io: ftw: Use state stack instead of recursion (BZ 33882)
The current implementation of ftw relies on recursion to traverse
directories (ftw_dir calls process_entry, which calls ftw_dir). In deep
directory trees, this could lead to a stack overflow (as demonstrated by
the new tst-nftw-bz33882.c test).
This patch refactors ftw to use an explicit, heap-allocated stack to
manage directory traversal:
* The 'struct ftw_frame' encapsulates the state of a single directory
level (directory stream, stat buffer, previous base offset, and
current state).
* The ftw_dir is rewritten to use a loop instead of recursion and
an iterative loop to enable immediate state transitions without
function call overhead.
The patch also cleans up some unused definitions and assumptions (e.g.,
free-clobbering errno) and fixes a UB when handling the ftw callback.
Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
Sajan Karumanchi [Thu, 26 Mar 2026 09:21:30 +0000 (09:21 +0000)]
x86_64: Prefer EVEX512 code-path on AMD Zen5 CPUs
Introduced a synthetic architecture preference flag (Prefer_EVEX512)
and enabled it for AMD Zen5 (CPUID Family 0x1A) when AVX-512 is supported.
This flag modifies IFUNC dispatch to prefer 512-bit EVEX variants over
256-bit EVEX variants for string and memory functions on Zen5 processors,
leveraging their native 512-bit execution units for improved throughput.
When Prefer_EVEX512 is set, the dispatcher selects evex512 implementations;
otherwise, it falls back to evex (256-bit) variants.
The implementation updates the IFUNC selection logic in ifunc-avx2.h and
ifunc-evex.h to check for the Prefer_EVEX512 flag before dispatching to
EVEX512 implementations. This change affects six string/memory functions:
Additionally, a tunable option (glibc.cpu.x86_cpu_features.preferred)
is provided to allow runtime control of the Prefer_EVEX512 flag for testing
and compatibility.
Reviewed-by: Ganesh Gopalasubramanian <Ganesh.Gopalasubramanian@amd.com> Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
Carlos O'Donell [Fri, 20 Mar 2026 21:14:33 +0000 (17:14 -0400)]
resolv: Check hostname for validity (CVE-2026-4438)
The processed hostname in getanswer_ptr should be correctly checked to
avoid invalid characters from being allowed, including shell
metacharacters. It is a security issue to fail to check the returned
hostname for validity.
A regression test is added for invalid metacharacters and other cases
of invalid or valid characters.
Florian Weimer [Wed, 25 Mar 2026 09:44:13 +0000 (10:44 +0100)]
Use #!/usr/bin/python3 in remaining Python scripts
Some distributions ban the /usr/bin/python path in their build
systems due to the ambiguity of whether it refers to Python 2 or
Python 3. Python 2 has been out of support for many years, and
glibc has required Python 3 at build time for a while. So it seems
safe to switch the remaining scripts over to /usr/bin/python3.
Xi Ruoyao [Tue, 24 Mar 2026 07:22:59 +0000 (15:22 +0800)]
LoongArch: fix missing trap for enabled exceptions on narrowing operation
The libc_feupdateenv_test macro is supposed to trap when the trap for a
previously held exception is enabled. But
libc_feupdateenv_test_loongarch wasn't doing it properly: the comment
claims "setting of the cause bits" would cause "the hardware to generate
the exception" but that's simply not true for the LoongArch movgr2fcsr
instruction.
To fix the issue, we need to call __feraiseexcept in case a held exception
is enabled to trap.
Reviewed-by: caiyinyu <caiyinyu@loongson.cn> Signed-off-by: Xi Ruoyao <xry111@xry111.site>
mengqinggang [Tue, 24 Mar 2026 07:48:38 +0000 (15:48 +0800)]
nptl: Fix nptl/tst-cancel31 fail sometimes
tst-cancel31 fail on la32 qemu-system with a single-core
system sometimes.
IF the test and a infinite loop run on a same x86_64 core,
the test also fail sometimes.
taskset -c 0 make test t=nptl/tst-cancel31
taskset -c 0 ./a.out (a.out is a infinite loop)
After writeopener thread opens the file, it may switch to
main thread and find redundant files.
pthread_cancel and pthread_join writeopener thread
before support_descriptors_check.
Carlos O'Donell [Fri, 20 Mar 2026 20:43:33 +0000 (16:43 -0400)]
resolv: Count records correctly (CVE-2026-4437)
The answer section boundary was previously ignored, and the code in
getanswer_ptr would iterate past the last resource record, but not
beyond the end of the returned data. This could lead to subsequent data
being interpreted as answer records, thus violating the DNS
specification. Such resource records could be maliciously crafted and
hidden from other tooling, but processed by the glibc stub resolver and
acted upon by the application. While we trust the data returned by the
configured recursive resolvers, we should not trust its format and
should validate it as required. It is a security issue to incorrectly
process the DNS protocol.
A regression test is added for response section crossing.
Xi Ruoyao [Thu, 19 Mar 2026 08:33:22 +0000 (16:33 +0800)]
LoongArch: feclearexcept: skip clearing CAUSE
The comment explaining the reason to clear CAUSE does not make any
sense: it says the next "CTC" instruction would raise the FP exception
of which both the CAUSE and ENABLE bits are set, but LoongArch does not
have the CTC instruction. LoongArch has the movgr2fcsr instruction but
movgr2fcsr never raises any FP exception, different from the MIPS CTC
instruction.
riscv: Resolve calls to memcpy using memcpy-generic in early startup
This patch from Adhemerval sets up the ifunc redirections so that we
resolve memcpy to memcpy_generic in early startup. This avoids infinite
recursion for memcpy calls before the loader is fully initialized.
Tested-by: Jeff Law <jeffrey.law@oss.qualcomm.com>
Martin Coufal [Thu, 19 Mar 2026 13:09:22 +0000 (14:09 +0100)]
Makefile: add allow-list for failures
Enable adding known failures to allowed-failures.txt and ignore failures
in case they are in the list. In case the allowed-failures.txt does not
exist, all failures lead to a failed status as before.
When the file is present, failures of listed tests are ignored and reported
on stdout. If tests not in the allowed list fail, summarize-tests exits with
status 1 and reports the failing tests.
The expected format of allowed-failures.txt file is:
<test_name> # <comment>
The libgcc implementations of __builtin_clzl/__builtin_ctzl may require
access to additional data that is not marked as hidden, which could
introduce additional GOT indirection and necessitate RELATIVE relocs.
And the RELATIVE reloc is an issue if the code is used during static-pie
startup before self-relocation (for instance, during an assert).
For this case, the ABI can add a string-bitops.h header that defines
HAVE_BITOPTS_WORKING to 0. A configure check for this issue is tricky
because it requires linking against the standard libraries, which
create many RELATIVE relocations and complicate filtering those that
might be created by the builtins.
The fallback is disabled by default, so no target is affected.
Wilco Dijkstra [Mon, 16 Mar 2026 14:24:32 +0000 (14:24 +0000)]
AArch64: Remove prefer_sve_ifuncs
Remove the prefer_sve_ifuncs CPU feature since it was intended for older
kernels. Current distros all use modern Linux kernels with improved support
for SVE save/restore, making this check redundant.
First off, apologies for my misunderstanding on how madvise(MADV_HUGEPAGE)
works. I had the misconception that doing madvise(p, 1, MADV_HUGEPAGE) will set
VM_HUGEPAGE on the entire VMA - it does not, it will align the size to
PAGE_SIZE (4k) and then *split* the VMA. Only the first page-length of the
virtual space will VM_HUGEPAGE'd, the rest of it will stay the same.
The above is the semantics for all madvise() calls - which makes sense from a
UABI perspective. madvise() should do the proposed thing to only the length
(page-aligned) which it was asked to do, doing any more than that is not
something the user is expecting.
Commit 6e8f32d39a57 tries to optimize around the madvise() call by determining
whether the VMA got madvise'd before. This will work for most cases except
the following: if check_may_shrink_heap() is true, shrink_heap() re-maps the
shrunk portion, giving us a new VMA altogether. That VMA won't have the
VM_HUGEPAGE flag.
Reverting this commit, we will again mark the new VMA with VM_HUGEPAGE, and
the kernel will merge the two into a single VMA marked with VM_HUGEPAGE.
This may be the only case where we lose VM_HUGEPAGE, and we could micro-optimize
by extending the current if-condition with !check_may_shrink_heap. But let us
not do this - this is very difficult to reason about, and I am soon going
to propose mmap(MAP_HUGEPAGE) in Linux to do away with all these workarounds.
The inclusion of generic tanh implementation without undefining the
libm_alias_double (to provide the __tanh_sse2 implementation) makes
the exported tanh symbol pointing to SSE2 variant.
The current implementation precision shows the following accuracy, on
three ranges ([-DBL_MAX,-10], [-10,10], [10,DBL_MAX]) with 10e9 uniform
randomly generated numbers for each range (first column is the
accuracy in ULP, with '0' being correctly rounded, second is the
number of samples with the corresponding precision):
The CORE-MATH implementation is correctly rounded for any rounding mode.
The code was adapted to glibc style and to use the definition of
math_config.h (to handle errno, overflow, and underflow).
The current implementation precision shows the following accuracy, on
three ranges ([-DBL_MAX,-10], [-10,10], [10,DBL_MAX]) with 10e9 uniform
randomly generated numbers for each range (first column is the
accuracy in ULP, with '0' being correctly rounded, second is the
number of samples with the corresponding precision):
The CORE-MATH implementation is correctly rounded for any rounding mode.
The code was adapted to glibc style and to use the definition of
math_config.h (to handle errno, overflow, and underflow).
The current implementation precision shows the following accuracy, on
three ranges ([-DBL_MAX,-10], [-10,10], [10,DBL_MAX]) with 10e9 uniform
randomly generated numbers for each range (first column is the
accuracy in ULP, with '0' being correctly rounded, second is the
number of samples with the corresponding precision):
The CORE-MATH implementation is correctly rounded for any rounding mode.
The code was adapted to glibc style and to use the definition of
math_config.h (to handle errno, overflow, and underflow).
Samuel Thibault [Mon, 16 Mar 2026 11:20:45 +0000 (12:20 +0100)]
nptl/htl: Fix confusion over PTHREAD_IN_LIBC and __PTHREAD_NPTL/HTL
The last uses of PTHREAD_IN_LIBC is where it should have been
__PTHREAD_NPTL/HTL. The latter was not conveniently available everywhere.
Defining it from config.h makes things simpler.
configure: Fix bootstrap build after 570c46d36b (BZ 33985)
The 570c46d36b make libgcc_s to be defined for have-cc-with-libunwind=noi
(default for gcc builds) without taking into consideration that the compiler
can link against -lgcc_s (defined by have-libgcc_s).
Checked with a build-many-glibc.py for x86_64-linux-gnu.
Arjun Shankar [Wed, 4 Mar 2026 11:36:04 +0000 (12:36 +0100)]
linux: Fix aliasing violations and assert address in __check_pf (bug #33927)
The Linux implementation of __check_pf retrieves interface data via
make_request, which queries the kernel via netlink. The IFA_ADDRESS
received from the kernel's RTM_NEWADDR netlink message is (a)
type-punned via pointer-casting leading to strict aliasing violations,
and (b) dereferenced assuming that it is non-NULL.
This commit removes the strict-aliasing violations using memcpy, and
adds an assert that the address is indeed non-NULL before dereferencing
it.
Reported-by: Siteshwar Vashisht <svashisht@redhat.com> Reviewed-by: Sam James <sam@gentoo.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Collin Funk [Thu, 12 Mar 2026 04:57:20 +0000 (21:57 -0700)]
x86: Don't left shift negative values
GCC warns about this with -Wshift-negative-value:
In file included from ../sysdeps/x86/cpu-features.c:24:
../sysdeps/x86/dl-cacheinfo.h: In function ‘get_common_cache_info’:
../sysdeps/x86/dl-cacheinfo.h:913:45: warning: left shift of negative value [-Wshift-negative-value]
913 | count_mask = ~(-1 << (count_mask + 1));
| ^~
../sysdeps/x86/dl-cacheinfo.h:930:45: warning: left shift of negative value [-Wshift-negative-value]
930 | count_mask = ~(-1 << (count_mask + 1));
| ^~
This is because C23 § 6.5.8 specifies that this is undefined behavior.
We can cast it to unsigned which would be equivelent to UINT_MAX.
The 'unwind-link' facility allows glibc to support thread cancellation
and exit (pthread_cancel, pthread_exiti, backtrace) by dynamically
loading the unwind library at runtime, preventing a hard dependency on
libgcc_s within libc.so.
When building with libunwind (for clang/LLVM toolchains [1]), two
assumptions in the existing code break:
1. The runtime library is libunwind.so instead of libgcc_s.so.
2. libgcc relies on __gcc_personality_v0 to handle unwinding mechanics.
libunwind exposes the standard '_Unwind_*' accessors directly.
This patch adapts `unwind-link` to handle both environments based on
the HAVE_CC_WITH_LIBUNWIND configuration:
* The UNWIND_SONAME macro now selects between LIBGCC_S_SO and
LIBUNWIND_SO.
* For libgcc, it continues to resolve `__gcc_personality_v0`.
* For libunwind, it instead resolves the standard
_Unwind_GetLanguageSpecificData, _Unwind_SetGR, _Unwind_SetIP,
and _Unwind_GetRegionStart helpers.
* unwind-resume.c is updated to implement wrappers for these
accessors that forward calls to the dynamically loaded function
pointers, effectively shimming the unwinder.
Tests and Makefiles are updated to link against `$(libunwind)` where
appropriate.
Reviewed-by: Sam James <sam@gentoo.org>
[1] https://github.com/libunwind/libunwind
configure: Repurpose have-cc-with-libunwind for clang support
The `have-cc-with-libunwind` check (and its corresponding macro
HAVE_CC_WITH_LIBUNWIND) was historically specific to IA64, intended
to supplement libgcc with libunwind. Since this logic is unused in
current GCC configurations, this patch repurposes it to support
clang-based toolchains that utilize LLVM's libunwind instead of
libgcc_s.
The configure script now detects if the compiler natively supports
unwinding via `-lunwind`.
Additionally, when this mode is enabled, `-lclang_rt.builtins` is
explicitly added to the `libgcc_eh` definition. This is necessary
because `links-dso-program` otherwise fails to link due to a missing
`__gcc_personality_v0` symbol. It appears that clang does not
automatically link the builtins providing this personality routine
when `rlink-path` is actively used during the build.
configure: Parametrize runtime libraries to support compiler-rt
Historically, the build system has hardcoded references to `-lgcc` and
`-lgcc_eh`, explicitly assuming the use of the GCC runtime. This
prevents building glibc with alternative toolchains, specifically clang
configured with `--rtlib=compiler-rt`, where these libraries are
replaced by `libclang_rt.builtins`.
This patch introduces a mechanism to dynamically detect the compiler's
underlying runtime library.
The logic works as follows:
1. It queries the compiler using `-print-libgcc-file-name`.
2. It parses the output path to determine if `libgcc` or `compiler-rt`
is in use.
3. Based on this detection, it parametrizes the build variables for
the static runtime and exception handling libraries (replacing
hardcoded `-lgcc` and `-lgcc_eh`).
This ensures that the build system correctly links against the active
compiler runtime—whether it is the traditional libgcc or LLVM's
compiler-rt—without requiring manual overrides.
Deng Jianbo [Mon, 9 Mar 2026 07:37:49 +0000 (15:37 +0800)]
LoongArch: Optimize float environment functions
In LoongArch, fcsr1 is the alias of enables field in fcsr0, fscr3 is the
alias of RM field in fscr0. This patch use fcsr1 and fcsr3 register to
optimize fedisableexcept, feenableexcept, fegetexcept, fegetround,
fesetround, get_rounding_mode functions, which could reduce the
additional andi instruction.
x86_64: Conditionally define __sfp_handle_exceptions for compiler-rt
The LLVM compiler-rt builtins library does not currently provide an
implementation for __sfp_handle_exceptions. On x86_64, this causes
unresolved symbol errors when building glibc in environments that
exclude libgcc.
This patch implements __sfp_handle_exceptions specifically for x86_64,
bridging the gap for non-GNU compiler runtimes.
The implementation is used conditionally, only if the compiler does
not already provide the symbol.
NB: the implementation is based on libgcc and raises bosh SSE and i387
exceptions (different that the one from 460ee50de054396cc9791ff4)
Tomasz Kamiński [Tue, 10 Mar 2026 08:11:23 +0000 (09:11 +0100)]
test-assert-c++-variadic.cc: Disable assert_works for GCC 14.2 and 14.1
PR118629 [1] resolved issue with usage of __PRETTY_FUNCTION__
(to which assert expands) inside unevaluated context for GCC 14.3.
This affects only versions 14.1 and 14.2, as -std=c++26 option is
supported since 14.1.
clang supports above snippet for all version that supports --std=c++26
flag (since 17.0.1).
Yunze Zhu [Tue, 10 Mar 2026 03:29:18 +0000 (11:29 +0800)]
libio: Properly link in function _IO_wfile_doallocate in static binaries
This patch addresses Bug 33935 - _IO_wfile_doallocate not linked correctly
when linking glibc statically.
https://sourceware.org/bugzilla/show_bug.cgi?id=33935
The function _IO_wfile_doallocate has been added with pragma weak in vtable.c,
while it is the only one symbol contained in wfiledoalloc.c,
and has not been directly called in libio.
In static binaries the true function symbol _IO_wfile_doallocate may not
be correctly linked when linking glibc with cases contains wchar functions,
but the weak symbol in vtable is linked instead,
and cause segmentation fault when running.
This patch fixes this with similar way to symbol _IO_file_doallocate,
that add libio_static_fn_required(_IO_wfile_doallocate) in wgenops.c
to make _IO_wfile_doallocate always link in static binaries.
Wilco Dijkstra [Tue, 27 Jan 2026 19:27:31 +0000 (19:27 +0000)]
malloc: Improve memalign alignment
Use generic stdc_bit_width to safely adapt to input types. Move rounding up of
alignments that are not powers of 2 to __libc_memalign. Simplify alignment
handling of aligned_alloc and __posix_memalign. Add a testcase for non-power
of 2 memalign and fix malloc-debug.
Frédéric Bérat [Tue, 27 Jan 2026 22:07:17 +0000 (23:07 +0100)]
feat(rtld): Allow LD_DEBUG category exclusion
Adds support for excluding specific categories from `LD_DEBUG` output.
The `LD_DEBUG` environment variable now accepts category names prefixed
with a dash (`-`) to disable their debugging output. This allows users
to enable broad categories (e.g., `all`) while suppressing verbose or
irrelevant information from specific sub-categories (e.g., `-tls`).
The `process_dl_debug` function in `rtld.c` has been updated to parse
these exclusion options and unset the corresponding bits in
`GLRO(dl_debug_mask)`. The `LD_DEBUG=help` output has also been updated
to document this new functionality. A new test `tst-dl-debug-exclude.sh`
is added to verify the correct behavior of category exclusion.
Frédéric Bérat [Fri, 12 Dec 2025 15:19:43 +0000 (16:19 +0100)]
elf(tls): Add debug logging for TLS operations
This commit introduces extensive debug logging for thread-local storage
(TLS) operations within the dynamic linker. When `LD_DEBUG=tls` is
enabled, messages are printed for:
- TLS module assignment and release.
- DTV (Dynamic Thread Vector) resizing events.
- TLS block allocations and deallocations.
- `__tls_get_addr` slow path events (DTV updates, lazy allocations, and
static TLS usage).
The log format is standardized to use a "tls: " prefix and identifies
modules using the "modid %lu" convention. To aid in debugging
multithreaded applications, thread-specific logs include the Thread
Control Block (TCB) address to identify the context of the operation.
A new test module `tst-tls-debug-mod.c` and a corresponding shell script
`tst-tls-debug-recursive.sh` have been added. Additionally, the existing
`tst-dl-debug-tid` NPTL test has been updated to verify these TLS debug
messages in a multithreaded context.
Florian Weimer [Wed, 4 Mar 2026 17:32:36 +0000 (18:32 +0100)]
Linux: Only define OPEN_TREE_* macros in <sys/mount.h> if undefined (bug 33921)
There is a conditional inclusion of <linux/mount.h> earlier in the file.
If that defines the macros, do not redefine them. This addresses build
problems as the token sequence used by the UAPI macro definitions
changes between Linux versions.
Wilco Dijkstra [Fri, 27 Feb 2026 20:20:45 +0000 (20:20 +0000)]
malloc: Avoid accessing /sys/kernel/mm files
On AArch64 malloc always checks /sys/kernel/mm/transparent_hugepage/enabled to
set the THP mode. However this check is quite expensive and the file may not
be accessible in containers. If DEFAULT_THP_PAGESIZE is non-zero, use
malloc_thp_mode_madvise so that we take advantage of THP in all cases. Since
madvise is a fast systemcall, it adds only a small overhead compared to the
cost of mmap and populating the pages.
Florian Weimer [Tue, 3 Mar 2026 17:48:47 +0000 (18:48 +0100)]
support: no_override_resolv_conf_search flag for resolver test framework
It is required to test "search ." in /etc/resolv.conf files. The
default is to override the search path isolate from unexpected
settings in the test execution environment.
Wilco Dijkstra [Mon, 2 Mar 2026 17:17:04 +0000 (17:17 +0000)]
AArch64: Improve memset when len is 64
Change the mask to 48 to support len==64. The second memory store now accesses
offset 32, whereas the third one accesses offset 16. As a result performance
for len==64 almost doubles.
Wilco Dijkstra [Mon, 2 Mar 2026 13:09:24 +0000 (13:09 +0000)]
malloc: Add asserts for malloc assumptions
Currently malloc has various assumptions, some documented, some implicit.
Add a few asserts to check the most fundamental assumptions using verify().
Remove some odd #define void.
Jonathan Wakely [Wed, 25 Feb 2026 14:01:23 +0000 (15:01 +0100)]
assert: Support assert as variadic macro for C++26 [PR27276]
C++26 changes assert into a variadic macro to support using
assignment-expressions that would be interpreted as multiple macro
arguments, in particular one containing:
* template parameter lists: func<int, float>()
* calls to overloaded operator[] that accepts multiple arguments: arr[1, 2]
this is C++23 feature, see libstdc++ PR/119855 [1]
* lambdas with explicit captures: [x, y] { ... }
The new expansion in form:
(__VA_ARGS__) ? void (1 ? 1 : bool (__VA_ARGS__))
: __assert_fail (...)
Has the following properties:
* Use of (__VA_ARGS__) ? ... : ..., requires that __VA_ARGS__
is contextually convertible to bool. This means that enumerators
of scoped enumeration are no longer accepted (they are only
explicitly convertible). Thus this patch address the glibc PR/27276 [2].
* Nested ternary 1 ? 1 : bool (__VA_ARGS__) guarantees that
expression expanded from __VA_ARGS__ is not evaluated twice.
This is used instead of unevaluated context (like sizeof...)
to support C++ expressions that are not allowed in unevaluated
context (lambdas until C++20, co_await, co_yield).
* bool (__VA_ARGS__) is ill-formed if __VA_ARGS__ expands to
multiple arguments: assert(1, 2)
* bool (__VA_ARGS__) also triggers warnings when __VA_ARGS__
expands to x = 1: assert(x = 1)
To guarantee that the code snippets from assert/test-assert-c++-variadic.cc,
are actually checked for validity, we need to compile this test in C++26
(-std=c++26) mode. To achieve that, this patch compiles the file with
test-config-cxxflags-stdcxx26 variable as additional flag, that is set to
-std=c++26 if $(TEST_CXX) executable supports that flag, and empty otherwise.
Samuel Thibault [Sun, 1 Mar 2026 16:57:54 +0000 (17:57 +0100)]
htl: Fix mt-safeness of libio
Since d2e04918833 ("Single threaded stdio optimization")
we are supposed to call _IO_enable_locks when creating the first thread,
but that commit missed doing it for htl.
projects / thirdparty / glibc.git / log
