mips and powerpc use their own asm/ioctls.h, not the asm-generic/ioctls.h
and they lack termiox macros that are available on other targets.
see kernel commit 1d65b4a088de407e99714fdc27862449db04fb5c
the (unused) speed fields were omitted when these ports were first
added (within this release cycle, so not present in any release yet)
in accordance with how glibc defines the structure on mips archs.
however their omission does not match existing musl practice/intent.
glibc provides its own, mostly-unified termios structure definition
and performs translation in userspace to match the kernel structure
for the arch, but has gratuitous differences on a few archs like mips,
presumably as a result of historical mistakes. some other libcs use
the kernel definitions directly. musl essentially does that, by
matching the kernel layout in the part of the structure the kernel
will read/write, but leaves additional space at the end for
extensibility. these are nominally the (nonstandard) speed fields and
(on most archs) extra c_cc elements, but since they are not used they
could be repurposed if there's ever a need.
commit 6d38c9cf80 provided an
arm-specific version of posix_fadvise to address the alternate
argument order the kernel expects on arm, but neglected to address
that powerpc (32-bit) has the same issue. instead of having arch
variant files in duplicate, simply put the alternate version in the
top-level file under the control of a macro defined in syscall_arch.h.
when commit 0b6eb2dfb2 added the
parentheses around __syscall to invoke the function directly, there
was no __syscall7 in the syscall macro infrastructure, so this hack
was needed. commit 9a3bbce447 fixed that
but failed to remove the hack.
the kernel ABI value for RUSAGE_CHILDREN is -1, not 1. the latter is
actually interpreted as RUSAGE_THREAD, to obtain values for just the
calling thread and not the whole process.
Linux's documentation (robust-futex-ABI.txt) claims that, when a
process dies with a futex on the robust list, bit 30 (0x40000000) is
set to indicate the status. however, what actually happens is that
bits 0-30 are replaced with the value 0x40000000, i.e. bits 0-29
(containing the old owner tid) are cleared at the same time bit 30 is
set.
our userspace-side code for robust mutexes was written based on that
documentation, assuming that kernel would never produce a futex value
of 0x40000000, since the low (owner) bits would always be non-zero.
commit d338b506e3 introduced this
assumption explicitly while fixing another bug in how non-recoverable
status for robust mutexes was tracked. presumably the tests conducted
at that time only checked non-process-shared robust mutexes, which are
handled in pthread_exit (which implemented the documented kernel
protocol, not the actual one) rather than by the kernel.
change pthread_exit robust list processing to match the kernel
behavior, clearing bits 0-29 while setting bit 30, and use the value
0x7fffffff instead of 0x40000000 to encode non-recoverable status. the
choice of value here is arbitrary; any value with at least one of bits
0-29 set should work just as well,
despite clarifications made to the COPYRIGHT file in commit
f0a6139933, there continues to be
confusion about whether the permissions granted actually apply to all
files. I am the sole author of these files and clearly intend, and
have always intended, for the grant of permission to apply to them.
compilers are free not to copy, or in some cases to clobber, padding
bytes in a structure. while it's an aliasing violation, and thus
undefined behavior, to copy or manipulate other sockaddr types using
sockaddr_storage, it seems likely that traditional code attempts to do
so, and the original intent of the sockaddr_storage structure was
probably to allow such usage.
in the interest of avoiding silent and potentially dangerous breakage,
ensure that there are no actual padding bytes in sockaddr_storage by
moving and adjusting the size of the __ss_padding member so that it
fits exactly.
this change also removes a silent assumption that the alignment of
long is equal to its size.
kernel connection multiplexor macros AF_KCM, PF_KCM, SOL_KCM were
added in linux commit ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
MSG_BATCH sendmsg flag for performance optimization was added
in linux commit f092276d85b82504e8a07498f4e9e0c51f06745c
SOL_* macros are now synced with linux socket.h which is not a uapi
header and glibc did not have the macros either, but that has changed
http://sourceware.org/ml/libc-alpha/2016-05/msg00322.html
new fields and associated linux commit:
tcpi_notsent_bytes, tcpi_min_rtt cd9b266095f422267bddbec88f9098b48ea548fc
tcpi_data_segs_in, tcpi_data_segs_out a44d6eacdaf56f74fad699af7f4925a5f5ac0e7f
new socket option so application can give advice about routing
path quality of connected udp sockets, added in linux commit
a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314
the syscalls take an additional flag argument, they were added in commit
f17d8b35452cab31a70d224964cd583fb2845449 and a RWF_HIPRI priority hint
flag was added to linux/fs.h in 97be7ebe53915af504fb491fb99f064c7cf3cb09.
the syscall is not allocated for microblaze and sh yet.
the difference of pointers is a signed type ptrdiff_t; if it is only
32-bit, left-shifting it by 30 bits produces undefined behavior. cast
the difference to an appropriate unsigned type, uint32_t, before
shifting to avoid this.
the a64l function is specified to return a signed 32-bit result in
type long. as noted in the bug report by Ed Schouten, converting
implicitly from uint32_t only produces the desired result when long is
a 32-bit type. since the computation has to be done in unsigned
arithmetic to avoid overflow, simply cast the result to int32_t.
further, POSIX leaves the behavior on invalid input unspecified but
not undefined, so we should not take the difference between the
potentially-null result of strchr and the base pointer without first
checking the result. the simplest behavior is just returning the
partial conversion already performed in this case, so do that.
previously, the only way the stopping condition could be met with
correct lengths in the headers invoked undefined behavior, adding
sizeof(struct cmsghdr) beyond the end of the cmsg buffer.
instead, compute and compare sizes rather than pointers.
the num_submatches field of some ast nodes was not initialized in
tre_add_tag_{left,right}, but was accessed later.
this was a benign bug since the uninitialized values were never used
(these values are created during tre_add_tags and copied around during
tre_expand_ast where they are also used in computations, but nothing
in the final tnfa depends on them).
The --build flag is listed in two case statement entries in configure,
which causes the second entry to be ignored. This patch removes it
from the first entry.
Signed-off-by: Michael LeMay <michael.lemay@intel.com>
previously if you called getprotobyname("egp") you would get
NULL because \008 is invalid octal and so the protocol id was
interpreted as 0 and name as "8egp".
the standard configure interface, which our configure script tries to
implement, identifies cross compiling (build != host) and searches for
the properly-prefixed cross tools. our script was not doing that,
forcing users to explicitly provide either CC or a CROSS_COMPILE tool
prefix, and the more common choice, just providing CC, was incomplete
because the Makefile would still invoke the native ar and ranlib
programs. this happened to work when building on ELF-based systems
with GNU binutils, but could easily fail when cross-compiling from
dissimilar systems.
like before, and like the standard configure behavior, an explicit CC
or CROSS_COMPILE variable on the command line or in the environment
overrides the automatic prefixing.
these changes are the outcome of a long mailing list thread that took
place March 2016, "musl licensing". among minor other issues,
prospective users were not confident that the whole-project MIT
license would grant permission for files to which the COPYRIGHT file
expressed a belief that copyright not apply, if it turned out that
these files were actually subject to copyright.
in accordance with the original intent of applying a permissive
license to the project, which was that license issues not be an
obstacle to use, the text which was causing confusion is removed. no
new claims of copyright are made, but new text is added to clarify
that the grant of permissions applies to all files, and an explicit
grant of permission to use public headers and crt files without
attribution has been made.
this patch was reviewed and approved by all substantial contributors
to the affected files: Bobby Bingham, John Spencer (rofl0r), Nicholas
J. Kain, Rich Felker, Richard Pennington, Stefan Kristiansson, and
Szabolcs Nagy.
commit 7e816a6487 (version 1.1.11
release cycle) moved the code that performs wchar_t to multibyte
conversion across code that used the resulting length in bytes,
thereby breaking the unget buffer space check in ungetwc and
clobbering up to three bytes below the start of the buffer.
for allocated FILEs (all read-enabled FILEs except stdin), the
underflow clobbers at most the FILE-specific locale pointer. no stores
are performed through this pointer, but subsequent loads may result in
a crash or mismatching encoding rule (UTF-8 multibyte vs byte-based).
for stdin, the buffer lies in .bss and the underflow may clobber
another object. in practice, for libc.so the adjacent object seems to
be stderr's buffer, which is completely unused, but this could vary
with linking options, or when static linking.
applications which do not attempt to use more than one character of
ungetwc pushback, or which do not use ungetwc, are not affected.
per the powerpc psabi, offset 4 of the stack at call time belongs to
the callee and is used for spilling lr (return address). in addition,
offset 0 on the stack must contain a pointer to the previous stack
frame, or a null pointer for the initial stack frame of a thread.
__clone failed to setup any stack frame on the new thread's stack,
thereby allowing the start function it called to clobber offset 4 of
the new thread's struct __pthread, which contains the dtv pointer.
add code to setup a proper stack frame and align the stack pointer to
a multiple of 16 (also an abi requirement) if it was not already
aligned.
mips32r6 and mips64r6 are actually new isas at both the asm source and
opcode levels (pre-r6 code cannot run on r6) and thus need to be
treated as a new subarch. the following changes are made, some of
which yield code generation improvements for non-r6 targets too:
- add subarch logic in configure script and reloc.h files for dynamic
linker name.
- suppress use of .set mips2 asm directives (used to allow mips2
atomic instructions on baseline mips1 builds; the kernel has to
emulate them on mips1) except when actually needed. they cause wrong
instruction encodings on r6, and pessimize inlining on at least some
compilers.
- only hard-code sync instruction encoding on mips1.
- use "ZC" constraint instead of "m" constraint for llsc memory
operands on r6, where the ll/sc instructions no longer accept full
16-bit offsets.
- only hard-code rdhwr instruction encoding with .word on targets
(pre-r2) where it may need trap-and-emulate by the kernel.
otherwise, just use the instruction mnemonic, and allow an arbitrary
destination register to be used.
the two/three/four byte memmem specializations are not prepared to
handle haystacks shorter than the needle; they unconditionally read at
least up to the needle length and subtract from the haystack length.
if the haystack is shorter, the remaining haystack length underflows
and produces an unbounded search which will eventually either crash or
find a spurious match.
the top-level memmem function attempted to avoid this case already by
checking for haystack shorter than needle, but it failed to re-check
after using memchr to remove the maximal prefix not containing the
first byte of the needle.
commits e24984efd5 and
16b55298dc inadvertently disabled the
a_spin implementations for i386, x86_64, and x32 by defining a macro
named a_pause instead of a_spin. this should not have caused any
functional regression, but it inhibited cpu relaxation while spinning
for locks.
bug reported by George Kulakowski.
the comparison f->wpos > f->buf has undefined behavior when f->wpos is
a null pointer, despite the intuition (and actual compiler behavior,
for all known compilers) being that NULL > ptr is false for all valid
pointers ptr.
the purpose of the comparison is to determine if the write buffer is
non-empty, and the idiom used elsewhere for that is comparison against
f->wbase, which is either a null pointer when not writing, or equal to
f->buf when writing. in the former case, both f->wpos and f->wbase are
null; in the latter they are both non-null and point into the same
array.