1994 Commits

Author SHA1 Message Date
Andreas Schwab
b13b96ca05 Separate internal state between getXXent and getXXbyYY NSS calls (bug 18007) 2015-05-11 10:41:49 +02:00
Carlos O'Donell
c92d40c0bc Bug 18125: Call exit after last linked context.
There appears to be a discrepancy among the implementations
of setcontext with regards to the function called once the last
linked-to context has finished executing via setcontext.

The POSIX standard says:
~~~
If the uc_link member of the ucontext_t structure pointed to by
the ucp argument is equal to 0, then this context is the main
context, and the thread will exit when this context returns.
~~~

It says "exit" not "exit immediately" nor "exit without running
functions registered with atexit or on_exit."

Therefore the AArch64, ARM, hppa and NIOS II implementations are
wrong and no test detects it.

It is questionable if this should even be fixed or just documented
that the above 4 targets are wrong. The functions are deprecated
and nobody should be using them, but at the same time it silly to
have cross-target differences that make it hard to port old
applications from say x86_64 to AArch64.

Therefore I will ix the 4 arches, and checkin a regression
test to prevent it from changing again.

https://sourceware.org/ml/libc-alpha/2015-03/msg00720.html
2015-05-08 11:29:38 -04:00
Siddhesh Poyarekar
a6d78c3b9d Update NEWS 2015-05-07 11:58:40 +05:30
Florian Weimer
fdbeb9c39e NEWS: BZ#18319 was fixed in commit ed159672eb3cd650a32b7e5cb4d5ec1fe0e63802 2015-04-29 15:33:41 +02:00
Florian Weimer
03d2730b44 CVE-2014-8121: Do not close NSS files database during iteration [BZ #18007]
Robin Hack discovered Samba would enter an infinite loop processing
certain quota-related requests.  We eventually tracked this down to a
glibc issue.

Running a (simplified) test case under strace shows that /etc/passwd
is continuously opened and closed:

…
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
read(3, "root0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET)                = 2717
close(3)                                = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "root0:0:root:/root:/bin/bash\n"..., 4096) = 2717
lseek(3, 2717, SEEK_SET)                = 2717
close(3)                                = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
…

The lookup function implementation in
nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that.  It is
supposed skip closing the input file if it was already open.

  /* Reset file pointer to beginning or open file.  */			      \
  status = internal_setent (keep_stream);				      \
									      \
  if (status == NSS_STATUS_SUCCESS)					      \
    {									      \
      /* Tell getent function that we have repositioned the file pointer.  */ \
      last_use = getby;							      \
									      \
      while ((status = internal_getent (result, buffer, buflen, errnop	      \
					H_ERRNO_ARG EXTRA_ARGS_VALUE))	      \
	     == NSS_STATUS_SUCCESS)					      \
	{ break_if_match }						      \
									      \
      if (! keep_stream)						      \
	internal_endent ();						      \
    }									      \

keep_stream is initialized from the stayopen flag in internal_setent.
internal_setent is called from the set*ent implementation as:

  status = internal_setent (stayopen);

However, for non-host database, this flag is always 0, per the
STAYOPEN magic in nss/getXXent_r.c.

Thus, the fix is this:

-  status = internal_setent (stayopen);
+  status = internal_setent (1);

This is not a behavioral change even for the hosts database (where the
application can specify the stayopen flag) because with a call to
sethostent(0), the file handle is still not closed in the
implementation of gethostent.
2015-04-29 14:41:26 +02:00
Joseph Myers
7d0b257541 Fix ldbl-128 roundl for exponents in [31, 47] (bug 18346).
The implementation of roundl for ldbl-128 involves undefined behavior
for arguments with exponents from 31 to 47 inclusive, from the shift:

      u_int64_t i = -1ULL >> (j0 - 48);

For example, on mips64, this means roundl (0xffffffffffff.8p0L)
wrongly returns its argument, which is not an integer.  A condition
checking for exponents < 31 should actually be checking for exponents
< 48, and this patch makes it do so.  (That condition is for whether
the bit representing 0.5 is in the high 64-bit half of the
floating-point number.  The value 31 might have arisen from an
incorrect conversion of the ldbl-96 version to handle ldbl-128.)

This was originally reported as a GCC libquadmath bug
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65757>.

Tested for mips64; also tested for x86_64 and x86 to make sure the new
tests pass there.

	[BZ #18346]
	* sysdeps/ieee754/ldbl-128/s_roundl.c (__roundl): Handle all
	exponents less than 48 as cases where high part of mantissa needs
	examining to determine whether argument is integral.
	* math/libm-test.inc (round_test_data): Add more tests.
2015-04-28 17:27:02 +00:00
Florian Weimer
cc8dcf96e7 test-skeleton: Support temporary files without memory leaks [BZ#18333]
add_temp_file now makes a copy which is freed by delete_temp_files.
Callers to create_temp_file can now free the returned file name to
avoid the memory leak.  These changes do not affect the leak behavior
of existing code.

Also address a NULL pointer derefence in tzset after a memoru allocation
failure, found during testing.
2015-04-27 16:19:55 +02:00
Florian Weimer
42261ad731 Make time zone file parser more robust [BZ #17715] 2015-04-24 17:34:48 +02:00
Stefan Liebler
f7fba80508 S/390: Get cache information via sysconf
This patch adds support to query cache information on s390
via sysconf() function - e.g. with _SC_LEVEL1_ICACHE_SIZE.
The attributes size, linesize and assoc can be queried
for cache level 1 - 4 via "extract cpu attribute" instruction,
which was first available with z10.

* NEWS: Mention sysconf() cache information support for s390.
* sysdeps/unix/sysv/linux/s390/sysconf.c: New File.
2015-04-24 13:37:39 +02:00
Arjun Shankar
2959eda927 CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287] 2015-04-21 14:06:50 +02:00
Stefan Liebler
920a0395ba Use correct signedness in wcsncmp
[BZ #18206]
	* wcsmbs/wcsncmp.c (wcsncmp): Compare as wchar_t, not wint_t.
	  Use signed comparision instead of substraction to avoid
	  overflow bug.
	* localedata/tests-mbwc/tst_wcsncmp.c (tst_wcsncmp):
	  Take the sign of ret.
	* localedata/tests-mbwc/dat_wcsncmp.c (tst_wcsncmp_loc):
	  Do not expect precise return values. Only the sign matters.
	* wcsmbs/Makefile (strop-tests): Add wcsncmp.
	* wcsmbs/test-wcsncmp.c: New File.
	* string/test-strncmp.c: Add wcsncmp support.
2015-04-13 21:25:04 +02:00
Stefan Liebler
de8aadd52c Set errno for log1p on pole/domain error.
According to bug 6792, errno is not set to ERANGE/EDOM
by calling log1p/log1pf/log1pl with x = -1 or x < -1.

This patch adds a wrapper which sets errno in those cases
and returns the value of the existing __log1p function.
The log1p is now an alias to the wrapper function
instead of __log1p.

The files in sysdeps are reflecting these changes.
The ia64 implementation sets errno by itself,
thus the wrapper-file is empty.

The libm-test is adjusted for log1p-tests to check errno.

	[BZ #6792]
	* math/w_log1p.c: New file.
	* math/w_log1pf.c: Likewise.
	* math/w_log1pl.c: Likewise.
	* math/Makefile (libm-calls): Add w_log1p.
	* math/s_log1pl.c (log1pl): Remove weak_alias.
	* sysdeps/i386/fpu/s_log1p.S (log1p): Likewise.
	* sysdeps/i386/fpu/s_log1pf.S (log1pf): Likewise.
	* sysdeps/i386/fpu/s_log1pl.S (log1pl): Likewise.
	* sysdeps/x86_64/fpu/s_log1pl.S (log1pl): Likewise.
	* sysdeps/ieee754/dbl-64/s_log1p.c (log1p): Likewise.
	[NO_LONG_DOUBLE] (log1pl): Likewise.
	* sysdeps/ieee754/flt-32/s_log1pf.c (log1pf): Likewise.
	* sysdeps/ieee754/ldbl-128/s_log1pl.c (log1pl): Likewise.
	* sysdeps/ieee754/ldbl-64-128/s_log1pl.c
	(log1p): Remove long_double_symbol.
	* sysdeps/ieee754/ldbl-128ibm/s_log1pl.c (log1pl): Likewise.
	* sysdeps/ieee754/ldbl-64-128/w_log1pl.c: New file.
	* sysdeps/ieee754/ldbl-128ibm/w_log1pl.c: Likewise.
	* sysdeps/m68k/m680x0/fpu/s_log1p.c: Define empty weak_alias to
	remove weak_alias for corresponding log1p function.
	* sysdeps/m68k/m680x0/fpu/s_log1pf.c: Likewise.
	* sysdeps/m68k/m680x0/fpu/s_log1pl.c: Likewise.
	* sysdeps/ia64/fpu/w_log1p.c: New file.
	* sysdeps/ia64/fpu/w_log1pf.c: Likewise.
	* sysdeps/ia64/fpu/w_log1pl.c: Likewise.
	* math/libm-test.inc (log1p_test_data):	Add errno expectations.
2015-04-13 21:19:27 +02:00
Joseph Myers
5556d30cae Fix strtof decimal rounding close to half least subnormal (bug 18247).
Bug 18247 is an off-by-one error in strtof's determination of a
decimal exponent such that any value with that decimal exponent is at
most half the least subnormal and so the appropriate underflowing
value for the rounding mode can be determined with no
multiple-precision computations.  (Whether the value is in fact safe
despite the off-by-one depends on the floating-point format in
question.  It's wrong for float and for m68k ldbl-96 but not for other
supported formats.)  This patch corrects the computation of the
exponent in question to be safe in general, adding a comment
explaining the new computation.

Tested for x86_64.

	[BZ #18247]
	* stdlib/strtod_l.c (____STRTOF_INTERNAL): Decrease minimum
	decimal exponent by 1.
	* stdlib/tst-strtod-round-data: Add more tests.
	* stdlib/tst-strtod-round.c (tests): Regenerated.
2015-04-10 20:45:30 +00:00
Joseph Myers
8431838dde Fix dbl-64 atan2 in non-default rounding modes (bug 18210, bug 18211).
The dbl-64 implementation of atan2 does computations that expect to
run in round-to-nearest mode, and in other modes the errors can
accumulate to more than the maximum accepted 9ulp.  This patch makes
it use FE_TONEAREST internally, similar to other functions with such
issues.  Tests that previously produced large errors are added for
atan2 and the closely related carg, clog and clog10 functions.

Tested for x86_64 and x86 and ulps updated accordingly.

	[BZ #18210]
	[BZ #18211]
	* sysdeps/ieee754/dbl-64/e_atan2.c: Include <fenv.h>.
	(__ieee754_atan2): Set FE_TONEAREST mode for internal
	computations.
	* math/auto-libm-test-in: Add more tests of atan2, carg, clog and
	clog10.
	* math/auto-libm-test-out: Regenerated.
	* sysdeps/i386/fpu/libm-test-ulps: Update.
	* sysdeps/x86_64/fpu/libm-test-ulps: Likewise.
2015-04-08 17:32:17 +00:00
Joseph Myers
ae63c7ebed Fix dbl-64 atan in non-default rounding modes (bug 18197).
The dbl-64 implementation of atan does computations that expect to run
in round-to-nearest mode, and in other modes the errors can accumulate
to more than the maximum accepted 9ulp.  This patch makes it use
FE_TONEAREST internally, similar to other functions with such issues.

Tested for x86_64 and x86; no ulps updates needed.

	[BZ #18197]
	* sysdeps/ieee754/dbl-64/s_atan.c: Include <fenv.h>.
	(atan): Set FE_TONEAREST mode for internal computations.
	* math/auto-libm-test-in: Add more tests of atan.
	* math/auto-libm-test-out: Regenerated.
2015-04-08 17:14:12 +00:00
James Cowgill
d5856d06c3 [BZ #17930] MIPS: Define SHM_NORESERVE.
[BZ #17930]
	* sysdeps/unix/sysv/linux/mips/bits/shm.h (SHM_NORESERVE): Define.
2015-04-07 17:23:54 +00:00
Ondřej Bílka
9781a37002 Handle mblen return code when n is zero. 2015-04-03 15:47:12 +02:00
Andreas Schwab
b763f6ae85 aarch64: Increase MINSIGSTKSZ and SIGSTKSZ (bug 16850) 2015-04-02 12:18:11 +02:00
Mel Gorman
c26efef979 malloc: Consistently apply trim_threshold to all heaps [BZ #17195]
Trimming heaps is a balance between saving memory and the system overhead
required to update page tables and discard allocated pages. The malloc
option M_TRIM_THRESHOLD is a tunable that users are meant to use to decide
where this balance point is but it is only applied to the main arena.

For scalability reasons, glibc malloc has per-thread heaps but these are
shrunk with madvise() if there is one page free at the top of the heap.
In some circumstances this can lead to high system overhead if a thread
has a control flow like

    while (data_to_process) {
        buf = malloc(large_size);
        do_stuff();
        free(buf);
    }

For a large size, the free() will call madvise (pagetable teardown, page
free and TLB flush) every time followed immediately by a malloc (fault,
kernel page alloc, zeroing and charge accounting). The kernel overhead
can dominate such a workload.

This patch allows the user to tune when madvise gets called by applying
the trim threshold to the per-thread heaps and using similar logic to the
main arena when deciding whether to shrink. Alternatively if the dynamic
brk/mmap threshold gets adjusted then the new values will be obeyed by
the per-thread heaps.

Bug 17195 was a test case motivated by a problem encountered in scientific
applications written in python that performance badly due to high page fault
overhead. The basic operation of such a program was posted by Julian Taylor
https://sourceware.org/ml/libc-alpha/2015-02/msg00373.html

With this patch applied, the overhead is eliminated. All numbers in this
report are in seconds and were recorded by running Julian's program 30
times.

pyarray
                                 glibc               madvise
                                  2.21                    v2
System  min             1.81 (  0.00%)        0.00 (100.00%)
System  mean            1.93 (  0.00%)        0.02 ( 99.20%)
System  stddev          0.06 (  0.00%)        0.01 ( 88.99%)
System  max             2.06 (  0.00%)        0.03 ( 98.54%)
Elapsed min             3.26 (  0.00%)        2.37 ( 27.30%)
Elapsed mean            3.39 (  0.00%)        2.41 ( 28.84%)
Elapsed stddev          0.14 (  0.00%)        0.02 ( 82.73%)
Elapsed max             4.05 (  0.00%)        2.47 ( 39.01%)

               glibc     madvise
                2.21          v2
User          141.86      142.28
System         57.94        0.60
Elapsed       102.02       72.66

Note that almost a minutes worth of system time is eliminted and the
program completes 28% faster on average.

To illustrate the problem without python this is a basic test-case for
the worst case scenario where every free is a madvise followed by a an alloc

/* gcc bench-free.c -lpthread -o bench-free */
static int num = 1024;

void __attribute__((noinline,noclone)) dostuff (void *p)
{
}

void *worker (void *data)
{
  int i;

  for (i = num; i--;)
    {
      void *m = malloc (48*4096);
      dostuff (m);
      free (m);
    }

  return NULL;
}

int main()
{
  int i;
  pthread_t t;
  void *ret;
  if (pthread_create (&t, NULL, worker, NULL))
    exit (2);
  if (pthread_join (t, &ret))
    exit (3);
  return 0;
}

Before the patch, this resulted in 1024 calls to madvise. With the patch applied,
madvise is called twice because the default trim threshold is high enough to avoid
this.

This a more complex case where there is a mix of frees. It's simply a different worker
function for the test case above

void *worker (void *data)
{
  int i;
  int j = 0;
  void *free_index[num];

  for (i = num; i--;)
    {
      void *m = malloc ((i % 58) *4096);
      dostuff (m);
      if (i % 2 == 0) {
        free (m);
      } else {
        free_index[j++] = m;
      }
    }
  for (; j >= 0; j--)
    {
      free(free_index[j]);
    }

  return NULL;
}

glibc 2.21 calls malloc 90305 times but with the patch applied, it's
called 13438. Increasing the trim threshold will decrease the number of
times it's called with the option of eliminating the overhead.

ebizzy is meant to generate a workload resembling common web application
server workloads. It is threaded with a large working set that at its core
has an allocation, do_stuff, free loop that also hits this case. The primary
metric of the benchmark is records processed per second. This is running on
my desktop which is a single socket machine with an I7-4770 and 8 cores.
Each thread count was run for 30 seconds. It was only run once as the
performance difference is so high that the variation is insignificant.

                glibc 2.21              patch
threads 1            10230              44114
threads 2            19153              84925
threads 4            34295             134569
threads 8            51007             183387

Note that the saving happens to be a concidence as the size allocated
by ebizzy was less than the default threshold. If a different number of
chunks were specified then it may also be necessary to tune the threshold
to compensate

This is roughly quadrupling the performance of this benchmark. The difference in
system CPU usage illustrates why.

ebizzy running 1 thread with glibc 2.21
10230 records/s 306904
real 30.00 s
user  7.47 s
sys  22.49 s

22.49 seconds was spent in the kernel for a workload runinng 30 seconds. With the
patch applied

ebizzy running 1 thread with patch applied
44126 records/s 1323792
real 30.00 s
user 29.97 s
sys   0.00 s

system CPU usage was zero with the patch applied. strace shows that glibc
running this workload calls madvise approximately 9000 times a second. With
the patch applied madvise was called twice during the workload (or 0.06
times per second).

2015-02-10  Mel Gorman  <mgorman@suse.de>

  [BZ #17195]
  * malloc/arena.c (free): Apply trim threshold to per-thread heaps
    as well as the main arena.
2015-04-02 12:14:14 +05:30
H.J. Lu
a3d9ab5070 Limit threads sharing L2 cache to 2 for SLM/KNL
Silvermont and Knights Landing have a modular system design with two cores
sharing an L2 cache.  If more than 2 cores are detected to shared L2 cache,
it should be adjusted for Silvermont and Knights Landing.

	[BZ #18185]
	* sysdeps/x86_64/cacheinfo.c (init_cacheinfo): Limit threads
	sharing L2 cache to 2 for Silvermont/Knights Landing.
2015-03-31 13:18:10 -07:00
Alan Modra
afcd9480fe powerpc __tls_get_addr call optimization
This patch is glibc support for a PowerPC TLS optimization, inspired
by Alexandre Oliva's TLS optimization for other processors,
http://www.lsd.ic.unicamp.br/~oliva/writeups/TLS/RFC-TLSDESC-x86.txt

In essence, this optimization uses a zero module id in the tls_index
GOT entry to indicate that a TLS variable is allocated space in the
static TLS area.  A special plt call linker stub for __tls_get_addr
checks for such a tls_index and if found, returns the offset
immediately.  The linker communicates the fact that the special
__tls_get_addr stub is used by setting a bit in the dynamic tag
DT_PPC64_OPT/DT_PPC_OPT.  glibc communicates to the linker that this
optimization is available by the presence of __tls_get_addr_opt.

tst-tlsmod2.so is built with -Wl,--no-tls-get-addr-optimize for
tst-tls-dlinfo, which otherwise would fail since it tests that no
static tls is allocated.  The ld option --no-tls-get-addr-optimize has
been available since binutils-2.20 so doesn't need a configure test.

	* NEWS: Advertise TLS optimization.
	* elf/elf.h (R_PPC_TLSGD, R_PPC_TLSLD, DT_PPC_OPT, PPC_OPT_TLS): Define.
	(DT_PPC_NUM): Increment.
	* elf/dynamic-link.h (HAVE_STATIC_TLS): Define.
	(CHECK_STATIC_TLS): Use here.
	* sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela): Optimize
	TLS descriptors.
	* sysdeps/powerpc/powerpc64/dl-machine.h (elf_machine_rela): Likewise.
	* sysdeps/powerpc/dl-tls.c: New file.
	* sysdeps/powerpc/Versions: Add __tls_get_addr_opt.
	* sysdeps/powerpc/tst-tlsopt-powerpc.c: New tls test.
	* sysdeps/unix/sysv/linux/powerpc/Makefile: Add new test.
	Build tst-tlsmod2.so with --no-tls-get-addr-optimize.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/ld.abilist: Update.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/ld.abilist: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/ld-le.abilist: Likewise.
2015-03-25 15:53:47 +10:30
Florian Weimer
2b028564f1 Avoid SIGFPE in wordexp [BZ #18100]
Check for a zero divisor and integer overflow before performing
division in arithmetic expansion.
2015-03-23 16:12:38 +01:00
Joseph Myers
6a9350c854 Note old commit as having resolved bug 11505. 2015-03-21 17:50:13 +00:00
Joseph Myers
c2f5813ae0 Make sem_timedwait use FUTEX_CLOCK_REALTIME (bug 18138).
sem_timedwait converts absolute timeouts to relative to pass them to
the futex syscall.  (Before the recent reimplementation, on x86_64 it
used FUTEX_CLOCK_REALTIME, but not on other architectures.)

Correctly implementing POSIX requirements, however, requires use of
FUTEX_CLOCK_REALTIME; passing a relative timeout to the kernel does
not conform to POSIX.  The POSIX specification for sem_timedwait says
"The timeout shall be based on the CLOCK_REALTIME clock.".  The POSIX
specification for clock_settime says "If the value of the
CLOCK_REALTIME clock is set via clock_settime(), the new value of the
clock shall be used to determine the time of expiration for absolute
time services based upon the CLOCK_REALTIME clock. This applies to the
time at which armed absolute timers expire. If the absolute time
requested at the invocation of such a time service is before the new
value of the clock, the time service shall expire immediately as if
the clock had reached the requested time normally.".  If a relative
timeout is passed to the kernel, it is interpreted according to the
CLOCK_MONOTONIC clock, and so fails to meet that POSIX requirement in
the event of clock changes.

This patch makes sem_timedwait use lll_futex_timed_wait_bitset with
FUTEX_CLOCK_REALTIME when possible, as done in some other places in
NPTL.  FUTEX_CLOCK_REALTIME is always available for supported Linux
kernel versions; unavailability of lll_futex_timed_wait_bitset is only
an issue for hppa (an issue noted in
<https://sourceware.org/glibc/wiki/PortStatus>, and fixed by the
unreviewed
<https://sourceware.org/ml/libc-alpha/2014-12/msg00655.html> that
removes the hppa lowlevellock.h completely).

In the FUTEX_CLOCK_REALTIME case, the glibc code still needs to check
for negative tv_sec and handle that as timeout, because the Linux
kernel returns EINVAL not ETIMEDOUT for that case, so resulting in
failures of nptl/tst-abstime and nptl/tst-sem13 in the absence of that
check.  If we're trying to distinguish between Linux-specific and
generic-futex NPTL code, I suppose having this in an nptl/ file isn't
ideal, but there doesn't seem to be any better place at present.

It's not possible to add a testcase for this issue to the testsuite
because of the requirement to change the system clock as part of a
test (this is a case where testing would require some form of
container, with root in that container, and one whose CLOCK_REALTIME
is isolated from that of the host; I'm not sure what forms of
containers, short of a full virtual machine, provide that clock
isolation).

Tested for x86_64.  Also tested for powerpc with the testcase included
in the bug.

	[BZ #18138]
	* nptl/sem_waitcommon.c: Include <kernel-features.h>.
	(futex_abstimed_wait)
	[__ASSUME_FUTEX_CLOCK_REALTIME && lll_futex_timed_wait_bitset]:
	Use lll_futex_timed_wait_bitset with FUTEX_CLOCK_REALTIME instead
	of lll_futex_timed_wait.
2015-03-18 17:05:38 +00:00
Siddhesh Poyarekar
3382c079da Fix up NEWS merge goof-up 2015-03-18 15:04:57 +05:30
Brad Hubbard
ed6b0fe710 Use calloc to allocate xports (BZ #17542)
If xports is NULL in xprt_register we malloc it but if sock >
_rpc_dtablesize() that memory does not get initialised and may in theory
contain any value. Later we make a conditional jump in svc_getreq_common
based on the uninitialised memory and this caused a general protection
fault in rpc.statd on an older version of glibc but this code has not
changed since that version.

Following is the valgrind warning.

==26802== Conditional jump or move depends on uninitialised value(s)
==26802==    at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so)
==26802==    by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so)
==26802==    by 0x10DE1F: ??? (in /sbin/rpc.statd)
==26802==    by 0x10D0EF: main (in /sbin/rpc.statd)
==26802==  Uninitialised value was created by a heap allocation
==26802==    at 0x4C2210C: malloc (vg_replace_malloc.c:195)
==26802==    by 0x53438BE: xprt_register (in /lib64/libc-2.5.so)
==26802==    by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so)
==26802==    by 0x10FE32: ??? (in /sbin/rpc.statd)
==26802==    by 0x10D13E: main (in /sbin/rpc.statd)
2015-03-18 14:51:26 +05:30
Alexandre Oliva
f8aeae3473 Fix DTV race, assert, DTV_SURPLUS Static TLS limit, and nptl_db garbage
for  ChangeLog

	[BZ #17090]
	[BZ #17620]
	[BZ #17621]
	[BZ #17628]
	* NEWS: Update.
	* elf/dl-tls.c (_dl_update_slotinfo): Clean up outdated DTV
	entries with Static TLS too.  Skip entries past the end of the
	allocated DTV, from Alan Modra.
	(tls_get_addr_tail): Update to glibc_likely/unlikely.  Move
	Static TLS DTV entry set up from...
	 (_dl_allocate_tls_init): ... here (fix modid assertion), ...
	* elf/dl-reloc.c (_dl_nothread_init_static_tls): ... here...
	* nptl/allocatestack.c (init_one_static_tls): ... and here...
	* elf/dlopen.c (dl_open_worker): Drop l_tls_modid upper bound
	for Static TLS.
	* elf/tlsdeschtab.h (map_generation): Return size_t.  Check
	that the slot we find is associated with the given map before
	using its generation count.
	* nptl_db/db_info.c: Include ldsodefs.h.
	(rtld_global, dtv_slotinfo_list, dtv_slotinfo): New typedefs.
	* nptl_db/structs.def (DB_RTLD_VARIABLE): New macro.
	(DB_MAIN_VARIABLE, DB_RTLD_GLOBAL_FIELD): Likewise.
	(link_map::l_tls_offset): New struct field.
	(dtv_t::counter): Likewise.
	(rtld_global): New struct.
	(_rtld_global): New rtld variable.
	(dl_tls_dtv_slotinfo_list): New rtld global field.
	(dtv_slotinfo_list): New struct.
	(dtv_slotinfo): Likewise.
	* nptl_db/td_symbol_list.c: Drop gnu/lib-names.h include.
	(td_lookup): Rename to...
	(td_mod_lookup): ... this.  Use new mod parameter instead of
	LIBPTHREAD_SO.
	* nptl_db/td_thr_tlsbase.c: Include link.h.
	(dtv_slotinfo_list, dtv_slotinfo): New functions.
	(td_thr_tlsbase): Check DTV generation.  Compute Static TLS
	addresses even if the DTV is out of date or missing them.
	* nptl_db/fetch-value.c (_td_locate_field): Do not refuse to
	index zero-length arrays.
	* nptl_db/thread_dbP.h: Include gnu/lib-names.h.
	(td_lookup): Make it a macro implemented in terms of...
	(td_mod_lookup): ... this declaration.
	* nptl_db/db-symbols.awk (DB_RTLD_VARIABLE): Override.
	(DB_MAIN_VARIABLE): Likewise.
2015-03-17 00:31:49 -03:00
Andreas Schwab
a3905fd9de m68k: fix 64-bit arithmetic in atomic operations (bug 18128) 2015-03-14 22:27:36 +01:00
Carlos O'Donell
cf9313e7d1 Enhance nscd's inotify support (Bug 14906).
In bug 14906 the user complains that the inotify support in nscd
is not sufficient when it comes to detecting changes in the
configurationfiles that should be watched for the various databases.

The current nscd implementation uses inotify to watch for changes in
the configuration files, but adds watches only for IN_DELETE_SELF and
IN_MODIFY. These watches are insufficient to cover even the most basic
uses by a system administrator. For example using emacs or vim to edit
a configuration file should trigger a reload but it might not if
the editors use move to atomically update the file. This atomic update
changes the inode and thus removes the notification on the file (as
inotify is based on inodes). Thus the inotify support in nscd for
configuration files is insufficient to account for the average use
cases of system administrators and users.

The inotify support is significantly enhanced and described here:
https://www.sourceware.org/ml/libc-alpha/2015-02/msg00504.html

Tested on x86_64 with and without inotify support.
2015-03-13 09:49:24 -04:00
Stefan Liebler
2e807f2959 S/390: Fix setcontext/swapcontext which are not restoring sigmask. 2015-03-12 11:08:11 +01:00
Aurelien Jarno
6a1cf708dd Fix ldconfig segmentation fault with corrupted cache (Bug 18093).
ldconfig is using an aux-cache to speed up the ld.so.cache update. It
is read by mmaping the file to a structure which contains data offsets
used as pointers. As they are not checked, it is not hard to get
ldconfig to segfault with a corrupted file. This happens for instance if
the file is truncated, which is common following a filesystem check
following a system crash.

This can be reproduced for example by truncating the file to roughly
half of it's size.

There is already some code in elf/cache.c (load_aux_cache) to check
for a corrupted aux cache, but it happens to be broken and not enough.
The test (aux_cache->nlibs >= aux_cache_size) compares the number of
libs entry with the cache size. It's a non sense, as it basically
assumes that each library entry is a 1 byte... Instead this commit
computes the theoretical cache size using the headers and compares it
to the real size.
2015-03-11 21:07:32 -04:00
Mike Frysinger
b42e14ff3e hppa: update __O_SYNC fix with [BZ #18068] 2015-03-11 03:33:07 -04:00
Carlos O'Donell
e4363cfb57 hppa: Fix feupdateenv and fesetexceptflag (Bug 18111).
The function feupdateenv has been fixed to correctly handle FE_DFL_ENV
and FE_NOMASK_ENV.

The fesetexceptflag function has been fixed to correctly handle setting
the new flags instead of just OR-ing the existing flags.

This fixes the test-fenv-return and test-fenvinline failures on hppa.
2015-03-11 02:48:59 -04:00
John David Anglin
fae1aa8d22 hppa: Fix feholdexcpt and fesetenv (Bug 18110).
The constraints in the inline assembly in feholdexcept and fesetenv
are incorrect. The assembly modifies the buffer pointer, but doesn't
express that in the constraints. The simple fix is to remove the
modification of the buffer pointer which is no longer required by
the existing code, and adjust the one constraint that did express
the modification of bufptr.

The change fixes test-fenv when glibc is compiled with recent gcc.
2015-03-11 02:48:22 -04:00
Adhemerval Zanella
d421868bb8 powerpc: Fix incorrect results for pow when using FMA
This patch adds no FMA generation for e_pow to avoid precision issues
for powerpc.  This fixes BZ#18104.
2015-03-10 09:38:54 -04:00
Paul Pluzhnikov
95f386609f Mention BZ #18042 in NEWS. 2015-03-08 21:58:26 -07:00
Paul Pluzhnikov
895c30cb00 Fix BZ #18043: buffer-overflow (read past the end) in wordexp/parse_dollars/parse_param 2015-03-06 09:13:16 -08:00
Andreas Schwab
8e2e833ac4 Don't define __CORRECT_ISO_CPP_STRING_H_PROTO for non-GCC compilers (bug 17631)
The implementation of __CORRECT_ISO_CPP_STRING_H_PROTO requires
support for asm aliases.
2015-03-04 11:52:55 +01:00
Adhemerval Zanella
85b290451e powerpc: Fix inline feraiseexcept, feclearexcept macros
This patch fixes the inline feraiseexcept and feclearexcept macros for
powerpc by casting the input argument to integer before operation on it.

It fixes BZ#17776.
2015-03-03 10:01:49 -05:00
Alan Modra
a0af371c25 Fix localplt test breakage with new readelf
Since 2014-11-24 binutils git commit bb4d2ac2, readelf has appended
the symbol version to symbols shown in reloc dumps.

	[BZ #16512]
	* scripts/localplt.awk: Strip off symbol version.
	* NEWS: Mention bug fix.
2015-03-03 23:43:18 +10:30
Joseph Myers
6d08b0223a Correct __ASSUME_PRLIMIT64 for hppa/microblaze/sh (bug 17779).
__ASSUME_PRLIMIT64 is defined in kernel-features.h for kernels 2.6.36
and later, but hppa, microblaze and sh did not add the prlimit64
syscall until 2.6.37.  This patch adds corresponding undefines of
__ASSUME_PRLIMIT64 to those architectures' kernel-features.h files.

(This concludes the kernel-features.h fixes arising out of the review
- limited to macros defined in the architecture-independent
kernel-features.h file - I did in connection with the move to 2.6.32
minimum kernel version.  For that subset of macros - I didn't check
any purely architecture-specific macros - I think they are now defined
for the correct kernel versions on each architecture after this
patch.)

	[BZ #17779]
	* sysdeps/unix/sysv/linux/hppa/kernel-features.h
	[__LINUX_KERNEL_VERSION < 0x020625] (__ASSUME_PRLIMIT64):
	Undefine.
	* sysdeps/unix/sysv/linux/microblaze/kernel-features.h
	[__LINUX_KERNEL_VERSION < 0x020625] (__ASSUME_PRLIMIT64):
	Likewise.
	* sysdeps/unix/sysv/linux/sh/kernel-features.h
	[__LINUX_KERNEL_VERSION < 0x020625] (__ASSUME_PRLIMIT64):
	Likewise.
2015-03-02 23:05:55 +00:00
Paul Pluzhnikov
c2c6d39fab Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch 2015-03-02 13:34:22 -08:00
H.J. Lu
ef4ad06fe5 Compile vismain with -fPIE and link with -pie
Protocted symbol in shared library can only be accessed from PIE
or shared library.  Linker in binutils 2.26 enforces it.  We must
compile vismain with -fPIE and link it with -pie.

	[BZ #17711]
	* elf/Makefile (tests): Add vismain only if PIE is enabled.
	(tests-pie): Add vismain.
	(CFLAGS-vismain.c): New.
	* elf/vismain.c: Add comments for PIE requirement.
2015-02-27 14:13:28 -08:00
Joseph Myers
2ca725c594 Fix ldbl-96, ldbl-128ibm atanhl inaccuracy (bug 18046, bug 18047).
The threshold in ldbl-96 atanhl for when to return the argument,
0x1p-28, is a bit too big, and that in ldbl-128ibm atanhl is much too
big (the relevant condition being x^3/3 being < 0.5ulp of x),
resulting in errors a bit above the limits of those considered
acceptable in glibc in the ldbl-96 case, and in large errors in the
ldbl-128ibm case.  This patch changes those implementations to use
more appropriate thresholds and adds tests around the thresholds for
various formats.

Tested for x86_64, x86 and powerpc.  x86_64 and x86 ulps updated
accordingly.

	[BZ #18046]
	[BZ #18047]
	* sysdeps/ieee754/ldbl-128ibm/e_atanhl.c (__ieee754_atanhl): Use
	0x1p-56L as threshold for just returning the argument.
	* sysdeps/ieee754/ldbl-96/e_atanhl.c (__ieee754_atanhl): Use
	0x1p-32L as threshold for just returning the argument.
	* math/auto-libm-test-in: Add more tests of atanh.
	* math/auto-libm-test-out: Regenerated.
	* sysdeps/i386/fpu/libm-test-ulps: Update.
	* sysdeps/x86_64/fpu/libm-test-ulp: Likewise.
2015-02-27 17:48:37 +00:00
Joseph Myers
1d9ab20c14 Fix ldbl-128/ldbl-128ibm acosl inaccuracy (bug 18038, bug 18039).
The ldbl-128 and ldbl-128ibm implementations of acosl have similar
bugs, using a threshold of 0x1p-57L to determine when they just return
pi/2.  Since the result pi/2 - asinl (x) is roughly pi/2 - x for small
x, the relevant cut-off is actually x being < 0.5ulp of 1.  This patch
fixes the implementations to use that cut-off and adds tests of small
acos arguments.

Tested for powerpc and mips64.  Also tested for x86_64 and x86; no
ulps updates needed.

	[BZ #18038]
	[BZ #18039]
	* sysdeps/ieee754/ldbl-128/e_acosl.c (__ieee754_acosl): Only
	return pi/2 for arguments below 0x1p-113L.
	* sysdeps/ieee754/ldbl-128ibm/e_acosl.c (__ieee754_acosl): Only
	return pi/2 for arguments below 0x1p-106L.
	* math/auto-libm-test-in: Add more tests of acos.
	* math/auto-libm-test-out: Regenerated.
2015-02-26 21:06:34 +00:00
Joseph Myers
ec0ce0d3be Fix asin missing underflows (bug 16351).
Similar to various other bugs in this area, some asin implementations
do not raise the underflow exception for subnormal arguments, when the
result is tiny and inexact.  This patch forces the exception in a
similar way to previous fixes.

Tested for x86_64, x86, powerpc and mips64.

	[BZ #16351]
	* sysdeps/i386/fpu/e_asin.S (dbl_min): New object.
	(MO): New macro.
	(__ieee754_asin): Force underflow exception for results with small
	absolute value.
	* sysdeps/i386/fpu/e_asinf.S (flt_min): New object.
	(MO): New macro.
	(__ieee754_asinf): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/dbl-64/e_asin.c: Include <float.h> and <math.h>.
	(__ieee754_asin): Force underflow exception for results with small
	absolute value.
	* sysdeps/ieee754/flt-32/e_asinf.c: Include <float.h>.
	(__ieee754_asinf): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/ldbl-128/e_asinl.c: Include <float.h>.
	(__ieee754_asinl): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/ldbl-128ibm/e_asinl.c: Include <float.h>.
	(__ieee754_asinl): Force underflow exception for results with
	small absolute value.
	* sysdeps/ieee754/ldbl-96/e_asinl.c: Include <float.h>.
	(__ieee754_asinl): Force underflow exception for results with
	small absolute value.
	* sysdeps/x86_64/fpu/multiarch/e_asin.c [HAVE_FMA4_SUPPORT]:
	Include <math.h>.
	* math/auto-libm-test-in: Do not mark underflow exceptions as
	possibly missing for bug 16351.
	* math/auto-libm-test-out: Regenerated.
2015-02-26 17:18:54 +00:00
Joseph Myers
380bd0fd24 Fix ldbl-128ibm logbl near powers of 2 (bug 18030).
The ldbl-128ibm implementation of logbl produces incorrect results
when the high part of the argument is a power of 2 and the low part a
nonzero number with the opposite sign (and so the returned exponent
should be 1 less than that of the high part).  For example, logbl
(0x1.ffffffffffffffp1L) returns 2 but should return 1.  (This is
similar to (fixed) bug 16740 for frexpl, and (fixed) bug 18029 for
ilogbl.)  This patch adds checks for that case.

Tested for powerpc.

	[BZ #18030]
	* sysdeps/ieee754/ldbl-128ibm/s_logbl.c (__logbl): Adjust exponent
	of power of 2 down when low part has opposite sign.
	* math/libm-test.inc (logb_test_data): Add more tests.
2015-02-26 15:14:58 +00:00
Andreas Schwab
4a28f4d55a Fix read past end of pattern in fnmatch (bug 18032) 2015-02-26 16:05:08 +01:00
Joseph Myers
524ae9ea2e Fix ldbl-128ibm ilogbl near powers of 2 (bug 18029).
The ldbl-128ibm implementation of ilogbl produces incorrect results
when the high part of the argument is a power of 2 and the low part a
nonzero number with the opposite sign (and so the returned exponent
should be 1 less than that of the high part).  For example, ilogbl
(0x1.ffffffffffffffp1L) returns 2 but should return 1.  (This is
similar to (fixed) bug 16740 for frexpl, and bug 18030 for logbl.)
This patch adds checks for that case.

Tested for powerpc.

	[BZ #18029]
	* sysdeps/ieee754/ldbl-128ibm/e_ilogbl.c (__ieee754_ilogbl):
	Adjust exponent of power of 2 down when low part has opposite
	sign.
	* math/libm-test.inc (ilogb_test_data): Add more tests.
2015-02-26 12:57:21 +00:00
Alexandre Oliva
0d822a016b BZ #15969: search locale archive again after alias expansion
If a locale alias is defined in locale.alias but not in an archive,
and the referenced locale is only present in the archive, setlocale
will fail if given the alias name.  This is unintuitive.  This patch
fixes it, arranging for the locale archive to be searched again after
alias expansion.

for  ChangeLog

	[BZ #15969]
	* locale/findlocale.c (_nl_find_locale): Retry archive search
	after alias expansion.
2015-02-26 02:16:51 -03:00