rpms/glibc
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Use libidn2 for IDNA support (#1452750)

Browse Source
This commit is contained in:
Florian Weimer 2018-01-17 18:42:37 +01:00
parent d7ce5d4634
commit 90612b2709
3 changed files with 20886 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

412
glibc-rh1452750-allocate_once.patch Normal file
View File

@ -0,0 +1,412 @@
commit a829b747cf2ce18ba869ea60f67975c484bf2769
Author: Istvan Kurucsai <pistukem@gmail.com>
Date: Fri Jan 12 15:34:13 2018 +0100
Implement allocate_once for atomic initialization with allocation
diff --git a/include/allocate_once.h b/include/allocate_once.h
new file mode 100644
index 0000000000000000..26902dde7c1a3255
--- /dev/null
+++ b/include/allocate_once.h
@@ -0,0 +1,95 @@
+/* Allocate and initialize an object once, in a thread-safe fashion.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#ifndef _ALLOCATE_ONCE_H
+#define _ALLOCATE_ONCE_H
+
+#include <atomic.h>
+
+/* Slow path for allocate_once; see below. */
+void *__libc_allocate_once_slow (void **__place,
+ void *(*__allocate) (void *__closure),
+ void (*__deallocate) (void *__closure,
+ void *__ptr),
+ void *__closure);
+
+/* Return an a pointer to an allocated and initialized data structure.
+ If this function returns a non-NULL value, the caller can assume
+ that pointed-to data has been initialized according to the ALLOCATE
+ function.
+
+ It is expected that callers define an inline helper function which
+ adds type safety, like this.
+
+ struct foo { ... };
+ struct foo *global_foo;
+ static void *allocate_foo (void *closure);
+ static void *deallocate_foo (void *closure, void *ptr);
+
+ static inline struct foo *
+ get_foo (void)
+ {
+ return allocate_once (&global_foo, allocate_foo, free_foo, NULL);
+ }
+
+ (Note that the global_foo variable is initialized to zero.)
+ Usage of this helper function looks like this:
+
+ struct foo *local_foo = get_foo ();
+ if (local_foo == NULL)
+ report_allocation_failure ();
+
+ allocate_once first performs an acquire MO load on *PLACE. If the
+ result is not null, it is returned. Otherwise, ALLOCATE (CLOSURE)
+ is called, yielding a value RESULT. If RESULT equals NULL,
+ allocate_once returns NULL, and does not modify *PLACE (but another
+ thread may concurrently perform an allocation which succeeds,
+ updating *PLACE). If RESULT does not equal NULL, the function uses
+ a CAS with acquire-release MO to update the NULL value in *PLACE
+ with the RESULT value. If it turns out that *PLACE was updated
+ concurrently, allocate_once calls DEALLOCATE (CLOSURE, RESULT) to
+ undo the effect of ALLOCATE, and returns the new value of *PLACE
+ (after an acquire MO load). If DEALLOCATE is NULL, free (RESULT)
+ is called instead.
+
+ Compared to __libc_once, allocate_once has the advantage that it
+ does not need separate space for a control variable, and that it is
+ safe with regards to cancellation and other forms of exception
+ handling if the supplied callback functions are safe in that
+ regard. allocate_once passes a closure parameter to the allocation
+ function, too. */
+static inline void *
+allocate_once (void **__place, void *(*__allocate) (void *__closure),
+ void (*__deallocate) (void *__closure, void *__ptr),
+ void *__closure)
+{
+ /* Synchronizes with the release MO CAS in
+ __allocate_once_slow. */
+ void *__result = atomic_load_acquire (__place);
+ if (__result != NULL)
+ return __result;
+ else
+ return __libc_allocate_once_slow (__place, __allocate, __deallocate,
+ __closure);
+}
+
+#ifndef _ISOMAC
+libc_hidden_proto (__libc_allocate_once_slow)
+#endif
+
+#endif /* _ALLOCATE_ONCE_H */
diff --git a/misc/Makefile b/misc/Makefile
index a5076b36728749d6..96afd6d890bd06f3 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -70,9 +70,11 @@ routines := brk sbrk sstk ioctl \
getloadavg getclktck \
fgetxattr flistxattr fremovexattr fsetxattr getxattr \
listxattr lgetxattr llistxattr lremovexattr lsetxattr \
- removexattr setxattr getauxval ifunc-impl-list makedev
+ removexattr setxattr getauxval ifunc-impl-list makedev \
+ allocate_once
-generated += tst-error1.mtrace tst-error1-mem.out
+generated += tst-error1.mtrace tst-error1-mem.out \
+ tst-allocate_once.mtrace tst-allocate_once-mem.out
aux := init-misc
install-lib := libg.a
@@ -84,11 +86,12 @@ tests := tst-dirname tst-tsearch tst-fdset tst-efgcvt tst-mntent tst-hsearch \
tst-preadvwritev tst-preadvwritev64 tst-makedev tst-empty \
tst-preadvwritev2 tst-preadvwritev64v2
-tests-internal := tst-atomic tst-atomic-long
+tests-internal := tst-atomic tst-atomic-long tst-allocate_once
tests-static := tst-empty
ifeq ($(run-built-tests),yes)
-tests-special += $(objpfx)tst-error1-mem.out
+tests-special += $(objpfx)tst-error1-mem.out \
+ $(objpfx)tst-allocate_once-mem.out
endif
CFLAGS-select.c += -fexceptions -fasynchronous-unwind-tables
@@ -137,3 +140,8 @@ tst-error1-ARGS = $(objpfx)tst-error1.out
$(objpfx)tst-error1-mem.out: $(objpfx)tst-error1.out
$(common-objpfx)malloc/mtrace $(objpfx)tst-error1.mtrace > $@; \
$(evaluate-test)
+
+tst-allocate_once-ENV = MALLOC_TRACE=$(objpfx)tst-allocate_once.mtrace
+$(objpfx)tst-allocate_once-mem.out: $(objpfx)tst-allocate_once.out
+ $(common-objpfx)malloc/mtrace $(objpfx)tst-allocate_once.mtrace > $@; \
+ $(evaluate-test)
diff --git a/misc/Versions b/misc/Versions
index bfbda505e4dd8743..900e4ffb798a9e13 100644
--- a/misc/Versions
+++ b/misc/Versions
@@ -165,5 +165,6 @@ libc {
__tdelete; __tfind; __tsearch; __twalk;
__mmap; __munmap; __mprotect;
__sched_get_priority_min; __sched_get_priority_max;
+ __libc_allocate_once_slow;
}
}
diff --git a/misc/allocate_once.c b/misc/allocate_once.c
new file mode 100644
index 0000000000000000..2108014604cb026e
--- /dev/null
+++ b/misc/allocate_once.c
@@ -0,0 +1,59 @@
+/* Concurrent allocation and initialization of a pointer.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <allocate_once.h>
+#include <stdlib.h>
+#include <stdbool.h>
+
+void *
+__libc_allocate_once_slow (void **place, void *(*allocate) (void *closure),
+ void (*deallocate) (void *closure, void *ptr),
+ void *closure)
+{
+ void *result = allocate (closure);
+ if (result == NULL)
+ return NULL;
+
+ /* This loop implements a strong CAS on *place, with acquire-release
+ MO semantics, from a weak CAS with relaxed-release MO. */
+ while (true)
+ {
+ /* Synchronizes with the acquire MO load in allocate_once. */
+ void *expected = NULL;
+ if (atomic_compare_exchange_weak_release (place, &expected, result))
+ return result;
+
+ /* The failed CAS has relaxed MO semantics, so perform another
+ acquire MO load. */
+ void *other_result = atomic_load_acquire (place);
+ if (other_result == NULL)
+ /* Spurious failure. Try again. */
+ continue;
+
+ /* We lost the race. Free what we allocated and return the
+ other result. */
+ if (deallocate == NULL)
+ free (result);
+ else
+ deallocate (closure, result);
+ return other_result;
+ }
+
+ return result;
+}
+libc_hidden_def (__libc_allocate_once_slow)
diff --git a/misc/tst-allocate_once.c b/misc/tst-allocate_once.c
new file mode 100644
index 0000000000000000..89277b33b769732b
--- /dev/null
+++ b/misc/tst-allocate_once.c
@@ -0,0 +1,181 @@
+/* Test the allocate_once function.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <allocate_once.h>
+#include <mcheck.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/support.h>
+
+/* Allocate a new string. */
+static void *
+allocate_string (void *closure)
+{
+ return xstrdup (closure);
+}
+
+/* Allocation and deallocation functions which are not expected to be
+ called. */
+
+static void *
+allocate_not_called (void *closure)
+{
+ FAIL_EXIT1 ("allocation function called unexpectedly (%p)", closure);
+}
+
+static void
+deallocate_not_called (void *closure, void *ptr)
+{
+ FAIL_EXIT1 ("deallocate function called unexpectedly (%p, %p)",
+ closure, ptr);
+}
+
+/* Counter for various function calls. */
+static int function_called;
+
+/* An allocation function which returns NULL and records that it has
+ been called. */
+static void *
+allocate_return_null (void *closure)
+{
+ /* The function should only be called once. */
+ TEST_COMPARE (function_called, 0);
+ ++function_called;
+ return NULL;
+}
+
+
+/* The following is used to check the retry logic, by causing a fake
+ race condition. */
+static void *fake_race_place;
+static char fake_race_region[3]; /* To obtain unique addresses. */
+
+static void *
+fake_race_allocate (void *closure)
+{
+ TEST_VERIFY (closure == &fake_race_region[0]);
+ TEST_COMPARE (function_called, 0);
+ ++function_called;
+ /* Fake allocation by another thread. */
+ fake_race_place = &fake_race_region[1];
+ return &fake_race_region[2];
+}
+
+static void
+fake_race_deallocate (void *closure, void *ptr)
+{
+ /* Check that the pointer returned from fake_race_allocate is
+ deallocated (and not the one stored in fake_race_place). */
+ TEST_VERIFY (ptr == &fake_race_region[2]);
+
+ TEST_VERIFY (fake_race_place == &fake_race_region[1]);
+ TEST_VERIFY (closure == &fake_race_region[0]);
+ TEST_COMPARE (function_called, 1);
+ ++function_called;
+}
+
+/* Similar to fake_race_allocate, but expects to be paired with free
+ as the deallocation function. */
+static void *
+fake_race_allocate_for_free (void *closure)
+{
+ TEST_VERIFY (closure == &fake_race_region[0]);
+ TEST_COMPARE (function_called, 0);
+ ++function_called;
+ /* Fake allocation by another thread. */
+ fake_race_place = &fake_race_region[1];
+ return xstrdup ("to be freed");
+}
+
+static int
+do_test (void)
+{
+ mtrace ();
+
+ /* Simple allocation. */
+ void *place1 = NULL;
+ char *string1 = allocate_once (&place1, allocate_string,
+ deallocate_not_called,
+ (char *) "test string 1");
+ TEST_VERIFY_EXIT (string1 != NULL);
+ TEST_VERIFY (strcmp ("test string 1", string1) == 0);
+ /* Second call returns the first pointer, without calling any
+ callbacks. */
+ TEST_VERIFY (string1
+ == allocate_once (&place1, allocate_not_called,
+ deallocate_not_called,
+ (char *) "test string 1a"));
+
+ /* Different place should result in another call. */
+ void *place2 = NULL;
+ char *string2 = allocate_once (&place2, allocate_string,
+ deallocate_not_called,
+ (char *) "test string 2");
+ TEST_VERIFY_EXIT (string2 != NULL);
+ TEST_VERIFY (strcmp ("test string 2", string2) == 0);
+ TEST_VERIFY (string1 != string2);
+
+ /* Check error reporting (NULL return value from the allocation
+ function). */
+ void *place3 = NULL;
+ char *string3 = allocate_once (&place3, allocate_return_null,
+ deallocate_not_called, NULL);
+ TEST_VERIFY (string3 == NULL);
+ TEST_COMPARE (function_called, 1);
+
+ /* Check that the deallocation function is called if the race is
+ lost. */
+ function_called = 0;
+ TEST_VERIFY (allocate_once (&fake_race_place,
+ fake_race_allocate,
+ fake_race_deallocate,
+ &fake_race_region[0])
+ == &fake_race_region[1]);
+ TEST_COMPARE (function_called, 2);
+ function_called = 3;
+ TEST_VERIFY (allocate_once (&fake_race_place,
+ fake_race_allocate,
+ fake_race_deallocate,
+ &fake_race_region[0])
+ == &fake_race_region[1]);
+ TEST_COMPARE (function_called, 3);
+
+ /* Similar, but this time rely on that free is called. */
+ function_called = 0;
+ fake_race_place = NULL;
+ TEST_VERIFY (allocate_once (&fake_race_place,
+ fake_race_allocate_for_free,
+ NULL,
+ &fake_race_region[0])
+ == &fake_race_region[1]);
+ TEST_COMPARE (function_called, 1);
+ function_called = 3;
+ TEST_VERIFY (allocate_once (&fake_race_place,
+ fake_race_allocate_for_free,
+ NULL,
+ &fake_race_region[0])
+ == &fake_race_region[1]);
+ TEST_COMPARE (function_called, 3);
+
+ free (place2);
+ free (place1);
+
+ return 0;
+}
+
+#include <support/test-driver.c>

20462
glibc-rh1452750-libidn2.patch Normal file
View File

File diff suppressed because it is too large Load Diff

14
glibc.spec
View File

@ -1,6 +1,6 @@
%define glibcsrcdir glibc-2.26.9000-1125-g860b0240a5
%define glibcversion 2.26.9000
%define glibcrelease 41%{?dist}
%define glibcrelease 42%{?dist}
# Pre-release tarballs are pulled in from git using a command that is
# effectively:
#
@ -213,8 +213,9 @@ Patch2027: glibc-rh819430.patch
Patch2031: glibc-rh1070416.patch
# extend_alloca removal, BZ 18023
Patch2037: glibc-rh1315108.patch
Patch2040: glibc-rh1452750-allocate_once.patch
Patch2041: glibc-rh1452750-libidn2.patch
##############################################################################
# End of glibc patches.
@ -313,6 +314,9 @@ BuildRequires: libstdc++-static
# check to pass even if we aren't going to use any of those objects to
# build the tests.
BuildRequires: glibc-static
# libidn2 (but not libidn2-devel) is needed for testing AI_IDN/NI_IDN.
BuildRequires: libidn2
%endif
%endif
@ -753,6 +757,8 @@ microbenchmark tests on the system.
%patch0053 -p1
%patch0059 -p1
%patch2037 -p1
%patch2040 -p1
%patch2041 -p1
##############################################################################
# %%prep - Additional prep required...
@ -2061,6 +2067,10 @@ fi
%endif
%changelog
* Wed Jan 17 2018 Florian Weimer <fweimer@redhat.com> - 2.26.9000-42
- CVE-2017-14062, CVE-2016-6261, CVE-2016-6263:
Use libidn2 for IDNA support (#1452750)
* Mon Jan 15 2018 Florian Weimer <fweimer@redhat.com> - 2.26.9000-41
- CVE-2018-1000001: Make getcwd fail if it cannot obtain an absolute path
(#1533837)