metalefty/glibc
1
0
Fork 0
forked from rpms/glibc
Code Pull Requests Activity

import glibc-2.28-223.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-12-01 06:10:04 +00:00 committed by Stepan Oksanichenko
parent d7b7c4067c
commit b3063e390f
5 changed files with 527 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
SOURCES/glibc-rh2141989.patch Normal file
View File

@ -0,0 +1,101 @@
This change is equivalent to this upstream change:
commit 22a46dee24351fd5f4f188ad80554cad79c82524
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Nov 8 14:15:02 2022 +0100
Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771)
Old applications pass __IPC_64 as part of the command argument because
old glibc did not check for unknown commands, and passed through the
arguments directly to the kernel, without adding __IPC_64.
Applications need to continue doing that for old glibc compatibility,
so this commit enables this approach in current glibc.
For msgctl and shmctl, if no translation is required, make
direct system calls, as we did before the time64 changes. If
translation is required, mask __IPC_64 from the command argument.
For semctl, the union-in-vararg argument handling means that
translation is needed on all architectures.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The downstream versions of shmctl and msgctl did not produce
errors because they lacked a -1 error return path. There is no
translation requirement downstream on any architecture, so we
can remove the switch from shmctl and msgctl.
For semctl, we have to do the varargs translation, so this patch adds
the same masking as the upstream commit.
diff --git a/sysdeps/unix/sysv/linux/msgctl.c b/sysdeps/unix/sysv/linux/msgctl.c
index 3362f4562f58f28b..7280cba31a8815a2 100644
--- a/sysdeps/unix/sysv/linux/msgctl.c
+++ b/sysdeps/unix/sysv/linux/msgctl.c
@@ -29,20 +29,6 @@
int
__new_msgctl (int msqid, int cmd, struct msqid_ds *buf)
{
- switch (cmd)
- {
- case IPC_RMID:
- case IPC_SET:
- case IPC_STAT:
- case MSG_STAT:
- case MSG_STAT_ANY:
- case IPC_INFO:
- case MSG_INFO:
- break;
- default:
- __set_errno (EINVAL);
- return -1;
- }
#ifdef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
return INLINE_SYSCALL_CALL (msgctl, msqid, cmd | __IPC_64, buf);
#else
diff --git a/sysdeps/unix/sysv/linux/semctl.c b/sysdeps/unix/sysv/linux/semctl.c
index 03c56c69a5412c82..16d3f04fadd039ab 100644
--- a/sysdeps/unix/sysv/linux/semctl.c
+++ b/sysdeps/unix/sysv/linux/semctl.c
@@ -42,6 +42,13 @@ __new_semctl (int semid, int semnum, int cmd, ...)
union semun arg = { 0 };
va_list ap;
+ /* Some applications pass the __IPC_64 flag in cmd, to invoke
+ previously unsupported commands back when there was no EINVAL
+ error checking in glibc. Mask the flag for the switch statements
+ below. msgctl_syscall adds back the __IPC_64 flag for the actual
+ system call. */
+ cmd &= ~__IPC_64;
+
/* Get the argument only if required. */
switch (cmd)
{
diff --git a/sysdeps/unix/sysv/linux/shmctl.c b/sysdeps/unix/sysv/linux/shmctl.c
index 00768bc47614f9aa..25c5152944a6fcf3 100644
--- a/sysdeps/unix/sysv/linux/shmctl.c
+++ b/sysdeps/unix/sysv/linux/shmctl.c
@@ -33,22 +33,6 @@
int
__new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
{
- switch (cmd)
- {
- case IPC_RMID:
- case SHM_LOCK:
- case SHM_UNLOCK:
- case IPC_SET:
- case IPC_STAT:
- case SHM_STAT:
- case SHM_STAT_ANY:
- case IPC_INFO:
- case SHM_INFO:
- break;
- default:
- __set_errno (EINVAL);
- break;
- }
#ifdef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
return INLINE_SYSCALL_CALL (shmctl, shmid, cmd | __IPC_64, buf);
#else

354
SOURCES/glibc-rh2142937-1.patch Normal file
View File

@ -0,0 +1,354 @@
commit 2fe64148a81f0d78050c302f34a6853d21f7cae4
Author: DJ Delorie <dj@redhat.com>
Date: Mon Mar 28 23:53:33 2022 -0400
Allow for unpriviledged nested containers
If the build itself is run in a container, we may not be able to
fully set up a nested container for test-container testing.
Notably is the mounting of /proc, since it's critical that it
be mounted from within the same PID namespace as its users, and
thus cannot be bind mounted from outside the container like other
mounts.
This patch defaults to using the parent's PID namespace instead of
creating a new one, as this is more likely to be allowed.
If the test needs an isolated PID namespace, it should add the "pidns"
command to its init script.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Conflicts:
nss/tst-reload2.c
(not in RHEL-8)
support/Makefile
(RHEL-8 missing some routines in libsupport-routines)
diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
index f381cb0fa7e6b93d..45ac033a0f897088 100644
--- a/elf/tst-pldd.c
+++ b/elf/tst-pldd.c
@@ -85,6 +85,8 @@ in_str_list (const char *libname, const char *const strlist[])
static int
do_test (void)
{
+ support_need_proc ("needs /proc/sys/kernel/yama/ptrace_scope and /proc/$child");
+
/* Check if our subprocess can be debugged with ptrace. */
{
int ptrace_scope = support_ptrace_scope ();
diff --git a/nptl/tst-pthread-getattr.c b/nptl/tst-pthread-getattr.c
index 273b6073abe9cb60..f1c0b39f3a27724c 100644
--- a/nptl/tst-pthread-getattr.c
+++ b/nptl/tst-pthread-getattr.c
@@ -28,6 +28,8 @@
#include <unistd.h>
#include <inttypes.h>
+#include <support/support.h>
+
/* There is an obscure bug in the kernel due to which RLIMIT_STACK is sometimes
returned as unlimited when it is not, which may cause this test to fail.
There is also the other case where RLIMIT_STACK is intentionally set as
@@ -152,6 +154,8 @@ check_stack_top (void)
static int
do_test (void)
{
+ support_need_proc ("Reads /proc/self/maps to get stack size.");
+
pagesize = sysconf (_SC_PAGESIZE);
return check_stack_top ();
}
diff --git a/support/Makefile b/support/Makefile
index 636d69c4f8e7e139..e184fccbe7d2310c 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -59,6 +59,7 @@ libsupport-routines = \
support_format_hostent \
support_format_netent \
support_isolate_in_subprocess \
+ support_need_proc \
support_process_state \
support_ptrace \
support_openpty \
diff --git a/support/support.h b/support/support.h
index 96833bd4e992e6d3..1466eb29f840fa59 100644
--- a/support/support.h
+++ b/support/support.h
@@ -81,6 +81,11 @@ char *support_quote_string (const char *);
regular file open for writing, and initially empty. */
int support_descriptor_supports_holes (int fd);
+/* Predicates that a test requires a working /proc filesystem. This
+ call will exit with UNSUPPORTED if /proc is not available, printing
+ WHY_MSG as part of the diagnostic. */
+void support_need_proc (const char *why_msg);
+
/* Error-checking wrapper functions which terminate the process on
error. */
diff --git a/support/support_need_proc.c b/support/support_need_proc.c
new file mode 100644
index 0000000000000000..9b4eab7539b2d6c3
--- /dev/null
+++ b/support/support_need_proc.c
@@ -0,0 +1,35 @@
+/* Indicate that a test requires a working /proc.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <unistd.h>
+#include <support/check.h>
+#include <support/support.h>
+
+/* We test for /proc/self/maps since that's one of the files that one
+ of our tests actually uses, but the general idea is if Linux's
+ /proc/ (procfs) filesystem is mounted. If not, the process exits
+ with an UNSUPPORTED result code. */
+
+void
+support_need_proc (const char *why_msg)
+{
+#ifdef __linux__
+ if (access ("/proc/self/maps", R_OK))
+ FAIL_UNSUPPORTED ("/proc is not available, %s", why_msg);
+#endif
+}
diff --git a/support/test-container.c b/support/test-container.c
index 9975c8cb7bc9a955..2bce4db841ff7668 100644
--- a/support/test-container.c
+++ b/support/test-container.c
@@ -95,6 +95,7 @@ int verbose = 0;
* mytest.root/mytest.script has a list of "commands" to run:
syntax:
# comment
+ pidns <comment>
su
mv FILE FILE
cp FILE FILE
@@ -120,6 +121,8 @@ int verbose = 0;
details:
- '#': A comment.
+ - 'pidns': Require a separate PID namespace, prints comment if it can't
+ (default is a shared pid namespace)
- 'su': Enables running test as root in the container.
- 'mv': A minimal move files command.
- 'cp': A minimal copy files command.
@@ -143,7 +146,7 @@ int verbose = 0;
* Simple, easy to review code (i.e. prefer simple naive code over
complex efficient code)
- * The current implementation ist parallel-make-safe, but only in
+ * The current implementation is parallel-make-safe, but only in
that it uses a lock to prevent parallel access to the testroot. */
@@ -222,11 +225,37 @@ concat (const char *str, ...)
return bufs[n];
}
+/* Like the above, but put spaces between words. Caller frees. */
+static char *
+concat_words (char **words, int num_words)
+{
+ int len = 0;
+ int i;
+ char *rv, *p;
+
+ for (i = 0; i < num_words; i ++)
+ {
+ len += strlen (words[i]);
+ len ++;
+ }
+
+ p = rv = (char *) xmalloc (len);
+
+ for (i = 0; i < num_words; i ++)
+ {
+ if (i > 0)
+ p = stpcpy (p, " ");
+ p = stpcpy (p, words[i]);
+ }
+
+ return rv;
+}
+
/* Try to mount SRC onto DEST. */
static void
trymount (const char *src, const char *dest)
{
- if (mount (src, dest, "", MS_BIND, NULL) < 0)
+ if (mount (src, dest, "", MS_BIND | MS_REC, NULL) < 0)
FAIL_EXIT1 ("can't mount %s onto %s\n", src, dest);
}
@@ -709,6 +738,9 @@ main (int argc, char **argv)
gid_t original_gid;
/* If set, the test runs as root instead of the user running the testsuite. */
int be_su = 0;
+ int require_pidns = 0;
+ const char *pidns_comment = NULL;
+ int do_proc_mounts = 0;
int UMAP;
int GMAP;
/* Used for "%lld %lld 1" so need not be large. */
@@ -991,6 +1023,12 @@ main (int argc, char **argv)
{
be_su = 1;
}
+ else if (nt >= 1 && strcmp (the_words[0], "pidns") == 0)
+ {
+ require_pidns = 1;
+ if (nt > 1)
+ pidns_comment = concat_words (the_words + 1, nt - 1);
+ }
else if (nt == 3 && strcmp (the_words[0], "mkdirp") == 0)
{
long int m;
@@ -1048,7 +1086,8 @@ main (int argc, char **argv)
#ifdef CLONE_NEWNS
/* The unshare here gives us our own spaces and capabilities. */
- if (unshare (CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNS) < 0)
+ if (unshare (CLONE_NEWUSER | CLONE_NEWNS
+ | (require_pidns ? CLONE_NEWPID : 0)) < 0)
{
/* Older kernels may not support all the options, or security
policy may block this call. */
@@ -1059,6 +1098,11 @@ main (int argc, char **argv)
check_for_unshare_hints ();
FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (saved_errno));
}
+ /* We're about to exit anyway, it's "safe" to call unshare again
+ just to see if the CLONE_NEWPID caused the error. */
+ else if (require_pidns && unshare (CLONE_NEWUSER | CLONE_NEWNS) >= 0)
+ FAIL_EXIT1 ("unable to unshare pid ns: %s : %s", strerror (errno),
+ pidns_comment ? pidns_comment : "required by test");
else
FAIL_EXIT1 ("unable to unshare user/fs: %s", strerror (errno));
}
@@ -1074,6 +1118,15 @@ main (int argc, char **argv)
trymount (support_srcdir_root, new_srcdir_path);
trymount (support_objdir_root, new_objdir_path);
+ /* It may not be possible to mount /proc directly. */
+ if (! require_pidns)
+ {
+ char *new_proc = concat (new_root_path, "/proc", NULL);
+ xmkdirp (new_proc, 0755);
+ trymount ("/proc", new_proc);
+ do_proc_mounts = 1;
+ }
+
xmkdirp (concat (new_root_path, "/dev", NULL), 0755);
devmount (new_root_path, "null");
devmount (new_root_path, "zero");
@@ -1136,42 +1189,60 @@ main (int argc, char **argv)
maybe_xmkdir ("/tmp", 0755);
- /* Now that we're pid 1 (effectively "root") we can mount /proc */
- maybe_xmkdir ("/proc", 0777);
- if (mount ("proc", "/proc", "proc", 0, NULL) < 0)
- FAIL_EXIT1 ("Unable to mount /proc: ");
-
- /* We map our original UID to the same UID in the container so we
- can own our own files normally. */
- UMAP = open ("/proc/self/uid_map", O_WRONLY);
- if (UMAP < 0)
- FAIL_EXIT1 ("can't write to /proc/self/uid_map\n");
-
- sprintf (tmp, "%lld %lld 1\n",
- (long long) (be_su ? 0 : original_uid), (long long) original_uid);
- write (UMAP, tmp, strlen (tmp));
- xclose (UMAP);
-
- /* We must disable setgroups () before we can map our groups, else we
- get EPERM. */
- GMAP = open ("/proc/self/setgroups", O_WRONLY);
- if (GMAP >= 0)
+ if (require_pidns)
{
- /* We support kernels old enough to not have this. */
- write (GMAP, "deny\n", 5);
- xclose (GMAP);
+ /* Now that we're pid 1 (effectively "root") we can mount /proc */
+ maybe_xmkdir ("/proc", 0777);
+ if (mount ("proc", "/proc", "proc", 0, NULL) != 0)
+ {
+ /* This happens if we're trying to create a nested container,
+ like if the build is running under podman, and we lack
+ priviledges.
+
+ Ideally we would WARN here, but that would just add noise to
+ *every* test-container test, and the ones that care should
+ have their own relevent diagnostics.
+
+ FAIL_EXIT1 ("Unable to mount /proc: "); */
+ }
+ else
+ do_proc_mounts = 1;
}
- /* We map our original GID to the same GID in the container so we
- can own our own files normally. */
- GMAP = open ("/proc/self/gid_map", O_WRONLY);
- if (GMAP < 0)
- FAIL_EXIT1 ("can't write to /proc/self/gid_map\n");
+ if (do_proc_mounts)
+ {
+ /* We map our original UID to the same UID in the container so we
+ can own our own files normally. */
+ UMAP = open ("/proc/self/uid_map", O_WRONLY);
+ if (UMAP < 0)
+ FAIL_EXIT1 ("can't write to /proc/self/uid_map\n");
+
+ sprintf (tmp, "%lld %lld 1\n",
+ (long long) (be_su ? 0 : original_uid), (long long) original_uid);
+ write (UMAP, tmp, strlen (tmp));
+ xclose (UMAP);
+
+ /* We must disable setgroups () before we can map our groups, else we
+ get EPERM. */
+ GMAP = open ("/proc/self/setgroups", O_WRONLY);
+ if (GMAP >= 0)
+ {
+ /* We support kernels old enough to not have this. */
+ write (GMAP, "deny\n", 5);
+ xclose (GMAP);
+ }
- sprintf (tmp, "%lld %lld 1\n",
- (long long) (be_su ? 0 : original_gid), (long long) original_gid);
- write (GMAP, tmp, strlen (tmp));
- xclose (GMAP);
+ /* We map our original GID to the same GID in the container so we
+ can own our own files normally. */
+ GMAP = open ("/proc/self/gid_map", O_WRONLY);
+ if (GMAP < 0)
+ FAIL_EXIT1 ("can't write to /proc/self/gid_map\n");
+
+ sprintf (tmp, "%lld %lld 1\n",
+ (long long) (be_su ? 0 : original_gid), (long long) original_gid);
+ write (GMAP, tmp, strlen (tmp));
+ xclose (GMAP);
+ }
if (change_cwd)
{

24
SOURCES/glibc-rh2142937-2.patch Normal file
View File

@ -0,0 +1,24 @@
commit b2cd93fce666fdc8c9a5c64af2741a8a6940ac99
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Fri Mar 25 11:16:49 2022 -0300
elf: Fix wrong fscanf usage on tst-pldd
To take in consideration the extra '\0'.
Checked on x86_64-linux-gnu.
diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
index 45ac033a0f897088..ab89798e250fdccc 100644
--- a/elf/tst-pldd.c
+++ b/elf/tst-pldd.c
@@ -115,7 +115,8 @@ do_test (void)
TEST_VERIFY (out != NULL);
/* First line is in the form of <pid>: <full path of executable> */
- TEST_COMPARE (fscanf (out, "%u: " STRINPUT (512), &pid, buffer), 2);
+ TEST_COMPARE (fscanf (out, "%u: " STRINPUT (sizeof (buffer) - 1), &pid,
+ buffer), 2);
TEST_COMPARE (pid, *target_pid_ptr);
TEST_COMPARE (strcmp (basename (buffer), "tst-pldd"), 0);

37
SOURCES/glibc-rh2142937-3.patch Normal file
View File

@ -0,0 +1,37 @@
commit c353689e49e72f3aafa1a9e68d4f7a4f33a79cbe
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Jul 5 12:58:40 2022 -0300
elf: Fix wrong fscanf usage on tst-pldd
The fix done b2cd93fce666fdc8c9a5c64af2741a8a6940ac99 does not really
work since macro strification does not expand the sizeof nor the
arithmetic operation.
Checked on x86_64-linux-gnu.
diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
index ab89798e250fdccc..52c0a75be5a808d1 100644
--- a/elf/tst-pldd.c
+++ b/elf/tst-pldd.c
@@ -108,15 +108,16 @@ do_test (void)
loader and libc. */
{
pid_t pid;
- char buffer[512];
-#define STRINPUT(size) "%" # size "s"
+#define BUFFERLEN 511
+ char buffer[BUFFERLEN + 1];
+#define STRINPUT(size) XSTRINPUT(size)
+#define XSTRINPUT(size) "%" # size "s"
FILE *out = fmemopen (pldd.out.buffer, pldd.out.length, "r");
TEST_VERIFY (out != NULL);
/* First line is in the form of <pid>: <full path of executable> */
- TEST_COMPARE (fscanf (out, "%u: " STRINPUT (sizeof (buffer) - 1), &pid,
- buffer), 2);
+ TEST_COMPARE (fscanf (out, "%u: " STRINPUT (BUFFERLEN), &pid, buffer), 2);
TEST_COMPARE (pid, *target_pid_ptr);
TEST_COMPARE (strcmp (basename (buffer), "tst-pldd"), 0);

12
SPECS/glibc.spec
View File

@ -1,6 +1,6 @@
%define glibcsrcdir glibc-2.28
%define glibcversion 2.28
%define glibcrelease 221%{?dist}
%define glibcrelease 223%{?dist}
# Pre-release tarballs are pulled in from git using a command that is
# effectively:
#
@ -1024,6 +1024,10 @@ Patch831: glibc-rh1159809-9.patch
Patch832: glibc-rh1159809-10.patch
Patch833: glibc-rh1159809-11.patch
Patch834: glibc-rh1159809-12.patch
Patch835: glibc-rh2141989.patch
Patch836: glibc-rh2142937-1.patch
Patch837: glibc-rh2142937-2.patch
Patch838: glibc-rh2142937-3.patch
##############################################################################
# Continued list of core "glibc" package information:
@ -2854,6 +2858,12 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%changelog
* Fri Nov 25 2022 Arjun Shankar <arjun@redhat.com> - 2.28-223
- Backport upstream fixes to tst-pldd (#2142937)
* Tue Nov 22 2022 Florian Weimer <fweimer@redhat.com> - 2.28-222
- Restore IPC_64 support in sysvipc *ctl functions (#2141989)
* Fri Nov 18 2022 Florian Weimer <fweimer@redhat.com> - 2.28-221
- Switch to fast DSO dependency sorting algorithm (#1159809)