aboutsummaryrefslogtreecommitdiff
path: root/csu
AgeCommit message (Collapse)AuthorFilesLines
2022-05-16Remove kernel version checkAdhemerval Zanella2-8/+3
The kernel version check is used to avoid glibc to run on older kernels where some syscall are not available and fallback code are not enabled to handle graciously fail. However, it does not prevent if the kernel does not correctly advertise its version through vDSO note, uname or procfs. Also kernel version checks are sometime not desirable by users, where they want to deploy on different system with different kernel version knowing the minimum set of syscall is always presented on such systems. The kernel version check has been removed along with the LD_ASSUME_KERNEL environment variable. The minimum kernel used to built glibc is still provided through NT_GNU_ABI_TAG ELF note and also printed when libc.so is issued. Checked on x86_64-linux-gnu.
2022-05-16csu: Implement and use _dl_early_allocate during static startupFlorian Weimer1-3/+8
This implements mmap fallback for a brk failure during TLS allocation. scripts/tls-elf-edit.py is updated to support the new patching method. The script no longer requires that in the input object is of ET_DYN type. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-04-19elf: Remove __libc_init_secureFangrui Song1-3/+0
After 73fc4e28b9464f0e13edc719a5372839970e7ddb, __libc_enable_secure_decided is always 0 and a statically linked executable may overwrite __libc_enable_secure without considering AT_SECURE. The __libc_enable_secure has been correctly initialized in _dl_aux_init, so just remove __libc_enable_secure_decided and __libc_init_secure. This allows us to remove some startup_get*id functions from 22b79ed7f413cd980a7af0cf258da5bf82b6d5e5. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert13-14/+14
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2021-12-28elf: Add _dl_audit_preinitAdhemerval Zanella1-20/+3
It consolidates the code required to call la_preinit audit callback. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-12-12hurd: Add rules for static PIE buildSamuel Thibault1-5/+12
This fixes [BZ #28671].
2021-12-09Remove TLS_TCB_ALIGN and TLS_INIT_TCB_ALIGNFlorian Weimer1-2/+3
TLS_INIT_TCB_ALIGN is not actually used. TLS_TCB_ALIGN was likely introduced to support a configuration where the thread pointer has not the same alignment as THREAD_SELF. Only ia64 seems to use that, but for the stack/pointer guard, not for storing tcbhead_t. Some ports use TLS_TCB_OFFSET and TLS_PRE_TCB_SIZE to shift the thread pointer, potentially landing in a different residue class modulo the alignment, but the changes should not impact that. In general, given that TLS variables have their own alignment requirements, having different alignment for the (unshifted) thread pointer and struct pthread would potentially result in dynamic offsets, leading to more complexity. hppa had different values before: __alignof__ (tcbhead_t), which seems to be 4, and __alignof__ (struct pthread), which was 8 (old default) and is now 32. However, it defines THREAD_SELF as: /* Return the thread descriptor for the current thread. */ # define THREAD_SELF \ ({ struct pthread *__self; \ __self = __get_cr27(); \ __self - 1; \ }) So the thread pointer points after struct pthread (hence __self - 1), and they have to have the same alignment on hppa as well. Similarly, on ia64, the definitions were different. We have: # define TLS_PRE_TCB_SIZE \ (sizeof (struct pthread) \ + (PTHREAD_STRUCT_END_PADDING < 2 * sizeof (uintptr_t) \ ? ((2 * sizeof (uintptr_t) + __alignof__ (struct pthread) - 1) \ & ~(__alignof__ (struct pthread) - 1)) \ : 0)) # define THREAD_SELF \ ((struct pthread *) ((char *) __thread_self - TLS_PRE_TCB_SIZE)) And TLS_PRE_TCB_SIZE is a multiple of the struct pthread alignment (confirmed by the new _Static_assert in sysdeps/ia64/libc-tls.c). On m68k, we have a larger gap between tcbhead_t and struct pthread. But as far as I can tell, the port is fine with that. The definition of TCB_OFFSET is sufficient to handle the shifted TCB scenario. This fixes commit 23c77f60181eb549f11ec2f913b4270af29eee38 ("nptl: Increase default TCB alignment to 32"). Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-12-05csu: Always use __executable_start in gmon-start.cFlorian Weimer1-26/+3
Current binutils defines __executable_start as the lowest text address, so using the entry point address as a fallback is no longer necessary. As a result, overriding <entry.h> is only necessary if the entry point is not called _start. The previous approach to define __ASSEMBLY__ to suppress the declaration breaks if headers included by <entry.h> are not compatible with __ASSEMBLY__. This happens with rseq integration because it is necessary to include kernel headers in more places. Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-09-19Extend struct r_debug to support multiple namespaces [BZ #15971]H.J. Lu2-0/+9
Glibc does not provide an interface for debugger to access libraries loaded in multiple namespaces via dlmopen. The current rtld-debugger interface is described in the file: elf/rtld-debugger-interface.txt under the "Standard debugger interface" heading. This interface only provides access to the first link-map (LM_ID_BASE). 1. Bump r_version to 2 when multiple namespaces are used. This triggers the GDB bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28236 2. Add struct r_debug_extended to extend struct r_debug into a linked-list, where each element correlates to an unique namespace. 3. Initialize the r_debug_extended structure. Bump r_version to 2 for the new namespace and add the new namespace to the namespace linked list. 4. Add _dl_debug_update to return the address of struct r_debug' of a namespace. 5. Add a hidden symbol, _r_debug_extended, for struct r_debug_extended. 6. Provide the symbol, _r_debug, with size of struct r_debug, as an alias of _r_debug_extended, for programs which reference _r_debug. This fixes BZ #15971. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-08-24Use __executable_start as the lowest address for profiling [BZ #28153]H.J. Lu1-1/+9
Glibc assumes that ENTRY_POINT is the lowest address for which we need to keep profiling records and BFD linker uses a linker script to place the input sections. Starting from GCC 4.6, the main function is placed in .text.startup section and starting from binutils 2.22, BFD linker with commit add44f8d5c5c05e08b11e033127a744d61c26aee Author: Alan Modra <amodra@gmail.com> Date: Thu Nov 25 03:03:02 2010 +0000 * scripttempl/elf.sc: Group .text.exit, text.startup and .text.hot sections. places .text.startup section before .text section, which leave the main function out of profiling records. Starting from binutils 2.15, linker provides __executable_start to mark the lowest address of the executable. Use __executable_start as the lowest address to keep the main function in profiling records. This fixes [BZ #28153]. Tested on Linux/x86-64, Linux/x32 and Linux/i686 as well as with build-many-glibcs.py.
2021-07-09Force building with -fno-commonFlorian Weimer1-2/+1
As a result, is not necessary to specify __attribute__ ((nocommon)) on individual definitions. GCC 10 defaults to -fno-common on all architectures except ARC, but this change is compatible with older GCC versions and ARC, too. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-06-22Use 64 bit time_t stat internallyAdhemerval Zanella1-4/+4
For the legacy ABI with supports 32-bit time_t it calls the 64-bit time directly, since the LFS symbols calls the 64-bit time_t ones internally. Checked on i686-linux-gnu and x86_64-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
2021-06-04nptl: Remove exit-thread.hAdhemerval Zanella1-1/+0
No function change. The code is used only for Linux, besides being included in generic code.
2021-05-10elf: Introduce __tls_pre_init_tpFlorian Weimer1-0/+2
This is an early variant of __tls_init_tp, primarily for initializing thread-related elements of _rtld_global/GL. Some existing initialization code not needed for NPTL is moved into the generic version of this function. Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-04-21elf: Introduce __tls_init_tp for second-phase TCB initializationFlorian Weimer1-7/+1
TLS_INIT_TP is processor-specific, so it is not a good place to put thread library initialization code (it would have to be repeated for all CPUs). Introduce __tls_init_tp as a separate function, to be called immediately after TLS_INIT_TP. Move the existing stack list setup code for NPTL to this function. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-04-21csu: Move calling main out of __libc_start_main_implFlorian Weimer1-70/+4
This code depends on whether glibc has unwinding support for a particular port. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-03-15Build libc-start with stack protector for SHAREDSiddhesh Poyarekar1-10/+12
This does not change the emitted code since __libc_start_main does not return, but is important for formal flags compliance. This also cleans up the cosmetic inconsistency in the stack protector flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-02-25Reduce the statically linked startup code [BZ #23323]Florian Weimer4-127/+159
It turns out the startup code in csu/elf-init.c has a perfect pair of ROP gadgets (see Marco-Gisbert and Ripoll-Ripoll, "return-to-csu: A New Method to Bypass 64-bit Linux ASLR"). These functions are not needed in dynamically-linked binaries because DT_INIT/DT_INIT_ARRAY are already processed by the dynamic linker. However, the dynamic linker skipped the main program for some reason. For maximum backwards compatibility, this is not changed, and instead, the main map is consulted from __libc_start_main if the init function argument is a NULL pointer. For statically linked binaries, the old approach based on linker symbols is still used because there is nothing else available. A new symbol version __libc_start_main@@GLIBC_2.34 is introduced because new binaries running on an old libc would not run their ELF constructors, leading to difficult-to-debug issues.
2021-01-21csu: Move static pie self relocation later [BZ #27072]Szabolcs Nagy1-2/+5
IFUNC resolvers may depend on tunables and cpu feature setup so move static pie self relocation after those. It is hard to guarantee that the ealy startup code does not rely on relocations so this is a bit fragile. It would be more robust to handle RELATIVE relocs early and only IRELATIVE relocs later, but the current relocation processing code cannot do that. The early startup code up to relocation processing includes _dl_aux_init (auxvec); __libc_init_secure (); __tunables_init (__environ); ARCH_INIT_CPU_FEATURES (); _dl_relocate_static_pie (); These are simple enough that RELATIVE relocs can be avoided. The following steps include ARCH_SETUP_IREL (); ARCH_SETUP_TLS (); ARCH_APPLY_IREL (); On some targets IRELATIVE processing relies on TLS setup on others TLS setup relies on IRELATIVE relocs, so the right position for _dl_relocate_static_pie is target dependent. For now move self relocation as early as possible on targets that support static PIE. Fixes bug 27072. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-01-21Use hidden visibility for early static PIE codeSzabolcs Nagy1-0/+4
Extern symbol access in position independent code usually involves GOT indirection which needs RELATIVE reloc in a static linked PIE. (On some targets this is avoided e.g. because the linker can relax a GOT access to a pc-relative access, but this is not generally true.) Code that runs before static PIE self relocation must avoid relying on dynamic relocations which can be ensured by using hidden visibility. However we cannot just make all symbols hidden: On i386, all calls to IFUNC functions must go through PLT and calls to hidden functions CANNOT go through PLT in PIE since EBX used in PIE PLT may not be set up for local calls to hidden IFUNC functions. This patch aims to make symbol references hidden in code that is used before and by _dl_relocate_static_pie when building a static PIE libc. Note: for an object that is used in the startup code, its references and definition may not have consistent visibility: it is only forced hidden in the startup code. This is needed for fixing bug 27072. Co-authored-by: H.J. Lu <hjl.tools@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-01-21csu: Avoid weak ref for __ehdr_start in static PIESzabolcs Nagy1-0/+4
All linkers support __ehdr_start that support static PIE linking, so there is no need to check for its presence via a weak reference. This avoids a RELATIVE relocation in static PIE startup code on some targets. With non-PIE static linking the weak ref check is kept in case the linker does not support __ehdr_start. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-01-02Update copyright dates with scripts/update-copyrightsPaul Eggert14-15/+15
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
2020-12-16Replace __libc_multiple_libcs with __libc_initial flagFlorian Weimer2-15/+8
Change sbrk to fail for !__libc_initial (in the generic implementation). As a result, sbrk is (relatively) safe to use for the __libc_initial case (from the main libc). It is therefore no longer necessary to avoid using it in that case (or updating the brk cache), and the __libc_initial flag does not need to be updated as part of dlmopen or static dlopen. As before, direct brk system calls on Linux may lead to memory corruption. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-11-16nptl: Move stack list variables into _rtld_globalFlorian Weimer1-0/+7
Now __thread_gscope_wait (the function behind THREAD_GSCOPE_WAIT, formerly __wait_lookup_done) can be implemented directly in ld.so, eliminating the unprotected GL (dl_wait_lookup_done) function pointer. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-10-30Disable spurious -Wstringop-overflow for setjmp/longjmp (bug 26647)Joseph Myers1-0/+10
Building glibc with GCC 11 fails with (among other warnings) spurious -Wstringop-overflow warnings from calls to setjmp and longjmp with a pointer to a pthread_unwind_buf that is smaller than jmp_buf. As discussed in bug 26647, the warning in libc-start.c is a false positive, because setjmp and longjmp do not access anything (the signal mask) beyond the common prefix of the two structures, so this patch disables the warning for that call to setjmp, as well as for two calls in NPTL code that produce the same warning and look like false positives for the same reason. Tested with build-many-glibcs.py for arm-linux-gnueabi, where this allows the build to get further. Reviewed-by: DJ Delorie <dj@redhat.com>
2020-09-11Remove internal usage of extensible stat functionsAdhemerval Zanella1-1/+1
It replaces the internal usage of __{f,l}xstat{at}{64} with the __{f,l}stat{at}{64}. It should not change the generate code since sys/stat.h explicit defines redirections to internal calls back to xstat* symbols. Checked with a build for all affected ABIs. I also check on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-07-16Linux: Remove rseq supportFlorian Weimer1-6/+0
The kernel ABI is not finalized, and there are now various proposals to change the size of struct rseq, which would make the glibc ABI dependent on the version of the kernels used for building glibc. This is of course not acceptable. This reverts commit 48699da1c468543ade14777819bd1b4d652709de ("elf: Support at least 32-byte alignment in static dlopen"), commit 8f4632deb3545b2949cec5454afc3cb21a0024ea ("Linux: rseq registration tests"), commit 6e29cb3f61ff5432c78a1c84b0d9b123a350ab36 ("Linux: Use rseq in sched_getcpu if available"), and commit 0c76fc3c2b346dc5401dc055d97d4279632b0fb3 ("Linux: Perform rseq registration at C startup and thread creation"), resolving the conflicts introduced by the ARC port and the TLS static surplus changes. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-12elf: Support at least 32-byte alignment in static dlopenFlorian Weimer1-0/+6
Otherwise loading a dynamically linked libc with rseq support fails, as result of the __rseq_abi TLS variable, which has an alignment of 32 bytes. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Vineet Gupta <vgupta@synopsys.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Tested-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-08rtld: Avoid using up static TLS surplus for optimizations [BZ #25051]Szabolcs Nagy1-0/+3
On some targets static TLS surplus area can be used opportunistically for dynamically loaded modules such that the TLS access then becomes faster (TLSDESC and powerpc TLS optimization). However we don't want all surplus TLS to be used for this optimization because dynamically loaded modules with initial-exec model TLS can only use surplus TLS. The new contract for surplus static TLS use is: - libc.so can have up to 192 bytes of IE TLS, - other system libraries together can have up to 144 bytes of IE TLS. - Some "optional" static TLS is available for opportunistic use. The optional TLS is now tunable: rtld.optional_static_tls, so users can directly affect the allocated static TLS size. (Note that module unloading with dlclose does not reclaim static TLS. After the optional TLS runs out, TLS access is no longer optimized to use static TLS.) The default setting of rtld.optional_static_tls is 512 so the surplus TLS is 3*192 + 4*144 + 512 = 1664 by default, the same as before. Fixes BZ #25051. Tested on aarch64-linux-gnu and x86_64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-08rtld: Account static TLS surplus for audit modulesSzabolcs Nagy1-2/+2
The new static TLS surplus size computation is surplus_tls = 192 * (nns-1) + 144 * nns + 512 where nns is controlled via the rtld.nns tunable. This commit accounts audit modules too so nns = rtld.nns + audit modules. rtld.nns should only include the namespaces required by the application, namespaces for audit modules are accounted on top of that so audit modules don't use up the static TLS that is reserved for the application. This allows loading many audit modules without tuning rtld.nns or using up static TLS, and it fixes FAIL: elf/tst-auditmany Note that DL_NNS is currently a hard upper limit for nns, and if rtld.nns + audit modules go over the limit that's a fatal error. By default rtld.nns is 4 which allows 12 audit modules. Counting the audit modules is based on existing audit string parsing code, we cannot use GLRO(dl_naudit) before the modules are actually loaded.
2020-07-08rtld: Add rtld.nns tunable for the number of supported namespacesSzabolcs Nagy1-14/+14
TLS_STATIC_SURPLUS is 1664 bytes currently which is not enough to support DL_NNS (== 16) number of dynamic link namespaces, if we assume 192 bytes of TLS are reserved for libc use and 144 bytes are reserved for other system libraries that use IE TLS. A new tunable is introduced to control the number of supported namespaces and to adjust the surplus static TLS size as follows: surplus_tls = 192 * (rtld.nns-1) + 144 * rtld.nns + 512 The default is rtld.nns == 4 and then the surplus TLS size is the same as before, so the behaviour is unchanged by default. If an application creates more namespaces than the rtld.nns setting allows, then it is not guaranteed to work, but the limit is not checked. So existing usage will continue to work, but in the future if an application creates more than 4 dynamic link namespaces then the tunable will need to be set. In this patch DL_NNS is a fixed value and provides a maximum to the rtld.nns setting. Static linking used fixed 2048 bytes surplus TLS, this is changed so the same contract is used as for dynamic linking. With static linking DL_NNS == 1 so rtld.nns tunable is forced to 1, so by default the surplus TLS is reduced to 144 + 512 = 656 bytes. This change is not expected to cause problems. Tested on aarch64-linux-gnu and x86_64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-08Rewrite abi-note.S in C.Szabolcs Nagy1-10/+15
Using C code allows the compiler to add target specific object file markings based on CFLAGS. The arm specific abi-note.S is removed and similar object file fix up will be avoided on AArch64 with standard branch protection.
2020-05-18Remove NO_CTORS_DTORS_SECTIONS macroFlorian Weimer1-4/+0
This was originally added to support binutils older than version 2.22: <https://sourceware.org/ml/libc-alpha/2010-12/msg00051.html> Since 2.22 is older than the minimum required binutils version for building glibc, we no longer need this. (The changes do not impact the statically linked startup code.)
2020-04-29elf: Add initial flag argument to __libc_early_initFlorian Weimer1-1/+2
The rseq initialization should happen only for the libc in the base namespace (in the dynamic case) or the statically linked libc. The __libc_multiple_libcs flag does not quite cover this case at present, so this commit introduces a flag argument to __libc_early_init, indicating whether the libc being libc is the primary one (of the main program). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-24elf: Implement __libc_early_initFlorian Weimer2-4/+5
This function is defined in libc.so, and the dynamic loader calls right after relocation has been finished, before any ELF constructors or the preinit function is invoked. It is also used in the static build for initializing parts of the static libc. To locate __libc_early_init, a direct symbol lookup function is used, _dl_lookup_direct. It does not search the entire symbol scope and consults merely a single link map. This function could also be used to implement lookups in the vDSO (as an optimization). A per-namespace variable (libc_map) is added for locating libc.so, to avoid repeated traversals of the search scope. It is similar to GL(dl_initfirst). An alternative would have been to thread a context argument from _dl_open down to _dl_map_object_from_fd (where libc.so is identified). This could have avoided the global variable, but the change would be larger as a result. It would not have been possible to use this to replace GL(dl_initfirst) because that global variable is used to pass the function pointer past the stack switch from dl_main to the main program. Replacing that requires adding a new argument to _dl_init, which in turn needs changes to the architecture-specific libc.so startup code written in assembler. __libc_early_init should not be used to replace _dl_var_init (as it exists today on some architectures). Instead, _dl_lookup_direct should be used to look up a new variable symbol in libc.so, and that should then be initialized from the dynamic loader, immediately after the object has been loaded in _dl_map_object_from_fd (before relocation is run). This way, more IFUNC resolvers which depend on these variables will work. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-02-25csu: Use ELF constructor instead of _init in libc.soFlorian Weimer1-6/+6
On !ELF_INITFINI architectures, _init is no longer called by the dynamic linker. We can use an ELF constructor instead because the constructor order does not matter. (The other constructors are used to set up libio vtable bypasses and do not depend on this initialization routine.)
2020-02-18Introduce <elf-initfini.h> and ELF_INITFINI for all architecturesFlorian Weimer2-3/+12
This supersedes the init_array sysdeps directory. It allows us to check for ELF_INITFINI in both C and assembler code, and skip DT_INIT and DT_FINI processing completely on newer architectures. A new header file is needed because <dl-machine.h> is incompatible with assembler code. <sysdep.h> is compatible with assembler code, but it cannot be included in all assembler files because on some architectures, it redefines register names, and some assembler files conflict with that. <elf-initfini.h> is replicated for legacy architectures which need DT_INIT/DT_FINI support. New architectures follow the generic default and disable it.
2020-01-03elf: Move vDSO setup to rtld (BZ#24967)Adhemerval Zanella1-4/+0
This patch moves the vDSO setup from libc to loader code, just after the vDSO link_map setup. For static case the initialization is moved to _dl_non_dynamic_init instead. Instead of using the mangled pointer, the vDSO data is set as attribute_relro (on _rtld_global_ro for shared or _dl_vdso_* for static). It is read-only even with partial relro. It fixes BZ#24967 now that the vDSO pointer is setup earlier than malloc interposition is called. Also, vDSO calls should not be a problem for static dlopen as indicated by BZ#20802. The vDSO pointer would be zero-initialized and the syscall will be issued instead. Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, arm-linux-gnueabihf, powerpc64le-linux-gnu, powerpc64-linux-gnu, powerpc-linux-gnu, s390x-linux-gnu, sparc64-linux-gnu, and sparcv9-linux-gnu. I also run some tests on mips. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-01Update copyright dates not handled by scripts/update-copyrights.Joseph Myers1-1/+1
I've updated copyright dates in glibc for 2020. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus libc.texinfo which previously had to be handled manually but is now successfully updated by update-copyrights), there is a fix to sysdeps/unix/sysv/linux/powerpc/bits/termios-c_lflag.h where a typo in the copyright notice meant it failed to be updated automatically. Please remember to include 2020 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
2020-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers14-14/+14
2019-11-15Introduce link_map_audit_state accessor functionFlorian Weimer1-1/+1
To improve GCC 10 compatibility, it is necessary to remove the l_audit zero-length array from the end of struct link_map. In preparation of that, this commit introduces an accessor function for the audit state, so that it is possible to change the representation of the audit state without adjusting the code that accesses it. Tested on x86_64-linux-gnu. Built on i686-gnu. Change-Id: Id815673c29950fc011ae5301d7cde12624f658df
2019-11-12slotinfo in struct dtv_slotinfo_list should be flexible array [BZ #25097]Florian Weimer1-20/+14
GCC 10 will warn about subscribing inner length zero arrays. Use a GCC extension in csu/libc-tls.c to allocate space for the static_slotinfo variable. Adjust nptl_db so that the type description machinery does not attempt to determine the size of the flexible array member slotinfo. Change-Id: I51be146a7857186a4ede0bb40b332509487bdde8
2019-09-07Prefer https to http for gnu.org and fsf.org URLsPaul Eggert14-14/+14
Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-01-01Update copyright dates not handled by scripts/update-copyrights.Joseph Myers1-1/+1
I've updated copyright dates in glibc for 2019. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. Please remember to include 2019 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them). * NEWS: Update copyright dates. * catgets/gencat.c (print_version): Likewise. * csu/version.c (banner): Likewise. * debug/catchsegv.sh: Likewise. * debug/pcprofiledump.c (print_version): Likewise. * debug/xtrace.sh (do_version): Likewise. * elf/ldconfig.c (print_version): Likewise. * elf/ldd.bash.in: Likewise. * elf/pldd.c (print_version): Likewise. * elf/sotruss.sh: Likewise. * elf/sprof.c (print_version): Likewise. * iconv/iconv_prog.c (print_version): Likewise. * iconv/iconvconfig.c (print_version): Likewise. * locale/programs/locale.c (print_version): Likewise. * locale/programs/localedef.c (print_version): Likewise. * login/programs/pt_chown.c (print_version): Likewise. * malloc/memusage.sh (do_version): Likewise. * malloc/memusagestat.c (print_version): Likewise. * malloc/mtrace.pl: Likewise. * manual/libc.texinfo: Likewise. * nptl/version.c (banner): Likewise. * nscd/nscd.c (print_version): Likewise. * nss/getent.c (print_version): Likewise. * nss/makedb.c (print_version): Likewise. * posix/getconf.c (main): Likewise. * scripts/test-installation.pl: Likewise. * sysdeps/unix/sysv/linux/lddlibc4.c (main): Likewise.
2019-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers14-14/+14
* All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
2018-07-05Build csu/elf-init.c and csu/static-reloc.c with stack protectorFlorian Weimer1-0/+16
This does not change generated code (with -fstack-protector-strong), but is important for formal compiler flags compliance. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2018-06-26Fix Linux fcntl OFD locks for non-LFS architectures (BZ#20251)Adhemerval Zanella1-1/+1
This patch fixes the OFD ("file private") locks for architectures that support non-LFS flock definition (__USE_FILE_OFFSET64 not defined). The issue in this case is both F_OFD_{GETLK,SETLK,SETLKW} and F_{SET,GET}L{W}K64 expects a flock64 argument and when using old F_OFD_* flags with a non LFS flock argument the kernel might interpret the underlying data wrongly. Kernel idea originally was to avoid using such flags in non-LFS syscall, but since GLIBC uses fcntl with LFS semantic as default it is possible to provide the functionality and avoid the bogus struct kernel passing by adjusting the struct manually for the required flags. The idea follows other LFS interfaces that provide two symbols: 1. A new LFS fcntl64 is added on default ABI with the usual macros to select it for FILE_OFFSET_BITS=64. 2. The Linux non-LFS fcntl use a stack allocated struct flock64 for F_OFD_{GETLK,SETLK,SETLKW} copy the results on the user provided struct. 3. Keep a compat symbol with old broken semantic for architectures that do not define __OFF_T_MATCHES_OFF64_T. So for architectures which defines __USE_FILE_OFFSET64, fcntl64 will aliased to fcntl and no adjustment would be required. So to actually use F_OFD_* with LFS support the source must be built with LFS support (_FILE_OFFSET_BITS=64). Also F_OFD_SETLKW command is handled a cancellation point, as for F_SETLKW{64}. Checked on x86_64-linux-gnu and i686-linux-gnu. [BZ #20251] * NEWS: Mention fcntl64 addition. * csu/check_fds.c: Replace __fcntl_nocancel by __fcntl64_nocancel. * login/utmp_file.c: Likewise. * sysdeps/posix/fdopendir.c: Likewise. * sysdeps/posix/opendir.c: Likewise. * sysdeps/unix/pt-fcntl.c: Likewise. * include/fcntl.h (__libc_fcntl64, __fcntl64, __fcntl64_nocancel_adjusted): New prototype. (__fcntl_nocancel_adjusted): Remove prototype. * io/Makefile (routines): Add fcntl64. (CFLAGS-fcntl64.c): New rule. * io/Versions [GLIBC_2.28] (fcntl64): New symbol. [GLIBC_PRIVATE] (__libc_fcntl): Rename to __libc_fcntl64. * io/fcntl.h (fcntl64): Add prototype and redirect if __USE_FILE_OFFSET64 is defined. * io/fcntl64.c: New file. * manual/llio.text: Add a note for which commands fcntl acts a cancellation point. * nptl/Makefile (CFLAGS-fcntl64.c): New rule. * sysdeps/mach/hurd/fcntl.c: Alias fcntl to fcntl64 symbols. * sysdeps/mach/hurd/i386/libc.abilist [GLIBC_2.28] (fcntl, fcntl64): New symbols. * sysdeps/unix/sysv/linux/fcntl.c (__libc_fcntl): Fix F_GETLK64, F_OFD_GETLK, F_SETLK64, F_SETLKW64, F_OFD_SETLK, and F_OFD_SETLKW for non-LFS case. * sysdeps/unix/sysv/linux/fcntl64.c: New file. * sysdeps/unix/sysv/linux/fcntl_nocancel.c (__fcntl_nocancel): Rename to __fcntl64_nocancel. (__fcntl_nocancel_adjusted): Rename to __fcntl64_nocancel_adjusted. * sysdeps/unix/sysv/linux/not-cancel.h (__fcntl_nocancel): Rename to __fcntl64_nocancel. * sysdeps/unix/sysv/linux/tst-ofdlocks.c: New file. * sysdeps/unix/sysv/linux/tst-ofdlocks-compat.c: Likewise. * sysdeps/unix/sysv/linux/Makefile (tests): Add tst-ofdlocks. (tests-internal): Add tst-ofdlocks-compat. * sysdeps/unix/sysv/linux/aarch64/libc.abilist [GLIBC_2.28] (fcntl64): New symbol. * sysdeps/unix/sysv/linux/alpha/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/ia64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist: Likewise. * sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/x86_64/64/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/arm/libc.abilist [GLIBC_2.28] (fcntl, fcntl64): Likewise. * sysdeps/unix/sysv/linux/hppa/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/i386/libc.abilis: Likewise. * sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/microblaze/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/nios2/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/sh/libc.abilist: Likewise. * sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist: Likewise.
2018-06-12Avoid cancellable I/O primitives in ld.so.Zack Weinberg1-2/+1
Neither the <dlfcn.h> entry points, nor lazy symbol resolution, nor initial shared library load-up, are cancellation points, so ld.so should exclusively use I/O primitives that are not cancellable. We currently achieve this by having the cancellation hooks compile as no-ops when IS_IN(rtld); this patch changes to using exclusively _nocancel primitives in the source code instead, which makes the intent clearer and significantly reduces the amount of code compiled under IS_IN(rtld) as well as IS_IN(libc) -- in particular, elf/Makefile no longer thinks we require a copy of unwind.c in rtld-libc.a. (The older mechanism is preserved as a backstop.) The bulk of the change is splitting up the files that define the _nocancel I/O functions, so they don't also define the variants that *are* cancellation points; after which, the existing logic for picking out the bits of libc that need to be recompiled as part of ld.so Just Works. I did this for all of the _nocancel functions, not just the ones used by ld.so, for consistency. fcntl was a little tricky because it's only a cancellation point for certain opcodes (F_SETLKW(64), which can block), and the existing __fcntl_nocancel wasn't applying the FCNTL_ADJUST_CMD hook, which strikes me as asking for trouble, especially as the only nontrivial definition of FCNTL_ADJUST_CMD (for powerpc64) changes F_*LK* opcodes. To fix this, fcntl_common moves to fcntl_nocancel.c along with __fcntl_nocancel, and changes its name to the extern (but hidden) symbol __fcntl_nocancel_adjusted, so that regular fcntl can continue calling it. __fcntl_nocancel now applies FCNTL_ADJUST_CMD; so that both both fcntl.c and fcntl_nocancel.c can see it, the only nontrivial definition moves from sysdeps/u/s/l/powerpc/powerpc64/fcntl.c to .../powerpc64/sysdep.h and becomes entirely a macro, instead of a macro that calls an inline function. The nptl version of libpthread also changes a little, because its "compat-routines" formerly included files that defined all the _nocancel functions it uses; instead of continuing to duplicate them, I exported the relevant ones from libc.so as GLIBC_PRIVATE. Since the Linux fcntl.c calls a function defined by fcntl_nocancel.c, it can no longer be used from libpthread.so; instead, introduce a custom forwarder, pt-fcntl.c, and export __libc_fcntl from libc.so as GLIBC_PRIVATE. The nios2-linux ABI doesn't include a copy of vfork() in libpthread, and it was handling that by manipulating libpthread-routines in .../linux/nios2/Makefile; it is cleaner to do what other such ports do, and have a pt-vfork.S that defines no symbols. Right now, it appears that Hurd does not implement _nocancel I/O, so sysdeps/generic/not-cancel.h will forward everything back to the regular functions. This changed the names of some of the functions that sysdeps/mach/hurd/dl-sysdep.c needs to interpose. * elf/dl-load.c, elf/dl-misc.c, elf/dl-profile.c, elf/rtld.c * sysdeps/unix/sysv/linux/dl-sysdep.c Include not-cancel.h. Use __close_nocancel instead of __close, __open64_nocancel instead of __open, __read_nocancel instead of __libc_read, and __write_nocancel instead of __libc_write. * csu/check_fds.c (check_one_fd) * sysdeps/posix/fdopendir.c (__fdopendir) * sysdeps/posix/opendir.c (__alloc_dir): Use __fcntl_nocancel instead of __fcntl and/or __libc_fcntl. * sysdeps/unix/sysv/linux/pthread_setname.c (pthread_setname_np) * sysdeps/unix/sysv/linux/pthread_getname.c (pthread_getname_np) * sysdeps/unix/sysv/linux/i386/smp.h (is_smp_system): Use __open64_nocancel instead of __open_nocancel. * sysdeps/unix/sysv/linux/not-cancel.h: Move all of the hidden_proto declarations to the end and issue them if either IS_IN(libc) or IS_IN(rtld). * sysdeps/unix/sysv/linux/Makefile [subdir=io] (sysdep_routines): Add close_nocancel, fcntl_nocancel, nanosleep_nocancel, open_nocancel, open64_nocancel, openat_nocancel, pause_nocancel, read_nocancel, waitpid_nocancel, write_nocancel. * io/Versions [GLIBC_PRIVATE]: Add __libc_fcntl, __fcntl_nocancel, __open64_nocancel, __write_nocancel. * posix/Versions: Add __nanosleep_nocancel, __pause_nocancel. * nptl/pt-fcntl.c: New file. * nptl/Makefile (pthread-compat-wrappers): Remove fcntl. (libpthread-routines): Add pt-fcntl. * include/fcntl.h (__fcntl_nocancel_adjusted): New function. (__libc_fcntl): Remove attribute_hidden. * sysdeps/unix/sysv/linux/fcntl.c (__libc_fcntl): Call __fcntl_nocancel_adjusted, not fcntl_common. (__fcntl_nocancel): Move to new file fcntl_nocancel.c. (fcntl_common): Rename to __fcntl_nocancel_adjusted; also move to fcntl_nocancel.c. * sysdeps/unix/sysv/linux/fcntl_nocancel.c: New file. * sysdeps/unix/sysv/linux/powerpc/powerpc64/fcntl.c: Remove file. * sysdeps/unix/sysv/linux/powerpc/powerpc64/sysdep.h: Define FCNTL_ADJUST_CMD here, as a self-contained macro. * sysdeps/unix/sysv/linux/close.c: Move __close_nocancel to... * sysdeps/unix/sysv/linux/close_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/nanosleep.c: Move __nanosleep_nocancel to... * sysdeps/unix/sysv/linux/nanosleep_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/open.c: Move __open_nocancel to... * sysdeps/unix/sysv/linux/open_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/open64.c: Move __open64_nocancel to... * sysdeps/unix/sysv/linux/open64_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/openat.c: Move __openat_nocancel to... * sysdeps/unix/sysv/linux/openat_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/openat64.c: Move __openat64_nocancel to... * sysdeps/unix/sysv/linux/openat64_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/pause.c: Move __pause_nocancel to... * sysdeps/unix/sysv/linux/pause_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/read.c: Move __read_nocancel to... * sysdeps/unix/sysv/linux/read_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/waitpid.c: Move __waitpid_nocancel to... * sysdeps/unix/sysv/linux/waitpid_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/write.c: Move __write_nocancel to... * sysdeps/unix/sysv/linux/write_nocancel.c: ...this new file. * sysdeps/unix/sysv/linux/nios2/Makefile: Don't override libpthread-routines. * sysdeps/unix/sysv/linux/nios2/pt-vfork.S: New file which defines nothing. * sysdeps/mach/hurd/dl-sysdep.c: Define __read instead of __libc_read, and __write instead of __libc_write. Define __open64 in addition to __open.
2018-03-25hurd: Initialize TLS and libpthread before signal thread startSamuel Thibault1-1/+1
* sysdeps/generic/libc-start.h [!SHARED] (ARCH_SETUP_TLS): Define to __libc_setup_tls. * sysdeps/unix/sysv/linux/powerpc/libc-start.h [!SHARED] (ARCH_SETUP_TLS): Likewise. * sysdeps/mach/hurd/libc-start.h: New file copied from sysdeps/generic/libc-start.h, but define ARCH_SETUP_TLS to empty. * csu/libc-start.c [!SHARED] (LIBC_START_MAIN): Call ARCH_SETUP_TLS instead of __libc_setup_tls. * sysdeps/mach/hurd/i386/init-first.c [!SHARED] (init1): Call __libc_setup_tls before initializing libpthread and running _hurd_init which starts the signal thread.
2018-02-07Post-cleanup 2: minimize _G_config.h.Zack Weinberg1-8/+5
Nearly everything in _G_config.h is either junk or more appropriately defined elsewhere: * _G_fpos_t, _G_fpos64_t, and _G_BUFSIZ are already completely unused. * All remaining uses of _G_va_list have been changed to __gnuc_va_list. * The definition of _G_HAVE_ST_BLKSIZE/_IO_HAVE_ST_BLKSIZE has been inlined into its sole use. * The complete definition of _G_iconv_t has been moved to libio.h and renamed _IO_iconv_t (all actual users used that name). * _G_IO_IO_FILE_VERSION is vestigial; some code cares whether _IO_stdin_used exists, but nothing looks at its value. I've preserved the value as a hardwired constant in csu/init.c. This means csu/init.c no longer needs to include anything. * Many of the headers included by _G_config.h were already being included directly by either either libio.h or stdio.h; the remaining ones were moved to libio.h. * _G_HAVE_MREMAP is still relevant, because mremap genuinely is a Linux extension; it's not in POSIX and as far as I can tell it's not available on the Hurd either. I also preserved _G_HAVE_MMAP, since it's conceivable someone would want to port glibc to a MMU-less, mmap-less environment in the future. Both are now always defined to 1/0 as is the current convention, instead of the older 1/undef convention. These are the only symbols still defined in _G_config.h. * The actual inclusion of _G_config.h moves from libio.h to libioP.h, as this is where a potential override of _G_HAVE_MMAP happens. * The #ifdef logic in libioP.h controlling _IO_JUMPS_OFFSET has been simplified. After this patch, the only surviving _G_ symbols are the struct tag names _G_fpos_t and _G_fpos64_t, which are preserved for the sake of C++ mangled names in applications, and _G_HAVE_MMAP and _G_HAVE_MREMAP, which do not seem worth renaming. Installed stripped libraries are unchanged by this patch. * bits/_G_config.h: Move back to sysdeps/generic/_G_config.h. Delete all contents except for definitions of _G_HAVE_MMAP and _G_HAVE_MREMAP. Add commentary explaining those two symbols. * sysdeps/unix/sysv/linux/bits/_G_config.h: Move back to sysdeps/unix/sysv/linux/_G_config.h. Make same content change as above. * libio/libio.h: Don't include bits/_G_config.h here. Include stddef.h with __need_wchar_t defined. Include bits/types/__mbstate_t.h, bits/types/wint_t.h, and gconv.h. Define _IO_iconv_t here, directly. Don't define _IO_HAVE_ST_BLKSIZE. * libio/libioP.h: Include _G_config.h here. Move include of shlib-compat.h up with rest of includes. Simplify conditionals controlling definition of _IO_JUMPS_OFFSET. * csu/init.c: Remove always-true #if around entire file. Don't include stdio.h. Set _IO_stdin_used to hardwired constant 0x20001, and update commentary. * include/stdio.h, sysdeps/ieee754/ldbl-opt/nldbl-compat.h: Replace all uses of _G_va_list with __gnuc_va_list. * libio/filedoalloc.c: Use #if defined _STATBUF_ST_BLKSIZE instead of #if _IO_HAVE_ST_BLKSIZE. * libio/fileops.c: Test _G_HAVE_MREMAP with #if, not #ifdef. * libio/iofdopen.c, libio/iofopen.c: Test _G_HAVE_MMAP with #if, not #ifdef.