Commit Graph

718 Commits

Author SHA1 Message Date
Adhemerval Zanella
61fd3e0e74 socket: Use 64 bit stat for isfdtype (BZ# 29209)
This is a missing spot initially from 52a5fe70a2.

Checked on i686-linux-gnu.

(cherry picked from commit 87f1ec12e7)
2022-06-01 13:34:51 -03:00
Adhemerval Zanella
f9c3e57ac2 posix: Use 64 bit stat for fpathconf (_PC_ASYNC_IO) (BZ# 29208)
This is a missing spot initially from 52a5fe70a2.

Checked on i686-linux-gnu.

(cherry picked from commit 6e7137f28c)
2022-06-01 13:34:51 -03:00
Adhemerval Zanella
9db6a597ef posix: Use 64 bit stat for posix_fallocate fallback (BZ# 29207)
This is a missing spot initially from 52a5fe70a2.

Checked on i686-linux-gnu.

(cherry picked from commit 574ba60fc8)
2022-06-01 13:34:51 -03:00
Siddhesh Poyarekar
472e799a5f getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
No valid path returned by getcwd would fit into 1 byte, so reject the
size early and return NULL with errno set to ERANGE.  This change is
prompted by CVE-2021-3999, which describes a single byte buffer
underflow and overflow when all of the following conditions are met:

- The buffer size (i.e. the second argument of getcwd) is 1 byte
- The current working directory is too long
- '/' is also mounted on the current working directory

Sequence of events:

- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
  because the linux kernel checks for name length before it checks
  buffer size

- The code falls back to the generic getcwd in sysdeps/posix

- In the generic func, the buf[0] is set to '\0' on line 250

- this while loop on line 262 is bypassed:

    while (!(thisdev == rootdev && thisino == rootino))

  since the rootfs (/) is bind mounted onto the directory and the flow
  goes on to line 449, where it puts a '/' in the byte before the
  buffer.

- Finally on line 458, it moves 2 bytes (the underflowed byte and the
  '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.

- buf is returned on line 469 and errno is not set.

This resolves BZ #28769.

Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 23e0e8f5f1)
2022-01-24 11:37:06 +05:30
Siddhesh Poyarekar
a5bd2e10e0 gaiconf_init: Avoid double-free in label and precedence lists
labellist and precedencelist could get freed a second time if there
are allocation failures, so set them to NULL to avoid a double-free.

Reviewed-by: Arjun Shankar <arjun@redhat.com>
(cherry picked from commit 77a34079d8)
2021-08-04 15:53:46 +05:30
Samuel Thibault
094ed6b0cc posix: Add sysconf(_SC_{MIN,}SIGSTKSZ) support 2021-07-22 01:24:52 +02:00
H.J. Lu
5d98a7dae9 Define PTHREAD_STACK_MIN to sysconf(_SC_THREAD_STACK_MIN)
The constant PTHREAD_STACK_MIN may be too small for some processors.
Rename _SC_SIGSTKSZ_SOURCE to _DYNAMIC_STACK_SIZE_SOURCE.  When
_DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined, define
PTHREAD_STACK_MIN to sysconf(_SC_THREAD_STACK_MIN) which is changed
to MIN (PTHREAD_STACK_MIN, sysconf(_SC_MINSIGSTKSZ)).

Consolidate <bits/local_lim.h> with <bits/pthread_stack_min.h> to
provide a constant target specific PTHREAD_STACK_MIN value.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-09 15:10:35 -07:00
Adhemerval Zanella
882d6e17bc posix: Add posix_spawn_file_actions_addclosefrom_np
This patch adds a way to close a range of file descriptors on
posix_spawn as a new file action.  The API is similar to the one
provided by Solaris 11 [1], where the file action causes the all open
file descriptors greater than or equal to input on to be closed when
the new process is spawned.

The function posix_spawn_file_actions_addclosefrom_np is safe to be
implemented by iterating over /proc/self/fd, since the Linux spawni.c
helper process does not use CLONE_FILES, so its has own file descriptor
table and any failure (in /proc operation) aborts the process creation
and returns an error to the caller.

I am aware that this file action might be redundant to the current
approach of POSIX in promoting O_CLOEXEC in more interfaces. However
O_CLOEXEC is still not the default and for some specific usages, the
caller needs to close all possible file descriptors to avoid them
leaking.  Some examples are CPython (discussed in BZ#10353) and OpenJDK
jspawnhelper [2] (where OpenJDK spawns a helper process to exactly
closes all file descriptors).  Most likely any environment which calls
functions that might open file descriptor under the hood and aim to use
posix_spawn might face the same requirement.

Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.

[1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html
[2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-07-08 14:08:15 -03:00
Adhemerval Zanella
30adcf5adb hurd: Fix build after 52a5fe70a2
Hurd does not support 64-bit time_t internally.
2021-06-23 14:14:48 -03:00
Adhemerval Zanella
52a5fe70a2 Use 64 bit time_t stat internally
For the legacy ABI with supports 32-bit time_t it calls the 64-bit
time directly, since the LFS symbols calls the 64-bit time_t ones
internally.

Checked on i686-linux-gnu and x86_64-linux-gnu.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2021-06-22 12:09:52 -03:00
Florian Weimer
3c79234c7a nptl: Move pthreadP.h into sysdeps directory
This mirrors the situation on Hurd.  These directories are on
the include search part, so #include <pthreadP.h> works after this
change on both Hurd and nptl.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-22 09:51:10 +02:00
Florian Weimer
a749a00fb5 rt: Replace generic stub of shm_unlink with the posix version
Result of: git mv -f sysdeps/posix/shm_unlink.c rt
and manual removal of the _POSIX_MAPPED_FILES preprocessor condition.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-21 08:25:15 +02:00
Florian Weimer
b7a0bfbd2f rt: Replace generic stub of shm_open with the posix version
Result of: git mv -f sysdeps/posix/shm_open.c rt
and manual removal of the _POSIX_MAPPED_FILES preprocessor condition.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-21 08:25:15 +02:00
Adhemerval Zanella
f779b1efb3 nptl: Implement raise in terms of pthread_kill
Now that pthread_kill is provided by libc.so it is possible to
implement the generic POSIX implementation as
'pthread_kill(pthread_self(), sig)'.

For Linux implementation, pthread_kill read the targeting TID from
the TCB.  For raise, this it not possible because it would make raise
fail when issue after vfork (where creates the resulting process
has a different TID from the parent, but its TCB is not updated as
for pthread_create).  To make raise use pthread_kill, it is make
usable from vfork by getting the target thread id through gettid
syscall.

Checked on x86_64-linux-gnu and aarch64-linux-gnu.
2021-06-09 15:16:45 -03:00
Joseph Myers
e5ac7bd679 Add C2X timespec_getres
ISO C2X adds a timespec_getres function alongside the C11
timespec_get, with functionality similar to that of POSIX clock_getres
(including allowing a NULL pointer to be passed to the function).
Implement this function for glibc, similarly to the implementation of
timespec_get.

This includes a basic test like that of timespec_get, but no
documentation in the manual, given that TIME_UTC and timespec_get
aren't documented in the manual at all.  The handling of 64-bit time
follows that in timespec_get; people maintaining patch series for
64-bit time will need to update them accordingly (to export
__timespec_getres64, redirect calls in time.h and run the test for
_TIME_BITS=64).

Tested for x86_64 and x86, and (previous version; only testcase
differs) with build-many-glibcs.py.
2021-05-17 20:55:21 +00:00
Florian Weimer
93d78ec1cb nptl: Move pthread_setcancelstate into libc
No new symbol version is required because there was a forwarder.

The symbol has been moved using scripts/move-symbol-to-libc.py.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:50 +02:00
DJ Delorie
9b456c5da9 nss: fix nss_database_lookup2's alternate handling [BZ #27416]
__nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config
ignored) and shadow files (secondary name ignored) which relies on
these fallbacks.

This patch adds in the previous behavior by correcting the
initialization of the database list to reflect the fallbacks.  This
means that the nss_database_lookup2 interface no longer needs to be
passed the fallback info, so API and callers were adjusted.

Since all callers needed to be edited anyway, the calls were changed
from __nss_database_lookup2 to the faster __nss_database_get.  This
was an intended optimization which was deferred during the initial
lookup changes to avoid touching so many files.

The test case verifies that compat targets work (passwd) and that the
default configuration works (group).  Tested on x86-64.
2021-03-09 14:34:50 -05:00
Florian Weimer
e9fed2438a linux: Require /dev/shm as the shared memory file system
Previously, glibc would pick an arbitrary tmpfs file system from
/proc/mounts if /dev/shm was not available.  This could lead to
an unsuitable file system being picked for the backing storage for
shm_open, sem_open, and related functions.

This patch introduces a new function, __shm_get_name, which builds
the file name under the appropriate (now hard-coded) directory.  It is
called from the various shm_* and sem_* function.  Unlike the
SHM_GET_NAME macro it replaces, the callers handle the return values
and errno updates.  shm-directory.c is moved directly into the posix
subdirectory because it can be implemented directly using POSIX
functionality.  It resides in libc because it is needed by both
librt and nptl/htl.

In the sem_open implementation, tmpfname is initialized directly
from a string constant.  This happens to remove one alloca call.

Checked on x86_64-linux-gnu.
2021-02-08 14:10:42 -03:00
Adhemerval Zanella
f430293d84 posix: consume less entropy on tempname
The first getrandom is used only for __GT_NOCREATE, which is inherently
insecure and can use the entropy as a small improvement.  On the
second and later attempts it might help against DoS attacks.

It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.

Checked on x86_64-linux-gnu.
2021-01-12 09:50:54 -03:00
Adhemerval Zanella
4dddd7e9cb posix: Sync tempname with gnulib [BZ #26648]
It syncs with gnulib commit b1268f22f443e8e4b9e.  The try_tempname_len
now uses getrandom on each iteration to get entropy and only uses the
clock plus ASLR as source of entropy if getrandom fails.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2021-01-11 16:29:05 -03:00
Adhemerval Zanella
42dda89dcb posix: Fix return value of system if shell can not be executed [BZ #27053]
POSIX states that system returned code for failure to execute the shell
shall be as if the shell had terminated using _exit(127).  This
behaviour was removed with 5fb7fc9635.

Checked on x86_64-linux-gnu.
2021-01-11 12:26:58 -03:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
DJ Delorie
f4f3b09111 nsswitch: use new internal API (callers)
Stitch new ABI and types throughout all NSS callers.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:16:32 -05:00
Adhemerval Zanella
905ae44c77 linux: Move posix dir implementations to Linux
This generic implementation already expects a getdents API which
is Linux specific.  It also allows simplify it by assuming
_DIRENT_HAVE_D_RECLEN and _DIRENT_HAVE_D_OFF support.

The readdir are also expanded on each required implementation,
futher fixes and improvements will make parametrize the
implementation more complex.

Checked on x86_64-linux-gnu, i686-linux-gnu, and with a build
for all affected ABIs.
2020-10-16 14:19:23 -03:00
Adhemerval Zanella
589260cef8 Remove mknod wrapper functions, move them to symbols
This patch removes the mknod and mknodat static wrapper and add the
symbols on the libc with the expected names.

Both the prototypes of the internal symbol linked by the static
wrappers and the inline redirectors are also removed from the installed
sys/stat.h header file.  The wrapper implementation license LGPL
exception is also removed since it is no longer statically linked to
binaries.

Internally the _STAT_VER* definitions are moved to the arch-specific
xstatver.h file.

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
8ed005daf0 Remove stat wrapper functions, move them to exported symbols
This patch removes the stat, stat64, lstat, lstat64, fstat, fstat64,
fstatat, and fstatat64 static wrapper and add the symbol on the libc
with the expected names.

Both the prototypes of the internal symbol linked by the static
wrappers and the inline redirectors are also removed from the installed
sys/stat.h header file.  The wrapper implementation license LGPL
exception is also removed since it is no longer statically linked to
binaries.

Internally the _STAT_VER* definitions are moved to a arch-specific
xstatver.h file.  The internal defines that redirects internals
{f}stat{at} to their {f}xstat{at} counterparts are removed for Linux
(!NO_RTLD_HIDDEN).  Hurd still requires them since {f}stat{at} pulls
extra objects that makes the loader build fail otherwise (I haven't
dig into why exactly).

Checked with a build for all affected ABIs. I also checked on x86_64,
i686, powerpc, powerpc64le, sparcv9, sparc64, s390, and s390x.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-10-09 17:02:06 -03:00
Adhemerval Zanella
04986243d1 Remove internal usage of extensible stat functions
It replaces the internal usage of __{f,l}xstat{at}{64} with the
__{f,l}stat{at}{64}.  It should not change the generate code since
sys/stat.h explicit defines redirections to internal calls back to
xstat* symbols.

Checked with a build for all affected ABIs.  I also check on
x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-09-11 14:35:32 -03:00
Adhemerval Zanella
804200923d Use LFS readdir in generic POSIX getcwd [BZ# 22899]
Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-09-02 09:16:05 -03:00
Adhemerval Zanella
fcdbd91067 Sync getcwd with gnulib
This is the first of a series of patches to sync with Gnulib commit
615b43e1f9.  This patch adopts most of the changes of Gnulib, except it
retains GETCWD_RETURN_TYPE and does not always use a 64-bit internal
API. These remaining discrepancies will be addressed in later patches
in this series.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-09-02 09:16:05 -03:00
Samuel Thibault
c1dcc54113 hurd: Fix __writev_nocancel_nostatus
* sysdeps/mach/hurd/Makefile [subdir=misc] (sysdep_routines): Add
writev_nocancel writev_nocancel_nostatus.
* sysdeps/mach/hurd/not-cancel.h (__writev_nocancel_nostatus): Replace
macro with function declaration (with hidden prototype in libc).
(__writev_nocancel): New function declaration (with hidden prototype in libc).
* sysdeps/mach/hurd/writev_nocancel_nostatus.c: New file.
* sysdeps/posix/writev_nocancel.c: New file, includes writev.c to make a
nocancel variant that calls __write_nocancel.
* sysdeps/posix/writev.c (writev): Do not define alias if __writev is
renamed.
2020-06-14 17:45:04 +00:00
Adhemerval Zanella
ef3330fde4 linux: Use internal DIR locks when accessing filepos on telldir
Since it might change during a readdir call.

Checked on x86_64-linux-gnu and i686-linux-gnu.
2020-05-27 11:55:00 -03:00
Adhemerval Zanella
f09542c584 posix: Fix system error return value [BZ #25715]
It fixes 5fb7fc9635 when posix_spawn fails.

Checked on x86_64-linux-gnu and i686-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-03-23 18:00:38 -03:00
Adhemerval Zanella
6437fecca3 posix: Remove posix waitid
The POSIX waitid implementation is problematic in some ways:

  - It emulates using waitpid, which default implementation calls
    wait4 and wait4 returns ENOSYS as default.

  - Also by using waitpid it does not allod support the WNOWAIT,
    WEXITED, WSTOPPED, or WCONTINUED flag.  With current POSIX
    specification the flags are no longer marked as optional.

Also due BZ#23091 Hurd still uses the implementation, so it is moved
to as a Hurd arch-specific folder (with some minor cleanups).

Checked against a i686-gnu (run-built-tests=no)
2020-02-27 16:16:17 -03:00
Florian Weimer
499a92df8b nss: Add function types and NSS_DECLARE_MODULE_FUNCTIONS macro to <nss.h>
This macro allows to add type safety to the implementation of NSS
service modules.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-02-13 09:14:40 +01:00
Florian Weimer
8b222fa387 getaddrinfo: Fix resource leak after strdup failure in gethosts [BZ #25425]
Filip Ochnik spotted that one of the error jumps in gethosts fails to
call __resolv_context_put to release the resolver context.

Fixes commit 352f4ff9a2 ("resolv:
Introduce struct resolv_context [BZ #21668]") and commit
964263bb8d ("getaddrinfo: Release
resolver context on error in gethosts [BZ #21885]").

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-20 18:37:13 +01:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Adhemerval Zanella
442d9c9c67 Consolidate wait3 implementations
The generic one calls wait4.

Checked on x86_64-linux-gnu.
2019-12-19 16:11:09 -03:00
Adhemerval Zanella
c5cbdacb8a Implement wait in terms of waitpid
The POSIX implementation is used as default and both BSD and Linux
version are removed.  It simplifies the implementation for
architectures that do not provide either __NR_waitpid or
__NR_wait4.

Checked on x86_64-linux-gnu and powerpc64le-linux-gnu.
2019-12-19 16:11:09 -03:00
Adhemerval Zanella
478f70780f Remove __waitpid_nocancel
It enables and disables cancellation with pthread_setcancelstate
before calling the waitpid.  It simplifies the waitpid implementation
for architectures that do not provide either __NR_waitpid or
__NR_wait4.

Checked on x86_64-linux-gnu.
2019-12-19 16:11:09 -03:00
Samuel Thibault
db25266c92 hurd: Fix ld.so __getcwd override from libc
ld.so symbols to be overriden by libc need to be extern to really get
overriden. __getcwd happens to have never been exposed, putting it to
GLIBC_PRIVATE.
2019-12-01 21:05:51 +00:00
Tim Rühsen
c1de872c8c sysdeps/posix/getaddrinfo: Return early on invalid address family
Check address family before expensive function call (__check_pf).
2019-11-26 10:19:33 +01:00
Tim Rühsen
cceb038ac0 sysdeps/posix: Simplify if expression in getaddrinfo
Small code cleanup for better readability.
2019-11-26 09:58:50 +01:00
Adhemerval Zanella
5e46749c64 Use clock_gettime to implement gettimeofday.
Consolidate generic gettimeofday implementation to use clock_gettime.
Linux ports that still provide gettimeofday through vDSO are not
changed.

Remove sysdeps/unix/clock_gettime.c, which implemented clock_gettime
using gettimeofday; new OS ports must provide a real implementation of
clock_gettime.

Rename sysdeps/mach/gettimeofday.c to sysdeps/mach/clock_gettime.c and
convert into an implementation of clock_gettime.  It only supports
CLOCK_REALTIME; Mach does not appear to have any support for monotonic
clocks.  It uses __host_get_time, which provides at best microsecond
resolution.  Hurd is currently using sysdeps/posix/clock_getres.c for
clock_getres; its output for CLOCK_REALTIME is based on
sysconf (_SC_CLK_TCK), and I do not know whether that gives the
correct result.

Unlike settimeofday, there are no known uses of gettimeofday's
vestigial "get time zone" feature that are not bugs.  (The per-process
timezone support in localtime and friends is unrelated, and the
programs that set the kernel's offset between the hardware clock and
UTC do not need to read it back.)  Therefore, this feature is dummied
out.  Henceforth, if gettimeofday's "struct timezone" argument is not
NULL, it will write zeroes to both fields.  Any program that is
actually looking at this data will thus think it is running in UTC,
which is probably more correct than whatever it was doing before.

[__]gettimeofday no longer has any internal callers, so we can now
remove its internal prototype and PLT bypass aliases.  The
__gettimeofday@GLIBC_2.0 export remains, in case it is used by any
third-party code.

It also allows to simplify the arch-specific implementation on x86 and
powerpc to remove the hack to disable the internal route to non iFUNC
variant for internal symbol.

This patch also fixes a missing optimization on aarch64, powerpc, and
x86 where the code used on static build do not use the vDSO.

Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu.

Co-authored-by: Zack Weinberg <zackw@panix.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-10-30 17:11:10 -03:00
Zack Weinberg
40a36935ff Use clock_gettime to implement timespec_get.
timespec_get is the same function as clock_gettime, with an obnoxious
coating of NIH painted on it by the ISO C committee.  In addition to
the rename, it takes its arguments in a different order, it returns 0
on *failure* or a positive number on *success*, and it requires that
all of its TIME_* constants be positive.  This last means we cannot
directly reuse the existing CLOCK_* constants for it, because
those have been allocated starting with CLOCK_REALTIME = 0 on all
existing platforms.

This patch simply promotes the sysdeps/posix implementation to
universal, and removes the Linux-specific implementation, whose
apparent reason for existing was to cut out one function call's worth
of overhead.

Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-10-30 17:11:10 -03:00
Adhemerval Zanella
0d56378349 Use clock_gettime to implement time.
Change the default implementation of time to call clock_gettime,
to align with new Linux ports that are expected to only implement
__NR_clock_gettime.  Arch-specific implementation that either call
the time vDSO or route to gettimeofday vDSO are not removed.

Also for Linux, CLOCK_REALTIME_COARSE is used instead of generic
CLOCK_REALTIME clockid.  This takes less CPU time and its behavior
better matches what the current glibc does.

Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu.

Co-authored-by: Zack Weinberg <zackw@panix.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-10-30 17:05:14 -03:00
Zack Weinberg
4a39c34c4f Change most internal uses of __gettimeofday to __clock_gettime.
Since gettimeofday will shortly be implemented in terms of
clock_gettime on all platforms, internal code should use clock_gettime
directly; in addition to removing a layer of indirection, this will
allow us to remove the PLT-bypass gunk for gettimeofday.  (We can't
quite do that yet, but it'll be coming later in this patch series.)
In many cases, the changed code does fewer conversions.

The changed code always assumes __clock_gettime (CLOCK_REALTIME)
cannot fail.  Most of the call sites were assuming gettimeofday could
not fail, but a few places were checking for errors.  POSIX says
clock_gettime can only fail if the clock constant is invalid or
unsupported, and CLOCK_REALTIME is the one and only clock constant
that's required to be supported.  For consistency I grepped the entire
source tree for any other places that checked for errors from
__clock_gettime (CLOCK_REALTIME), found one, and changed it too.

(For the record, POSIX also says gettimeofday can never fail.)

(It would be nice if we could declare that GNU systems will always
support CLOCK_MONOTONIC as well as CLOCK_REALTIME; there are several
places where we are using CLOCK_REALTIME where _MONOTONIC would be
more appropriate, and/or trying to use _MONOTONIC and then falling
back to _REALTIME.  But the Hurd doesn't support CLOCK_MONOTONIC yet,
and it looks like adding it would involve substantial changes to
gnumach's internals and API.  Oh well.)

A few Hurd-specific files were changed to use __host_get_time instead
of __clock_gettime, as this seemed tidier.  We also assume this cannot
fail.  Skimming the code in gnumach leads me to believe the only way
it could fail is if __mach_host_self also failed, and our
Hurd-specific code consistently assumes that can't happen, so I'm
going with that.

With the exception of support/support_test_main.c, test cases are not
modified, mainly because I didn't want to have to figure out which
test cases were testing gettimeofday specifically.

The definition of GETTIME in sysdeps/generic/memusage.h had a typo and
was not reading tv_sec at all.  I fixed this.  It appears nobody has been
generating malloc traces on a machine that doesn't have a superseding
definition.

There are a whole bunch of places where the code could be simplified
by factoring out timespec subtraction and/or comparison logic, but I
want to keep this patch as mechanical as possible.

Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, powerpc-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-10-30 17:04:10 -03:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Zack Weinberg
7b5af2d8f2 Finish move of clock_* functions to libc. [BZ #24959]
In glibc 2.17, the functions clock_getcpuclockid, clock_getres,
clock_gettime, clock_nanosleep, and clock_settime were moved from
librt.so to libc.so, leaving compatibility stubs behind.  Now that the
dynamic linker no longer insists on finding versioned symbols in the
same library that originally defined them, we do not need the stubs
anymore, and this means we don't need GLIBC_PRIVATE __-prefix aliases
for most of the functions anymore either.  (clock_gettime still needs
one.)  For ports added before 2.17, libc.so needs to provide two
symbol versions for each, the default at GLIBC_2.17 plus a compat
version matching what librt had.

While I'm at it, move the clock_*.c files and their tests from rt/ to
time/.
2019-09-04 14:39:38 +02:00
Adhemerval Zanella
a43565ac44 Refactor sigcontextinfo.h
This patch refactor sigcontextinfo.h header to use SA_SIGINFO as default
for both gmon and debug implementations.  This allows simplify
profil-counter.h on Linux to use a single implementation and remove the
requirements for newer ports to redefine __sigaction/sigaction to use
SA_SIGINFO.

The GET_PC macro is also replaced with a function sigcontext_get_pc that
returns an uintptr_t instead of a void pointer.  It allows easier convertion
to integer on ILP32 architecture, such as x32, without the need to suppress
compiler warnings.

The patch also requires some refactor of register-dump.h file for some
architectures (to reflect it is now called from a sa_sigaction instead of
sa_handler signal context).

   - Alpha, i386, and s390 are straighfoward to take in consideration the
     new argument type.

   - ia64 takes in consideration the kernel pass a struct sigcontextt
     as third argument for sa_sigaction.

   - sparc take in consideration the kernel pass a pt_regs struct
     as third argument for sa_sigaction.

   - m68k dummy function is removed and the FP state is dumped on
     register_dump itself.

   - For SH the register-dump.h file is consolidate on a common implementation
     and the floating-point state is checked based on ownedfp field.

The register_dump does not change its output format in any affected
architecture.

I checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
arm-linux-gnueabihf, sparcv9-linux-gnu, sparc64-linux-gnu, powerpc-linux-gnu,
powerpc64-linux-gnu, and powerpc64le-linux-gnu.

I also checked the libSegFault.so through catchsegv on alpha-linux-gnu,
m68k-linux-gnu and sh4-linux-gnu to confirm the output has not changed.

	Adhemerval Zanella  <adhemerval.zanella@linaro.org>
	Florian Weimer  <fweimer@redhat.com>

	* debug/segfault.c (install_handler): Use SA_SIGINFO if defined.
	* sysdeps/generic/profil-counter.h (__profil_counter): Cast to
	uintptr_t.
	* sysdeps/generic/sigcontextinfo.h (GET_PC): Rename to
	sigcontext_get_pc and return aligned cast to uintptr_t.
	* sysdeps/mach/hurd/i386/sigcontextinfo.h (GET_PC): Likewise.
	* sysdeps/posix/profil.c (profil_count): Change PC argument to
	uintptr_t.
	(__profil): Use SA_SIGINFO.
	* sysdeps/posix/sprofil.c (profil_count): Change PCP argument to
	uintptr_t.
	(__sprofil): Use SA_SIGINFO.
	* sysdeps/unix/sysv/linux/profil-counter.h: New file.
	* sysdeps/unix/sysv/linux/aarch64/profil-counter.h: Remove file.
	* sysdeps/unix/sysv/linux/csky/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/hppa/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/i386/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/ia64/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/microblaze/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/mips/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/nios2/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/riscv/profil-counter.h: Likewise.
	* sysdeps/sysv/linux/s390/s390-32/profil-counter.h: Likewise.
	* sysdeps/sysv/linux/s390/s390-64/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/sh/profil-counter.h: Likewise.
	* sysdeps/unix/sysv/linux/arm/profil-counter.h (__profil_counter):
	Assume SA_SIGINFO and use sigcontext_get_pc instead of GET_PC.
	* sysdeps/unix/sysv/linux/sparc/profil-counter.h: New file.
	* sysdeps/unix/sysv/linux/sparc/sparc64/profil-counter.h: Remove file.
	* sysdeps/unix/sysv/linux/sparc/sparc32/profil-counter.h: Likewise.
	* sysdpes/unix/sysv/linux/aarch64/sigcontextinfo.h (SIGCONTEXT,
	GET_PC, __sigaction, sigaction): Remove defines.
	(sigcontext_get_pc): New function.
	* sysdeps/unix/sysv/linux/alpha/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/arm/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/csky/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/hppa/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/i386/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/ia64/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/m68k/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/mips/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/nios2/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/s390/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/microblaze/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/riscv/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/sh/sigcontextinfo.h: Likewise.
	* sysdeps/sysv/linux/sparc/sparc32/sigcontextinfo.h: Likewise.
	* sysdeps/sysv/linux/sparc/sparc64/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/sigcontextinfo.h: Likewise.
	* sysdeps/unix/sysv/linux/alpha/register-dump.h (register_dump):
	Handle CTX argument as ucontext_t.
	* sysdeps/unix/sysv/linux/i386/register-dump.h: Likewise.
	Likewise.
	* sysdeps/unix/sysv/linux/m68k/register-dump.h: Likewise.
	* sysdeps/sysv/linux/s390/s390-32/register-dump.h: Likewise.
	* sysdeps/sysv/linux/s390/s390-64/register-dump.h: Likewise.
	* sysdeps/unix/sysv/linux/sh/register-dump.h: New file.
	* sysdeps/unix/sysv/linux/sh/sh4/register-dump.h: Remove File.
	* sysdeps/unix/sysv/linux/sh/sh3/register-dump.h: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc32/register-dump.h: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/register-dump.h: Likewise.
	* sysdeps/unix/sysv/linux/Makefile (tests-internal): Add
	tst-sigcontextinfo-get_pc.
	* sysdeps/unix/sysv/linux/tst-sigcontextinfo-get_pc.c: New file.
	(CFLAGS-tst-sigcontextinfo-get_pc.c): New rule.
2019-08-23 11:30:56 -03:00
Florian Weimer
a289ea09ea Do not print backtraces on fatal glibc errors
If the process is in a bad state, we used to print backtraces in
many cases.  This is problematic because doing so could involve
a lot of work, like loading libgcc_s using the dynamic linker,
and this could itself be targeted by exploit writers.  For example,
if the crashing process was forked from a long-lived process, the
addresses in the error message could be used to bypass ASLR.

Commit ed421fca42 ("Avoid backtrace from
__stack_chk_fail [BZ #12189]"), backtraces where no longer printed
because backtrace_and_maps was always called with do_abort == 1.

Rather than fixing this logic error, this change removes the backtrace
functionality from the sources.  With the prevalence of external crash
handlers, it does not appear to be particularly useful.  The crash
handler may also destroy useful information for debugging.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-08-19 15:41:29 +02:00