Commit Graph

2170 Commits

Author SHA1 Message Date
Rich Felker
76fbf6ad4b change sigset_t functions to restrict to _NSIG
the idea here is to avoid advertising signals that don't exist and to
make these functions safe to call (e.g. from within other parts of the
implementation) on fake sigset_t objects which do not have the HURD
padding.
2013-08-09 21:25:29 -04:00
Rich Felker
3c5c5e6f92 optimize posix_spawn to avoid spurious sigaction syscalls
the trick here is that sigaction can track for us which signals have
ever had a signal handler set for them, and only those signals need to
be considered for reset. this tracking mask may have false positives,
since it is impossible to remove bits from it without race conditions.
false negatives are not possible since the mask is updated with atomic
operations prior to making the sigaction syscall.

implementation-internal signals are set to SIG_IGN rather than SIG_DFL
so that a signal raised in the parent (e.g. calling pthread_cancel on
the thread executing pthread_spawn) does not have any chance make it
to the child, where it would cause spurious termination by signal.

this change reduces the minimum/typical number of syscalls in the
child from around 70 to 4 (including execve). this should greatly
improve the performance of posix_spawn and other interfaces which use
it (popen and system).

to facilitate these changes, sigismember is also changed to return 0
rather than -1 for invalid signals, and to return the actual status of
implementation-internal signals. POSIX allows but does not require an
error on invalid signal numbers, and in fact returning an error tends
to confuse applications which wrongly assume the return value of
sigismember is boolean.
2013-08-09 21:03:47 -04:00
Rich Felker
65d7aa4dfd fix missing errno from exec failure in posix_spawn
failures prior to the exec attempt were reported correctly, but on
exec failure, the return value contained junk.
2013-08-09 20:04:05 -04:00
Rich Felker
9848e64819 block all signals, even implementation-internal ones, in faccessat child
the child process's stack may be insufficient size to support a signal
frame, and there is no reason these signal handlers should run in the
child anyway.
2013-08-09 19:56:53 -04:00
Rich Felker
d4d6d6f322 block signals during fork
there are several reasons for this. some of them are related to race
conditions that arise since fork is required to be async-signal-safe:
if fork or pthread_create is called from a signal handler after the
fork syscall has returned but before the subsequent userspace code has
finished, inconsistent state could result. also, there seem to be
kernel and/or strace bugs related to arrival of signals during fork,
at least on some versions, and simply blocking signals eliminates the
possibility of such bugs.
2013-08-08 23:17:05 -04:00
Rich Felker
72482f9020 work around libraries with versioned symbols in dynamic linker
this commit does not add versioning support; it merely fixes incorrect
lookups of symbols in libraries that contain versioned symbols.
previously, the version information was completely ignored, and
empirically this seems to have resulted in the oldest version being
chosen, but I am uncertain if that behavior was even reliable.

the new behavior being introduced is to completely ignore symbols
which are marked "hidden" (this seems to be the confusing nomenclature
for non-current-version) when versioning is present. this should solve
all problems related to libraries with symbol versioning as long as
all binaries involved are up-to-date (compatible with the
latest-version symbols), and it's the needed behavior for dlsym under
all circumstances.
2013-08-08 16:10:35 -04:00
rofl0r
e28c2ecae4 sys/personality.h: add missing C++ compat 2013-08-08 20:57:35 +02:00
rofl0r
6a0aa82f51 sys/personality.h: add missing macros 2013-08-08 20:39:54 +02:00
Rich Felker
19b4a0a20e add Big5 charset support to iconv
at this point, it is just the common base charset equivalent to
Windows CP 950, with no further extensions. HKSCS and possibly other
supersets will be added later. other aliases may need to be added too.
2013-08-07 13:16:14 -04:00
Rich Felker
983acebc8a make fcvt decimal point location for zero make more sense
the (obsolete) standard allows either 0 or 1 for the decimal point
location in this case, but since the number of zero digits returned in
the output string (in this implementation) is one more than the number
of digits the caller requested, it makes sense for the decimal point
to be logically "after" the first digit. in a sense, this change goes
with the previous commit which fixed the value of the decimal point
location for non-zero inputs.
2013-08-07 11:19:11 -04:00
Rich Felker
a0cc022cc7 fix ecvt/fcvt decimal point position output
these functions are obsolete and have no modern standard. the text in
SUSv2 is highly ambiguous, specifying that "negative means to the left
of the returned digits", which suggested to me that 0 would mean to
the right of the first digit. however, this does not agree with
historic practice, and the Linux man pages are more clear, specifying
that a negative value means "that the decimal point is to the left of
the start of the string" (in which case, 0 would mean the start of the
string, in accordance with historic practice).
2013-08-07 11:14:45 -04:00
Rich Felker
734062b298 iconv support for legacy Korean encodings
like for other character sets, stateful iso-2022 form is not supported
yet but everything else should work. all charset aliases are treated
the same, as Windows codepage 949, because reportedly the EUC-KR
charset name is in widespread (mis?)usage in email and on the web for
data which actually uses the extended characters outside the standard
93x94 grid. this could easily be changed if desired.

the principle of this converter for handling the giant bulk of rare
Hangul syllables outside of the standard KS X 1001 93x94 grid is the
same as the GB18030 converter's treatment of non-explicitly-coded
Unicode codepoints: sequences in the extension range are mapped to an
integer index N, and the converter explicitly computes the Nth Hangul
syllable not explicitly encoded in the character map. empirically,
this requires at most 7 passes over the grid. this approach reduces
the table size required for Korean legacy encodings from roughly 44k
to 17k and should have minimal performance impact on real-world text
conversions since the "slow" characters are rare. where it does have
impact, the cost is merely a large constant time factor.
2013-08-05 13:14:17 -04:00
Rich Felker
a7f18a5529 have new timer threads unblock their own SIGTIMER
unblocking it in the pthread_once init function is not sufficient,
since multiple threads, some of them with the signal blocked, could
already exist before this is called; timers started from such threads
would be non-functional.
2013-08-03 17:10:42 -04:00
Rich Felker
7c6c290695 add system for resetting TLS to initial values
this is needed for reused threads in the SIGEV_THREAD timer
notification system, and could be reused elsewhere in the future if
needed, though it should be refactored for such use.

for static linking, __init_tls.c is simply modified to export the TLS
info in a structure with external linkage, rather than using statics.
this perhaps makes the code more clear, since the statics were poorly
named for statics. the new __reset_tls.c is only linked if it is used.

for dynamic linking, the code is in dynlink.c. sharing code with
__copy_tls is not practical since __reset_tls must also re-zero
thread-local bss.
2013-08-03 16:27:30 -04:00
Rich Felker
7356c2554e fix multiple bugs in SIGEV_THREAD timers
1. the thread result field was reused for storing a kernel timer id,
but would be overwritten if the application code exited or cancelled
the thread.

2. low pointer values were used as the indicator that the timer id is
a kernel timer id rather than a thread id. this is not portable, as
mmap may return low pointers on some conditions. instead, use the fact
that pointers must be aligned and kernel timer ids must be
non-negative to map pointers into the negative integer space.

3. signals were not blocked until after the timer thread started, so a
race condition could allow a signal handler to run in the timer thread
when it's not supposed to exist. this is mainly problematic if the
calling thread was the only thread where the signal was unblocked and
the signal handler assumes it runs in that thread.
2013-08-03 13:20:42 -04:00
Rich Felker
14012b91f2 add some new linux AT_* flags 2013-08-03 03:20:56 -04:00
Rich Felker
0a05eace16 fix faccessat to support AT_EACCESS flag
this is another case of the kernel syscall failing to support flags
where it needs to, leading to horrible workarounds in userspace. this
time the workaround requires changing uid/gid, and that's not safe to
do in the current process. in the worst case, kernel resource limits
might prevent recovering the original values, and then there would be
no way to safely return. so, use the safe but horribly inefficient
alternative: forking. clone is used instead of fork to suppress
signals from the child.

fortunately this worst-case code is only needed when effective and
real ids mismatch, which mainly happens in suid programs.
2013-08-03 03:16:24 -04:00
Rich Felker
89384f78ce collapse euidaccess to a call to faccessat
it turns out Linux is buggy for faccessat, just like fchmodat: the
kernel does not actually take a flags argument. so we're going to have
to emulate it there.
2013-08-03 02:28:35 -04:00
Rich Felker
f0ceb5abd9 add prototypes for euidaccess/eaccess 2013-08-03 02:18:19 -04:00
Rich Felker
a89aaee110 add legacy euidaccess function and eaccess alias for it
this is mainly for ABI compat purposes.
2013-08-03 02:15:45 -04:00
Rich Felker
d3a98ff69a make tdestroy allow null function pointer if no destructor is needed
this change is to align with a change in the glibc interface.
2013-08-02 21:20:33 -04:00
Rich Felker
2d2da648f6 fix aliasing violations in tsearch functions
patch by nsz. the actual object the caller has storing the tree root
has type void *, so accessing it as struct node * is not valid.
instead, simply access the value, move it to a temporary of the
appropriate type and work from there, then move the result back.
2013-08-02 21:13:16 -04:00
Rich Felker
86cc54b577 protect against long double type mismatches (mainly powerpc for now)
check in configure to be polite (failing early if we're going to fail)
and in vfprintf.c since that is the point at which a mismatching type
would be extremely dangerous.
2013-08-02 19:34:22 -04:00
Rich Felker
2f820f3b1f add legacy function valloc
it was already declared in stdlib.h, but not defined anywhere.
2013-08-02 18:34:39 -04:00
Rich Felker
2e5dfa515f fix feature test macro logic for _BSD_SOURCE
in several places, _BSD_SOURCE was not even implying POSIX, resulting
in it being subtractive rather than additive (compared to the default
features).
2013-08-02 18:14:44 -04:00
Rich Felker
0c7294ef30 add wcsftime_t alias
this is a nonstandard extension.
2013-08-02 18:05:56 -04:00
Rich Felker
feff6b43e5 add missing c++ extern "C" wrapping to link.h 2013-08-02 16:52:17 -04:00
Rich Felker
9ca1f62b0c make fchdir, fchmod, fchown, and fstat support O_PATH file descriptors
on newer kernels, fchdir and fstat work anyway. this same fix should
be applied to any other syscalls that are similarly affected.

with this change, the current definitions of O_SEARCH and O_EXEC as
O_PATH are mostly conforming to POSIX requirements. the main remaining
issue is that O_NOFOLLOW has different semantics.
2013-08-02 13:33:31 -04:00
Rich Felker
c8c0844f7f debloat code that depends on /proc/self/fd/%d with shared function
I intend to add more Linux workarounds that depend on using these
pathnames, and some of them will be in "syscall" functions that, from
an anti-bloat standpoint, should not depend on the whole snprintf
framework.
2013-08-02 12:59:45 -04:00
Rich Felker
0dc4824479 work around linux's lack of flags argument to fchmodat syscall
previously, the AT_SYMLINK_NOFOLLOW flag was ignored, giving
dangerously incorrect behavior -- the target of the symlink had its
modes changed to the modes (usually 0777) intended for the symlink).
this issue was amplified by the fact that musl provides lchmod, as a
wrapper for fchmodat, which some archival programs take as a sign that
symlink modes are supported and thus attempt to use.

emulating AT_SYMLINK_NOFOLLOW was a difficult problem, and I
originally believed it could not be solved, at least not without
depending on kernels newer than 3.5.x or so where O_PATH works halfway
well. however, it turns out that accessing O_PATH file descriptors via
their pseudo-symlink entries in /proc/self/fd works much better than
trying to use the fd directly, and works even on older kernels.
moreover, the kernel has permanently pegged these references to the
inode obtained by the O_PATH open, so there should not be race
conditions with the file being moved, deleted, replaced, etc.
2013-08-02 12:25:32 -04:00
Rich Felker
3e3753c1a8 move RPATH search after LD_LIBRARY_PATH search
this is the modern way, and the only way that makes any sense. glibc
has this complicated mechanism with RPATH and RUNPATH that controls
whether RPATH is processed before or after LD_LIBRARY_PATH, presumably
to support legacy binaries, but there is no compelling reason to
support this, and better behavior is obtained by just fixing the
search order.
2013-08-02 10:02:29 -04:00
Rich Felker
78c6d30fd3 provide useless 64-bit fcntl macros with _LARGEFILE64_SOURCE
this is all useless but part of the API, which is part of the
_GNU_SOURCE API, so something may need them.
2013-08-02 10:00:09 -04:00
Rich Felker
8d01dfc72a if map_library has allocated a buffer for phdrs, free it on success too
this fixes an oversight in the previous commit.
2013-08-02 09:59:02 -04:00
Rich Felker
d5884a574c improve error handling in map_library and support long phdrs
previously, errno could be meaningless when the caller wrote it to the
dlerror string or stderr. try to make it meaningful. also, fix
incorrect check for over-long program headers and instead actually
support them by allocating memory if needed.
2013-08-02 09:56:49 -04:00
Rich Felker
7443dd271c fix uninitialized dyn variable in map_library
this can only happen for invalid library files, but they were not
detected reliably because the variable was uninitialized.
2013-08-02 09:25:12 -04:00
Rich Felker
38f44d6923 fix (deprecated) mktemp logic and update it to match other temp functions
the access function cannot be used to check for existence, because it
operates using real uid/gid rather than effective to determine
accessibility; this matters for the non-final path components.
instead, use stat. failure of stat is success if only the final
component is missing (ENOENT) and otherwise is failure.
2013-08-02 01:06:53 -04:00
Rich Felker
9a97d103fb remove (no longer useful) namespace-protected __mktemp symbol 2013-08-02 00:52:50 -04:00
Rich Felker
c4685ae429 make mkdtemp and mkstemp family leave template unchanged on fail
also refactor mkdtemp based on new shared temp code, removing
dependency on the deprecated mktemp, whose behavior made this logic
more difficult.
2013-08-02 00:48:48 -04:00
Rich Felker
926272ddff optimized memset asm for i386 and x86_64
the concept of both versions is the same; they differ only in details.
for long runs, they use "rep movsl" or "rep movsq", and for small
runs, they use a trick, writing from both ends towards the middle,
that reduces the number of branches needed. in addition, if memset is
called multiple times with the same length, all branches will be
predicted; there are no loops.

for larger runs, there are likely faster approaches than "rep", at
least on some cpu models. for 32-bit, it's unlikely that there is any
faster approach that does not require non-baseline instructions; doing
anything fancier would require inspecting cpu capabilities. for
64-bit, there may very well be faster versions that work on all
models; further optimization could be explored in the future.

with these changes, memset is anywhere between 50% faster and 6 times
faster, depending on the cpu model and the length and alignment of the
destination buffer.
2013-08-01 21:44:43 -04:00
Rich Felker
4a1f55e92f work around gcc 4.8's generation of self-referential mem* functions at -O3 2013-08-01 17:12:23 -04:00
Rich Felker
5db951ef80 in pthread_getattr_np, use mremap rather than madvise to measure stack
the original motivation for this patch was that qemu (and possibly
other syscall emulators) nop out madvise, resulting in an infinite
loop. however, there is another benefit to this change: madvise may
actually undo an explicit madvise the application intended for its
stack, whereas the mremap operation is a true nop. the logic here is
that mremap must fail if it cannot resize the mapping in-place, and
the caller knows that it cannot resize in-place because it knows the
next page of virtual memory is already occupied.
2013-07-31 15:19:39 -04:00
Rich Felker
27593d3a35 fix theoretical out-of-bound access in dynamic linker
one of the arguments to memcmp may be shorter than the length l-3, and
memcmp is under no obligation not to access past the first byte that
differs. instead use strncmp which conveys the correct semantics. the
performance difference is negligible here and since the code is only
use for shared libc, both functions are already linked anyway.
2013-07-31 15:14:06 -04:00
Rich Felker
f8c376da95 prevent passing PT_INTERP name to dlopen from double-loading libc
the dev/inode for the main app and the dynamic linker ("interpreter")
are not available, so the subsequent checks don't work. in general we
don't want to make exact string matches to existing libraries prevent
loading new ones, since this breaks loading upgraded modules in
module-loading systems. so instead, special-case it.

the motivation for this fix is that calling dlopen on the names
returned by dl_iterate_phdr or walking the link map (obtained by
dlinfo) seem to be the only methods available to an application to
actually get a list of open dso handles.
2013-07-31 14:59:36 -04:00
Rich Felker
339516addb add some sanity checks in dynamic loader code
reject elf files which are not ET_EXEC/ET_DYN type as bad exec format,
and reject ET_EXEC files when they cannot be loaded at the correct
address, since they are not relocatable at runtime. the main practical
benefit of this is to make dlopen of the main program fail rather than
producing an unsafe-to-use handle.
2013-07-31 14:42:08 -04:00
Rich Felker
c4f49a6a72 fix bug where read error was treated as success reading library headers 2013-07-31 14:05:41 -04:00
Rich Felker
d0c6cb05e7 don't call null pointer if DT_INIT/DT_FINI are null
it's not clear to me why the linker even outputs these headers if they
are null, but apparently it does so. with the default startfiles, they
will never be null anyway, but this patch allows eliminating crti,
crtn, crtbegin, and crtend (leaving only crt1) if the toolchain is
using init_array/fini_array (or for a C-only, no-ctor environment).
2013-07-31 00:04:10 -04:00
Rich Felker
9a8d7bee80 add macros for new(ish) prctl commands 2013-07-30 18:15:50 -04:00
Rich Felker
9932505b68 fix some prctl macros that were incorrectly copied into this file 2013-07-30 13:04:31 -04:00
Timo Teräs
48748143a3 use separate sigaction buffers for old and new data
in signal() it is needed since __sigaction uses restrict in parameters
and sharing the buffer is technically an aliasing error. do the same
for the syscall, as at least qemu-user does not handle it properly.
2013-07-30 09:14:56 -04:00
Rich Felker
372a948b81 release notes for 0.9.12 2013-07-29 03:20:08 -04:00