1
0
mirror of https://sourceware.org/git/glibc.git synced 2025-10-26 00:57:39 +03:00
Commit Graph

35 Commits

Author SHA1 Message Date
H.J. Lu
d8ea0d0168 Add an internal wrapper for clone, clone2 and clone3
The clone3 system call (since Linux 5.3) provides a superset of the
functionality of clone and clone2.  It also provides a number of API
improvements, including the ability to specify the size of the child's
stack area which can be used by kernel to compute the shadow stack size
when allocating the shadow stack.  Add:

extern int __clone_internal (struct clone_args *__cl_args,
			     int (*__func) (void *__arg), void *__arg);

to provide an abstract interface for clone, clone2 and clone3.

1. Simplify stack management for thread creation by passing both stack
base and size to create_thread.
2. Consolidate clone vs clone2 differences into a single file.
3. Call __clone3 if HAVE_CLONE3_WAPPER is defined.  If __clone3 returns
-1 with ENOSYS, fall back to clone or clone2.
4. Use only __clone_internal to clone a thread.  Since the stack size
argument for create_thread is now unconditional, always pass stack size
to create_thread.
5. Enable the public clone3 wrapper in the future after it has been
added to all targets.

NB: Sandbox will return ENOSYS on clone3 in both Chromium:

The following revision refers to this bug:
  218438259d

commit 218438259dd795456f0a48f67cbe5b4e520db88b
Author: Matthew Denton <mpdenton@chromium.org>
Date: Thu Jun 03 20:06:13 2021

Linux sandbox: return ENOSYS for clone3

Because clone3 uses a pointer argument rather than a flags argument, we
cannot examine the contents with seccomp, which is essential to
preventing sandboxed processes from starting other processes. So, we
won't be able to support clone3 in Chromium. This CL modifies the
BPF policy to return ENOSYS for clone3 so glibc always uses the fallback
to clone.

Bug: 1213452
Change-Id: I7c7c585a319e0264eac5b1ebee1a45be2d782303
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2936184
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#888980}

[modify] https://crrev.com/218438259dd795456f0a48f67cbe5b4e520db88b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

and Firefox:

https://hg.mozilla.org/integration/autoland/rev/ecb4011a0c76

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-07-14 06:33:58 -07:00
Adhemerval Zanella
882d6e17bc posix: Add posix_spawn_file_actions_addclosefrom_np
This patch adds a way to close a range of file descriptors on
posix_spawn as a new file action.  The API is similar to the one
provided by Solaris 11 [1], where the file action causes the all open
file descriptors greater than or equal to input on to be closed when
the new process is spawned.

The function posix_spawn_file_actions_addclosefrom_np is safe to be
implemented by iterating over /proc/self/fd, since the Linux spawni.c
helper process does not use CLONE_FILES, so its has own file descriptor
table and any failure (in /proc operation) aborts the process creation
and returns an error to the caller.

I am aware that this file action might be redundant to the current
approach of POSIX in promoting O_CLOEXEC in more interfaces. However
O_CLOEXEC is still not the default and for some specific usages, the
caller needs to close all possible file descriptors to avoid them
leaking.  Some examples are CPython (discussed in BZ#10353) and OpenJDK
jspawnhelper [2] (where OpenJDK spawns a helper process to exactly
closes all file descriptors).  Most likely any environment which calls
functions that might open file descriptor under the hood and aim to use
posix_spawn might face the same requirement.

Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.

[1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html
[2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-07-08 14:08:15 -03:00
Florian Weimer
3c79234c7a nptl: Move pthreadP.h into sysdeps directory
This mirrors the situation on Hurd.  These directories are on
the include search part, so #include <pthreadP.h> works after this
change on both Hurd and nptl.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-22 09:51:10 +02:00
Florian Weimer
93d78ec1cb nptl: Move pthread_setcancelstate into libc
No new symbol version is required because there was a forwarder.

The symbol has been moved using scripts/move-symbol-to-libc.py.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:50 +02:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Joseph Myers
c4f50205e1 Add some spaces before '('.
This patch fixes various places where a space should have been present
before '(' in accordance with the GNU Coding Standards.  Most but not
all of the fixes in this patch are for calls to sizeof (but it's not
exhaustive regarding such calls that should be fixed).

Tested for x86_64, and with build-many-glibcs.py.

	* benchtests/bench-strcpy.c (do_test): Use space before '('.
	* benchtests/bench-string.h (cmdline_process_function): Likewise.
	* benchtests/bench-strlen.c (do_test): Likewise.
	(test_main): Likewise.
	* catgets/gencat.c (read_old): Likewise.
	* elf/cache.c (load_aux_cache): Likewise.
	* iconvdata/bug-iconv8.c (do_test): Likewise.
	* math/test-tgmath-ret.c (do_test): Likewise.
	* nis/nis_call.c (rec_dirsearch): Likewise.
	* nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise.
	* nptl/tst-audit-threads.c (do_test): Likewise.
	* nptl/tst-cancel4-common.h (set_socket_buffer): Likewise.
	* nss/nss_test1.c (init): Likewise.
	* nss/test-netdb.c (test_hosts): Likewise.
	* posix/execvpe.c (maybe_script_execute): Likewise.
	* stdio-common/tst-fmemopen4.c (do_test): Likewise.
	* stdio-common/tst-printf.c (do_test): Likewise.
	* stdio-common/vfscanf-internal.c (__vfscanf_internal): Likewise.
	* stdlib/fmtmsg.c (NKEYWORDS): Likewise.
	* stdlib/qsort.c (STACK_SIZE): Likewise.
	* stdlib/test-canon.c (do_test): Likewise.
	* stdlib/tst-swapcontext1.c (do_test): Likewise.
	* string/memcmp.c (OPSIZ): Likewise.
	* string/test-strcpy.c (do_test): Likewise.
	(do_random_tests): Likewise.
	* string/test-strlen.c (do_test): Likewise.
	(test_main): Likewise.
	* string/test-strrchr.c (do_test): Likewise.
	(do_random_tests): Likewise.
	* string/tester.c (test_memrchr): Likewise.
	(test_memchr): Likewise.
	* sysdeps/generic/memcopy.h (OPSIZ): Likewise.
	* sysdeps/generic/unwind-dw2.c (execute_stack_op): Likewise.
	* sysdeps/generic/unwind-pe.h (read_sleb128): Likewise.
	(read_encoded_value_with_base): Likewise.
	* sysdeps/hppa/dl-machine.h (elf_machine_runtime_setup): Likewise.
	* sysdeps/hppa/fpu/feupdateenv.c (__feupdateenv): Likewise.
	* sysdeps/ia64/fpu/sfp-machine.h (TI_BITS): Likewise.
	* sysdeps/mach/hurd/spawni.c (__spawni): Likewise.
	* sysdeps/posix/spawni.c (maybe_script_execute): Likewise.
	* sysdeps/powerpc/fpu/tst-setcontext-fpscr.c (query_auxv):
	Likewise.
	* sysdeps/unix/sysv/linux/aarch64/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/arm/bits/procfs.h (ELF_NGREG): Likewise.
	* sysdeps/unix/sysv/linux/arm/ioperm.c (init_iosys): Likewise.
	* sysdeps/unix/sysv/linux/csky/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/m68k/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/nios2/bits/procfs.h (ELF_NGREG):
	Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (maybe_script_execute):
	Likewise.
	* sysdeps/unix/sysv/linux/x86/bits/procfs.h (ELF_NGREG): Likewise.
	* sysdeps/unix/sysv/linux/x86/bits/sigcontext.h
	(FP_XSTATE_MAGIC2_SIZE): Likewise.
	* sysdeps/x86/fpu/sfp-machine.h (TI_BITS): Likewise.
	* time/test_time.c (main): Likewise.
2019-02-27 13:55:45 +00:00
Adhemerval Zanella
805334b26c posix: Clear close-on-exec for posix_spawn adddup2 (BZ#23640)
Austin Group issue #411 [1] proposes that posix_spawn file action
posix_spawn_file_actions_adddup2 resets the close-on-exec when
source and destination refer to same file descriptor.

It solves the issue on multi-thread applications which uses
close-on-exec as default, and want to hand-chose specifically
file descriptor to purposefully inherited into a child process.
Current approach to achieve this scenario is to use two adddup2 file
actions and a temporary file description which do not conflict with
any other, coupled with a close file action to avoid leaking the
temporary file descriptor.  This approach, besides being complex,
may fail with EMFILE/ENFILE file descriptor exaustion.

This can be more easily accomplished with an in-place removal of
FD_CLOEXEC.  Although the resulting adddup2 semantic is slight
different than dup2 (equal file descriptors should be handled as
no-op), the proposed possible solution are either more complex
(fcntl action which a limited set of operations) or results in
unrequired operations (dup3 which also returns EINVAL for same
file descriptor).

Checked on aarch64-linux-gnu.

	[BZ #23640]
	* posix/tst-spawn.c (do_prepare, handle_restart, do_test): Add
	posix_spawn_file_actions_adddup2 test to check O_CLOCEXEC reset.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Add
	close-on-exec reset for adddup2 file action.
	* sysdeps/posix/spawni.c (__spawni_child): Likewise.

[1] http://austingroupbugs.net/view.php?id=411
2019-01-03 14:38:01 -02:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Florian Weimer
3a3fb75572 posix: New function posix_spawn_file_actions_addfchdir_np [BZ #17405]
Along with posix_spawn_file_actions_addchdir,
posix_spawn_file_actions_addfchdir is the subject of a change proposal
for POSIX: <http://austingroupbugs.net/view.php?id=1208>
2018-12-07 16:04:05 +01:00
Adhemerval Zanella
5fb7fc9635 posix: Use posix_spawn on system
This patch uses posix_spawn on system implementation.  On Linux this has
the advantage of much lower memory consumption (usually 32 Kb minimum for
the mmap stack area).

Although POSIX does not require, glibc system implementation aims to be
thread and cancellation safe.  The cancellation code is moved to generic
implementation and enabled iff SIGCANCEL is defined (similar on how the
cancellation handler is enabled on nptl-init.c).

Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
arm-linux-gnueabihf, and powerpc64le-linux-gnu.

	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Use
	__sigismember instead of sigismember.
	* sysdeps/posix/system.c [SIGCANCEL] (cancel_handler_args,
	cancel_handler): New definitions.
	(CLEANUP_HANDLER, CLEANUP_RESET): Likewise.
	(DO_LOCK, DO_UNLOCK, INIT_LOCK, ADD_REF, SUB_REF): Remove.
	(do_system): Use posix_spawn instead of fork and execl and remove
	reentracy code.
	* sysdeps/generic/not-errno.h (__kill_noerrno): New prototype.
	* sysdeps/unix/sysv/linux/not-errno.h (__kill_noerrno): Likewise.
	* sysdeps/unix/sysv/linux/ia64/system.c: Remove file.
	* sysdeps/unix/sysv/linux/s390/system.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/system.c: Likewise.
	* sysdeps/unix/sysv/linux/system.c: Likewise.
2018-11-30 18:42:05 -02:00
Florian Weimer
4a938cb273 posix: New function posix_spawn_file_actions_addchdir_np [BZ #17405] 2018-11-06 16:08:12 +01:00
Stefan Liebler
28669f86f6 Fix segfault in maybe_script_execute.
If glibc is built with gcc 8 and -march=z900,
the testcase posix/tst-spawn4-compat crashes with a segfault.

In function maybe_script_execute, the new_argv array is dynamically
initialized on stack with (argc + 1) elements.
The function wants to add _PATH_BSHELL as the first argument
and writes out of bounds of new_argv.
There is an off-by-one because maybe_script_execute fails to count
the terminating NULL when sizing new_argv.

ChangeLog:

	* sysdeps/unix/sysv/linux/spawni.c (maybe_script_execute):
	Increment size of new_argv by one.
2018-09-06 14:27:03 +02:00
Adhemerval Zanella
283d985122 posix: Fix posix_spawnp to not execute invalid binaries in non compat mode (BZ#23264)
Current posix_spawnp implementation wrongly tries to execute invalid
binaries (for instance script without shebang) as a shell script in
non compat mode.  It was a regression introduced by
9ff72da471 when __spawni started to use
__execvpe instead of __execve (glibc __execvpe try to execute ENOEXEC
as shell script regardless).

This patch fixes it by using an internal symbol (__execvpex) with the
faulty semantic (since compat mode is handled by spawni.c itself).

It was reported by Daniel Drake on libc-help [1].

Checked on x86_64-linux-gnu and i686-linux-gnu.

	[BZ #23264]
	* include/unistd.h (__execvpex): New prototype.
	* posix/Makefile (tests): Add tst-spawn4.
	(tests-internal): Add tst-spawn4-compat.
	* posix/execvpe.c (__execvpe_common, __execvpex): New functions.
	* posix/tst-spawn4-compat.c: New file.
	* posix/tst-spawn4.c: Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni): Do not interpret invalid
	binaries as shell scripts.
	* sysdeps/posix/spawni.c (__spawni): Likewise.

[1] https://sourceware.org/ml/libc-help/2018-06/msg00012.html
2018-06-08 17:27:46 -03:00
Adhemerval Zanella
92aabad9b2 Rename nptl-signals.h to internal-signals.h
This patch renames the nptl-signals.h header to internal-signals.h.
On Linux the definitions and functions are not only NPTL related, but
used for other POSIX definitions as well (for instance SIGTIMER for
posix times, SIGSETXID for id functions, and signal block/restore
helpers) and since generic functions will be places and used in generic
implementation it makes more sense to decouple it from NPTL.

Checked on x86_64-linux-gnu.

	* sysdeps/nptl/nptl-signals.h: Move to ...
	* sysdeps/generic/internal-signals.h: ... here.  Adjust internal
	comments.
	* sysdeps/unix/sysv/linux/internal-signals.h: Add include guards.
	(__nptl_is_internal_signal): Rename to __is_internal_signal.
	(__nptl_clear_internal_signals): Rename to __clear_internal_signals.
	* sysdeps/unix/sysv/linux/raise.c: Adjust nptl-signal.h to
	include-signals.h rename.
	* nptl/pthreadP.h: Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Call
	__is_internal_signal instead of __nptl_is_internal_signal.
2018-02-22 16:43:59 -03:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Adhemerval Zanella
aa95a2414e posix: Do not use WNOHANG in waitpid call for Linux posix_spawn
As shown in some buildbot issues on aarch64 and powerpc, calling
clone (VFORK) and waitpid (WNOHANG) does not guarantee the child
is ready to be collected.  This patch changes the call back to 0
as before fe05e1cb6d fix.

This change can lead to the scenario 4.3 described in the commit,
where the waitpid call can hang undefinitely on the call.  However
this is also a very unlikely and also undefinied situation where
both the caller is trying to terminate a pid before posix_spawn
returns and the race pid reuse is triggered.  I don't see how to
correct handle this specific situation within posix_spawn.

Checked on x86_64-linux-gnu, aarch64-linux-gnu and
powerpc64-linux-gnu.

	* sysdeps/unix/sysv/linux/spawni.c (__spawnix): Use 0 instead of
	WNOHANG in waitpid call.
2017-10-23 13:31:26 -02:00
Adhemerval Zanella
fe05e1cb6d posix: Fix improper assert in Linux posix_spawn (BZ#22273)
As noted by Florian Weimer, current Linux posix_spawn implementation
can trigger an assert if the auxiliary process is terminated before
actually setting the err member:

    340   /* Child must set args.err to something non-negative - we rely on
    341      the parent and child sharing VM.  */
    342   args.err = -1;
    [...]
    362   new_pid = CLONE (__spawni_child, STACK (stack, stack_size), stack_size,
    363                    CLONE_VM | CLONE_VFORK | SIGCHLD, &args);
    364
    365   if (new_pid > 0)
    366     {
    367       ec = args.err;
    368       assert (ec >= 0);

Another possible issue is killing the child between setting the err and
actually calling execve.  In this case the process will not ran, but
posix_spawn also will not report any error:

    269
    270   args->err = 0;
    271   args->exec (args->file, args->argv, args->envp);

As suggested by Andreas Schwab, this patch removes the faulty assert
and also handles any signal that happens before fork and execve as the
spawn was successful (and thus relaying the handling to the caller to
figure this out).  Different than Florian, I can not see why using
atomics to set err would help here, essentially the code runs
sequentially (due CLONE_VFORK) and I think it would not be legal the
compiler evaluate ec without checking for new_pid result (thus there
is no need to compiler barrier).

Summarizing the possible scenarios on posix_spawn execution, we
have:

  1. For default case with a success execution, args.err will be 0, pid
     will not be collected and it will be reported to caller.

  2. For default failure case, args.err will be positive and the it will
     be collected by the waitpid.  An error will be reported to the
     caller.

  3. For the unlikely case where the process was terminated and not
     collected by a caller signal handler, it will be reported as succeful
     execution and not be collected by posix_spawn (since args.err will
     be 0). The caller will need to actually handle this case.

  4. For the unlikely case where the process was terminated and collected
     by caller we have 3 other possible scenarios:

     4.1. The auxiliary process was terminated with args.err equal to 0:
	  it will handled as 1. (so it does not matter if we hit the pid
          reuse race since we won't possible collect an unexpected
          process).

     4.2. The auxiliary process was terminated after execve (due a failure
          in calling it) and before setting args.err to -1: it will also
          be handle as 1. but with the issue of not be able to report the
          caller a possible execve failures.

     4.3. The auxiliary process was terminated after args.err is set to -1:
          this is the case where it will be possible to hit the pid reuse
          case where we will need to collected the auxiliary pid but we
          can not be sure if it will be expected one.  I think for this
          case we need to actually change waitpid to use WNOHANG to avoid
          hanging indefinitely on the call and report an error to caller
          since we can't differentiate between a default failure as 2.
          and a possible pid reuse race issue.

Checked on x86_64-linux-gnu.

	* sysdeps/unix/sysv/linux/spawni.c (__spawnix): Handle the case where
	the auxiliary process is terminated by a signal before calling _exit
	or execve.
2017-10-20 16:25:59 -02:00
Adhemerval Zanella
c181840c93 Consolidate non cancellable close call
This patch consolidates all the non cancellable close calls to use
the __close_nocancel{_nostatus} identifier.  For non cancellable targets
it will be just a macro to call the default respective symbol while on Linux
will be a internal one.

Also, since it is used on libcrypto it is also exported in GLIBC_PRIVATE
namespace.

Checked on x86_64-linux-gnu, x86_64-linux-gnu-x32, and i686-linux-gnu.

	* sysdeps/generic/not-cancel.h (close_not_cancel): Remove macro.
	(close_not_cancel_no_status): Likewise.
	(__close_nocancel): New macro.
	(__close_nocancel_no_status): Likewise.
	* sysdeps/unix/sysv/linux/not-cancel.h (__close_nocancel): Remove
	macro.
	(close_not_cancel): Likewise.
	(close_not_cancel_no_status): Likewise.
	(__close_nocancel): New prototype.
	(__close_nocancel_no_status): New function.
	* sysdeps/unix/sysv/linux/close.c (__close_nocancel): New function.
	* catgets/open_catalog.c (__open_catalog): Replace
	close_not_cancel{_no_status) with __close_nocancel{_nostatus}.
	* gmon/gmon.c (write_gmon): Likewise.
	* iconv/gconv_cache.c (__gconv_load_cache): Likewise.
	* intl/loadmsgcat.c (close): Likewise.
	* io/ftw.c (open_dir_stream): Likewise.
	(ftw_startup): Likewise.
	* libio/fileops.c (_IO_file_open): Likewise.
	(_IO_file_close_mmap): Likewise.
	(_IO_file_close): Likewise.
	* libio/iopopen.c (_IO_dup2): Likewise.
	* locale/loadarchive.c (_nl_load_locale_from_archive): Likewise.
	* locale/loadlocale.c (_nl_load_locale): Likewise.
	* login/utmp_file.c (pututline_file): Likewise.
	(endutent_file): Likewise.
	* misc/daemon.c (daemon): Likewise.
	* nscd/nscd_getai.c (__nscd_getai): Likewise.
	* nscd/nscd_getgr_r.c (nscd_getgr_r): Likewise.
	* nscd/nscd_gethst_r.c (nscd_gethst_r): Likewise.
	* nscd/nscd_getpw_r.c (nscd_getpw_r): Likewise.
	* nscd/nscd_getserv_r.c (nscd_getserv_r): Likewise.
	* nscd/nscd_helper.c (open_socket): Likewise.
	(__nscd_open_socket): Likewise.
	* nscd/nscd_initgroups.c (__nscd_getgrouplist): Likewise.
	* nscd/nscd_netgroup.c (__nscd_setnetgrent): Likewise.
	(__nscd_innetgr): Likewise.
	* nss/nss_db/db-open.c (internal_setent): Likewise.
	* resolv/res-close.c (__res_iclose): Likewise.
	* sunrpc/pm_getmaps.c (pmap_getmaps): Likewise.
	* sysdeps/posix/closedir.c (__closedir): Likewise.
	* sysdeps/posix/getaddrinfo.c (getaddrinfo): Likewise.
	* sysdeps/posix/getcwd.c (__getcwd): Likewise.
	* sysdeps/posix/opendir.c (tryopen_o_directory): Likewise.
	(opendir_tail): Likewise.
	* sysdeps/posix/spawni.c (__spawni_child): Likewise.
	* sysdeps/unix/sysv/linux/check_native.c (__check_native): Likewise.
	* sysdeps/unix/sysv/linux/check_pf.c (__check_pf): Likewise.
	* sysdeps/unix/sysv/linux/fips-private.h (fips_enabled_p): Likewise.
	* sysdeps/unix/sysv/linux/gethostid.c (sethostid): Likewise.
	(gethostid): Likewise.
	* sysdeps/unix/sysv/linux/getloadavg.c (getloadavg): Likewise.
	* sysdeps/unix/sysv/linux/getlogin_r.c (__getlogin_r_loginuid):
	Likewise.
	* sysdeps/unix/sysv/linux/getsysstats.c (__get_nprocs): Likewise.
	* sysdeps/unix/sysv/linux/grantpt.c (close_all_fds): Likewise.
	* sysdeps/unix/sysv/linux/i386/smp.h (is_smp_system): Likewise.
	* sysdeps/unix/sysv/linux/ia64/has_cpuclock.c (has_cpuclock):
	Likewise.
	* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Likewise.
	* sysdeps/unix/sysv/linux/libc_fatal.c (backtrace_and_maps): Likewise.
	* sysdeps/unix/sysv/linux/malloc-sysdep.h (check_may_shrink_heap):
	Likewise.
	* sysdeps/unix/sysv/linux/mq_notify.c (init_mq_netlink): Likewise.
	* sysdeps/unix/sysv/linux/pthread_getname.c (pthread_getname_np):
	Likewise.
	* sysdeps/unix/sysv/linux/pthread_setname.c (pthread_setname_np):
	Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Likewise.
	* sysdeps/unix/sysv/linux/sysconf.c (__sysconf): Likewise.
2017-08-18 18:38:55 -03:00
Adhemerval Zanella
c22845744c Consolidate non cancellable open call
This patch consolidates all the non cancellable open calls to use
the __open_nocancel identifier.  For non cancellable targets it will
be just a macro to call the default respective symbol while on Linux
will be a internal one.

To be consistent with the following non cancellable openat call, a
new __open64_nocancel is also added (although not currently used).

Checked on x86_64-linux-gnu, x86_64-linux-gnu-x32, and i686-linux-gnu.

	* sysdeps/generic/not-cancel.h (open_not_cancel): Remove macro.
	(open_not_cancel_2): Likewise.
	(open_nocancel): New macro.
	(open64_nocancel): Likewise.
	* sysdeps/unix/sysv/linux/not-cancel.h (open_not_cancel): Remove macro.
	(open_not_cancel_2): Likewise.
	(__open_nocancel): New prototype.
	(__open64_nocancel): Likewise.
	* sysdeps/unix/sysv/linux/Versions (libc) [GLIBC_PRIVATE]: Add
	__open_nocancel.
	* sysdeps/unix/sysv/linux/open.c (__open_nocancel): New function.
	* sysdeps/unix/sysv/linux/open64.c (__open64_nocancel): Likewise.
	* catgets/open_catalog.c (__open_catalog): Replace open_not_cancel{_2}
	with __open_nocancel.
	* csu/check_fds.c (check_one_fd): Likewise.
	* gmon/gmon.c (write_gmon): Likewise.
	* iconv/gconv_cache.c (__gconv_load_cached): Likewise.
	* intl/loadmsgcat.c (open): Likewise.
	* libio/fileops.c (_IO_file_open): Likewise.
	* locale/loadarchive.c (_nl_load_locale_from_archive): Likewise.
	* locale/loadlocale.c (_nl_load_locale): Likewise.
	* login/utmp_file.c (setutent_file): Likewise.
	* misc/daemon.c (daemon): Likewise.
	* nss/nss_db/db-open.c (internal_setent): Likewise.
	* sysdeps/mach/hurd/opendir.c (__opendirat): Likewise.
	* sysdeps/posix/libc_fatal.c (__libc_message): Likewise.
	* sysdeps/posix/opendir.c (tryopen_o_directory): Likewise.
	(__opendir): Likewise.
	* sysdeps/posix/spawni.c (__spawni_child): Likewise.
	* sysdeps/unix/sysv/linux/fips-private.h (fips_enable_p): Likewise.
	* sysdeps/unix/sysv/linux/gethostid.c (sethostid): Likewise.
	(gethostid): Likewise.
	* sysdeps/unix/sysv/linux/getloadavg.c (getloadavg): Likewise.
	* sysdeps/unix/sysv/linux/getlogin_r.c (__getlogin_r_loginuid):
	Likewise.
	* sysdeps/unix/sysv/linux/getsysstats.c (__get_nprocs): Likewise.
	* sysdeps/unix/sysv/linux/grantpt.c (__close_all_fds): Likewise.
	* sysdeps/unix/sysv/linux/i386/smp.h (is_smp_system): Likewise.
	* sysdeps/unix/sysv/linux/ia64/has_cpuclock.c (has_cpuclock):
	Likewise.
	* sysdeps/unix/sysv/linux/libc_fatal.c (backtrace_and_maps):
	Likewise.
	* sysdeps/unix/sysv/linux/malloc-sysdep.h (check_may_shrink_heap):
	Likewise.
	* sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c (__get_clockfreq):
	Likewise.
	* sysdeps/unix/sysv/linux/pthread_getname.c (pthread_getname_np):
	Likewise.
	* sysdeps/unix/sysv/linux/pthread_setname.c (pthread_setname_np):
	Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Likewise.
	* sysdeps/unix/sysv/linux/sysconf.c (__sysconf): Likewise.
2017-08-17 16:50:35 -03:00
Adhemerval Zanella
249548e476 posix: Remove ununsed posix_spawn internal assignment
The internal 'ret' variable in '__spawni_child' function is not
used after assignment in most cases.

Checked on x86_64-linux-gnu.

	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Remove ununsed
	assignment.
2017-04-25 08:51:21 -03:00
Adhemerval Zanella
daeb1fa2e1 [BZ 21340] add support for POSIX_SPAWN_SETSID
This patch adds support for the POSIX_SPAWN_SETSID flag.

It was recently accepted by the Austin Group:
http://austingroupbugs.net/view.php?id=1044

Checked on x86_64

	Daurnimator  <quae@daurnimator.com>
	Adhemerval Zanella  <adhemerval.zanella@linaro.org>

	[BZ #21340]
	* posix/Makefile (tests): Add tst-posix_spawn-setsid to list of tests.
	* posix/spawn.h: define POSIX_SPAWN_SETSID flag.
	* posix/spawnattr_setflags.c (ALL_FLAGS): Add POSIX_SPAWN_SETSID to
	valid flags.
	* posix/tst-posix_spawn-setsid.c: Add test for POSIX_SPAWN_SETSID.
	* sysdeps/mach/hurd/spawni.c (__spawni): Implementation of
	POSIX_SPAWN_SETSID.
	* sysdeps/posix/spawni.c (__spawni): Likewise.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Likewise.
	* NEWS: Add note about POSIX_SPAWN_SETSID support.
2017-04-25 08:51:12 -03:00
Mike Frysinger
21f042c804 posix_spawn: use a larger min stack for -fstack-check [BZ #21253]
When glibc is built with -fstack-check, trying to use posix_spawn can
lead to segfaults due to gcc internally probing stack memory too far.
The new spawn API will allocate a minimum of 1 page, but the stack
checking logic might probe a couple of pages.  When it tries to walk
them, everything falls apart.

The gcc internal docs [1] state the default interval checking is one
page.  Which means we need two pages (the current one, and the next
probed).  No target currently defines it larger.

Further, it mentions that the default minimum stack size needed to
recover from an overflow is 4/8KiB for sjlj or 8/12KiB for others.
But some Linux targets (like mips and ppc) go up to 16KiB (and some
non-Linux targets go up to 24KiB).

Let's create each child with a minimum of 32KiB slack space to support
them all, and give us future breathing room.

No test is added as existing ones crash.  Even a simple call is
enough to trigger the problem:
	char *argv[] = { "/bin/ls", NULL };
	posix_spawn(NULL, "/bin/ls", NULL, NULL, argv, NULL);

[1] https://gcc.gnu.org/onlinedocs/gcc-6.3.0/gccint/Stack-Checking.html
2017-04-03 15:15:41 -04:00
Mike Frysinger
ddc3fb3334 posix_spawn: fix stack setup on ia64 [BZ #21275]
The ia64-specific clone2 call expects the base of the stack mapping and
the stack size as sep arguments, not an initial stack value as on other
stack-grows-down architectures.  Reuse the stack-grows-up macro so we
pass in the right stack base.

Reported-by: Matt Turner <mattst88@gentoo.org>
2017-03-20 10:42:34 -04:00
Zack Weinberg
9090848d06 Narrowing the visibility of libc-internal.h even further.
posix/wordexp-test.c used libc-internal.h for PTR_ALIGN_DOWN; similar
to what was done with libc-diag.h, I have split the definitions of
cast_to_integer, ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and PTR_ALIGN_DOWN
to a new header, libc-pointer-arith.h.

It then occurred to me that the remaining declarations in libc-internal.h
are mostly to do with early initialization, and probably most of the
files including it, even in the core code, don't need it anymore.  Indeed,
only 19 files actually need what remains of libc-internal.h.  23 others
need libc-diag.h instead, and 12 need libc-pointer-arith.h instead.
No file needs more than one of them, and 16 don't need any of them!

So, with this patch, libc-internal.h stops including libc-diag.h as
well as losing the pointer arithmetic macros, and all including files
are adjusted.

        * include/libc-pointer-arith.h: New file.  Define
	cast_to_integer, ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and
        PTR_ALIGN_DOWN here.
        * include/libc-internal.h: Definitions of above macros
	moved from here.  Don't include libc-diag.h anymore either.
	* posix/wordexp-test.c: Include stdint.h and libc-pointer-arith.h.
        Don't include libc-internal.h.

	* debug/pcprofile.c, elf/dl-tunables.c, elf/soinit.c, io/openat.c
	* io/openat64.c, misc/ptrace.c, nptl/pthread_clock_gettime.c
	* nptl/pthread_clock_settime.c, nptl/pthread_cond_common.c
	* string/strcoll_l.c, sysdeps/nacl/brk.c
	* sysdeps/unix/clock_settime.c
	* sysdeps/unix/sysv/linux/i386/get_clockfreq.c
	* sysdeps/unix/sysv/linux/ia64/get_clockfreq.c
	* sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c
	* sysdeps/unix/sysv/linux/sparc/sparc64/get_clockfreq.c:
	Don't include libc-internal.h.

	* elf/get-dynamic-info.h, iconv/loop.c
	* iconvdata/iso-2022-cn-ext.c, locale/weight.h, locale/weightwc.h
	* misc/reboot.c, nis/nis_table.c, nptl_db/thread_dbP.h
	* nscd/connections.c, resolv/res_send.c, soft-fp/fmadf4.c
	* soft-fp/fmasf4.c, soft-fp/fmatf4.c, stdio-common/vfscanf.c
	* sysdeps/ieee754/dbl-64/e_lgamma_r.c
	* sysdeps/ieee754/dbl-64/k_rem_pio2.c
	* sysdeps/ieee754/flt-32/e_lgammaf_r.c
	* sysdeps/ieee754/flt-32/k_rem_pio2f.c
	* sysdeps/ieee754/ldbl-128/k_tanl.c
	* sysdeps/ieee754/ldbl-128ibm/k_tanl.c
	* sysdeps/ieee754/ldbl-96/e_lgammal_r.c
	* sysdeps/ieee754/ldbl-96/k_tanl.c, sysdeps/nptl/futex-internal.h:
	Include libc-diag.h instead of libc-internal.h.

        * elf/dl-load.c, elf/dl-reloc.c, locale/programs/locarchive.c
        * nptl/nptl-init.c, string/strcspn.c, string/strspn.c
	* malloc/malloc.c, sysdeps/i386/nptl/tls.h
	* sysdeps/nacl/dl-map-segments.h, sysdeps/x86_64/atomic-machine.h
	* sysdeps/unix/sysv/linux/spawni.c
        * sysdeps/x86_64/nptl/tls.h:
        Include libc-pointer-arith.h instead of libc-internal.h.

	* elf/get-dynamic-info.h, sysdeps/nacl/dl-map-segments.h
	* sysdeps/x86_64/atomic-machine.h:
        Add multiple include guard.
2017-03-01 20:33:46 -05:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Adhemerval Zanella
e83be73091 posix: Fix open file action for posix_spawn on Linux
On posix_spawn open file action (issued by posix_spawn_file_actions_addopen)
POSIX states that if fildes was already an open file descriptor, it shall be
closed before the new file is openedi [1].  This avoid pontential issues when
posix_spawn plus addopen action is called with the process already at maximum
number of file descriptor opened and also for multiple actions on single-open
special paths (like /dev/watchdog).

This fixes its behavior on Linux posix_spawn implementation and also adds
a tests to check for its behavior.

Checked on x86_64.

	* posix/Makefile (tests): Add tst-spawn3.
	* posix/tst-spawn3.c: New file.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor
	if it is already opened for open action.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-28 14:07:35 -07:00
Rasmus Villemoes
4b4d4056bb linux: spawni.c: simplify error reporting to parent
Using CLONE_VFORK already ensures that the parent does not run until the
child has either exec'ed succesfully or called _exit. Hence we don't
need to read from a CLOEXEC pipe to ensure proper synchronization - we
just make explicit use of the fact the the child and parent run in the
same VM, so the child can write an error code to a field of the
posix_spawn_args struct instead of sending it through a pipe.

To ensure that this mechanism really works, the parent initializes the
field to -1 and the child writes 0 before execing.

This eliminates some annoying bookkeeping that is necessary to avoid
the file actions from clobbering the write end of the pipe, and
getting rid of the pipe creation in the first place means fewer system
calls (four in the parent, usually one in the child) and fewer
chanches for the spawn to fail (e.g. if we're close to EMFILE).

Checked on x86_64 and i686.

	* sysdeps/unix/sysv/linux/spawni.c (posix_spawn_args): Remove pipe
	field, add err field.
	(__spawni_child): Report error through err member instead of pipe.
	(__spawnix): Likewise.
2016-09-28 11:16:21 -07:00
Adhemerval Zanella
802c1c5a65 posix: Correctly block/unblock all signals on Linux posix_spawn
This patch correctly block and unblocks all signals when executing
Linux posix_spawn by using the __libc_signal_{un}block_all functions
instead of default sigprocmask.  The latter might remove both
SIGCANCEL and SIGSETXID from the blocked signal list.

Checked on x86_64, i686, powerpc64le, and aarch64.

	* sysdeps/unix/sysv/linux/spawni.c (__spawnix): Correctly block and unblock
	all signals when executing the clone vfork child.
	(SIGALL_SET): Remove macro.
2016-09-20 17:18:15 -03:00
Adhemerval Zanella
706e6749de posix: Correctly enable/disable cancellation on Linux posix_spawn
This patch correctly enable and disable asynchronous cancellation on
Linux posix_spawn.  Current code invert the logic by enabling and
disabling instead.  It also adds a new test to check if posix_spawn
is not a cancellation entrypoint.

Checked on x86_64, i686, powerpc64le, and aarch64.

	* nptl/Makefile (tests): Add tst-exec5.
	* nptl/tst-exec5.c: New file.
	* sysdeps/unix/sysv/linux/spawni.c (__spawni): Correctly enable and disable
	asynchronous cancellation.
2016-09-20 17:18:15 -03:00
Adhemerval Zanella
3e040a2d5f posix: Call _exit in failure case for posix_spawn{p} (BZ#20178)
This patch call _exit instead of exit in failure case for the spawned
child in Linux posix_spawn{p} implementation.

Tested on x86_64.

	[BZ #20178]
	* sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Call _exit
	on failure instead of exit.
2016-05-30 10:56:01 -03:00
Adhemerval Zanella
67b23376fb posix: Fix posix_spawn implict check style
This patch fixes the implicit check style add in 2a69f853c for the
general convention one.

Checked on x86_64.

	* sysdeps/unix/sysv/linux/spawni.c (__spawnix): Fix implict checks
	style.
2016-03-21 12:12:26 -03:00
Adhemerval Zanella
2a69f853c0 posix: Fix posix_spawn invalid memory access
Current Linux posix_spawn spawn do not test if the pid argument is
valid before trying to update it for success case.  This patch fixes
it.

Tested on x86_64 and i686.

	* sysdeps/unix/sysv/linux/spawni.c (__spawnix): Fix invalid memory
	access where posix_spawn success and pid argument is null.
	* posix/tst-spawn.c (do_test): Add posix_spawn null pid argument for
	success case.
2016-03-20 18:17:52 -03:00
Adhemerval Zanella
9ff72da471 posix: New Linux posix_spawn{p} implementation
This patch implements a new posix_spawn{p} implementation for Linux.  The main
difference is it uses the clone syscall directly with CLONE_VM and CLONE_VFORK
flags and a direct allocated stack.  The new stack and start function solves
most the vfork limitation (possible parent clobber due stack spilling).  The
remaning issue are related to signal handling:

  1. That no signal handlers must run in child context, to avoid corrupt
     parent's state.
  2. Child must synchronize with parent to enforce stack deallocation and
     to possible return execv issues.

The first one is solved by blocking all signals in child, even NPTL-internal
ones (SIGCANCEL and SIGSETXID).  The second issue is done by a stack allocation
in parent and a synchronization with using a pipe or waitpid (in case or error).
The pipe has the advantage of allowing the child signal an exec error (checked
with new tst-spawn2 test).

There is an inherent race condition in pipe2 usage for architectures that do not
support the syscall directly.  In such cases the a pipe plus fctnl is used
instead and it may lead to file descriptor leak in parent (as decribed by fcntl
documentation).

The child process stack is allocate with a mmap with MAP_STACK flag using
default architecture stack size.  Although it is slower than use a stack buffer
from parent, it allows some slack for the compatibility code to run scripts
with no shebang (which may use a buffer with size depending of argument list
count).

Performance should be similar to the vfork default posix implementation and
way faster than fork path (vfork on mostly linux ports are basically
clone with CLONE_VM plus CLONE_VFORK).  The only difference is the syscalls
required for the stack allocation/deallocation.

It fixes BZ#10354, BZ#14750, and BZ#18433.

Tested on i386, x86_64, powerpc64le, and aarch64.

	[BZ #14750]
	[BZ #10354]
	[BZ #18433]
	* include/sched.h (__clone): Add hidden prototype.
	(__clone2): Likewise.
	* include/unistd.h (__dup): Likewise.
	* posix/Makefile (tests): Add tst-spawn2.
	* posix/tst-spawn2.c: New file.
	* sysdeps/posix/dup.c (__dup): Add hidden definition.
	* sysdeps/unix/sysv/linux/aarch64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/alpha/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/hppa/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/i386/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/ia64/clone2.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/m68k/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/microblaze/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/mips/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/nios2/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/clone.S (__clone):
	Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S (__clone):
	Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/sh/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc32/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/tile/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/x86_64/clone.S (__clone): Likewise.
	* sysdeps/unix/sysv/linux/nptl-signals.h
	(____nptl_is_internal_signal): New function.
	* sysdeps/unix/sysv/linux/spawni.c: New file.
2016-03-07 11:53:47 +07:00