import glibc-2.28-211.el8

This commit is contained in:
CentOS Sources 2022-11-08 01:58:46 -05:00 committed by Stepan Oksanichenko
parent 979352ca55
commit 362627e54e
116 changed files with 24097 additions and 28 deletions

View File

@ -159,7 +159,8 @@ en_SG/ISO-8859-1 \
en_US.UTF-8/UTF-8 \
en_US/ISO-8859-1 \
en_US.ISO-8859-15/ISO-8859-15 \
en_US@ampm.UTF-8/UTF-8 \
en_US@ampm/UTF-8 \
en_US.UTF-8@ampm/UTF-8 \
en_ZA.UTF-8/UTF-8 \
en_ZA/ISO-8859-1 \
en_ZM/UTF-8 \

View File

@ -448,7 +448,7 @@ fill_archive (struct locarhandle *tmpl_ah,
char fullname[fnamelen + 2 * strlen (d->d_name) + 7];
#ifdef _DIRENT_HAVE_D_TYPE
if (d_type == DT_UNKNOWN)
if (d_type == DT_UNKNOWN || d_type == DT_LNK)
#endif
{
strcpy (stpcpy (stpcpy (fullname, fname), "/"),

View File

@ -0,0 +1,767 @@
This patch is a RHEL-8.7 backport of the following upstream commit:
commit 52a103e237329b9f88a28513fe7506ffc3bd8ced
Author: Arjun Shankar <arjun@redhat.com>
Date: Tue May 24 17:57:36 2022 +0200
Fix deadlock when pthread_atfork handler calls pthread_atfork or dlclose
In multi-threaded programs, registering via pthread_atfork,
de-registering implicitly via dlclose, or running pthread_atfork
handlers during fork was protected by an internal lock. This meant
that a pthread_atfork handler attempting to register another handler or
dlclose a dynamically loaded library would lead to a deadlock.
This commit fixes the deadlock in the following way:
During the execution of handlers at fork time, the atfork lock is
released prior to the execution of each handler and taken again upon its
return. Any handler registrations or de-registrations that occurred
during the execution of the handler are accounted for before proceeding
with further handler execution.
If a handler that hasn't been executed yet gets de-registered by another
handler during fork, it will not be executed. If a handler gets
registered by another handler during fork, it will not be executed
during that particular fork.
The possibility that handlers may now be registered or deregistered
during handler execution means that identifying the next handler to be
run after a given handler may register/de-register others requires some
bookkeeping. The fork_handler struct has an additional field, 'id',
which is assigned sequentially during registration. Thus, handlers are
executed in ascending order of 'id' during 'prepare', and descending
order of 'id' during parent/child handler execution after the fork.
Two tests are included:
* tst-atfork3: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This test exercises calling dlclose from prepare, parent, and child
handlers.
* tst-atfork4: This test exercises calling pthread_atfork and dlclose
from the prepare handler.
[BZ #24595, BZ #27054]
Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
diff --git a/nptl/Makefile b/nptl/Makefile
index 70a3be23ecfcd9c9..76c914e23e8873f2 100644
--- a/nptl/Makefile
+++ b/nptl/Makefile
@@ -382,8 +382,17 @@ tests += tst-cancelx2 tst-cancelx3 tst-cancelx4 tst-cancelx5 \
tst-cancelx16 tst-cancelx17 tst-cancelx18 tst-cancelx20 tst-cancelx21 \
tst-cleanupx0 tst-cleanupx1 tst-cleanupx2 tst-cleanupx3 tst-cleanupx4
ifeq ($(build-shared),yes)
-tests += tst-atfork2 tst-tls4 tst-_res1 tst-fini1 tst-compat-forwarder \
- tst-audit-threads
+tests += \
+ tst-atfork2 \
+ tst-tls4 \
+ tst-_res1 \
+ tst-fini1 \
+ tst-compat-forwarder \
+ tst-audit-threads \
+ tst-atfork3 \
+ tst-atfork4 \
+# tests
+
tests-internal += tst-tls3 tst-tls3-malloc tst-tls5 tst-stackguard1
tests-nolibpthread += tst-fini1
ifeq ($(have-z-execstack),yes)
@@ -391,18 +400,39 @@ tests += tst-execstack
endif
endif
-modules-names = tst-atfork2mod tst-tls3mod tst-tls4moda tst-tls4modb \
- tst-tls5mod tst-tls5moda tst-tls5modb tst-tls5modc \
- tst-tls5modd tst-tls5mode tst-tls5modf tst-stack4mod \
- tst-_res1mod1 tst-_res1mod2 tst-execstack-mod tst-fini1mod \
- tst-join7mod tst-compat-forwarder-mod tst-audit-threads-mod1 \
- tst-audit-threads-mod2
+modules-names = \
+ tst-atfork2mod \
+ tst-tls3mod \
+ tst-tls4moda \
+ tst-tls4modb \
+ tst-tls5mod \
+ tst-tls5moda \
+ tst-tls5modb \
+ tst-tls5modc \
+ tst-tls5modd \
+ tst-tls5mode \
+ tst-tls5modf \
+ tst-stack4mod \
+ tst-_res1mod1 \
+ tst-_res1mod2 \
+ tst-execstack-mod \
+ tst-fini1mod \
+ tst-join7mod \
+ tst-compat-forwarder-mod \
+ tst-audit-threads-mod1 \
+ tst-audit-threads-mod2 \
+ tst-atfork3mod \
+ tst-atfork4mod \
+# module-names
+
extra-test-objs += $(addsuffix .os,$(strip $(modules-names))) \
tst-cleanup4aux.o tst-cleanupx4aux.o
test-extras += tst-cleanup4aux tst-cleanupx4aux
test-modules = $(addprefix $(objpfx),$(addsuffix .so,$(modules-names)))
tst-atfork2mod.so-no-z-defs = yes
+tst-atfork3mod.so-no-z-defs = yes
+tst-atfork4mod.so-no-z-defs = yes
tst-tls3mod.so-no-z-defs = yes
tst-tls5mod.so-no-z-defs = yes
tst-tls5moda.so-no-z-defs = yes
@@ -541,6 +571,14 @@ LDFLAGS-tst-atfork2 = -rdynamic
tst-atfork2-ENV = MALLOC_TRACE=$(objpfx)tst-atfork2.mtrace
$(objpfx)tst-atfork2mod.so: $(shared-thread-library)
+$(objpfx)tst-atfork3: $(libdl) $(shared-thread-library)
+LDFLAGS-tst-atfork3 = -rdynamic
+$(objpfx)tst-atfork3mod.so: $(shared-thread-library)
+
+$(objpfx)tst-atfork4: $(libdl) $(shared-thread-library)
+LDFLAGS-tst-atfork4 = -rdynamic
+$(objpfx)tst-atfork4mod.so: $(shared-thread-library)
+
tst-stack3-ENV = MALLOC_TRACE=$(objpfx)tst-stack3.mtrace
$(objpfx)tst-stack3-mem.out: $(objpfx)tst-stack3.out
$(common-objpfx)malloc/mtrace $(objpfx)tst-stack3.mtrace > $@; \
@@ -640,6 +678,8 @@ $(objpfx)../libc.so: $(common-objpfx)libc.so ;
$(addprefix $(objpfx),$(tests-static) $(xtests-static)): $(objpfx)libpthread.a
$(objpfx)tst-atfork2.out: $(objpfx)tst-atfork2mod.so
+$(objpfx)tst-atfork3.out: $(objpfx)tst-atfork3mod.so
+$(objpfx)tst-atfork4.out: $(objpfx)tst-atfork4mod.so
else
$(addprefix $(objpfx),$(tests) $(test-srcs)): $(objpfx)libpthread.a
endif
diff --git a/nptl/register-atfork.c b/nptl/register-atfork.c
index 9edb7d4bbb49fbed..4c1e20ae8cab005f 100644
--- a/nptl/register-atfork.c
+++ b/nptl/register-atfork.c
@@ -21,6 +21,8 @@
#include <string.h>
#include <fork.h>
#include <atomic.h>
+#include <intprops.h>
+#include <stdio.h>
#define DYNARRAY_ELEMENT struct fork_handler
#define DYNARRAY_STRUCT fork_handler_list
@@ -29,7 +31,7 @@
#include <malloc/dynarray-skeleton.c>
static struct fork_handler_list fork_handlers;
-static bool fork_handler_init = false;
+static uint64_t fork_handler_counter;
static int atfork_lock = LLL_LOCK_INITIALIZER;
@@ -39,11 +41,8 @@ __register_atfork (void (*prepare) (void), void (*parent) (void),
{
lll_lock (atfork_lock, LLL_PRIVATE);
- if (!fork_handler_init)
- {
- fork_handler_list_init (&fork_handlers);
- fork_handler_init = true;
- }
+ if (fork_handler_counter == 0)
+ fork_handler_list_init (&fork_handlers);
struct fork_handler *newp = fork_handler_list_emplace (&fork_handlers);
if (newp != NULL)
@@ -52,6 +51,13 @@ __register_atfork (void (*prepare) (void), void (*parent) (void),
newp->parent_handler = parent;
newp->child_handler = child;
newp->dso_handle = dso_handle;
+
+ /* IDs assigned to handlers start at 1 and increment with handler
+ registration. Un-registering a handlers discards the corresponding
+ ID. It is not reused in future registrations. */
+ if (INT_ADD_OVERFLOW (fork_handler_counter, 1))
+ __libc_fatal ("fork handler counter overflow");
+ newp->id = ++fork_handler_counter;
}
/* Release the lock. */
@@ -106,37 +112,111 @@ __unregister_atfork (void *dso_handle)
lll_unlock (atfork_lock, LLL_PRIVATE);
}
-void
-__run_fork_handlers (enum __run_fork_handler_type who, _Bool do_locking)
+uint64_t
+__run_prefork_handlers (_Bool do_locking)
{
- struct fork_handler *runp;
+ uint64_t lastrun;
- if (who == atfork_run_prepare)
+ if (do_locking)
+ lll_lock (atfork_lock, LLL_PRIVATE);
+
+ /* We run prepare handlers from last to first. After fork, only
+ handlers up to the last handler found here (pre-fork) will be run.
+ Handlers registered during __run_prefork_handlers or
+ __run_postfork_handlers will be positioned after this last handler, and
+ since their prepare handlers won't be run now, their parent/child
+ handlers should also be ignored. */
+ lastrun = fork_handler_counter;
+
+ size_t sl = fork_handler_list_size (&fork_handlers);
+ for (size_t i = sl; i > 0;)
{
- if (do_locking)
- lll_lock (atfork_lock, LLL_PRIVATE);
- size_t sl = fork_handler_list_size (&fork_handlers);
- for (size_t i = sl; i > 0; i--)
- {
- runp = fork_handler_list_at (&fork_handlers, i - 1);
- if (runp->prepare_handler != NULL)
- runp->prepare_handler ();
- }
+ struct fork_handler *runp
+ = fork_handler_list_at (&fork_handlers, i - 1);
+
+ uint64_t id = runp->id;
+
+ if (runp->prepare_handler != NULL)
+ {
+ if (do_locking)
+ lll_unlock (atfork_lock, LLL_PRIVATE);
+
+ runp->prepare_handler ();
+
+ if (do_locking)
+ lll_lock (atfork_lock, LLL_PRIVATE);
+ }
+
+ /* We unlocked, ran the handler, and locked again. In the
+ meanwhile, one or more deregistrations could have occurred leading
+ to the current (just run) handler being moved up the list or even
+ removed from the list itself. Since handler IDs are guaranteed to
+ to be in increasing order, the next handler has to have: */
+
+ /* A. An earlier position than the current one has. */
+ i--;
+
+ /* B. A lower ID than the current one does. The code below skips
+ any newly added handlers with higher IDs. */
+ while (i > 0
+ && fork_handler_list_at (&fork_handlers, i - 1)->id >= id)
+ i--;
}
- else
+
+ return lastrun;
+}
+
+void
+__run_postfork_handlers (enum __run_fork_handler_type who, _Bool do_locking,
+ uint64_t lastrun)
+{
+ size_t sl = fork_handler_list_size (&fork_handlers);
+ for (size_t i = 0; i < sl;)
{
- size_t sl = fork_handler_list_size (&fork_handlers);
- for (size_t i = 0; i < sl; i++)
- {
- runp = fork_handler_list_at (&fork_handlers, i);
- if (who == atfork_run_child && runp->child_handler)
- runp->child_handler ();
- else if (who == atfork_run_parent && runp->parent_handler)
- runp->parent_handler ();
- }
+ struct fork_handler *runp = fork_handler_list_at (&fork_handlers, i);
+ uint64_t id = runp->id;
+
+ /* prepare handlers were not run for handlers with ID > LASTRUN.
+ Thus, parent/child handlers will also not be run. */
+ if (id > lastrun)
+ break;
+
if (do_locking)
- lll_unlock (atfork_lock, LLL_PRIVATE);
+ lll_unlock (atfork_lock, LLL_PRIVATE);
+
+ if (who == atfork_run_child && runp->child_handler)
+ runp->child_handler ();
+ else if (who == atfork_run_parent && runp->parent_handler)
+ runp->parent_handler ();
+
+ if (do_locking)
+ lll_lock (atfork_lock, LLL_PRIVATE);
+
+ /* We unlocked, ran the handler, and locked again. In the meanwhile,
+ one or more [de]registrations could have occurred. Due to this,
+ the list size must be updated. */
+ sl = fork_handler_list_size (&fork_handlers);
+
+ /* The just-run handler could also have moved up the list. */
+
+ if (sl > i && fork_handler_list_at (&fork_handlers, i)->id == id)
+ /* The position of the recently run handler hasn't changed. The
+ next handler to be run is an easy increment away. */
+ i++;
+ else
+ {
+ /* The next handler to be run is the first handler in the list
+ to have an ID higher than the current one. */
+ for (i = 0; i < sl; i++)
+ {
+ if (fork_handler_list_at (&fork_handlers, i)->id > id)
+ break;
+ }
+ }
}
+
+ if (do_locking)
+ lll_unlock (atfork_lock, LLL_PRIVATE);
}
diff --git a/nptl/tst-atfork3.c b/nptl/tst-atfork3.c
new file mode 100644
index 0000000000000000..bb2250e432ab79ad
--- /dev/null
+++ b/nptl/tst-atfork3.c
@@ -0,0 +1,118 @@
+/* Check if pthread_atfork handler can call dlclose (BZ#24595).
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdio.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdbool.h>
+
+#include <support/check.h>
+#include <support/xthread.h>
+#include <support/capture_subprocess.h>
+#include <support/xdlfcn.h>
+
+/* Check if pthread_atfork handlers do not deadlock when calling a function
+ that might alter the internal fork handle list, such as dlclose.
+
+ The test registers a callback set with pthread_atfork(), dlopen() a shared
+ library (nptl/tst-atfork3mod.c), calls an exported symbol from the library
+ (which in turn also registers atfork handlers), and calls fork to trigger
+ the callbacks. */
+
+static void *handler;
+static bool run_dlclose_prepare;
+static bool run_dlclose_parent;
+static bool run_dlclose_child;
+
+static void
+prepare (void)
+{
+ if (run_dlclose_prepare)
+ xdlclose (handler);
+}
+
+static void
+parent (void)
+{
+ if (run_dlclose_parent)
+ xdlclose (handler);
+}
+
+static void
+child (void)
+{
+ if (run_dlclose_child)
+ xdlclose (handler);
+}
+
+static void
+proc_func (void *closure)
+{
+}
+
+static void
+do_test_generic (bool dlclose_prepare, bool dlclose_parent, bool dlclose_child)
+{
+ run_dlclose_prepare = dlclose_prepare;
+ run_dlclose_parent = dlclose_parent;
+ run_dlclose_child = dlclose_child;
+
+ handler = xdlopen ("tst-atfork3mod.so", RTLD_NOW);
+
+ int (*atfork3mod_func)(void);
+ atfork3mod_func = xdlsym (handler, "atfork3mod_func");
+
+ atfork3mod_func ();
+
+ struct support_capture_subprocess proc
+ = support_capture_subprocess (proc_func, NULL);
+ support_capture_subprocess_check (&proc, "tst-atfork3", 0, sc_allow_none);
+
+ handler = atfork3mod_func = NULL;
+
+ support_capture_subprocess_free (&proc);
+}
+
+static void *
+thread_func (void *closure)
+{
+ return NULL;
+}
+
+static int
+do_test (void)
+{
+ {
+ /* Make the process acts as multithread. */
+ pthread_attr_t attr;
+ xpthread_attr_init (&attr);
+ xpthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
+ xpthread_create (&attr, thread_func, NULL);
+ }
+
+ TEST_COMPARE (pthread_atfork (prepare, parent, child), 0);
+
+ do_test_generic (true /* prepare */, false /* parent */, false /* child */);
+ do_test_generic (false /* prepare */, true /* parent */, false /* child */);
+ do_test_generic (false /* prepare */, false /* parent */, true /* child */);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/nptl/tst-atfork3mod.c b/nptl/tst-atfork3mod.c
new file mode 100644
index 0000000000000000..6d0658cb9efdecbc
--- /dev/null
+++ b/nptl/tst-atfork3mod.c
@@ -0,0 +1,44 @@
+/* Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <pthread.h>
+
+#include <support/check.h>
+
+static void
+mod_prepare (void)
+{
+}
+
+static void
+mod_parent (void)
+{
+}
+
+static void
+mod_child (void)
+{
+}
+
+int atfork3mod_func (void)
+{
+ TEST_COMPARE (pthread_atfork (mod_prepare, mod_parent, mod_child), 0);
+
+ return 0;
+}
diff --git a/nptl/tst-atfork4.c b/nptl/tst-atfork4.c
new file mode 100644
index 0000000000000000..52dc87e73b846ab9
--- /dev/null
+++ b/nptl/tst-atfork4.c
@@ -0,0 +1,128 @@
+/* pthread_atfork supports handlers that call pthread_atfork or dlclose.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <support/xdlfcn.h>
+#include <stdio.h>
+#include <support/xthread.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <support/xunistd.h>
+#include <support/check.h>
+#include <stdlib.h>
+
+static void *
+thread_func (void *x)
+{
+ return NULL;
+}
+
+static unsigned int second_atfork_handler_runcount = 0;
+
+static void
+second_atfork_handler (void)
+{
+ second_atfork_handler_runcount++;
+}
+
+static void *h = NULL;
+
+static unsigned int atfork_handler_runcount = 0;
+
+static void
+prepare (void)
+{
+ /* These atfork handlers are registered while atfork handlers are being
+ executed and thus will not be executed during the corresponding
+ fork. */
+ TEST_VERIFY_EXIT (pthread_atfork (second_atfork_handler,
+ second_atfork_handler,
+ second_atfork_handler) == 0);
+
+ /* This will de-register the atfork handlers registered by the dlopen'd
+ library and so they will not be executed. */
+ if (h != NULL)
+ {
+ xdlclose (h);
+ h = NULL;
+ }
+
+ atfork_handler_runcount++;
+}
+
+static void
+after (void)
+{
+ atfork_handler_runcount++;
+}
+
+static int
+do_test (void)
+{
+ /* Make sure __libc_single_threaded is 0. */
+ pthread_attr_t attr;
+ xpthread_attr_init (&attr);
+ xpthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
+ xpthread_create (&attr, thread_func, NULL);
+
+ void (*reg_atfork_handlers) (void);
+
+ h = xdlopen ("tst-atfork4mod.so", RTLD_LAZY);
+
+ reg_atfork_handlers = xdlsym (h, "reg_atfork_handlers");
+
+ reg_atfork_handlers ();
+
+ /* We register our atfork handlers *after* loading the module so that our
+ prepare handler is called first at fork, where we then dlclose the
+ module before its prepare handler has a chance to be called. */
+ TEST_VERIFY_EXIT (pthread_atfork (prepare, after, after) == 0);
+
+ pid_t pid = xfork ();
+
+ /* Both the parent and the child processes should observe this. */
+ TEST_VERIFY_EXIT (atfork_handler_runcount == 2);
+ TEST_VERIFY_EXIT (second_atfork_handler_runcount == 0);
+
+ if (pid > 0)
+ {
+ int childstat;
+
+ xwaitpid (-1, &childstat, 0);
+ TEST_VERIFY_EXIT (WIFEXITED (childstat)
+ && WEXITSTATUS (childstat) == 0);
+
+ /* This time, the second set of atfork handlers should also be called
+ since the handlers are already in place before fork is called. */
+
+ pid = xfork ();
+
+ TEST_VERIFY_EXIT (atfork_handler_runcount == 4);
+ TEST_VERIFY_EXIT (second_atfork_handler_runcount == 2);
+
+ if (pid > 0)
+ {
+ xwaitpid (-1, &childstat, 0);
+ TEST_VERIFY_EXIT (WIFEXITED (childstat)
+ && WEXITSTATUS (childstat) == 0);
+ }
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/nptl/tst-atfork4mod.c b/nptl/tst-atfork4mod.c
new file mode 100644
index 0000000000000000..e111efeb185916e0
--- /dev/null
+++ b/nptl/tst-atfork4mod.c
@@ -0,0 +1,48 @@
+/* pthread_atfork supports handlers that call pthread_atfork or dlclose.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <pthread.h>
+#include <stdlib.h>
+
+/* This dynamically loaded library simply registers its atfork handlers when
+ asked to. The atfork handlers should never be executed because the
+ library is unloaded before fork is called by the test program. */
+
+static void
+prepare (void)
+{
+ abort ();
+}
+
+static void
+parent (void)
+{
+ abort ();
+}
+
+static void
+child (void)
+{
+ abort ();
+}
+
+void
+reg_atfork_handlers (void)
+{
+ pthread_atfork (prepare, parent, child);
+}
diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c
index b4d20fa652f4ba3b..1324b813136764fc 100644
--- a/sysdeps/nptl/fork.c
+++ b/sysdeps/nptl/fork.c
@@ -54,8 +54,9 @@ __libc_fork (void)
signal handlers. POSIX requires that fork is async-signal-safe,
but our current fork implementation is not. */
bool multiple_threads = THREAD_GETMEM (THREAD_SELF, header.multiple_threads);
+ uint64_t lastrun;
- __run_fork_handlers (atfork_run_prepare, multiple_threads);
+ lastrun = __run_prefork_handlers (multiple_threads);
/* If we are not running multiple threads, we do not have to
preserve lock state. If fork runs from a signal handler, only
@@ -129,7 +130,7 @@ __libc_fork (void)
__rtld_lock_initialize (GL(dl_load_tls_lock));
/* Run the handlers registered for the child. */
- __run_fork_handlers (atfork_run_child, multiple_threads);
+ __run_postfork_handlers (atfork_run_child, multiple_threads, lastrun);
}
else
{
@@ -144,7 +145,7 @@ __libc_fork (void)
}
/* Run the handlers registered for the parent. */
- __run_fork_handlers (atfork_run_parent, multiple_threads);
+ __run_postfork_handlers (atfork_run_parent, multiple_threads, lastrun);
}
return pid;
diff --git a/sysdeps/nptl/fork.h b/sysdeps/nptl/fork.h
index bef2b7a8a6af8635..222c4f618970a455 100644
--- a/sysdeps/nptl/fork.h
+++ b/sysdeps/nptl/fork.h
@@ -31,6 +31,7 @@ struct fork_handler
void (*parent_handler) (void);
void (*child_handler) (void);
void *dso_handle;
+ uint64_t id;
};
/* Function to call to unregister fork handlers. */
@@ -44,19 +45,18 @@ enum __run_fork_handler_type
atfork_run_parent
};
-/* Run the atfork handlers and lock/unlock the internal lock depending
- of the WHO argument:
+/* Run the atfork prepare handlers in the reverse order of registration and
+ return the ID of the last registered handler. If DO_LOCKING is true, the
+ internal lock is held locked upon return. */
+extern uint64_t __run_prefork_handlers (_Bool do_locking) attribute_hidden;
- - atfork_run_prepare: run all the PREPARE_HANDLER in reverse order of
- insertion and locks the internal lock.
- - atfork_run_child: run all the CHILD_HANDLER and unlocks the internal
- lock.
- - atfork_run_parent: run all the PARENT_HANDLER and unlocks the internal
- lock.
-
- Perform locking only if DO_LOCKING. */
-extern void __run_fork_handlers (enum __run_fork_handler_type who,
- _Bool do_locking) attribute_hidden;
+/* Given a handler type (parent or child), run all the atfork handlers in
+ the order of registration up to and including the handler with id equal
+ to LASTRUN. If DO_LOCKING is true, the internal lock is unlocked prior
+ to return. */
+extern void __run_postfork_handlers (enum __run_fork_handler_type who,
+ _Bool do_locking,
+ uint64_t lastrun) attribute_hidden;
/* C library side function to register new fork handlers. */
extern int __register_atfork (void (*__prepare) (void),

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,27 @@
commit 2a08b6e8331a611dc29325bfa6e29fecc9a3a46e
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu Dec 10 16:47:02 2020 +0530
Warn on unsupported fortification levels
Make the _FORTIFY_SOURCE macro soup in features.h warn about
unsupported fortification levels. For example, it will warn about
_FORTIFY_SOURCE=3 and over with an indication of which level has been
selected.
Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
diff --git a/include/features.h b/include/features.h
index 5bed0a499605a3a2..ea7673ee115bcf0a 100644
--- a/include/features.h
+++ b/include/features.h
@@ -382,6 +382,9 @@
# elif !__GNUC_PREREQ (4, 1)
# warning _FORTIFY_SOURCE requires GCC 4.1 or later
# elif _FORTIFY_SOURCE > 1
+# if _FORTIFY_SOURCE > 2
+# warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
+# endif
# define __USE_FORTIFY_LEVEL 2
# else
# define __USE_FORTIFY_LEVEL 1

View File

@ -0,0 +1,90 @@
commit 2bbd07c715275eb6c616988925738a0517180d57
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Fri Dec 17 18:35:44 2021 +0530
fortify: Fix spurious warning with realpath
The length and object size arguments were swapped around for realpath.
Also add a smoke test so that any changes in this area get caught in
future.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
diff --git a/debug/Makefile b/debug/Makefile
index 81361438fc3d2aa9..b43f42ee3851f360 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -108,6 +108,7 @@ CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
# We know these tests have problems with format strings, this is what
# we are testing. Disable that warning. They are also testing
@@ -155,7 +156,7 @@ tests = backtrace-tst tst-longjmp_chk tst-chk1 tst-chk2 tst-chk3 \
tst-lfschk1 tst-lfschk2 tst-lfschk3 test-strcpy_chk test-stpcpy_chk \
tst-chk4 tst-chk5 tst-chk6 tst-chk7 tst-chk8 tst-lfschk4 tst-lfschk5 \
tst-lfschk6 tst-longjmp_chk2 tst-backtrace2 tst-backtrace3 \
- tst-backtrace4 tst-backtrace5 tst-backtrace6
+ tst-backtrace4 tst-backtrace5 tst-backtrace6 tst-realpath-chk
ifeq ($(have-ssp),yes)
tests += tst-ssp-1
diff --git a/debug/tst-realpath-chk.c b/debug/tst-realpath-chk.c
new file mode 100644
index 0000000000000000..a8fcb327c43fb34d
--- /dev/null
+++ b/debug/tst-realpath-chk.c
@@ -0,0 +1,37 @@
+/* Smoke test to verify that realpath does not cause spurious warnings.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <limits.h>
+#include <stdlib.h>
+
+#include <support/check.h>
+#include <support/support.h>
+
+static int
+do_test (void)
+{
+#ifdef PATH_MAX
+ char buf[PATH_MAX + 1];
+ char *res = realpath (".", buf);
+ TEST_VERIFY (res == buf);
+#endif
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
index 7ea364a276497720..81ec9bdb32215e3b 100644
--- a/stdlib/bits/stdlib.h
+++ b/stdlib/bits/stdlib.h
@@ -42,7 +42,7 @@ __NTH (realpath (const char *__restrict __name, char *__restrict __resolved))
return __realpath_alias (__name, __resolved);
#if defined _LIBC_LIMITS_H_ && defined PATH_MAX
- if (__glibc_unsafe_len (sz, sizeof (char), PATH_MAX))
+ if (__glibc_unsafe_len (PATH_MAX, sizeof (char), sz))
return __realpath_chk_warn (__name, __resolved, sz);
#endif
return __realpath_chk (__name, __resolved, sz);

View File

@ -0,0 +1,41 @@
commit 86bf0feb0e3ec8e37872f72499d6ae33406561d7
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Wed Jan 12 18:46:28 2022 +0530
Enable _FORTIFY_SOURCE=3 for gcc 12 and above
gcc 12 now has support for the __builtin_dynamic_object_size builtin.
Adapt the macro checks to enable _FORTIFY_SOURCE=3 on gcc 12 and above.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
diff --git a/include/features.h b/include/features.h
index fe9fe16d034fad1b..2e9ca6ec2f4a0380 100644
--- a/include/features.h
+++ b/include/features.h
@@ -381,7 +381,9 @@
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
# elif !__GNUC_PREREQ (4, 1)
# warning _FORTIFY_SOURCE requires GCC 4.1 or later
-# elif _FORTIFY_SOURCE > 2 && __glibc_clang_prereq (9, 0)
+# elif _FORTIFY_SOURCE > 2 && (__glibc_clang_prereq (9, 0) \
+ || __GNUC_PREREQ (12, 0))
+
# if _FORTIFY_SOURCE > 3
# warning _FORTIFY_SOURCE > 3 is treated like 3 on this platform
# endif
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 147339957c4ad490..a17ae0ed87e6163f 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -124,7 +124,8 @@
#define __bos0(ptr) __builtin_object_size (ptr, 0)
/* Use __builtin_dynamic_object_size at _FORTIFY_SOURCE=3 when available. */
-#if __USE_FORTIFY_LEVEL == 3 && __glibc_clang_prereq (9, 0)
+#if __USE_FORTIFY_LEVEL == 3 && (__glibc_clang_prereq (9, 0) \
+ || __GNUC_PREREQ (12, 0))
# define __glibc_objsize0(__o) __builtin_dynamic_object_size (__o, 0)
# define __glibc_objsize(__o) __builtin_dynamic_object_size (__o, 1)
#else

View File

@ -0,0 +1,295 @@
commit db27f1251b008280a29d540b4f8ab2a38a0d80af
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Wed Jan 12 23:34:23 2022 +0530
debug: Autogenerate _FORTIFY_SOURCE tests
Rename debug/tst-chk1.c to debug/tst-fortify.c and add make hackery to
autogenerate tests with different macros enabled to build and run the
same test with different configurations as well as different
fortification levels.
The change also ends up expanding the -lfs tests to include
_FORTIFY_SOURCE=3.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
# Conflicts:
# debug/Makefile
diff --git a/Makerules b/Makerules
index 5d6434c74bf9bfe5..05a549eb0f259113 100644
--- a/Makerules
+++ b/Makerules
@@ -444,6 +444,12 @@ $(objpfx)%$o: $(objpfx)%.c $(before-compile); $$(compile-command.c)
endef
object-suffixes-left := $(all-object-suffixes)
include $(o-iterator)
+
+define o-iterator-doit
+$(objpfx)%$o: $(objpfx)%.cc $(before-compile); $$(compile-command.cc)
+endef
+object-suffixes-left := $(all-object-suffixes)
+include $(o-iterator)
endif
# Generate version maps, but wait until sysdep-subdirs is known
diff --git a/debug/Makefile b/debug/Makefile
index b43f42ee3851f360..c92fd23dda1a7279 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -1,4 +1,5 @@
-# Copyright (C) 1998-2018 Free Software Foundation, Inc.
+# Copyright (C) 1998-2022 Free Software Foundation, Inc.
+# Copyright The GNU Toolchain Authors.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -110,32 +111,60 @@ CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
+# _FORTIFY_SOURCE tests.
+# Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
+# preprocessor conditions based on tst-fortify.c.
+#
+# To add a new test condition, define a cflags-$(cond) make variable to set
+# CFLAGS for the file.
+
+tests-all-chk = tst-fortify
+tests-c-chk =
+tests-cc-chk =
+
+CFLAGS-tst-fortify.c += -Wno-format -Wno-deprecated-declarations -Wno-error
+
+# No additional flags for the default tests.
+define cflags-default
+endef
+
+define cflags-lfs
+CFLAGS-tst-fortify-$(1)-lfs-$(2).$(1) += -D_FILE_OFFSET_BITS=64
+endef
+
# We know these tests have problems with format strings, this is what
# we are testing. Disable that warning. They are also testing
# deprecated functions (notably gets) so disable that warning as well.
# And they also generate warnings from warning attributes, which
# cannot be disabled via pragmas, so require -Wno-error to be used.
-CFLAGS-tst-chk1.c += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-chk2.c += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-chk3.c += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-chk4.cc += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-chk5.cc += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-chk6.cc += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-chk7.c += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-chk8.cc += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-lfschk1.c += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-lfschk2.c += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-lfschk3.c += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-lfschk4.cc += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-lfschk5.cc += -Wno-format -Wno-deprecated-declarations -Wno-error
-CFLAGS-tst-lfschk6.cc += -Wno-format -Wno-deprecated-declarations -Wno-error
-LDLIBS-tst-chk4 = -lstdc++
-LDLIBS-tst-chk5 = -lstdc++
-LDLIBS-tst-chk6 = -lstdc++
-LDLIBS-tst-chk8 = -lstdc++
-LDLIBS-tst-lfschk4 = -lstdc++
-LDLIBS-tst-lfschk5 = -lstdc++
-LDLIBS-tst-lfschk6 = -lstdc++
+define gen-chk-test
+tests-$(1)-chk += tst-fortify-$(1)-$(2)-$(3)
+CFLAGS-tst-fortify-$(1)-$(2)-$(3).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
+ -Wno-deprecated-declarations \
+ -Wno-error
+$(eval $(call cflags-$(2),$(1),$(3)))
+$(objpfx)tst-fortify-$(1)-$(2)-$(3).$(1): tst-fortify.c Makefile
+ ( echo "/* Autogenerated from Makefile. */"; \
+ echo ""; \
+ echo "#include \"tst-fortify.c\"" ) > $$@.tmp
+ mv $$@.tmp $$@
+endef
+
+chk-extensions = c cc
+chk-types = default lfs
+chk-levels = 1 2 3
+
+$(foreach e,$(chk-extensions), \
+ $(foreach t,$(chk-types), \
+ $(foreach l,$(chk-levels), \
+ $(eval $(call gen-chk-test,$(e),$(t),$(l))))))
+
+tests-all-chk += $(tests-c-chk) $(tests-cc-chk)
+
+define link-cc
+LDLIBS-$(1) = -lstdc++
+endef
+$(foreach t,$(tests-cc-chk), $(eval $(call link-cc,$(t))))
# backtrace_symbols only works if we link with -rdynamic. backtrace
# requires unwind tables on most architectures.
@@ -152,19 +181,25 @@ LDFLAGS-tst-backtrace6 = -rdynamic
CFLAGS-tst-ssp-1.c += -fstack-protector-all
-tests = backtrace-tst tst-longjmp_chk tst-chk1 tst-chk2 tst-chk3 \
- tst-lfschk1 tst-lfschk2 tst-lfschk3 test-strcpy_chk test-stpcpy_chk \
- tst-chk4 tst-chk5 tst-chk6 tst-chk7 tst-chk8 tst-lfschk4 tst-lfschk5 \
- tst-lfschk6 tst-longjmp_chk2 tst-backtrace2 tst-backtrace3 \
- tst-backtrace4 tst-backtrace5 tst-backtrace6 tst-realpath-chk
+tests = backtrace-tst \
+ tst-longjmp_chk \
+ test-strcpy_chk \
+ test-stpcpy_chk \
+ tst-longjmp_chk2 \
+ tst-backtrace2 \
+ tst-backtrace3 \
+ tst-backtrace4 \
+ tst-backtrace5 \
+ tst-backtrace6 \
+ tst-realpath-chk \
+ $(tests-all-chk)
ifeq ($(have-ssp),yes)
tests += tst-ssp-1
endif
ifeq (,$(CXX))
-tests-unsupported = tst-chk4 tst-chk5 tst-chk6 tst-chk8 \
- tst-lfschk4 tst-lfschk5 tst-lfschk6
+tests-unsupported = $(tests-cc-chk)
endif
extra-libs = libSegFault libpcprofile
@@ -191,20 +226,10 @@ ifeq ($(run-built-tests),yes)
LOCALES := de_DE.UTF-8
include ../gen-locales.mk
-$(objpfx)tst-chk1.out: $(gen-locales)
-$(objpfx)tst-chk2.out: $(gen-locales)
-$(objpfx)tst-chk3.out: $(gen-locales)
-$(objpfx)tst-chk4.out: $(gen-locales)
-$(objpfx)tst-chk5.out: $(gen-locales)
-$(objpfx)tst-chk6.out: $(gen-locales)
-$(objpfx)tst-chk7.out: $(gen-locales)
-$(objpfx)tst-chk8.out: $(gen-locales)
-$(objpfx)tst-lfschk1.out: $(gen-locales)
-$(objpfx)tst-lfschk2.out: $(gen-locales)
-$(objpfx)tst-lfschk3.out: $(gen-locales)
-$(objpfx)tst-lfschk4.out: $(gen-locales)
-$(objpfx)tst-lfschk5.out: $(gen-locales)
-$(objpfx)tst-lfschk6.out: $(gen-locales)
+define chk-gen-locales
+$(objpfx)$(1).out: $(gen-locales)
+endef
+$(foreach t, $(tests-all-chk), $(eval $(call chk-gen-locales,$(t))))
endif
sLIBdir := $(shell echo $(slibdir) | sed 's,lib\(\|64\)$$,\\\\$$LIB,')
diff --git a/debug/tst-chk2.c b/debug/tst-chk2.c
deleted file mode 100644
index be37ce2d22f0760a..0000000000000000
--- a/debug/tst-chk2.c
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FORTIFY_SOURCE 1
-#include "tst-chk1.c"
diff --git a/debug/tst-chk3.c b/debug/tst-chk3.c
deleted file mode 100644
index 38b8e4fb360ba722..0000000000000000
--- a/debug/tst-chk3.c
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FORTIFY_SOURCE 2
-#include "tst-chk1.c"
diff --git a/debug/tst-chk4.cc b/debug/tst-chk4.cc
deleted file mode 100644
index c82e6aac86038791..0000000000000000
--- a/debug/tst-chk4.cc
+++ /dev/null
@@ -1 +0,0 @@
-#include "tst-chk1.c"
diff --git a/debug/tst-chk5.cc b/debug/tst-chk5.cc
deleted file mode 100644
index be37ce2d22f0760a..0000000000000000
--- a/debug/tst-chk5.cc
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FORTIFY_SOURCE 1
-#include "tst-chk1.c"
diff --git a/debug/tst-chk6.cc b/debug/tst-chk6.cc
deleted file mode 100644
index 38b8e4fb360ba722..0000000000000000
--- a/debug/tst-chk6.cc
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FORTIFY_SOURCE 2
-#include "tst-chk1.c"
diff --git a/debug/tst-chk7.c b/debug/tst-chk7.c
deleted file mode 100644
index 2a7b32381268135c..0000000000000000
--- a/debug/tst-chk7.c
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FORTIFY_SOURCE 3
-#include "tst-chk1.c"
diff --git a/debug/tst-chk8.cc b/debug/tst-chk8.cc
deleted file mode 100644
index 2a7b32381268135c..0000000000000000
--- a/debug/tst-chk8.cc
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FORTIFY_SOURCE 3
-#include "tst-chk1.c"
diff --git a/debug/tst-chk1.c b/debug/tst-fortify.c
similarity index 100%
rename from debug/tst-chk1.c
rename to debug/tst-fortify.c
diff --git a/debug/tst-lfschk1.c b/debug/tst-lfschk1.c
deleted file mode 100644
index f3e6d47d5e4484c3..0000000000000000
--- a/debug/tst-lfschk1.c
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FILE_OFFSET_BITS 64
-#include "tst-chk1.c"
diff --git a/debug/tst-lfschk2.c b/debug/tst-lfschk2.c
deleted file mode 100644
index 95d4db1d32d2eeb3..0000000000000000
--- a/debug/tst-lfschk2.c
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FILE_OFFSET_BITS 64
-#include "tst-chk2.c"
diff --git a/debug/tst-lfschk3.c b/debug/tst-lfschk3.c
deleted file mode 100644
index 50a1ae1258f1553d..0000000000000000
--- a/debug/tst-lfschk3.c
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FILE_OFFSET_BITS 64
-#include "tst-chk3.c"
diff --git a/debug/tst-lfschk4.cc b/debug/tst-lfschk4.cc
deleted file mode 100644
index f3e6d47d5e4484c3..0000000000000000
--- a/debug/tst-lfschk4.cc
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FILE_OFFSET_BITS 64
-#include "tst-chk1.c"
diff --git a/debug/tst-lfschk5.cc b/debug/tst-lfschk5.cc
deleted file mode 100644
index 95d4db1d32d2eeb3..0000000000000000
--- a/debug/tst-lfschk5.cc
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FILE_OFFSET_BITS 64
-#include "tst-chk2.c"
diff --git a/debug/tst-lfschk6.cc b/debug/tst-lfschk6.cc
deleted file mode 100644
index 50a1ae1258f1553d..0000000000000000
--- a/debug/tst-lfschk6.cc
+++ /dev/null
@@ -1,2 +0,0 @@
-#define _FILE_OFFSET_BITS 64
-#include "tst-chk3.c"

View File

@ -0,0 +1,101 @@
commit c43c5796121bc5bcc0867f02e5536874aa8196c1
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Wed Dec 30 11:54:00 2020 +0530
Introduce _FORTIFY_SOURCE=3
Introduce a new _FORTIFY_SOURCE level of 3 to enable additional
fortifications that may have a noticeable performance impact, allowing
more fortification coverage at the cost of some performance.
With llvm 9.0 or later, this will replace the use of
__builtin_object_size with __builtin_dynamic_object_size.
__builtin_dynamic_object_size
-----------------------------
__builtin_dynamic_object_size is an LLVM builtin that is similar to
__builtin_object_size. In addition to what __builtin_object_size
does, i.e. replace the builtin call with a constant object size,
__builtin_dynamic_object_size will replace the call site with an
expression that evaluates to the object size, thus expanding its
applicability. In practice, __builtin_dynamic_object_size evaluates
these expressions through malloc/calloc calls that it can associate
with the object being evaluated.
A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss
this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of
__builtin_dynamic_object_size is able to emit __memcpy_chk with the
allocation size expression passed into the function:
void *copy_obj (const void *src, size_t alloc, size_t copysize)
{
void *obj = malloc (alloc);
memcpy (obj, src, copysize);
return obj;
}
Limitations
-----------
If the object was allocated elsewhere that the compiler cannot see, or
if it was allocated in the function with a function that the compiler
does not recognize as an allocator then __builtin_dynamic_object_size
also returns -1.
Further, the expression used to compute object size may be non-trivial
and may potentially incur a noticeable performance impact. These
fortifications are hence enabled at a new _FORTIFY_SOURCE level to
allow developers to make a choice on the tradeoff according to their
environment.
diff --git a/include/features.h b/include/features.h
index ea7673ee115bcf0a..fe9fe16d034fad1b 100644
--- a/include/features.h
+++ b/include/features.h
@@ -381,6 +381,11 @@
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
# elif !__GNUC_PREREQ (4, 1)
# warning _FORTIFY_SOURCE requires GCC 4.1 or later
+# elif _FORTIFY_SOURCE > 2 && __glibc_clang_prereq (9, 0)
+# if _FORTIFY_SOURCE > 3
+# warning _FORTIFY_SOURCE > 3 is treated like 3 on this platform
+# endif
+# define __USE_FORTIFY_LEVEL 3
# elif _FORTIFY_SOURCE > 1
# if _FORTIFY_SOURCE > 2
# warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
diff --git a/manual/creature.texi b/manual/creature.texi
index 8876b2ab779c988f..64f361f27a7d6cdf 100644
--- a/manual/creature.texi
+++ b/manual/creature.texi
@@ -247,7 +247,8 @@ included.
@standards{GNU, (none)}
If this macro is defined to @math{1}, security hardening is added to
various library functions. If defined to @math{2}, even stricter
-checks are applied.
+checks are applied. If defined to @math{3}, @theglibc{} may also use
+checks that may have an additional performance overhead.
@end defvr
@defvr Macro _REENTRANT
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 3f6fe3cc8563b493..1e39307b0ebcf38f 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -123,6 +123,15 @@
#define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1)
#define __bos0(ptr) __builtin_object_size (ptr, 0)
+/* Use __builtin_dynamic_object_size at _FORTIFY_SOURCE=3 when available. */
+#if __USE_FORTIFY_LEVEL == 3 && __glibc_clang_prereq (9, 0)
+# define __glibc_objsize0(__o) __builtin_dynamic_object_size (__o, 0)
+# define __glibc_objsize(__o) __builtin_dynamic_object_size (__o, 1)
+#else
+# define __glibc_objsize0(__o) __bos0 (__o)
+# define __glibc_objsize(__o) __bos (__o)
+#endif
+
#if __GNUC_PREREQ (4,3)
# define __warndecl(name, msg) \
extern void name (void) __attribute__((__warning__ (msg)))

View File

@ -0,0 +1,43 @@
commit 7163ace3318d666d40771f5c8e7c4a148827070f
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu Nov 12 12:09:56 2020 +0530
Use __builtin___stpncpy_chk when available
The builtin has been available in gcc since 4.7.0 and in clang since
2.6. This fixes stpncpy fortification with clang since it does a
better job of plugging in __stpncpy_chk in the right place than the
header hackery.
This has been tested by building and running all tests with gcc 10.2.1
and also with clang tip as of a few days ago (just the tests in debug/
since running all tests don't work with clang at the moment) to make
sure that both compilers pass the stpncpy tests.
diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
index a07ab0dbc8c8dd5b..4ed6755a6c1ca247 100644
--- a/string/bits/string_fortified.h
+++ b/string/bits/string_fortified.h
@@ -106,7 +106,13 @@ __NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
}
-/* XXX We have no corresponding builtin yet. */
+#if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6)
+__fortify_function char *
+__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
+{
+ return __builtin___stpncpy_chk (__dest, __src, __n, __bos (__dest));
+}
+#else
extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
size_t __destlen) __THROW;
extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src,
@@ -120,6 +126,7 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
return __stpncpy_chk (__dest, __src, __n, __bos (__dest));
return __stpncpy_alias (__dest, __src, __n);
}
+#endif
__fortify_function char *

View File

@ -0,0 +1,161 @@
commit 2a3224c53653214cbba2ec23424702193c80ea3b
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Wed Dec 30 11:09:58 2020 +0530
string: Enable __FORTIFY_LEVEL=3
This change enhances fortified string functions to use
__builtin_dynamic_object_size under _FORTIFY_SOURCE=3 whenever the
compiler supports it.
# Conflicts:
# string/bits/string_fortified.h
Conflict resolved to retain __GNUC_PREREQ (5,0) macro check in RHEL-8
glibc.
diff --git a/include/string.h b/include/string.h
index 4d622f1c0305e78e..bbc97082661caf42 100644
--- a/include/string.h
+++ b/include/string.h
@@ -119,10 +119,11 @@ libc_hidden_proto (__ffs)
void __explicit_bzero_chk_internal (void *, size_t, size_t)
__THROW __nonnull ((1)) attribute_hidden;
# define explicit_bzero(buf, len) \
- __explicit_bzero_chk_internal (buf, len, __bos0 (buf))
+ __explicit_bzero_chk_internal (buf, len, __glibc_objsize0 (buf))
#elif !IS_IN (nonlib)
void __explicit_bzero_chk (void *, size_t, size_t) __THROW __nonnull ((1));
-# define explicit_bzero(buf, len) __explicit_bzero_chk (buf, len, __bos0 (buf))
+# define explicit_bzero(buf, len) __explicit_bzero_chk (buf, len, \
+ __glibc_objsize0 (buf))
#endif
libc_hidden_builtin_proto (memchr)
diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
index 4ed6755a6c1ca247..27ec273ec41cd81c 100644
--- a/string/bits/string_fortified.h
+++ b/string/bits/string_fortified.h
@@ -31,13 +31,15 @@ __fortify_function void *
__NTH (memcpy (void *__restrict __dest, const void *__restrict __src,
size_t __len))
{
- return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
+ return __builtin___memcpy_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
__fortify_function void *
__NTH (memmove (void *__dest, const void *__src, size_t __len))
{
- return __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
+ return __builtin___memmove_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
#ifdef __USE_GNU
@@ -45,7 +47,8 @@ __fortify_function void *
__NTH (mempcpy (void *__restrict __dest, const void *__restrict __src,
size_t __len))
{
- return __builtin___mempcpy_chk (__dest, __src, __len, __bos0 (__dest));
+ return __builtin___mempcpy_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
#endif
@@ -68,7 +71,8 @@ __NTH (memset (void *__dest, int __ch, size_t __len))
return __dest;
}
#endif
- return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
+ return __builtin___memset_chk (__dest, __ch, __len,
+ __glibc_objsize0 (__dest));
}
#ifdef __USE_MISC
@@ -80,21 +84,21 @@ void __explicit_bzero_chk (void *__dest, size_t __len, size_t __destlen)
__fortify_function void
__NTH (explicit_bzero (void *__dest, size_t __len))
{
- __explicit_bzero_chk (__dest, __len, __bos0 (__dest));
+ __explicit_bzero_chk (__dest, __len, __glibc_objsize0 (__dest));
}
#endif
__fortify_function char *
__NTH (strcpy (char *__restrict __dest, const char *__restrict __src))
{
- return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
+ return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest));
}
#ifdef __USE_GNU
__fortify_function char *
__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src))
{
- return __builtin___stpcpy_chk (__dest, __src, __bos (__dest));
+ return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest));
}
#endif
@@ -103,14 +107,16 @@ __fortify_function char *
__NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
size_t __len))
{
- return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
+ return __builtin___strncpy_chk (__dest, __src, __len,
+ __glibc_objsize (__dest));
}
#if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6)
__fortify_function char *
__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
{
- return __builtin___stpncpy_chk (__dest, __src, __n, __bos (__dest));
+ return __builtin___stpncpy_chk (__dest, __src, __n,
+ __glibc_objsize (__dest));
}
#else
extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
@@ -132,7 +138,7 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
__fortify_function char *
__NTH (strcat (char *__restrict __dest, const char *__restrict __src))
{
- return __builtin___strcat_chk (__dest, __src, __bos (__dest));
+ return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest));
}
@@ -140,7 +146,8 @@ __fortify_function char *
__NTH (strncat (char *__restrict __dest, const char *__restrict __src,
size_t __len))
{
- return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
+ return __builtin___strncat_chk (__dest, __src, __len,
+ __glibc_objsize (__dest));
}
#endif /* bits/string_fortified.h */
diff --git a/string/bits/strings_fortified.h b/string/bits/strings_fortified.h
index d9b2804525cfa994..871515bd2cba1f8a 100644
--- a/string/bits/strings_fortified.h
+++ b/string/bits/strings_fortified.h
@@ -22,13 +22,15 @@
__fortify_function void
__NTH (bcopy (const void *__src, void *__dest, size_t __len))
{
- (void) __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
+ (void) __builtin___memmove_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
__fortify_function void
__NTH (bzero (void *__dest, size_t __len))
{
- (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest));
+ (void) __builtin___memset_chk (__dest, '\0', __len,
+ __glibc_objsize0 (__dest));
}
#endif

View File

@ -0,0 +1,963 @@
commit f9de8bfe1a731c309b91d175b4f6f4aeb786effa
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Dec 15 23:50:09 2020 +0530
nonstring: Enable __FORTIFY_LEVEL=3
Use __builtin_dynamic_object_size in the remaining functions that
don't have compiler builtins as is the case for string functions.
diff --git a/io/bits/poll2.h b/io/bits/poll2.h
index 7e8406b87d6319f8..f47fd9ad0945234f 100644
--- a/io/bits/poll2.h
+++ b/io/bits/poll2.h
@@ -35,12 +35,13 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
__fortify_function int
poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
{
- if (__bos (__fds) != (__SIZE_TYPE__) -1)
+ if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
{
if (! __builtin_constant_p (__nfds))
- return __poll_chk (__fds, __nfds, __timeout, __bos (__fds));
- else if (__bos (__fds) / sizeof (*__fds) < __nfds)
- return __poll_chk_warn (__fds, __nfds, __timeout, __bos (__fds));
+ return __poll_chk (__fds, __nfds, __timeout, __glibc_objsize (__fds));
+ else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
+ return __poll_chk_warn (__fds, __nfds, __timeout,
+ __glibc_objsize (__fds));
}
return __poll_alias (__fds, __nfds, __timeout);
@@ -65,13 +66,14 @@ __fortify_function int
ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
const __sigset_t *__ss)
{
- if (__bos (__fds) != (__SIZE_TYPE__) -1)
+ if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
{
if (! __builtin_constant_p (__nfds))
- return __ppoll_chk (__fds, __nfds, __timeout, __ss, __bos (__fds));
- else if (__bos (__fds) / sizeof (*__fds) < __nfds)
+ return __ppoll_chk (__fds, __nfds, __timeout, __ss,
+ __glibc_objsize (__fds));
+ else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
return __ppoll_chk_warn (__fds, __nfds, __timeout, __ss,
- __bos (__fds));
+ __glibc_objsize (__fds));
}
return __ppoll_alias (__fds, __nfds, __timeout, __ss);
diff --git a/libio/bits/stdio.h b/libio/bits/stdio.h
index 4ab919031f77a960..1372d4bf70c43d53 100644
--- a/libio/bits/stdio.h
+++ b/libio/bits/stdio.h
@@ -31,7 +31,7 @@
#ifdef __USE_EXTERN_INLINES
-/* For -D_FORTIFY_SOURCE{,=2} bits/stdio2.h will define a different
+/* For -D_FORTIFY_SOURCE{,=2,=3} bits/stdio2.h will define a different
inline. */
# if !(__USE_FORTIFY_LEVEL > 0 && defined __fortify_function)
/* Write formatted output to stdout from argument list ARG. */
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
index 11651506a67daea0..2cd69f44cfadfc9f 100644
--- a/libio/bits/stdio2.h
+++ b/libio/bits/stdio2.h
@@ -34,12 +34,13 @@ __fortify_function int
__NTH (sprintf (char *__restrict __s, const char *__restrict __fmt, ...))
{
return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __va_arg_pack ());
+ __glibc_objsize (__s), __fmt,
+ __va_arg_pack ());
}
#elif !defined __cplusplus
# define sprintf(str, ...) \
- __builtin___sprintf_chk (str, __USE_FORTIFY_LEVEL - 1, __bos (str), \
- __VA_ARGS__)
+ __builtin___sprintf_chk (str, __USE_FORTIFY_LEVEL - 1, \
+ __glibc_objsize (str), __VA_ARGS__)
#endif
__fortify_function int
@@ -47,7 +48,7 @@ __NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt,
__gnuc_va_list __ap))
{
return __builtin___vsprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __ap);
+ __glibc_objsize (__s), __fmt, __ap);
}
#if defined __USE_ISOC99 || defined __USE_UNIX98
@@ -65,12 +66,13 @@ __NTH (snprintf (char *__restrict __s, size_t __n,
const char *__restrict __fmt, ...))
{
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __va_arg_pack ());
+ __glibc_objsize (__s), __fmt,
+ __va_arg_pack ());
}
# elif !defined __cplusplus
# define snprintf(str, len, ...) \
- __builtin___snprintf_chk (str, len, __USE_FORTIFY_LEVEL - 1, __bos (str), \
- __VA_ARGS__)
+ __builtin___snprintf_chk (str, len, __USE_FORTIFY_LEVEL - 1, \
+ __glibc_objsize (str), __VA_ARGS__)
# endif
__fortify_function int
@@ -78,7 +80,7 @@ __NTH (vsnprintf (char *__restrict __s, size_t __n,
const char *__restrict __fmt, __gnuc_va_list __ap))
{
return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __ap);
+ __glibc_objsize (__s), __fmt, __ap);
}
#endif
@@ -234,8 +236,8 @@ extern char *__REDIRECT (__gets_warn, (char *__str), gets)
__fortify_function __wur char *
gets (char *__str)
{
- if (__bos (__str) != (size_t) -1)
- return __gets_chk (__str, __bos (__str));
+ if (__glibc_objsize (__str) != (size_t) -1)
+ return __gets_chk (__str, __glibc_objsize (__str));
return __gets_warn (__str);
}
#endif
@@ -254,13 +256,13 @@ extern char *__REDIRECT (__fgets_chk_warn,
__fortify_function __wur char *
fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
{
- if (__bos (__s) != (size_t) -1)
+ if (__glibc_objsize (__s) != (size_t) -1)
{
if (!__builtin_constant_p (__n) || __n <= 0)
- return __fgets_chk (__s, __bos (__s), __n, __stream);
+ return __fgets_chk (__s, __glibc_objsize (__s), __n, __stream);
- if ((size_t) __n > __bos (__s))
- return __fgets_chk_warn (__s, __bos (__s), __n, __stream);
+ if ((size_t) __n > __glibc_objsize (__s))
+ return __fgets_chk_warn (__s, __glibc_objsize (__s), __n, __stream);
}
return __fgets_alias (__s, __n, __stream);
}
@@ -284,15 +286,17 @@ __fortify_function __wur size_t
fread (void *__restrict __ptr, size_t __size, size_t __n,
FILE *__restrict __stream)
{
- if (__bos0 (__ptr) != (size_t) -1)
+ if (__glibc_objsize0 (__ptr) != (size_t) -1)
{
if (!__builtin_constant_p (__size)
|| !__builtin_constant_p (__n)
|| (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
- return __fread_chk (__ptr, __bos0 (__ptr), __size, __n, __stream);
+ return __fread_chk (__ptr, __glibc_objsize0 (__ptr), __size, __n,
+ __stream);
- if (__size * __n > __bos0 (__ptr))
- return __fread_chk_warn (__ptr, __bos0 (__ptr), __size, __n, __stream);
+ if (__size * __n > __glibc_objsize0 (__ptr))
+ return __fread_chk_warn (__ptr, __glibc_objsize0 (__ptr), __size, __n,
+ __stream);
}
return __fread_alias (__ptr, __size, __n, __stream);
}
@@ -312,13 +316,15 @@ extern char *__REDIRECT (__fgets_unlocked_chk_warn,
__fortify_function __wur char *
fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
{
- if (__bos (__s) != (size_t) -1)
+ if (__glibc_objsize (__s) != (size_t) -1)
{
if (!__builtin_constant_p (__n) || __n <= 0)
- return __fgets_unlocked_chk (__s, __bos (__s), __n, __stream);
+ return __fgets_unlocked_chk (__s, __glibc_objsize (__s), __n,
+ __stream);
- if ((size_t) __n > __bos (__s))