From a64a0cacd626e596036d5330f443e6b144d22816 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Mon, 24 Sep 2018 16:45:38 -0400 Subject: system/musl: patch stdio locking, dcngettext, getaddrinfo --- system/musl/APKBUILD | 8 +++- system/musl/dcngettext-null-deref.patch | 82 ++++++++++++++++++++++++++++++++ system/musl/fix-file-locking-race.patch | 54 +++++++++++++++++++++ system/musl/getaddrinfo-regression.patch | 51 ++++++++++++++++++++ 4 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 system/musl/dcngettext-null-deref.patch create mode 100644 system/musl/fix-file-locking-race.patch create mode 100644 system/musl/getaddrinfo-regression.patch (limited to 'system/musl') diff --git a/system/musl/APKBUILD b/system/musl/APKBUILD index 09bb9b58b..867af507c 100644 --- a/system/musl/APKBUILD +++ b/system/musl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=musl pkgver=1.1.20 -pkgrel=1 +pkgrel=2 pkgdesc="System library (libc) implementation" url="http://www.musl-libc.org/" arch="all" @@ -23,6 +23,9 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz 2000-pthread-internals-increase-DEFAULT_GUARD_SIZE-to-2-p.patch 3001-make-real-lastlog-h.patch handle-aux-at_base.patch + fix-file-locking-race.patch + dcngettext-null-deref.patch + getaddrinfo-regression.patch ldconfig getent.c @@ -114,6 +117,9 @@ sha512sums="d3a7a30aa375ca50d7dcfbd618581d59e1aa5378417f50a0ca5510099336fd74cc9d 2c8e1dde1834238097b2ee8a7bfb53471a0d9cff4a5e38b55f048b567deff1cdd47c170d0578a67b1a039f95a6c5fbb8cff369c75b6a3e4d7ed171e8e86ebb8c 2000-pthread-internals-increase-DEFAULT_GUARD_SIZE-to-2-p.patch 88ae443dbb8e0a4368235bdc3a1c5c7b718495afa75e06deb8e01becc76cb1f0d6964589e2204fc749c9c1b3190b8b9ac1ae2c0099cab8e2ce3ec877103d4332 3001-make-real-lastlog-h.patch 6a7ff16d95b5d1be77e0a0fbb245491817db192176496a57b22ab037637d97a185ea0b0d19da687da66c2a2f5578e4343d230f399d49fe377d8f008410974238 handle-aux-at_base.patch +b967339d9048161583523e847be91779adb0e16cc225d6ff85ef51748269b2dab08a0b8e558ad01469135837a9df76a59bf9a31791dd4063d75bc5efe6e94861 fix-file-locking-race.patch +a08d1b170356beea333ace1da12f8a8399ca80c5d9c32ff2fcd8562537a670214f566e4b1219a11b32129078e22fbf7009bb277b7de8550a89352a64b3b5090d dcngettext-null-deref.patch +e3953a3a73ef11696dd3eb216e18b152ae35198d8bff686d157e27bc90fb558f9a0be518025a90534e9afd6ea1bf731ffdb6fcb202bb9368f2c8eec7ca886141 getaddrinfo-regression.patch cce2f1eeb61e55674469c26871a573cce61d739c3defe9c8f56f2b774f6ba5435849ad542a6714120efddc98c297098e9c98a1a424ac593df2243d4aa479f9a9 ldconfig 378d70e65bcc65bb4e1415354cecfa54b0c1146dfb24474b69e418cdbf7ad730472cd09f6f103e1c99ba6c324c9560bccdf287f5889bbc3ef0bdf0e08da47413 getent.c 9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf iconv.c" diff --git a/system/musl/dcngettext-null-deref.patch b/system/musl/dcngettext-null-deref.patch new file mode 100644 index 000000000..bcc385e86 --- /dev/null +++ b/system/musl/dcngettext-null-deref.patch @@ -0,0 +1,82 @@ +From 017e67ddde79fa2b6187a5e56b1e92bafc7c4cd2 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Fri, 14 Sep 2018 13:00:41 -0400 +Subject: drop lazy plural forms init in dcngettext + +there is no good reason to wait to find and process the plural rules +for a translated message file until a gettext form requesting plural +rule processing is used. it just imposes additional synchronization, +here in the form of clunky use of atomics. + +it looks like there may also have been a race condition where nplurals +could be seen without plural_rule being seen, possibly leading to null +pointer dereference. if so, this commit fixes it. +--- + src/locale/dcngettext.c | 35 +++++++++++++++++------------------ + 1 file changed, 17 insertions(+), 18 deletions(-) + +diff --git a/src/locale/dcngettext.c b/src/locale/dcngettext.c +index 7fbe7196..8b891d00 100644 +--- a/src/locale/dcngettext.c ++++ b/src/locale/dcngettext.c +@@ -100,8 +100,8 @@ struct msgcat { + struct msgcat *next; + const void *map; + size_t map_size; +- void *volatile plural_rule; +- volatile int nplurals; ++ const char *plural_rule; ++ int nplurals; + struct binding *binding; + const struct __locale_map *lm; + int cat; +@@ -200,20 +200,7 @@ notrans: + p->lm = lm; + p->map = map; + p->map_size = map_size; +- do { +- old_cats = cats; +- p->next = old_cats; +- } while (a_cas_p(&cats, old_cats, p) != old_cats); +- } +- +- const char *trans = __mo_lookup(p->map, p->map_size, msgid1); +- if (!trans) goto notrans; +- +- /* Non-plural-processing gettext forms pass a null pointer as +- * msgid2 to request that dcngettext suppress plural processing. */ +- if (!msgid2) return (char *)trans; + +- if (!p->plural_rule) { + const char *rule = "n!=1;"; + unsigned long np = 2; + const char *r = __mo_lookup(p->map, p->map_size, ""); +@@ -237,10 +224,22 @@ notrans: + rule = r+7; + } + } +- a_store(&p->nplurals, np); +- a_cas_p(&p->plural_rule, 0, (void *)rule); ++ p->nplurals = np; ++ p->plural_rule = rule; ++ ++ do { ++ old_cats = cats; ++ p->next = old_cats; ++ } while (a_cas_p(&cats, old_cats, p) != old_cats); + } +- if (p->nplurals) { ++ ++ const char *trans = __mo_lookup(p->map, p->map_size, msgid1); ++ if (!trans) goto notrans; ++ ++ /* Non-plural-processing gettext forms pass a null pointer as ++ * msgid2 to request that dcngettext suppress plural processing. */ ++ ++ if (msgid2 && p->nplurals) { + unsigned long plural = __pleval(p->plural_rule, n); + if (plural > p->nplurals) goto notrans; + while (plural--) { +-- +cgit v1.2.1 + diff --git a/system/musl/fix-file-locking-race.patch b/system/musl/fix-file-locking-race.patch new file mode 100644 index 000000000..2ef91390a --- /dev/null +++ b/system/musl/fix-file-locking-race.patch @@ -0,0 +1,54 @@ +From 0db393d3a77bb9f300a356c6a5484fc2dddb161d Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Tue, 18 Sep 2018 10:03:27 +0300 +Subject: fix race condition in file locking + +The condition occurs when +- thread #1 is holding the lock +- thread #2 is waiting for it on __futexwait +- thread #1 is about to release the lock and performs a_swap +- thread #3 enters the __lockfile function and manages to grab the lock + before thread #1 calls __wake, resetting the MAYBE_WAITERS flag +- thread #1 calls __wake +- thread #2 wakes up but goes again to __futexwait as the lock is + held by thread #3 +- thread #3 releases the lock but does not call __wake as the + MAYBE_WAITERS flag is not set + +This condition results in thread #2 not being woken up. This patch fixes +the problem by making the woken up thread ensure that the flag is +properly set before going to sleep again. + +Mainainer's note: This fixes a regression introduced in commit +c21f750727515602a9e84f2a190ee8a0a2aeb2a1. +--- + src/stdio/__lockfile.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/stdio/__lockfile.c b/src/stdio/__lockfile.c +index 2ff75d8a..0dcb2a42 100644 +--- a/src/stdio/__lockfile.c ++++ b/src/stdio/__lockfile.c +@@ -8,13 +8,13 @@ int __lockfile(FILE *f) + int owner = f->lock, tid = __pthread_self()->tid; + if ((owner & ~MAYBE_WAITERS) == tid) + return 0; +- for (;;) { +- owner = a_cas(&f->lock, 0, tid); +- if (!owner) return 1; +- if (a_cas(&f->lock, owner, owner|MAYBE_WAITERS)==owner) break; ++ owner = a_cas(&f->lock, 0, tid); ++ if (!owner) return 1; ++ while ((owner = a_cas(&f->lock, 0, tid|MAYBE_WAITERS))) { ++ if ((owner & MAYBE_WAITERS) || ++ a_cas(&f->lock, owner, owner|MAYBE_WAITERS)==owner) ++ __futexwait(&f->lock, owner|MAYBE_WAITERS, 1); + } +- while ((owner = a_cas(&f->lock, 0, tid|MAYBE_WAITERS))) +- __futexwait(&f->lock, owner, 1); + return 1; + } + +-- +cgit v1.2.1 + diff --git a/system/musl/getaddrinfo-regression.patch b/system/musl/getaddrinfo-regression.patch new file mode 100644 index 000000000..28d4558b8 --- /dev/null +++ b/system/musl/getaddrinfo-regression.patch @@ -0,0 +1,51 @@ +From f381c118b2d4f7d914481d3cdc830ce41369b002 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Wed, 19 Sep 2018 18:03:22 -0400 +Subject: fix getaddrinfo regression with AI_ADDRCONFIG on some configurations + +despite not being documented to do so in the standard or Linux +documentation, attempts to udp connect to 127.0.0.1 or ::1 generate +EADDRNOTAVAIL when the loopback device is not configured and there is +no default route for IPv6. this caused getaddrinfo with AI_ADDRCONFIG +to fail with EAI_SYSTEM and EADDRNOTAVAIL on some no-IPv6 +configurations, rather than the intended behavior of detecting IPv6 as +unsuppported and producing IPv4-only results. + +previously, only EAFNOSUPPORT was treated as unavailability of the +address family being probed. instead, treat all errors related to +inability to get an address or route as conclusive that the family +being probed is unsupported, and only fail with EAI_SYSTEM on other +errors. + +further improvements may be desirable, such as reporting EAI_AGAIN +instead of EAI_SYSTEM for errors which are expected to be transient, +but this patch should suffice to fix the serious regression. +--- + src/network/getaddrinfo.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/network/getaddrinfo.c b/src/network/getaddrinfo.c +index ba26847a..e33bfa28 100644 +--- a/src/network/getaddrinfo.c ++++ b/src/network/getaddrinfo.c +@@ -76,7 +76,16 @@ int getaddrinfo(const char *restrict host, const char *restrict serv, const stru + close(s); + if (!r) continue; + } +- if (errno != EAFNOSUPPORT) return EAI_SYSTEM; ++ switch (errno) { ++ case EADDRNOTAVAIL: ++ case EAFNOSUPPORT: ++ case EHOSTUNREACH: ++ case ENETDOWN: ++ case ENETUNREACH: ++ break; ++ default: ++ return EAI_SYSTEM; ++ } + if (family == tf[i]) return EAI_NONAME; + family = tf[1-i]; + } +-- +cgit v1.2.1 + -- cgit v1.2.3-60-g2f50