Mike Frysinger [Mon, 20 Jul 2015 11:29:15 +0000 (07:29 -0400)]
sparc: fix sigaction for 32bit builds [BZ #18694]
Commit a059d359d86130b5fa74e04a978c8523a0293f77 changed the sigaction
struct to pass conform tests, but it ended up also changing the ABI for
32 bit builds. For 64 bit builds, changing the long to two ints works,
but for 32 bit builds, it inserts 4 extra bytes. This leads to many
packages randomly failing like bash that spews things like:
configure: line 471: wait_for: No record of process 0
Bracket the new member by a wordsize check to fix the ABI for 32bit.
Paul Pluzhnikov [Fri, 6 Feb 2015 05:30:42 +0000 (00:30 -0500)]
CVE-2015-1472: wscanf allocates too little memory
BZ #16618
Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer. The
implementation now correctly computes the required buffer size when
using malloc.
H.J. Lu [Fri, 30 Jan 2015 14:50:20 +0000 (06:50 -0800)]
Use AVX unaligned memcpy only if AVX2 is available
memcpy with unaligned 256-bit AVX register loads/stores are slow on older
processorsl like Sandy Bridge. This patch adds bit_AVX_Fast_Unaligned_Load
and sets it only when AVX2 is available.
[BZ #17801]
* sysdeps/x86_64/multiarch/init-arch.c (__init_cpu_features):
Set the bit_AVX_Fast_Unaligned_Load bit for AVX2.
* sysdeps/x86_64/multiarch/init-arch.h (bit_AVX_Fast_Unaligned_Load):
New.
(index_AVX_Fast_Unaligned_Load): Likewise.
(HAS_AVX_FAST_UNALIGNED_LOAD): Likewise.
* sysdeps/x86_64/multiarch/memcpy.S (__new_memcpy): Check the
bit_AVX_Fast_Unaligned_Load bit instead of the bit_AVX_Usable bit.
* sysdeps/x86_64/multiarch/memcpy_chk.S (__memcpy_chk): Likewise.
* sysdeps/x86_64/multiarch/mempcpy.S (__mempcpy): Likewise.
* sysdeps/x86_64/multiarch/mempcpy_chk.S (__mempcpy_chk): Likewise.
* sysdeps/x86_64/multiarch/memmove.c (__libc_memmove): Replace
HAS_AVX with HAS_AVX_FAST_UNALIGNED_LOAD.
* sysdeps/x86_64/multiarch/memmove_chk.c (__memmove_chk): Likewise.
Leonhard Holz [Tue, 13 Jan 2015 06:03:56 +0000 (11:33 +0530)]
Fix memory handling in strxfrm_l [BZ #16009]
[Modified from the original email by Siddhesh Poyarekar]
This patch solves bug #16009 by implementing an additional path in
strxfrm that does not depend on caching the weight and rule indices.
In detail the following changed:
* The old main loop was factored out of strxfrm_l into the function
do_xfrm_cached to be able to alternativly use the non-caching version
do_xfrm.
* strxfrm_l allocates a a fixed size array on the stack. If this is not
sufficiant to store the weight and rule indices, the non-caching path is
taken. As the cache size is not dependent on the input there can be no
problems with integer overflows or stack allocations greater than
__MAX_ALLOCA_CUTOFF. Note that malloc-ing is not possible because the
definition of strxfrm does not allow an oom errorhandling.
* The uncached path determines the weight and rule index for every char
and for every pass again.
* Passing all the locale data array by array resulted in very long
parameter lists, so I introduced a structure that holds them.
* Checking for zero src string has been moved a bit upwards, it is
before the locale data initialization now.
* To verify that the non-caching path works correct I added a test run
to localedata/sort-test.sh & localedata/xfrm-test.c where all strings
are patched up with spaces so that they are too large for the caching path.
Make __extern_always_inline usable on clang++ again
The fix for BZ #17266 (884ddc5081278f488ef8cd49951f41cfdbb480ce)
removed changes that had gone into cdefs.h to make
__extern_always_inline usable with clang++. This patch adds back
support for clang to detect if GNU inlining semantics are available,
this time without breaking the gcc use case. The check put here is
based on the earlier patch and assertion[1] that checking if
__GNUC_STDC_INLINE__ or __GNUC_GNU_INLINE__ is defined is sufficient
to determine that clang++ suports GNU inlining semantics.
Tested with a simple program that builds with __extern_always_inline
with the patch and fails compilation without it.
Mike Frysinger [Thu, 20 Nov 2014 07:28:22 +0000 (02:28 -0500)]
arm: drop EABI check
GCC marked OABI obsolete in 4.7 and dropped it in 4.8. So the number
of people this is catching is shrinking every day. At this point,
it's not terribly useful, so just drop it.
Carlos O'Donell [Wed, 19 Nov 2014 16:44:12 +0000 (11:44 -0500)]
CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
The function wordexp() fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of "$((... ``))"
where "..." can be anything valid. The backticks in the arithmetic
epxression are evaluated by in a shell even if WRDE_NOCMD forbade
command substitution. This allows an attacker to attempt to pass
dangerous commands via constructs of the above form, and bypass
the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
in exec_comm(), the only place that can execute a shell. All other
checks for WRDE_NOCMD are superfluous and removed.
We expand the testsuite and add 3 new regression tests of roughly
the same form but with a couple of nested levels.
On top of the 3 new tests we add fork validation to the WRDE_NOCMD
testing. If any forks are detected during the execution of a wordexp()
call with WRDE_NOCMD, the test is marked as failed. This is slightly
heuristic since vfork might be used in the future, but it provides a
higher level of assurance that no shells were executed as part of
command substitution with WRDE_NOCMD in effect. In addition it doesn't
require libpthread or libdl, instead we use the public implementation
namespace function __register_atfork (already part of the public ABI
for libpthread).
MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference
This satisfies a symbol reference created with:
.symver __libc_vfork, vfork@GLIBC_2.0
where `__libc_vfork' has not been defined or referenced. In this case
the `vfork@GLIBC_2.0' reference is supposed to be discarded, however a
bug present in GAS since forever causes an undefined symbol table entry
to be created. This in turn triggers a problem in the linker that can
manifest itself by link errors such as:
Revert to defining __extern_inline only for gcc-4.3+ (BZ #17266)
The check for only __GNUC_STDC_INLINE__ and __GNUC_GNU_INLINE__ may
not be sufficient since those flags were added during initial support
for C99 inlining semantics. There is also a problem with always
defining __extern_inline and __extern_always_inline, since it enables
inline wrapper functions even when GNU inlining semantics are not
guaranteed. This, along with the possibility of such wrappers using
redirection (btowc for example) could result in compiler generating an
infinitely recusrive call to the function.
In fact it was such a recursion that led to this code being written
the way it was; see:
The initial change was to fix bugs 14530 and 13741, but they can be
resolved by checking if __fortify_function and/or
__extern_always_inline are defined, as it has been done in this patch.
In addition, I have audited uses of __extern_always_inline to make
sure that none of the uses result in compilation errors.
There is however a regression in this patch for llvm, since it reverts
the llvm expectation that __GNUC_STDC_INLINE__ or __GNUC_GNU_INLINE__
definition imply proper extern inline semantics.
2014-09-16 Siddhesh Poyarekar <siddhesh@redhat.com>
Jakub Jelinek <jakub@redhat.com>
[BZ #17266]
* libio/stdio.h: Check definition of __fortify_function
instead of __extern_always_inline to include bits/stdio2.h.
* math/bits/math-finite.h [__USE_XOPEN || __USE_ISOC99]: Also
check if __extern_always_inline is defined.
[__USE_MISC || __USE_XOPEN]: Likewise.
[__USE_ISOC99] Likewise.
* misc/sys/cdefs.h (__fortify_function): Define only if
__extern_always_inline is defined.
[!__cplusplus || __GNUC_PREREQ (4,3)]: Revert to defining
__extern_always_inline and __extern_inline only for g++-4.3
and newer or a compatible gcc.
Joseph Myers [Fri, 12 Sep 2014 12:13:08 +0000 (12:13 +0000)]
Add new Linux 3.16 constants to netinet/udp.h.
This patch adds the new constants UDP_NO_CHECK6_TX and
UDP_NO_CHECK6_RX from Linux 3.16 to sysdeps/gnu/netinet/udp.h. (I
believe the existing constants there are already Linux-specific,
possibly with the intention that other OSes should adopt the same
values if possible if adopting the features in question.)
Tested on x86_64.
* sysdeps/gnu/netinet/udp.h (UDP_NO_CHECK6_TX): New macro.
(UDP_NO_CHECK6_RX): Likewise.
Kevin F. Quinn [Tue, 9 Sep 2014 21:41:57 +0000 (17:41 -0400)]
disable PIE when checking for PIC default
When the compiler builds PIEs by default, the configure PIC check is
confused into thinking PIC code is default. The end result is that
we end up with only PIC being produced.
Run the configure check with -fno-PIE so that we produce PIC & non-PIC
(PIE) objects like normal.
Chris Metcalf [Fri, 5 Sep 2014 18:40:23 +0000 (14:40 -0400)]
[BZ #17354] tile: Fix up corner cases with signed relocations
Some types of relocations technically need to be signed rather than
unsigned: in particular ones that are used with moveli or movei,
or for jump and branch. This is almost never a problem. Jump and
branch opcodes are pretty much uniformly resolved by the static linker
(unless you omit -fpic for a shared library, which is not recommended).
The moveli and movei opcodes that need to be sign-extended generally
are for positive displacements, like the construction of the address of
main() from _start(). However, tst-pie1 ends up with main below _start
(in a different module) and the test failed due to signedness issues in
relocation handling.
This commit treats the value as signed when shifting (to preserve the
high bit) and also sign-extends the value generated from the updated
bundle when comparing with the desired bundle, which we do to make sure
no overflow occurred. As a result, the tst-pie1 test now passes.
generic HAVE_RM_CTX implementation which is used for ppc/e500 as well
has introduced calls to fegetenv which should be resolved internally
with in libm
Samuel Thibault [Thu, 28 Aug 2014 20:08:39 +0000 (22:08 +0200)]
Fix hang on fork
If e.g. a signal is being received while we are running fork(), the signal
thread may be having our SS lock when we make the space copy, and thus in the
child we can not take the SS lock any more.
* sysdeps/mach/hurd/fork.c (__fork): Lock SS->lock around __proc_dostop call.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
TLS_INIT_TP in sysdeps/i386/nptl/tls.h uses some hand written asm to
generate a set_thread_area that might result in exchanging ebx and esp
around the syscall causing introspection tools like valgrind to loose
track of the user stack. Just use INTERNAL_SYSCALL which makes sure
esp isn't changed arbitrarily.
Thanks to Florian Weimer for analysing why the original code generated
the bogus esp usage:
_segdescr.desc happens to be at the top of the stack, so its address
is in %esp. The asm statement says that %3 is an input, so its value
will not change, and GCC can use %esp as the input register for the
expression &_segdescr.desc. But the constraints do not fully describe
the asm statement because the %3 register is actually modified, albeit
only temporarily.
[BZ #17319]
* sysdeps/i386/nptl/tls.h (TLS_INIT_TP): Use INTERNAL_SYSCALL
to call set_thread_area instead of hand written asm.
(__NR_set_thread_area): Removed define.
(TLS_FLAG_WRITABLE): Likewise.
(__ASSUME_SET_THREAD_AREA): Remove check.
(TLS_EBX_ARG): Remove define.
(TLS_LOAD_EBX): Likewise.
pthread_atfork is already built in an extra-libs context, which gives
it NOT_IN_libc in its CPPFLAGS. Adding the same definition to CFLAGS
is pointless.
If a IS_IN_* macro is defined, then NOT_IN_libc is always defined,
except obviously for IS_IN_libc. There's no need to check for both.
Verified on x86_64 and i686 that the source is unchanged.
Joseph Myers [Wed, 13 Aug 2014 16:06:18 +0000 (16:06 +0000)]
Fix powerpc32 __get_clockfreq for non-power4 (bug 17263).
In my powerpc32 testing I've observed misc/test-gettimebasefreq
failing.
This is a glibc build (soft-float, though that's not relevant here)
without any --with-cpu and without any special configuration of the
default CPU for GCC either. In particular, it's one not using
sysdeps/powerpc/powerpc32/power4/hp-timing.h (although in fact the
processor I'm using for testing is POWER4-based), so hp_timing_t is
32-bit not 64-bit. But the VDSO call being used by
INTERNAL_VSYSCALL_NO_SYSCALL_FALLBACK is generating a 64-bit result
(high part in r3, low part in r4). The code extracting that result,
however, expects a result of the type hp_timing_t as passed to
INTERNAL_VSYSCALL_NO_SYSCALL_FALLBACK, meaning that only r3 (= 0) is
used and the value in r4 is ignored. This patch fixes this by always
using uint64_t as the type in INTERNAL_VSYSCALL_NO_SYSCALL_FALLBACK -
reflecting the actual ABI (unconditional in the kernel) of that VDSO
call. This is the minimal change for this issue - no check for
overflow, no change of the type of the timebase_freq variable or the
return type of __get_clockfreq to something other than hp_timing_t
(such a change would simply move the implicit conversions to the over
callers of that function), no change to hp_timing_t itself.
Tested for powerpc32 soft float.
[BZ #17263]
* sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c: Include
<stdint.h>.
(__get_clockfreq): Use uint64_t instead of hp_timing_t in
INTERNAL_VSYSCALL_NO_SYSCALL_FALLBACK call.
When i386 and x86-64 mathinline.h was merged into a single mathinline.h,
"gcc -m32" enables x87 inline functions on x86-64 even when -mfpmath=sse
and SSE2 is enabled. It is a regression on x86-64. We should check
__SSE2_MATH__ instead of __x86_64__ when disabling x87 inline functions.
gcc-3.2 is unable to correctly compile x86_64 routines for llrint
since it gets redefined. This is because gcc 3.2 does not set
__SSE2_MATH__ for x86_64, thus exposing the duplicate definition.
The correct fix ought to be to check for both __SSE2_MATH__ and
__x86_64__ and enable those bits only when neither are defined.
H.J. Lu [Wed, 13 Aug 2014 00:02:51 +0000 (17:02 -0700)]
Replace cpuid asm statement with __cpuid_count
The compiler doesn't know that the cpuid asm statement in intel_check_word
will trash RBX. We are lucky that it doesn't cause any problems since
RBX is also used by compiler for other purposes so that RBX is saved and
restored. This patch replaces it with __cpuid_count.
Mike Frysinger [Thu, 7 Aug 2014 03:44:29 +0000 (23:44 -0400)]
detect broken linker handling of __ehdr_start
Older versions of ld on ia64 support __ehdr_start, but generate relocs
when they shouldn't. This causes the ld.so to not run because it tries
to resolve the __ehdr_start symbol (but it's not exported).
Joseph Myers [Tue, 12 Aug 2014 20:31:54 +0000 (20:31 +0000)]
Fix powerpc-nofpu __fe_enabled_env and __fe_nonieee_env (bug 17261).
On powerpc, floating-point environment macros are defined as pointers
to constants in the library that contain the bit-patterns of the
desired environment, instead of being magic constants cast to pointer
type.
For soft-float, the bit-patterns used for fenv_t are not laid out the
same as for hard-float. (e500 has a third layout used; that's not an
ABI issue because these values are only meaningful within a single
process, all of whose glibc libraries must come from the same build of
glibc.) While the __fe_dfl_env value for soft-float was appropriate
for the soft-float fenv_t representation, the other two constants had
the same bit-patterns as for hard-float. Those bit patterns had the
effect of having exceptions already raised, causing
math/test-fenv-return to fail; this patch fixes the patterns used.
(__fe_nonieee_env also had exceptions unmasked, though they should be
masked to match hard-float semantics. Since there is no separate
non-IEEE mode for soft-float, it's most appropriate for
__fe_nonieee_env to be the same as __fe_dfl_env; this patch makes it
an alias.)
Tested for powerpc-nofpu.
[BZ #17261]
* sysdeps/powerpc/nofpu/fenv_const.c (__fe_enabled_env): Change
value to 0.
(__fe_nonieee_env): Define as an alias for __fe_dfl_env.
Mike Frysinger [Mon, 4 Aug 2014 14:31:27 +0000 (10:31 -0400)]
tst-gettext2: make setup more robust
This test should be more robust about setting up its lang dirs.
I had two completely different systems (ia64 & x86_64) get wedged
in a way where the test just kept FAILing on me due to some of the
files missing. This probably wasn't a big deal until the recent
commit which made checking of the locale dirs more robust (for
security reasons).
Wilco Dijkstra [Thu, 7 Aug 2014 16:29:55 +0000 (16:29 +0000)]
This patch adds new function libc_feholdsetround_noex_aarch64_ctx, enabling
further optimization. libc_feholdsetround_aarch64_ctx now only needs to
read the FPCR in the typical case, avoiding a redundant FPSR read.
Performance results show a good improvement (5-10% on sin()) on cores with
expensive FPCR/FPSR instructions.
This patch fixes the incorrect guard by __USE_MISC of struct winsize and
struct termio in powerpc termios header. Current states leads to build
failures if the program defines _XOPEN_SOURCE, but not _DEFAULT_SOURCE
or either _BSD_SOURCE or _SVID_SOURCE. Without any definition,
__USE_MISC will not be defined and neither the struct definitions.
This patch copies the default Linux ioctl-types.h by adjusting only the
character control field (c_cc) size in struct termio.
Use the SSI_IEEE_RAISE_EXCEPTION function as from feraiseexcept,
instead of __ieee_get+set_fp_status. Always raise the FP exceptions
from float-to-integer conversion.
Mike Frysinger [Sun, 3 Aug 2014 16:14:35 +0000 (16:14 +0000)]
ia64: define nocancel entry points in PSEUDO
The previous set of not-cancel.h headers (prior to the commit 2fbdf5339aaeaa423bd661524f7ec7af41fa2606) did not require the
arch to define nocancel entry points, so ia64 never did.
However, after the various files were merged, it became a hard
requirement for arches which mean ia64 failed to build.
Here we add dedicated entry points. It'd be nice to merge
with the existing stubs like other arches do, but the ia64
asm does not lend itself to interleaving of functions. If
someone has a suggestion on merging these, that'd be great,
but at least now we build & pass tests again.
The DEBUG macro is checked for its value in one place and if it is
defined in another. Make this consistent across the two cases and use
the same style that we did in mktime.c, which is to check if the macro
is defined and it is set.
Fixes -Wundef warnings for MBSTATE_T and HAVE_STRING_H. The
HAVE_STRING_H bit is a merge from the gnulib fnmatch.c and the
MBSTATE_T fix has been posted to gnulib for inclusion.
This patch fixes the remaining ONE_DIRECTION warnings for s390 specific conversions.
It defines ONE_DIRECTION to 0 like the patch from Steve Ellcey:
https://www.sourceware.org/ml/libc-alpha/2014-05/msg00039.html
projects / thirdparty / glibc.git / log
