Szabolcs Nagy [Sun, 7 Mar 2021 22:20:54 +0000 (22:20 +0000)]
signal.h: add SYS_USER_DISPATCH si_code value from linux v5.11
see
linux commit
1d7637d89cfce54a4f4a41c2325288c2f47470e8
signal: Expose SYS_USER_DISPATCH si_code type
Szabolcs Nagy [Sun, 7 Mar 2021 22:15:11 +0000 (22:15 +0000)]
signal.h: add si_code values for SIGSYS
unlike other si_code defines, SYS_ is not in the posix reserved namespace
which is likely the reason why SYS_SECCOMP was previously missing (was new
in linux v3.5).
Szabolcs Nagy [Sun, 7 Mar 2021 21:39:24 +0000 (21:39 +0000)]
netinet/tcp.h: add tcp zerocopy related changes from linux v5.11
see
linux commit
18fb76ed53865c1b5d5f0157b1b825704590beb5
net-zerocopy: Copy straggler unaligned data for TCP Rx. zerocopy.
linux commit
94ab9eb9b234ddf23af04a4bc7e8db68e67b8778
net-zerocopy: Defer vm zap unless actually needed.
Szabolcs Nagy [Sun, 7 Mar 2021 21:33:25 +0000 (21:33 +0000)]
netinet/if_ether.h: add ETH_P_CFM from linux v5.11
see
linux commit
fbaedb4129838252570410c65abb2036b5505cbd
bridge: uapi: cfm: Added EtherType used by the CFM protocol.
Szabolcs Nagy [Sun, 7 Mar 2021 21:19:36 +0000 (21:19 +0000)]
sys/socket.h: add new SO_ socket options from linux v5.11
see
linux commit
7fd3253a7de6a317a0683f83739479fb880bffc8
net: Introduce preferred busy-polling
linux commit
7c951cafc0cb2e575f1d58677b95ac387ac0a5bd
net: Add SO_BUSY_POLL_BUDGET socket option
Szabolcs Nagy [Sun, 7 Mar 2021 20:50:17 +0000 (20:50 +0000)]
sys/prctl.h: add PR_SET_SYSCALL_USER_DISPATCH from linux v5.11
see
linux commit
1446e1df9eb183fdf81c3f0715402f1d7595d4cb
kernel: Implement selective syscall userspace redirection
linux commit
36a6c843fd0d8e02506681577e96dabd203dd8e8
entry: Use different define for selector variable in SUD
redirect syscalls to a userspace handler via SIGSYS, except for a specific
range of code. can be toggled via a memory write to a selector variable.
mainly for wine.
Szabolcs Nagy [Sun, 7 Mar 2021 19:21:34 +0000 (19:21 +0000)]
bits/syscall.h: add epoll_pwait2 from linux v5.11
see
linux commit
b0a0c2615f6f199a656ed8549d7dce625d77aa77
epoll: wire up syscall epoll_pwait2
linux commit
58169a52ebc9a733aeb5bea857bc5daa71a301bb
epoll: add syscall epoll_pwait2
epoll_wait with struct timespec timeout instead of int. no time32 variant.
Alexey Kodanev [Tue, 29 Jun 2021 13:31:30 +0000 (16:31 +0300)]
nice: return EPERM instead of EACCES
To comply with POSIX, change errno from EACCES to EPERM
when the caller did not have the required privilege.
jvoisin [Mon, 13 Dec 2021 20:05:19 +0000 (21:05 +0100)]
protect stack canary from leak via read-as-string by zeroing second byte
This reduces entropy of the canary from 64-bit to 56-bit in exchange
for mitigating non-terminated C string overflows by setting the second
byte of the canary to nul, so that off-by-one write overflow with a
nul byte can still be detected.
Idea from GrapheneOS bionic commit
7024d880b51f03a796ff8832f1298f2f1531fd7b
Szabolcs Nagy [Fri, 4 Feb 2022 20:04:45 +0000 (21:04 +0100)]
math: avoid runtime conversions of floating-point constants
gcc-12 with -frounding-mode will do inexact constant conversions at
runtime according to the runtime rounding mode.
in the math library we want constants to be rounding mode independent
so this patch fixes cases where new runtime conversions happen with
gcc-12.
fortunately this only affects two minor cases, the fix uses global
initializers where rounding mode does not apply.
after the patch the same amount of conversions happen with gcc-12 as
with gcc-11.
Rich Felker [Mon, 21 Feb 2022 01:11:14 +0000 (20:11 -0500)]
fix spurious failures by fgetws when buffer ends with partial character
commit
a90d9da1d1b14d81c4f93e1a6d1a686c3312e4ba made fgetws look for
changes to errno by fgetwc to detect encoding errors, since ISO C did
not allow the implementation to set the stream's error flag in this
case, and the fgetwc interface did not admit any other way to detect
the error. however, the possibility of fgetwc setting errno to EILSEQ
in the success path was overlooked, and in fact this can happen if the
buffer ends with a partial character, causing mbtowc to be called with
only part of the character available.
since that change was made, the C standard was amended to specify that
fgetwc set the stream error flag on encoding errors, and commit
511d70738bce11a67219d0132ce725c323d00e4e made it do so. thus, there is
no longer any need for fgetws to poke at errno to handle encoding
errors.
this commit reverts commit
a90d9da1d1b14d81c4f93e1a6d1a686c3312e4ba
and thereby fixes the problem.
pelco [Wed, 16 Feb 2022 23:06:17 +0000 (23:06 +0000)]
add missing strerror text for key management
Rich Felker [Wed, 9 Feb 2022 22:48:43 +0000 (17:48 -0500)]
fix out-of-bound read processing time zone data with distant-past dates
this bug goes back to commit
1cc81f5cb0df2b66a795ff0c26d7bbc4d16e13c6
where zoneinfo file support was first added. in scan_trans, which
searches for the appropriate local time/dst rule in effect at a given
time, times prior to the second transition time caused the -1 slot of
the index to be read to determine the previous rule in effect. this
memory was always valid (part of another zoneinfo table in the mapped
file) but the byte value read was then used to index another table,
possibly going outside the bounds of the mmap. most of the time, the
result was limited to misinterpretation of the rule in effect at that
time (pre-1900s), but it could produce a crash if adjacent memory was
not readable.
the root cause of the problem, however, was that the logic for this
code path was all wrong. as documented in the comment, times before
the first transition should be treated as using the lowest-numbered
non-dst rule, or rule 0 if no non-dst rules exist. if the argument is
in units of local time, however, the rule prior to the first
transition is needed to determine if it falls before or after it, and
that's where the -1 index was wrongly used.
instead, use the documented logic to find out what rule would be in
effect before the first transition, and apply it as the offset if the
argument was given in local time.
the new code has not been heavily tested, but no longer performs
potentially out-of-bounds accesses, and successfully handles the 1883
transition from local mean time to central standard time in the test
case the error was reported for.
Rich Felker [Tue, 18 Jan 2022 22:31:46 +0000 (17:31 -0500)]
fix potentially wrong-sign zero in cproj functions at infinity
these are specified to use the sign of the imaginary part of the input
as the sign of zero in the result, but wrongly copied the sign of the
real part.
Rich Felker [Sun, 9 Jan 2022 05:33:56 +0000 (00:33 -0500)]
make fseek detect and produce an error for invalid whence arguments
this is a POSIX requirement. we previously relied on the underlying fd
(or other backend) seek operation to produce the error, but since
linux lseek now supports other seek modes (SEEK_DATA and SEEK_HOLE)
which do not interact well with stdio buffering, this is insufficient.
instead, explicitly check whence before performing any operations.
Érico Nogueira [Fri, 17 Dec 2021 07:59:43 +0000 (04:59 -0300)]
add SEEK_DATA and SEEK_HOLE to unistd.h
these are linux specific constants. glibc exposes them behind
_GNU_SOURCE, but, since SEEK_* is reserved for the implementation, we
can simply define them. furthermore, since they can't be used with
fseek() and other functions that deal with FILE, we don't add them to
stdio.h.
Wesley Wiser [Thu, 21 Oct 2021 16:09:30 +0000 (16:09 +0000)]
fix failure to use add-cfi scripts on asm when building out-of-tree
use $srcdir in configure test for add-cfi script.
Rich Felker [Tue, 28 Dec 2021 01:08:31 +0000 (20:08 -0500)]
fix wcwidth of hangul combining (vowel/final) letters
these characters combine onto a base character (initial) and therefore
need to have width 0. the original binary-search implementation of
wcwidth handled them correctly, but a regression was introduced in
commit
1b0ce9af6d2aa7b92edaf3e9c631cb635bae22bd by generating the new
tables from unicode without noticing that the classification logic in
use (unicode character category Mn/Me/Cf) was insufficient to catch
these characters.
Rich Felker [Thu, 9 Dec 2021 20:35:13 +0000 (15:35 -0500)]
fix mismatched signatures for strtod_l family
strtod_l, strtof_l, and strtold_l originally existed only as
glibc-ABI-compat symbols. as noted in the commit which added them,
17a60f9d327c6f8b5707a06f9497d846e75c01f2, making them aliases for the
non-_l functions was a hack and not appropriate if they ever became
public API.
unfortunately, commit
35eb1a1a9b97577e113240cd65bf9fc44b8df030 did
make them public without undoing the hack. fix that now by moving the
the _l functions to their own file as wrappers that just throw away
the locale_t argument.
Ismael Luceno [Sun, 15 Aug 2021 15:51:57 +0000 (17:51 +0200)]
define NULL as nullptr when used in C++11 or later
This should be safer for casting and more compatible with existing code
bases that wrongly assume it must be defined as a pointer.
Rich Felker [Mon, 29 Nov 2021 22:41:43 +0000 (17:41 -0500)]
fix hwcap access in powerpc-sf setjmp/longjmp
commit
7be59733d71ada3a32a98622507399253f1d5e48 introduced the
hwcap-based branches to support the SPE FPU, but wrongly coded them as
bitwise tests on the computed address of __hwcap, not a value loaded
from that address. replace the add with indexed load to fix it.
Rich Felker [Tue, 19 Oct 2021 20:07:14 +0000 (16:07 -0400)]
fix struct layout mismatch in sound ioctl time32 fallback conversion
the snd_pcm_mmap_control struct used with SNDRV_PCM_IOCTL_SYNC_PTR was
mistakenly defined in the kernel uapi with "before u32" padding both
before and after the first u32 member. our conversion between the
modern struct and the legacy time32 struct was written without
awareness of that mistake, and assumed the time64 version of the
struct was the intended form with padding to match the layout on
64-bit archs. as a result, the struct was not converted correctly when
running on old kernels, with audio glitches as the likely result.
this was discovered thanks to a related bug in the kernel, whereby
32-bit userspace running on a 64-bit kernel also suffered from the
types mismatching. the mistaken layout is now the ABI and can't be
changed -- or at least making a new ioctl to change it would just
result in a worse situation.
our conversion here is changed to treat the snd_pcm_mmap_control
substruct as two separate substructs at locations dependent on
endianness (since the displacement depends on endianness), using the
existing conversion framework.
Érico Nogueira [Tue, 9 Mar 2021 21:02:13 +0000 (18:02 -0300)]
add qsort_r and make qsort a wrapper around it
we make qsort a wrapper by providing a wrapper_cmp function that uses
the extra argument as a function pointer. should be optimized to a tail
call on most architectures, as long as it's built with
-fomit-frame-pointer, so the performance impact should be minimal.
to keep the git history clean, for now qsort_r is implemented in qsort.c
and qsort is implemented in qsort_nr.c. qsort.c also received a few
trivial cleanups, including replacing (*cmp)() calls with cmp().
qsort_nr.c contains only wrapper_cmp and qsort as a qsort_r wrapper
itself.
Rich Felker [Thu, 23 Sep 2021 23:11:46 +0000 (19:11 -0400)]
add SPE FPU support to powerpc-sf
When the soft-float ABI for PowerPC was added in commit
5a92dd95c77cee81755f1a441ae0b71e3ae2bcdb, with Freescale cpus using
the alternative SPE FPU as the main use case, it was noted that we
could probably support hard float on them, but that it would involve
determining some difficult ABI constraints. This commit is the
completion of that work.
The Power-Arch-32 ABI supplement defines the ABI profiles, and indeed
ATR-SPE is built on ATR-SOFT-FLOAT. But setjmp/longjmp compatibility
are problematic for the same reason they're problematic on ARM, where
optional float-related parts of the register file are "call-saved if
present". This requires testing __hwcap, which is now done.
In keeping with the existing powerpc-sf subarch definition, which did
not have fenv, the fenv macros are not defined for SPE and the SPEFSCR
control register is left (and assumed to start in) the default mode.
Rich Felker [Sun, 12 Sep 2021 01:21:43 +0000 (21:21 -0400)]
fix undefined behavior in getdelim via null pointer arithmetic and memcpy
both passing a null pointer to memcpy with length 0, and adding 0 to a
null pointer, are undefined. in some sense this is 'benign' UB, but
having it precludes use of tooling that strictly traps on UB. there
may be better ways to fix it, but conditioning the operations which
are intended to be no-ops in the k==0 case on k being nonzero is a
simple and safe solution.
Rich Felker [Thu, 12 Aug 2021 22:07:44 +0000 (18:07 -0400)]
fix excessively slow TLS performance on some mips models
commit
6d99ad91e869aab35a4d76d34c3c9eaf29482bad introduced this
regression as part of a larger change, based on an incorrect
assumption that rdhwr being part of the mips r2 ISA level meant that
the TLS register, known in the mips documentation as UserLocal, was
unconditionally present on chips providing this ISA level and would
not need trap-and-emulate. this turns out to be false.
based on research by Stanislav Kljuhhin and Abilio Marques, who
reported the problem as a performance regression on certain routers
using OpenWRT vs older uclibc-based versions, it turns out the mips
manuals document the UserLocal register as a feature that might or
might not be implemented or enabled, reflected by a cpu capability bit
in the CONFIG3 register, and that Linux checks for this and has to
explicitly enable it on models that have it.
thus, it's indeed possible that r2+ chips can lack the feature,
bringing us back to the situation where Linux only has a fast
trap-and-emulate path for the case where the destination register is
$3. so, always read the thread pointer through $3. this may incur a
gratuitous move to the desired final register on chips where it's not
needed, but it really doesn't matter.
Érico Nogueira [Sat, 10 Jul 2021 03:24:59 +0000 (00:24 -0300)]
fix error checking in pthread_getname_np
len is unsigned and can never be smaller than 0. though unlikely, an
error in read() would have lead to an out of bounds write to name.
Reported-by: Michael Forney <mforney@mforney.org>
Rich Felker [Fri, 30 Jul 2021 03:24:58 +0000 (23:24 -0400)]
fix libc-internal signal blocking on mips archs
due to historical reasons, the mips signal set has 128 bits rather
than 64 like on every other arch. this was special-cased correctly, at
least for 32-bit mips, at one time, but was inadvertently broken in
commit
7c440977db9444d7e6b1c3dcb1fdf4ee49ca4158, and seems never to
have been right on mips64/n32.
as consequenct of this bug, applications making use of high realtime
signal numbers on mips may have been able to execute application code
in contexts where doing so was unsafe.
Rich Felker [Wed, 7 Jul 2021 01:12:02 +0000 (21:12 -0400)]
fix broken struct shmid_ds on powerpc (32-bit)
the kernel structure has padding of the shm_segsz member up to 64
bits, as well as 2 unused longs at the end. somehow that was
overlooked when the powerpc port was added, and it has been broken
ever since; applications compiled with the wrong definition do not
correctly see the shm_segsz, shm_cpid, and shm_lpid members.
fixing the definition just by adding the missing padding would break
the ABI size of the structure as well as the position of the time64
shm_atime and shm_dtime members we added at the end. instead, just
move one of the unused padding members from the original end (before
time64) of the structure to the position of the missing padding. this
preserves size and preserves correct behavior of any compiled code
that was already working. programs affected by the wrong definition
need to be recompiled with the correct one.
Szabolcs Nagy [Mon, 5 Jul 2021 22:37:22 +0000 (22:37 +0000)]
math: fix fmaf not to depend on FE_TOWARDZERO
Rich Felker [Wed, 23 Jun 2021 21:22:47 +0000 (17:22 -0400)]
fix TZ parsing logic for identifying POSIX-form strings
previously, the contents of the TZ variable were considered a
candidate for a file/path name only if they began with a colon or
contained a slash before any comma. the latter was very sloppy logic
to avoid treating any valid POSIX TZ string as a file name, but it
also triggered on values that are not valid POSIX TZ strings,
including 3-letter timezone names without any offset.
instead, only treat the TZ variable as POSIX form if it begins with a
nonzero standard time name followed by +, -, or a digit.
also, special case GMT and UTC to always be treated as POSIX form
(with implicit zero offset) so that a stray file by the same name
cannot break software that depends on setting TZ=GMT or TZ=UTC.
Khem Raj [Wed, 19 May 2021 07:34:03 +0000 (00:34 -0700)]
riscv: rename __NR_fstatat __NR_newfstatat
on riscv64 this syscall is called __NR_newfstatat
this helps the name match kernel UAPI for external
programs
Michael Forney [Tue, 27 Apr 2021 22:59:55 +0000 (15:59 -0700)]
remove return with expression in void function
Érico Nogueira [Tue, 20 Apr 2021 19:15:18 +0000 (16:15 -0300)]
remove unnecessary cast for map_library return
the function already returns (void *)
Érico Rolim [Tue, 20 Apr 2021 19:15:15 +0000 (16:15 -0300)]
add pthread_getname_np function
based on the pthread_setname_np implementation
Rich Felker [Tue, 20 Apr 2021 18:55:10 +0000 (14:55 -0400)]
fix popen not to leak pipes from one child to another
POSIX places an obscure requirement on popen which is like a limited
version of close-on-exec:
"The popen() function shall ensure that any streams from previous
popen() calls that remain open in the parent process are closed in
the new child process."
if the POSIX-future 'e' mode flag is passed, producing a pipe FILE
with FD_CLOEXEC on the underlying pipe, this requirement is
automatically satisfied. however, for applications which use multiple
concurrent popen pipes but don't request close-on-exec, fd leaks from
earlier popen calls to later ones could produce deadlock situations
where processes are waiting for a pipe EOF that will never happen.
to fix this, iterate through all open FILEs and add close actions for
those obtained from popen. this requires holding a lock on the open
file list across the posix_spawn call so that additional popen FILEs
are not created after the list is traversed. note that it's still
possible for another popen call to start and create its pipe while the
lock is held, but such pipes are created with O_CLOEXEC and only drop
close-on-exec status (when 'e' flag is omitted) under control of the
lock.
Rich Felker [Tue, 20 Apr 2021 18:52:08 +0000 (14:52 -0400)]
remove spurious lock in popen
the newly allocated FILE * has not yet leaked to the application and
is only visible to stdio internals until popen returns. since we do
not change any fields of the structure observed by libc internals,
only the pipe_pid member, locking is not necessary.
Érico Nogueira [Fri, 16 Apr 2021 00:35:20 +0000 (21:35 -0300)]
define __STDC_UTF_{16,32}__ macros
these macros are used to indicate that the implementation uses,
respectively, utf-16 and utf-32 encoding for char16_t and char32_t.
Rich Felker [Fri, 16 Apr 2021 14:20:46 +0000 (10:20 -0400)]
fix regression in dl_iterate_phdr reporting of modules with no TLS
__tls_get_addr should not be called with an invalid TLS module id of
0. in practice it probably "works", returning the DTV length as if it
were a pointer, and the callback should probably not inspect
dlpi_tls_data in this case, but it's likely that some real-world
callbacks use a check on dlpi_tls_data being non-null, rather than on
dlpi_tls_modid being nonzero, to conclude that the module has TLS.
Joakim Sindholt [Sat, 3 Apr 2021 10:50:18 +0000 (12:50 +0200)]
nscd: fall back gracefully on kernels without AF_UNIX support
Dominic Chen [Thu, 25 Mar 2021 22:20:14 +0000 (18:20 -0400)]
mallocng/aligned_alloc: check for malloc failure
With mallocng, calling posix_memalign() or aligned_alloc() will
SIGSEGV if the internal malloc() call returns NULL. This does not
occur with oldmalloc, which explicitly checks for allocation failure.
Rich Felker [Sun, 4 Apr 2021 01:16:41 +0000 (21:16 -0400)]
make epoll_[p]wait a cancellation point
this is a Linux-specific function and not covered by POSIX's
requirements for which interfaces are cancellation points, but glibc
makes it one and existing software relies on it being one.
at some point a review for similar functions that should be made
cancellation points should be done.
Rich Felker [Fri, 26 Mar 2021 17:35:41 +0000 (13:35 -0400)]
fix dl_iterate_phdr dlpi_tls_data reporting to match spec
dl_iterate_phdr was wrongly reporting the address of the DSO's PT_TLS
image rather than the calling thread's instance of the TLS. the man
page, which is essentially normative for a nonstandard function of
this sort, clearly specifies the latter. it does not clarify where
exactly within/relative-to the image the pointer should point, but the
reasonable thing to do is match the ABI's DTP offset, and this seems
to be what other implementations do.
Rich Felker [Mon, 15 Mar 2021 14:26:21 +0000 (10:26 -0400)]
remove no-longer-needed special case handling in popen
popen was special-casing the possibility (only possible when the
parent closed stdin and/or stdout) that the child's end of the pipe
was already on the final desired fd number, in which case there was no
way to get rid of its close-on-exec flag in the child. commit
6fc6ca1a323bc0b6b9e9cdc8fa72221ae18fe206 made this unnecessary by
implementing the POSIX-future requirement that dup2 file actions with
equal source and destination fd values remove the close-on-exec flag.
Rich Felker [Mon, 15 Mar 2021 14:21:29 +0000 (10:21 -0400)]
use internal malloc for posix_spawn file actions objects
this makes it possible to perform actions on file actions objects with
a libc-internal lock held without creating lock order relationships
that are silently imposed on an application-provided malloc.
Rich Felker [Fri, 5 Mar 2021 16:09:32 +0000 (11:09 -0500)]
don't fail to map library/executable with zero-length segment maps
reportedly the GNU linker can emit such segments, causing spurious
failure to load due to mmap with a length of zero producing EINVAL.
no action is required for such a load map (it's effectively a nop in
the program headers table) so just treat it as always successful.
Érico Rolim [Tue, 5 Jan 2021 01:48:34 +0000 (22:48 -0300)]
suppress isascii() macro for C++
analogous to commit
a60457c84a4b59ab564d7f4abb660a70283ba98d.
Rich Felker [Mon, 22 Feb 2021 20:52:21 +0000 (15:52 -0500)]
guard against compilers failing to handle setjmp specially by default
since 4.1, gcc has had the __returns_twice__ attribute and has
required functions which return twice to carry it; however it's always
applied it automatically to known setjmp-like function names. clang
however does not do this reliably, at least not with -ffreestanding
and possibly under other conditions, resulting in silent emission of
wrong code.
since the symbol name setjmp is in no way special (setjmp is specified
as a macro that could expand to use any implementation-specific symbol
name or names), a compiler is justified not to do anything special
without further hints, and it's reasonable to do what we can to
provide such hints.
gcc 4.0.x and earlier do not recognize the attribute, so make use
conditional on __GNUC__ macros. clang and other gcc-like compilers
report (and have always reported) a later "GNUC" version so the
preprocessor conditional should function as desired for them as too.
undefine the internal macro after use so that nothing abuses it as a
public feature.
Szabolcs Nagy [Sat, 19 Dec 2020 22:29:19 +0000 (22:29 +0000)]
aarch64/bits/mman.h: add PROT_MTE from linux v5.10
see
linux commit
9f3419315f3cdc41a7318e4d50ba18a592b30c8c
arm64: mte: Add PROT_MTE support to mmap() and mprotect()
Szabolcs Nagy [Sat, 19 Dec 2020 22:26:51 +0000 (22:26 +0000)]
aarch64/bits/hwcap.h: add HWCAP2_MTE from linux v5.10
see
linux commit
3b714d24ef173f81c78af16f73dcc9b40428c803
arm64: mte: CPU feature detection and initial sysreg configuration
Szabolcs Nagy [Sat, 19 Dec 2020 22:25:03 +0000 (22:25 +0000)]
add aarch64/bits/mman.h with PROT_BTI from linux v5.8
this was missing, see
linux commit
8ef8f360cf30be12382f89ff48a57fbbd9b31c14
arm64: Basic Branch Target Identification support
Szabolcs Nagy [Sat, 19 Dec 2020 22:22:58 +0000 (22:22 +0000)]
aarch64/bits/hwcap.h: add HWCAP2_BTI from linux v5.8
hwcap for BTI was missing, see
linux commit
8ef8f360cf30be12382f89ff48a57fbbd9b31c14
arm64: Basic Branch Target Identification support
Szabolcs Nagy [Sat, 19 Dec 2020 22:12:50 +0000 (22:12 +0000)]
signal.h: add MTE specific SIGSEGV codes from linux v5.10
add synchronouse and asynchronous tag check failure codes, see
linux commit
74f1082487feb90bbf880af14beb8e29c3030c9f
arm64: mte: Add specific SIGSEGV codes
Szabolcs Nagy [Sat, 19 Dec 2020 21:10:26 +0000 (21:10 +0000)]
sys/prctl.h: add MTE related constants from linux v5.10
these are for the aarch64 MTE (memory tagging extension), see
linux commit
1c101da8b971a36695319dce7a24711dc567a0dd
arm64: mte: Allow user control of the tag check mode via prctl()
linux commit
af5ce95282dc99d08a27a407a02c763dde1c5558
arm64: mte: Allow user control of the generated random tags via prctl()
Szabolcs Nagy [Sat, 19 Dec 2020 21:06:06 +0000 (21:06 +0000)]
elf.h: add NT_ARM_TAGGED_ADDR_CTRL from linux v5.10
see
linux commit
2200aa7154cb7ef76bac93e98326883ba64bfa2e
arm64: mte: ptrace: Add NT_ARM_TAGGED_ADDR_CTRL regset
Szabolcs Nagy [Sat, 19 Dec 2020 21:02:21 +0000 (21:02 +0000)]
sys/mman.h: add MAP_HUGE_16KB from linux v5.10
see
linux commit
e47168f3d1b14af5281cf50c59561d59d28201f9
powerpc/8xx: Support 16k hugepages with 4k pages
Szabolcs Nagy [Sat, 19 Dec 2020 20:56:23 +0000 (20:56 +0000)]
sys/mount.h: add MS_NOSYMFOLLOW from linux v5.10
path resolution does not follow symlinks on nosymfollow mounts (but
readlink still does), see
linux commit
dab741e0e02bd3c4f5e2e97be74b39df2523fc6e
Add a "nosymfollow" mount option.
Szabolcs Nagy [Sat, 19 Dec 2020 20:27:22 +0000 (20:27 +0000)]
sys/membarrier.h: add new constants from linux v5.10
can cause rseq restart on another cpu to synchronize with global
memory access from rseq critical sections, see
linux commit
2a36ab717e8fe678d98f81c14a0b124712719840
rseq/membarrier: Add MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ
Szabolcs Nagy [Sat, 19 Dec 2020 20:12:31 +0000 (20:12 +0000)]
bits/syscall.h: add process_madvise from linux v5.10
mainly added to linux to allow a central process management service in
android to give MADV_COLD|PAGEOUT hints for other processes, see
linux commit
ecb8ac8b1f146915aa6b96449b66dd48984caacc
mm/madvise: introduce process_madvise() syscall: an external memory
hinting API
Rich Felker [Sat, 13 Feb 2021 19:03:23 +0000 (14:03 -0500)]
fix error return value for cuserid
the historical function was specified to return an empty string in the
caller-provided buffer, not a null pointer, to indicate error when the
argument is non-null. only when the argument is null should it return
a null pointer on error.
Rich Felker [Sat, 13 Feb 2021 18:59:44 +0000 (13:59 -0500)]
fix misuse of getpwuid_r in cuserid
getpwuid_r can return 0 but without a result in the case where there
was no error but no record exists. in that case cuserid was treating
it as success and copying junk out of pw.pw_name to the output buffer.
Rich Felker [Sat, 13 Feb 2021 18:54:00 +0000 (13:54 -0500)]
cuserid: don't return truncated results
checking the length also drops the need to pull in snprintf.
Sören Tempel [Wed, 29 Jan 2020 11:20:07 +0000 (12:20 +0100)]
cuserid: support invocation with a null pointer argument
this function was removed from the standard in 2001 but appeared in
SUSv2 with an obligation to support calls with a null pointer
argument, using a static buffer.
Khem Raj [Mon, 11 Jan 2021 17:40:33 +0000 (09:40 -0800)]
riscv64: define ELF_NFPREG
ELF_NFPREG is used by some userspace applications like gdb
Szabolcs Nagy [Fri, 5 Feb 2021 19:51:36 +0000 (19:51 +0000)]
math: fix expm1f overflow threshold
the threshold was wrong so expm1f overflowed to inf a bit too early
and on most targets uint32_t compare is faster than float compare so
use that.
this also fixes sinhf incorrectly returning nan for some values where
the internal expm1f overflowed.
Szabolcs Nagy [Fri, 5 Feb 2021 18:48:19 +0000 (18:48 +0000)]
math: fix acoshf for negative inputs
on some negative inputs (e.g. -0x1.1e6ae8p+5) acoshf failed to return
nan. ensure that negative inputs result nan without introducing new
branches. this was tried before in
commit
101e6012856918440b5d7474739c3fc22a8d3b85
math: fix acoshf on negative values
but that fix was wrong. there are 3 formulas used:
log1p(x-1 + sqrt((x-1)*(x-1)+2*(x-1)))
log(2*x - 1/(x+sqrt(x*x-1)))
log(x) + 0.
693147180559945309417232121458176568
the first fails on large negative inputs (may compute log1p(0) or
log1p(inf)), the second one fails on some mid range or large negative
inputs (may compute log(large) or log(inf)) and the last one fails on
-0 (returns -inf).
Érico Rolim [Thu, 24 Dec 2020 04:18:04 +0000 (01:18 -0300)]
fix possible fd leak via missing O_CLOEXEC in pthread_setname_np
the omission of the flag here seems to have been an oversight when the
function was added in
8fb28b0b3e7a5e958fb844722a4b2ef9bc244af1
Rich Felker [Sat, 30 Jan 2021 22:28:08 +0000 (17:28 -0500)]
oldmalloc: preserve errno across free
as an outcome of Austin Group issue #385, future versions of the
standard will require free not to alter the value of errno. save and
restore it individually around the calls to madvise and munmap so that
the cost is not imposed on calls to free that do not result in any
syscall.
Rich Felker [Sat, 30 Jan 2021 22:26:34 +0000 (17:26 -0500)]
fix build regression in oldmalloc
commit
8d37958d58cf36f53d5fcc7a8aa6d633da6071b2 inadvertently broke
oldmalloc by having it implement __libc_malloc rather than
__libc_malloc_impl.
Rich Felker [Sat, 30 Jan 2021 22:14:20 +0000 (17:14 -0500)]
preserve errno across free
as an outcome of Austin Group issue #385, future versions of the
standard will require free not to alter the value of errno. save and
restore it individually around the calls to madvise and munmap so that
the cost is not imposed on calls to free that do not result in any
syscall.
Rich Felker [Sat, 30 Jan 2021 21:42:26 +0000 (16:42 -0500)]
fix inconsistent signature of __libc_start_main
commit
7586360badcae6e73f04eb1b8189ce630281c4b2 removed the unused
arguments from the definition of __libc_start_main, making it
incompatible with the declaration at the point of call, which still
passed 6 arguments. calls with mismatched function type have undefined
behavior, breaking LTO and any other tooling that checks for function
signature mismatch.
removing the extra arguments from the point of call (crt1) is not an
option for fixing this, since that would be a change in ABI surface
between application and libc.
adding back the extra arguments requires some care. on archs that pass
arguments on the stack or that reserve argument spill space for the
callee on the stack, it imposes an ABI requirement on the caller to
provide such space. the modern crt1.c entry point provides such space,
but originally there was arch-specific asm for the call to
__libc_start_main. the last of this asm was removed in commit
6fef8cafbd0f6f185897bc87feb1ff66e2e204e1, and manual review of the
code removed and its prior history was performed to check that all
archs/variants passed the legacy init/fini/ldso_fini arguments.
Rich Felker [Sat, 30 Jan 2021 21:09:22 +0000 (16:09 -0500)]
fail posix_spawn file_actions operations with negative fds
these functions are specified to fail with EBADF on negative fd
arguments. apart from close, they are also specified to fail if the
value exceeds OPEN_MAX, but as written it is not clear that this
imposes any requirement when OPEN_MAX is not defined, and it's
undesirable to impose a dynamic limit (via setrlimit) here since the
limit at the time of posix_spawn may be different from the limit at
the time of setting up the file actions. this may require revisiting
later.
Rich Felker [Fri, 15 Jan 2021 02:26:00 +0000 (21:26 -0500)]
release 1.2.2
Rich Felker [Mon, 14 Dec 2020 16:10:30 +0000 (11:10 -0500)]
fix VIDIOC_DQEVENT (v4l2) ioctl fallback for pre-5.6 kernels
commit
2412638bb39eb799b2600393bbd71cca8ae96bb2 got the size of struct
v4l2_event wrong and failed to account for the fact that the old
struct might be either 120 bytes with time misaligned mod 8, or 128
bytes with time aligned mod 8, due to the contained union having
64-bit members whose alignment is arch-dependent.
rather than adding new logic to handle the differences, use an actual
stripped-down version of the structure in question to derive the ioctl
number, size, and offsets.
Arnd Bergmann [Mon, 14 Dec 2020 02:43:16 +0000 (21:43 -0500)]
fix v4l2 buffer ioctl fallbacks for pre-5.6 kernels
commit
2412638bb39eb799b2600393bbd71cca8ae96bb2 got the size of struct
v4l2_buffer wrong and omitted the tv_usec member slot from the offset
list, so the ioctl numbers never matched and fallback code path was
never taken. this caused the affected ioctls to fail with ENOTTY on
kernels not new enough to have the native time64 ioctls.
Ariadne Conill [Sat, 12 Dec 2020 04:30:53 +0000 (04:30 +0000)]
sh: fix incorrect mcontext_t member naming
while the layouts match, the member member naming expected by software
using mcontext_t omits the sc_ prefix.
Rich Felker [Wed, 9 Dec 2020 22:11:05 +0000 (17:11 -0500)]
use libc-internal malloc for newlocale/freelocale
this is necessary for MT-fork correctness now that the code runs under
locale lock. it would not be hard to avoid, but __get_locale is
already using libc-internal malloc anyway. this can be reconsidered
during locale overhaul later if needed.
Rich Felker [Wed, 9 Dec 2020 22:01:57 +0000 (17:01 -0500)]
drop use of pthread_once in newlocale
in general, pthread_once is not compatible with MT-fork constraints
(commit
167390f05564e0a4d3fcb4329377fd7743267560). here it actually no
longer matters, because it's now called with a lock held, but since
the lock is held it's pointless to use pthread_once.
Rich Felker [Wed, 9 Dec 2020 21:58:32 +0000 (16:58 -0500)]
lift locale lock out of internal __get_locale
this allows the lock to be shared with setlocale, eliminates repeated
per-category lock/unlock in newlocale, and will allow the use of
pthread_once in newlocale to be dropped (to be done separately).
Rich Felker [Wed, 9 Dec 2020 16:34:29 +0000 (11:34 -0500)]
fix misleading comment in strstr
the intent here is just to scan at least l bytes forward for the end
of the haystack and at least some decent minimum to avoid doing it
over and over if the needle is short, with no need to be precise. the
comment erroneously stated this as an estimate for MIN when it's
actually an estimate for MAX.
Rich Felker [Tue, 8 Dec 2020 23:02:39 +0000 (18:02 -0500)]
drop use of pthread_once for aio thread stack size init
pthread_once is not compatible with MT-fork constraints (commit
167390f05564e0a4d3fcb4329377fd7743267560) and is not needed here
anyway; we already have a lock suitable for initialization.
while changing this, fix a corner case where AT_MINSIGSTKSZ gives a
value that's more than MINSIGSTKSZ but by a margin of less than
2048, thereby causing the size to be reduced. it shouldn't matter but
the intent was to be the larger of a 2048-byte margin over the legacy
fixed minimum stack requirement or a 512-byte margin over the minimum
the kernel reports at runtime.
Rich Felker [Mon, 7 Dec 2020 22:25:08 +0000 (17:25 -0500)]
fix omission of non-stub pthread_mutexattr_getprotocol
this change should have been made when priority inheritance mutex
support was added. if priority protection is also added at some point
the implementation will need to change and will probably no longer be
a simple bit shuffling.
Drew DeVault [Sat, 5 Dec 2020 18:10:06 +0000 (18:10 +0000)]
riscv64: fix inconsistent ucontext_t struct tag
ucontext.h depends on the internal struct tag name for namespacing
reasons, and the intent was always for it to be consistent across
archs anyway.
Rich Felker [Fri, 4 Dec 2020 22:01:05 +0000 (17:01 -0500)]
fix failure to preserve r6 in s390x asm; per ABI it is call-saved
both __clone and __syscall_cp_asm failed to restore the original value
of r6 after using it as a syscall argument register. the extent of
breakage is not known, and in some cases may be mitigated by the only
callers being internal to libc; if they used r6 but no longer needed
its value after the call, they may not have noticed the problem.
however at least posix_spawn (which uses __clone) was observed
returning to the application with the wrong value in r6, leading to
crash.
since the call frame ABI already provides a place to spill registers,
fixing this is just a matter of using it. in __clone, we also
spuriously restore r6 in the child, since the parent branch directly
returns to the caller. this takes the value from an uninitialized slot
of the child's stack, but is harmless since there is no caller to
return to in the child.
Marius Hillenbrand [Tue, 1 Dec 2020 14:36:34 +0000 (15:36 +0100)]
s390x: derive float_t from compiler or default to float
float_t should represent the type that is used to evaluate float
expressions internally. On s390x, float_t is currently set to double.
In contrast, the isa supports single-precision float operations and
compilers by default evaluate float in single precision, which
violates the C standard (sections 5.2.4.2.2 and 7.12 in C11/C17, to be
precise). With -fexcess-precision=standard, gcc evaluates float in
double precision, which aligns with the standard yet at the cost of
added conversion instructions.
gcc-11 will drop the special case to retrofit double precision
behavior for -fexcess-precision=standard so that __FLT_EVAL_METHOD__
will be 0 on s390x in any scenario.
To improve standards compliance and compatibility with future compiler
direction, this patch changes the definition of float_t to be derived
from the compiler's __FLT_EVAL_METHOD__.
Ariadne Conill [Sat, 1 Aug 2020 14:26:35 +0000 (08:26 -0600)]
implement reallocarray
reallocarray is an extension introduced by OpenBSD, which introduces
calloc overflow checking to realloc.
glibc 2.28 introduced support for this function behind _GNU_SOURCE,
while glibc 2.29 allows its usage in _DEFAULT_SOURCE.
Rich Felker [Mon, 30 Nov 2020 17:14:47 +0000 (12:14 -0500)]
implement realpath directly instead of using procfs readlink
inability to use realpath in chroot/container without procfs access
and at early boot prior to mount of /proc has been an ongoing issue,
and it turns out realpath was one of the last remaining interfaces
that needed procfs for its core functionality. during investigation
while reimplementing, it was determined that there were also serious
problems with the procfs-based implementation. most seriously it was
unsafe on pre-O_PATH kernels, and unlike other places where O_PATH was
used, the unsafety was hard or impossible to fix because O_NOFOLLOW
can't be used (since the whole purpose was to follow symlinks).
the new implementation is a direct one, performing readlink on each
path component to resolve it. an explicit stack, as opposed to
recursion, is used to represent the remaining components to be
processed. the stack starts out holding just the input string, and
reading a link pushes the link contents onto the stack.
unlike many other implementations, this one does not call getcwd
initially for relative pathnames. instead it accumulates initial ..
components to be applied to the working directory if the result is
still a relative path. this avoids calling getcwd (which may fail) at
all when symlink traversal will eventually yield an absolute path. it
also doesn't use any form of stat operation; instead it arranges for
readlink to tell it when a non-directory is used in a context where a
directory is needed. this minimizes the number of syscalls needed,
avoids accessing inodes when the directory table suffices, and reduces
the amount of code pulled in for static linking.
Dominic Chen [Wed, 25 Nov 2020 07:53:16 +0000 (02:53 -0500)]
fix mallocng regression in malloc_usable_size with null argument
commit
d1507646975cbf6c3e511ba07b193f27f032d108 added support for null
argument in oldmalloc and was overlooked when switching to mallocng.
Issam E. Maghni [Mon, 2 Nov 2020 22:16:41 +0000 (17:16 -0500)]
configure: do not use obsolescent form of test -a|o
The -a and -o operators are obsolescent and not in baseline POSIX.
Érico Rolim [Thu, 12 Nov 2020 20:52:23 +0000 (17:52 -0300)]
fix segfault in lutimes when tv argument is NULL
calling lutimes with tv=0 is valid if the application wants to set the
timestamps to the current time. this commit makes it so the timespec
struct is populated with values from tv only if tv != 0 and calls
utimensat with times=0 if tv == 0.
Szabolcs Nagy [Sun, 25 Oct 2020 16:42:41 +0000 (16:42 +0000)]
netinet/in.h: add IP_RECVERR_4884 from linux v5.9
see
linux commit
eba75c587e811d3249c8bd50d22bb2266ccd3c0f
icmp: support rfc 4884
Szabolcs Nagy [Sun, 25 Oct 2020 16:25:34 +0000 (16:25 +0000)]
sys/fanotify.h: add new FAN_* macros from linux v5.9
Update fanotify.h, see
linux commit
929943b38daf817f2e6d303ea04401651fc3bc05
fanotify: add support for FAN_REPORT_NAME
linux commit
83b7a59896dd24015a34b7f00027f0ff3747972f
fanotify: add basic support for FAN_REPORT_DIR_FID
linux commit
08b95c338e0c5a96e47f4ca314ea1e7580ecb5d7
fanotify: remove event FAN_DIR_MODIFY
FAN_DIR_MODIFY that was new in v5.7 is now removed from linux uapi,
but kept in musl, so we don't break api, linux cannot reuse the
value anyway.
Szabolcs Nagy [Sat, 24 Oct 2020 10:15:43 +0000 (10:15 +0000)]
bits/syscall.h: add __NR_close_range from linux v5.9
see
linux commit
9b4feb630e8e9801603f3cab3a36369e3c1cf88d
arch: wire-up close_range()
linux commit
278a5fbaed89dacd04e9d052f4594ffd0e0585de
open: add close_range()
William Woodruff [Wed, 18 Nov 2020 15:59:31 +0000 (10:59 -0500)]
add missing personality values
Adds two missing personality(2) personas: UNAME26 and FDPIC_FUNCPTRS.
FDPIC_FUNCPTRS was also missing its corresponding PER_LINUX_FDPIC
value.
Jinliang Li [Fri, 20 Nov 2020 10:45:03 +0000 (18:45 +0800)]
arm fabs and sqrt: support single-precision-only fpu variants
Érico Rolim [Thu, 26 Nov 2020 13:46:03 +0000 (10:46 -0300)]
fix typo in INSTALL
"big-engian" should be "big-endian".
Rich Felker [Tue, 24 Nov 2020 00:44:19 +0000 (19:44 -0500)]
work around linux bug in readlink syscall with zero buffer size
linux fails with EINVAL when a zero buffer size is passed to the
syscall. this is non-conforming because POSIX already defines EINVAL
with a significantly different meaning: the target is not a symlink.
since the request is semantically valid, patch it up by using a dummy
buffer of length one, and truncating the return value to zero if it
succeeds.
Rich Felker [Sun, 22 Nov 2020 22:26:36 +0000 (17:26 -0500)]
parse v3 or future-unknown zoneinfo file versions as v2+
the v1 zoneinfo format with 32-bit time is deprecated. previously, the
v2 parsing code was only used if an exact match for '2' was found in
the version field of the header. this was already incorrect for v3
files (trivial differences from v2 that arguably didn't merit a new
version number anyway) but also failed to be future-proof.
Rich Felker [Sun, 22 Nov 2020 22:00:01 +0000 (17:00 -0500)]
explicitly prefer 64-bit/v2 zoneinfo tables
since commit
38143339646a4ccce8afe298c34467767c899f51, the condition
sizeof(time_t) > 4 is always true, so there is no functional change
being made here. but semantically, the 64-bit tables should always be
preferred now, because upstream zic (zoneinfo compiler) has quietly
switched to emitting empty 32-bit tables by default, and the resulting
backwards-incompatible zoneinfo files will be encountered in the wild.
Rich Felker [Fri, 20 Nov 2020 15:43:20 +0000 (10:43 -0500)]
fix regression in pthread_exit
commit
d26e0774a59bb7245b205bc8e7d8b35cc2037095 moved the detach state
transition at exit before the thread list lock was taken. this
inadvertently allowed pthread_join to race to take the thread list
lock first, and proceed with unmapping of the exiting thread's memory.
we could fix this by just revering the offending commit and instead
performing __vm_wait unconditionally before taking the thread list
lock, but that may be costly. instead, bring back the old DT_EXITING
vs DT_EXITED state distinction that was removed in commit
8f11e6127fe93093f81a52b15bb1537edc3fc8af, and don't transition to
DT_EXITED (a value of 0, which is what pthread_join waits for) until
after the lock has been taken.