Mike Kelly [Sat, 14 Feb 2026 09:17:11 +0000 (09:17 +0000)]
hurd: calling alarm() whilst handling SIGALRM can deadlock.
alarm() and restart_itimer() can attempt to acquire _hurd_siglock and
_hurd_itimer_lock in opposite sequence resulting in occasional
deadlock. Rearranged to always acquire the locks in the same sequence
with a new pre-condition that setitimer_locked() must be called with
both locks already acquired.
Message-ID: <20260214091715.157471-2-mike@weatherwax.co.uk>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Florian Weimer [Fri, 13 Feb 2026 08:02:07 +0000 (09:02 +0100)]
Linux: In getlogin_r, use utmp fallback only for specific errors
Most importantly, if getwpuid_r fails, it does not make sense to retry
via utmp because the user ID obtained from there is less reliable than
the one from /proc/self/loginuid.
Florian Weimer [Fri, 13 Feb 2026 08:02:07 +0000 (09:02 +0100)]
nss: Introduce dedicated struct nss_database_for_fork type
The initialized field in struct nss_database_data is rather confusing
because it is not used by the regular NSS code, only by the fork
state synchronization code. Introduce a separate type and place
the initialized field there.
Florian Weimer [Thu, 12 Feb 2026 11:18:54 +0000 (12:18 +0100)]
nscd: Add basic test
The innetgr tests are similar to a downstream test for rhbz#1054846.
This seems to be the first tests of this function. The getnetgrent
tests are new, too.
Florian Weimer [Thu, 12 Feb 2026 11:18:54 +0000 (12:18 +0100)]
nscd: Pass TRY_AGAIN errors in the hosts cache to clients
This is the minimal set of changes to get the upcoming test to pass.
The TTL extension logic is somewhat iffy. There is a trade-off here:
correct operation under the DNS specification (no TTL extensions), or
reducing loading the infrastructure if TRY_AGAIN is the result of
overload from this client.
Florian Weimer [Thu, 12 Feb 2026 11:18:54 +0000 (12:18 +0100)]
support: Add missing NSS formatting and checking functions
This change is largely auto-generated. The function implementations
are mechanical and use the glibc-specific support framework, so this
should be low-risk and therefore acceptable.
The struct etherent type is currently internal-only (although it
can be used by NSS modules), which is why it is not included here.
Florian Weimer [Thu, 12 Feb 2026 11:18:54 +0000 (12:18 +0100)]
support: Clean up NSS formatting and checking functions
Move <netdb.h> includes into the implementation files. Use const
where appropriate. Introduce support_check_nss and use it to
implement the check_* functions.
DJ Delorie [Tue, 27 Jan 2026 03:24:42 +0000 (22:24 -0500)]
include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h
Including sys/mount.h should not implicitly include fcntl.h
as that causes namespace pollution and conflicts with kernel
headers. It only needs O_CLOEXEC for OPEN_TREE_CLOEXEC
(although it shouldn't need that, but it's defined that way)
so we provide that define (via a private version) separately.
Mike Kelly [Mon, 9 Feb 2026 20:42:00 +0000 (20:42 +0000)]
hurd: _hurd_intr_rpc_mach_msg() might not preserve the correct reply port
Calls to mach_msg_trap() that return MACH_SEND_INTERRUPTED modify the message header. A subsequent attempt at sending the message can return EINTR for handling by the caller. Mig generated code (expecting the message header to be unaltered) now fails assertion in __mig_dealloc_reply_port(). Fixed by restoring the altered message header content before reattempting RPC message delivery.
Message-ID: <20260209204213.91782-2-mike@weatherwax.co.uk>
hppa: Fix type punning in sysdeps/hppa/dl-fptr.c [BZ 33888]
Compiling gcc with -Werror=strict-aliasing exposed a type punning
issue in dl-fptr.c. It does a number of compare and swap operations
to atomically exchange function pointers, etc. The PTR argument
is dereferenced to determine the type of the objects to exchange.
Casting the type of the PTR argument to a different type will
result in in an error with -Werror=strict-aliasing. For example,
a `(ElfW(Addr) *' pointer is not strictly equivalent to a
`struct fdesc *' pointer.
Fix this by removing the casts from the COMPARE_AND_SWAP PTR
arguments and adjusting the type of the OLD and NEW arguments
to match the dereferenced PTR type.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
George Hu [Mon, 9 Feb 2026 19:22:18 +0000 (20:22 +0100)]
x86-64: Use 32-bit zero idiom for shorter encoding
Replace the 64-bit zero idiom with the 32-bit form. In 64-bit mode,
zeroing the lower 32 bits of a GPR implicitly clears the entire
register. The 32-bit encoding is one byte shorter while preserving
identical semantics.
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Wilco Dijkstra [Wed, 17 Dec 2025 16:16:23 +0000 (16:16 +0000)]
malloc: Remove unused tcache code from unsorted bin scan
Now that fastbins have been removed, there is no need to add chunks
to tcache during an unsorted scan. Small blocks can only be added
to unsorted as a result of a remainder chunk split off a larger block,
so there is no point in checking for additional chunks to place in
tcache. The last remainder is checked first, and will be used if it
is large enough or an exact fit. The unsorted bin scan becomes simpler
as a result. Remove the tcache_unsorted_limit tunable and manual entries.
Stefan Liebler [Thu, 5 Feb 2026 12:03:08 +0000 (13:03 +0100)]
tst-{pthread|sched}-affinity-inheritance: Only use in-mask CPUs in affinity mask.
On s390x, the two tests are failing on a lpar with linux 6.18 booted with nosmt:
FAIL: misc/tst-sched-affinity-inheritance
FAIL: nptl/tst-pthread-affinity-inheritance
Both tests were failing because they are claiming that the CPU affinity mask was
not correctly inherited in the forked process/thread.
The error already happened before forking, as the mask was set up to use
CPUs 0-14 in set_cpu_mask(). But according to e.g. lscpu or the line
"Cpus_allowed_list" in /proc/self/status, only the following CPUs were in mask at startup:
0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30
while 1, 3, 5, ... were configured, but not online.
Now the test first gets the current CPU mask at startup in do_test() and
set_cpu_mask() only selects those available CPUs. The test is now just
counting the available CPUs instead of relying on get_nprocs(). This allows
to run the test even if it was already limited via taskset.
Therefore both concrete tests now have the get_my_affinity() function. This
also allows to implement verify_my_affinity() in the common skeleton.
In order to ensure that the affinity mask is really set as expected,
verify_my_affinity() is now also called before forking a new process or
creating a new thread.
For also printing the list of mismatched CPU IDs in xor_set in
verify_my_affinity(), the argument order of CPU_ISSET_S is now fixed.
Furthermore we now keep iterating over all configured CPUs to print
the list of cpucount IDs instead of iterating over the first nproc CPUs. Reviewed-by: Florian Weimer <fweimer@redhat.com>
Jiamei Xie [Wed, 4 Feb 2026 08:46:07 +0000 (09:46 +0100)]
x86: Fix for cache computation on Hygon under hypervisors
On Hygon CPUs, glibc currently relies on CPUID leaf 0x8000001D to
compute cache parameters. This works correctly on bare-metal
systems. However, under some hypervisors (e.g. QEMU with -cpu
qemu64), the maximum supported extended CPUID leaf is only
0x8000000A, and CPUID 0x8000001D is not exposed. In this case,
cache information computed via 0x8000001D is zeroed out.
This patch introduces legacy fallback of cache computation based on
CPUID 0x80000005 and 0x80000006, consistent with the AMD
implementation, to restore correct cache information under such
environments.
Signed-off-by: Jiamei Xie <xiejiamei@hygon.cn> Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
Mike Kelly [Mon, 2 Feb 2026 07:25:02 +0000 (07:25 +0000)]
hurd: handling pending signals could result in corruption of FPU state
Handling a pending signal calls _hurd_setup_sighandler() once again
after the initial signal handling. In this case a pointer to the
previous sigcontext is available to supply the interrupted thread's
original basic state, fpu state and fpu XSTATE. The original XSTATE
was not being preserved by the pending signal but instead overwritten
with the active XSTATE. XSTATE register values modified by the
signal handling code could therefore be wrongly propogated back to
the interrupted user code.
Wilco Dijkstra [Tue, 27 Jan 2026 14:28:35 +0000 (14:28 +0000)]
AArch64: Add if('fastmath') to math-vector-fortran.h [BZ #33226]
Only enable vector math functions with -ffast-math by adding if('fastmath').
This uses a new annotation supported by GCC 16 (PR 118955). If an older
compiler is used, it will disable the math function without an error.
This fixes BZ #33226.
Weihong Ye [Tue, 3 Feb 2026 17:09:03 +0000 (17:09 +0000)]
AArch64: Optimize memcpy for Kunpeng 950 processor
For copies ≤64 bytes, the implementation remains consistent with memcpy_sve.
For 65–128 bytes, it removes the 96-byte branch and reorders instructions,
improving performance by 18–32%. For >128 bytes, it aligns the destination
to a 32-byte boundary and uses Pre-indexed load/store instructions to reduce
address-update overhead.
All benchmarks report execution time (lower is better). Geomean results
(__memcpy_generic → this patch):
- bench-memcpy: 16.74 → 12.11 (28% faster)
- bench-memcpy-large: 24287 → 23302 (4% faster)
- bench-memcpy-random: 107693 → 72153 (33% faster)
Florian Weimer [Mon, 2 Feb 2026 20:15:48 +0000 (21:15 +0100)]
elf: Add test case for LD_PROFILE/LD_PROFILE_OUTPUT interaction
This verifies that LD_PROFILE is correctly ignored if LD_PROFILE_OUTPUT
is not set.
The test was initially auto-generated, then heavily edited and re-edited
for brevity and clarity. The test uses glibc-specific interfaces
(including one that did not exist at all a couple of hours ago), so
this should be unproblematic.
Florian Weimer [Mon, 2 Feb 2026 20:15:48 +0000 (21:15 +0100)]
support: Add support_spawn_wrap and related functionality
It allows us to write test cases in C that run tests with
dynamic linker wrapping.
The iconv test case was auto-generated. The posix_spawn usage
is mechanical, and the interface it tests is newly added in this
commit, so this should be acceptable.
open tst-gnu2-tls2mod0.so
open tst-gnu2-tls2mod1.so
open tst-gnu2-tls2mod2.so
close tst-gnu2-tls2mod0.so
close tst-gnu2-tls2mod1.so
open tst-gnu2-tls2mod0.so
open tst-gnu2-tls2mod1.so
Didn't expect signal from child: got `Aborted'
Because AFTER_TLSDESC_CALL might clobber caller-saved registers and
the zero array might call the memset function resolution, which itself
might clobber some vector registers.
The AFTER_TLSDESC_CALL calls memset and memcmp, and both the
lazy resolution and the routines themselves can clobber the
caller-saved registes used in the tests.
Checked on arm-linux-gnueabihf (armv7-a vpfv4 / QEMU).
Luca Boccassi [Wed, 28 Jan 2026 15:37:56 +0000 (15:37 +0000)]
linux: use PIDFD_GET_INFO ioctl for pidfd_getpid() if available
Linux v6.13 introduced a new ioctl to query info from a pidfd.
The advantage of this vs. parsing /proc/ is that it works even
when procfs is not mounted. It's also a single syscall, and doesn't
need manual string parsing. Use it when available.
Avinal Kumar [Mon, 5 Jan 2026 13:29:27 +0000 (18:59 +0530)]
elf: Fix ambiguous error message for --f in sotruss [BZ #25257]
The sotruss utility printed an incomplete error message when the
ambiguous option --f was used. The message did not list the possible
matching options, making it unclear how to resolve the ambiguity.
This commit corrects the error message to report all valid alternatives.
Example after this change:
$ sotruss --f /bin/true
sotruss: option '--f' is ambiguous; possibilities: '--from' '--follow'
Try `sotruss --help' or `sotruss --usage' for more information.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
math: Order signed zeros in f{max,min}mag{f,l,f128}
The functions are documented to behave like fmax/fmin when the
arguments have the same absolute value.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
The C standard (at least from C99 until C23) does not require
fmin/fmax to order zeros by their sign, so glibc's previous behavior
was entirely standards-conforming. However, the standard does
recommend that zeros be ordered in a footnote, saying:
"If possible, fmax is sensitive to the sign of zero, for example
fmax(−0.0, +0.0) ideally returns +0."
As this is indeed possible (and not too complicated), implement it as
a quality-of-implementation improvement. It also remove possible
deviations between architectures, where for some architectures that
has direct mapping instruction (USE_FMA*_BUILTIN) they already do
the ordering.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Co-authored-by: James Y Knight <jyknight@google.com> Reviewed-by: Wilco Dijkstra <Wilco.Dijkstra@arm.com>
The sNaN handling on i386 was not properly implemented or tested due to
ABI and compiler constraints [1] [2], and although GCC has an open bug
to try to fix at least the sNaN in the function call arguments [3], it
will most likely never be fixed.
To simplify the fix or the order signed zeros and make f{fmin,fmax} behave
semantically equal to the rest of the f{min,max}* function, this patch
removes all i386 assembly optimizations. The f{min,max} functions should
not be hotspots in any meaningful code people are running on i386 nowadays.
Checked on x86_64-linux-gnu, aarch64-linux-gnu, i686-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu,
riscv64-linux-gnu-rv64imafdc-lp64d, and loongarch64-linux-gnuf64.
Avinal Kumar [Mon, 2 Feb 2026 15:26:13 +0000 (16:26 +0100)]
manual: Document //TRANSLIT and //IGNORE support in iconv_open [BZ #3794]
The //TRANSLIT and //IGNORE suffix supported by iconv_open
was not documented in the glibc manual. This commit adds the
documentation for the suffixes.
Arjun Shankar [Mon, 26 Jan 2026 12:49:37 +0000 (13:49 +0100)]
dlfcn: Add dlinfo request type RTLD_DI_ORIGIN_PATH (bug #24298)
The existing dlinfo request type RTLD_DI_ORIGIN used for querying the
value of the '$ORIGIN' dynamic string token is prone to buffer
overflows.
This commit adds a new request type named RTLD_DI_ORIGIN_PATH that
returns a pointer to the dynamic string token (i.e. the 'l_origin' field
in the link map) instead. The dlinfo manual is updated with the new
request type, and the description of RTLD_DI_ORIGIN is updated to
recommend RTLD_DI_ORIGIN_PATH instead.
A test for the new request type is also added to tst-dlinfo.
Aurelien Jarno [Tue, 20 Jan 2026 17:25:08 +0000 (18:25 +0100)]
Fix ldbl-128ibm ceill, floorl, roundl and truncl zero-sign handling
When the result of ceill, floorl, roundl and truncl is zero, the sign of
the result must match the sign of the input. For the IBM 128-bit long
double format, the sign is determined by the high part.
Ensure the correct sign when the high part is the result of
computations, by copying the sign from the input high part to the output
high part. On POWER, this conveniently maps to the fcpsgn instruction.
In addition add test for the values provided in BZ #33623, and for the
opposite value when the result is 0.
Florian Weimer [Sat, 24 Jan 2026 09:29:39 +0000 (10:29 +0100)]
support: Reinitialize containers if /etc is present
This prevents test failures because configuration file leftovers
unexpectedly change glibc for future tests. Whether this
triggers depends on test execution order.
Adding postclean.req files manually (before this change) appears
too error-prone.
posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281 / BZ 33814)
The wordexp fails to properly initialize the input wordexp_t when
WRDE_REUSE is used. The wordexp_t struct is properly freed, but
reuses the old wc_wordc value and updates the we_wordv in the
wrong position. A later wordfree will then call free with an
invalid pointer.
Xi Ruoyao [Thu, 15 Jan 2026 08:24:57 +0000 (16:24 +0800)]
Linux: fix tst-copy_file_range-large failure in 32-bit glibc build on 64-bit kernel [BZ 33790]
Reported-by: H. J. Lu <hjl.tools@gmail.com> Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Florian Weimer <fweimer@redhat.com> Tested-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Florian Weimer [Thu, 15 Jan 2026 21:29:46 +0000 (22:29 +0100)]
elf: Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set (bug 33797)
The previous default for LD_PROFILE_OUTPUT, /var/tmp, is insecure
because it's typically a 1777 directory, and other systems could
place malicious files there which interfere with execution.
Requiring the user to specify a profiling directory mitigates
the impact of bug 33797. Clear LD_PROFILE_OUTPUT alongside
with LD_PROFILE.
Rework the test not to use predictable file names.
Carlos O'Donell [Thu, 15 Jan 2026 20:09:38 +0000 (15:09 -0500)]
resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915)
The default network value of zero for net was never tested for and
results in a DNS query constructed from uninitialized stack bytes.
The solution is to provide a default query for the case where net
is zero.
Adding a test case for this was straight forward given the existence of
tst-resolv-network and if the test is added without the fix you observe
this failure:
FAIL: resolv/tst-resolv-network
original exit status 1
error: tst-resolv-network.c:174: invalid QNAME: \146\218\129\128
error: 1 test failures
With a random QNAME resulting from the use of uninitialized stack bytes.
After the fix the test passes.
Additionally verified using wireshark before and after to ensure
on-the-wire bytes for the DNS query were as expected.
The change to cap valid sizes to PTRDIFF_MAX inadvertently dropped the
overflow check for alignment in memalign functions, _mid_memalign and
_int_memalign. Reinstate the overflow check in _int_memalign, aligned
with the PTRDIFF_MAX change since that is directly responsible for the
CVE. The missing _mid_memalign check is not relevant (and does not have
a security impact) and may need a different approach to fully resolve,
so it has been omitted.
CVE-Id: CVE-2026-0861
Vulnerable-Commit: 9bf8e29ca136094f73f69f725f15c51facc97206 Reported-by: Igor Morgenstern, Aisle Research Fixes: BZ #33796 Reviewed-by: Wilco Dijkstra <Wilco.Dijkstra@arm.com> Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
tst-mallocfork calls fork from a signal handler, leading to sporadic
deadlocks when multi-threaded since fork is not AS-safe when
multi-threading. This commit therefore adds tst-mallocfork to the
appropriate exception list.
In permissive mode, during audit module handling, check_gcs is unaware
that it is handling audit modules rather than the binary itself. It
causes the loader to fail to load the audit module, rather than
loading it and disabling GCS.
Also extends GCS tests with 4 LD_AUDIT tests:
1. tst-gcs-audit-disabled: checks if the audit module without GCS
marking is loaded with default gcs support.
2. tst-gcs-audit-enforced: checks if the audit module without GCS
marking is not loaded when GCS is enforced.
3. tst-gcs-audit-optional: checks if the audit module without GCS
marking is loaded when GCS is optional.
4. tst-gcs-audit-override: check if the audit modules without GCS
marking is loaded when GCS is overrided.
Checked on aarch64-linux-gnu with Linux 6.18 on Apple M4 emulated (for
BTI support) and on qemu 10.1.50 simulated (for GCS).
projects / thirdparty / glibc.git / log
