summaryrefslogtreecommitdiff
path: root/libc
AgeCommit message (Collapse)Author
2021-12-24kvx: fix warning about __BITS_PER_LONG not being definedYann Sionneau
Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2021-11-26libc/inet/resolv: fix per thread res_state accessPeter Seiderer
- use the provided __res_state() method instead of direct access to struct __res_state pointer &_res/*__resp - change the __UCLIBC_HAS_TLS__ protected __res_state() implementation to the one where the comment 'When threaded, _res may be a per-thread variable.' indicates this should be used with threads/TLS enabled Fixes the following segfaults with buildroot raspberrypi3_64_defconfig (uclibc, -Os, Note: runs fine using the raspberrypi3_defconfig): $ /usr/sbin/ntpd -n -d 1970-01-01T00:01:49 ntpd[249]: INIT: ntpd ntpsec-1.2.0 2021-11-03T20:39:50Z: Starting 1970-01-01T00:01:49 ntpd[249]: INIT: Command line: /usr/sbin/ntpd -n -d 1970-01-01T00:01:49 ntpd[249]: INIT: precision = 7.240 usec (-17) 1970-01-01T00:01:49 ntpd[249]: INIT: successfully locked into RAM 1970-01-01T00:01:49 ntpd[249]: CONFIG: readconfig: parsing file: /etc/ntp.conf 1970-01-01T00:01:49 ntpd[249]: CONFIG: restrict nopeer ignored 1970-01-01T00:01:49 ntpd[249]: INIT: Using SO_TIMESTAMPNS 1970-01-01T00:01:49 ntpd[249]: IO: Listen and drop on 0 v6wildcard [::]:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 2 lo 127.0.0.1:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 3 eth0 172.16.0.30:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 4 lo [::1]:123 1970-01-01T00:01:49 ntpd[249]: IO: Listen normally on 5 eth0 [fe80::ba27:ebff:fea6:340%2]:123 1970-01-01T00:01:49 ntpd[249]: IO: Listening on routing socket on fd #22 for interface updates 1970-01-01T00:01:50 ntpd[249]: SYNC: Found 10 servers, suggest minsane at least 3 1970-01-01T00:01:50 ntpd[249]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes 1970-01-01T00:01:50 ntpd[249]: statistics directory /var/NTP/ does not exist or is unwriteable, error No such file or directory 1970-01-01T00:01:51 ntpd[249]: DNS: dns_probe: 0.pool.ntp.org, cast_flags:8, flags:101 Segmentation fault (core dumped) $ ./host/bin/aarch64-buildroot-linux-uclibc-gdb ./build/ntpsec-1_2_0/build/main/ntpd/ntpd core Core was generated by `/usr/sbin/ntpd -n -d'. Program terminated with signal SIGSEGV, Segmentation fault. (gdb) where #0 0x0000007f8ff1f150 in res_sync_func () at libc/inet/resolv.c:3356 #1 0x0000007f8ff1c468 in __open_nameservers () at libc/inet/resolv.c:949 #2 0x0000007f8ff1b498 in __dns_lookup (name=0x55943c67f0 "0.pool.ntp.org", type=1, outpacket=0x7f8fe91c48, a=0x7f8fe91c08) at libc/inet/resolv.c:1134 #3 0x0000007f8ff1d744 in __GI_gethostbyname_r ( name=0x55943c67f0 "0.pool.ntp.org", result_buf=0x7f8fe92628, buf=0x7f8fe91d90 "", buflen=992, result=0x7f8fe92670, h_errnop=0x7f8fe92668) at libc/inet/resolv.c:1966 #4 0x0000007f8ff1d9a0 in __GI_gethostbyname2_r ( name=0x55943c67f0 "0.pool.ntp.org", family=2, result_buf=0x7f8fe92628, buf=0x7f8fe91d70 "0.pool.ntp.org", buflen=1024, result=0x7f8fe92670, h_errnop=0x7f8fe92668) at libc/inet/resolv.c:2065 #5 0x0000007f8ff16924 in gaih_inet (name=0x55943c67f0 "0.pool.ntp.org", service=0x7f8fe92828, req=0x7f8fe92890, pai=0x7f8fe92838) at libc/inet/getaddrinfo.c:596 #6 0x0000007f8ff17624 in __GI_getaddrinfo ( name=0x55943c67f0 "0.pool.ntp.org", service=0x5582eb8acd "\377H\213D$\bL\211\367H\213\260\270", hints=0x7f8fe92890, pai=0x5582ee1bf8) at libc/inet/getaddrinfo.c:957 #7 0x0000005582ea60f4 in _start () (gdb) p _res $1 = {options = 0, nsaddr_list = {{sin_family = 0, sin_port = 0, sin_addr = { s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, { sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}}, dnsrch = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, nscount = 0 '\000', ndots = 0 '\000', retrans = 0 '\000', retry = 0 '\000', defdname = '\000' <repeats 255 times>, nsort = 0 '\000', pfcode = 0, id = 0, res_h_errno = 0, sort_list = {{addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}}, _u = { _ext = {nsaddrs = {0x0, 0x0, 0x0}, nscount = 0 '\000', nstimes = {0, 0, 0}, nssocks = {0, 0, 0}, nscount6 = 0, nsinit = 0}}} (gdb) p &_res $2 = (struct __res_state *) 0x7f8ff8fd98 <_res> (gdb) p rp $3 = (struct __res_state *) 0x7fffffffff And the following uclibc code at libc/inet/resolv.c:3356: 3345 static void res_sync_func(void) 3346 { 3347 struct __res_state *rp = &(_res); 3348 int n; 3349 3350 /* If we didn't get malloc failure earlier... */ 3351 if (__nameserver != (void*) &__local_nameserver) { 3352 /* TODO: 3353 * if (__nameservers < rp->nscount) - try to grow __nameserver[]? 3354 */ 3355 #ifdef __UCLIBC_HAS_IPV6__ 3356 if (__nameservers > rp->_u._ext.nscount) 3357 __nameservers = rp->_u._ext.nscount; 3358 n = __nameservers; The special thing about ntpsec is the DNS lookup in an extra thread and/or the call to res_init(), see ntpsec-1_2_0/ntpd/ntp_dns.c: 69 msyslog(LOG_INFO, "DNS: dns_probe: %s, cast_flags:%x, flags:%x%s", 70 hostname, pp->cast_flags, pp->cfg.flags, busy); 71 if (NULL != active) /* normally redundant */ 72 return false; 73 74 active = pp; 75 76 sigfillset(&block_mask); 77 pthread_sigmask(SIG_BLOCK, &block_mask, &saved_sig_mask); 78 rc = pthread_create(&worker, NULL, dns_lookup, pp); and 165 static void* dns_lookup(void* arg) 166 { 167 struct peer *pp = (struct peer *) arg; 168 struct addrinfo hints; 169 170 #ifdef HAVE_SECCOMP_H 171 setup_SIGSYS_trap(); /* enable trap for this thread */ 172 #endif 173 174 #ifdef HAVE_RES_INIT 175 /* Reload DNS servers from /etc/resolv.conf in case DHCP has updated it. 176 * We only need to do this occasionally, but it's not expensive 177 * and simpler to do it every time than it is to figure out when 178 * to do it. 179 * This res_init() covers NTS too. 180 */ 181 res_init(); 182 #endif 183 184 if (pp->cfg.flags & FLAG_NTS) { 185 #ifndef DISABLE_NTS 186 nts_probe(pp); 187 #endif 188 } else { 189 ZERO(hints); 190 hints.ai_protocol = IPPROTO_UDP; 191 hints.ai_socktype = SOCK_DGRAM; 192 hints.ai_family = AF(&pp->srcadr); 193 gai_rc = getaddrinfo(pp->hostname, NTP_PORTA, &hints, &answer); 194 } $ /usr/lib/uclibc-ng-test/test/inet/tst-res Segmentation fault (core dumped) $ ./host/bin/aarch64-buildroot-linux-uclibc-gdb ./build/uclibc-ng-test-0844445e7358eb10e716155b55b0fb23e88d644a/test/inet/tst-res core Core was generated by `/usr/lib/uclibc-ng-test/test/inet/tst-res'. Program terminated with signal SIGSEGV, Segmentation fault. (gdb) where #0 __GI___res_init () at libc/inet/resolv.c:3514 #1 0x0000005591e507e4 in main (argc=<optimized out>, argv=<optimized out>) at tst-res.c:20 First reported here: https://lore.kernel.org/buildroot/20211028230131.5f50d6e7@gmx.net/ https://www.mail-archive.com/devel@uclibc-ng.org/msg01085.html Signed-off-by: Peter Seiderer <ps.report@gmx.net>
2021-08-25Merge remote-tracking branch 'evolvis/dns-things'Waldemar Brodkorb
2021-08-09libc/inet/resolv.c: add __hnbad to check DNS entries for validity…mirabilos
… using the same rules glibc does also call __hnbad in some places to check answers
2021-08-09make __{en,de}code_dotted into macrosmirabilos
they merely call dn_{comp,expand} slightly rearranging the arguments Signed-off-by: mirabilos <mirabilos@evolvis.org>
2021-08-09actually remove the ifdeffed-out code from the previous commitmirabilos
Signed-off-by: mirabilos <mirabilos@evolvis.org>
2021-08-09libc/inet/resolv.c: use dn_{comp,expand} for __{en,de}code_dottedmirabilos
Minimal-invasive change: just ifdeffing away the older code. There is no reason to have two different sets of functions doing the same thing, one used in half the code and another, doing less escaping, in the other half; just use one. Signed-off-by: mirabilos <mirabilos@evolvis.org>
2021-06-04powerpc: fix PIE/PIC builds with newer gcc/binutils which use secureplt by ↵Yann Sionneau
default This patch fixes segfault of all user space processes (including init, which caused a panic) on recent buildroot powerpc32 builds. The issue has been reported by Romain Naour in this thread: https://mailman.uclibc-ng.org/pipermail/devel/2021-May/002068.html Recent buildroot toolchain enables secure PLT in powerpc gcc. The latter will then supply -msecure-plt to gas invocations by default. Recent buildroot also enables PIE by defaults. For the secure PLT to work in PIC, the r30 register needs to point to the GOT. Old "bss plt" was just a one-instruction-wide PLT slot, pointed-to by a R_PPC_JMP_SLOT relocation, which was written on-the-fly to contain a branch instruction to the correct address. It therefore had to stay writable. New secure PLT only contains read-only code which loads the branch address from the writable GOT. Note: secure PLT without PIC does not need r30 to be set. Because offset between plt stub code and got is known at link-time. In this case the PLT entry looks like: 1009b3e0 <__uClibc_main@plt>: 1009b3e0: 3d 60 10 0e lis r11,4110 1009b3e4: 81 6b 03 74 lwz r11,884(r11) 1009b3e8: 7d 69 03 a6 mtctr r11 1009b3ec: 4e 80 04 20 bctr Whereas secure PLT with PIC - offset between plt and got is unknown at link-time - looks like this: 000af800 <00000000.plt_pic32.__uClibc_main>: af800: 81 7e 03 80 lwz r11,896(r30) af804: 7d 69 03 a6 mtctr r11 af808: 4e 80 04 20 bctr af80c: 60 00 00 00 nop Signed-off-by: Yann Sionneau <yann@sionneau.net>
2021-04-09open: Add support for O_TMPFILENicolas Cavallari
Since Linux 3.11, O_TMPFILE allows to create unnamed files that can be linked later on. It is internally defined as (O_TMPFILE | O_DIRECTORY) to make it fail on old kernels. Copying definitions from glibc for O_TMPFILE is not enough to support O_TMPFILE; The open() wrapper also need to pass the mode when the flag contains O_TMPFILE, otherwise, it will pass mode 000 which will succeed but yield unexpected results. openat() is curiously not affected since it passes the mode unconditionally.. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
2021-02-19fcntl.h: Make F_DUPFD_CLOEXEC if _USE_XOPEN2K8Paul Cercueil
The F_DUPFD_CLOEXEC flag was added in POSIX 2008.09. Signed-off-by: Paul Cercueil <paul@crapouillou.net>
2021-01-28use renameat2 syscall, when renameat isn't availableWaldemar Brodkorb
2021-01-27fix umount2 compilation for alpha on Linux 5.xWaldemar Brodkorb
2021-01-27sh: Add 64-bit time types from kernelGeoffrey Le Gourriérec
Building uclibc 1.0.37 for SuperH architecture with linux-headers 5.10.7 fails at libpthread level due to missing time-related data structures, usually defined by the kernel. Define those missing data structures in SuperH-specific kernel_types.h. Context: building for sh4eb-r2d[1] and sh4-r2d[1] boards emulations for QEMU using the buildroot image generation tool. Regarding the issue, a patch[3] was already issued in the kernel some time ago, which aimed to solve precisely this problem. After coming up with a quick and dirty patch for buildroot modifying Linux headers[4], some discussion was sparked on the subject with Linux folks[5]. Some analyzing later, conclusion was that: 1) Previously mentioned patch[4] was fixing the symptom, not the ill 2) SuperH-specific code in uclibc could be patched instead, to solve the problem for other use cases (e.g. building just a toolchain) [1] https://git.buildroot.net/buildroot/tree/configs/qemu_sh4eb_r2d_defconfig?h=2020.02.9 [2] https://git.buildroot.net/buildroot/tree/configs/qemu_sh4_r2d_defconfig?h=2020.02.9 [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc94cf2092c7c1267fa2deb8388d624f50eba808 [4] https://git.buildroot.net/buildroot/commit/?id=742f37de8d0e3797698411dfc6a63bd7e98aafe2 [5] https://patchwork.kernel.org/project/linux-sh/patch/20210123165652.10884-1-geoffrey.legourrierec@gmail.com/ Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
2020-12-23stdlib: fix potential UB and integer overflow with huge allocations using ↵Yann Sionneau
malloc-simple allocator Two things are fixed by this commit: 1/ It is wrong to allocate an object of size > PTRDIFF_MAX. It is explained in this thread: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63303 2/ There was a possible integer overflow in both malloc() and memalign() implementations of stdlib/malloc-simple. The malloc() integer overflow issue is fixed by the side effect of fixing the PTRDIFF_MAX issue. The memalign() one is fixed by adding a comparison. Signed-off-by: Yann Sionneau <yann@sionneau.net>
2020-10-19hasmntopt: better option matchingYann Sionneau
Previous implementation was respecting the man page description of what the function should do. Also the function does not seem to be defined by POSIX. But... to be really useful the function needs to handle option matching and not just substring matching. This is copy pasted from glibc. This fixes issue reported by https://github.com/wbx-github/uclibc-ng/issues/8 that can happen for instance there: https://github.com/frida/glib/blob/master/gio/gunixmounts.c#L622 Signed-off-by: Yann Sionneau <yann@sionneau.net>
2020-10-02kvx: add support for kvx arch to uClibc-ngYann Sionneau
This commit adds support for Kalray VLIW family (kvx) Kalray kv3 core is embedded in Kalray Coolidge SoC. This core which is the third of the KV family has the following features: 32/64 bits execution mode 6-issue VLIW architecture 64 x 64bits general purpose registers SIMD instructions little-endian In order to build a usable toolchain, build scripts are provided at the following address: https://github.com/kalray/build-scripts. Kalray uses FOSS which is available at https://github.com/kalray This includes Linux kernel, uClibc-ng, gcc, binutils, etc. Signed-off-by: Clément Léger <cleger@kalray.eu> Signed-off-by: Guillaume Thouvenin <gthouvenin@kalray.eu> Signed-off-by: Laurent Thevenoux <lthevenoux@kalray.eu> Signed-off-by: Marc Poulhies <mpoulhies@kalray.eu> Signed-off-by: Marius Gligor <mgligor@kalray.eu> Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2020-09-22Fix warning due to unused variable in strlenYann Sionneau
Fixes this: libc/string/generic/strlen.c: In function 'strlen': libc/string/generic/strlen.c:31:31: warning: variable 'magic_bits' set but not used [-Wunused-but-set-variable] unsigned long int longword, magic_bits, himagic, lomagic; ^~~~~~~~~~ Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2020-09-22Fix warning about macro redefinitionYann Sionneau
Fixes this: libc/misc/internals/tempname.c: In function 'brain_damaged_fillrand': libc/misc/internals/tempname.c:155:0: warning: "L" redefined #define L ((UINT32_MAX % NUM_LETTERS + 1) % NUM_LETTERS) In file included from ./libpthread/nptl/sysdeps/unix/sysv/linux/lowlevellock.h:24:0, from ./include/bits/libc-lock.h:35, from ./include/bits/stdio-lock.h:22, from ./include/bits/uClibc_mutex.h:73, from ./include/bits/uClibc_stdio.h:83, from ./include/stdio.h:71, from libc/misc/internals/tempname.c:35: ./libc/sysdeps/linux/kvx/sysdep.h:40:0: note: this is the location of the previous definition # define L(name) $L##name Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2020-09-22Fix warning about missing const qualifierYann Sionneau
Fixes this: In file included from libc/misc/fnmatch/fnmatch.c:235:0: libc/misc/fnmatch/fnmatch_loop.c: In function 'internal_fnmatch': libc/misc/fnmatch/fnmatch_loop.c:207:21: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] CHAR *p_init = p; ^ libc/misc/fnmatch/fnmatch_loop.c:208:21: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] CHAR *n_init = n; Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2020-09-21Support b64_ntop(), b64_pton() (bsd-compat)Waldemar Brodkorb
Signed-off-by: akater <nuclearspace@gmail.com>
2020-09-15Fix memory corruption due to struct stat fieldYann Sionneau
Kernel stat/stat64 structure and uClibc-ng ones were not in sync regarding the timespec fields. Kernel had them but uClibc did not expose it in some cases. Man page says that stat struct should have timespec fields if: * _POSIX_C_SOURCE is defined to 200809L or greater or * _XOPEN_SOURCE is defined to 700 or greater or * _BSD_SOURCE is defined or * _SVID_SOURCE is defined In the case of buildroot vim build, neither _BSD_SOURCE nor _SVID_SOURCE were defined. Only _POSIX_C_SOURCE and _XOPEN_SOURCE were defined. uClibc-ng header only checked for _BSD_SOURCE and _SVID_SOURCE via __USE_MISC. This patch adds a check to __USE_XOPEN2K8 which is defined if _POSIX_C_SOURCE >= 200809L or _XOPEN_SOURCE >= 700 This for instance fixes a crash at startup of vim (not the busybox one) on aarch64 and all other arch where in kernel STAT_HAVE_NSEC is set and where stat.h in uClibc-ng comes from libc/sysdeps/linux/common-generic/bits Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2020-09-02Revert "Fix static linking with GCC-10"Waldemar Brodkorb
This reverts commit 5b58a1ebd89a4f05778441814e81817c82193fa3. This breaks all static builds earlier to gcc 10 :( Bad testing on my side.
2020-08-19Add {name, open}_to_handle_at() implementationPetr Vorel
copied from musl 1.2.1. Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
2020-08-17riscv64: add __riscv_flush_icacheWaldemar Brodkorb
Always use the systemcall as uClibc-ng has no vdso support. Tested with libffi and python in qemu-system-riscv64.
2020-08-15sys/random.h include stddef.hWaldemar Brodkorb
Reported-By: akater <nuclearspace@gmail.com>
2020-08-11Fix static linking with GCC-10Lance Fredrickson
Starting with GCC-10 multiple definitions of global variables by will be rejected. https://gcc.gnu.org/gcc-10/porting_to.html This fixes multiple definitions of _dl_pagesize and _dl_tls_static_size while attempting static linking. Of course this only occurs when compiling something that requires these symbols. First patch submission so hopefully all done correctly. thanks, Lance Fredrickson From e0686f7c03ce8e51ccffefeb6365e50311e6dd10 Mon Sep 17 00:00:00 2001 From: lancethepants <lancethepants@gmail.com> Date: Wed, 15 Jul 2020 13:09:26 -0600 Subject: [PATCH] Starting with GCC-10 multiple definitions of global variables by will be rejected. This fixes multiple definitions of _dl_pagesize and _dl_tls_static_size while attempting static linking.
2020-08-11xtensa: add exclusive access supportMax Filippov
Add XCHAL definitions for S32C1I and EXCLUSIVE options to xtensa-config.h, include it in places that implement atomic operations and add implementations with exclusive access option opcodes. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2020-08-11xtensa: relax memory constraint in atomic assemblyMax Filippov
Replace "a" constraints with "+m" to avoid forcing atomic variable address into a register and let the compiler use non-zero offset in load/store opcodes. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2020-07-02Rename __unused struct members to include a namespaceEd Wildgoose
Rename various spare fields in structs to include a namespace This should avoid accidental clashes with uses of the __unused symbol in upstream projects. eg currently it causes a compile error in dhcpcd 8.x due to their re-use of the __unused symbol as a macro This follows the style of glibc which does something equivalent
2020-06-19inet: add sockatmark implementationClement Leger
Import musl C sockatmark implementation into uClibc-ng. Signed-off-by: Clement Leger <cleger@kalray.eu> Acked-by: Yann Sionneau <ysionneau@kalray.eu>
2020-05-17mips: Do not include hi and lo in __SYSCALL_CLOBBERS for R6Romain Naour
From [1] "GCC 10 (PR 91233) won't silently allow registers that are not architecturally available to be present in the clobber list anymore, resulting in build failure for mips*r6 targets in form of: ... .../sysdep.h:146:2: error: the register ‘lo’ cannot be clobbered in ‘asm’ for the current target 146 | __asm__ volatile ( \ | ^~~~~~~ This is because base R6 ISA doesn't define hi and lo registers w/o DSP extension. This patch provides the alternative definitions of __SYSCALL_CLOBBERS for r6 targets that won't include those registers." [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=020b2a97bb15f807c0482f0faee2184ed05bcad8 Signed-off-by: Romain Naour <romain.naour@gmail.com> Cc: Waldemar Brodkorb <wbx@openadk.org>
2020-04-01statx: make include conditional, fixes non-csky arch buildroot buildsWaldemar Brodkorb
2020-04-01Resolve bug when using unusual MALLOC_ALIGNMENTEyal Itkin
Safe-Linking alignment checks should be done on the user's buffer and not the mchunkptr. The new check adds support for cases in which: MALLOC_ALIGNMENT != 2*(sizeof(size_t)) The default case for both 32 bits and 64 bits was already supported, and this patch adds support for the described irregular case.
2020-02-19malloc: add missing header for some arch (alpha)Waldemar Brodkorb
2020-02-16Add Safe-Linking to fastbinsEyal Itkin
Safe-Linking is a security mechanism that protects single-linked lists (such as the fastbins) from being tampered by attackers. The mechanism makes use of randomness from ASLR (mmap_base), and when combined with chunk alignment integrity checks, it protects the pointers from being hijacked by an attacker. While Safe-Unlinking protects double-linked lists (such as the small bins), there wasn't any similar protection for attacks against single-linked lists. This solution protects against 3 common attacks: * Partial pointer override: modifies the lower bytes (Little Endian) * Full pointer override: hijacks the pointer to an attacker's location * Unaligned chunks: pointing the list to an unaligned address The design assumes an attacker doesn't know where the heap is located, and uses the ASLR randomness to "sign" the single-linked pointers. We mark the pointer as P and the location in which it is stored as L, and the calculation will be: * PROTECT(P) := (L >> PAGE_SHIFT) XOR (P) * *L = PROTECT(P) This way, the random bits from the address L (which start at the bits in the PAGE_SHIFT position), will be merged with the LSB of the stored protected pointer. This protection layer prevents an attacker from modifying the pointer into a controlled value. An additional check that the chunks are MALLOC_ALIGNed adds an important layer: * Attackers can't point to illegal (unaligned) memory addresses * Attackers must guess correctly the alignment bits On standard 32 bit Linux machines, an attacker will directly fail 7 out of 8 times, and on 64 bit machines it will fail 15 out of 16 times. The proposed solution adds 3-4 asm instructions per malloc()/free() and therefore has only minor performance implications if it has any. A similar protection was added to Chromium's version of TCMalloc in 2013, and according to their documentation the performance overhead was less than 2%. Signed-off-by: Eyal Itkin <eyalit@checkpoint.com>
2020-02-07aarch64/bits: provide sigstack.hVladimir Murzin
It fixes tst-signal6 and friends. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
2020-02-07aarch64/sys: update ucontext.hVladimir Murzin
It fixes tst-cancel1 and friends. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
2020-02-07common/bits: Fix ipc_perm and semid_ds definitions for 64-bit archesVladimir Murzin
It fixes: FAIL sem got 1 expected 0 failed: incorrect sem_nsems! semget(IPC_CREAT) = 0 semctl(k) = 0 sem_nsems = 0 for aarch64. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
2020-02-03csky: add statx conditionalsWaldemar Brodkorb
Similar to glibc commit https://sourceware.org/git/?p=glibc.git;a=commit;h=6bbfc5c09fc5b5e3d4a0cddbbd4e2e457767dae7 we need to handle Linux kernel change, which removed stat64 family from default syscall set. Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Waldemar Brodkorb <wbrodkorb@conet.de>
2020-01-30Fix map_newlink abort when interface list changes during getifaddrsVincent Hou
map_newlink() may abort when interface list changed between netlink request for getting interfaces and getting addresses. This commit is ported from the same change from glibc commit. Signed-off-by: Vincent Hou <vincent.houyi@gmail.com>
2020-01-30poll: avoid calling select with empty sets which hangs the processYann Sionneau
Avoid calling select with empty sets which hangs the process This makes uClibc-ng act like glibc and musl Without this fix the test_poll of python3 testsuite hangs forever Scenario of the issue: If you call poll with only invalid file descriptors, like in python3 testsuite (https://github.com/python/cpython/blob/master/Lib/test/test_poll.py#L83) You will go through uClibc poll emulation code, which is based on select syscall. Your first call to select will fail, it will return -1 and errno will be set to EBADF: https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/common/poll.c#L120 Then you will go through the for loop which tests individually each file descriptor by calling select on each one: https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/common/poll.c#L163 each call will also return -1 with errno being equal to EBADF. Therefore all pollfd will have the POLLNVAL flag in their respective revents field. And, the most important, rset/wset/xset will stay empty. Then the for loop ends, the "continue" makes the while loop run again. The following select() is run again: https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/common/poll.c#L120 But this time the sets are empty. If the poll was called with timeout set to -1, this select will hang forever because there is no timeout and the sets are empty so no event will ever wake it up. test program: int main(void) { struct pollfd pfd; int ret; int pipe_fds[2]; pipe(pipe_fds); close(pipe_fds[0]); close(pipe_fds[1]); pfd.fd = pipe_fds[0]; pfd.events = POLLIN | POLLOUT | POLLPRI; pfd.revents = 0; ret = poll(&pfd, 1, -1); printf("ret: %d\n", ret); if (ret < 0) printf("error: %s", strerror(errno)); else { puts("revents: "); if (pfd.revents & POLLERR) printf(" POLLERR"); if (pfd.revents & POLLHUP) printf(" POLLHUP"); if (pfd.revents & POLLNVAL) printf(" POLLNVAL"); puts(""); } return 0; } This hangs on uClibc-ng aarch64 and Kalray's arch (kv3) but does the following on musl and glibc: " ret: 1 revents: POLLNVAL " strace output of this program with uClibc *without* the patch applied: pselect6(4, [3], [3], [3], NULL, NULL) = -1 EBADF (Bad file descriptor) pselect6(4, [3], [3], [3], {tv_sec=0, tv_nsec=0}, NULL) = -1 EBADF (Bad file descriptor) pselect6(0, 0x7ffffffb80, 0x7ffffffb68, 0x7ffffffb50, NULL, NULL (never finishes) strace output of this program with uClibc *with* the patch applied: pselect6(4, [3], [3], [3], NULL, NULL) = -1 EBADF (Bad file descriptor) pselect6(4, [3], [3], [3], {tv_sec=0, tv_nsec=0}, NULL) = -1 EBADF (Bad file descriptor) write(1, "ret: 1\n", 7ret: 1 ) = 7 write(1, "revents: \n", 10revents: ) = 10 write(1, " POLLNVAL\n", 10 POLLNVAL ) = 10 exit_group(0) = ? +++ exited with 0 +++
2020-01-28fix getenv bugAta, John (US)
The getenv() library call can trap under certain conditions. It compares the passed in environment variable name (var) with the name=variables (*ep) in the environment area and returns a pointer to the value in the environment if it exists. To accomplish this, it does a memcmp() using the length of the passed in name (len) for each environment variable (*ep) against the passed in name ( var). So memcmp will attempt to scan both strings for len bytes. However, if for some reason, len is equal to or greater than 16 and longer than the length of the *ep in the environment and the *ep resides near the end of a page boundary while the next page is not present or mapped, the memcmp could trap with a sigsegv error while continuing the scan with the optimization read-ahead. However, if strncmp is used instead, there is no problem since both source and destination scanning will stop when either reaches a terminating NULL
2019-11-17fix PTRAVE_EVENT_SECCOMP typo in ptrace.hJoris Vink
Hi, This diff fixes a typo in the PTRACE_EVENT_SECCOMP event code. The typo itself was introduced in 2012 when syncing with glibc header files and was itself fixed in 2013 in the glibc headers.
2019-11-08riscv64: implement NPTL/TLSWaldemar Brodkorb
basically from or1k port of uClibc-ng, with fixes for structures in pthreadtypes.h from 64 bit architectures. 18 testsuite failures counted.
2019-11-06riscv64: lazy relocations do not work like sparc/m68kWaldemar Brodkorb
2019-11-05implement fexecve from glibcWaldemar Brodkorb
2019-11-01riscv64: add shared library supportWaldemar Brodkorb
2019-10-30Make __syscall_error return long, as expected by syscall() callersCarlos Santos
The return type of syscall() is long so __syscall_error, which is jumped to by syscall handlers to stash an error number into errno, must return long too otherwhise it returs 4294967295L instead of -1L. For example, syscall for x86_64 is defined in libc/sysdeps/linux/x86_64/syscall.S as syscall: movq %rdi, %rax /* Syscall number -> rax. */ movq %rsi, %rdi /* shift arg1 - arg5. */ movq %rdx, %rsi movq %rcx, %rdx movq %r8, %r10 movq %r9, %r8 movq 8(%rsp),%r9 /* arg6 is on the stack. */ syscall /* Do the system call. */ cmpq $-4095, %rax /* Check %rax for error. */ jae __syscall_error /* Branch forward if it failed. */ ret /* Return to caller. */ In libc/sysdeps/linux/x86_64/__syscall_error.c, __syscall_error is defined as int __syscall_error(void) attribute_hidden; int __syscall_error(void) { register int err_no __asm__ ("%rcx"); __asm__ ("mov %rax, %rcx\n\t" "neg %rcx"); __set_errno(err_no); return -1; } So __syscall_error returns -1 as a 32-bit int in a 64-bit register, %rax (0x00000000ffffffff, whose decimal value is decimal 4294967295) and a test like this always returns false: if (syscall(number, ...) == -1) foo(); Fix the error by making __syscall_error return a long, like syscall(). The problem can be circumvented by the caller by coercing the returned value to int before comparing it to -1: if ((int) syscall(number, ...) == -1) foo(); The same problem probably occurs on other 64-bit systems but so far only x86_64 was tested, so this change must be considered experimental. Signed-off-by: Carlos Santos <unixmania@gmail.com>
2019-10-15Fix value for O_mask_was_saved based on gdb observationmirabilos
(gdb) print offsetof(struct __jmp_buf_tag, __mask_was_saved) $12 = (int *) 0x1f0 using https://stackoverflow.com/a/39663128/2171120
2019-10-15sparc64: Make structure match kernel uapimirabilos
Update from linux/arch/sparc/include/uapi/asm/uctx.h