aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2024-07-31elf: Add support for GNU_PROPERTY_NO_MEMORY_SEALazanella/msealAdhemerval Zanella27-32/+350
The GNU_PROPERTY_NO_MEMORY_SEAL is a GNU property per module instructing the glibc not to seal the object PT_LOAD. It can be used for any reason the modules require to seal not to be enabled (i.e., on Firefox hack to bypass the dynamic loader and enable DT_RELR on older glibc [1]). In this case, it is up to the module to apply memory sealing itself. The sealing is applied by default, and it is always enforced with glibc.rtld.seal=2. Checked on aarch64-linux-gnu, x86_64-linux-gnu, and powerpc64le-linux-gnu. [1] https://glandium.org/blog/?p=4297
2024-07-31elf: Also parse gnu properties for static linked binariesAdhemerval Zanella1-0/+13
So the static binary can opt-out of memory sealing. Checked on x86_64-linux-gnu.
2024-07-31elf: Add support to memory sealingAdhemerval Zanella31-0/+865
The new Linux mseal syscall allows seal memory mappings to avoid further changes such as memory protection or remap. The sealing is done in multiple places where the memory is supposed to be immutable over program execution: * All shared library dependencies from the binary, including the read-only segments after PT_GNU_RELRO setup. * The binary itself, including dynamic and static links. In both It is up either to binary or the loader to set up the sealing. * Any preload libraries. * Any library loaded with dlopen with RTLD_NODELETE flag (including libgcc.so loaded to enable unwind and/or thread cancellation). * Audit modules. * The loader bump allocator. For binary dependencies, the RTLD_NODELETE signals the link_map should be sealed. It also makes dlopen objects with the flag sealed as well. The sealing is controlled by a new tunable, glibc.rtld.seal, with three different states: 0. Disabled, where no memory sealing is done. 1. Enabled, where the loader will issue the mseal syscall on the memory mappings but any failure will be ignored. This is the default. 2. Enforce, similar to Enabled but any failure from the mseal will terminate the process. Checked on x86_64-linux-gnu and aarch64-linux-gnu.
2024-07-31linux: Add mseal syscall supportAdhemerval Zanella40-0/+190
It has been added on Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) as a way to block operations such as mapping, moving to another location, shrinking the size, expanding the size, or modifying it to a pre-existent memory mapping. Although the system only work on 64 bit CPU, the entrypoint was added for all ABIs (since kernel might eventually implement it to additional ones and/or the abi can execute on a 64-bit kernel). Checked on x86_64-linux-gnu.
2024-07-31elf: Use RTLD_NODELETE is more placesAdhemerval Zanella4-6/+10
* On dlopen dependencies for objects opened with RTLD_NODELETE (since it does not make sense to unload a dependency of a RTLD_NODELETE object); * For the main map executable. * For the main map DT_NEEDED dependencies. * On __libc_unwind_link_get for libgcc_s.so (used for backtrace and unwind). Checked on x86_64-linux-gnu.
2024-07-31stdlib: Mark `abort` as `cold`Noah Goldstein1-1/+1
This helps HotColdSplitting in GCC/LLVM. Thought about doing `exit` as well since its only called once per process, but since its easy to imagine a hot path leading into `exit(0)`, its less clear if its profitable. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-07-30x86_64 hurd: ensure we have a large enough buffer to receive exception_raise ↵Flavio Cruz1-1/+8
requests. Message-ID: <gtxd6s4s7fi7hdrlb7zayq3akij7x6jqawwq3zfl3v4nqspulo@euucuzeonrl6>
2024-07-30stdlib: Allow concurrent exit (BZ 31997)Adhemerval Zanella3-0/+166
Even if C/POSIX standard states that exit is not formally thread-unsafe, calling it more than once is UB. The glibc already supports it for the single-thread, and both elf/nodelete2.c and tst-rseq-disable.c call exit from a DSO destructor (which is called by _dl_fini, registered at program startup with __cxa_atexit). However, there are still race issues when it is called more than once concurrently by multiple threads. A recent Rust PR triggered this issue [1], which resulted in an Austin Group ask for clarification [2]. Besides it, there is a discussion to make concurrent calling not UB [3], wtih a defined semantic where any remaining callers block until the first call to exit has finished (reentrant calls, leaving through longjmp, and exceptions are still undefined). For glibc, at least reentrant calls are required to be supported to avoid changing the current behaviour. This requires locking using a recursive lock, where any exit called by atexit() handlers resumes at the point of the current handler (thus avoiding calling the current handle multiple times). Checked on x86_64-linux-gnu and aarch64-linux-gnu. [1] https://github.com/rust-lang/rust/issues/126600 [2] https://austingroupbugs.net/view.php?id=1845 [3] https://www.openwall.com/lists/libc-coord/2024/07/24/4 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2024-07-30Add F_DUPFD_QUERY from Linux 6.10 to bits/fcntl-linux.hAdhemerval Zanella1-0/+1
It was added by commit c62b758bae6af16 as a way for userspace to check if two file descriptors refer to the same struct file. Checked on aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30Add STATX_SUBVOL from Linux 6.10 to bits/statx-generic.hAdhemerval Zanella1-0/+1
Tested for aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30Update kernel version to 6.10 in header constant testsAdhemerval Zanella3-4/+4
This patch updates the kernel version in the tests tst-mman-consts.py, tst-mount-consts.py, and tst-pidfd-consts.py to 6.9. There are no new constants covered by these tests in 6.10. Tested with build-many-glibcs.py. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30Update syscall lists for Linux 6.10Adhemerval Zanella27-3/+32
Linux 6.10 changes for syscall are: * mseal for all architectures. * map_shadow_stack for x32. * Replace sync_file_range with sync_file_range2 for csky (which fixes a broken sync_file_range usage). Update syscall-names.list and regenerate the arch-syscall.h headers with build-many-glibcs.py update-syscalls. Tested with build-many-glibcs.py. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-30Use Linux 6.10 in build-many-glibcs.pyAdhemerval Zanella1-1/+1
Tested with build-many-glibcs.py (host-libraries, compilers and glibcs builds). Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-29Mitigation for "clone on sparc might fail with -EFAULT for no valid reason" ↵Michael Karcher2-0/+6
(bz 31394) It seems the kernel can not deal with uncommitted stack space in the area intended for the register window when executing the clone() system call. So create a nested frame (proxy for the kernel frame) and flush it from the processor to memory to force committing pages to the stack before invoking the system call. Bug: https://www.mail-archive.com/debian-glibc@lists.debian.org/msg62592.html Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31394 See-also: https://lore.kernel.org/sparclinux/62f9be9d-a086-4134-9a9f-5df8822708af@mkarcher.dialup.fu-berlin.de/ Signed-off-by: Michael Karcher <sourceware-bugzilla@mkarcher.dialup.fu-berlin.de> Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-29manual: make setrlimit() description less ambiguousLukas Bulwahn1-2/+2
The existing description for setrlimit() has some ambiguity. It could be understood to have the semantics of getrlimit(), i.e., the limits from the process are stored in the provided rlp pointer. Make the description more explicit that rlp are the input values, and that the limits of the process is changed with this function. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-29manual/stdio: Clarify putc and putwcArjun Shankar1-6/+6
The manual entry for `putc' described what "most systems" do instead of describing the glibc implementation and its guarantees. This commit fixes that by warning that putc may be implemented as a macro that double-evaluates `stream', and removing the performance claim. Even though the current `putc' implementation does not double-evaluate `stream', offering this obscure guarantee as an extension to what POSIX allows does not seem very useful. The entry for `putwc' is also edited to bring it in line with `putc'. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2024-07-27MIPS: Regenerate ulpsJulian Zhu2-5/+5
From new tests added by 4dc22baa84bdb4111c0ac0db7139bf9ab953bf61. Signed-off-by: Julian Zhu <jz531210@gmail.com>
2024-07-27malloc: Link threading tests with $(shared-thread-library)Florian Weimer1-0/+2
Fixes build failures on Hurd.
2024-07-26assert: Mark `__assert_fail` as `cold`Noah Goldstein1-3/+3
This helps compilers split the codegen for setting up the arguments (`__expression`, `__filename`, etc...) from the potentially hot cold where the `assert` is to a presumably cold region on the assertion failure path. Reviewed-by: Florian Weimer <fweimer@redhat.com> Reviewed-by: Sam James <sam@gentoo.org>
2024-07-26stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]Maciej W. Rozycki2-0/+113
Complement commit b03e4d7bd25b ("stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)") and add a test case for the issue, inspired by the reproducer provided with the bug report. This has been verified to succeed as from the commit referred and fail beforehand. As the test requires 2GiB of data to be passed around its performance has been evaluated using a choice of systems and the execution time determined to be respectively in the range of 9s for POWER9@2.166GHz, 24s for FU740@1.2GHz, and 40s for 74Kf@950MHz. As this is on the verge of and beyond the default timeout it has been increased by the factor of 8. Regardless, following recent practice the test has been added to the standard rather than extended set. Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-26support: Add FAIL test failure helperMaciej W. Rozycki4-48/+18
Add a FAIL test failure helper analogous to FAIL_RET, that does not cause the current function to return, providing a standardized way to report a test failure with a message supplied while permitting the caller to continue executing, for further reporting, cleaning up, etc. Update existing test cases that provide a conflicting definition of FAIL by removing the local FAIL definition and then as follows: - tst-fortify-syslog: provide a meaningful message in addition to the file name already added by <support/check.h>; 'support_record_failure' is already called by 'support_print_failure_impl' invoked by the new FAIL test failure helper. - tst-ctype: no update to FAIL calls required, with the name of the file and the line number within of the failure site additionally included by the new FAIL test failure helper, and error counting plus count reporting upon test program termination also already provided by 'support_record_failure' and 'support_report_failure' respectively, called by 'support_print_failure_impl' and 'adjust_exit_status' also respectively. However in a number of places 'printf' is called and the error count adjusted by hand, so update these places to make use of FAIL instead. And last but not least adjust the final summary just to report completion, with any error count following as reported by the test driver. - test-tgmath2: no update to FAIL calls required, with the name of the file of the failure site additionally included by the new FAIL test failure helper. Also there is no need to track the return status by hand as any call to FAIL will eventually cause the test case to return an unsuccesful exit status regardless of the return status from the test function, via a call to 'adjust_exit_status' made by the test driver. Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-26posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64Maciej W. Rozycki1-13/+12
Remove local FAIL macro in favor to FAIL_RET from <support/check.h>, which provides equivalent reporting, with the name of the file of the failure site additionally included, for the tst-truncate-common core shared between the tst-truncate and tst-truncate64 tests. Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-26nptl: Use <support/check.h> facilities in tst-setuid3Maciej W. Rozycki1-21/+16
Remove local FAIL macro in favor to FAIL_EXIT1 from <support/check.h>, which provides equivalent reporting, with the name of the file and the line number within of the failure site additionally included. Remove FAIL_ERR altogether and include ": %m" explicitly with the format string supplied to FAIL_EXIT1 as there seems little value to have a separate macro just for this. Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-25sparc: Regenerate ULPsAdhemerval Zanella1-3/+3
From new tests added by 4dc22baa84bdb4111c0ac0db7139bf9ab953bf61.
2024-07-25i386: Regenerate ULPsAdhemerval Zanella2-4/+4
From new tests added by 4dc22baa84bdb4111c0ac0db7139bf9ab953bf61.
2024-07-25arm: Regenerate ULPsAdhemerval Zanella1-2/+2
From new tests added by 4dc22baa84bdb4111c0ac0db7139bf9ab953bf61.
2024-07-25aarch64: Regenerate ULPsAdhemerval Zanella1-4/+4
From new tests added by 4dc22baa84bdb4111c0ac0db7139bf9ab953bf61.
2024-07-25powerpc: Regenerate ULPs for soft-fpAdhemerval Zanella1-5/+5
From new tests added by 4dc22baa84bdb4111c0ac0db7139bf9ab953bf61.
2024-07-25powerpc: Update ulps for fpujeevitha1-6/+6
Adjust the ULPs for the log2p1 implementation.
2024-07-25riscv: Update ulpsKhem Raj1-4/+4
Generated with make regen-ulps using gcc14 on a visionfive2 SBC. Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-07-25s390x: Regenerate ULPs.Stefan Liebler1-4/+4
Needed due to: "This patch adds larger ulp errors for the log2p1 function." commit 4dc22baa84bdb4111c0ac0db7139bf9ab953bf61
2024-07-25x32/cet: Support shadow stack during startup for Linux 6.10H.J. Lu3-3/+8
Use RXX_LP in RTLD_START_ENABLE_X86_FEATURES. Support shadow stack during startup for Linux 6.10: commit 2883f01ec37dd8668e7222dfdb5980c86fdfe277 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Mar 15 07:04:33 2024 -0700 x86/shstk: Enable shadow stacks for x32 1. Add shadow stack support to x32 signal. 2. Use the 64-bit map_shadow_stack syscall for x32. 3. Set up shadow stack for x32. Add the map_shadow_stack system call to <fixup-asm-unistd.h> and regenerate arch-syscall.h. Tested on Intel Tiger Lake with CET enabled x32. There are no regressions with CET enabled x86-64. There are no changes in CET enabled x86-64 _dl_start_user. Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-07-25x86-64: Remove sysdeps/x86_64/x32/dl-machine.hH.J. Lu2-87/+16
Remove sysdeps/x86_64/x32/dl-machine.h by folding x32 ARCH_LA_PLTENTER, ARCH_LA_PLTEXIT and RTLD_START into sysdeps/x86_64/dl-machine.h. There are no regressions on x86-64 nor x32. There are no changes in x86-64 _dl_start_user. On x32, _dl_start_user changes are <_dl_start_user>: mov %eax,%r12d + mov %esp,%r13d mov (%rsp),%edx mov %edx,%esi - mov %esp,%r13d and $0xfffffff0,%esp mov 0x0(%rip),%edi # <_dl_start_user+0x14> lea 0x8(%r13,%rdx,4),%ecx Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2024-07-24hppa: Update libm-test-ulpsJohn David Anglin1-7/+8
2024-07-24manual: Do not mention STATIC_TLS in dynamic linker hardening recommendationsFlorian Weimer1-12/+12
The current toolchain does not consistently generate it, and glibc does not use it. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2024-07-24resolv: Implement strict-error stub resolver option (bug 27929)Florian Weimer6-36/+84
For now, do not enable this mode by default due to the potential impact on compatibility with existing deployments. Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-24resolv: Support clearing option flags with a “-” prefix (bug 14799)Florian Weimer3-14/+30
I think using a “-” prefix is less confusing than introducing double-negation construct (“no-no-tld-query”). Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-24resolv: Do not wait for non-existing second DNS response after error (bug 30081)Florian Weimer4-1/+149
In single-request mode, there is no second response after an error because the second query has not been sent yet. Waiting for it introduces an unnecessary timeout. Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-24resolv: Allow short error responses to match any query (bug 31890)Florian Weimer3-10/+134
Reviewed-by: DJ Delorie <dj@redhat.com>
2024-07-22malloc: add multi-threaded tests for aligned_alloc/calloc/mallocMiguel Martín3-0/+172
Improve aligned_alloc/calloc/malloc test coverage by adding multi-threaded tests with random memory allocations and with/without cross-thread memory deallocations. Perform a number of memory allocation calls with random sizes limited to 0xffff. Use the existing DSO ('malloc/tst-aligned_alloc-lib.c') to randomize allocator selection. The multi-threaded allocation/deallocation is staged as described below: - Stage 1: Half of the threads will be allocating memory and the other half will be waiting for them to finish the allocation. - Stage 2: Half of the threads will be allocating memory and the other half will be deallocating memory. - Stage 3: Half of the threads will be deallocating memory and the second half waiting on them to finish. Add 'malloc/tst-aligned-alloc-random-thread.c' where each thread will deallocate only the memory that was previously allocated by itself. Add 'malloc/tst-aligned-alloc-random-thread-cross.c' where each thread will deallocate memory that was previously allocated by another thread. The intention is to be able to utilize existing malloc testing to ensure that similar allocation APIs are also exposed to the same rigors. Reviewed-by: Arjun Shankar <arjun@redhat.com>
2024-07-22malloc: avoid global locks in tst-aligned_alloc-lib.cMiguel Martín1-19/+20
Make sure the DSO used by aligned_alloc/calloc/malloc tests does not get a global lock on multithreaded tests. Reviewed-by: Arjun Shankar <arjun@redhat.com>
2024-07-22This patch adds larger ulp errors for the log2p1 function.Paul Zimmermann3-5/+350
Changes in v2: - added larger error for long double on AMD reported by Adhemerval (https://sourceware.org/pipermail/libc-alpha/2024-June/157755.html) Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2024-07-21NEWS: Add new sectionAndreas K. Hüttel1-0/+27
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-07-21Increase version number to 2.40.9000glibc-2.40.9000Andreas K. Hüttel1-2/+2
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-07-21Add ChangeLog fileglibc-2.40Andreas K. Hüttel1-0/+10379
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-07-21Increase version number to 2.40Andreas K. Hüttel2-3/+3
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-07-21po/*: regenerate (only line number changes)Andreas K. Hüttel38-1797/+1797
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-07-21contrib.texi: Fix format of MIPS and RISC-VAndreas K. Hüttel1-3/+3
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-07-21libc.pot: regenerate (only line number changes)Andreas K. Hüttel1-57/+57
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2024-07-21install.texi: bump "latest verified" versionsAndreas K. Hüttel2-18/+18
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>