summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2022-09-19remove impossible error case from gethostbyname2_rRich Felker1-1/+0
EAI_MEMORY is not possible because the resolver backend does not allocate. if it did, it would be necessary for us to explicitly return ENOMEM as the error, since errno is not guaranteed to reflect the error cause except in the case of EAI_SYSTEM, so the existing code was not correct anyway.
2022-09-19fix return value of gethostnbyname[2]_r on result not foundRich Felker1-1/+1
these functions are horribly underspecified, inconsistent between historical systems, and should never have been included. however, the signatures we have match the glibc ones, and the glibc behavior is to treat NxDomain and NODATA results as a success condition, not an ENOENT error.
2022-09-19dns: treat names rejected by res_mkquery as nonexistent rather than errorRich Felker1-1/+1
this distinction only affects search, but allows search to continue when concatenating one of the search domains onto the requested name produces a result that's not valid. this can happen when the concatenation is too long, or one of the search list entries is itself not valid. as a consequence of this change, having "." in the search domains list will now be ignored/skipped rather than making the lookup abort with no results (due to producing a concatenation ending in ".."). this behavior could be changed later if needed.
2022-09-19res_mkquery: error out on consecutive final dots in nameRich Felker1-0/+1
the main loop already errors out on zero-length labels within the name, but terminates before having a chance to check for an erroneous final zero-length label, instead producing a malformed query packet with a '.' byte instead of the terminating zero. rather than poke at the look logic, simply detect this condition early and error out without doing anything. this also fixes behavior of getaddrinfo when "." appears in the search domain list, which produces a name ending in ".." after concatenation, at least in the sense of no longer emitting malformed packets on the network. however, due to other issues, the lookup will still fail.
2022-09-19fix thread leak on timer_create(SIGEV_THREAD) failureAlexey Izbyshev1-1/+5
After commit 5b74eed3b301e2227385f3bf26d3bb7c2d822cf8 the timer thread doesn't check whether timer_create() actually created the timer, proceeding to wait for a signal that might never arrive. We can't fix this by simply checking for a negative timer_id after pthread_barrier_wait() because we have no way to distinguish a timer creation failure and a request to delete a timer with INT_MAX id if it happens to arrive quickly (a variation of this bug existed before 5b74eed3b301e2227385f3bf26d3bb7c2d822cf8, where the timer would be leaked in this case). So (ab)use cancel field of pthread_t instead.
2022-09-19re-enable vdso clock_gettime on arm (32-bit) with workaroundRich Felker2-0/+10
commit 4486c579cbf0d989080705f515d08cb48636ba88 disabled vdso clock_gettime on arm due to a Linux kernel bug that was not understood at the time, whereby the vdso function silently produced catastrophically wrong results on some systems. since then, the bug was tracked down to the way the arm kernel disabled use of vdso clock_gettime on kernels where the necessary timer was not available or was disabled. it simply patched out the symbols, but it only did this for the legacy time32 functions, and left the time64 function in place but non-operational. kernel commit 4405bdf3c57ec28d606bdf5325f1167505bfdcd4 (first present in 5.8) provided the fix. if this were a bug that impacted all users of the broken kernel versions, we could probably ignore it and assume it had been patched or replaced. however, it's very possible that these kernels appear in the wild in devices running time32 userspace (glibc, musl 1.1.x, or some other environment) where they appear to work fine, but where our new binaries would fail catastrophically if we used the time64 vdso function. since the kernel has not (yet?) given us a way to probe for the working time64 vdso function semantically, we work around the problem by refusing to use the time64 one unless the time32 one is also present. this will revert to not using vdso at all if the time32 one is ever removed, but at least that's safe against wrong results and is just a missed optimization.
2022-09-12process DT_RELR relocations in ldso-startup/static-pieRich Felker1-0/+15
commit d32dadd60efb9d3b255351a3b532f8e4c3dd0db1 added DT_RELR processing for programs and shared libraries processed by the dynamic linker, but left them unsupported in the dynamic linker itseld and in static pie binaries, which self-relocate via code in dlstart.c. add the equivalent processing to this code path so that there are not arbitrary restrictions on where the new packed relative relocation form can be used.
2022-09-07fix fwprintf missing output to open_wmemstream FILEsRich Felker1-1/+5
open_wmemstream's write method was written assuming no buffering, since it sets the FILE up with buf_len of zero in order to avoid issues with position/seeking. however, as a consequence of commit bd57e2b43a5b56c00a82adbde0e33e5820c81164, a FILE being written to by the printf core has a temporary local buffer for the duration of the operation if it was unbuffered to begin with. since this was disregarded by the wide memstream's write method, output produced through this code path, particularly numeric fields, was missing from the output wchar buffer. copy the equivalent logic for using the buffered data from the byte-oriented open_memstream.
2022-08-26dns: fail if ipv6 is disabled and resolv.conf has only v6 nameservesRich Felker1-0/+5
if resolv.conf lists no nameservers at all, the default of 127.0.0.1 is used. however, another "no nameservers" case arises where the system has ipv6 support disabled/configured-out and resolv.conf only contains v6 nameservers. this caused the resolver to repeat socket operations that will necessarily fail (sending to one or more wrong-family addresses) while waiting for a timeout. it would be contrary to configured intent to query 127.0.0.1 in this case, but the current behavior is not conducive to diagnosing the configuration problem. instead, fail immediately with EAI_SYSTEM and errno==EAFNOSUPPORT so that the configuration error is reportable.
2022-08-26use kernel-provided AT_MINSIGSTKSZ for sysconf(_SC_[MIN]SIGSTKSZ)Rich Felker1-2/+12
use the legacy constant values if the kernel does not provide AT_MINSIGSTKSZ (__getauxval will return 0 in this case) and as a safety check if something is wrong and the provided value is less than the legacy constant. sysconf(_SC_SIGSTKSZ) returns SIGSTKSZ adjusted for the difference between the legacy constant MINSIGSTKSZ and the runtime value, so that the working space the application has on top of the minimum remains invariant under changes to the minimum.
2022-08-26add sysconf keys/values for signal stack sizeRich Felker2-0/+5
as a result of ISA extensions exploding register file sizes on some archs, using a constant for minimum signal stack size no longer seems viably future-proof. add sysconf keys allowing the kernel to provide a machine-dependent minimum applications can query to ensure they allocate sufficient space for stacks. the key names and indices align with the same functionality in glibc. see commit d5a5045382315e36588ca225889baa36ed0ed38f for previous action on this subject. ultimately, the macros MINSIGSTKSZ and SIGSTKSZ probably need to be deprecated, but that is standards-amendment work outside the scope of a single implementation.
2022-08-24fix fallback when ipv6 is disabled but resolv.conf has v6 nameservesRich Felker1-1/+2
apparently this code path was never tested, as it's not usual to have v6 nameservers listed on a system without v6 networking support. but it was always intended to work. when reverting to binding a v4 address, also revert the family in the sockaddr structure and the socklen for it. otherwise bind will just fail due to mismatched family/sockaddr size. fix dns resolver fallback when v6 nameservers are listed by
2022-08-24epoll_create: fail with EINVAL if size is non-positiveKristina Martsenko1-0/+1
This is a part of the interface contract defined in the Linux man page (official for a Linux-specific interface) and asserted by test cases in the Linux Test Project (LTP).
2022-08-20use alt signal stack when present for implementation-internal signalsRich Felker3-3/+3
a request for this behavior has been open for a long time. the motivation is that application code, particularly under some language runtimes designed around very-low-footprint coroutine type constructs, may be operating with extremely small stack sizes unsuitable for receiving signals, using a separate signal stack for any signals it might handle. progress on this was blocked at one point trying to determine whether the implementation is actually entitled to clobber the alt stack, but the phrasing "available to the implementation" in the POSIX spec for sigaltstack seems to make it clear that the application cannot rely on the contents of this memory to be preserved in the absence of signal delivery (on the abstract machine, excluding implementation-internal signals) and that we can therefore use it for delivery of signals that "don't exist" on the abstract machine. no change is made for SIGTIMER since it is always blocked when used, and accepted via sigwaitinfo rather than execution of the signal handler.
2022-08-17ldso: make exit condition clearer in fixup_rpathÉrico Nogueira1-1/+1
breaking out of the switch-case when l==-1 means the conditional below will necessarily be true (-1 >= buf_size, a size_t variable) and the function will return 0. it is, however, somewhat unclear that that's what's happening. simply returning there is simpler
2022-08-17freopen: reset stream orientation (byte/wide) and encoding ruleRich Felker1-0/+2
this is a requirement of the C language (orientation) and POSIX (encoding rule) that was somehow overlooked. we rely on the fact that the buffer pointers have been reset by fflush, so that any future stdio operations on the stream will go through the same code paths they would on a newly-opened file without an orientation set, thereby setting the orientation as they should.
2022-08-02ldso: process RELR only for non-FDPIC archsRich Felker1-1/+2
the way RELR is applied is not a meaningful operation for FDPIC (there is no single "base" address). it seems unlikely RELR would ever be added for FDPIC, but if it ever is, the behavior and possibly data format will need to be different, so guard against calling the non-FDPIC code.
2022-08-02ldso: support DT_RELR relative relocation formatFangrui Song3-4/+27
this resolves DT_RELR relocations in non-ldso, dynamic-linked objects.
2022-08-02use syscall_arg_t and __scc macro for arguments to __alt_socketcallAlex Xu (Hello71)1-3/+3
otherwise, pointer arguments are sign-extended on x32, resulting in EFAULT.
2022-08-01fix strings.h feature test macro usage due to missing features.hMichael Pratt1-0/+1
2022-08-01fix ESRCH error handling for clock_getcpuclockidEugene Yudin1-0/+1
the syscall used to probe availability of the clock fails with EINVAL when the requested pid does not exist, but clock_getcpuclockid is specified to use ESRCH for this purpose.
2022-08-01aarch64: add vforkSzabolcs Nagy1-0/+9
The generic vfork implementation uses clone(SIGCHLD) which has fork semantics. Implement vfork as clone(SIGCHLD|CLONE_VM|CLONE_VFORK, 0) instead which has vfork semantics. (stack == 0 means sp is unchanged in the child.) Some users rely on vfork semantics when memory overcommit is disabled or when the vfork child runs code that synchronizes with the parent process (non-conforming).
2022-08-01fix mishandling of errno in getaddrinfo AI_ADDRCONFIG logicRich Felker1-0/+2
this code attempts to use the value of errno from failure of socket or connect to infer availability of the requested address family (v4 or v6). however, in the case where connect failed, there is an intervening call to close between connect and the use of errno. close is not required to preserve errno on success, and in fact the __aio_close code, which is called whenever aio is linked and thus always called in dynamic-linked programs, unconditionally clobbers errno. as a result, getaddrinfo fails with EAI_SYSTEM and errno=ENOENT rather than correctly determining that the address family was unavailable. this fix is based on report/patch by Jussi Nieminen, but simplified slightly to avoid breaking the case where socket, not connect, failed.
2022-07-19early stage ldso: remove symbolic references via error handling functionRich Felker1-2/+11
while the error handling function should not be reached in stage 2 (assuming ldso itself was linked correctly), this was not statically determinate from the compiler's perspective, and in theory a compiler performing LTO could lift the TLS references (errno and other things) out of the printf-family functions called in a stage where TLS is not yet initialized. instead, perform the call via a static-storage, internal-linkage function pointer which will be set to a no-op function until the stage where the real error handling function should be reachable. inspired by commit 63c67053a3e42e9dff788de432f82ff07d4d772a.
2022-07-02in early stage ldso before __dls2b, call mprotect with __syscallAlex Xu (Hello71)1-6/+8
if LTO is enabled, gcc hoists the call to ___errno_location outside the loop even though the access to errno is gated behind head != &ldso because ___errno_location is marked __attribute__((const)). this causes the program to crash because TLS is not yet initialized when called from __dls2. this is also possible if LTO is not enabled; even though gcc 11 doesn't do it, it is still wrong to use errno here. since the start and end are already aligned, we can simply call __syscall instead of using global errno. Fixes: e13a2b8953ef ("implement PT_GNU_RELRO support")
2022-06-23avoid limited space of random temp file names if clock resolution is lowRich Felker1-1/+1
this is not an issue that was actually hit, but I noticed it during previous changes to __randname: if the resolution of tv_nsec is too low, the space of temp file names obtainable by a thread could plausibly be exhausted. mixing in tv_sec avoids this.
2022-06-03remove random filename obfuscation that leaks ASLR informationRich Felker1-1/+2
the __randname function is used by various temp file creation interfaces as a backend to produce a name to attempt using. it does not have to produce results that are safe against guessing, and only aims to avoid unintentional collisions. mixing the address of an object on the stack in a reversible manner leaked ASLR information, potentially allowing an attacker who can observe the temp files created and their creation timestamps to narrow down the possible ASLR state of the process that created them. there is no actual value in mixing these addresses in; it was just obfuscation. so don't do it. instead, mix the tid, just to avoid collisions if multiple processes/threads stampede to create temp files at the same moment. even without this measure, they should not collide unless the clock source is very low resolution, but it's a cheap improvement. if/when we have a guaranteed-available userspace csprng, it could be used here instead. even though there is no need for cryptographic entropy here, it would avoid having to reason about clock resolution and such to determine whether the behavior is nice.
2022-06-03ensure distinct query id for parallel A and AAAA queries in resolverRich Felker1-0/+3
assuming a reasonable realtime clock, res_mkquery is highly unlikely to generate the same query id twice in a row, but it's possible with a very low-resolution system clock or under extreme delay of forward progress. when it happens, res_msend fails to wait for both answers, and instead stops listening after getting two answers to the same query (A or AAAA). to avoid this, increment one byte of the second query's id if it matches the first query's. don't bother checking if the second byte is also equal, since it doesn't matter; we just need to ensure that at least one byte is distinct.
2022-05-15mntent: fix potential mishandling of extremely long linesRich Felker1-0/+2
commit 05973dc3bbc1aca9b3c8347de6879ed72147ab3b made it so that lines longer than INT_MAX can in theory be read, but did not use a suitable type for the positions determined by sscanf. we could change to using size_t, but since the signature for getmntent_r does not admit lines longer than INT_MAX, it does not make sense to support them in the legacy thread-unsafe form either -- the principle here is that there should not be an incentive to use the unsafe function to get added functionality.
2022-05-15mntent: fix parsing lines with optional fieldsAlyssa Ross1-3/+7
According to fstab(5), the last two fields are optional, but this wasn't accepted. After this change, only the first field is required, which matches glibc's behaviour. Using sscanf as before, it would have been impossible to differentiate between 0 fields and 4 fields, because sscanf would have returned 0 in both cases due to the use of assignment suppression and %n for the string fields (which is important to avoid copying any strings). So instead, before calling sscanf, initialize every string to the empty string, and then we can check which strings are empty afterwards to know how many fields were matched.
2022-05-06fix constraint violation in qsort wrapper around qsort_rRich Felker1-1/+1
function pointer types do not implicitly convert to void *. a cast is required here.
2022-05-04use __fstat instead of __fstatat with AT_EMPTY_PATH in __map_fileRich Felker1-2/+1
this isolates knowledge of the nonstandard AT_EMPTY_PATH extension to one place and returns __map_file to its prior simplicity.
2022-05-04provide an internal namespace-safe __fstatRich Felker2-2/+5
this avoids the need for implementation-internal callers to depend on the nonstandard AT_EMPTY_PATH extension to use __fstatat and isolates knowledge of that extension to the implementation of __fstat.
2022-05-01only use fstatat and others legacy stat syscalls if they existRich Felker1-1/+9
riscv32 and future architectures only provide statx.
2022-05-01drop direct use of stat syscalls in internal __map_fileRich Felker1-3/+3
this function is used to implement some baseline ISO C interfaces, so it cannot call any of the stat functions by their public names. use the namespace-safe __fstatat instead.
2022-05-01provide an internal namespace-safe __fstatatRich Felker2-1/+11
this makes it so we can drop direct stat syscall use in interfaces that can't use the POSIX namespace.
2022-05-01drop direct use of stat syscalls in fchmodatRich Felker1-8/+7
instead, use the fstatat/stat functions, so that the logic for which syscalls are present and usable is all in fstatat. this results in a slight increase in cost for old kernels on 32-bit archs: now statx will be attempted first rather than just using the legacy time32 syscalls, despite us not caring about timestamps. however, it's not even clear that the legacy syscalls *should* succeed if the timestamps are out of range; arguably they should fail with EOVERFLOW. as such, paying a small cost here on old kernels seems well-motivated. with this change, fchmodat itself is no longer blocking ports to new archs that lack the legacy syscalls.
2022-05-01drop use of stat operation in temporary file name generationRich Felker2-10/+6
this change serves two purposes: 1. it eliminates one of the few remaining uses of the kernel stat structure which will not be present in future archs, avoiding the need for growing ifdef logic here. 2. it potentially makes the operations less expensive when the candidate exists as a non-symlink by avoiding the need to read the inode (assuming the directory tables suffice to distinguish symlinks). this uses the idiom I discovered while rewriting realpath for commit 29ff7599a448232f2527841c2362643d246cee36 of being able to use the readlink operation as an inexpensive probe for file existence that doesn't following symlinks.
2022-05-01only fallback to gettimeofday/settimeofday syscalls if they existStefan O'Rear1-0/+4
riscv32 and future architectures only provide the clock_ functions.
2022-05-01only use getrlimit/setrlimit syscalls if they existStefan O'Rear2-1/+11
riscv32 and future architectures only provide prlimit64.
2022-04-27don't remap internal-use syscall macros to nonexistent time32 syscallsStefan O'Rear1-10/+10
riscv32 and future architectures lack the _time32 variants entirely, so don't try to use their numbers. instead, reflect that they're not present.
2022-04-27remove ARMSUBARCH relic from configureStefan O'Rear1-5/+0
commit 0f814a4e57e80d2512934820b878211e9d71c93e removed its use.
2022-04-20add missing POSIX confstr keys for pthread CFLAGS/LDFLAGSRich Felker2-1/+3
_CS_POSIX_V7_THREADS_CFLAGS and _CS_POSIX_V7_THREADS_LDFLAGS have been missing for a long time, which is a conformance defect. we were waiting on glibc to add them or at least agree on the numeric values they will have so as to keep the numbering aligned. it looks like they will be added to glibc with these numbers, and in any case, this list does not have any significant churn that would result in the numbers getting taken.
2022-04-10fix incorrect parameter name in internal netlink.h RTA_OK macroOndrej Jirman1-1/+1
the wrong name works only by accident.
2022-04-07release 1.2.3v1.2.3Rich Felker2-1/+41
2022-03-27accept null pointer as message argument to gettext functionspsykose1-0/+3
the change to support passing null was rejected in the past on the grounds that GNU gettext documented it as undefined, on an assumption that only glibc accepted it and that the standalone GNU gettext did not. but it turned out that both explicitly accept it. in light of this, since some software assumes null can be passed safely, allow it.
2022-03-16fix invalid free of duplocale object when malloc has been replacedIsaiah Poston1-0/+5
newlocale and freelocale use __libc_malloc and __libc_free, but duplocale used malloc. If malloc was replaced, this resulted in invalid free using the wrong allocator when passing the result of duplocale to freelocale. Instead, use libc-internal malloc for duplocale. This bug was introduced by commit 1e4204d522670a1d8b8ab85f1cfefa960547e8af.
2022-03-08fix __WORDSIZE on x32 sys/user.hRich Felker1-1/+1
sys/reg.h already had it right as 32, to which it was explicitly changed when commit 664cd341921007cea52c8891f27ce35927dca378 derived x32 from x86_64. but the copy exposed in sys/user.h was missed.
2022-03-08sys/ptrace.h: add PTRACE_GET_RSEQ_CONFIGURATION from linux v5.13Szabolcs Nagy1-0/+9
see linux commit 90f093fa8ea48e5d991332cee160b761423d55c1 rseq, ptrace: Add PTRACE_GET_RSEQ_CONFIGURATION request the struct type got __ prefix to follow existing practice.
2022-03-08sys/prctl.h: add PR_PAC_{SET,GET}_ENABLED_KEYS from linux v5.13Szabolcs Nagy1-0/+3
see linux commit 201698626fbca1cf1a3b686ba14cf2a056500716 arm64: Introduce prctl(PR_PAC_{SET,GET}_ENABLED_KEYS)