)]
stdlib: random_r: fix unaligned access in initstate and initstate_r [BZ #30584]
The initstate{,_r} interfaces are documented in BSD as needing an aligned
array of 32-bit values, but neither POSIX nor glibc's own documentation
require it to be aligned. glibc's documentation says it "should" be a power
of 2, but not must.
Use memcpy to read and write to `state` to handle such an unaligned
argument.
assert: Remove the use of %n from __assert_fail_base (BZ #32456)
The require size for mmap can be inferred from __vasprintf return
value. It also fixes tst-assert-2 when building with --enable-fortify,
where even if the format is not translated, __readonly_area fails
because malloc can not be used.
Florian Weimer [Thu, 2 Jan 2025 12:45:27 +0000 (13:45 +0100)]
elf: Use TLS_DTV_OFFSET in __tls_get_addr
This fixes commit 5e249192cac7354af02a7347a0d8c984e0c88ed3 ("elf:
Remove the GET_ADDR_ARGS and related macros from the TLS code"):
GET_ADDR_ARGS was indeed unused, but GET_ADDR_OFFSET was used
on several targets, those that define TLS_DTV_OFFSET. Instead
of reintroducing GET_ADDR_OFFSET, use TLS_DTV_OFFSET directly,
now that it is defined on all targets.
In the new tls_get_addr_adjust helper function, add a cast to
uintptr_t to help the s390 case, where the offset can be positive or
negative, depending on the addresses malloc returns. The cast avoids
pointer wraparound/overflow. The outer uintptr_t cast is needed
to suppress a warning on x86-64 x32 about mismatched integer/pointer
sizes.
Eventually this offset should be folded into the DTV addresses
themselves, to eliminate the subtraction on the TLS fast path.
This will require an adjustment to libthread_db because the
debugger interface currently returns unadjusted pointers.
Samuel Thibault [Wed, 1 Jan 2025 21:07:42 +0000 (22:07 +0100)]
bits/socket.h: Update to recent BSD definition
The old BSD 4.4 definition (not used by Linux) was not 64b-proof: the
cmsg_data field is supposed to CMSG_ALIGN'ed (as can be also seen in the
CMSG_LEN macro).
Paul Eggert [Wed, 1 Jan 2025 20:16:06 +0000 (12:16 -0800)]
Don't update copyright notices in Linux licenses
* scripts/update-copyrights: Do not update copyright notices
in licenses imported from the Linux kernel.
This should prevent glitches such as those fixed in my
recent commit.
Paul Eggert [Wed, 1 Jan 2025 18:31:31 +0000 (10:31 -0800)]
Update copyright dates not handled by scripts/update-copyrights
I've updated copyright dates in glibc for 2025. This is the patch for
the changes not generated by scripts/update-copyrights and subsequent
build / regeneration of generated files.
Paul Eggert [Wed, 1 Jan 2025 19:16:35 +0000 (11:16 -0800)]
Pass glibc pre-commit checks
This is needed for the next patch which updates copyright dates.
* assert/test-assert-2.c: Remove trailing white space.
* elf/tst-startup-errno.c: Remove trailing empty lines.
Xi Ruoyao [Thu, 26 Dec 2024 04:51:18 +0000 (12:51 +0800)]
mlock, mlock2, munlock: Tell the compiler we don't dereference the pointer
Since https://gcc.gnu.org/r11-959, the compiler emits
-Wmaybe-uninitialized if a const pointer to an uninitialized buffer is
passed. Tell the compiler we don't dereference the pointer to remove
the false alarm.
Link: https://gcc.gnu.org/PR118194 Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Sam James <sam@gentoo.org>
The new tunable can be used to control whether executable stacks are
allowed from either the main program or dependencies. The default is
to allow executable stacks.
The executable stacks default permission is checked agains the one
provided by the PT_GNU_STACK from program headers (if present). The
tunable also disables the stack permission change if any dependency
requires an executable stack at loading time.
Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
elf: Do not change stack permission on dlopen/dlmopen
If some shared library loaded with dlopen/dlmopen requires an executable
stack, either implicitly because of a missing GNU_STACK ELF header
(where the ABI default flags implies in the executable bit) or explicitly
because of the executable bit from GNU_STACK; the loader will try to set
the both the main thread and all thread stacks (from the pthread cache)
as executable.
Besides the issue where any __nptl_change_stack_perm failure does not
undo the previous executable transition (meaning that if the library
fails to load, there can be thread stacks with executable stacks), this
behavior was used on a CVE [1] as a vector for RCE.
This patch changes that if a shared library requires an executable
stack, and the current stack is not executable, dlopen fails. The
change is done only for dynamically loaded modules, if the program
or any dependency requires an executable stack, the loader will still
change the main thread before program execution and any thread created
with default stack configuration.
Florian Weimer [Mon, 30 Dec 2024 11:41:51 +0000 (12:41 +0100)]
x86-64: Reorder dynamic linker list in ldd script (bug 32508)
Move the x86-64 loader first, before the i386 and x32 loaders. In
most cases, it's the loader the script needs. This avoids an error
message if the i386 loader does not work.
The effect of this change to the generated ldd script looks like this:
Michael Jeanson [Fri, 27 Dec 2024 16:41:02 +0000 (17:41 +0100)]
nptl: Add <thread_pointer.h> for hppa
This will be required by the rseq extensible ABI implementation on all
Linux architectures exposing the '__rseq_size' and '__rseq_offset'
symbols to set the initial value of the 'cpu_id' field which can be used
by applications to test if rseq is available and registered. As long as
the symbols are exposed it is valid for an application to perform this
test even if rseq is not yet implemented in libc for this architecture.
Compile tested with build-many-glibcs.py but I don't have access to any
hardware to run the tests.
Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
I don't think we need a compatibility symbol for this. As the
GStreamer example shows, this change is much more likely to fix bugs
than cause compatibility issues.
Suggested-by: Dmitry V. Levin <ldv@altlinux.org> Suggested-by: Archie Cobbs <archie.cobbs@gmail.com> Suggested-by: Solar Designer <solar@openwall.com> Reviewed-by: Sam James <sam@gentoo.org>
Florian Weimer [Tue, 17 Dec 2024 08:20:20 +0000 (09:20 +0100)]
nptl: More useful padding in struct pthread
The previous use of padding within a union made it impossible to
re-use the padding for GLIBC_PRIVATE ABI preservation because
tcbhead_t could use up all of the padding (as was historically the
case on x86-64). Allocating padding unconditionally addresses this
issue.
Florian Weimer [Mon, 23 Dec 2024 12:55:49 +0000 (13:55 +0100)]
elf: Remove the GET_ADDR_ARGS and related macros from the TLS code
This was used to manage an IA-64 ABI divergence is no longere needed
after the IA-64 removal.
(It should be possible to encode all the required information in
one machine word, so the pointer indirection is really unnecessary.
Technically, none of this is part of the ABI, so perhaps it's
possible to do this retroactively. See bug 27404.)
Miao Wang [Mon, 23 Dec 2024 09:30:43 +0000 (10:30 +0100)]
io: statx, fstatat: Drop nonnull attribute on the path argument
Since Linux 6.11 the kernel allows path to be NULL if flags &
AT_EMPTY_PATH. Let's allow users to take the advantage if they don't
care running on old kernels.
Signed-off-by: Miao Wang <shankerwangmiao@gmail.com> Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Florian Weimer <fweimer@redhat.com>
Add valid_decimal_value to check valid decimal value in a string to
avoid uninitialized endp in add_prefixlist and gaiconf_init as reported
by Clang 19:
./getaddrinfo.c:1884:11: error: variable 'endp' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
1884 | && (cp == NULL
| ^~~~~~~~~~
./getaddrinfo.c:1887:11: note: uninitialized use occurs here
1887 | && *endp == '\0'
| ^~~~
./getaddrinfo.c:1884:11: note: remove the '||' if its condition is always false
1884 | && (cp == NULL
| ^~~~~~~~~~
1885 | || (bits = strtoul (cp, &endp, 10)) != ULONG_MAX
| ~~
./getaddrinfo.c:1875:13: note: initialize the variable 'endp' to silence this warning
1875 | char *endp;
| ^
| = NULL
This fixes BZ #32465.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
H.J. Lu [Sun, 22 Dec 2024 21:12:03 +0000 (05:12 +0800)]
stdio-common: Suppress Clang warnings on scanf13.c
Suppress Clang warnings on stdio-common/scanf13.c:
1. Before this commit:
scanf13.c:43:17: error: invalid conversion specifier 'l' [-Werror,-Wformat-invalid-specifier]
43 | "A%mS%10mls%4ml[bcd]%4mCB", &lsp1, &lsp2, &lsp3, &lsp4) != 4)
| ~~~~^
scanf13.c:43:22: error: invalid conversion specifier 'l' [-Werror,-Wformat-invalid-specifier]
43 | "A%mS%10mls%4ml[bcd]%4mCB", &lsp1, &lsp2, &lsp3, &lsp4) != 4)
| ~~~~^
scanf13.c:43:50: error: data argument not used by format string [-Werror,-Wformat-extra-args]
43 | "A%mS%10mls%4ml[bcd]%4mCB", &lsp1, &lsp2, &lsp3, &lsp4) != 4)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
scanf13.c:145:27: error: invalid conversion specifier 'l' [-Werror,-Wformat-invalid-specifier]
145 | if (sscanf (buf, "%2048mls%mlc", &lsp3, &lsp4) != 2)
| ~~~~~~^
scanf13.c:145:31: error: invalid conversion specifier 'l' [-Werror,-Wformat-invalid-specifier]
145 | if (sscanf (buf, "%2048mls%mlc", &lsp3, &lsp4) != 2)
| ~~~^
scanf13.c:145:43: error: data argument not used by format string [-Werror,-Wformat-extra-args]
145 | if (sscanf (buf, "%2048mls%mlc", &lsp3, &lsp4) != 2)
| ~~~~~~~~~~~~~~ ^
scanf13.c:161:31: error: invalid conversion specifier 'l' [-Werror,-Wformat-invalid-specifier]
161 | if (sscanf (buf, "%4mC%1500ml[dr/]%548ml[abc/d]%3mlc",
| ~~~~~~^
scanf13.c:161:42: error: invalid conversion specifier 'l' [-Werror,-Wformat-invalid-specifier]
161 | if (sscanf (buf, "%4mC%1500ml[dr/]%548ml[abc/d]%3mlc",
| ~~~~~~~~~~^
scanf13.c:161:53: error: invalid conversion specifier 'l' [-Werror,-Wformat-invalid-specifier]
161 | if (sscanf (buf, "%4mC%1500ml[dr/]%548ml[abc/d]%3mlc",
| ~~~~~~~~~~^
scanf13.c:162:15: error: data argument not used by format string [-Werror,-Wformat-extra-args]
161 | if (sscanf (buf, "%4mC%1500ml[dr/]%548ml[abc/d]%3mlc",
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
162 | &lsp1, &lsp2, &lsp3, &lsp4) != 4)
| ^
10 errors generated.
2. With DIAG_IGNORE_NEEDS_COMMENT_CLANG changes in stdio-common/scanf13.c:
scanf13.c:28:40: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 11 [-Werror,-Wfortify-source]
28 | "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4)
| ^
scanf13.c:94:34: error: 'sscanf' may overflow; destination buffer in argument 3 has size 8, but the corresponding specifier may require size 2049 [-Werror,-Wfortify-source]
94 | if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2)
| ^
scanf13.c:110:61: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 1501 [-Werror,-Wfortify-source]
110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4)
| ^
scanf13.c:110:67: error: 'sscanf' may overflow; destination buffer in argument 5 has size 8, but the corresponding specifier may require size 549 [-Werror,-Wfortify-source]
110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4)
| ^
4 errors generated.
Co-Authored-By: Adhemerval Zanella <adhemerval.zanella@linaro.org> Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
H.J. Lu [Sun, 22 Dec 2024 19:58:54 +0000 (03:58 +0800)]
Fix build without stack protector [BZ #32494]
Without stack protector, inhibit_stack_protector is undefined during build:
In file included from <command-line>:
./../include/libc-symbols.h:665:3: error: expected ';' before '__typeof'
665 | __typeof (type_name) *name##_ifunc (__VA_ARGS__)
\
| ^~~~~~~~
./../include/libc-symbols.h:676:3: note: in expansion of macro
'__ifunc_resolver'
676 | __ifunc_resolver (type_name, name, expr, init, static, __VA_ARGS__)
| ^~~~~~~~~~~~~~~~
./../include/libc-symbols.h:703:3: note: in expansion of macro '__ifunc_args'
703 | __ifunc_args (type_name, name, expr, init, arg)
| ^~~~~~~~~~~~
./../include/libc-symbols.h:790:3: note: in expansion of macro '__ifunc'
790 | __ifunc (redirected_name, name, expr, void, INIT_ARCH)
| ^~~~~~~
../sysdeps/x86_64/multiarch/memchr.c:29:1: note: in expansion of macro
'libc_ifunc_redirected'
29 | libc_ifunc_redirected (__redirect_memchr, memchr, IFUNC_SELECTOR ());
| ^~~~~~~~~~~~~~~~~~~~~
1. Fix a typo in include/libc-symbols.h to define inhibit_stack_protector
for build.
2. Don't include <config.h> in include/libc-symbols.h since it has been
included in include/libc-misc.h.
3. Change #include "libc-misc.h" to #include <libc-misc.h> in
string/test-string.h.
This fixes BZ #32494.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
H.J. Lu [Thu, 19 Dec 2024 21:52:56 +0000 (05:52 +0800)]
Compile tst-deadline.c with -Wno-ignored-attributes for Clang
Since tst-deadline.c is an internal test, compile tst-deadline.c with
-Wno-ignored-attributes for Clang to silence -Werror,-Wunknown-attributes
errors. Also suppress -Wmaybe-uninitialized only for GCC in net-internal.h.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
math: Fix clang warnings for math/test-tgmath-ret.c
clang warns that since the global variables are only used to function
calls (without being actually used), they are not needed and will
not be emitted.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
Suppress Clang warning on adding an integer to a string
Suppress Clang warning on adding an integer to a string, like:
tst-iconv-sticky-input-error.c:125:42: error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int]
125 | expected_output = "ABXY" + skip;
| ~~~~~~~^~~~~~
tst-iconv-sticky-input-error.c:125:42: note: use array indexing to silence this warning
125 | expected_output = "ABXY" + skip;
| ^
| & [ ]
Co-Authored-By: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
clang does not handle %Z on print, and just suppressing
-Wformat-invalid-specifier might trigger another warning for extra
arguments (since %Z is ignored). So suppress -Wformat-extra-args
as well.
For tst-fphex.c a heavy hammer is used since the printf is more
complex and clang throws a more generic warning. Reviewed-by: Sam James <sam@gentoo.org>
H.J. Lu [Thu, 19 Dec 2024 20:32:49 +0000 (04:32 +0800)]
elf: Enable tst-dlopen-nodelete-reloc if TEST_CXX supports STB_GNU_UNIQUE
tst-dlopen-nodelete-reloc requires STB_GNU_UNIQUE support so that NODELETE
is propagated by do_lookup_unique. Enable it only if TEST_CXX supports
STB_GNU_UNIQUE,
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
Fangrui Song [Sun, 10 Oct 2021 21:38:00 +0000 (14:38 -0700)]
x86: Define __HAVE_FLOAT128 for Clang and use __builtin_*f128 code path
Clang supports __builtin_fabsf128 (despite not supporting _Float128) but
it does not support __builtin_fabsq. Fallback to back to
`typedef __float128 _Float128;` it clang is used.
Originally developed by Fangrui Song <maskray@google.com>. Co-Authored-By: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
* DIAG_{PUSH,POP}_NEEDS_COMMENT_CLANG are similar to
DIAG_{PUSH,POP}_NEEDS_COMMENT, but enable clang specific pragmas to
handle warnings for options only supported by clang.
* DIAG_IGNORE_NEEDS_COMMENT_{CLANG,GCC} are similar to
DIAG_IGNORE_NEEDS_COMMENT, but enable the warning suppression only
for the referenced compiler.
H.J. Lu [Tue, 17 Dec 2024 23:24:38 +0000 (07:24 +0800)]
elf: Compile test modules with -fsemantic-interposition
Compiler may default to -fno-semantic-interposition. But some elf test
modules must be compiled with -fsemantic-interposition to function properly.
Add a TEST_CC check for -fsemantic-interposition and use it on elf test
modules. This fixed
dirent: Remove variable length array structure for tst-getdents64.c
Clang emits the following warnings:
../sysdeps/unix/sysv/linux/tst-getdents64.c:111:18: error: fields must
have a constant size: 'variable length array in structure' extension
will never be supported
char buffer[buffer_size];
^
Co-Authored-By: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
H.J. Lu [Thu, 19 Dec 2024 21:31:05 +0000 (05:31 +0800)]
Add include/libc-misc.h
Add include/libc-misc.h to provide miscellaneous definitions for both
glibc build and test:
1. Move inhibit_stack_protector to libc-misc.h and add Clang support.
2. Add test_inhibit_stack_protector for glibc testing.
3. Move inhibit_loop_to_libcall to libc-misc.h.
4. Add test_cc_inhibit_loop_to_libcall to handle TEST_CC != CC and
replace inhibit_loop_to_libcall with test_cc_inhibit_loop_to_libcall
in glibc tests.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Co-Authored-By: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Sam James <sam@gentoo.org>
H.J. Lu [Sun, 15 Dec 2024 21:11:26 +0000 (05:11 +0800)]
x86-64: Disable libmvec ABI test for Clang
Unlike GCC, libmvec support in Clang is hard-coded. Clang doesn't use
macros defined in <bits/libm-simd-decl-stubs.h> to support new libmvec
functions added to glibc and can't vectorize all test loops to test
libmvec ABI:
H.J. Lu [Sun, 15 Dec 2024 01:56:34 +0000 (09:56 +0800)]
Don't redefine INFINITY nor NAN
Since math/math.h isn't a system header, clang issues errors:
In file included from test-flt-eval-method.c:20:
In file included from ../include/math.h:7:
../math/math.h:91:11: error: 'INFINITY' macro redefined [-Werror,-Wmacro-redefined]
91 | # define INFINITY (__builtin_inff ())
| ^
/usr/bin/../lib/clang/19/include/float.h:173:11: note: previous definition is here
173 | # define INFINITY (__builtin_inff())
| ^
In file included from test-flt-eval-method.c:20:
In file included from ../include/math.h:7:
../math/math.h:98:11: error: 'NAN' macro redefined [-Werror,-Wmacro-redefined]
98 | # define NAN (__builtin_nanf (""))
| ^
/usr/bin/../lib/clang/19/include/float.h:174:11: note: previous definition is here
174 | # define NAN (__builtin_nanf(""))
Don't define INFINITY nor NAN if they are defined.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Sam James <sam@gentoo.org>
projects / thirdparty / glibc.git / log
