commit 6daa77104520ca992a9369bd01cccd4d98c82984 Author: Andreas K. Hüttel Date: Sun Jul 21 19:02:10 2024 +0200 Replace advisories directory Signed-off-by: Andreas K. Hüttel diff --git a/advisories/GLIBC-SA-2023-0001 b/advisories/GLIBC-SA-2023-0001 deleted file mode 100644 index 3d19c91b6a..0000000000 --- a/advisories/GLIBC-SA-2023-0001 +++ /dev/null @@ -1,14 +0,0 @@ -printf: incorrect output for integers with thousands separator and width field - -When the printf family of functions is called with a format specifier -that uses an (enable grouping) and a minimum width -specifier, the resulting output could be larger than reasonably expected -by a caller that computed a tight bound on the buffer size. The -resulting larger than expected output could result in a buffer overflow -in the printf family of functions. - -CVE-Id: CVE-2023-25139 -Public-Date: 2023-02-02 -Vulnerable-Commit: e88b9f0e5cc50cab57a299dc7efe1a4eb385161d (2.37) -Fix-Commit: c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0 (2.38) -Fix-Commit: 07b9521fc6369d000216b96562ff7c0ed32a16c4 (2.37-4) diff --git a/advisories/GLIBC-SA-2023-0002 b/advisories/GLIBC-SA-2023-0002 deleted file mode 100644 index 5122669a64..0000000000 --- a/advisories/GLIBC-SA-2023-0002 +++ /dev/null @@ -1,15 +0,0 @@ -getaddrinfo: Stack read overflow in no-aaaa mode - -If the system is configured in no-aaaa mode via /etc/resolv.conf, -getaddrinfo is called for the AF_UNSPEC address family, and a DNS -response is received over TCP that is larger than 2048 bytes, -getaddrinfo may potentially disclose stack contents via the returned -address data, or crash. - -CVE-Id: CVE-2023-4527 -Public-Date: 2023-09-12 -Vulnerable-Commit: f282cdbe7f436c75864e5640a409a10485e9abb2 (2.36) -Fix-Commit: bd77dd7e73e3530203be1c52c8a29d08270cb25d (2.39) -Fix-Commit: 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f (2.36-113) -Fix-Commit: b7529346025a130fee483d42178b5c118da971bb (2.37-38) -Fix-Commit: b25508dd774b617f99419bdc3cf2ace4560cd2d6 (2.38-19) diff --git a/advisories/GLIBC-SA-2023-0003 b/advisories/GLIBC-SA-2023-0003 deleted file mode 100644 index d3aef80348..0000000000 --- a/advisories/GLIBC-SA-2023-0003 +++ /dev/null @@ -1,15 +0,0 @@ -getaddrinfo: Potential use-after-free - -When an NSS plugin only implements the _gethostbyname2_r and -_getcanonname_r callbacks, getaddrinfo could use memory that was freed -during buffer resizing, potentially causing a crash or read or write to -arbitrary memory. - -CVE-Id: CVE-2023-4806 -Public-Date: 2023-09-12 -Fix-Commit: 973fe93a5675c42798b2161c6f29c01b0e243994 (2.39) -Fix-Commit: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34-420) -Fix-Commit: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35-270) -Fix-Commit: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36-115) -Fix-Commit: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37-39) -Fix-Commit: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38-20) diff --git a/advisories/GLIBC-SA-2023-0004 b/advisories/GLIBC-SA-2023-0004 deleted file mode 100644 index 5286a7aa54..0000000000 --- a/advisories/GLIBC-SA-2023-0004 +++ /dev/null @@ -1,16 +0,0 @@ -tunables: local privilege escalation through buffer overflow - -If a tunable of the form NAME=NAME=VAL is passed in the environment of a -setuid program and NAME is valid, it may result in a buffer overflow, -which could be exploited to achieve escalated privileges. This flaw was -introduced in glibc 2.34. - -CVE-Id: CVE-2023-4911 -Public-Date: 2023-10-03 -Vulnerable-Commit: 2ed18c5b534d9e92fc006202a5af0df6b72e7aca (2.34) -Fix-Commit: 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa (2.39) -Fix-Commit: dcc367f148bc92e7f3778a125f7a416b093964d9 (2.34-423) -Fix-Commit: c84018a05aec80f5ee6f682db0da1130b0196aef (2.35-274) -Fix-Commit: 22955ad85186ee05834e47e665056148ca07699c (2.36-118) -Fix-Commit: b4e23c75aea756b4bddc4abcf27a1c6dca8b6bd3 (2.37-45) -Fix-Commit: 750a45a783906a19591fb8ff6b7841470f1f5701 (2.38-27) diff --git a/advisories/GLIBC-SA-2023-0005 b/advisories/GLIBC-SA-2023-0005 deleted file mode 100644 index cc4eb90b82..0000000000 --- a/advisories/GLIBC-SA-2023-0005 +++ /dev/null @@ -1,18 +0,0 @@ -getaddrinfo: DoS due to memory leak - -The fix for CVE-2023-4806 introduced a memory leak when an application -calls getaddrinfo for AF_INET6 with AI_CANONNAME, AI_ALL and AI_V4MAPPED -flags set. - -CVE-Id: CVE-2023-5156 -Public-Date: 2023-09-25 -Vulnerable-Commit: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34-420) -Vulnerable-Commit: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35-270) -Vulnerable-Commit: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36-115) -Vulnerable-Commit: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37-39) -Vulnerable-Commit: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38-20) -Fix-Commit: 8006457ab7e1cd556b919f477348a96fe88f2e49 (2.34-421) -Fix-Commit: 17092c0311f954e6f3c010f73ce3a78c24ac279a (2.35-272) -Fix-Commit: 856bac55f98dc840e7c27cfa82262b933385de90 (2.36-116) -Fix-Commit: 4473d1b87d04b25cdd0e0354814eeaa421328268 (2.37-42) -Fix-Commit: 5ee59ca371b99984232d7584fe2b1a758b4421d3 (2.38-24) diff --git a/advisories/GLIBC-SA-2024-0001 b/advisories/GLIBC-SA-2024-0001 deleted file mode 100644 index 28931c75ae..0000000000 --- a/advisories/GLIBC-SA-2024-0001 +++ /dev/null @@ -1,15 +0,0 @@ -syslog: Heap buffer overflow in __vsyslog_internal - -__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER -containing a long program name failed to update the required buffer -size, leading to the allocation and overflow of a too-small buffer on -the heap. - -CVE-Id: CVE-2023-6246 -Public-Date: 2024-01-30 -Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37) -Fix-Commit: 6bd0e4efcc78f3c0115e5ea9739a1642807450da (2.39) -Fix-Commit: 23514c72b780f3da097ecf33a793b7ba9c2070d2 (2.38-42) -Fix-Commit: 97a4292aa4a2642e251472b878d0ec4c46a0e59a (2.37-57) -Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16) -Fix-Commit: d1a83b6767f68b3cb5b4b4ea2617254acd040c82 (2.36-126) diff --git a/advisories/GLIBC-SA-2024-0002 b/advisories/GLIBC-SA-2024-0002 deleted file mode 100644 index 940bfcf2fc..0000000000 --- a/advisories/GLIBC-SA-2024-0002 +++ /dev/null @@ -1,15 +0,0 @@ -syslog: Heap buffer overflow in __vsyslog_internal - -__vsyslog_internal used the return value of snprintf/vsnprintf to -calculate buffer sizes for memory allocation. If these functions (for -any reason) failed and returned -1, the resulting buffer would be too -small to hold output. - -CVE-Id: CVE-2023-6779 -Public-Date: 2024-01-30 -Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37) -Fix-Commit: 7e5a0c286da33159d47d0122007aac016f3e02cd (2.39) -Fix-Commit: d0338312aace5bbfef85e03055e1212dd0e49578 (2.38-43) -Fix-Commit: 67062eccd9a65d7fda9976a56aeaaf6c25a80214 (2.37-58) -Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16) -Fix-Commit: 2bc9d7c002bdac38b5c2a3f11b78e309d7765b83 (2.36-127) diff --git a/advisories/GLIBC-SA-2024-0003 b/advisories/GLIBC-SA-2024-0003 deleted file mode 100644 index b43a5150ab..0000000000 --- a/advisories/GLIBC-SA-2024-0003 +++ /dev/null @@ -1,13 +0,0 @@ -syslog: Integer overflow in __vsyslog_internal - -__vsyslog_internal calculated a buffer size by adding two integers, but -did not first check if the addition would overflow. - -CVE-Id: CVE-2023-6780 -Public-Date: 2024-01-30 -Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37) -Fix-Commit: ddf542da94caf97ff43cc2875c88749880b7259b (2.39) -Fix-Commit: d37c2b20a4787463d192b32041c3406c2bd91de0 (2.38-44) -Fix-Commit: 2b58cba076e912961ceaa5fa58588e4b10f791c0 (2.37-59) -Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16) -Fix-Commit: b9b7d6a27aa0632f334352fa400771115b3c69b7 (2.36-128) diff --git a/advisories/GLIBC-SA-2024-0004 b/advisories/GLIBC-SA-2024-0004 deleted file mode 100644 index 08df2b3118..0000000000 --- a/advisories/GLIBC-SA-2024-0004 +++ /dev/null @@ -1,28 +0,0 @@ -ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence - -The iconv() function in the GNU C Library versions 2.39 and older may -overflow the output buffer passed to it by up to 4 bytes when converting -strings to the ISO-2022-CN-EXT character set, which may be used to -crash an application or overwrite a neighbouring variable. - -ISO-2022-CN-EXT uses escape sequences to indicate character set changes -(as specified by RFC 1922). While the SOdesignation has the expected -bounds checks, neither SS2designation nor SS3designation have its; -allowing a write overflow of 1, 2, or 3 bytes with fixed values: -'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. - -CVE-Id: CVE-2024-2961 -Public-Date: 2024-04-17 -Vulnerable-Commit: 755104edc75c53f4a0e7440334e944ad3c6b32fc (2.1.93-169) -Fix-Commit: f9dc609e06b1136bb0408be9605ce7973a767ada (2.40) -Fix-Commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4 (2.39-31) -Fix-Commit: e1135387deded5d73924f6ca20c72a35dc8e1bda (2.38-66) -Fix-Commit: 89ce64b269a897a7780e4c73a7412016381c6ecf (2.37-89) -Fix-Commit: 4ed98540a7fd19f458287e783ae59c41e64df7b5 (2.36-164) -Fix-Commit: 36280d1ce5e245aabefb877fe4d3c6cff95dabfa (2.35-315) -Fix-Commit: a8b0561db4b9847ebfbfec20075697d5492a363c (2.34-459) -Fix-Commit: ed4f16ff6bed3037266f1fa682ebd32a18fce29c (2.33-263) -Fix-Commit: 682ad4c8623e611a971839990ceef00346289cc9 (2.32-140) -Fix-Commit: 3703c32a8d304c1ee12126134ce69be965f38000 (2.31-154) - -Reported-By: Charles Fol diff --git a/advisories/GLIBC-SA-2024-0005 b/advisories/GLIBC-SA-2024-0005 deleted file mode 100644 index a59596610a..0000000000 --- a/advisories/GLIBC-SA-2024-0005 +++ /dev/null @@ -1,22 +0,0 @@ -nscd: Stack-based buffer overflow in netgroup cache - -If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted -by client requests then a subsequent client request for netgroup data -may result in a stack-based buffer overflow. This flaw was introduced -in glibc 2.15 when the cache was added to nscd. - -This vulnerability is only present in the nscd binary. - -CVE-Id: CVE-2024-33599 -Public-Date: 2024-04-23 -Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) -Fix-Commit: 69c58d5ef9f584ea198bd00f7964d364d0e6b921 (2.31-155) -Fix-Commit: a77064893bfe8a701770e2f53a4d33805bc47a5a (2.32-141) -Fix-Commit: 5c75001a96abcd50cbdb74df24c3f013188d076e (2.33-264) -Fix-Commit: 52f73e5c4e29b14e79167272297977f360ae1e97 (2.34-460) -Fix-Commit: 7a95873543ce225376faf13bb71c43dea6d24f86 (2.35-316) -Fix-Commit: caa3151ca460bdd9330adeedd68c3112d97bffe4 (2.36-165) -Fix-Commit: f75c298e747b2b8b41b1c2f551c011a52c41bfd1 (2.37-91) -Fix-Commit: 5968aebb86164034b8f8421b4abab2f837a5bdaf (2.38-72) -Fix-Commit: 1263d583d2e28afb8be53f8d6922f0842036f35d (2.39-35) -Fix-Commit: 87801a8fd06db1d654eea3e4f7626ff476a9bdaa (2.40) diff --git a/advisories/GLIBC-SA-2024-0006 b/advisories/GLIBC-SA-2024-0006 deleted file mode 100644 index d44148d3d9..0000000000 --- a/advisories/GLIBC-SA-2024-0006 +++ /dev/null @@ -1,32 +0,0 @@ -nscd: Null pointer crash after notfound response - -If the Name Service Cache Daemon's (nscd) cache fails to add a not-found -netgroup response to the cache, the client request can result in a null -pointer dereference. This flaw was introduced in glibc 2.15 when the -cache was added to nscd. - -This vulnerability is only present in the nscd binary. - -CVE-Id: CVE-2024-33600 -Public-Date: 2024-04-24 -Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) -Fix-Commit: b048a482f088e53144d26a61c390bed0210f49f2 (2.40) -Fix-Commit: 7835b00dbce53c3c87bbbb1754a95fb5e58187aa (2.40) -Fix-Commit: c99f886de54446cd4447db6b44be93dabbdc2f8b (2.39-37) -Fix-Commit: 5a508e0b508c8ad53bd0d2fb48fd71b242626341 (2.39-36) -Fix-Commit: 2ae9446c1b7a3064743b4a51c0bbae668ee43e4c (2.38-74) -Fix-Commit: 541ea5172aa658c4bd5c6c6d6fd13903c3d5bb0a (2.38-73) -Fix-Commit: a8070b31043c7585c36ba68a74298c4f7af075c3 (2.37-93) -Fix-Commit: 5eea50c4402e39588de98aa1d4469a79774703d4 (2.37-92) -Fix-Commit: f205b3af56740e3b014915b1bd3b162afe3407ef (2.36-167) -Fix-Commit: c34f470a615b136170abd16142da5dd0c024f7d1 (2.36-166) -Fix-Commit: bafadc589fbe21ae330e8c2af74db9da44a17660 (2.35-318) -Fix-Commit: 4370bef52b0f3f3652c6aa13d7a9bb3ac079746d (2.35-317) -Fix-Commit: 1f94122289a9bf7dba573f5d60327aaa2b85cf2e (2.34-462) -Fix-Commit: 966d6ac9e40222b84bb21674cc4f83c8d72a5a26 (2.34-461) -Fix-Commit: e3eef1b8fbdd3a7917af466ca9c4b7477251ca79 (2.33-266) -Fix-Commit: f20a8d696b13c6261b52a6434899121f8b19d5a7 (2.33-265) -Fix-Commit: be602180146de37582a3da3a0caa4b719645de9c (2.32-143) -Fix-Commit: 394eae338199078b7961b051c191539870742d7b (2.32-142) -Fix-Commit: 8d7949183760170c61e55def723c1d8050187874 (2.31-157) -Fix-Commit: 304ce5fe466c4762b21b36c26926a4657b59b53e (2.31-156) diff --git a/advisories/GLIBC-SA-2024-0007 b/advisories/GLIBC-SA-2024-0007 deleted file mode 100644 index b6928fa27a..0000000000 --- a/advisories/GLIBC-SA-2024-0007 +++ /dev/null @@ -1,28 +0,0 @@ -nscd: netgroup cache may terminate daemon on memory allocation failure - -The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or -xrealloc and these functions may terminate the process due to a memory -allocation failure resulting in a denial of service to the clients. The -flaw was introduced in glibc 2.15 when the cache was added to nscd. - -This vulnerability is only present in the nscd binary. - -Subsequent refactoring of the netgroup cache only added more uses of -xmalloc and xrealloc. Uses of xmalloc and xrealloc in other parts of -nscd only occur during startup of the daemon and so are not affected by -client requests that could trigger an out of memory followed by -termination. - -CVE-Id: CVE-2024-33601 -Public-Date: 2024-04-24 -Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) -Fix-Commit: c04a21e050d64a1193a6daab872bca2528bda44b (2.40) -Fix-Commit: a9a8d3eebb145779a18d90e3966009a1daa63cd8 (2.39-38) -Fix-Commit: 71af8ca864345d39b746d5cee84b94b430fad5db (2.38-75) -Fix-Commit: 6e106dc214d6a033a4e945d1c6cf58061f1c5f1f (2.37-94) -Fix-Commit: b6742463694b1dfdd5120b91ee21cf05d15ec2e2 (2.36-168) -Fix-Commit: 7a5864cac60e06000394128a5a2817b03542f5a3 (2.35-319) -Fix-Commit: 86f1d5f4129c373ac6fb6df5bcf38273838843cb (2.34-463) -Fix-Commit: 4d27d4b9a188786fc6a56745506cec2acfc51f83 (2.33-267) -Fix-Commit: 3ed195a8ec89da281e3c4bf887a13d281b72d8f4 (2.32-144) -Fix-Commit: bbf5a58ccb55679217f94de706164d15372fbbc0 (2.31-158) diff --git a/advisories/GLIBC-SA-2024-0008 b/advisories/GLIBC-SA-2024-0008 deleted file mode 100644 index d93e2a6f0b..0000000000 --- a/advisories/GLIBC-SA-2024-0008 +++ /dev/null @@ -1,26 +0,0 @@ -nscd: netgroup cache assumes NSS callback uses in-buffer strings - -The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory -when the NSS callback does not store all strings in the provided buffer. -The flaw was introduced in glibc 2.15 when the cache was added to nscd. - -This vulnerability is only present in the nscd binary. - -There is no guarantee from the NSS callback API that the returned -strings are all within the buffer. However, the netgroup cache code -assumes that the NSS callback uses in-buffer strings and if it doesn't -the buffer resizing logic could lead to potential memory corruption. - -CVE-Id: CVE-2024-33602 -Public-Date: 2024-04-24 -Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) -Fix-Commit: c04a21e050d64a1193a6daab872bca2528bda44b (2.40) -Fix-Commit: a9a8d3eebb145779a18d90e3966009a1daa63cd8 (2.39-38) -Fix-Commit: 71af8ca864345d39b746d5cee84b94b430fad5db (2.38-75) -Fix-Commit: 6e106dc214d6a033a4e945d1c6cf58061f1c5f1f (2.37-94) -Fix-Commit: b6742463694b1dfdd5120b91ee21cf05d15ec2e2 (2.36-168) -Fix-Commit: 7a5864cac60e06000394128a5a2817b03542f5a3 (2.35-319) -Fix-Commit: 86f1d5f4129c373ac6fb6df5bcf38273838843cb (2.34-463) -Fix-Commit: 4d27d4b9a188786fc6a56745506cec2acfc51f83 (2.33-267) -Fix-Commit: 3ed195a8ec89da281e3c4bf887a13d281b72d8f4 (2.32-144) -Fix-Commit: bbf5a58ccb55679217f94de706164d15372fbbc0 (2.31-158) diff --git a/advisories/README b/advisories/README deleted file mode 100644 index b8f8a829ca..0000000000 --- a/advisories/README +++ /dev/null @@ -1,77 +0,0 @@ -GNU C Library Security Advisory Format -====================================== - -Security advisories in this directory follow a simple git commit log -format, with a heading and free-format description augmented with tags -to allow parsing key information. References to code changes are -specific to the glibc repository and follow a specific format: - - Tag-name: (release-version) - -The indicates a specific commit in the repository. The -release-version indicates the publicly consumable release in which this -commit is known to exist. The release-version is derived from the -git-describe format, (i.e. stripped out from glibc-2.34.NNN-gxxxx) and -is of the form 2.34-NNN. If the -NNN suffix is absent, it means that -the change is in that release tarball, otherwise the change is on the -release/2.YY/master branch and not in any released tarball. - -The following tags are currently being used: - -CVE-Id: -This is the CVE-Id assigned under the CVE Program -(https://www.cve.org/). - -Public-Date: -The date this issue became publicly known. - -Vulnerable-Commit: -The commit that introduced this vulnerability. There could be multiple -entries, one for each release branch in the glibc repository; the -release-version portion of this tag should tell you which branch this is -on. - -Fix-Commit: -The commit that fixed this vulnerability. There could be multiple -entries for each release branch in the glibc repository, indicating that -all of those commits contributed to fixing that issue in each of those -branches. - -Reported-By: -The entity that reported this issue. There could be multiple entries, one for -each reporter. - -Adding an Advisory ------------------- - -An advisory for a CVE needs to be added on the master branch in two steps: - -1. Add the text of the advisory without any Fix-Commit tags along with - the fix for the CVE. Add the Vulnerable-Commit tag, if applicable. - The advisories directory does not exist in release branches, so keep - the advisory text commit distinct from the code changes, to ease - backports. Ask for the GLIBC-SA advisory number from the security - team. - -2. Finish all backports on release branches and then back on the msater - branch, add all commit refs to the advisory using the Fix-Commit - tags. Don't bother adding the release-version subscript since the - next step will overwrite it. - -3. Run the process-advisories.sh script in the scripts directory on the - advisory: - - scripts/process-advisories.sh update GLIBC-SA-YYYY-NNNN - - (replace YYYY-NNNN with the actual advisory number). - -4. Verify the updated advisory and push the result. - -Getting a NEWS snippet from advisories --------------------------------------- - -Run: - - scripts/process-advisories.sh news - -and copy the content into the NEWS file. commit 8bbb8d7b16cae777eed06bc9d2e059fc00be24e9 Author: Florian Weimer Date: Wed Jul 24 12:06:47 2024 +0200 resolv: Allow short error responses to match any query (bug 31890) Reviewed-by: DJ Delorie (cherry picked from commit 691a3b2e9bfaba842e46a5ccb7f5e6ea144c3ade) diff --git a/NEWS b/NEWS index 31281ac408..66b755ed34 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,12 @@ See the end for copying conditions. Please send GNU C library bug reports via using `glibc' in the "product" field. +Version 2.41 + +The following bugs are resolved with this release: + + [31890] resolv: Allow short error responses to match any DNS query + Version 2.40 Major new features: diff --git a/resolv/Makefile b/resolv/Makefile index 5f44f5896b..d927e337d9 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -106,6 +106,7 @@ tests += \ tst-resolv-nondecimal \ tst-resolv-res_init-multi \ tst-resolv-search \ + tst-resolv-short-response \ tst-resolv-trailing \ # This test calls __res_context_send directly, which is not exported @@ -299,6 +300,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library) +$(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \ + $(shared-thread-library) $(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-threads: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-txnid-collision: $(objpfx)libresolv.a \ diff --git a/resolv/res_send.c b/resolv/res_send.c index ea7cf192b2..572e72c32f 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1199,19 +1199,30 @@ send_dg(res_state statp, } /* Check for the correct header layout and a matching - question. */ + question. Some recursive resolvers send REFUSED + without copying back the question section + (producing a response that is only HFIXEDSZ bytes + long). Skip query matching in this case. */ + bool thisansp_error = (anhp->rcode == SERVFAIL || + anhp->rcode == NOTIMP || + anhp->rcode == REFUSED); + bool skip_query_match = (*thisresplenp == HFIXEDSZ + && ntohs (anhp->qdcount) == 0 + && thisansp_error); int matching_query = 0; /* Default to no matching query. */ if (!recvresp1 && anhp->id == hp->id - && __libc_res_queriesmatch (buf, buf + buflen, - *thisansp, - *thisansp + *thisanssizp)) + && (skip_query_match + || __libc_res_queriesmatch (buf, buf + buflen, + *thisansp, + *thisansp + *thisanssizp))) matching_query = 1; if (!recvresp2 && anhp->id == hp2->id - && __libc_res_queriesmatch (buf2, buf2 + buflen2, - *thisansp, - *thisansp + *thisanssizp)) + && (skip_query_match + || __libc_res_queriesmatch (buf2, buf2 + buflen2, + *thisansp, + *thisansp + *thisanssizp))) matching_query = 2; if (matching_query == 0) /* Spurious UDP packet. Drop it and continue @@ -1221,9 +1232,7 @@ send_dg(res_state statp, goto wait; } - if (anhp->rcode == SERVFAIL || - anhp->rcode == NOTIMP || - anhp->rcode == REFUSED) { + if (thisansp_error) { next_ns: if (recvresp1 || (buf2 != NULL && recvresp2)) { *resplen2 = 0; diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c new file mode 100644 index 0000000000..cf1e39876f --- /dev/null +++ b/resolv/tst-resolv-short-response.c @@ -0,0 +1,112 @@ +/* Test for spurious timeouts with short 12-byte responses (bug 31890). + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +/* The rcode in the initial response. */ +static volatile int rcode; + +static void +response (const struct resolv_response_context *ctx, + struct resolv_response_builder *b, + const char *qname, uint16_t qclass, uint16_t qtype) +{ + switch (ctx->server_index) + { + case 0: + /* First server times out. */ + struct resolv_response_flags flags = {.rcode = rcode}; + resolv_response_init (b, flags); + break; + case 1: + /* Second server sends reply. */ + resolv_response_init (b, (struct resolv_response_flags) {}); + resolv_response_add_question (b, qname, qclass, qtype); + resolv_response_section (b, ns_s_an); + resolv_response_open_record (b, qname, qclass, qtype, 0); + switch (qtype) + { + case T_A: + { + char ipv4[4] = {192, 0, 2, 17}; + resolv_response_add_data (b, &ipv4, sizeof (ipv4)); + } + break; + case T_AAAA: + { + char ipv6[16] + = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}; + resolv_response_add_data (b, &ipv6, sizeof (ipv6)); + } + break; + default: + FAIL_EXIT1 ("unexpected TYPE%d query", qtype); + } + resolv_response_close_record (b); + break; + default: + FAIL_EXIT1 ("unexpected query to server %d", ctx->server_index); + } +} + +static void +check_one (void) +{ + + /* The buggy 1-second query timeout results in 30 seconds of delay, + which triggers a test timeout failure. */ + for (int i = 0; i < 10; ++i) + { + check_hostent ("www.example", gethostbyname ("www.example"), + "name: www.example\n" + "address: 192.0.2.17\n"); + check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6), + "name: www.example\n" + "address: 2001:db8::1\n"); + } +} + +static int +do_test (void) +{ + struct resolv_test *aux = resolv_test_start + ((struct resolv_redirect_config) + { + .response_callback = response, + }); + + _res.options |= RES_SNGLKUP; + + rcode = 2; /* SERVFAIL. */ + check_one (); + + rcode = 4; /* NOTIMP. */ + check_one (); + + rcode = 5; /* REFUSED. */ + check_one (); + + resolv_test_end (aux); + + return 0; +} + +#include commit ef141426630da0946f0af8732eddce9b9a52b2d3 Author: Florian Weimer Date: Wed Jul 24 12:06:47 2024 +0200 resolv: Do not wait for non-existing second DNS response after error (bug 30081) In single-request mode, there is no second response after an error because the second query has not been sent yet. Waiting for it introduces an unnecessary timeout. Reviewed-by: DJ Delorie (cherry picked from commit af625987d619388a100b153520d3ee308bda9889) diff --git a/NEWS b/NEWS index 66b755ed34..4d7100b21c 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,7 @@ Version 2.41 The following bugs are resolved with this release: + [30081] resolv: Do not wait for non-existing second DNS response after error [31890] resolv: Allow short error responses to match any DNS query Version 2.40 diff --git a/resolv/Makefile b/resolv/Makefile index d927e337d9..abff7fc007 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -106,6 +106,7 @@ tests += \ tst-resolv-nondecimal \ tst-resolv-res_init-multi \ tst-resolv-search \ + tst-resolv-semi-failure \ tst-resolv-short-response \ tst-resolv-trailing \ @@ -300,6 +301,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library) +$(objpfx)tst-resolv-semi-failure: $(objpfx)libresolv.so \ + $(shared-thread-library) $(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \ $(shared-thread-library) $(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library) diff --git a/resolv/res_send.c b/resolv/res_send.c index 572e72c32f..9c77613f37 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1238,7 +1238,7 @@ send_dg(res_state statp, *resplen2 = 0; return resplen; } - if (buf2 != NULL) + if (buf2 != NULL && !single_request) { /* No data from the first reply. */ resplen = 0; diff --git a/resolv/tst-resolv-semi-failure.c b/resolv/tst-resolv-semi-failure.c new file mode 100644 index 0000000000..aa9798b5a7 --- /dev/null +++ b/resolv/tst-resolv-semi-failure.c @@ -0,0 +1,133 @@ +/* Test parallel failure/success responses (bug 30081). + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +/* The rcode in the initial response. */ +static volatile int rcode; + +/* Whether to fail the initial A query (!fail_aaaa) or the initial + AAAA query (fail_aaaa). */ +static volatile bool fail_aaaa; + +static void +response (const struct resolv_response_context *ctx, + struct resolv_response_builder *b, + const char *qname, uint16_t qclass, uint16_t qtype) +{ + /* Handle the failing query. */ + if ((fail_aaaa && qtype == T_AAAA) && ctx->server_index == 0) + { + struct resolv_response_flags flags = {.rcode = rcode}; + resolv_response_init (b, flags); + return; + } + + /* Otherwise produce a response. */ + resolv_response_init (b, (struct resolv_response_flags) {}); + resolv_response_add_question (b, qname, qclass, qtype); + resolv_response_section (b, ns_s_an); + resolv_response_open_record (b, qname, qclass, qtype, 0); + switch (qtype) + { + case T_A: + { + char ipv4[4] = {192, 0, 2, 17}; + resolv_response_add_data (b, &ipv4, sizeof (ipv4)); + } + break; + case T_AAAA: + { + char ipv6[16] + = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}; + resolv_response_add_data (b, &ipv6, sizeof (ipv6)); + } + break; + default: + FAIL_EXIT1 ("unexpected TYPE%d query", qtype); + } + resolv_response_close_record (b); +} + +static void +check_one (void) +{ + + /* The buggy 1-second query timeout results in 30 seconds of delay, + which triggers are test timeout failure. */ + for (int i = 0; i < 30; ++i) + { + static const struct addrinfo hints = + { + .ai_family = AF_UNSPEC, + .ai_socktype = SOCK_STREAM, + }; + struct addrinfo *ai; + int ret = getaddrinfo ("www.example", "80", &hints, &ai); + const char *expected; + if (ret == 0 && ai->ai_next != NULL) + expected = ("address: STREAM/TCP 192.0.2.17 80\n" + "address: STREAM/TCP 2001:db8::1 80\n"); + else + /* Only one response because the AAAA lookup failure is + treated as an ignoreable error. */ + expected = "address: STREAM/TCP 192.0.2.17 80\n"; + check_addrinfo ("www.example", ai, ret, expected); + if (ret == 0) + freeaddrinfo (ai); + } +} + +static int +do_test (void) +{ + for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup) + { + struct resolv_test *aux = resolv_test_start + ((struct resolv_redirect_config) + { + .response_callback = response, + }); + + if (do_single_lookup) + _res.options |= RES_SNGLKUP; + + for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa) + { + fail_aaaa = do_fail_aaaa; + + rcode = 2; /* SERVFAIL. */ + check_one (); + + rcode = 4; /* NOTIMP. */ + check_one (); + + rcode = 5; /* REFUSED. */ + check_one (); + } + + resolv_test_end (aux); + } + + return 0; +} + +#include diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c index cf1e39876f..be354ae1c7 100644 --- a/resolv/tst-resolv-short-response.c +++ b/resolv/tst-resolv-short-response.c @@ -81,6 +81,18 @@ check_one (void) check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6), "name: www.example\n" "address: 2001:db8::1\n"); + static const struct addrinfo hints = + { + .ai_family = AF_UNSPEC, + .ai_socktype = SOCK_STREAM, + }; + struct addrinfo *ai; + int ret = getaddrinfo ("www.example", "80", &hints, &ai); + check_addrinfo ("www.example", ai, ret, + "address: STREAM/TCP 192.0.2.17 80\n" + "address: STREAM/TCP 2001:db8::1 80\n"); + if (ret == 0) + freeaddrinfo (ai); } } commit b6aeba2de157ba0cdc8fb0aed67b632b3490f383 Author: Florian Weimer Date: Wed Jul 24 12:50:17 2024 +0200 manual: Do not mention STATIC_TLS in dynamic linker hardening recommendations The current toolchain does not consistently generate it, and glibc does not use it. Reviewed-by: Szabolcs Nagy (cherry picked from commit 90842d3980064ef410b998b22170ad409b76b9fd) diff --git a/manual/dynlink.texi b/manual/dynlink.texi index 03565d4fb0..1500a53de6 100644 --- a/manual/dynlink.texi +++ b/manual/dynlink.texi @@ -993,21 +993,21 @@ The dynamic segment should also mention @code{BIND_NOW} on the enough). @item -For shared objects (not main programs), if the program header has a -@code{PT_TLS} segment, the dynamic segment (as shown by @samp{readelf --dW}) should contain the @code{STATIC_TLS} flag on the @code{FLAGS} -line. - -If @code{STATIC_TLS} is missing in shared objects, ensure that the -appropriate relocations for GNU2 TLS descriptors are used (for example, +Ensure that only static TLS relocations (thread-pointer relative offset +locations) are used, for example @code{R_AARCH64_TLS_TPREL} and +@code{X86_64_TPOFF64}. As the second-best option, and only if +compatibility with non-hardened applications using @code{dlopen} is +needed, GNU2 TLS descriptor relocations can be used (for example, @code{R_AARCH64_TLSDESC} or @code{R_X86_64_TLSDESC}). @item -There should not be a reference to the symbols @code{__tls_get_addr}, -@code{__tls_get_offset}, @code{__tls_get_addr_opt} in the dynamic symbol -table (in the @samp{readelf -sDW} output). Thread-local storage must be -accessed using the initial-exec (static) model, or using GNU2 TLS -descriptors. +There should not be references to the traditional TLS function symbols +@code{__tls_get_addr}, @code{__tls_get_offset}, +@code{__tls_get_addr_opt} in the dynamic symbol table (in the +@samp{readelf -sDW} output). Supporting global dynamic TLS relocations +(such as @code{R_AARCH64_TLS_DTPMOD}, @code{R_AARCH64_TLS_DTPREL}, +@code{R_X86_64_DTPMOD64}, @code{R_X86_64_DTPOFF64}) should not be used, +either. @item Likewise, the functions @code{dlopen}, @code{dlmopen}, @code{dlclose} commit 145b5886379c8de4f0a1bca3556a4c3d7b6c24b2 Author: Florian Weimer Date: Wed Jul 24 13:42:16 2024 +0200 Fix version number in NEWS file diff --git a/NEWS b/NEWS index 4d7100b21c..6b62f55658 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ See the end for copying conditions. Please send GNU C library bug reports via using `glibc' in the "product" field. -Version 2.41 +Version 2.40.1 The following bugs are resolved with this release: commit 2aebac5e158277d852b87b0cbd4af2b2d10ac387 Author: Miguel Martín Date: Tue Jul 16 17:14:56 2024 +0200 malloc: avoid global locks in tst-aligned_alloc-lib.c Make sure the DSO used by aligned_alloc/calloc/malloc tests does not get a global lock on multithreaded tests. Reviewed-by: Arjun Shankar (cherry picked from commit 9a27b566b2048f599048f2f4afe1cce06c4ef43d) diff --git a/malloc/tst-aligned_alloc-lib.c b/malloc/tst-aligned_alloc-lib.c index 0205df5acf..9ef1f839c1 100644 --- a/malloc/tst-aligned_alloc-lib.c +++ b/malloc/tst-aligned_alloc-lib.c @@ -17,37 +17,38 @@ License along with the GNU C Library; see the file COPYING.LIB. If not, see . */ -#include #include #include +#include extern void *__libc_malloc (size_t size); extern void *__libc_calloc (size_t n, size_t size); +__thread unsigned int seed = 0; + int aligned_alloc_count = 0; int libc_malloc_count = 0; int libc_calloc_count = 0; -/* Get a random alignment value. Biased towards the smaller values. Must be - a power of 2. */ -static size_t get_random_alignment (void) -{ - size_t aligns[] = { - 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384 - }; - - return aligns[random () % array_length (aligns)]; -} - -static void *get_random_alloc (size_t size) +static void * +get_random_alloc (size_t size) { void *retval; size_t align; + struct timespec tp; + + if (seed == 0) + { + clock_gettime (CLOCK_REALTIME, &tp); + seed = tp.tv_nsec; + } - switch (random() % 3) - { + switch (rand_r (&seed) % 3) + { case 1: - align = get_random_alignment (); + /* Get a random alignment value. Biased towards the smaller + * values up to 16384. Must be a power of 2. */ + align = 1 << rand_r (&seed) % 15; retval = aligned_alloc (align, size); aligned_alloc_count++; break; @@ -59,13 +60,13 @@ static void *get_random_alloc (size_t size) retval = __libc_malloc (size); libc_malloc_count++; break; - } + } return retval; } - -void * __random_malloc (size_t size) +void * +__random_malloc (size_t size) { return get_random_alloc (size); } commit 5d2a931a8167a288374c3a38dc10fe0492ab5ffe Author: Miguel Martín Date: Tue Jul 16 17:14:57 2024 +0200 malloc: add multi-threaded tests for aligned_alloc/calloc/malloc Improve aligned_alloc/calloc/malloc test coverage by adding multi-threaded tests with random memory allocations and with/without cross-thread memory deallocations. Perform a number of memory allocation calls with random sizes limited to 0xffff. Use the existing DSO ('malloc/tst-aligned_alloc-lib.c') to randomize allocator selection. The multi-threaded allocation/deallocation is staged as described below: - Stage 1: Half of the threads will be allocating memory and the other half will be waiting for them to finish the allocation. - Stage 2: Half of the threads will be allocating memory and the other half will be deallocating memory. - Stage 3: Half of the threads will be deallocating memory and the second half waiting on them to finish. Add 'malloc/tst-aligned-alloc-random-thread.c' where each thread will deallocate only the memory that was previously allocated by itself. Add 'malloc/tst-aligned-alloc-random-thread-cross.c' where each thread will deallocate memory that was previously allocated by another thread. The intention is to be able to utilize existing malloc testing to ensure that similar allocation APIs are also exposed to the same rigors. Reviewed-by: Arjun Shankar (cherry picked from commit b0fbcb7d0051a68baf26b2aed51a8a31c34d68e5) diff --git a/malloc/Makefile b/malloc/Makefile index 02aff1bd1d..98d507a6eb 100644 --- a/malloc/Makefile +++ b/malloc/Makefile @@ -28,6 +28,8 @@ tests := \ mallocbug \ tst-aligned-alloc \ tst-aligned-alloc-random \ + tst-aligned-alloc-random-thread \ + tst-aligned-alloc-random-thread-cross \ tst-alloc_buffer \ tst-calloc \ tst-free-errno \ @@ -151,6 +153,8 @@ ifeq ($(have-GLIBC_2.23)$(build-shared),yesyes) # the tests expect specific internal behavior that is changed due to linking to # libmcheck.a. tests-exclude-mcheck = \ + tst-aligned-alloc-random-thread \ + tst-aligned-alloc-random-thread-cross \ tst-compathooks-off \ tst-compathooks-on \ tst-malloc-backtrace \ @@ -415,7 +419,11 @@ $(objpfx)tst-mallocstate: $(objpfx)libc_malloc_debug.so $(objpfx)tst-mallocstate-malloc-check: $(objpfx)libc_malloc_debug.so $(objpfx)tst-aligned-alloc-random.out: $(objpfx)tst-aligned_alloc-lib.so +$(objpfx)tst-aligned-alloc-random-thread.out: $(objpfx)tst-aligned_alloc-lib.so +$(objpfx)tst-aligned-alloc-random-thread-cross.out: $(objpfx)tst-aligned_alloc-lib.so $(objpfx)tst-malloc-random.out: $(objpfx)tst-aligned_alloc-lib.so tst-aligned-alloc-random-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so +tst-aligned-alloc-random-thread-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so +tst-aligned-alloc-random-thread-cross-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so tst-malloc-random-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so diff --git a/malloc/tst-aligned-alloc-random-thread-cross.c b/malloc/tst-aligned-alloc-random-thread-cross.c new file mode 100644 index 0000000000..360ecc56ee --- /dev/null +++ b/malloc/tst-aligned-alloc-random-thread-cross.c @@ -0,0 +1,19 @@ +/* multi-threaded memory allocation and cross-thread deallocation test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; see the file COPYING.LIB. If + not, see . */ +#define CROSS_THREAD_DEALLOC +#include "tst-aligned-alloc-random-thread.c" diff --git a/malloc/tst-aligned-alloc-random-thread.c b/malloc/tst-aligned-alloc-random-thread.c new file mode 100644 index 0000000000..e95f79250a --- /dev/null +++ b/malloc/tst-aligned-alloc-random-thread.c @@ -0,0 +1,145 @@ +/* multi-threaded memory allocation/deallocation test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; see the file COPYING.LIB. If + not, see . */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef ITERATIONS +# define ITERATIONS 16 +#endif + +#ifndef NUM_THREADS +# define NUM_THREADS 8 +#endif + +#ifndef NUM_ALLOCATIONS +# define NUM_ALLOCATIONS 2048 +#endif + +static pthread_barrier_t barrier; + +__thread unsigned int seed; + +typedef struct +{ + int id; + pthread_t thread; +} thread; + +thread threads[NUM_THREADS]; + +void *allocations[NUM_THREADS][NUM_ALLOCATIONS]; + +void +run_thread_dealloc (int id) +{ + for (int i = 0; i < NUM_ALLOCATIONS; i++) + { + free (allocations[id][i]); + allocations[id][i] = NULL; + } +} + +void +run_thread_alloc (int id) +{ + size_t msb, size; + for (int i = 0; i < NUM_ALLOCATIONS; i++) + { + msb = 1 << rand_r (&seed) % 16; + size = msb + rand_r (&seed) % msb; + allocations[id][i] = malloc (size); + TEST_VERIFY_EXIT (allocations[id][i] != NULL); + } +} + +void * +run_allocations (void *arg) +{ + int id = *((int *) arg); + seed = time (NULL) + id; + + /* Stage 1: First half o the threads allocating memory and the second + * half waiting for them to finish + */ + if (id < NUM_THREADS / 2) + run_thread_alloc (id); + + xpthread_barrier_wait (&barrier); + + /* Stage 2: Half of the threads allocationg memory and the other + * half deallocating: + * - In the non cross-thread dealloc scenario the first half will be + * deallocating the memory allocated by themselves in stage 1 and the + * second half will be allocating memory. + * - In the cross-thread dealloc scenario the first half will continue + * to allocate memory and the second half will deallocate the memory + * allocated by the first half in stage 1. + */ + if (id < NUM_THREADS / 2) +#ifndef CROSS_THREAD_DEALLOC + run_thread_dealloc (id); +#else + run_thread_alloc (id + NUM_THREADS / 2); +#endif + else +#ifndef CROSS_THREAD_DEALLOC + run_thread_alloc (id); +#else + run_thread_dealloc (id - NUM_THREADS / 2); +#endif + + xpthread_barrier_wait (&barrier); + + // Stage 3: Second half of the threads deallocating and the first half + // waiting for them to finish. + if (id >= NUM_THREADS / 2) + run_thread_dealloc (id); + + return NULL; +} + +static int +do_test (void) +{ + xpthread_barrier_init (&barrier, NULL, NUM_THREADS); + + for (int i = 0; i < ITERATIONS; i++) + { + for (int t = 0; t < NUM_THREADS; t++) + { + threads[t].id = t; + threads[t].thread + = xpthread_create (NULL, run_allocations, &threads[t].id); + } + + for (int t = 0; t < NUM_THREADS; t++) + xpthread_join (threads[t].thread); + } + + return 0; +} + +#include commit 65fbcfe58991194301a7e4fb9c53ab936573e711 Author: Arjun Shankar Date: Mon Jul 29 14:30:59 2024 +0200 manual/stdio: Clarify putc and putwc The manual entry for `putc' described what "most systems" do instead of describing the glibc implementation and its guarantees. This commit fixes that by warning that putc may be implemented as a macro that double-evaluates `stream', and removing the performance claim. Even though the current `putc' implementation does not double-evaluate `stream', offering this obscure guarantee as an extension to what POSIX allows does not seem very useful. The entry for `putwc' is also edited to bring it in line with `putc'. Reviewed-by: Florian Weimer (cherry picked from commit 10de4a47ef3f481592e3c62eb07bcda23e9fde4d) diff --git a/manual/stdio.texi b/manual/stdio.texi index f5e289d58a..f9529a098d 100644 --- a/manual/stdio.texi +++ b/manual/stdio.texi @@ -903,21 +903,21 @@ This function is a GNU extension. @deftypefun int putc (int @var{c}, FILE *@var{stream}) @standards{ISO, stdio.h} @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{} @aculock{}}} -This is just like @code{fputc}, except that most systems implement it as +This is just like @code{fputc}, except that it may be implemented as a macro, making it faster. One consequence is that it may evaluate the @var{stream} argument more than once, which is an exception to the -general rule for macros. @code{putc} is usually the best function to -use for writing a single character. +general rule for macros. Therefore, @var{stream} should never be an +expression with side-effects. @end deftypefun @deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream}) @standards{ISO, wchar.h} @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{} @aculock{}}} -This is just like @code{fputwc}, except that it can be implement as +This is just like @code{fputwc}, except that it may be implemented as a macro, making it faster. One consequence is that it may evaluate the @var{stream} argument more than once, which is an exception to the -general rule for macros. @code{putwc} is usually the best function to -use for writing a single wide character. +general rule for macros. Therefore, @var{stream} should never be an +expression with side-effects. @end deftypefun @deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream}) commit 132a72f93cb4ad9f16b8469dc061de5f75f6a44e Author: Lukas Bulwahn Date: Mon Jul 29 11:08:17 2024 +0200 manual: make setrlimit() description less ambiguous The existing description for setrlimit() has some ambiguity. It could be understood to have the semantics of getrlimit(), i.e., the limits from the process are stored in the provided rlp pointer. Make the description more explicit that rlp are the input values, and that the limits of the process is changed with this function. Reviewed-by: Florian Weimer (cherry picked from commit aedbf08891069fc029ed021e4dba933eb877b394) diff --git a/manual/resource.texi b/manual/resource.texi index c9b21dedeb..25966bcb64 100644 --- a/manual/resource.texi +++ b/manual/resource.texi @@ -192,8 +192,8 @@ If the sources are compiled with @code{_FILE_OFFSET_BITS == 64} on a @standards{BSD, sys/resource.h} @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} @c Direct syscall on most systems; lock-taking critical section on HURD. -Store the current and maximum limits for the resource @var{resource} -in @code{*@var{rlp}}. +Change the current and maximum limits of the process for the resource +@var{resource} to the values provided in @code{*@var{rlp}}. The return value is @code{0} on success and @code{-1} on failure. The following @code{errno} error condition is possible: commit 509166c9a53ad81217a28cc67ba2a688f02fc477 Author: Florian Weimer Date: Wed Jun 26 11:27:54 2024 +0200 Enhance test coverage for strnlen, wcsnlen This commit adds string/test-strnlen-nonarray and wcsmbs/test-wcsnlen-nonarray. Reviewed-by: Noah Goldstein (cherry picked from commit 783d4c0b81889c39a9ddf13b60d0fde4040fb1c0) diff --git a/string/Makefile b/string/Makefile index 8f31fa49e6..2e20fc00fd 100644 --- a/string/Makefile +++ b/string/Makefile @@ -184,6 +184,7 @@ tests := \ test-strncpy \ test-strndup \ test-strnlen \ + test-strnlen-nonarray \ test-strpbrk \ test-strrchr \ test-strspn \ diff --git a/string/test-Xnlen-nonarray.c b/string/test-Xnlen-nonarray.c new file mode 100644 index 0000000000..499bef2041 --- /dev/null +++ b/string/test-Xnlen-nonarray.c @@ -0,0 +1,133 @@ +/* Test non-array inputs to string length functions. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This skeleton file is included from string/test-strnlen-nonarray.c + and wcsmbs/test-wcsnlen-nonarray.c to test that reading of the array + stops at the first null character. + + TEST_IDENTIFIER must be the test function identifier. TEST_NAME is + the same as a string. + + CHAR must be defined as the character type. */ + +#include +#include +#include +#include +#include +#include +#include + +typedef __typeof (TEST_IDENTIFIER) *proto_t; + +#define TEST_MAIN +#include "test-string.h" + +IMPL (TEST_IDENTIFIER, 1) + +static int +test_main (void) +{ + enum { buffer_length = 256 }; + TEST_VERIFY_EXIT (sysconf (_SC_PAGESIZE) >= buffer_length); + + test_init (); + + /* Buffer layout: There are a_count 'A' character followed by + zero_count null character, for a total of buffer_length + character: + + AAAAA...AAAAA 00000 ... 00000 (unmapped page follows) + \ / \ / + (a_count) (zero_count) + \___ (buffer_length) ___/ + ^ + | + start_offset + + The buffer length does not change, but a_count (and thus _zero) + and start_offset vary. + + If start_offset == buffer_length, only 0 is a valid length + argument. The result is 0. + + Otherwwise, if zero_count > 0 (if there a null characters in the + buffer), then any length argument is valid. If start_offset < + a_count (i.e., there is a non-null character at start_offset), the + result is the minimum of a_count - start_offset and the length + argument. Otherwise the result is 0. + + Otherwise, there are no null characters before the unmapped page. + The length argument must not be greater than buffer_length - + start_offset, and the result is the length argument. */ + + struct support_next_to_fault ntf + = support_next_to_fault_allocate (buffer_length * sizeof (CHAR)); + CHAR *buffer = (CHAR *) ntf.buffer; + + FOR_EACH_IMPL (impl, 0) + { + printf ("info: testing %s\n", impl->name); + for (size_t i = 0; i < buffer_length; ++i) + buffer[i] = 'A'; + + for (int zero_count = 0; zero_count <= buffer_length; ++zero_count) + { + if (zero_count > 0) + buffer[buffer_length - zero_count] = 0; + int a_count = buffer_length - zero_count; + for (int start_offset = 0; start_offset <= buffer_length; + ++start_offset) + { + CHAR *start_pointer = buffer + start_offset; + if (start_offset == buffer_length) + TEST_COMPARE (CALL (impl, buffer + start_offset, 0), 0); + else if (zero_count > 0) + for (int length_argument = 0; + length_argument <= 2 * buffer_length; + ++length_argument) + { + if (test_verbose) + printf ("zero_count=%d a_count=%d start_offset=%d" + " length_argument=%d\n", + zero_count, a_count, start_offset, + length_argument); + if (start_offset < a_count) + TEST_COMPARE (CALL (impl, start_pointer, length_argument), + MIN (a_count - start_offset, + length_argument)); + else + TEST_COMPARE (CALL (impl, start_pointer, length_argument), + 0); + } + else + for (int length_argument = 0; + length_argument <= buffer_length - start_offset; + ++length_argument) + TEST_COMPARE (CALL (impl, start_pointer, length_argument), + length_argument); + } + } + } + + support_next_to_fault_free (&ntf); + + return 0; +} + +#include diff --git a/string/test-strnlen-nonarray.c b/string/test-strnlen-nonarray.c new file mode 100644 index 0000000000..0ad05756d9 --- /dev/null +++ b/string/test-strnlen-nonarray.c @@ -0,0 +1,4 @@ +#define TEST_IDENTIFIER strnlen +#define TEST_NAME "strnlen" +typedef char CHAR; +#include "test-Xnlen-nonarray.c" diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile index 1cddd8cc6d..c51c9b4f1f 100644 --- a/wcsmbs/Makefile +++ b/wcsmbs/Makefile @@ -160,6 +160,7 @@ tests := \ test-wcsncmp \ test-wcsncpy \ test-wcsnlen \ + test-wcsnlen-nonarray \ test-wcspbrk \ test-wcsrchr \ test-wcsspn \ diff --git a/wcsmbs/test-wcsnlen-nonarray.c b/wcsmbs/test-wcsnlen-nonarray.c new file mode 100644 index 0000000000..a4b21fecd3 --- /dev/null +++ b/wcsmbs/test-wcsnlen-nonarray.c @@ -0,0 +1,5 @@ +#include +#define TEST_IDENTIFIER wcsnlen +#define TEST_NAME "wcsnlen" +typedef wchar_t CHAR; +#include "../string/test-Xnlen-nonarray.c" commit 46f19b234244f4654b9e3898ac1c27de86068222 Author: Florian Weimer Date: Thu Jun 27 16:26:56 2024 +0200 Enhanced test coverage for strncmp, wcsncmp Add string/test-strncmp-nonarray and wcsmbs/test-wcsncmp-nonarray. This is the test that uncovered bug 31934. Test run time is more than one minute on a fairly current system, so turn these into xtests that do not run automatically. Reviewed-by: Noah Goldstein (cherry picked from commit 54252394c25ddf0062e288d4a6ab7a885f8ae009) diff --git a/string/Makefile b/string/Makefile index 2e20fc00fd..1dff405c27 100644 --- a/string/Makefile +++ b/string/Makefile @@ -236,7 +236,10 @@ tests-unsupported += $(tests-translation) endif # This test allocates a lot of memory and can run for a long time. -xtests = tst-strcoll-overflow +xtests += tst-strcoll-overflow + +# This test runs for a long time. +xtests += test-strncmp-nonarray # This test needs libdl. ifeq (yes,$(build-shared)) diff --git a/string/test-Xncmp-nonarray.c b/string/test-Xncmp-nonarray.c new file mode 100644 index 0000000000..9f3a3ca75d --- /dev/null +++ b/string/test-Xncmp-nonarray.c @@ -0,0 +1,183 @@ +/* Test non-array inputs to string comparison functions. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This skeleton file is included from string/test-strncmp-nonarray.c and + wcsmbs/test-wcsncmp-nonarray.c to test that reading of the arrays stops + at the first null character. + + TEST_IDENTIFIER must be the test function identifier. TEST_NAME is + the same as a string. + + CHAR must be defined as the character type. */ + +#include +#include +#include +#include +#include +#include +#include + +/* Much shorter than test-Xnlen-nonarray.c because of deeply nested loops. */ +enum { buffer_length = 80 }; + +/* The test buffer layout follows what is described test-Xnlen-nonarray.c, + except that there two buffers, left and right. The variables + a_count, zero_count, start_offset are all duplicated. */ + +/* Return the maximum string length for a string that starts at + start_offset. */ +static int +string_length (int a_count, int start_offset) +{ + if (start_offset == buffer_length || start_offset >= a_count) + return 0; + else + return a_count - start_offset; +} + +/* This is the valid maximum length argument computation for + strnlen/wcsnlen. See text-Xnlen-nonarray.c. */ +static int +maximum_length (int start_offset, int zero_count) +{ + if (start_offset == buffer_length) + return 0; + else if (zero_count > 0) + /* Effectively unbounded, but we need to stop fairly low, + otherwise testing takes too long. */ + return buffer_length + 32; + else + return buffer_length - start_offset; +} + +typedef __typeof (TEST_IDENTIFIER) *proto_t; + +#define TEST_MAIN +#include "test-string.h" + +IMPL (TEST_IDENTIFIER, 1) + +static int +test_main (void) +{ + TEST_VERIFY_EXIT (sysconf (_SC_PAGESIZE) >= buffer_length); + test_init (); + + struct support_next_to_fault left_ntf + = support_next_to_fault_allocate (buffer_length * sizeof (CHAR)); + CHAR *left_buffer = (CHAR *) left_ntf.buffer; + struct support_next_to_fault right_ntf + = support_next_to_fault_allocate (buffer_length * sizeof (CHAR)); + CHAR *right_buffer = (CHAR *) right_ntf.buffer; + + FOR_EACH_IMPL (impl, 0) + { + printf ("info: testing %s\n", impl->name); + for (size_t i = 0; i < buffer_length; ++i) + left_buffer[i] = 'A'; + + for (int left_zero_count = 0; left_zero_count <= buffer_length; + ++left_zero_count) + { + if (left_zero_count > 0) + left_buffer[buffer_length - left_zero_count] = 0; + int left_a_count = buffer_length - left_zero_count; + for (size_t i = 0; i < buffer_length; ++i) + right_buffer[i] = 'A'; + for (int right_zero_count = 0; right_zero_count <= buffer_length; + ++right_zero_count) + { + if (right_zero_count > 0) + right_buffer[buffer_length - right_zero_count] = 0; + int right_a_count = buffer_length - right_zero_count; + for (int left_start_offset = 0; + left_start_offset <= buffer_length; + ++left_start_offset) + { + CHAR *left_start_pointer = left_buffer + left_start_offset; + int left_maxlen + = maximum_length (left_start_offset, left_zero_count); + int left_length + = string_length (left_a_count, left_start_offset); + for (int right_start_offset = 0; + right_start_offset <= buffer_length; + ++right_start_offset) + { + CHAR *right_start_pointer + = right_buffer + right_start_offset; + int right_maxlen + = maximum_length (right_start_offset, right_zero_count); + int right_length + = string_length (right_a_count, right_start_offset); + + /* Maximum length is modelled after strnlen/wcsnlen, + and must be valid for both pointer arguments at + the same time. */ + int maxlen = MIN (left_maxlen, right_maxlen); + + for (int length_argument = 0; length_argument <= maxlen; + ++length_argument) + { + if (test_verbose) + { + printf ("left: zero_count=%d" + " a_count=%d start_offset=%d\n", + left_zero_count, left_a_count, + left_start_offset); + printf ("right: zero_count=%d" + " a_count=%d start_offset=%d\n", + right_zero_count, right_a_count, + right_start_offset); + printf ("length argument: %d\n", + length_argument); + } + + /* Effective lengths bounded by length argument. + The effective length determines the + outcome of the comparison. */ + int left_effective + = MIN (left_length, length_argument); + int right_effective + = MIN (right_length, length_argument); + if (left_effective == right_effective) + TEST_COMPARE (CALL (impl, + left_start_pointer, + right_start_pointer, + length_argument), 0); + else if (left_effective < right_effective) + TEST_COMPARE (CALL (impl, + left_start_pointer, + right_start_pointer, + length_argument) < 0, 1); + else + TEST_COMPARE (CALL (impl, + left_start_pointer, + right_start_pointer, + length_argument) > 0, 1); + } + } + } + } + } + } + + return 0; +} + +#include diff --git a/string/test-strncmp-nonarray.c b/string/test-strncmp-nonarray.c new file mode 100644 index 0000000000..581e52d01b --- /dev/null +++ b/string/test-strncmp-nonarray.c @@ -0,0 +1,4 @@ +#define TEST_IDENTIFIER strncmp +#define TEST_NAME "strncmp" +typedef char CHAR; +#include "test-Xncmp-nonarray.c" diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile index c51c9b4f1f..63adf0e8ef 100644 --- a/wcsmbs/Makefile +++ b/wcsmbs/Makefile @@ -206,6 +206,10 @@ tests := \ wcsmbs-tst1 \ # tests +# This test runs for a long time. +xtests += test-wcsncmp-nonarray + + include ../Rules ifeq ($(run-built-tests),yes) diff --git a/wcsmbs/test-wcsncmp-nonarray.c b/wcsmbs/test-wcsncmp-nonarray.c new file mode 100644 index 0000000000..1ad9ebd8fd --- /dev/null +++ b/wcsmbs/test-wcsncmp-nonarray.c @@ -0,0 +1,5 @@ +#include +#define TEST_IDENTIFIER wcsncmp +#define TEST_NAME "wcsncmp" +typedef wchar_t CHAR; +#include "../string/test-Xncmp-nonarray.c" commit 3433a358428bcec2d203fa408b85f442c9a465ca Author: H.J. Lu Date: Wed Jul 24 14:05:13 2024 -0700 linux: Update the mremap C implementation [BZ #31968] Update the mremap C implementation to support the optional argument for MREMAP_DONTUNMAP added in Linux 5.7 since it may not always be correct to implement a variadic function as a non-variadic function on all Linux targets. Return MAP_FAILED and set errno to EINVAL for unknown flag bits. This fixes BZ #31968. Note: A test must be added when a new flag bit is introduced. Signed-off-by: H.J. Lu Reviewed-by: Adhemerval Zanella (cherry picked from commit 6c40cb0e9f893d49dc7caee580a055de53562206) diff --git a/NEWS b/NEWS index 6b62f55658..5948704ef9 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,7 @@ The following bugs are resolved with this release: [30081] resolv: Do not wait for non-existing second DNS response after error [31890] resolv: Allow short error responses to match any DNS query + [31968] mremap implementation in C does not handle arguments correctly Version 2.40 diff --git a/sysdeps/unix/sysv/linux/mremap.c b/sysdeps/unix/sysv/linux/mremap.c index 4f770799c4..1ada5c1f40 100644 --- a/sysdeps/unix/sysv/linux/mremap.c +++ b/sysdeps/unix/sysv/linux/mremap.c @@ -20,6 +20,12 @@ #include #include #include +#include + +#define MREMAP_KNOWN_BITS \ + (MREMAP_MAYMOVE \ + | MREMAP_FIXED \ + | MREMAP_DONTUNMAP) void * __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...) @@ -27,7 +33,13 @@ __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...) va_list va; void *new_addr = NULL; - if (flags & MREMAP_FIXED) + if (flags & ~(MREMAP_KNOWN_BITS)) + { + __set_errno (EINVAL); + return MAP_FAILED; + } + + if (flags & (MREMAP_FIXED | MREMAP_DONTUNMAP)) { va_start (va, flags); new_addr = va_arg (va, void *); commit 2eb2d78ca75d7432bd1d11d227f4c899554ea02e Author: H.J. Lu Date: Wed Jul 24 14:05:14 2024 -0700 mremap: Update manual entry Update mremap manual entry: 1. Change mremap to variadic. 2. Document MREMAP_FIXED and MREMAP_DONTUNMAP. Signed-off-by: H.J. Lu Reviewed-by: Adhemerval Zanella (cherry picked from commit cb2dee4eccf46642eef588bee64f9c875c408f1c) diff --git a/NEWS b/NEWS index 5948704ef9..8da0408ad9 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,7 @@ Version 2.40.1 The following bugs are resolved with this release: [30081] resolv: Do not wait for non-existing second DNS response after error + [31968] mremap implementation in C does not handle arguments correctly [31890] resolv: Allow short error responses to match any DNS query [31968] mremap implementation in C does not handle arguments correctly diff --git a/manual/llio.texi b/manual/llio.texi index 6f0a48609b..ea84196abd 100644 --- a/manual/llio.texi +++ b/manual/llio.texi @@ -1892,7 +1892,7 @@ There is no existing mapping in at least part of the given region. @end deftypefun -@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag}) +@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag}, ... /* void *@var{new_address} */) @standards{GNU, sys/mman.h} @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} @@ -1901,12 +1901,40 @@ area. @var{address} and @var{length} must cover a region entirely mapped in the same @code{mmap} statement. A new mapping with the same characteristics will be returned with the length @var{new_length}. -One option is possible, @code{MREMAP_MAYMOVE}. If it is given in -@var{flags}, the system may remove the existing mapping and create a new -one of the desired length in another location. +Possible flags are -The address of the resulting mapping is returned, or @math{-1}. Possible -error codes include: +@table @code + +@item MREMAP_MAYMOVE +If it is given in @var{flags}, the system may remove the existing mapping +and create a new one of the desired length in another location. + +@item MREMAP_FIXED +If it is given in @var{flags}, @code{mremap} accepts a fifth argument, +@code{void *new_address}, which specifies a page-aligned address to +which the mapping must be moved. Any previous mapping at the address +range specified by @var{new_address} and @var{new_size} is unmapped. + +@code{MREMAP_FIXED} must be used together with @code{MREMAP_MAYMOVE}. + +@item MREMAP_DONTUNMAP +If it is given in @var{flags}, @code{mremap} accepts a fifth argument, +@code{void *new_address}, which specifies a page-aligned address. Any +previous mapping at the address range specified by @var{new_address} and +@var{new_size} is unmapped. If @var{new_address} is @code{NULL}, the +kernel chooses the page-aligned address at which to create the mapping. +Otherwise, the kernel takes it as a hint about where to place the mapping. +The mapping at the address range specified by @var{old_address} and +@var{old_size} isn't unmapped. + +@code{MREMAP_DONTUNMAP} must be used together with @code{MREMAP_MAYMOVE}. +@var{old_size} must be the same as @var{new_size}. This flag bit is +Linux-specific. + +@end table + +The address of the resulting mapping is returned, or @code{MAP_FAILED}. +Possible error codes include: @table @code @@ -1915,7 +1943,7 @@ There is no existing mapping in at least part of the original region, or the region covers two or more distinct mappings. @item EINVAL -The address given is misaligned or inappropriate. +Any arguments are inappropriate, including unknown @var{flags} values. @item EAGAIN The region has pages locked, and if extended it would exceed the commit ca53bc68ab92ab413a7d53e951227d380a85ebd8 Author: H.J. Lu Date: Wed Jul 24 14:05:15 2024 -0700 Add mremap tests Add tests for MREMAP_MAYMOVE and MREMAP_FIXED. On Linux, also test MREMAP_DONTUNMAP. Signed-off-by: H.J. Lu Reviewed-by: Adhemerval Zanella (cherry picked from commit ff0320bec2810192d453c579623482fab87bfa01) diff --git a/misc/Makefile b/misc/Makefile index 5d17c562fe..7b7f8351bf 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -257,6 +257,8 @@ tests := \ tst-mntent-blank-passno \ tst-mntent-escape \ tst-mntent2 \ + tst-mremap1 \ + tst-mremap2 \ tst-preadvwritev \ tst-preadvwritev2 \ tst-preadvwritev64 \ diff --git a/misc/tst-mremap1.c b/misc/tst-mremap1.c new file mode 100644 index 0000000000..0469991a6c --- /dev/null +++ b/misc/tst-mremap1.c @@ -0,0 +1,46 @@ +/* Test mremap with MREMAP_MAYMOVE. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +static int +do_test (void) +{ + size_t old_size = getpagesize (); + char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1); + old_addr[0] = 1; + old_addr[old_size - 1] = 2; + + /* Test MREMAP_MAYMOVE. */ + size_t new_size = old_size + old_size; + char *new_addr = mremap (old_addr, old_size, new_size, MREMAP_MAYMOVE); + TEST_VERIFY_EXIT (new_addr != MAP_FAILED); + new_addr[0] = 1; + new_addr[new_size - 1] = 2; + xmunmap (new_addr, new_size); + + return 0; +} + +#include diff --git a/misc/tst-mremap2.c b/misc/tst-mremap2.c new file mode 100644 index 0000000000..45be7f0369 --- /dev/null +++ b/misc/tst-mremap2.c @@ -0,0 +1,54 @@ +/* Test mremap with MREMAP_FIXED. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +static int +do_test (void) +{ + size_t old_size = getpagesize (); + size_t new_size = old_size + old_size; + char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1); + old_addr[0] = 1; + old_addr[old_size - 1] = 2; + + char *fixed_addr = xmmap (NULL, new_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1); + fixed_addr[0] = 1; + fixed_addr[new_size - 1] = 2; + + /* Test MREMAP_FIXED. */ + char *new_addr = mremap (old_addr, old_size, new_size, + MREMAP_FIXED | MREMAP_MAYMOVE, + fixed_addr); + if (new_addr == MAP_FAILED) + return mremap_failure_exit (errno); + new_addr[0] = 1; + new_addr[new_size - 1] = 2; + xmunmap (new_addr, new_size); + + return 0; +} + +#include diff --git a/sysdeps/generic/mremap-failure.h b/sysdeps/generic/mremap-failure.h new file mode 100644 index 0000000000..bc0d476368 --- /dev/null +++ b/sysdeps/generic/mremap-failure.h @@ -0,0 +1,25 @@ +/* mremap failure handling. Generic version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* Return exit value on mremap failure with errno ERR. */ + +static int +mremap_failure_exit (int err) +{ + return EXIT_FAILURE; +} diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 097b5a26fc..59998c7af4 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -206,6 +206,7 @@ tests += \ tst-getauxval \ tst-gettid \ tst-gettid-kill \ + tst-linux-mremap1 \ tst-memfd_create \ tst-misalign-clone \ tst-mlock2 \ diff --git a/sysdeps/unix/sysv/linux/mremap-failure.h b/sysdeps/unix/sysv/linux/mremap-failure.h new file mode 100644 index 0000000000..c99ab30ca9 --- /dev/null +++ b/sysdeps/unix/sysv/linux/mremap-failure.h @@ -0,0 +1,30 @@ +/* mremap failure handling. Linux version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* Return exit value on mremap failure with errno ERR. */ + +static int +mremap_failure_exit (int err) +{ + if (err != EINVAL) + return EXIT_FAILURE; + + return EXIT_UNSUPPORTED; +} diff --git a/sysdeps/unix/sysv/linux/tst-linux-mremap1.c b/sysdeps/unix/sysv/linux/tst-linux-mremap1.c new file mode 100644 index 0000000000..408e8af2ab --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-linux-mremap1.c @@ -0,0 +1,63 @@ +/* Test mremap with MREMAP_DONTUNMAP. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include + +static int +do_test (void) +{ + size_t old_size = getpagesize (); + size_t new_size = old_size; + char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1); + old_addr[0] = 1; + old_addr[old_size - 1] = 2; + + /* Create an available 64-page mmap region. */ + size_t fixed_size = old_size * 64; + char *fixed_addr = xmmap (NULL, fixed_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1); + xmunmap (fixed_addr, fixed_size); + + /* Add 3 * pagesize. */ + fixed_size += 3 * old_size; + + /* Test MREMAP_DONTUNMAP. It should return FIXED_ADDR created above. */ + char *new_addr = mremap (old_addr, old_size, new_size, + MREMAP_DONTUNMAP | MREMAP_MAYMOVE, + fixed_addr); + if (new_addr == MAP_FAILED) + return mremap_failure_exit (errno); + TEST_VERIFY_EXIT (fixed_addr == new_addr); + old_addr[0] = 3; + old_addr[old_size - 1] = 4; + new_addr[0] = 1; + new_addr[new_size - 1] = 2; + xmunmap (new_addr, new_size); + xmunmap (old_addr, old_size); + + return 0; +} + +#include commit 928769737c8f0cbb51dfa2a02de0594c2395d802 Author: Florian Weimer Date: Thu Aug 1 10:46:10 2024 +0200 resolv: Fix tst-resolv-short-response for older GCC (bug 32042) Previous GCC versions do not support the C23 change that allows labels on declarations. Reviewed-by: Adhemerval Zanella (cherry picked from commit ec119972cb2598c04ec7d4219e20506006836f64) diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c index be354ae1c7..9b06b0c176 100644 --- a/resolv/tst-resolv-short-response.c +++ b/resolv/tst-resolv-short-response.c @@ -33,8 +33,10 @@ response (const struct resolv_response_context *ctx, { case 0: /* First server times out. */ - struct resolv_response_flags flags = {.rcode = rcode}; - resolv_response_init (b, flags); + { + struct resolv_response_flags flags = {.rcode = rcode}; + resolv_response_init (b, flags); + } break; case 1: /* Second server sends reply. */ commit aa533d58ff12e27771d9c960a727d74992a3f2a3 Author: Florian Weimer Date: Fri Aug 2 15:22:14 2024 +0200 x86: Tunables may incorrectly set Prefer_PMINUB_for_stringop (bug 32047) Fixes commit 5bcf6265f215326d14dfacdce8532792c2c7f8f8 ("x86: Disable non-temporal memset on Skylake Server"). Reviewed-by: Noah Goldstein (cherry picked from commit 7a630f7d3392ca391a399486ce2846f9e4b4ee63) diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c index ae9dcd6180..ccc6b64dc2 100644 --- a/sysdeps/x86/cpu-tunables.c +++ b/sysdeps/x86/cpu-tunables.c @@ -248,6 +248,7 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp) CHECK_GLIBC_IFUNC_PREFERRED_BOTH (n, cpu_features, Avoid_Non_Temporal_Memset, 25); } + break; case 26: { CHECK_GLIBC_IFUNC_PREFERRED_NEED_BOTH commit 6a97e2ba144a554809161d488f25e4bae07c9405 Author: Andreas Schwab Date: Mon Aug 5 10:55:51 2024 +0200 Fix name space violation in fortify wrappers (bug 32052) Rename the identifier sz to __sz everywhere. Fixes: a643f60c53 ("Make sure that the fortified function conditionals are constant") (cherry picked from commit 39ca997ab378990d5ac1aadbaa52aaf1db6d526f) diff --git a/NEWS b/NEWS index 8da0408ad9..b9eb4a558b 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,7 @@ The following bugs are resolved with this release: [31968] mremap implementation in C does not handle arguments correctly [31890] resolv: Allow short error responses to match any DNS query [31968] mremap implementation in C does not handle arguments correctly + [32052] Name space violation in fortify wrappers Version 2.40 diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h index 91a80dd7c6..4b8bc35bdf 100644 --- a/libio/bits/stdio2.h +++ b/libio/bits/stdio2.h @@ -308,14 +308,14 @@ fgets (__fortify_clang_overload_arg (char *, __restrict, __s), int __n, "fgets called with bigger size than length of " "destination buffer") { - size_t sz = __glibc_objsize (__s); - if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + size_t __sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) return __fgets_alias (__s, __n, __stream); #if !__fortify_use_clang - if (__glibc_unsafe_len (__n, sizeof (char), sz)) - return __fgets_chk_warn (__s, sz, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (char), __sz)) + return __fgets_chk_warn (__s, __sz, __n, __stream); #endif - return __fgets_chk (__s, sz, __n, __stream); + return __fgets_chk (__s, __sz, __n, __stream); } __fortify_function __wur __nonnull ((4)) __attribute_overloadable__ size_t @@ -326,14 +326,14 @@ fread (__fortify_clang_overload_arg (void *, __restrict, __ptr), "fread called with bigger size * n than length " "of destination buffer") { - size_t sz = __glibc_objsize0 (__ptr); - if (__glibc_safe_or_unknown_len (__n, __size, sz)) + size_t __sz = __glibc_objsize0 (__ptr); + if (__glibc_safe_or_unknown_len (__n, __size, __sz)) return __fread_alias (__ptr, __size, __n, __stream); #if !__fortify_use_clang - if (__glibc_unsafe_len (__n, __size, sz)) - return __fread_chk_warn (__ptr, sz, __size, __n, __stream); + if (__glibc_unsafe_len (__n, __size, __sz)) + return __fread_chk_warn (__ptr, __sz, __size, __n, __stream); #endif - return __fread_chk (__ptr, sz, __size, __n, __stream); + return __fread_chk (__ptr, __sz, __size, __n, __stream); } #ifdef __USE_GNU @@ -345,14 +345,14 @@ fgets_unlocked (__fortify_clang_overload_arg (char *, __restrict, __s), "fgets called with bigger size than length of " "destination buffer") { - size_t sz = __glibc_objsize (__s); - if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + size_t __sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) return __fgets_unlocked_alias (__s, __n, __stream); #if !__fortify_use_clang - if (__glibc_unsafe_len (__n, sizeof (char), sz)) - return __fgets_unlocked_chk_warn (__s, sz, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (char), __sz)) + return __fgets_unlocked_chk_warn (__s, __sz, __n, __stream); #endif - return __fgets_unlocked_chk (__s, sz, __n, __stream); + return __fgets_unlocked_chk (__s, __sz, __n, __stream); } #endif @@ -366,8 +366,8 @@ fread_unlocked (__fortify_clang_overload_arg0 (void *, __restrict, __ptr), "fread_unlocked called with bigger size * n than " "length of destination buffer") { - size_t sz = __glibc_objsize0 (__ptr); - if (__glibc_safe_or_unknown_len (__n, __size, sz)) + size_t __sz = __glibc_objsize0 (__ptr); + if (__glibc_safe_or_unknown_len (__n, __size, __sz)) { # ifdef __USE_EXTERN_INLINES if (__builtin_constant_p (__size) @@ -393,10 +393,10 @@ fread_unlocked (__fortify_clang_overload_arg0 (void *, __restrict, __ptr), return __fread_unlocked_alias (__ptr, __size, __n, __stream); } # if !__fortify_use_clang - if (__glibc_unsafe_len (__n, __size, sz)) - return __fread_unlocked_chk_warn (__ptr, sz, __size, __n, __stream); + if (__glibc_unsafe_len (__n, __size, __sz)) + return __fread_unlocked_chk_warn (__ptr, __sz, __size, __n, __stream); # endif - return __fread_unlocked_chk (__ptr, sz, __size, __n, __stream); + return __fread_unlocked_chk (__ptr, __sz, __size, __n, __stream); } #endif diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h index 04780f320e..bd91647f37 100644 --- a/socket/bits/socket2.h +++ b/socket/bits/socket2.h @@ -37,14 +37,14 @@ recv (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __n, "recv called with bigger length than " "size of destination buffer") { - size_t sz = __glibc_objsize0 (__buf); - if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + size_t __sz = __glibc_objsize0 (__buf); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) return __recv_alias (__fd, __buf, __n, __flags); #if !__fortify_use_clang - if (__glibc_unsafe_len (__n, sizeof (char), sz)) - return __recv_chk_warn (__fd, __buf, __n, sz, __flags); + if (__glibc_unsafe_len (__n, sizeof (char), __sz)) + return __recv_chk_warn (__fd, __buf, __n, __sz, __flags); #endif - return __recv_chk (__fd, __buf, __n, sz, __flags); + return __recv_chk (__fd, __buf, __n, __sz, __flags); } extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n, @@ -71,13 +71,13 @@ recvfrom (int __fd, __fortify_clang_overload_arg0 (void *, __restrict, __buf), "recvfrom called with bigger length " "than size of destination buffer") { - size_t sz = __glibc_objsize0 (__buf); - if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + size_t __sz = __glibc_objsize0 (__buf); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); #if !__fortify_use_clang - if (__glibc_unsafe_len (__n, sizeof (char), sz)) - return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr, + if (__glibc_unsafe_len (__n, sizeof (char), __sz)) + return __recvfrom_chk_warn (__fd, __buf, __n, __sz, __flags, __addr, __addr_len); #endif - return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len); + return __recvfrom_chk (__fd, __buf, __n, __sz, __flags, __addr, __addr_len); } diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h index 1557b862b1..9c78ecf458 100644 --- a/stdlib/bits/stdlib.h +++ b/stdlib/bits/stdlib.h @@ -43,16 +43,16 @@ __NTH (realpath (const char *__restrict __name, "bytes long buffer") #endif { - size_t sz = __glibc_objsize (__resolved); + size_t __sz = __glibc_objsize (__resolved); - if (sz == (size_t) -1) + if (__sz == (size_t) -1) return __realpath_alias (__name, __resolved); #if !__fortify_use_clang && defined _LIBC_LIMITS_H_ && defined PATH_MAX - if (__glibc_unsafe_len (PATH_MAX, sizeof (char), sz)) - return __realpath_chk_warn (__name, __resolved, sz); + if (__glibc_unsafe_len (PATH_MAX, sizeof (char), __sz)) + return __realpath_chk_warn (__name, __resolved, __sz); #endif - return __realpath_chk (__name, __resolved, sz); + return __realpath_chk (__name, __resolved, __sz); } diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h index 9fdff47ee2..43c6b63027 100644 --- a/wcsmbs/bits/wchar2.h +++ b/wcsmbs/bits/wchar2.h @@ -74,9 +74,9 @@ __fortify_function __attribute_overloadable__ wchar_t * __NTH (wcscpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), const wchar_t *__restrict __src)) { - size_t sz = __glibc_objsize (__dest); - if (sz != (size_t) -1) - return __wcscpy_chk (__dest, __src, sz / sizeof (wchar_t)); + size_t __sz = __glibc_objsize (__dest); + if (__sz != (size_t) -1) + return __wcscpy_chk (__dest, __src, __sz / sizeof (wchar_t)); return __wcscpy_alias (__dest, __src); } @@ -84,9 +84,9 @@ __fortify_function __attribute_overloadable__ wchar_t * __NTH (wcpcpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), const wchar_t *__restrict __src)) { - size_t sz = __glibc_objsize (__dest); - if (sz != (size_t) -1) - return __wcpcpy_chk (__dest, __src, sz / sizeof (wchar_t)); + size_t __sz = __glibc_objsize (__dest); + if (__sz != (size_t) -1) + return __wcpcpy_chk (__dest, __src, __sz / sizeof (wchar_t)); return __wcpcpy_alias (__dest, __src); } @@ -118,9 +118,9 @@ __fortify_function __attribute_overloadable__ wchar_t * __NTH (wcscat (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), const wchar_t *__restrict __src)) { - size_t sz = __glibc_objsize (__dest); - if (sz != (size_t) -1) - return __wcscat_chk (__dest, __src, sz / sizeof (wchar_t)); + size_t __sz = __glibc_objsize (__dest); + if (__sz != (size_t) -1) + return __wcscat_chk (__dest, __src, __sz / sizeof (wchar_t)); return __wcscat_alias (__dest, __src); } @@ -128,9 +128,9 @@ __fortify_function __attribute_overloadable__ wchar_t * __NTH (wcsncat (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), const wchar_t *__restrict __src, size_t __n)) { - size_t sz = __glibc_objsize (__dest); - if (sz != (size_t) -1) - return __wcsncat_chk (__dest, __src, __n, sz / sizeof (wchar_t)); + size_t __sz = __glibc_objsize (__dest); + if (__sz != (size_t) -1) + return __wcsncat_chk (__dest, __src, __n, __sz / sizeof (wchar_t)); return __wcsncat_alias (__dest, __src, __n); } @@ -170,10 +170,10 @@ __fortify_function int __NTH (swprintf (wchar_t *__restrict __s, size_t __n, const wchar_t *__restrict __fmt, ...)) { - size_t sz = __glibc_objsize (__s); - if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + size_t __sz = __glibc_objsize (__s); + if (__sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - sz / sizeof (wchar_t), __fmt, __va_arg_pack ()); + __sz / sizeof (wchar_t), __fmt, __va_arg_pack ()); return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ()); } #elif __fortify_use_clang @@ -206,10 +206,10 @@ __fortify_function int __NTH (vswprintf (wchar_t *__restrict __s, size_t __n, const wchar_t *__restrict __fmt, __gnuc_va_list __ap)) { - size_t sz = __glibc_objsize (__s); - if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + size_t __sz = __glibc_objsize (__s); + if (__sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - sz / sizeof (wchar_t), __fmt, __ap); + __sz / sizeof (wchar_t), __fmt, __ap); return __vswprintf_alias (__s, __n, __fmt, __ap); } @@ -257,14 +257,14 @@ fgetws (__fortify_clang_overload_arg (wchar_t *, __restrict, __s), int __n, "fgetws called with length bigger " "than size of destination buffer") { - size_t sz = __glibc_objsize (__s); - if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) + size_t __sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), __sz)) return __fgetws_alias (__s, __n, __stream); #if !__fortify_use_clang - if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) - return __fgetws_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (wchar_t), __sz)) + return __fgetws_chk_warn (__s, __sz / sizeof (wchar_t), __n, __stream); #endif - return __fgetws_chk (__s, sz / sizeof (wchar_t), __n, __stream); + return __fgetws_chk (__s, __sz / sizeof (wchar_t), __n, __stream); } #ifdef __USE_GNU @@ -275,15 +275,15 @@ fgetws_unlocked (__fortify_clang_overload_arg (wchar_t *, __restrict, __s), "fgetws_unlocked called with length bigger " "than size of destination buffer") { - size_t sz = __glibc_objsize (__s); - if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) + size_t __sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), __sz)) return __fgetws_unlocked_alias (__s, __n, __stream); # if !__fortify_use_clang - if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) - return __fgetws_unlocked_chk_warn (__s, sz / sizeof (wchar_t), __n, + if (__glibc_unsafe_len (__n, sizeof (wchar_t), __sz)) + return __fgetws_unlocked_chk_warn (__s, __sz / sizeof (wchar_t), __n, __stream); # endif - return __fgetws_unlocked_chk (__s, sz / sizeof (wchar_t), __n, __stream); + return __fgetws_unlocked_chk (__s, __sz / sizeof (wchar_t), __n, __stream); } #endif commit 5641780762723156b0d20a0b9f7df1d76831bab0 Author: Arjun Shankar Date: Tue Jul 30 11:37:57 2024 +0200 manual/stdio: Further clarify putc, putwc, getc, and getwc This is a follow-up to 10de4a47ef3f481592e3c62eb07bcda23e9fde4d that reworded the manual entries for putc and putwc and removed any performance claims. This commit further clarifies these entries and brings getc and getwc in line with the descriptions of putc and putwc, removing any performance claims from them as well. Reviewed-by: Florian Weimer (cherry picked from commit 942670c81dc8071dd75d6213e771daa5d2084cb6) diff --git a/manual/stdio.texi b/manual/stdio.texi index f9529a098d..8517653507 100644 --- a/manual/stdio.texi +++ b/manual/stdio.texi @@ -904,20 +904,16 @@ This function is a GNU extension. @standards{ISO, stdio.h} @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{} @aculock{}}} This is just like @code{fputc}, except that it may be implemented as -a macro, making it faster. One consequence is that it may evaluate the -@var{stream} argument more than once, which is an exception to the -general rule for macros. Therefore, @var{stream} should never be an -expression with side-effects. +a macro and may evaluate the @var{stream} argument more than once. +Therefore, @var{stream} should never be an expression with side-effects. @end deftypefun @deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream}) @standards{ISO, wchar.h} @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@acucorrupt{} @aculock{}}} This is just like @code{fputwc}, except that it may be implemented as -a macro, making it faster. One consequence is that it may evaluate the -@var{stream} argument more than once, which is an exception to the -general rule for macros. Therefore, @var{stream} should never be an -expression with side-effects. +a macro and may evaluate the @var{stream} argument more than once. +Therefore, @var{stream} should never be an expression with side-effects. @end deftypefun @deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream}) @@ -1110,20 +1106,17 @@ This function is a GNU extension. @deftypefun int getc (FILE *@var{stream}) @standards{ISO, stdio.h} @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@aculock{} @acucorrupt{}}} -This is just like @code{fgetc}, except that it is permissible (and -typical) for it to be implemented as a macro that evaluates the -@var{stream} argument more than once. @code{getc} is often highly -optimized, so it is usually the best function to use to read a single -character. +This is just like @code{fgetc}, except that it may be implemented as +a macro and may evaluate the @var{stream} argument more than once. +Therefore, @var{stream} should never be an expression with side-effects. @end deftypefun @deftypefun wint_t getwc (FILE *@var{stream}) @standards{ISO, wchar.h} @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{}}@acunsafe{@aculock{} @acucorrupt{}}} -This is just like @code{fgetwc}, except that it is permissible for it to -be implemented as a macro that evaluates the @var{stream} argument more -than once. @code{getwc} can be highly optimized, so it is usually the -best function to use to read a single wide character. +This is just like @code{fgetwc}, except that it may be implemented as +a macro and may evaluate the @var{stream} argument more than once. +Therefore, @var{stream} should never be an expression with side-effects. @end deftypefun @deftypefun int getc_unlocked (FILE *@var{stream}) commit 39ee60a719eb6ffde76ccc232d79273c473d7a93 Author: Florian Weimer Date: Fri Aug 9 17:01:17 2024 +0200 support: Add options list terminator to the test driver This avoids crashes if a test is passed unknown options. Reviewed-by: Adhemerval Zanella (cherry picked from commit c2a474f4617ede7a8bf56b7257acb37dc757b2d1) diff --git a/support/test-driver.c b/support/test-driver.c index f4c3e4d666..04ceebc08f 100644 --- a/support/test-driver.c +++ b/support/test-driver.c @@ -155,6 +155,7 @@ main (int argc, char **argv) { CMDLINE_OPTIONS TEST_DEFAULT_OPTIONS + { 0, } }; test_config.options = &options; #endif commit e3556937c2402b8acf2e586bf53168e9f482ba91 Author: H.J. Lu Date: Mon Jul 22 17:47:21 2024 -0700 x86-64: Remove sysdeps/x86_64/x32/dl-machine.h Remove sysdeps/x86_64/x32/dl-machine.h by folding x32 ARCH_LA_PLTENTER, ARCH_LA_PLTEXIT and RTLD_START into sysdeps/x86_64/dl-machine.h. There are no regressions on x86-64 nor x32. There are no changes in x86-64 _dl_start_user. On x32, _dl_start_user changes are <_dl_start_user>: mov %eax,%r12d + mov %esp,%r13d mov (%rsp),%edx mov %edx,%esi - mov %esp,%r13d and $0xfffffff0,%esp mov 0x0(%rip),%edi # <_dl_start_user+0x14> lea 0x8(%r13,%rdx,4),%ecx Signed-off-by: H.J. Lu Reviewed-by: Noah Goldstein (cherry picked from commit 652c6cf26927352fc0e37e4e60c6fc98ddf6d3b4) diff --git a/sysdeps/x86_64/dl-machine.h b/sysdeps/x86_64/dl-machine.h index a6de3793e4..4f12955875 100644 --- a/sysdeps/x86_64/dl-machine.h +++ b/sysdeps/x86_64/dl-machine.h @@ -139,37 +139,37 @@ elf_machine_runtime_setup (struct link_map *l, struct r_scope_elem *scope[], .globl _start\n\ .globl _dl_start_user\n\ _start:\n\ - movq %rsp, %rdi\n\ + mov %" RSP_LP ", %" RDI_LP "\n\ call _dl_start\n\ _dl_start_user:\n\ # Save the user entry point address in %r12.\n\ - movq %rax, %r12\n\ + mov %" RAX_LP ", %" R12_LP "\n\ # Save %rsp value in %r13.\n\ - movq %rsp, %r13\n\ + mov %" RSP_LP ", % " R13_LP "\n\ "\ RTLD_START_ENABLE_X86_FEATURES \ "\ # Read the original argument count.\n\ - movq (%rsp), %rdx\n\ + mov (%rsp), %" RDX_LP "\n\ # Call _dl_init (struct link_map *main_map, int argc, char **argv, char **env)\n\ # argc -> rsi\n\ - movq %rdx, %rsi\n\ + mov %" RDX_LP ", %" RSI_LP "\n\ # And align stack for the _dl_init call. \n\ - andq $-16, %rsp\n\ + and $-16, %" RSP_LP "\n\ # _dl_loaded -> rdi\n\ - movq _rtld_local(%rip), %rdi\n\ + mov _rtld_local(%rip), %" RDI_LP "\n\ # env -> rcx\n\ - leaq 16(%r13,%rdx,8), %rcx\n\ + lea 2*" LP_SIZE "(%r13,%rdx," LP_SIZE "), %" RCX_LP "\n\ # argv -> rdx\n\ - leaq 8(%r13), %rdx\n\ + lea " LP_SIZE "(%r13), %" RDX_LP "\n\ # Clear %rbp to mark outermost frame obviously even for constructors.\n\ xorl %ebp, %ebp\n\ # Call the function to run the initializers.\n\ call _dl_init\n\ # Pass our finalizer function to the user in %rdx, as per ELF ABI.\n\ - leaq _dl_fini(%rip), %rdx\n\ + lea _dl_fini(%rip), %" RDX_LP "\n\ # And make sure %rsp points to argc stored on the stack.\n\ - movq %r13, %rsp\n\ + mov %" R13_LP ", %" RSP_LP "\n\ # Jump to the user's entry point.\n\ jmp *%r12\n\ .previous\n\ @@ -234,8 +234,13 @@ elf_machine_plt_value (struct link_map *map, const ElfW(Rela) *reloc, /* Names of the architecture-specific auditing callback functions. */ +#ifdef __LP64__ #define ARCH_LA_PLTENTER x86_64_gnu_pltenter #define ARCH_LA_PLTEXIT x86_64_gnu_pltexit +#else +#define ARCH_LA_PLTENTER x32_gnu_pltenter +#define ARCH_LA_PLTEXIT x32_gnu_pltexit +#endif #endif /* !dl_machine_h */ diff --git a/sysdeps/x86_64/x32/dl-machine.h b/sysdeps/x86_64/x32/dl-machine.h deleted file mode 100644 index c35cee9261..0000000000 --- a/sysdeps/x86_64/x32/dl-machine.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Machine-dependent ELF dynamic relocation inline functions. x32 version. - Copyright (C) 2012-2024 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - . */ - -/* Must allow to be included more than once. - See #ifdef RESOLVE_MAP in sysdeps/x86_64/dl-machine.h. */ -#include - -#ifndef _X32_DL_MACHINE_H -#define _X32_DL_MACHINE_H - -#undef ARCH_LA_PLTENTER -#undef ARCH_LA_PLTEXIT -#undef RTLD_START - -/* Names of the architecture-specific auditing callback functions. */ -#define ARCH_LA_PLTENTER x32_gnu_pltenter -#define ARCH_LA_PLTEXIT x32_gnu_pltexit - -/* Initial entry point code for the dynamic linker. - The C function `_dl_start' is the real entry point; - its return value is the user program's entry point. */ -#define RTLD_START asm ("\n\ -.text\n\ - .p2align 4\n\ -.globl _start\n\ -.globl _dl_start_user\n\ -_start:\n\ - movl %esp, %edi\n\ - call _dl_start\n\ -_dl_start_user:\n\ - # Save the user entry point address in %r12.\n\ - movl %eax, %r12d\n\ - # Read the original argument count.\n\ - movl (%rsp), %edx\n\ - # Call _dl_init (struct link_map *main_map, int argc, char **argv, char **env)\n\ - # argc -> rsi\n\ - movl %edx, %esi\n\ - # Save %rsp value in %r13.\n\ - movl %esp, %r13d\n\ - # And align stack for the _dl_init call.\n\ - and $-16, %esp\n\ - # _dl_loaded -> rdi\n\ - movl _rtld_local(%rip), %edi\n\ - # env -> rcx\n\ - lea 8(%r13,%rdx,4), %ecx\n\ - # argv -> rdx\n\ - lea 4(%r13), %edx\n\ - # Clear %rbp to mark outermost frame obviously even for constructors.\n\ - xorl %ebp, %ebp\n\ - # Call the function to run the initializers.\n\ - call _dl_init\n\ - # Pass our finalizer function to the user in %rdx, as per ELF ABI.\n\ - lea _dl_fini(%rip), %edx\n\ - # And make sure %rsp points to argc stored on the stack.\n\ - movl %r13d, %esp\n\ - # Jump to the user's entry point.\n\ - jmp *%r12\n\ -.previous\n\ -"); - -#endif /* !_X32_DL_MACHINE_H */ commit 898f25e0b1026be5701d05715600be646e9d0714 Author: H.J. Lu Date: Mon Jul 22 17:47:22 2024 -0700 x32/cet: Support shadow stack during startup for Linux 6.10 Use RXX_LP in RTLD_START_ENABLE_X86_FEATURES. Support shadow stack during startup for Linux 6.10: commit 2883f01ec37dd8668e7222dfdb5980c86fdfe277 Author: H.J. Lu Date: Fri Mar 15 07:04:33 2024 -0700 x86/shstk: Enable shadow stacks for x32 1. Add shadow stack support to x32 signal. 2. Use the 64-bit map_shadow_stack syscall for x32. 3. Set up shadow stack for x32. Add the map_shadow_stack system call to and regenerate arch-syscall.h. Tested on Intel Tiger Lake with CET enabled x32. There are no regressions with CET enabled x86-64. There are no changes in CET enabled x86-64 _dl_start_user. Signed-off-by: H.J. Lu Reviewed-by: Noah Goldstein (cherry picked from commit 8344c1f5514b1b5b1c8c6e48f4b802653bd23b71) diff --git a/sysdeps/unix/sysv/linux/x86_64/dl-cet.h b/sysdeps/unix/sysv/linux/x86_64/dl-cet.h index 1fe3133406..b4f7e6c9cd 100644 --- a/sysdeps/unix/sysv/linux/x86_64/dl-cet.h +++ b/sysdeps/unix/sysv/linux/x86_64/dl-cet.h @@ -92,9 +92,9 @@ dl_cet_ibt_enabled (void) # Pass GL(dl_x86_feature_1) to _dl_cet_setup_features.\n\ movl %edx, %edi\n\ # Align stack for the _dl_cet_setup_features call.\n\ - andq $-16, %rsp\n\ + and $-16, %" RSP_LP "\n\ call _dl_cet_setup_features\n\ # Restore %rax and %rsp from %r12 and %r13.\n\ - movq %r12, %rax\n\ - movq %r13, %rsp\n\ + mov %" R12_LP ", %" RAX_LP "\n\ + mov %" R13_LP ", %" RSP_LP "\n\ " diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h b/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h index 3040a47d72..df3e22236d 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h +++ b/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h @@ -155,6 +155,7 @@ #define __NR_lsm_set_self_attr 1073742284 #define __NR_lstat 1073741830 #define __NR_madvise 1073741852 +#define __NR_map_shadow_stack 1073742277 #define __NR_mbind 1073742061 #define __NR_membarrier 1073742148 #define __NR_memfd_create 1073742143 diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/fixup-asm-unistd.h b/sysdeps/unix/sysv/linux/x86_64/x32/fixup-asm-unistd.h index 98124169e6..47fa8af4ce 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/fixup-asm-unistd.h +++ b/sysdeps/unix/sysv/linux/x86_64/x32/fixup-asm-unistd.h @@ -15,6 +15,10 @@ License along with the GNU C Library; if not, see . */ +#ifndef __NR_map_shadow_stack +# define __NR_map_shadow_stack 1073742277 +#endif + /* X32 uses the same 64-bit syscall interface for set_thread_area. */ #ifndef __NR_set_thread_area # define __NR_set_thread_area 1073742029 commit c0af0c2ba016030c778bc22c55f5f9498f96b8b9 Author: Noah Goldstein Date: Tue Aug 13 23:29:14 2024 +0800 x86: Fix bug in strchrnul-evex512 [BZ #32078] Issue was we were expecting not matches with CHAR before the start of the string in the page cross case. The check code in the page cross case: ``` and $0xffffffffffffffc0,%rax vmovdqa64 (%rax),%zmm17 vpcmpneqb %zmm17,%zmm16,%k1 vptestmb %zmm17,%zmm17,%k0{%k1} kmovq %k0,%rax inc %rax shr %cl,%rax je L(continue) ``` expects that all characters that neither match null nor CHAR will be 1s in `rax` prior to the `inc`. Then the `inc` will overflow all of the 1s where no relevant match was found. This is incorrect in the page-cross case, as the `vmovdqa64 (%rax),%zmm17` loads from before the start of the input string. If there are matches with CHAR before the start of the string, `rax` won't properly overflow. The fix is quite simple. Just replace: ``` inc %rax shr %cl,%rax ``` With: ``` sar %cl,%rax inc %rax ``` The arithmetic shift will clear any matches prior to the start of the string while maintaining the signbit so the 1s can properly overflow to zero in the case of no matches. Reviewed-by: H.J. Lu (cherry picked from commit 7da08862471dfec6fdae731c2a5f351ad485c71f) diff --git a/string/test-strchr.c b/string/test-strchr.c index c795eac6fa..72b17af687 100644 --- a/string/test-strchr.c +++ b/string/test-strchr.c @@ -255,6 +255,69 @@ check1 (void) check_result (impl, s, c, exp_result); } +static void +check2 (void) +{ + CHAR *s = (CHAR *) (buf1 + getpagesize () - 4 * sizeof (CHAR)); + CHAR *s_begin = (CHAR *) (buf1 + getpagesize () - 64); +#ifndef USE_FOR_STRCHRNUL + CHAR *exp_result = NULL; +#else + CHAR *exp_result = s + 1; +#endif + CHAR val = 0x12; + for (; s_begin != s; ++s_begin) + *s_begin = val; + + s[0] = val + 1; + s[1] = 0; + s[2] = val + 1; + s[3] = val + 1; + + { + FOR_EACH_IMPL (impl, 0) + check_result (impl, s, val, exp_result); + } + s[3] = val; + { + FOR_EACH_IMPL (impl, 0) + check_result (impl, s, val, exp_result); + } + exp_result = s; + s[0] = val; + { + FOR_EACH_IMPL (impl, 0) + check_result (impl, s, val, exp_result); + } + + s[3] = val + 1; + { + FOR_EACH_IMPL (impl, 0) + check_result (impl, s, val, exp_result); + } + + s[0] = val + 1; + s[1] = val + 1; + s[2] = val + 1; + s[3] = val + 1; + s[4] = val; + exp_result = s + 4; + { + FOR_EACH_IMPL (impl, 0) + check_result (impl, s, val, exp_result); + } + s[4] = 0; +#ifndef USE_FOR_STRCHRNUL + exp_result = NULL; +#else + exp_result = s + 4; +#endif + { + FOR_EACH_IMPL (impl, 0) + check_result (impl, s, val, exp_result); + } +} + int test_main (void) { @@ -263,7 +326,7 @@ test_main (void) test_init (); check1 (); - + check2 (); printf ("%20s", ""); FOR_EACH_IMPL (impl, 0) printf ("\t%s", impl->name); diff --git a/sysdeps/x86_64/multiarch/strchr-evex-base.S b/sysdeps/x86_64/multiarch/strchr-evex-base.S index 04e2c0e79e..3a0b7c9d64 100644 --- a/sysdeps/x86_64/multiarch/strchr-evex-base.S +++ b/sysdeps/x86_64/multiarch/strchr-evex-base.S @@ -124,13 +124,13 @@ L(page_cross): VPCMPNE %VMM(1), %VMM(0), %k1 VPTEST %VMM(1), %VMM(1), %k0{%k1} KMOV %k0, %VRAX -# ifdef USE_AS_WCSCHR + sar %cl, %VRAX +#ifdef USE_AS_WCSCHR sub $VEC_MATCH_MASK, %VRAX -# else +#else inc %VRAX -# endif +#endif /* Ignore number of character for alignment adjustment. */ - shr %cl, %VRAX jz L(align_more) bsf %VRAX, %VRAX commit 586e4cd8c67df95ebb0bfecea3d007bff618d6d9 Author: Florian Weimer Date: Fri Aug 9 16:17:14 2024 +0200 Define __libc_initial for the static libc Reviewed-by: Adhemerval Zanella (cherry picked from commit eb0e50e9a1cf80a2ba6f33f990a08ef37a3267fb) diff --git a/include/libc-internal.h b/include/libc-internal.h index 87ac591835..1ef43ffe67 100644 --- a/include/libc-internal.h +++ b/include/libc-internal.h @@ -53,6 +53,9 @@ extern __typeof (__profile_frequency) __profile_frequency attribute_hidden; is not for an audit module, not loaded via dlmopen, and not loaded via static dlopen either). */ extern _Bool __libc_initial attribute_hidden; +#else +/* The static libc is always the initial namespace. */ +# define __libc_initial ((_Bool) 1) #endif #endif /* _LIBC_INTERNAL */ commit 709319f9de6f976f9feceb623cb2c96769e9d78b Author: Florian Weimer Date: Mon Aug 19 15:48:03 2024 +0200 string: strerror, strsignal cannot use buffer after dlmopen (bug 32026) Secondary namespaces have a different malloc. Allocating the buffer in one namespace and freeing it another results in heap corruption. Fix this by using a static string (potentially translated) in secondary namespaces. It would also be possible to use the malloc from the initial namespace to manage the buffer, but these functions would still not be safe to use in auditors etc. because a call to strerror could still free a buffer while it is used by the application. Another approach could use proper initial-exec TLS, duplicated in secondary namespaces, but that would need a callback interface for freeing libc resources in namespaces on thread exit, which does not exist today. Reviewed-by: Adhemerval Zanella (cherry picked from commit 25a5eb4010df94b412c67db9e346029de316d06b) diff --git a/NEWS b/NEWS index b9eb4a558b..10a125bc66 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,7 @@ The following bugs are resolved with this release: [31968] mremap implementation in C does not handle arguments correctly [31890] resolv: Allow short error responses to match any DNS query [31968] mremap implementation in C does not handle arguments correctly + [32026] strerror/strsignal TLS not handled correctly for secondary namespaces [32052] Name space violation in fortify wrappers Version 2.40 diff --git a/string/strerror_l.c b/string/strerror_l.c index 15cce261e6..70456e5bb4 100644 --- a/string/strerror_l.c +++ b/string/strerror_l.c @@ -20,7 +20,7 @@ #include #include #include - +#include static const char * translate (const char *str, locale_t loc) @@ -31,6 +31,12 @@ translate (const char *str, locale_t loc) return res; } +static char * +unknown_error (locale_t loc) +{ + return (char *) translate ("Unknown error", loc); +} + /* Return a string describing the errno code in ERRNUM. */ char * @@ -40,18 +46,25 @@ __strerror_l (int errnum, locale_t loc) char *err = (char *) __get_errlist (errnum); if (__glibc_unlikely (err == NULL)) { - struct tls_internal_t *tls_internal = __glibc_tls_internal (); - free (tls_internal->strerror_l_buf); - if (__asprintf (&tls_internal->strerror_l_buf, "%s%d", - translate ("Unknown error ", loc), errnum) > 0) - err = tls_internal->strerror_l_buf; - else + if (__libc_initial) { - /* The memory was freed above. */ - tls_internal->strerror_l_buf = NULL; - /* Provide a fallback translation. */ - err = (char *) translate ("Unknown error", loc); + struct tls_internal_t *tls_internal = __glibc_tls_internal (); + free (tls_internal->strerror_l_buf); + if (__asprintf (&tls_internal->strerror_l_buf, "%s%d", + translate ("Unknown error ", loc), errnum) > 0) + err = tls_internal->strerror_l_buf; + else + { + /* The memory was freed above. */ + tls_internal->strerror_l_buf = NULL; + /* Provide a fallback translation. */ + err = unknown_error (loc); + } } + else + /* Secondary namespaces use a different malloc, so cannot + participate in the buffer management. */ + err = unknown_error (loc); } else err = (char *) translate (err, loc); diff --git a/string/strsignal.c b/string/strsignal.c index 3114601564..d9b0365468 100644 --- a/string/strsignal.c +++ b/string/strsignal.c @@ -21,6 +21,7 @@ #include #include #include +#include /* Return a string describing the meaning of the signal number SIGNUM. */ char * @@ -30,21 +31,28 @@ strsignal (int signum) if (desc != NULL) return _(desc); - struct tls_internal_t *tls_internal = __glibc_tls_internal (); - free (tls_internal->strsignal_buf); + if (__libc_initial) + { + struct tls_internal_t *tls_internal = __glibc_tls_internal (); + free (tls_internal->strsignal_buf); - int r; + int r; #ifdef SIGRTMIN - if (signum >= SIGRTMIN && signum <= SIGRTMAX) - r = __asprintf (&tls_internal->strsignal_buf, _("Real-time signal %d"), - signum - SIGRTMIN); - else + if (signum >= SIGRTMIN && signum <= SIGRTMAX) + r = __asprintf (&tls_internal->strsignal_buf, _("Real-time signal %d"), + signum - SIGRTMIN); + else #endif - r = __asprintf (&tls_internal->strsignal_buf, _("Unknown signal %d"), - signum); - - if (r == -1) - tls_internal->strsignal_buf = NULL; - - return tls_internal->strsignal_buf; + r = __asprintf (&tls_internal->strsignal_buf, _("Unknown signal %d"), + signum); + + if (r >= 0) + return tls_internal->strsignal_buf; + else + tls_internal->strsignal_buf = NULL; + } + /* Fall through on asprintf error, and for !__libc_initial: + secondary namespaces use a different malloc and cannot + participate in the buffer management. */ + return _("Unknown signal"); } commit bc240ba7c86a74bc64d4234feadb49bb8e36e1c9 Author: Maciej W. Rozycki Date: Fri Jul 26 13:21:34 2024 +0100 support: Add FAIL test failure helper Add a FAIL test failure helper analogous to FAIL_RET, that does not cause the current function to return, providing a standardized way to report a test failure with a message supplied while permitting the caller to continue executing, for further reporting, cleaning up, etc. Update existing test cases that provide a conflicting definition of FAIL by removing the local FAIL definition and then as follows: - tst-fortify-syslog: provide a meaningful message in addition to the file name already added by ; 'support_record_failure' is already called by 'support_print_failure_impl' invoked by the new FAIL test failure helper. - tst-ctype: no update to FAIL calls required, with the name of the file and the line number within of the failure site additionally included by the new FAIL test failure helper, and error counting plus count reporting upon test program termination also already provided by 'support_record_failure' and 'support_report_failure' respectively, called by 'support_print_failure_impl' and 'adjust_exit_status' also respectively. However in a number of places 'printf' is called and the error count adjusted by hand, so update these places to make use of FAIL instead. And last but not least adjust the final summary just to report completion, with any error count following as reported by the test driver. - test-tgmath2: no update to FAIL calls required, with the name of the file of the failure site additionally included by the new FAIL test failure helper. Also there is no need to track the return status by hand as any call to FAIL will eventually cause the test case to return an unsuccesful exit status regardless of the return status from the test function, via a call to 'adjust_exit_status' made by the test driver. Reviewed-by: DJ Delorie (cherry picked from commit 1b97a9f23bf605ca608162089c94187573fb2a9e) diff --git a/debug/tst-fortify-syslog.c b/debug/tst-fortify-syslog.c index a7ddbf7c6b..2712acf689 100644 --- a/debug/tst-fortify-syslog.c +++ b/debug/tst-fortify-syslog.c @@ -22,7 +22,6 @@ #include #include #include -#include #include #include @@ -46,18 +45,13 @@ handler (int sig) _exit (127); } -#define FAIL() \ - do { \ - printf ("Failure on line %d\n", __LINE__); \ - support_record_failure (); \ - } while (0) #define CHK_FAIL_START \ chk_fail_ok = 1; \ if (! setjmp (chk_fail_buf)) \ { #define CHK_FAIL_END \ chk_fail_ok = 0; \ - FAIL (); \ + FAIL ("not supposed to reach here"); \ } static void diff --git a/localedata/tst-ctype.c b/localedata/tst-ctype.c index 9de979a2d7..a23689719c 100644 --- a/localedata/tst-ctype.c +++ b/localedata/tst-ctype.c @@ -21,6 +21,8 @@ #include #include +#include + static const char lower[] = "abcdefghijklmnopqrstuvwxyz"; static const char upper[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; @@ -53,19 +55,11 @@ static struct classes #define nclasses (sizeof (classes) / sizeof (classes[0])) -#define FAIL(str, args...) \ - { \ - printf (" " str "\n", ##args); \ - ++errors; \ - } - - static int do_test (void) { const char *cp; const char *cp2; - int errors = 0; char *inpline = NULL; size_t inplinelen = 0; char *resline = NULL; @@ -394,11 +388,8 @@ punct = %04x alnum = %04x\n", { if (((__ctype_b[(unsigned int) *inp] & classes[n].mask) != 0) != (*resp != '0')) - { - printf (" is%s('%c' = '\\x%02x') %s true\n", inpline, - *inp, *inp, *resp == '1' ? "not" : "is"); - ++errors; - } + FAIL (" is%s('%c' = '\\x%02x') %s true\n", inpline, + *inp, *inp, *resp == '1' ? "not" : "is"); ++inp; ++resp; } @@ -408,11 +399,8 @@ punct = %04x alnum = %04x\n", while (*inp != '\0') { if (tolower (*inp) != *resp) - { - printf (" tolower('%c' = '\\x%02x') != '%c'\n", - *inp, *inp, *resp); - ++errors; - } + FAIL (" tolower('%c' = '\\x%02x') != '%c'\n", + *inp, *inp, *resp); ++inp; ++resp; } @@ -422,11 +410,8 @@ punct = %04x alnum = %04x\n", while (*inp != '\0') { if (toupper (*inp) != *resp) - { - printf (" toupper('%c' = '\\x%02x') != '%c'\n", - *inp, *inp, *resp); - ++errors; - } + FAIL (" toupper('%c' = '\\x%02x') != '%c'\n", + *inp, *inp, *resp); ++inp; ++resp; } @@ -436,14 +421,7 @@ punct = %04x alnum = %04x\n", } - if (errors != 0) - { - printf (" %d error%s for `%s' locale\n\n\n", errors, - errors == 1 ? "" : "s", setlocale (LC_ALL, NULL)); - return 1; - } - - printf (" No errors for `%s' locale\n\n\n", setlocale (LC_ALL, NULL)); + printf ("Completed testing for `%s' locale\n\n\n", setlocale (LC_ALL, NULL)); return 0; } diff --git a/math/test-tgmath2.c b/math/test-tgmath2.c index 37afa8a08a..4aeb877b8e 100644 --- a/math/test-tgmath2.c +++ b/math/test-tgmath2.c @@ -24,6 +24,8 @@ #include #include +#include + //#define DEBUG typedef complex float cfloat; @@ -87,13 +89,6 @@ enum int count; int counts[Tlast][C_last]; -#define FAIL(str) \ - do \ - { \ - printf ("%s failure on line %d\n", (str), __LINE__); \ - result = 1; \ - } \ - while (0) #define TEST_TYPE_ONLY(expr, rettype) \ do \ { \ @@ -133,8 +128,6 @@ int counts[Tlast][C_last]; int test_cos (const int Vint4, const long long int Vllong4) { - int result = 0; - TEST (cos (vfloat1), float, cos); TEST (cos (vdouble1), double, cos); TEST (cos (vldouble1), ldouble, cos); @@ -152,7 +145,7 @@ test_cos (const int Vint4, const long long int Vllong4) TEST (cos (Vcdouble1), cdouble, cos); TEST (cos (Vcldouble1), cldouble, cos); - return result; + return 0; } int diff --git a/support/check.h b/support/check.h index 711f34b83b..7ea22c7a2c 100644 --- a/support/check.h +++ b/support/check.h @@ -24,6 +24,11 @@ __BEGIN_DECLS +/* Record a test failure, print the failure message to standard output + and pass the result of 1 through. */ +#define FAIL(...) \ + support_print_failure_impl (__FILE__, __LINE__, __VA_ARGS__) + /* Record a test failure, print the failure message to standard output and return 1. */ #define FAIL_RET(...) \ commit 27fb563bfee521239316142fa4968282bffa86a6 Author: Maciej W. Rozycki Date: Fri Jul 26 13:21:34 2024 +0100 stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650] Complement commit b03e4d7bd25b ("stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)") and add a test case for the issue, inspired by the reproducer provided with the bug report. This has been verified to succeed as from the commit referred and fail beforehand. As the test requires 2GiB of data to be passed around its performance has been evaluated using a choice of systems and the execution time determined to be respectively in the range of 9s for POWER9@2.166GHz, 24s for FU740@1.2GHz, and 40s for 74Kf@950MHz. As this is on the verge of and beyond the default timeout it has been increased by the factor of 8. Regardless, following recent practice the test has been added to the standard rather than extended set. Reviewed-by: DJ Delorie (cherry picked from commit 89cddc8a7096f3d9225868304d2bc0a1aaf07d63) diff --git a/stdio-common/Makefile b/stdio-common/Makefile index a63c05a120..e4f0146d2c 100644 --- a/stdio-common/Makefile +++ b/stdio-common/Makefile @@ -240,6 +240,7 @@ tests := \ tst-scanf-binary-c23 \ tst-scanf-binary-gnu11 \ tst-scanf-binary-gnu89 \ + tst-scanf-bz27650 \ tst-scanf-intn \ tst-scanf-round \ tst-scanf-to_inpunct \ @@ -328,6 +329,7 @@ generated += \ tst-printf-fp-free.mtrace \ tst-printf-fp-leak-mem.out \ tst-printf-fp-leak.mtrace \ + tst-scanf-bz27650.mtrace \ tst-vfprintf-width-prec-mem.out \ tst-vfprintf-width-prec.mtrace \ # generated @@ -419,6 +421,9 @@ tst-printf-fp-free-ENV = \ tst-printf-fp-leak-ENV = \ MALLOC_TRACE=$(objpfx)tst-printf-fp-leak.mtrace \ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so +tst-scanf-bz27650-ENV = \ + MALLOC_TRACE=$(objpfx)tst-scanf-bz27650.mtrace \ + LD_PRELOAD=$(common-objpfx)malloc/libc_malloc_debug.so $(objpfx)tst-unbputc.out: tst-unbputc.sh $(objpfx)tst-unbputc $(SHELL) $< $(common-objpfx) '$(test-program-prefix)'; \ diff --git a/stdio-common/tst-scanf-bz27650.c b/stdio-common/tst-scanf-bz27650.c new file mode 100644 index 0000000000..3a742bc865 --- /dev/null +++ b/stdio-common/tst-scanf-bz27650.c @@ -0,0 +1,108 @@ +/* Test for BZ #27650, formatted input matching beyond INT_MAX. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include + +/* Produce a stream of more than INT_MAX characters via buffer BUF of + size SIZE according to bookkeeping in COOKIE and then return EOF. */ + +static ssize_t +io_read (void *cookie, char *buf, size_t size) +{ + unsigned int *written = cookie; + unsigned int w = *written; + + if (w > INT_MAX) + return 0; + + memset (buf, 'a', size); + *written = w + size; + return size; +} + +/* Consume a stream of more than INT_MAX characters from an artificial + input stream of which none is the new line character. The call to + fscanf is supposed to complete upon the EOF condition of input, + however in the presence of BZ #27650 it will terminate prematurely + with characters still outstanding in input. Diagnose the condition + and return status accordingly. */ + +int +do_test (void) +{ + static cookie_io_functions_t io_funcs = { .read = io_read }; + unsigned int written = 0; + FILE *in; + int v; + + mtrace (); + + in = fopencookie (&written, "r", io_funcs); + if (in == NULL) + { + FAIL ("fopencookie: %m"); + goto out; + } + + v = fscanf (in, "%*[^\n]"); + if (ferror (in)) + { + FAIL ("fscanf: input failure, at %u: %m", written); + goto out_close; + } + else if (v == EOF) + { + FAIL ("fscanf: unexpected end of file, at %u", written); + goto out_close; + } + + if (!feof (in)) + { + v = fgetc (in); + if (ferror (in)) + FAIL ("fgetc: input failure: %m"); + else if (v == EOF) + FAIL ("fgetc: unexpected end of file after missing end of file"); + else if (v == '\n') + FAIL ("unexpected new line character received"); + else + FAIL ("character received after end of file expected: \\x%02x", v); + } + +out_close: + if (fclose (in) != 0) + FAIL ("fclose: %m"); + +out: + return EXIT_SUCCESS; +} + +#define TIMEOUT (DEFAULT_TIMEOUT * 8) +#include commit 2f749d2b15cbc82268d7f8735f21ae1e3b68754f Author: Siddhesh Poyarekar Date: Wed Aug 14 19:20:04 2024 -0400 Make tst-ungetc use libsupport Signed-off-by: Siddhesh Poyarekar Reviewed-by: Carlos O'Donell (cherry picked from commit 3f7df7e757f4efec38e45d4068e5492efcac4856) diff --git a/stdio-common/tst-ungetc.c b/stdio-common/tst-ungetc.c index 1344b2b591..5c808f0734 100644 --- a/stdio-common/tst-ungetc.c +++ b/stdio-common/tst-ungetc.c @@ -1,70 +1,72 @@ -/* Test for ungetc bugs. */ +/* Test for ungetc bugs. + Copyright (C) 1996-2024 Free Software Foundation, Inc. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ #include #include -#include - -#undef assert -#define assert(x) \ - if (!(x)) \ - { \ - fputs ("test failed: " #x "\n", stderr); \ - retval = 1; \ - goto the_end; \ - } +#include +#include +#include +#include +#include -int -main (int argc, char *argv[]) +static int +do_test (void) { - char name[] = "/tmp/tst-ungetc.XXXXXX"; + char *name = NULL; FILE *fp = NULL; - int retval = 0; int c; char buffer[64]; - int fd = mkstemp (name); + int fd = create_temp_file ("tst-ungetc.", &name); if (fd == -1) - { - printf ("mkstemp failed: %m\n"); - return 1; - } - close (fd); - fp = fopen (name, "w"); - assert (fp != NULL) - fputs ("bla", fp); - fclose (fp); - fp = NULL; + FAIL_EXIT1 ("cannot create temporary file: %m"); + xclose (fd); - fp = fopen (name, "r"); - assert (fp != NULL); - assert (ungetc ('z', fp) == 'z'); - assert (getc (fp) == 'z'); - assert (getc (fp) == 'b'); - assert (getc (fp) == 'l'); - assert (ungetc ('m', fp) == 'm'); - assert (getc (fp) == 'm'); - assert ((c = getc (fp)) == 'a'); - assert (getc (fp) == EOF); - assert (ungetc (c, fp) == c); - assert (feof (fp) == 0); - assert (getc (fp) == c); - assert (getc (fp) == EOF); - fclose (fp); - fp = NULL; + fp = xfopen (name, "w"); + fputs ("bla", fp); + xfclose (fp); - fp = fopen (name, "r"); - assert (fp != NULL); - assert (getc (fp) == 'b'); - assert (getc (fp) == 'l'); - assert (ungetc ('b', fp) == 'b'); - assert (fread (buffer, 1, 64, fp) == 2); - assert (buffer[0] == 'b'); - assert (buffer[1] == 'a'); + fp = xfopen (name, "r"); + TEST_VERIFY_EXIT (ungetc ('z', fp) == 'z'); + TEST_VERIFY_EXIT (getc (fp) == 'z'); + TEST_VERIFY_EXIT (getc (fp) == 'b'); + TEST_VERIFY_EXIT (getc (fp) == 'l'); + TEST_VERIFY_EXIT (ungetc ('m', fp) == 'm'); + TEST_VERIFY_EXIT (getc (fp) == 'm'); + TEST_VERIFY_EXIT ((c = getc (fp)) == 'a'); + TEST_VERIFY_EXIT (getc (fp) == EOF); + TEST_VERIFY_EXIT (ungetc (c, fp) == c); + TEST_VERIFY_EXIT (feof (fp) == 0); + TEST_VERIFY_EXIT (getc (fp) == c); + TEST_VERIFY_EXIT (getc (fp) == EOF); + xfclose (fp); -the_end: - if (fp != NULL) - fclose (fp); - unlink (name); + fp = xfopen (name, "r"); + TEST_VERIFY_EXIT (getc (fp) == 'b'); + TEST_VERIFY_EXIT (getc (fp) == 'l'); + TEST_VERIFY_EXIT (ungetc ('b', fp) == 'b'); + TEST_VERIFY_EXIT (fread (buffer, 1, 64, fp) == 2); + TEST_VERIFY_EXIT (buffer[0] == 'b'); + TEST_VERIFY_EXIT (buffer[1] == 'a'); + xfclose (fp); - return retval; + return 0; } + +#include commit dac7a0694b5e853f08be518cd5a133ac5804666d Author: Siddhesh Poyarekar Date: Tue Aug 13 21:00:06 2024 -0400 ungetc: Fix uninitialized read when putting into unused streams [BZ #27821] When ungetc is called on an unused stream, the backup buffer is allocated without the main get area being present. This results in every subsequent ungetc (as the stream remains in the backup area) checking uninitialized memory in the backup buffer when trying to put a character back into the stream. Avoid comparing the input character with buffer contents when in backup to avoid this uninitialized read. The uninitialized read is harmless in this context since the location is promptly overwritten with the input character, thus fulfilling ungetc functionality. Also adjust wording in the manual to drop the paragraph that says glibc cannot do multiple ungetc back to back since with this change, ungetc can actually do this. Signed-off-by: Siddhesh Poyarekar Reviewed-by: Carlos O'Donell (cherry picked from commit cdf0f88f97b0aaceb894cc02b21159d148d7065c) diff --git a/libio/genops.c b/libio/genops.c index 99f5e80f20..b012fa33d2 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -662,7 +662,7 @@ _IO_sputbackc (FILE *fp, int c) { int result; - if (fp->_IO_read_ptr > fp->_IO_read_base + if (fp->_IO_read_ptr > fp->_IO_read_base && !_IO_in_backup (fp) && (unsigned char)fp->_IO_read_ptr[-1] == (unsigned char)c) { fp->_IO_read_ptr--; diff --git a/manual/stdio.texi b/manual/stdio.texi index 8517653507..92614775fa 100644 --- a/manual/stdio.texi +++ b/manual/stdio.texi @@ -1467,11 +1467,9 @@ program; usually @code{ungetc} is used only to unread a character that was just read from the same stream. @Theglibc{} supports this even on files opened in binary mode, but other systems might not. -@Theglibc{} only supports one character of pushback---in other -words, it does not work to call @code{ungetc} twice without doing input -in between. Other systems might let you push back multiple characters; -then reading from the stream retrieves the characters in the reverse -order that they were pushed. +@Theglibc{} supports pushing back multiple characters; subsequently +reading from the stream retrieves the characters in the reverse order +that they were pushed. Pushing back characters doesn't alter the file; only the internal buffering for the stream is affected. If a file positioning function diff --git a/stdio-common/tst-ungetc.c b/stdio-common/tst-ungetc.c index 5c808f0734..388b202493 100644 --- a/stdio-common/tst-ungetc.c +++ b/stdio-common/tst-ungetc.c @@ -48,6 +48,8 @@ do_test (void) TEST_VERIFY_EXIT (getc (fp) == 'b'); TEST_VERIFY_EXIT (getc (fp) == 'l'); TEST_VERIFY_EXIT (ungetc ('m', fp) == 'm'); + TEST_VERIFY_EXIT (ungetc ('n', fp) == 'n'); + TEST_VERIFY_EXIT (getc (fp) == 'n'); TEST_VERIFY_EXIT (getc (fp) == 'm'); TEST_VERIFY_EXIT ((c = getc (fp)) == 'a'); TEST_VERIFY_EXIT (getc (fp) == EOF); commit e24902f409994f226dbc6fde2476009df452a18f Author: Siddhesh Poyarekar Date: Tue Aug 13 21:08:49 2024 -0400 ungetc: Fix backup buffer leak on program exit [BZ #27821] If a file descriptor is left unclosed and is cleaned up by _IO_cleanup on exit, its backup buffer remains unfreed, registering as a leak in valgrind. This is not strictly an issue since (1) the program should ideally be closing the stream once it's not in use and (2) the program is about to exit anyway, so keeping the backup buffer around a wee bit longer isn't a real problem. Free it anyway to keep valgrind happy when the streams in question are the standard ones, i.e. stdout, stdin or stderr. Also, the _IO_have_backup macro checks for _IO_save_base, which is a roundabout way to check for a backup buffer instead of directly looking for _IO_backup_base. The roundabout check breaks when the main get area has not been used and user pushes a char into the backup buffer with ungetc. Fix this to use the _IO_backup_base directly. Signed-off-by: Siddhesh Poyarekar Reviewed-by: Carlos O'Donell (cherry picked from commit 3e1d8d1d1dca24ae90df2ea826a8916896fc7e77) diff --git a/libio/genops.c b/libio/genops.c index b012fa33d2..35d8b30710 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -816,6 +816,12 @@ _IO_unbuffer_all (void) legacy = 1; #endif + /* Free up the backup area if it was ever allocated. */ + if (_IO_have_backup (fp)) + _IO_free_backup_area (fp); + if (fp->_mode > 0 && _IO_have_wbackup (fp)) + _IO_free_wbackup_area (fp); + if (! (fp->_flags & _IO_UNBUFFERED) /* Iff stream is un-orientated, it wasn't used. */ && (legacy || fp->_mode != 0)) diff --git a/libio/libioP.h b/libio/libioP.h index 1af287b19f..616253fcd0 100644 --- a/libio/libioP.h +++ b/libio/libioP.h @@ -577,8 +577,8 @@ extern void _IO_old_init (FILE *fp, int flags) __THROW; ((__fp)->_wide_data->_IO_write_base \ = (__fp)->_wide_data->_IO_write_ptr = __p, \ (__fp)->_wide_data->_IO_write_end = (__ep)) -#define _IO_have_backup(fp) ((fp)->_IO_save_base != NULL) -#define _IO_have_wbackup(fp) ((fp)->_wide_data->_IO_save_base != NULL) +#define _IO_have_backup(fp) ((fp)->_IO_backup_base != NULL) +#define _IO_have_wbackup(fp) ((fp)->_wide_data->_IO_backup_base != NULL) #define _IO_in_backup(fp) ((fp)->_flags & _IO_IN_BACKUP) #define _IO_have_markers(fp) ((fp)->_markers != NULL) #define _IO_blen(fp) ((fp)->_IO_buf_end - (fp)->_IO_buf_base) diff --git a/stdio-common/Makefile b/stdio-common/Makefile index e4f0146d2c..a91754f52d 100644 --- a/stdio-common/Makefile +++ b/stdio-common/Makefile @@ -254,6 +254,7 @@ tests := \ tst-swscanf \ tst-tmpnam \ tst-ungetc \ + tst-ungetc-leak \ tst-unlockedio \ tst-vfprintf-mbs-prec \ tst-vfprintf-user-type \ @@ -316,6 +317,7 @@ tests-special += \ $(objpfx)tst-printf-bz25691-mem.out \ $(objpfx)tst-printf-fp-free-mem.out \ $(objpfx)tst-printf-fp-leak-mem.out \ + $(objpfx)tst-ungetc-leak-mem.out \ $(objpfx)tst-vfprintf-width-prec-mem.out \ # tests-special @@ -330,6 +332,8 @@ generated += \ tst-printf-fp-leak-mem.out \ tst-printf-fp-leak.mtrace \ tst-scanf-bz27650.mtrace \ + tst-ungetc-leak-mem.out \ + tst-ungetc-leak.mtrace \ tst-vfprintf-width-prec-mem.out \ tst-vfprintf-width-prec.mtrace \ # generated @@ -424,6 +428,9 @@ tst-printf-fp-leak-ENV = \ tst-scanf-bz27650-ENV = \ MALLOC_TRACE=$(objpfx)tst-scanf-bz27650.mtrace \ LD_PRELOAD=$(common-objpfx)malloc/libc_malloc_debug.so +tst-ungetc-leak-ENV = \ + MALLOC_TRACE=$(objpfx)tst-ungetc-leak.mtrace \ + LD_PRELOAD=$(common-objpfx)malloc/libc_malloc_debug.so $(objpfx)tst-unbputc.out: tst-unbputc.sh $(objpfx)tst-unbputc $(SHELL) $< $(common-objpfx) '$(test-program-prefix)'; \ diff --git a/stdio-common/tst-ungetc-leak.c b/stdio-common/tst-ungetc-leak.c new file mode 100644 index 0000000000..6c5152b43f --- /dev/null +++ b/stdio-common/tst-ungetc-leak.c @@ -0,0 +1,32 @@ +/* Test for memory leak with ungetc when stream is unused. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + mtrace (); + TEST_COMPARE (ungetc('y', stdin), 'y'); + return 0; +} + +#include commit 3b3350d7baa8de70b71c02e964d5b8343749ebf8 Author: Maciej W. Rozycki Date: Fri Jul 26 13:21:34 2024 +0100 posix: Use facilities in tst-truncate and tst-truncate64 Remove local FAIL macro in favor to FAIL_RET from , which provides equivalent reporting, with the name of the file of the failure site additionally included, for the tst-truncate-common core shared between the tst-truncate and tst-truncate64 tests. Reviewed-by: DJ Delorie (cherry picked from commit fe47595504a55e7bb992f8928533df154b510383) diff --git a/posix/tst-truncate-common.c b/posix/tst-truncate-common.c index b774fa46b8..b8c561ffdb 100644 --- a/posix/tst-truncate-common.c +++ b/posix/tst-truncate-common.c @@ -21,6 +21,8 @@ #include #include +#include + static void do_prepare (void); #define PREPARE(argc, argv) do_prepare () static int do_test (void); @@ -42,9 +44,6 @@ do_prepare (void) } } -#define FAIL(str) \ - do { printf ("error: %s (line %d)\n", str, __LINE__); return 1; } while (0) - static int do_test_with_offset (off_t offset) { @@ -54,35 +53,35 @@ do_test_with_offset (off_t offset) memset (buf, 0xcf, sizeof (buf)); if (pwrite (temp_fd, buf, sizeof (buf), offset) != sizeof (buf)) - FAIL ("write failed"); + FAIL_RET ("write failed"); if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + sizeof (buf))) - FAIL ("initial size wrong"); + FAIL_RET ("initial size wrong"); if (ftruncate (temp_fd, offset + 800) < 0) - FAIL ("size reduction with ftruncate failed"); + FAIL_RET ("size reduction with ftruncate failed"); if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 800)) - FAIL ("size after reduction with ftruncate is incorrect"); + FAIL_RET ("size after reduction with ftruncate is incorrect"); /* The following test covers more than POSIX. POSIX does not require that ftruncate() can increase the file size. But we are testing Unix systems. */ if (ftruncate (temp_fd, offset + 1200) < 0) - FAIL ("size increate with ftruncate failed"); + FAIL_RET ("size increate with ftruncate failed"); if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 1200)) - FAIL ("size after increase is incorrect"); + FAIL_RET ("size after increase is incorrect"); if (truncate (temp_filename, offset + 800) < 0) - FAIL ("size reduction with truncate failed"); + FAIL_RET ("size reduction with truncate failed"); if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 800)) - FAIL ("size after reduction with truncate incorrect"); + FAIL_RET ("size after reduction with truncate incorrect"); /* The following test covers more than POSIX. POSIX does not require that truncate() can increase the file size. But we are testing Unix systems. */ if (truncate (temp_filename, (offset + 1200)) < 0) - FAIL ("size increase with truncate failed"); + FAIL_RET ("size increase with truncate failed"); if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 1200)) - FAIL ("size increase with truncate is incorrect"); + FAIL_RET ("size increase with truncate is incorrect"); return 0; } commit 3414b17e9db16c3bc0de5b49555c4f94f155ffc8 Author: Maciej W. Rozycki Date: Fri Jul 26 13:21:34 2024 +0100 nptl: Use facilities in tst-setuid3 Remove local FAIL macro in favor to FAIL_EXIT1 from , which provides equivalent reporting, with the name of the file and the line number within of the failure site additionally included. Remove FAIL_ERR altogether and include ": %m" explicitly with the format string supplied to FAIL_EXIT1 as there seems little value to have a separate macro just for this. Reviewed-by: DJ Delorie (cherry picked from commit 8c98195af6e6f1ce21743fc26c723e0f7e45bcf2) diff --git a/sysdeps/pthread/tst-setuid3.c b/sysdeps/pthread/tst-setuid3.c index 83f42a0ae5..3845ab03d3 100644 --- a/sysdeps/pthread/tst-setuid3.c +++ b/sysdeps/pthread/tst-setuid3.c @@ -15,24 +15,19 @@ License along with the GNU C Library; if not, see . */ -#include #include #include #include #include +#include + /* The test must run under a non-privileged user ID. */ static const uid_t test_uid = 1; static pthread_barrier_t barrier1; static pthread_barrier_t barrier2; -#define FAIL(fmt, ...) \ - do { printf ("FAIL: " fmt "\n", __VA_ARGS__); _exit (1); } while (0) - -#define FAIL_ERR(fmt, ...) \ - do { printf ("FAIL: " fmt ": %m\n", __VA_ARGS__); _exit (1); } while (0) - /* True if x is not a successful return code from pthread_barrier_wait. */ static inline bool is_invalid_barrier_ret (int x) @@ -45,10 +40,10 @@ thread_func (void *ctx __attribute__ ((unused))) { int ret = pthread_barrier_wait (&barrier1); if (is_invalid_barrier_ret (ret)) - FAIL ("pthread_barrier_wait (barrier1) (on thread): %d", ret); + FAIL_EXIT1 ("pthread_barrier_wait (barrier1) (on thread): %d", ret); ret = pthread_barrier_wait (&barrier2); if (is_invalid_barrier_ret (ret)) - FAIL ("pthread_barrier_wait (barrier2) (on thread): %d", ret); + FAIL_EXIT1 ("pthread_barrier_wait (barrier2) (on thread): %d", ret); return NULL; } @@ -59,13 +54,13 @@ setuid_failure (int phase) switch (ret) { case 0: - FAIL ("setuid succeeded unexpectedly in phase %d", phase); + FAIL_EXIT1 ("setuid succeeded unexpectedly in phase %d", phase); case -1: if (errno != EPERM) - FAIL_ERR ("setuid phase %d", phase); + FAIL_EXIT1 ("setuid phase %d: %m", phase); break; default: - FAIL ("invalid setuid return value in phase %d: %d", phase, ret); + FAIL_EXIT1 ("invalid setuid return value in phase %d: %d", phase, ret); } } @@ -74,42 +69,42 @@ do_test (void) { if (getuid () == 0) if (setuid (test_uid) != 0) - FAIL_ERR ("setuid (%u)", (unsigned) test_uid); + FAIL_EXIT1 ("setuid (%u): %m", (unsigned) test_uid); if (setuid (getuid ())) - FAIL_ERR ("setuid (%s)", "getuid ()"); + FAIL_EXIT1 ("setuid (%s): %m", "getuid ()"); setuid_failure (1); int ret = pthread_barrier_init (&barrier1, NULL, 2); if (ret != 0) - FAIL ("pthread_barrier_init (barrier1): %d", ret); + FAIL_EXIT1 ("pthread_barrier_init (barrier1): %d", ret); ret = pthread_barrier_init (&barrier2, NULL, 2); if (ret != 0) - FAIL ("pthread_barrier_init (barrier2): %d", ret); + FAIL_EXIT1 ("pthread_barrier_init (barrier2): %d", ret); pthread_t thread; ret = pthread_create (&thread, NULL, thread_func, NULL); if (ret != 0) - FAIL ("pthread_create: %d", ret); + FAIL_EXIT1 ("pthread_create: %d", ret); /* Ensure that the thread is running properly. */ ret = pthread_barrier_wait (&barrier1); if (is_invalid_barrier_ret (ret)) - FAIL ("pthread_barrier_wait (barrier1): %d", ret); + FAIL_EXIT1 ("pthread_barrier_wait (barrier1): %d", ret); setuid_failure (2); /* Check success case. */ if (setuid (getuid ()) != 0) - FAIL_ERR ("setuid (%s)", "getuid ()"); + FAIL_EXIT1 ("setuid (%s): %m", "getuid ()"); /* Shutdown. */ ret = pthread_barrier_wait (&barrier2); if (is_invalid_barrier_ret (ret)) - FAIL ("pthread_barrier_wait (barrier2): %d", ret); + FAIL_EXIT1 ("pthread_barrier_wait (barrier2): %d", ret); ret = pthread_join (thread, NULL); if (ret != 0) - FAIL ("pthread_join: %d", ret); + FAIL_EXIT1 ("pthread_join: %d", ret); return 0; } commit b7edcfa0f41ccfaeb665a661d3a6a594c8d95848 Author: Florian Weimer Date: Thu Aug 1 23:31:23 2024 +0200 elf: Clarify and invert second argument of _dl_allocate_tls_init Also remove an outdated comment: _dl_allocate_tls_init is called as part of pthread_create. Reviewed-by: Carlos O'Donell (cherry picked from commit fe06fb313bddf7e4530056897d4a706606e49377) diff --git a/elf/dl-tls.c b/elf/dl-tls.c index 3d221273f1..ecb966d282 100644 --- a/elf/dl-tls.c +++ b/elf/dl-tls.c @@ -552,9 +552,14 @@ _dl_resize_dtv (dtv_t *dtv, size_t max_modid) /* Allocate initial TLS. RESULT should be a non-NULL pointer to storage for the TLS space. The DTV may be resized, and so this function may call malloc to allocate that space. The loader's GL(dl_load_tls_lock) - is taken when manipulating global TLS-related data in the loader. */ + is taken when manipulating global TLS-related data in the loader. + + If MAIN_THREAD, this is the first call during process + initialization. In this case, TLS initialization for secondary + (audit) namespaces is skipped because that has already been handled + by dlopen. */ void * -_dl_allocate_tls_init (void *result, bool init_tls) +_dl_allocate_tls_init (void *result, bool main_thread) { if (result == NULL) /* The memory allocation failed. */ @@ -633,7 +638,7 @@ _dl_allocate_tls_init (void *result, bool init_tls) because it would already be set by the audit setup. However, subsequent thread creation would need to follow the default behaviour. */ - if (map->l_ns != LM_ID_BASE && !init_tls) + if (map->l_ns != LM_ID_BASE && main_thread) continue; memset (__mempcpy (dest, map->l_tls_initimage, map->l_tls_initimage_size), '\0', @@ -661,7 +666,7 @@ _dl_allocate_tls (void *mem) { return _dl_allocate_tls_init (mem == NULL ? _dl_allocate_tls_storage () - : allocate_dtv (mem), true); + : allocate_dtv (mem), false); } rtld_hidden_def (_dl_allocate_tls) diff --git a/elf/rtld.c b/elf/rtld.c index bfdf632e77..09b9c9993b 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2338,7 +2338,7 @@ dl_main (const ElfW(Phdr) *phdr, into the main thread's TLS area, which we allocated above. Note: thread-local variables must only be accessed after completing the next step. */ - _dl_allocate_tls_init (tcbp, false); + _dl_allocate_tls_init (tcbp, true); /* And finally install it for the main thread. */ if (! __rtld_tls_init_tp_called) diff --git a/nptl/allocatestack.c b/nptl/allocatestack.c index f35a8369bd..2cb562f8ea 100644 --- a/nptl/allocatestack.c +++ b/nptl/allocatestack.c @@ -139,7 +139,7 @@ get_cached_stack (size_t *sizep, void **memp) memset (dtv, '\0', (dtv[-1].counter + 1) * sizeof (dtv_t)); /* Re-initialize the TLS. */ - _dl_allocate_tls_init (TLS_TPADJ (result), true); + _dl_allocate_tls_init (TLS_TPADJ (result), false); return result; } diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 656e8a3fa0..154efb0e19 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1200,10 +1200,8 @@ extern void _dl_get_tls_static_info (size_t *sizep, size_t *alignp); extern void _dl_allocate_static_tls (struct link_map *map) attribute_hidden; -/* These are internal entry points to the two halves of _dl_allocate_tls, - only used within rtld.c itself at startup time. */ extern void *_dl_allocate_tls_storage (void) attribute_hidden; -extern void *_dl_allocate_tls_init (void *, bool); +extern void *_dl_allocate_tls_init (void *result, bool main_thread); rtld_hidden_proto (_dl_allocate_tls_init) /* True if the TCB has been set up. */ commit f496b750f135e57da921e975835c44bd199246dd Author: Florian Weimer Date: Thu Aug 1 23:31:30 2024 +0200 elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717) The old code used l_init_called as an indicator for whether TLS initialization was complete. However, it is possible that TLS for an object is initialized, written to, and then dlopen for this object is called again, and l_init_called is not true at this point. Previously, this resulted in TLS being initialized twice, discarding any interim writes (technically introducing a use-after-free bug even). This commit introduces an explicit per-object flag, l_tls_in_slotinfo. It indicates whether _dl_add_to_slotinfo has been called for this object. This flag is used to avoid double-initialization of TLS. In update_tls_slotinfo, the first_static_tls micro-optimization is removed because preserving the initalization flag for subsequent use by the second loop for static TLS is a bit complicated, and another per-object flag does not seem to be worth it. Furthermore, the l_init_called flag is dropped from the second loop (for static TLS initialization) because l_need_tls_init on its own prevents double-initialization. The remaining l_init_called usage in resize_scopes and update_scopes is just an optimization due to the use of scope_has_map, so it is not changed in this commit. The isupper check ensures that libc.so.6 is TLS is not reverted. Such a revert happens if l_need_tls_init is not cleared in _dl_allocate_tls_init for the main_thread case, now that l_init_called is not checked anymore in update_tls_slotinfo in elf/dl-open.c. Reported-by: Jonathon Anderson Reviewed-by: Carlos O'Donell (cherry picked from commit 5097cd344fd243fb8deb6dec96e8073753f962f9) diff --git a/NEWS b/NEWS index 10a125bc66..5b20efbf6c 100644 --- a/NEWS +++ b/NEWS @@ -10,7 +10,7 @@ Version 2.40.1 The following bugs are resolved with this release: [30081] resolv: Do not wait for non-existing second DNS response after error - [31968] mremap implementation in C does not handle arguments correctly + [31717] elf: Avoid re-initializing already allocated TLS in dlopen [31890] resolv: Allow short error responses to match any DNS query [31968] mremap implementation in C does not handle arguments correctly [32026] strerror/strsignal TLS not handled correctly for secondary namespaces diff --git a/elf/Makefile b/elf/Makefile index a3475f3fb5..a03c6520d8 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -416,6 +416,10 @@ tests += \ tst-dlmopen4 \ tst-dlopen-self \ tst-dlopen-tlsmodid \ + tst-dlopen-tlsreinit1 \ + tst-dlopen-tlsreinit2 \ + tst-dlopen-tlsreinit3 \ + tst-dlopen-tlsreinit4 \ tst-dlopenfail \ tst-dlopenfail-2 \ tst-dlopenrpath \ @@ -853,6 +857,9 @@ modules-names += \ tst-dlmopen-twice-mod1 \ tst-dlmopen-twice-mod2 \ tst-dlmopen1mod \ + tst-dlopen-tlsreinitmod1 \ + tst-dlopen-tlsreinitmod2 \ + tst-dlopen-tlsreinitmod3 \ tst-dlopenfaillinkmod \ tst-dlopenfailmod1 \ tst-dlopenfailmod2 \ @@ -3118,3 +3125,26 @@ $(objpfx)tst-recursive-tls.out: \ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15) $(objpfx)tst-recursive-tlsmod%.os: tst-recursive-tlsmodN.c $(compile-command.c) -DVAR=thread_$* -DFUNC=get_threadvar_$* + +# Order matters here. The test needs the constructor for +# tst-dlopen-tlsreinitmod2.so to be called first. +LDFLAGS-tst-dlopen-tlsreinitmod1.so = -Wl,--no-as-needed +$(objpfx)tst-dlopen-tlsreinitmod1.so: \ + $(objpfx)tst-dlopen-tlsreinitmod3.so $(objpfx)tst-dlopen-tlsreinitmod2.so +LDFLAGS-tst-dlopen-tlsreinit2 = -Wl,--no-as-needed +$(objpfx)tst-dlopen-tlsreinit2: \ + $(objpfx)tst-dlopen-tlsreinitmod3.so $(objpfx)tst-dlopen-tlsreinitmod2.so +LDFLAGS-tst-dlopen-tlsreinit4 = -Wl,--no-as-needed +$(objpfx)tst-dlopen-tlsreinit4: \ + $(objpfx)tst-dlopen-tlsreinitmod3.so $(objpfx)tst-dlopen-tlsreinitmod2.so +# tst-dlopen-tlsreinitmod2.so is underlinked and refers to +# tst-dlopen-tlsreinitmod3.so. The dependency is provided via +# $(objpfx)tst-dlopen-tlsreinitmod1.so. +tst-dlopen-tlsreinitmod2.so-no-z-defs = yes +$(objpfx)tst-dlopen-tlsreinit.out: $(objpfx)tst-dlopen-tlsreinitmod1.so \ + $(objpfx)tst-dlopen-tlsreinitmod2.so $(objpfx)tst-dlopen-tlsreinitmod3.so +# Reuse an audit module which provides ample debug logging. +$(objpfx)tst-dlopen-tlsreinit3.out: $(objpfx)tst-auditmod1.so +tst-dlopen-tlsreinit3-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so +$(objpfx)tst-dlopen-tlsreinit4.out: $(objpfx)tst-auditmod1.so +tst-dlopen-tlsreinit4-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so diff --git a/elf/dl-open.c b/elf/dl-open.c index c378da16c0..8556e7bd2f 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -363,17 +363,8 @@ resize_tls_slotinfo (struct link_map *new) { bool any_tls = false; for (unsigned int i = 0; i < new->l_searchlist.r_nlist; ++i) - { - struct link_map *imap = new->l_searchlist.r_list[i]; - - /* Only add TLS memory if this object is loaded now and - therefore is not yet initialized. */ - if (! imap->l_init_called && imap->l_tls_blocksize > 0) - { - _dl_add_to_slotinfo (imap, false); - any_tls = true; - } - } + if (_dl_add_to_slotinfo (new->l_searchlist.r_list[i], false)) + any_tls = true; return any_tls; } @@ -383,22 +374,8 @@ resize_tls_slotinfo (struct link_map *new) static void update_tls_slotinfo (struct link_map *new) { - unsigned int first_static_tls = new->l_searchlist.r_nlist; for (unsigned int i = 0; i < new->l_searchlist.r_nlist; ++i) - { - struct link_map *imap = new->l_searchlist.r_list[i]; - - /* Only add TLS memory if this object is loaded now and - therefore is not yet initialized. */ - if (! imap->l_init_called && imap->l_tls_blocksize > 0) - { - _dl_add_to_slotinfo (imap, true); - - if (imap->l_need_tls_init - && first_static_tls == new->l_searchlist.r_nlist) - first_static_tls = i; - } - } + _dl_add_to_slotinfo (new->l_searchlist.r_list[i], true); size_t newgen = GL(dl_tls_generation) + 1; if (__glibc_unlikely (newgen == 0)) @@ -410,13 +387,11 @@ TLS generation counter wrapped! Please report this.")); /* We need a second pass for static tls data, because _dl_update_slotinfo must not be run while calls to _dl_add_to_slotinfo are still pending. */ - for (unsigned int i = first_static_tls; i < new->l_searchlist.r_nlist; ++i) + for (unsigned int i = 0; i < new->l_searchlist.r_nlist; ++i) { struct link_map *imap = new->l_searchlist.r_list[i]; - if (imap->l_need_tls_init - && ! imap->l_init_called - && imap->l_tls_blocksize > 0) + if (imap->l_need_tls_init && imap->l_tls_blocksize > 0) { /* For static TLS we have to allocate the memory here and now, but we can delay updating the DTV. */ diff --git a/elf/dl-tls.c b/elf/dl-tls.c index ecb966d282..3d529b722c 100644 --- a/elf/dl-tls.c +++ b/elf/dl-tls.c @@ -632,17 +632,21 @@ _dl_allocate_tls_init (void *result, bool main_thread) some platforms use in static programs requires it. */ dtv[map->l_tls_modid].pointer.val = dest; - /* Copy the initialization image and clear the BSS part. For - audit modules or dependencies with initial-exec TLS, we can not - set the initial TLS image on default loader initialization - because it would already be set by the audit setup. However, - subsequent thread creation would need to follow the default - behaviour. */ + /* Copy the initialization image and clear the BSS part. + For audit modules or dependencies with initial-exec TLS, + we can not set the initial TLS image on default loader + initialization because it would already be set by the + audit setup, which uses the dlopen code and already + clears l_need_tls_init. Calls with !main_thread from + pthread_create need to initialze TLS for the current + thread regardless of namespace. */ if (map->l_ns != LM_ID_BASE && main_thread) continue; memset (__mempcpy (dest, map->l_tls_initimage, map->l_tls_initimage_size), '\0', map->l_tls_blocksize - map->l_tls_initimage_size); + if (main_thread) + map->l_need_tls_init = 0; } total += cnt; @@ -1099,9 +1103,32 @@ _dl_tls_initial_modid_limit_setup (void) } -void +/* Add module to slot information data. If DO_ADD is false, only the + required memory is allocated. Must be called with + GL (dl_load_tls_lock) acquired. If the function has already been + called for the link map L with !DO_ADD, then this function will not + raise an exception, otherwise it is possible that it encounters a + memory allocation failure. + + Return false if L has already been added to the slotinfo data, or + if L has no TLS data. If the returned value is true, L has been + added with this call (DO_ADD), or has been added in a previous call + (!DO_ADD). + + The expected usage is as follows: Call _dl_add_to_slotinfo for + several link maps with DO_ADD set to false, and record if any calls + result in a true result. If there was a true result, call + _dl_add_to_slotinfo again, this time with DO_ADD set to true. (For + simplicity, it's possible to call the function for link maps where + the previous result was false.) The return value from the second + round of calls can be ignored. If there was true result initially, + call _dl_update_slotinfo to update the TLS generation counter. */ +bool _dl_add_to_slotinfo (struct link_map *l, bool do_add) { + if (l->l_tls_blocksize == 0 || l->l_tls_in_slotinfo) + return false; + /* Now that we know the object is loaded successfully add modules containing TLS data to the dtv info table. We might have to increase its size. */ @@ -1157,7 +1184,10 @@ cannot create TLS data structures")); atomic_store_relaxed (&listp->slotinfo[idx].map, l); atomic_store_relaxed (&listp->slotinfo[idx].gen, GL(dl_tls_generation) + 1); + l->l_tls_in_slotinfo = true; } + + return true; } #if PTHREAD_IN_LIBC diff --git a/elf/tst-dlopen-tlsreinit1.c b/elf/tst-dlopen-tlsreinit1.c new file mode 100644 index 0000000000..2016b9b0c6 --- /dev/null +++ b/elf/tst-dlopen-tlsreinit1.c @@ -0,0 +1,40 @@ +/* Test that dlopen preserves already accessed TLS (bug 31717). + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + void *handle = xdlopen ("tst-dlopen-tlsreinitmod1.so", RTLD_NOW); + + bool *tlsreinitmod3_tested = xdlsym (handle, "tlsreinitmod3_tested"); + TEST_VERIFY (*tlsreinitmod3_tested); + + xdlclose (handle); + + /* This crashes if the libc.so.6 TLS image has been reverted. */ + TEST_VERIFY (!isupper ('@')); + + return 0; +} + +#include diff --git a/elf/tst-dlopen-tlsreinit2.c b/elf/tst-dlopen-tlsreinit2.c new file mode 100644 index 0000000000..90ad2c7713 --- /dev/null +++ b/elf/tst-dlopen-tlsreinit2.c @@ -0,0 +1,39 @@ +/* Test that dlopen preserves already accessed TLS (bug 31717). + Variant with initially-linked modules. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + + +static int +do_test (void) +{ + /* Defined in tst-dlopen-tlsreinitmod3.so. */ + extern bool tlsreinitmod3_tested; + TEST_VERIFY (tlsreinitmod3_tested); + + /* This crashes if the libc.so.6 TLS image has been reverted. */ + TEST_VERIFY (!isupper ('@')); + + return 0; +} + +#include diff --git a/elf/tst-dlopen-tlsreinit3.c b/elf/tst-dlopen-tlsreinit3.c new file mode 100644 index 0000000000..79bd585aff --- /dev/null +++ b/elf/tst-dlopen-tlsreinit3.c @@ -0,0 +1,2 @@ +/* Same code, but run with LD_AUDIT=tst-auditmod1.so. */ +#include "tst-dlopen-tlsreinit1.c" diff --git a/elf/tst-dlopen-tlsreinit4.c b/elf/tst-dlopen-tlsreinit4.c new file mode 100644 index 0000000000..344c9211ab --- /dev/null +++ b/elf/tst-dlopen-tlsreinit4.c @@ -0,0 +1,2 @@ +/* Same code, but run with LD_AUDIT=tst-auditmod1.so. */ +#include "tst-dlopen-tlsreinit2.c" diff --git a/elf/tst-dlopen-tlsreinitmod1.c b/elf/tst-dlopen-tlsreinitmod1.c new file mode 100644 index 0000000000..354cc3de51 --- /dev/null +++ b/elf/tst-dlopen-tlsreinitmod1.c @@ -0,0 +1,20 @@ +/* Test that dlopen preserves already accessed TLS (bug 31717), module 1. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This module triggers loading of tst-dlopen-tlsreinitmod2.so and + tst-dlopen-tlsreinitmod3.so. */ diff --git a/elf/tst-dlopen-tlsreinitmod2.c b/elf/tst-dlopen-tlsreinitmod2.c new file mode 100644 index 0000000000..677e69bd35 --- /dev/null +++ b/elf/tst-dlopen-tlsreinitmod2.c @@ -0,0 +1,30 @@ +/* Test that dlopen preserves already accessed TLS (bug 31717), module 2. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* Defined in tst-dlopen-tlsreinitmod3.so. This an underlinked symbol + dependency. */ +extern void call_tlsreinitmod3 (void); + +static void __attribute__ ((constructor)) +tlsreinitmod2_init (void) +{ + puts ("info: constructor of tst-dlopen-tlsreinitmod2.so invoked"); + call_tlsreinitmod3 (); +} diff --git a/elf/tst-dlopen-tlsreinitmod3.c b/elf/tst-dlopen-tlsreinitmod3.c new file mode 100644 index 0000000000..ef769c5131 --- /dev/null +++ b/elf/tst-dlopen-tlsreinitmod3.c @@ -0,0 +1,102 @@ +/* Test that dlopen preserves already accessed TLS (bug 31717), module 3. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +/* Used to verify from the main program that the test ran. */ +bool tlsreinitmod3_tested; + +/* This TLS variable must not revert back to the initial state after + dlopen. */ +static __thread int tlsreinitmod3_state = 1; + +/* Set from the ELF constructor during dlopen. */ +static bool tlsreinitmod3_constructed; + +/* Second half of test, behind a compiler barrier. The compiler + barrier is necessary to prevent carrying over TLS address + information from call_tlsreinitmod3 to call_tlsreinitmod3_tail. */ +void call_tlsreinitmod3_tail (void *self) __attribute__ ((weak)); + +/* Called from tst-dlopen-tlsreinitmod2.so. */ +void +call_tlsreinitmod3 (void) +{ + printf ("info: call_tlsreinitmod3 invoked (state=%d)\n", + tlsreinitmod3_state); + + if (tlsreinitmod3_constructed) + { + puts ("error: call_tlsreinitmod3 called after ELF constructor"); + fflush (stdout); + /* Cannot rely on test harness due to dynamic linking. */ + _exit (1); + } + + tlsreinitmod3_state = 2; + + /* Self-dlopen. This will run the ELF constructor. */ + void *self = dlopen ("tst-dlopen-tlsreinitmod3.so", RTLD_NOW); + if (self == NULL) + { + printf ("error: dlopen: %s\n", dlerror ()); + fflush (stdout); + /* Cannot rely on test harness due to dynamic linking. */ + _exit (1); + } + + call_tlsreinitmod3_tail (self); +} + +void +call_tlsreinitmod3_tail (void *self) +{ + printf ("info: dlopen returned in tlsreinitmod3 (state=%d)\n", + tlsreinitmod3_state); + + if (!tlsreinitmod3_constructed) + { + puts ("error: dlopen did not call tlsreinitmod3 ELF constructor"); + fflush (stdout); + /* Cannot rely on test harness due to dynamic linking. */ + _exit (1); + } + + if (tlsreinitmod3_state != 2) + { + puts ("error: TLS state reverted in tlsreinitmod3"); + fflush (stdout); + /* Cannot rely on test harness due to dynamic linking. */ + _exit (1); + } + + dlclose (self); + + /* Signal test completion to the main program. */ + tlsreinitmod3_tested = true; +} + +static void __attribute__ ((constructor)) +tlsreinitmod3_init (void) +{ + puts ("info: constructor of tst-dlopen-tlsreinitmod3.so invoked"); + tlsreinitmod3_constructed = true; +} diff --git a/include/link.h b/include/link.h index cb0d7d8e2f..5ed445d5a6 100644 --- a/include/link.h +++ b/include/link.h @@ -212,6 +212,7 @@ struct link_map unsigned int l_find_object_processed:1; /* Zero if _dl_find_object_update needs to process this lt_library map. */ + unsigned int l_tls_in_slotinfo:1; /* TLS slotinfo updated in dlopen. */ /* NODELETE status of the map. Only valid for maps of type lt_loaded. Lazy binding sets l_nodelete_active directly, diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 154efb0e19..259ce2e7d6 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1239,13 +1239,7 @@ extern void *_dl_open (const char *name, int mode, const void *caller, extern int _dl_scope_free (void *) attribute_hidden; -/* Add module to slot information data. If DO_ADD is false, only the - required memory is allocated. Must be called with GL - (dl_load_tls_lock) acquired. If the function has already been called - for the link map L with !do_add, then this function will not raise - an exception, otherwise it is possible that it encounters a memory - allocation failure. */ -extern void _dl_add_to_slotinfo (struct link_map *l, bool do_add) +extern bool _dl_add_to_slotinfo (struct link_map *l, bool do_add) attribute_hidden; /* Update slot information data for at least the generation of the commit f4a9b6e97bf05cf5a41907e55901f7e9afaafd4d Author: Florian Weimer Date: Mon Sep 9 21:10:23 2024 +0200 elf: Fix tst-dlopen-tlsreinit1.out test dependency Fixes commit 5097cd344fd243fb8deb6dec96e8073753f962f9 ("elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717)"). Reported-by: Patsy Griffin Reviewed-by: Patsy Griffin (cherry picked from commit e82a7cb1622bff08d8e3a144d7c5516a088f1cbc) diff --git a/elf/Makefile b/elf/Makefile index a03c6520d8..dc686c3bff 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -3141,7 +3141,7 @@ $(objpfx)tst-dlopen-tlsreinit4: \ # tst-dlopen-tlsreinitmod3.so. The dependency is provided via # $(objpfx)tst-dlopen-tlsreinitmod1.so. tst-dlopen-tlsreinitmod2.so-no-z-defs = yes -$(objpfx)tst-dlopen-tlsreinit.out: $(objpfx)tst-dlopen-tlsreinitmod1.so \ +$(objpfx)tst-dlopen-tlsreinit1.out: $(objpfx)tst-dlopen-tlsreinitmod1.so \ $(objpfx)tst-dlopen-tlsreinitmod2.so $(objpfx)tst-dlopen-tlsreinitmod3.so # Reuse an audit module which provides ample debug logging. $(objpfx)tst-dlopen-tlsreinit3.out: $(objpfx)tst-auditmod1.so commit adfb14e71f240a6bc2a4cbd6e6c50cc3fa1bcc3b Author: Florian Weimer Date: Tue Sep 10 12:40:27 2024 +0200 debug: Fix read error handling in pcprofiledump The reading loops did not check for read failures. Addresses a static analysis report. Manually tested by compiling a program with the GCC's -finstrument-functions option, running it with “LD_PRELOAD=debug/libpcprofile.so PCPROFILE_OUTPUT=output-file”, and reviewing the output of “debug/pcprofiledump output-file”. (cherry picked from commit 89b088bf70c651c231bf27e644270d093b8f144a) diff --git a/debug/pcprofiledump.c b/debug/pcprofiledump.c index 049a9c2744..94530f0cf9 100644 --- a/debug/pcprofiledump.c +++ b/debug/pcprofiledump.c @@ -75,6 +75,44 @@ static struct argp argp = options, parse_opt, args_doc, doc, NULL, more_help }; +/* Try to read SIZE bytes from FD and store them on BUF. Terminate + the process upon read error. Also terminate the process if less + than SIZE bytes are remaining in the file. If !IN_HEADER, do not + terminate the process if the end of the file is encountered + immediately, before any bytes are read. + + Returns true if SIZE bytes have been read, and false if no bytes + have been read due to an end-of-file condition. */ +static bool +read_exactly (int fd, void *buffer, size_t size, bool in_header) +{ + char *p = buffer; + char *end = p + size; + while (p < end) + { + ssize_t ret = TEMP_FAILURE_RETRY (read (fd, p, end - p)); + if (ret < 0) + { + if (in_header) + error (EXIT_FAILURE, errno, _("cannot read header")); + else + error (EXIT_FAILURE, errno, _("cannot read pointer pair")); + } + if (ret == 0) + { + if (p == buffer && !in_header) + /* Nothing has been read. */ + return false; + if (in_header) + error (EXIT_FAILURE, 0, _("unexpected end of file in header")); + else + error (EXIT_FAILURE, 0, + _("unexpected end of file in pointer pair")); + } + p += ret; + } + return true; +} int main (int argc, char *argv[]) @@ -110,8 +148,7 @@ main (int argc, char *argv[]) /* Read the first 4-byte word. It contains the information about the word size and the endianness. */ uint32_t word; - if (TEMP_FAILURE_RETRY (read (fd, &word, 4)) != 4) - error (EXIT_FAILURE, errno, _("cannot read header")); + read_exactly (fd, &word, sizeof (word), true); /* Check whether we have to swap the byte order. */ int must_swap = (word & 0x0fffffff) == bswap_32 (0xdeb00000); @@ -121,56 +158,30 @@ main (int argc, char *argv[]) /* We have two loops, one for 32 bit pointers, one for 64 bit pointers. */ if (word == 0xdeb00004) { - union - { - uint32_t ptrs[2]; - char bytes[8]; - } pair; + uint32_t ptrs[2]; while (1) { - size_t len = sizeof (pair); - size_t n; - - while (len > 0 - && (n = TEMP_FAILURE_RETRY (read (fd, &pair.bytes[8 - len], - len))) != 0) - len -= n; - - if (len != 0) - /* Nothing to read. */ + if (!read_exactly (fd, ptrs, sizeof (ptrs), false)) break; printf ("this = %#010" PRIx32 ", caller = %#010" PRIx32 "\n", - must_swap ? bswap_32 (pair.ptrs[0]) : pair.ptrs[0], - must_swap ? bswap_32 (pair.ptrs[1]) : pair.ptrs[1]); + must_swap ? bswap_32 (ptrs[0]) : ptrs[0], + must_swap ? bswap_32 (ptrs[1]) : ptrs[1]); } } else if (word == 0xdeb00008) { - union - { - uint64_t ptrs[2]; - char bytes[16]; - } pair; + uint64_t ptrs[2]; while (1) { - size_t len = sizeof (pair); - size_t n; - - while (len > 0 - && (n = TEMP_FAILURE_RETRY (read (fd, &pair.bytes[8 - len], - len))) != 0) - len -= n; - - if (len != 0) - /* Nothing to read. */ + if (!read_exactly (fd, ptrs, sizeof (ptrs), false)) break; printf ("this = %#018" PRIx64 ", caller = %#018" PRIx64 "\n", - must_swap ? bswap_64 (pair.ptrs[0]) : pair.ptrs[0], - must_swap ? bswap_64 (pair.ptrs[1]) : pair.ptrs[1]); + must_swap ? bswap_64 (ptrs[0]) : ptrs[0], + must_swap ? bswap_64 (ptrs[1]) : ptrs[1]); } } else commit 7073164add3b874cf0c19ca0fb84236f6bb0985d Author: Siddhesh Poyarekar Date: Tue Sep 3 14:58:33 2024 -0400 libio: Attempt wide backup free only for non-legacy code _wide_data and _mode are not available in legacy code, so do not attempt to free the wide backup buffer in legacy code. Resolves: BZ #32137 and BZ #27821 Signed-off-by: Siddhesh Poyarekar Reviewed-by: Florian Weimer (cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce) diff --git a/NEWS b/NEWS index 5b20efbf6c..9033335db1 100644 --- a/NEWS +++ b/NEWS @@ -9,12 +9,14 @@ Version 2.40.1 The following bugs are resolved with this release: + [27821] ungetc: Fix backup buffer leak on program exit [30081] resolv: Do not wait for non-existing second DNS response after error [31717] elf: Avoid re-initializing already allocated TLS in dlopen [31890] resolv: Allow short error responses to match any DNS query [31968] mremap implementation in C does not handle arguments correctly [32026] strerror/strsignal TLS not handled correctly for secondary namespaces [32052] Name space violation in fortify wrappers + [32137] libio: Attempt wide backup free only for non-legacy code Version 2.40 diff --git a/libio/genops.c b/libio/genops.c index 35d8b30710..6f20d49669 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -819,7 +819,7 @@ _IO_unbuffer_all (void) /* Free up the backup area if it was ever allocated. */ if (_IO_have_backup (fp)) _IO_free_backup_area (fp); - if (fp->_mode > 0 && _IO_have_wbackup (fp)) + if (!legacy && fp->_mode > 0 && _IO_have_wbackup (fp)) _IO_free_wbackup_area (fp); if (! (fp->_flags & _IO_UNBUFFERED)