Commit Graph

3047 Commits

Author SHA1 Message Date
Felix Fietkau
3fffa7a658 mips: fix mcontext_t register array field name
glibc and uclibc use gregs instead of regs

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2015-07-21 19:02:31 -04:00
Rich Felker
0f9c2666ac handle loss of syslog socket connection
when traditional syslogd implementations are restarted, the old server
socket ceases to exist and a new unix socket with the same pathname is
created. when this happens, the default destination address associated
with the client socket via connect is no longer valid, and attempts to
send produce errors. this happens despite the socket being datagram
type, and is in contrast to the behavior that would be seen with an IP
datagram (UDP) socket.

in order to avoid a situation where the application is unable to send
further syslog messages without calling closelog, this patch makes
syslog attempt to reconnect the socket when send returns an error
indicating a lost connection.

additionally, initial failure to connect the socket no longer results
in the socket being closed. this ensures that an application which
calls openlog to reserve the socket file descriptor will not run into
a situation where transient connection failure (e.g. due to syslogd
restart) prevents fd reservation. however, applications which may be
unable to connect the socket later (e.g. due to chroot, restricted
permissions, seccomp, etc.) will still fail to log if the syslog
socket cannot be connected at openlog time or if it has to be
reconnected later.
2015-07-09 18:47:48 +00:00
Rich Felker
11894f6d3a fix incorrect void return type for syncfs function
being nonstandard, the closest thing to a specification for this
function is its man page, which documents it as returning int. it can
fail with EBADF if the file descriptor passed is invalid.
2015-07-09 17:07:35 +00:00
Rich Felker
e8cbe0bad4 fix negated return value of ns_skiprr, breakage in related functions
due to a reversed pointer difference computation, ns_skiprr always
returned a negative value, which functions using it would interpret as
an error.

patch by Yu Lu.
2015-07-08 02:46:45 +00:00
Shiz
fb58545f8d add musl-clang, a wrapper for system clang installs
musl-clang allows the user to compile musl-powered programs using their
already existent clang install, without the need of a special cross compiler.
it achieves this by wrapping around both the system clang install and the
linker and passing them special flags to re-target musl at runtime.
it does only affect invocations done through the special musl-clang wrapper
script, so that the user setup remains fully intact otherwise.

the clang wrapper consists of the compiler frontend wrapper script,
musl-clang, and the linker wrapper script, ld.musl-clang.
musl-clang makes sure clang invokes ld.musl-clang to link objects; neither
script needs to be in PATH for the wrapper to work.
2015-07-06 23:52:16 +00:00
Shiz
f8db6f74b2 build: fix musl-targeting toolchain test
the old test was broken in that it would never fail on a toolchains built
without dynamic linking support, leading to the wrapper script possibly being
installed on compilers that do not support it. in addition, the new test is
portable across compilers: the old test only worked on GCC.

the new test works by testing whether the toolchain libc defines __GLIBC__:
most non-musl Linux libc's do define this for compatibility even when they
are not glibc, so this is a safe bet to check for musl. in addition, the
compiler runtime would need to have a somewhat glibc-compatible ABI in the
first place, so any non-glibc compatible libc's compiler runtime might not
work. it is safer to disable these cases by default and have the user enable
the wrappers manually there using --enable-wrapper if they certain it works.
2015-07-06 19:37:06 -04:00
Shiz
b3cd7d13fe build: overhaul wrapper script system for multiple wrapper support
this overhauls part of the build system in order to support multiple
toolchain wrapper scripts, as opposed to solely the musl-gcc wrapper as
before. it thereby replaces --enable-gcc-wrapper with --enable-wrapper=...,
which has the options 'auto' (the default, detect whether to use wrappers),
'all' (build and install all wrappers), 'no' (don't build any) and finally
the options named after the individual compiler scripts (currently only
'gcc' is available) to build and install only that wrapper.
the old --enable-gcc-wrapper is removed from --help, but still available.

it also modifies the wrappers to use the C compiler specified to the build
system as 'inner' compiler, when applicable. as wrapper detection works by
probing this compiler, it may not work with any other.
2015-07-06 23:34:14 +00:00
Rich Felker
2a780aa305 treat empty TZ environment variable as GMT rather than default
this improves compatibility with the behavior of other systems and
with some applications which set an empty TZ var to disable use of
local time by mktime, etc.
2015-07-06 22:13:11 +00:00
Alexander Monakov
8f08a58c63 dynlink.c: pass gnu-hash table pointer to gnu_lookup
The callers need to check the value of the pointer anyway, so make
them pass the pointer to gnu_lookup instead of reloading it there.

Reorder gnu_lookup arguments so that always-used ones are listed
first. GCC can choose a calling convention with arguments in registers
(e.g. up to 3 arguments in eax, ecx, edx on x86), but cannot reorder
the arguments for static functions.
2015-06-28 02:30:12 +00:00
Alexander Monakov
5b4286e12c dynlink.c: slim down gnu_lookup
Do not reference dso->syms and dso->strings until point of use.
Check 'h1 == (h2|1)', the simplest condition, before the others.
2015-06-28 01:51:15 +00:00
Alexander Monakov
84389c6456 dynlink.c: use bloom filter in gnu hash lookup
Introduce gnu_lookup_filtered and use it to speed up symbol lookups in
find_sym (do_dlsym is left as is, based on an expectation that
frequently dlsym queries will use a dlopen handle rather than
RTLD_NEXT or RTLD_DEFAULT, and will not need to look at more than one
DSO).
2015-06-28 01:49:53 +00:00
Alexander Monakov
66d45787c8 dynlink.c: use a faster expression in gnu_hash
With -Os, GCC uses a multiply rather than a shift and addition for 'h*33'.
Use a more efficient expression explicitely.
2015-06-27 21:48:19 -04:00
Rich Felker
6ba5517a46 fix local-dynamic model TLS on mips and powerpc
the TLS ABI spec for mips, powerpc, and some other (presently
unsupported) RISC archs has the return value of __tls_get_addr offset
by +0x8000 and the result of DTPOFF relocations offset by -0x8000. I
had previously assumed this part of the ABI was actually just an
implementation detail, since the adjustments cancel out. however, when
the local dynamic model is used for accessing TLS that's known to be
in the same DSO, either of the following may happen:

1. the -0x8000 offset may already be applied to the argument structure
passed to __tls_get_addr at ld time, without any opportunity for
runtime relocations.

2. __tls_get_addr may be used with a zero offset argument to obtain a
base address for the module's TLS, to which the caller then applies
immediate offsets for individual objects accessed using the local
dynamic model. since the immediate offsets have the -0x8000 adjustment
applied to them, the base address they use needs to include the
+0x8000 offset.

it would be possible, but more complex, to store the pointers in the
dtv[] array with the +0x8000 offset pre-applied, to avoid the runtime
cost of adding 0x8000 on each call to __tls_get_addr. this change
could be made later if measurements show that it would help.
2015-06-25 22:22:00 +00:00
Rich Felker
ce337daa00 make dynamic linker work around MAP_FAILED mmap failure on nommu kernels
previously, loading of additional libraries beyond libc/ldso did not
work on nommu kernels, nor did loading programs via invocation of the
dynamic linker as a command.
2015-06-23 04:05:31 +00:00
Rich Felker
a59341420f reimplement strverscmp to fix corner cases
this interface is non-standardized and is a GNU invention, and as
such, our implementation should match the behavior of the GNU
function. one peculiarity the old implementation got wrong was the
handling of all-zero digit sequences: they are supposed to compare
greater than digit sequences of which they are a proper prefix, as in
009 < 00.

in addition, high bytes were treated with char signedness rather than
as unsigned. this was wrong regardless of what the GNU function does
since the resulting order relation varied by arch.

the new strverscmp implementation makes explicit the cases where the
order differs from what strcmp would produce, of which there are only
two.
2015-06-23 00:29:57 +00:00
Rich Felker
153e952e1a fix regression/typo that disabled __simple_malloc when calloc is used
commit ba819787ee introduced this
regression. since the __malloc0 weak alias was not properly provided
by __simple_malloc, use of calloc forced the full malloc to be linked.
2015-06-22 20:33:28 +00:00
Rich Felker
ba819787ee fix calloc when __simple_malloc implementation is used
previously, calloc's implementation encoded assumptions about the
implementation of malloc, accessing a size_t word just prior to the
allocated memory to determine if it was obtained by mmap to optimize
out the zero-filling. when __simple_malloc is used (static linking a
program with no realloc/free), it doesn't matter if the result of this
check is wrong, since all allocations are zero-initialized anyway. but
the access could be invalid if it crosses a page boundary or if the
pointer is not sufficiently aligned, which can happen for very small
allocations.

this patch fixes the issue by moving the zero-fill logic into malloc.c
with the full malloc, as a new function named __malloc0, which is
provided by a weak alias to __simple_malloc (which always gives
zero-filled memory) when the full malloc is not in use.
2015-06-22 18:50:09 +00:00
Rich Felker
55d061f031 provide __stack_chk_fail_local in libc.a
this symbol is needed only on archs where the PLT call ABI is klunky,
and only for position-independent code compiled with stack protector.
thus references usually only appear in shared libraries or PIE
executables, but they can also appear when linking statically if some
of the object files being linked were built as PIC/PIE.

normally libssp_nonshared.a from the compiler toolchain should provide
__stack_chk_fail_local, but reportedly it appears prior to -lc in the
link order, thus failing to satisfy references from libc itself (which
arise only if libc.a was built as PIC/PIE with stack protector
enabled).
2015-06-20 03:01:07 +00:00
Rich Felker
ce3688eca9 work around mips detached thread exit breakage due to kernel regression
linux kernel commit 46e12c07b3b9603c60fc1d421ff18618241cb081 caused
the mips syscall mechanism to fail with EFAULT when the userspace
stack pointer is invalid, breaking __unmapself used for detached
thread exit. the workaround is to set $sp to a known-valid, readable
address, and the simplest one to obtain is the address of the current
function, which is available (per o32 calling convention) in $25.
2015-06-20 02:54:30 +00:00
Rich Felker
75eceb3ae8 ignore ENOSYS error from mprotect in pthread_create and dynamic linker
this error simply indicated a system without memory protection (NOMMU)
and should not cause failure in the caller.
2015-06-17 17:21:46 +00:00
Rich Felker
10d0268ccf switch to using trap number 31 for syscalls on sh
nominally the low bits of the trap number on sh are the number of
syscall arguments, but they have never been used by the kernel, and
some code making syscalls does not even know the number of arguments
and needs to pass an arbitrary high number anyway.

sh3/sh4 traditionally used the trap range 16-31 for syscalls, but part
of this range overlapped with hardware exceptions/interrupts on sh2
hardware, so an incompatible range 32-47 was chosen for sh2.

using trap number 31 everywhere, since it's in the existing sh3/sh4
range and does not conflict with sh2 hardware, is a proposed
unification of the kernel syscall convention that will allow binaries
to be shared between sh2 and sh3/sh4. if this is not accepted into the
kernel, we can refit the sh2 target with runtime selection mechanisms
for the trap number, but doing so would be invasive and would entail
non-trivial overhead.
2015-06-16 15:25:02 +00:00
Rich Felker
3366a99b17 switch sh port's __unmapself to generic version when running on sh2/nommu
due to the way the interrupt and syscall trap mechanism works,
userspace on sh2 must never set the stack pointer to an invalid value.
thus, the approach used on most archs, where __unmapself executes with
no stack for the interval between SYS_munmap and SYS_exit, is not
viable on sh2.

in order not to pessimize sh3/sh4, the sh asm version of __unmapself
is not removed. instead it's renamed and redirected through code that
calls either the generic (safe) __unmapself or the sh3/sh4 asm,
depending on compile-time and run-time conditions.
2015-06-16 14:55:06 +00:00
Rich Felker
f9d84554ba add support for sh2 interrupt-masking-based atomics to sh port
the sh2 target is being considered an ISA subset of sh3/sh4, in the
sense that binaries built for sh2 are intended to be usable on later
cpu models/kernels with mmu support. so rather than hard-coding
sh2-specific atomics, the runtime atomic selection mechanisms that was
already in place has been extended to add sh2 atomics.

at this time, the sh2 atomics are not SMP-compatible; since the ISA
lacks actual atomic operations, the new code instead masks interrupts
for the duration of the atomic operation, producing an atomic result
on single-core. this is only possible because the kernel/hardware does
not impose protections against userspace doing so. additional changes
will be needed to support future SMP systems.

care has been taken to avoid producing significant additional code
size in the case where it's known at compile-time that the target is
not sh2 and does not need sh2-specific code.
2015-06-16 14:38:41 +00:00
Rich Felker
1b0cdc8700 refactor stdio open file list handling, move it out of global libc struct
functions which open in-memory FILE stream variants all shared a tail
with __fdopen, adding the FILE structure to stdio's open file list.
replacing this common tail with a function call reduces code size and
duplication of logic. the list is also partially encapsulated now.

function signatures were chosen to facilitate tail call optimization
and reduce the need for additional accessor functions.

with these changes, static linked programs that do not use stdio no
longer have an open file list at all.
2015-06-16 07:11:19 +00:00
Rich Felker
f22a9edaf8 byte-based C locale, phase 3: make MB_CUR_MAX variable to activate code
this patch activates the new byte-based C locale (high bytes treated
as abstract code unit "characters" rather than decoded as multibyte
characters) by making the value of MB_CUR_MAX depend on the active
locale. for the C locale, the LC_CTYPE category pointer is null,
yielding a value of 1. all other locales yield a value of 4.
2015-06-16 06:18:00 +00:00
Rich Felker
16f18d036d byte-based C locale, phase 2: stdio and iconv (multibyte callers)
this patch adjusts libc components which use the multibyte functions
internally, and which depend on them operating in a particular
encoding, to make the appropriate locale changes before calling them
and restore the calling thread's locale afterwards. activating the
byte-based C locale without these changes would cause regressions in
stdio and iconv.

in the case of iconv, the current implementation was simply using the
multibyte functions as UTF-8 conversions. setting a multibyte UTF-8
locale for the duration of the iconv operation allows the code to
continue working.

in the case of stdio, POSIX requires that FILE streams have an
encoding rule bound at the time of setting wide orientation. as long
as all locales, including the C locale, used the same encoding,
treating high bytes as UTF-8, there was no need to store an encoding
rule as part of the stream's state.

a new locale field in the FILE structure points to the locale that
should be made active during fgetwc/fputwc/ungetwc on the stream. it
cannot point to the locale active at the time the stream becomes
oriented, because this locale could be mutable (the global locale) or
could be destroyed (locale_t objects produced by newlocale) before the
stream is closed. instead, a pointer to the static C or C.UTF-8 locale
object added in commit commit aeeac9ca54
is used. this is valid since categories other than LC_CTYPE will not
affect these functions.
2015-06-16 06:10:29 +00:00
Rich Felker
1507ebf837 byte-based C locale, phase 1: multibyte character handling functions
this patch makes the functions which work directly on multibyte
characters treat the high bytes as individual abstract code units
rather than as multibyte sequences when MB_CUR_MAX is 1. since
MB_CUR_MAX is presently defined as a constant 4, all of the new code
added is dead code, and optimizing compilers' code generation should
not be affected at all. a future commit will activate the new code.

as abstract code units, bytes 0x80 to 0xff are represented by wchar_t
values 0xdf80 to 0xdfff, at the end of the surrogates range. this
ensures that they will never be misinterpreted as Unicode characters,
and that all wctype functions return false for these "characters"
without needing locale-specific logic. a high range outside of Unicode
such as 0x7fffff80 to 0x7fffffff was also considered, but since C11's
char16_t also needs to be able to represent conversions of these
bytes, the surrogate range was the natural choice.
2015-06-16 05:28:48 +00:00
Rich Felker
38e2f72723 fix btowc corner case
btowc is required to interpret its argument by conversion to unsigned
char, unless the argument is equal to EOF. since the conversion to
produces a non-character value anyway, we can just unconditionally
convert, for now.
2015-06-16 04:21:38 +00:00
Szabolcs Nagy
ee59c296d5 arm: add vdso support
vdso will be available on arm in linux v4.2, the user-space code
for it is in kernel commit 8512287a8165592466cb9cb347ba94892e9c56a5
2015-06-14 04:23:20 +00:00
Rich Felker
e3bc22f1ef refactor malloc's expand_heap to share with __simple_malloc
this extends the brk/stack collision protection added to full malloc
in commit 276904c2f6 to also protect the
__simple_malloc function used in static-linked programs that don't
reference the free function.

it also extends support for using mmap when brk fails, which full
malloc got in commit 5446303328, to
__simple_malloc.

since __simple_malloc may expand the heap by arbitrarily large
increments, the stack collision detection is enhanced to detect
interval overlap rather than just proximity of a single address to the
stack. code size is increased a bit, but this is partly offset by the
sharing of code between the two malloc implementations, which due to
linking semantics, both get linked in a program that needs the full
malloc with realloc/free support.
2015-06-14 01:59:02 +00:00
Rich Felker
4ef9b828c1 remove cancellation points in stdio
commit 5816592389 added these optional
cancellation points on the basis that cancellable stdio could be
useful, to unblock threads stuck on stdio operations that will never
complete. however, the only way to ensure that cancellation can
achieve this is to violate the rules for side effects when
cancellation is acted upon, discarding knowledge of any partial data
transfer already completed. our implementation exhibited this behavior
and was thus non-conforming.

in addition to improving correctness, removing these cancellation
points moderately reduces code size, and should significantly improve
performance on i386, where sysenter/syscall instructions can be used
instead of "int $128" for non-cancellable syscalls.
2015-06-13 20:53:02 +00:00
Rich Felker
536c6d5a42 fix idiom for setting stdio stream orientation to wide
the old idiom, f->mode |= f->mode+1, was adapted from the idiom for
setting byte orientation, f->mode |= f->mode-1, but the adaptation was
incorrect. unless the stream was alreasdy set byte-oriented, this code
incremented f->mode each time it was executed, which would eventually
lead to overflow. it could be fixed by changing it to f->mode |= 1,
but upcoming changes will require slightly more work at the time of
wide orientation, so it makes sense to just call fwide. as an
optimization in the single-character functions, fwide is only called
if the stream is not already wide-oriented.
2015-06-13 05:17:16 +00:00
Rich Felker
f8f565df46 add printing of null %s arguments as "(null)" in wide printf
this is undefined, but supported in our implementation of the normal
printf, so for consistency the wide variant should support it too.
2015-06-13 04:42:38 +00:00
Rich Felker
f9e25d8138 add %m support to wide printf 2015-06-13 04:37:27 +00:00
Rich Felker
ec634aad91 add sh asm for vfork 2015-06-11 05:01:04 +00:00
Rich Felker
c30cbcb0a6 implement arch-generic version of __unmapself
this can be used to put off writing an asm version of __unmapself for
new archs, or as a permanent solution on archs where it's not
practical or even possible to run momentarily with no stack.

the concept here is simple: the caller takes a lock on a global shared
stack and uses it to make the munmap and exit syscalls. the only trick
is unlocking, which must be done after the thread exits, and this is
achieved by using the set_tid_address syscall to have the kernel zero
and futex-wake the lock word as part of the exit syscall.
2015-06-10 02:27:40 +00:00
Rich Felker
276904c2f6 in malloc, refuse to use brk if it grows into stack
the linux/nommu fdpic ELF loader sets up the brk range to overlap
entirely with the main thread's stack (but growing from opposite
ends), so that the resulting failure mode for malloc is not to return
a null pointer but to start returning pointers to memory that overlaps
with the caller's stack. needless to say this extremely dangerous and
makes brk unusable.

since it's non-trivial to detect execution environments that might be
affected by this kernel bug, and since the severity of the bug makes
any sort of detection that might yield false-negatives unsafe, we
instead check the proximity of the brk to the stack pointer each time
the brk is to be expanded. both the main thread's stack (where the
real known risk lies) and the calling thread's stack are checked. an
arbitrary gap distance of 8 MB is imposed, chosen to be larger than
linux default main-thread stack reservation sizes and larger than any
reasonable stack configuration on nommu.

the effeciveness of this patch relies on an assumption that the amount
by which the brk is being grown is smaller than the gap limit, which
is always true for malloc's use of brk. reliance on this assumption is
why the check is being done in malloc-specific code and not in __brk.
2015-06-09 21:31:55 +00:00
Rich Felker
bd1eaceaa3 fix spurious errors from pwd/grp functions when nscd backend is absent
for several pwd/grp functions, the only way the caller can distinguish
between a successful negative result ("no such user/group") and an
internal error is by clearing errno before the call and checking errno
afterwards. the nscd backend support code correctly simulated a
not-found response on systems where such a backend is not running, but
failed to restore errno.

this commit also fixed an outdated/incorrect comment.
2015-06-09 20:15:49 +00:00
Rich Felker
75ce450395 fix regression in pre-v7 arm on kernels with kuser helper removed
the arm atomics/TLS runtime selection code is called from
__set_thread_area and depends on having libc.auxv and __hwcap
available. commit 71f099cb7d moved the
first call to __set_thread_area to the top of dynamic linking stage 3,
before this data is made available, causing the runtime detection code
to always see __hwcap as zero and thereby select the atomics/TLS
implementations based on kuser helper.

upcoming work on superh will use similar runtime detection.

ideally this early-init code should be cleanly refactored and shared
between the dynamic linker and static-linked startup.
2015-06-07 21:23:23 +00:00
Rich Felker
32f3c4f706 add multiple inclusion guard to locale_impl.h 2015-06-07 03:09:16 +00:00
Rich Felker
04b8360adb remove redefinition of MB_CUR_MAX in locale_impl.h
unless/until the byte-based C locale is implemented, defining
MB_CUR_MAX to 1 in the C locale is wrong. no internal code currently
uses the MB_CUR_MAX macro, but having it defined inconsistently is
error-prone. applications get the value from stdlib.h and were
unaffected.
2015-06-07 02:59:49 +00:00
Rich Felker
16bf466532 make static C and C.UTF-8 locales available outside of newlocale 2015-06-06 18:53:02 +00:00
Rich Felker
312eea2ea4 remove another invalid skip of locking in ungetwc 2015-06-06 18:20:30 +00:00
Rich Felker
3d7e32d28d add macro version of ctype.h isascii function
presumably internal code (ungetwc and fputwc) was written assuming a
macro implementation existed; otherwise use of isascii is just a
pessimization.
2015-06-06 18:16:22 +00:00
Rich Felker
7e816a6487 remove invalid skip of locking in ungetwc
aside from being invalid, the early check only optimized the error
case, and likely pessimized the common case by separating the
two branches on isascii(c) at opposite ends of the function.
2015-06-06 18:11:17 +00:00
Timo Teräs
63f4b9f18f fix uselocale((locale_t)0) not to modify locale
commit 68630b55c0 made the new locale to
be assigned unconditonally resulting in crashes later on.
2015-06-05 15:21:40 +00:00
Rich Felker
e6f09004af release 1.1.10 2015-06-04 16:08:24 -04:00
Rich Felker
b6a6cd703f fix dynamic linker regression processing R_*_NONE type relocations
commit f3ddd17380 inadvertently removed
the early check for "none" type relocations, causing the address
dso->base+0 to be dereferenced to obtain an addend. shared libraries,
(including libc.so) and PIE executables were unaffected, since their
base addresses are the actual address of their mappings and are
readable. non-PIE main executables, however, have a base address of 0
because their load addresses are absolute and not offset at load time.

in practice none-type relocations do not arise with toolchains that
are in use except on mips, and on mips it's moderately rare for a
non-PIE executable to have a relocation table, since the mips-specific
got processing serves in its place for most purposes.
2015-06-04 11:45:17 -04:00
Rich Felker
585ba14df4 add additional Makefile dependency rules for rcrt1.o PIE start file 2015-06-03 02:02:09 -04:00
Rich Felker
2b4fcfdacf fix failure of ungetc and ungetwc to work on files in eof status
these functions were written to handle clearing eof status, but failed
to account for the __toread function's handling of eof. with this
patch applied, __toread still returns EOF when the file is in eof
status, so that read operations will fail, but it also sets up valid
buffer pointers for read mode, which are set to the end of the buffer
rather than the beginning in order to make the whole buffer available
to ungetc/ungetwc.

minor changes to __uflow were needed since it's now possible to have
non-zero buffer pointers while in eof status. as made, these changes
remove a 'fast path' bypassing the function call to __toread, which
could be reintroduced with slightly different logic, but since
ordinary files have a syscall in f->read, optimizing the code path
does not seem worthwhile.

the __stdio_read function is also updated not to zero the read buffer
pointers on eof/error. while not necessary for correctness, this
change avoids the overhead of calling __toread in ungetc after
reaching eof, and it also reduces code size and increases consistency
with the fmemopen read operation which does not zero the pointers.
2015-05-29 00:04:36 -04:00