It turns out the startup code in csu/elf-init.c has a perfect pair of
ROP gadgets (see Marco-Gisbert and Ripoll-Ripoll, "return-to-csu: A
New Method to Bypass 64-bit Linux ASLR"). These functions are not
needed in dynamically-linked binaries because DT_INIT/DT_INIT_ARRAY
are already processed by the dynamic linker. However, the dynamic
linker skipped the main program for some reason. For maximum
backwards compatibility, this is not changed, and instead, the main
map is consulted from __libc_start_main if the init function argument
is a NULL pointer.
For statically linked binaries, the old approach based on linker
symbols is still used because there is nothing else available.
A new symbol version __libc_start_main@@GLIBC_2.34 is introduced because
new binaries running on an old libc would not run their ELF
constructors, leading to difficult-to-debug issues.
It adds the missing new symbols from 8ed005daf0 and 589260cef8 (which
added versioned symbols for {f,l}stat{at}{64} and mknod{a}t) on some
libc.abilist ABIs.
This patch adds the ABI-related bits to reflect the new mallinfo2
function, and adds a test case to verify basic functionality.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The kernel ABI is not finalized, and there are now various proposals
to change the size of struct rseq, which would make the glibc ABI
dependent on the version of the kernels used for building glibc.
This is of course not acceptable.
This reverts commit 48699da1c4 ("elf:
Support at least 32-byte alignment in static dlopen"), commit
8f4632deb3 ("Linux: rseq registration
tests"), commit 6e29cb3f61 ("Linux: Use
rseq in sched_getcpu if available"), and commit
0c76fc3c2b ("Linux: Perform rseq
registration at C startup and thread creation"), resolving the conflicts
introduced by the ARC port and the TLS static surplus changes.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The strerrorname_np returns error number name (e.g. "EINVAL" for EINVAL)
while strerrordesc_np returns string describing error number (e.g
"Invalid argument" for EINVAL). Different than strerror,
strerrordesc_np does not attempt to translate the return description,
both functions return NULL for an invalid error number.
They should be used instead of sys_errlist and sys_nerr, both are
thread and async-signal safe. These functions are GNU extensions.
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for
SIGHUP) while sigdescr_np returns the string describing the error
number (e.g "Hangup" for SIGHUP). Different than strsignal,
sigdescr_np does not attempt to translate the return description and
both functions return NULL for an invalid signal number.
They should be used instead of sys_siglist or sys_sigabbrev and they
are both thread and async-signal safe. They are added as GNU
extensions on string.h header (same as strsignal).
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The variable is placed in libc.so, and it can be true only in
an outer libc, not libcs loaded via dlmopen or static dlopen.
Since thread creation from inner namespaces does not work,
pthread_create can update __libc_single_threaded directly.
Using __libc_early_init and its initial flag, implementation of this
variable is very straightforward. A future version may reset the flag
during fork (but not in an inner namespace), or after joining all
threads except one.
Reviewed-by: DJ Delorie <dj@redhat.com>
Register rseq TLS for each thread (including main), and unregister for
each thread (excluding main). "rseq" stands for Restartable Sequences.
See the rseq(2) man page proposed here:
https://lkml.org/lkml/2018/9/19/647
Those are based on glibc master branch commit 3ee1e0ec5c.
The rseq system call was merged into Linux 4.18.
The TLS_STATIC_SURPLUS define is increased to leave additional room for
dlopen'd initial-exec TLS, which keeps elf/tst-auditmany working.
The increase (76 bytes) is larger than 32 bytes because it has not been
increased in quite a while. The cost in terms of additional TLS storage
is quite significant, but it will also obscure some initial-exec-related
dlopen failures.
This is part of the libpthread removal project:
<https://sourceware.org/ml/libc-alpha/2019-10/msg00080.html>
Use __getline instead of __getdelim to avoid a localplt failure.
Likewise for __getrlimit/getrlimit.
The abilist updates were performed by:
git ls-files 'sysdeps/unix/sysv/linux/**/libc.abilist' \
| while read x ; do
echo "GLIBC_2.32 pthread_getattr_np F" >> $x
done
python3 scripts/move-symbol-to-libc.py --only-linux pthread_getattr_np
The private export of __pthread_getaffinity_np is no longer needed, but
the hidden alias still necessary so that the symbol can be exported with
versioned_symbol.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
This is part of the libpthread removal project:
<https://sourceware.org/ml/libc-alpha/2019-10/msg00080.html>
The abilist updates were performed by:
git ls-files 'sysdeps/unix/sysv/linux/**/libc.abilist' \
| while read x ; do
echo "GLIBC_2.32 pthread_getaffinity_np F" >> $x
done
python3 scripts/move-symbol-to-libc.py pthread_getaffinity_np
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
This is part of the libpthread removal project:
<https://sourceware.org/ml/libc-alpha/2019-10/msg00080.html>
The symbol did not previously exist in libc, so a new GLIBC_2.32
symbol is needed, to get correct dependency for binaries which
use the symbol but no longer link against libpthread.
The abilist updates were performed by:
git ls-files 'sysdeps/unix/sysv/linux/**/libc.abilist' \
| while read x ; do
echo "GLIBC_2.32 pthread_attr_setaffinity_np F" >> $x
done
python3 scripts/move-symbol-to-libc.py pthread_attr_setaffinity_np
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
This is part of the libpthread removal project:
<https://sourceware.org/ml/libc-alpha/2019-10/msg00080.html>
A new symbol version is added on libc to force loading failure
instead of lazy binding one for newly binaries with old loaders.
Checked with a build against all affected ABIs.
This patch sets the mode field in ipc_perm as mode_t for all architectures,
as POSIX specification [1]. The changes required are as follow:
1. It moves the ipc_perm definition out of ipc.h to its own header
ipc_perm.h. It also allows consolidate the IPC_* definition on
only one header.
2. The generic implementation follow the kernel ipc64_perm size so the
syscall can be made directly without temporary buffer copy. However,
since glibc defines the MODE field as mode_t, it omits the __PAD1 field
(since glibc does not export mode_t as 16-bit for any architecture).
It is a two-fold improvement:
2.1. New implementation which follow Linux UAPI will not need to
provide an arch-specific ipc-perm.h header neither wrongly
use the wrong 16-bit definition from previous default ipc.h
(as csky did).
2.1. It allows consolidate ipc_perm definition for architectures that
already provide mode_t as 32-bit.
3. All kernel ABIs for the supported architectures already provides the
expected padding for mode type extension to 32-bit. However, some
architectures the padding has the wrong placement, so it requires
the ipc control routines (msgctl, semctl, and shmctl) to adjust the
mode field accordingly. Currently they are armeb, microblaze, m68k,
s390, and sheb.
A new assume is added, __ASSUME_SYSVIPC_BROKEN_MODE_T, which the
required ABIs define.
4. For the ABIs that define __ASSUME_SYSVIPC_BROKEN_MODE_T, it also
require compat symbols that do not adjust the mode field.
Checked on arm-linux-gnueabihf, aarch64-linux-gnu, powerpc64le-linux-gnu,
and x86_64-linux-gnu. I also checked the sysvipc tests on hppa-linux-gnu,
sh4-linux-gnu, s390x-linux-gnu, and s390-linux-gnu.
I also did a sanity test against armeb qemu usermode for the sysvipc
tests.
[BZ #18231]
* sysdeps/unix/sysv/linux/Makefile (sysdep_headers): Add
bits/ipc-perm.h.
* sysdeps/unix/sysv/linux/aarch64/bits/ipc.h: Remove file.
* sysdeps/unix/sysv/linux/alpha/bits/ipc.h: Likewise.
* sysdeps/unix/sysv/linux/hppa/bits/ipc.h: Likewise.
* sysdeps/unix/sysv/linux/ia64/bits/ipc.h: Likewise.
* sysdeps/unix/sysv/linux/mips/bits/ipc.h: Likewise.
* sysdeps/unix/sysv/linux/powerpc/bits/ipc.h: Likewise.
* sysdeps/unix/sysv/linux/s390/bits/ipc.h: Likewise.
* sysdeps/unix/sysv/linux/sparc/bits/ipc.h: Likewise.
* sysdeps/unix/sysv/linux/arm/kernel-features.h
[__BYTE_ORDER == __BIG_ENDIAN] (__ASSUME_SYSVIPC_BROKEN_MODE_T):
Define.
* sysdeps/sysv/linux/microblaze/kernel-features.h: Likewise.
* sysdeps/unix/sysv/linux/s390/kernel-features.h
[!__s390x__] (__ASSUME_SYSVIPC_BROKEN_MODE_T): Define.
* sysdeps/unix/sysv/linux/sh/kernel-features.h
(__ASSUME_SYSVIPC_BROKEN_MODE_T): Define.
* sysdeps/unix/sysv/linux/m68k/kernel-features.h: Likewise.
* sysdeps/unix/sysv/linux/bits/ipc-perm.h: New file.
* sysdeps/unix/sysv/linux/powerpc/bits/ipc-perm.h: Likewise.
* sysdeps/unix/sysv/linux/sparc/bits/ipc-perm.h: Likewise.
* sysdeps/unix/sysv/linux/bits/ipc.h (ipc_perm): Move to
bits/ipc-perm.h.
* sysdeps/unix/sysv/linux/hppa/bits/ipc-perm.h: New file.
* sysdeps/unix/sysv/linux/kernel-features.h: Add comment about
__ASSUME_SYSVIPC_BROKEN_MODE_T semantic.
* sysdeps/unix/sysv/linux/msgctl.c (DEFAULT_VERSION): Define as
2.31 if __ASSUME_SYSVIPC_BROKEN_MODE_T is defined.
(msgctl_syscall, __msgctl_mode16): New symbol.
(__new_msgctl): Add bits for __ASSUME_SYSVIPC_BROKEN_MODE_T.
* sysdeps/unix/sysv/linux/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/shmctl.c: Likewise.
* sysdeps/unix/sysv/linux/arm/be/libc.abilist (GLIBC_2.31): Add
msgctl, semctl, and shmctl.
* sysdeps/sysv/linux/microblaze/be/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist: Likewise.
* sysdeps/unix/sysv/linux/sh/be/libc.abilist: Likewise.
* conform/data/sys/ipc.h-data: Only xfail {struct ipc_perm} mode_t
mode for Hurd.
* sysdeps/unix/sysv/linux/m68k/Versions (libc) [GLIBC_2.31]: Add
msgctl, semctl, and shmctl.
* sysdeps/unix/sysv/linux/arm/be/Versions: New file.
* sysdeps/unix/sysv/linux/microblaze/be/Versions: Likewise.
* sysdeps/unix/sysv/linux/sh/be/Versions: Likewise.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_ipc.h.html
In glibc 2.17, the functions clock_getcpuclockid, clock_getres,
clock_gettime, clock_nanosleep, and clock_settime were moved from
librt.so to libc.so, leaving compatibility stubs behind. Now that the
dynamic linker no longer insists on finding versioned symbols in the
same library that originally defined them, we do not need the stubs
anymore, and this means we don't need GLIBC_PRIVATE __-prefix aliases
for most of the functions anymore either. (clock_gettime still needs
one.) For ports added before 2.17, libc.so needs to provide two
symbol versions for each, the default at GLIBC_2.17 plus a compat
version matching what librt had.
While I'm at it, move the clock_*.c files and their tests from rt/ to
time/.
The fix for BZ#18231 requires new symbols only for armeb. This patch
adds the required folder and files for both BE and LE abilist. No
semantic changes are expected.
Checked with check-abi for arm-linux-gnueabihf and armeb-linux-gnueabihf.
* sysdeps/arm/preconfigure.ac: Set machine based on endianness.
* sysdeps/arm/preconfigure: Regenerate.
* sysdeps/arm/be/Implies: New file.
* sysdeps/arm/be/armv6/Implies: Likewise.
* sysdeps/arm/be/armv6t2/Implies: Likewise.
* sysdeps/arm/be/armv7/Implies: Likewise.
* sysdeps/arm/le/Implies: Likewise.
* sysdeps/unix/sysv/linux/arm/be/Implies: Likewise.
* sysdeps/unix/sysv/linux/arm/le/Implies: Likewise.
* sysdeps/unix/sysv/linux/arm/*.abilist: Move to
sysdeps/unix/sysv/linux/arm/le/*.abilist.
* sysdeps/unix/sysv/linux/arm/be/l*.abilist: New files.