new in linux v3.17 commit 40e041a2c858b3caefc757e26cb85bfceae5062b
sealing allows some operations to be blocked on a file which makes
file access safer when fds are shared between processes (only
supported for shared mem fds currently)
flags:
F_SEAL_SEAL prevents further sealing
F_SEAL_SHRINK prevents file from shrinking
F_SEAL_GROW prevents file from growing
F_SEAL_WRITE prevents writes
fcntl commands:
F_GET_SEALS get the current seal flags
F_ADD_SEALS add new seal flags
as a result of commit ab8f6a6e42, this
definition is now equivalent to the actual "default profile" which
appears immediately below in features.h, and which defines both
_BSD_SOURCE and _XOPEN_SOURCE.
the intent of providing a _DEFAULT_SOURCE, which glibc also now
provides, is to give applications a way to "get back" the default
feature profile when it was lost either by compiler flags that inhibit
it (such as -std=c99) or by library-provided predefined macros (such
as -D_POSIX_C_SOURCE=200809L) which may inhibit exposure of features
that were otherwise visible by default and which the application may
need. without _DEFAULT_SOURCE, the application had encode knowledge of
a particular libc's defaults, and such knowledge was fragile and
subject to bitrot.
eventually the names _GNU_SOURCE and _BSD_SOURCE should be phased out
in favor of the more-descriptive and more-accurate _ALL_SOURCE and
_DEFAULT_SOURCE, leaving the old names as aliases but using the new
ones internally. however this is a more invasive change that would
require extensive regression testing, so it is deferred.
the vast majority of these failures seem to have been oversights at
the time _BSD_SOURCE was added, or perhaps shortly afterward. the one
which may have had some reason behind it is omission of setpgrp from
the _BSD_SOURCE feature profile, since the standard setpgrp interface
conflicts with a legacy (pre-POSIX) BSD interface by the same name.
however, such omission is not aligned with our general policy in this
area (for example, handling of similar _GNU_SOURCE cases) and should
not be preserved.
open file description locks are inherited across fork and only auto
dropped after the last fd of the file description is closed, they can be
used to synchronize between threads that open separate file descriptions
for the same file.
new in linux 3.15 commit 0d3f7a2dd2f5cf9642982515e020c1aee2cf7af6
based on patch by Jens Gustedt.
mtx_t and cnd_t are defined in such a way that they are formally
"compatible types" with pthread_mutex_t and pthread_cond_t,
respectively, when accessed from a different translation unit. this
makes it possible to implement the C11 functions using the pthread
functions (which will dereference them with the pthread types) without
having to use the same types, which would necessitate either namespace
violations (exposing pthread type names in threads.h) or incompatible
changes to the C++ name mangling ABI for the pthread types.
for the rest of the types, things are much simpler; using identical
types is possible without any namespace considerations.
there is no blksize64_t (blksize_t is always long) but there are
fsblkcnt64_t and fsfilcnt64_t types in sys/stat.h and sys/types.h.
and glob.h missed glob64_t.
this function is needed for some important practical applications of
ABI compatibility, and may be useful for supporting some non-portable
software at the source level too.
I was hesitant to add a function which imposes any constraints on
malloc internals; however, it turns out that any malloc implementation
which has realloc must already have an efficient way to determine the
size of existing allocations, so no additional constraint is imposed.
for now, some internal malloc definitions are duplicated in the new
source file. if/when malloc is refactored to put them in a shared
internal header file, these could be removed.
since malloc_usable_size is conventionally declared in malloc.h, the
empty stub version of this file was no longer suitable. it's updated
to provide the standard allocator functions, nonstandard ones (even if
stdlib.h would not expose them based on the feature test macros in
effect), and any malloc-extension functions provided (currently, only
malloc_usable_size).
unfortunately this needs to be able to vary by arch, because of a huge
mess GCC made: the GCC definition, which became the ABI, depends on
quirks in GCC's definition of __alignof__, which does not match the
formal alignment of the type.
GCC's __alignof__ unexpectedly exposes the an implementation detail,
its "preferred alignment" for the type, rather than the formal/ABI
alignment of the type, which it only actually uses in structures. on
most archs the two values are the same, but on some (at least i386)
the preferred alignment is greater than the ABI alignment.
I considered using _Alignas(8) unconditionally, but on at least one
arch (or1k), the alignment of max_align_t with GCC's definition is
only 4 (even the "preferred alignment" for these types is only 4).
ETH_P_80221 is ethertype for IEEE Std 802.21 - Media Independent Handover Protocol
introduced in linux 3.15 commit b62faf3cdc875a1ac5a10696cf6ea0b12bab1596
ETH_P_LOOPBACK is the correct packet type for loopback in IEEE 802.3*
introduced in linux 3.15 commit 61ccbb684421d374fdcd7cf5d6b024b06f03ce4e
some defines were shuffled to be in ascending order and match the kernel header
this function provides a way for third-party library code to use the
same logic that's used internally in libc for suppressing untrusted
input/state (e.g. the environment) when the application is running
with privleges elevated by the setuid or setgid bit or some other
mechanism. its semantics are intended to match the openbsd function by
the same name.
there was some question as to whether this function is necessary:
getauxval(AT_SECURE) was proposed as an alternative. however, this has
several drawbacks. the most obvious is that it asks programmers to be
aware of an implementation detail of ELF-based systems (the aux
vector) rather than simply the semantic predicate to be checked. and
trying to write a safe, reliable version of issetugid in terms of
getauxval is difficult. for example, early versions of the glibc
getauxval did not report ENOENT, which could lead to false negatives
if AT_SECURE was not present in the aux vector (this could probably
only happen when running on non-linux kernels under linux emulation,
since glibc does not support linux versions old enough to lack
AT_SECURE). as for musl, getauxval has always properly reported
errors, but prior to commit 7bece9c209,
the musl implementation did not emulate AT_SECURE if missing, which
would result in a false positive. since musl actually does partially
support kernels that lack AT_SECURE, this was problematic.
the intent is that library authors will use issetugid if its
availability is detected at build time, and only fall back to the
unreliable alternatives on systems that lack it.
patch by Brent Cook. commit message/rationale by Rich Felker.
With the exception of a fenv implementation, the port is fully featured.
The port has been tested in or1ksim, the golden reference functional
simulator for OpenRISC 1000.
It passes all libc-test tests (except the math tests that
requires a fenv implementation).
The port assumes an or1k implementation that has support for
atomic instructions (l.lwa/l.swa).
Although it passes all the libc-test tests, the port is still
in an experimental state, and has yet experienced very little
'real-world' use.
this issue affected the prioritynames and facilitynames arrays which
are only provided when requested (usually by syslogd implementations)
and which are presently defined as compound literals. the aliasing
violation seems to have been introduced as a workaround for bad
behavior by gcc's -Wwrite-strings option, but it caused compilers to
completely optimize out the contents of prioritynames and
facilitynames since, under many usage cases, the aliasing rules prove
that the contents are never accessed.
these are not pure syscall wrappers because they have to work around
kernel API bugs on 64-bit archs. the workarounds could probably be
made somewhat more efficient, but at the cost of more complexity. this
may be revisited later.
for all address types, a scope_id specified as a decimal value is
accepted. for addresses with link-local scope, a string containing the
interface name is also accepted.
some changes are made to error handling to avoid unwanted fallbacks in
the case where the scope_id is invalid: if an earlier name lookup
backend fails with an error rather than simply "0 results", this
failure now suppresses any later attempts with other backends.
in getnameinfo, a light "itoa" type function is added for generating
decimal scope_id results, and decimal port strings for services are
also generated using this function now so as not to pull in the
dependency on snprintf.
in netdb.h, a definition for the NI_NUMERICSCOPE flag is added. this
is required by POSIX (it was previously missing) and needed to allow
callers to suppress interface-name lookups.
from linux/in.h and linux/in6.h uapi headers the following
missing socket options were added:
IP_NODEFRAG - used with customized ipv4 headers
IPV6_RECVPATHMTU - for ipv6 path mtu
IPV6_PATHMTU - for ipv6 path mtu
IPV6_DONTFRAG - for ipv6 path mtu
IPV6_ADDR_PREFERENCES - RFC5014 Source Address Selection
IPV6_MINHOPCOUNT - RFC5082 Generalized TTL Security Mechanism
IPV6_ORIGDSTADDR - used by tproxy
IPV6_RECVORIGDSTADDR - used by tproxy
IPV6_TRANSPARENT - used by tproxy
IPV6_UNICAST_IF - ipv6 version of IP_UNICAST_IF
and socket option values:
IP_PMTUDISC_OMIT - value for IP_MTU_DISCOVER option, new in linux 3.14
IPV6_PMTUDISC_OMIT - same for IPV6_MTU_DISCOVER
IPV6_PMTUDISC_INTERFACE - ipv6 version of IP_PMTUDISC_INTERFACE
IPV6_PREFER_* - flags for IPV6_ADDR_PREFERENCES
not added: ipv6 flow info and flow label related definitions.
(it's unclear if libc should define these and namespace polluting
type name is involved so they are not provided for now)
linux 3.14 introduced sched_getattr and sched_setattr syscalls in
commit d50dde5a10f305253cbc3855307f608f8a3c5f73
and the related SCHED_DEADLINE scheduling policy in
commit aab03e05e8f7e26f51dee792beddcb5cca9215a5
but struct sched_attr "extended scheduling parameters data structure"
is not yet exported to userspace (necessary for using the syscalls)
so related uapi definitions are not added yet.
the main motivation for this change is that, with the previous
definition, it was arguably illegal, in standard C, to initialize both
si_value and si_pid/si_uid with designated initializers, due to the
rule that only one member of a union can have an initializer. whether
or not this affected real-world application code, it affected some
internal code, and clang was producing warnings (and possibly
generating incorrect code).
the new definition uses a more complex hierarchy of structs and unions
to avoid the need to initialize more than one member of a single union
in usage cases that make sense. further work would be needed to
eliminate even the ones with no practical applications.
at the same time, some fixes are made to the exposed names for
nonstandard fields, to match what software using them expects.
some of these may have been from ancient (pre-SUSv2) POSIX versions;
more likely, they were from POSIX drafts or glibc interpretations of
what ancient versions of POSIX should have added (instead they made
they described functionality mandatory and/or dropped it completely).
others are purely glibc-isms, many of them ill-thought-out, like
providing ways to lookup the min/max values of types at runtime
(despite the impossibility of them changing at runtime and the
impossibility of representing ULONG_MAX in a return value of type
long).
since our sysconf implementation does not support or return meaningful
values for any of these, it's harmful to have the macros around;
applications' build scripts may detect and attempt to use them, only
to get -1/EINVAL as a result.
if removing them does break some applications, and it's determined
that the usage was reasonable, some of these could be added back on an
as-needed basis, but they should return actual meaningful values, not
junk like they were returning before.
The mips arch is special in that it uses different RLIMIT_
numbers than other archs, so allow bits/resource.h to override
the default RLIMIT_ numbers (empty on all archs except mips).
Reported by orc.
in a sense this implementation is incomplete since it doesn't provide
the HWCAP_* macros for use with AT_HWCAP, which is perhaps the most
important intended usage case for getauxval. they will be added at a
later time.
the size and alignment of struct hsearch_data are matched to the glibc
definition for binary compatibility. the members of the structure do
not match, which should not be a problem as long as applications
correctly treat the structure as opaque.
unlike the glibc implementation, this version of hcreate_r does not
require the caller to zero-fill the structure before use.
the definition was found to be incorrect at least for powerpc, and
fixing this cleanly requires making the definition arch-specific. this
will allow cleaning up the definition for other archs to make it more
specific, and reversing some of the ugliness (time_t hacks) introduced
with the x32 port.
this first commit simply copies the existing definition to each arch
without any changes. this is intentional, to make it easier to review
changes made on a per-arch basis.
this was problematic because several archs don't define __WORDSIZE. we
could add it, but I would rather phase this macro out in the long
term. in our version of the headers, UINTPTR_MAX is available here, so
just use it instead.