Rich Felker [Wed, 7 Aug 2013 15:19:11 +0000 (11:19 -0400)]
make fcvt decimal point location for zero make more sense
the (obsolete) standard allows either 0 or 1 for the decimal point
location in this case, but since the number of zero digits returned in
the output string (in this implementation) is one more than the number
of digits the caller requested, it makes sense for the decimal point
to be logically "after" the first digit. in a sense, this change goes
with the previous commit which fixed the value of the decimal point
location for non-zero inputs.
Rich Felker [Wed, 7 Aug 2013 15:14:45 +0000 (11:14 -0400)]
fix ecvt/fcvt decimal point position output
these functions are obsolete and have no modern standard. the text in
SUSv2 is highly ambiguous, specifying that "negative means to the left
of the returned digits", which suggested to me that 0 would mean to
the right of the first digit. however, this does not agree with
historic practice, and the Linux man pages are more clear, specifying
that a negative value means "that the decimal point is to the left of
the start of the string" (in which case, 0 would mean the start of the
string, in accordance with historic practice).
Rich Felker [Mon, 5 Aug 2013 17:14:17 +0000 (13:14 -0400)]
iconv support for legacy Korean encodings
like for other character sets, stateful iso-2022 form is not supported
yet but everything else should work. all charset aliases are treated
the same, as Windows codepage 949, because reportedly the EUC-KR
charset name is in widespread (mis?)usage in email and on the web for
data which actually uses the extended characters outside the standard
93x94 grid. this could easily be changed if desired.
the principle of this converter for handling the giant bulk of rare
Hangul syllables outside of the standard KS X 1001 93x94 grid is the
same as the GB18030 converter's treatment of non-explicitly-coded
Unicode codepoints: sequences in the extension range are mapped to an
integer index N, and the converter explicitly computes the Nth Hangul
syllable not explicitly encoded in the character map. empirically,
this requires at most 7 passes over the grid. this approach reduces
the table size required for Korean legacy encodings from roughly 44k
to 17k and should have minimal performance impact on real-world text
conversions since the "slow" characters are rare. where it does have
impact, the cost is merely a large constant time factor.
Rich Felker [Sat, 3 Aug 2013 21:10:42 +0000 (17:10 -0400)]
have new timer threads unblock their own SIGTIMER
unblocking it in the pthread_once init function is not sufficient,
since multiple threads, some of them with the signal blocked, could
already exist before this is called; timers started from such threads
would be non-functional.
Rich Felker [Sat, 3 Aug 2013 20:27:30 +0000 (16:27 -0400)]
add system for resetting TLS to initial values
this is needed for reused threads in the SIGEV_THREAD timer
notification system, and could be reused elsewhere in the future if
needed, though it should be refactored for such use.
for static linking, __init_tls.c is simply modified to export the TLS
info in a structure with external linkage, rather than using statics.
this perhaps makes the code more clear, since the statics were poorly
named for statics. the new __reset_tls.c is only linked if it is used.
for dynamic linking, the code is in dynlink.c. sharing code with
__copy_tls is not practical since __reset_tls must also re-zero
thread-local bss.
Rich Felker [Sat, 3 Aug 2013 17:20:42 +0000 (13:20 -0400)]
fix multiple bugs in SIGEV_THREAD timers
1. the thread result field was reused for storing a kernel timer id,
but would be overwritten if the application code exited or cancelled
the thread.
2. low pointer values were used as the indicator that the timer id is
a kernel timer id rather than a thread id. this is not portable, as
mmap may return low pointers on some conditions. instead, use the fact
that pointers must be aligned and kernel timer ids must be
non-negative to map pointers into the negative integer space.
3. signals were not blocked until after the timer thread started, so a
race condition could allow a signal handler to run in the timer thread
when it's not supposed to exist. this is mainly problematic if the
calling thread was the only thread where the signal was unblocked and
the signal handler assumes it runs in that thread.
Rich Felker [Sat, 3 Aug 2013 07:20:56 +0000 (03:20 -0400)]
add some new linux AT_* flags
Rich Felker [Sat, 3 Aug 2013 07:16:24 +0000 (03:16 -0400)]
fix faccessat to support AT_EACCESS flag
this is another case of the kernel syscall failing to support flags
where it needs to, leading to horrible workarounds in userspace. this
time the workaround requires changing uid/gid, and that's not safe to
do in the current process. in the worst case, kernel resource limits
might prevent recovering the original values, and then there would be
no way to safely return. so, use the safe but horribly inefficient
alternative: forking. clone is used instead of fork to suppress
signals from the child.
fortunately this worst-case code is only needed when effective and
real ids mismatch, which mainly happens in suid programs.
Rich Felker [Sat, 3 Aug 2013 06:28:35 +0000 (02:28 -0400)]
collapse euidaccess to a call to faccessat
it turns out Linux is buggy for faccessat, just like fchmodat: the
kernel does not actually take a flags argument. so we're going to have
to emulate it there.
Rich Felker [Sat, 3 Aug 2013 06:18:19 +0000 (02:18 -0400)]
add prototypes for euidaccess/eaccess
Rich Felker [Sat, 3 Aug 2013 06:15:45 +0000 (02:15 -0400)]
add legacy euidaccess function and eaccess alias for it
this is mainly for ABI compat purposes.
Rich Felker [Sat, 3 Aug 2013 01:20:33 +0000 (21:20 -0400)]
make tdestroy allow null function pointer if no destructor is needed
this change is to align with a change in the glibc interface.
Rich Felker [Sat, 3 Aug 2013 01:13:16 +0000 (21:13 -0400)]
fix aliasing violations in tsearch functions
patch by nsz. the actual object the caller has storing the tree root
has type void *, so accessing it as struct node * is not valid.
instead, simply access the value, move it to a temporary of the
appropriate type and work from there, then move the result back.
Rich Felker [Fri, 2 Aug 2013 23:34:22 +0000 (19:34 -0400)]
protect against long double type mismatches (mainly powerpc for now)
check in configure to be polite (failing early if we're going to fail)
and in vfprintf.c since that is the point at which a mismatching type
would be extremely dangerous.
Rich Felker [Fri, 2 Aug 2013 22:34:39 +0000 (18:34 -0400)]
add legacy function valloc
it was already declared in stdlib.h, but not defined anywhere.
Rich Felker [Fri, 2 Aug 2013 22:14:44 +0000 (18:14 -0400)]
fix feature test macro logic for _BSD_SOURCE
in several places, _BSD_SOURCE was not even implying POSIX, resulting
in it being subtractive rather than additive (compared to the default
features).
Rich Felker [Fri, 2 Aug 2013 22:05:56 +0000 (18:05 -0400)]
add wcsftime_t alias
this is a nonstandard extension.
Rich Felker [Fri, 2 Aug 2013 20:52:17 +0000 (16:52 -0400)]
add missing c++ extern "C" wrapping to link.h
Rich Felker [Fri, 2 Aug 2013 17:33:31 +0000 (13:33 -0400)]
make fchdir, fchmod, fchown, and fstat support O_PATH file descriptors
on newer kernels, fchdir and fstat work anyway. this same fix should
be applied to any other syscalls that are similarly affected.
with this change, the current definitions of O_SEARCH and O_EXEC as
O_PATH are mostly conforming to POSIX requirements. the main remaining
issue is that O_NOFOLLOW has different semantics.
Rich Felker [Fri, 2 Aug 2013 16:59:45 +0000 (12:59 -0400)]
debloat code that depends on /proc/self/fd/%d with shared function
I intend to add more Linux workarounds that depend on using these
pathnames, and some of them will be in "syscall" functions that, from
an anti-bloat standpoint, should not depend on the whole snprintf
framework.
Rich Felker [Fri, 2 Aug 2013 16:25:32 +0000 (12:25 -0400)]
work around linux's lack of flags argument to fchmodat syscall
previously, the AT_SYMLINK_NOFOLLOW flag was ignored, giving
dangerously incorrect behavior -- the target of the symlink had its
modes changed to the modes (usually 0777) intended for the symlink).
this issue was amplified by the fact that musl provides lchmod, as a
wrapper for fchmodat, which some archival programs take as a sign that
symlink modes are supported and thus attempt to use.
emulating AT_SYMLINK_NOFOLLOW was a difficult problem, and I
originally believed it could not be solved, at least not without
depending on kernels newer than 3.5.x or so where O_PATH works halfway
well. however, it turns out that accessing O_PATH file descriptors via
their pseudo-symlink entries in /proc/self/fd works much better than
trying to use the fd directly, and works even on older kernels.
moreover, the kernel has permanently pegged these references to the
inode obtained by the O_PATH open, so there should not be race
conditions with the file being moved, deleted, replaced, etc.
Rich Felker [Fri, 2 Aug 2013 14:02:29 +0000 (10:02 -0400)]
move RPATH search after LD_LIBRARY_PATH search
this is the modern way, and the only way that makes any sense. glibc
has this complicated mechanism with RPATH and RUNPATH that controls
whether RPATH is processed before or after LD_LIBRARY_PATH, presumably
to support legacy binaries, but there is no compelling reason to
support this, and better behavior is obtained by just fixing the
search order.
Rich Felker [Fri, 2 Aug 2013 14:00:09 +0000 (10:00 -0400)]
provide useless 64-bit fcntl macros with _LARGEFILE64_SOURCE
this is all useless but part of the API, which is part of the
_GNU_SOURCE API, so something may need them.
Rich Felker [Fri, 2 Aug 2013 13:59:02 +0000 (09:59 -0400)]
if map_library has allocated a buffer for phdrs, free it on success too
this fixes an oversight in the previous commit.
Rich Felker [Fri, 2 Aug 2013 13:56:49 +0000 (09:56 -0400)]
improve error handling in map_library and support long phdrs
previously, errno could be meaningless when the caller wrote it to the
dlerror string or stderr. try to make it meaningful. also, fix
incorrect check for over-long program headers and instead actually
support them by allocating memory if needed.
Rich Felker [Fri, 2 Aug 2013 13:25:12 +0000 (09:25 -0400)]
fix uninitialized dyn variable in map_library
this can only happen for invalid library files, but they were not
detected reliably because the variable was uninitialized.
Rich Felker [Fri, 2 Aug 2013 05:06:53 +0000 (01:06 -0400)]
fix (deprecated) mktemp logic and update it to match other temp functions
the access function cannot be used to check for existence, because it
operates using real uid/gid rather than effective to determine
accessibility; this matters for the non-final path components.
instead, use stat. failure of stat is success if only the final
component is missing (ENOENT) and otherwise is failure.
Rich Felker [Fri, 2 Aug 2013 04:52:50 +0000 (00:52 -0400)]
remove (no longer useful) namespace-protected __mktemp symbol
Rich Felker [Fri, 2 Aug 2013 04:48:48 +0000 (00:48 -0400)]
make mkdtemp and mkstemp family leave template unchanged on fail
also refactor mkdtemp based on new shared temp code, removing
dependency on the deprecated mktemp, whose behavior made this logic
more difficult.
Rich Felker [Fri, 2 Aug 2013 01:44:43 +0000 (21:44 -0400)]
optimized memset asm for i386 and x86_64
the concept of both versions is the same; they differ only in details.
for long runs, they use "rep movsl" or "rep movsq", and for small
runs, they use a trick, writing from both ends towards the middle,
that reduces the number of branches needed. in addition, if memset is
called multiple times with the same length, all branches will be
predicted; there are no loops.
for larger runs, there are likely faster approaches than "rep", at
least on some cpu models. for 32-bit, it's unlikely that there is any
faster approach that does not require non-baseline instructions; doing
anything fancier would require inspecting cpu capabilities. for
64-bit, there may very well be faster versions that work on all
models; further optimization could be explored in the future.
with these changes, memset is anywhere between 50% faster and 6 times
faster, depending on the cpu model and the length and alignment of the
destination buffer.
Rich Felker [Thu, 1 Aug 2013 21:12:23 +0000 (17:12 -0400)]
work around gcc 4.8's generation of self-referential mem* functions at -O3
Rich Felker [Wed, 31 Jul 2013 19:19:39 +0000 (15:19 -0400)]
in pthread_getattr_np, use mremap rather than madvise to measure stack
the original motivation for this patch was that qemu (and possibly
other syscall emulators) nop out madvise, resulting in an infinite
loop. however, there is another benefit to this change: madvise may
actually undo an explicit madvise the application intended for its
stack, whereas the mremap operation is a true nop. the logic here is
that mremap must fail if it cannot resize the mapping in-place, and
the caller knows that it cannot resize in-place because it knows the
next page of virtual memory is already occupied.
Rich Felker [Wed, 31 Jul 2013 19:14:06 +0000 (15:14 -0400)]
fix theoretical out-of-bound access in dynamic linker
one of the arguments to memcmp may be shorter than the length l-3, and
memcmp is under no obligation not to access past the first byte that
differs. instead use strncmp which conveys the correct semantics. the
performance difference is negligible here and since the code is only
use for shared libc, both functions are already linked anyway.
Rich Felker [Wed, 31 Jul 2013 18:59:36 +0000 (14:59 -0400)]
prevent passing PT_INTERP name to dlopen from double-loading libc
the dev/inode for the main app and the dynamic linker ("interpreter")
are not available, so the subsequent checks don't work. in general we
don't want to make exact string matches to existing libraries prevent
loading new ones, since this breaks loading upgraded modules in
module-loading systems. so instead, special-case it.
the motivation for this fix is that calling dlopen on the names
returned by dl_iterate_phdr or walking the link map (obtained by
dlinfo) seem to be the only methods available to an application to
actually get a list of open dso handles.
Rich Felker [Wed, 31 Jul 2013 18:42:08 +0000 (14:42 -0400)]
add some sanity checks in dynamic loader code
reject elf files which are not ET_EXEC/ET_DYN type as bad exec format,
and reject ET_EXEC files when they cannot be loaded at the correct
address, since they are not relocatable at runtime. the main practical
benefit of this is to make dlopen of the main program fail rather than
producing an unsafe-to-use handle.
Rich Felker [Wed, 31 Jul 2013 18:05:41 +0000 (14:05 -0400)]
fix bug where read error was treated as success reading library headers
Rich Felker [Wed, 31 Jul 2013 04:04:10 +0000 (00:04 -0400)]
don't call null pointer if DT_INIT/DT_FINI are null
it's not clear to me why the linker even outputs these headers if they
are null, but apparently it does so. with the default startfiles, they
will never be null anyway, but this patch allows eliminating crti,
crtn, crtbegin, and crtend (leaving only crt1) if the toolchain is
using init_array/fini_array (or for a C-only, no-ctor environment).
Rich Felker [Tue, 30 Jul 2013 22:15:50 +0000 (18:15 -0400)]
add macros for new(ish) prctl commands
Rich Felker [Tue, 30 Jul 2013 17:04:31 +0000 (13:04 -0400)]
fix some prctl macros that were incorrectly copied into this file
Timo Teräs [Tue, 30 Jul 2013 13:14:56 +0000 (09:14 -0400)]
use separate sigaction buffers for old and new data
in signal() it is needed since __sigaction uses restrict in parameters
and sharing the buffer is technically an aliasing error. do the same
for the syscall, as at least qemu-user does not handle it properly.
Rich Felker [Mon, 29 Jul 2013 07:20:08 +0000 (03:20 -0400)]
release notes for 0.9.12
Rich Felker [Sun, 28 Jul 2013 15:30:42 +0000 (11:30 -0400)]
add missing erfcl wrapper for archs where long double is plain double
Rich Felker [Sun, 28 Jul 2013 07:41:01 +0000 (03:41 -0400)]
fix semantically incorrect use of LC_GLOBAL_LOCALE
LC_GLOBAL_LOCALE refers to the global locale, controlled by setlocale,
not the thread-local locale in effect which these functions should be
using. neither LC_GLOBAL_LOCALE nor 0 has an argument to the *_l
functions has behavior defined by the standard, but 0 is a more
logical choice for requesting the callee to lookup the current locale.
in the future I may move the current locale lookup the the caller (the
non-_l-suffixed wrapper).
at this point, all of the locale logic is dummied out, so no harm was
done, but it should at least avoid misleading usage.
Rich Felker [Sun, 28 Jul 2013 01:37:05 +0000 (21:37 -0400)]
fix indention-with-spaces
Rich Felker [Sat, 27 Jul 2013 21:47:03 +0000 (17:47 -0400)]
reorder strftime to eliminate the incorrect indention level
this change is in preparation for possibly adding support for the
field width and padding specifiers added in POSIX 2008.
Rich Felker [Sat, 27 Jul 2013 21:11:34 +0000 (17:11 -0400)]
add wrapper headers, with warnings, for various incorrect names under sys
also add a warning to the existing sys/poll.h. the warning is absent
from sys/dir.h because it is actually providing a slightly different
API to the program, and thus just replacing the #include directive is
not a valid fix to programs using this one.
Rich Felker [Sat, 27 Jul 2013 04:02:39 +0000 (00:02 -0400)]
a few more fixes for unistd/sysconf feature reporting
Rich Felker [Sat, 27 Jul 2013 03:07:54 +0000 (23:07 -0400)]
report presence of ADV and MSG options in unistd.h and sysconf
Rich Felker [Fri, 26 Jul 2013 19:51:28 +0000 (15:51 -0400)]
report that posix_spawn is supported in unistd.h and sysconf
Rich Felker [Fri, 26 Jul 2013 18:53:50 +0000 (14:53 -0400)]
add ABI symbols for strtol family functions
these odd names are actually generated by mess in glibc's stdlib.h, so
any glibc-linked program using strtol needs them to run against musl.
Rich Felker [Fri, 26 Jul 2013 18:41:12 +0000 (14:41 -0400)]
make ldd report the libc/dynamic linker itself
Rich Felker [Fri, 26 Jul 2013 18:25:51 +0000 (14:25 -0400)]
fix computation of entry point and main app phdrs when invoking via ldso
entry point was wrong for PIE. e_entry was being treated as an
absolute value, whereas it's actually relative to the load address
(which is zero for non-PIE).
phdr pointer was wrong for non-PIE. e_phoff was being treated as
load-address-relative, whereas it's actually a file offset in the ELF
file. in any case, map_library was already computing it correctly, and
the incorrect code in __dynlink was overwriting it with junk.
Rich Felker [Fri, 26 Jul 2013 07:10:11 +0000 (03:10 -0400)]
fix powerpc build breakage from dynamic linker path search changes
Rich Felker [Fri, 26 Jul 2013 05:49:14 +0000 (01:49 -0400)]
new mostly-C crt1 implementation
the only immediate effect of this commit is enabling PIE support on
some archs that did not previously have any Scrt1.s, since the
existing asm files for crt1 override this C code. so some of the
crt_arch.h files committed are only there for the sake of documenting
what their archs "would do" if they used the new C-based crt1.
the expectation is that new archs should use this new system rather
than using heavy asm for crt1. aside from being easier and less
error-prone, it also ensures that PIE support is available immediately
(since Scrt1.o is generated from the same C source, using -fPIC)
rather than having to be added as an afterthought in the porting
process.
Rich Felker [Thu, 25 Jul 2013 07:30:24 +0000 (03:30 -0400)]
fix undefined strcpy call in inet_ntop
source and dest arguments for strcpy cannot overlap, so memmove must
be used here. the length is already known from the above loop.
Rich Felker [Thu, 25 Jul 2013 07:20:02 +0000 (03:20 -0400)]
make inet_ntop format v4-mapped ipv6 addresses properly
based on a patch by orc. POSIX actually fails to specify the format of
the ntop conversion; presumably, any output that will correctly
round-trip back via the (well-specified) pton operation is acceptable.
the new behavior is much more convenient than the old, however.
this patch also affects getnameinfo, which is implemented in terms of
inet_ntop and which is the preferred interface for performing this
conversion.
I've also removed some inexplicable cruft (filling the buffer with 'x'
before doing anything) whose origin I was unable to track down.
Rich Felker [Thu, 25 Jul 2013 03:21:45 +0000 (23:21 -0400)]
do not include math modules in the default -O3 optimization set
it's not clear that -O3 helps them, and gcc seems to have floating
point optimization bugs that introduce additional failures when -O3 is
used on some of these files.
Rich Felker [Thu, 25 Jul 2013 03:17:21 +0000 (23:17 -0400)]
fix incorrect type for new si_call_addr in siginfo_t
apparently the original kernel commit's i386 version of siginfo.h
defined this field as unsigned int, but the asm-generic file always
had void *. unsigned int is obviously not a suitable type for an
address, in a non-arch-specific file, and glibc also has void * here,
so I think void * is the right type for it.
also fix redundant type specifiers.
Szabolcs Nagy [Thu, 25 Jul 2013 00:22:05 +0000 (00:22 +0000)]
add protocol families PF_IB and PF_VSOCK to socket.h
linux commit
8d36eb01da5d371feffa280e501377b5c450f5a5 (2013-05-29)
added PF_IB for InfiniBand
linux commit
d021c344051af91f42c5ba9fdedc176740cbd238 (2013-02-06)
added PF_VSOCK for VMware sockets
Szabolcs Nagy [Wed, 24 Jul 2013 23:56:13 +0000 (23:56 +0000)]
update siginfo according to linux headers
linux commit
a0727e8ce513fe6890416da960181ceb10fbfae6 (2012-04-12)
added siginfo fields for SIGSYS (seccomp uses it)
linux commit
ad5fa913991e9e0f122b021e882b0d50051fbdbc (2009-09-16)
added siginfo field and si_code values for SIGBUS (hwpoison signal)
Rich Felker [Wed, 24 Jul 2013 22:52:02 +0000 (18:52 -0400)]
rework langinfo code for ABI compat and for use by time code
Rich Felker [Wed, 24 Jul 2013 22:44:31 +0000 (18:44 -0400)]
update strxfrm/wcsxfrm for future LC_COLLATE support and ABI compat
Rich Felker [Wed, 24 Jul 2013 22:40:52 +0000 (18:40 -0400)]
add ABI compat aliases for a number of locale_t functions
Szabolcs Nagy [Wed, 24 Jul 2013 22:07:15 +0000 (22:07 +0000)]
add PTRACE_PEEKSIGINFO to ptrace.h
added in linux-v3.10 commit
84c751bd4aebbaae995fe32279d3dba48327bad4
using stdint.h types for the new ptrace_peeksiginfo_args struct
Szabolcs Nagy [Wed, 24 Jul 2013 21:41:43 +0000 (21:41 +0000)]
add if_ether.h constants ETH_P_802_3_MIN and ETH_P_BATMAN
see linux commits
4f99ad51292078cc47343c17d3870764588cff73 and
e5c5d22e8dcf7c2d430336cbf8e180bd38e8daf1
Szabolcs Nagy [Wed, 24 Jul 2013 21:29:17 +0000 (21:29 +0000)]
add CLOCK_TAI (and CLOCK_SGI_CYCLE) clock ids to time.h
added in linux-v3.10 commit
1ff3c9677bff7e468e0c487d0ffefe4e901d33f4
Szabolcs Nagy [Wed, 24 Jul 2013 21:23:22 +0000 (21:23 +0000)]
remove TCP_COOKIE_TRANSACTIONS from tcp.h
removed in linux-v3.10 in commit
1a2c6181c4a1922021b4d7df373bba612c3e5f04
Szabolcs Nagy [Wed, 24 Jul 2013 20:52:30 +0000 (20:52 +0000)]
add SO_SELECT_ERR_QUEUE to socket.h
introduced in linux-v3.10 commit
7d4c04fc170087119727119074e72445f2bb192b
Rich Felker [Wed, 24 Jul 2013 22:17:09 +0000 (18:17 -0400)]
prepare strcoll/wcscoll for LC_COLLATE support and add ABI symbols
Rich Felker [Wed, 24 Jul 2013 22:11:30 +0000 (18:11 -0400)]
add _l versions of strtod family functions, purely as aliases
this is a cheat since the _l versions take an extra argument, but
since these functions are only here for ABI purposes, it doesn't
really matter as long as the ABI matches. if the non-__-prefixed
versions are eventually made public, they should proabably be real
functions rather than hacks like this.
Rich Felker [Wed, 24 Jul 2013 22:05:27 +0000 (18:05 -0400)]
add __wcsftime_l symbol
unlike the strftime commit, this one is purely an ABI compatibility
issue. the previous version of the code would have worked just as well
with LC_TIME once LC_TIME support is added.
Rich Felker [Wed, 24 Jul 2013 21:58:31 +0000 (17:58 -0400)]
move strftime_l into strftime.c and add __-prefixed version
the latter is both for ABI purposes, and to facilitate eventually
adding LC_TIME support. it's also nice to eliminate an extra source
file.
Rich Felker [Wed, 24 Jul 2013 20:49:17 +0000 (16:49 -0400)]
make getaddrinfo with AF_UNSPEC and null host return both IPv4 and v6
based on a patch by orc, with indexing and flow control cleaned up a
little bit. this code is all going to be replaced at some point in the
near future.
Rich Felker [Wed, 24 Jul 2013 15:53:23 +0000 (11:53 -0400)]
support STB_GNU_UNIQUE symbol bindings in dynamic linker
these are needed for some C++ library binaries including most builds
of libstdc++. I'm not entirely clear on the rationale. this patch does
not implement any special semantics for them, but as far as I can
tell, no special treatment is needed in correctly-linked programs;
this binding seems to exist only for catching incorrectly-linked
programs.
Rich Felker [Wed, 24 Jul 2013 06:38:05 +0000 (02:38 -0400)]
move the dynamic linker's jmp_buf from static to automatic storage
this more than compensates for the size increase of jmp_buf, and
greatly reduces bss/data size on archs with huge jmp_buf.
Rich Felker [Wed, 24 Jul 2013 06:17:02 +0000 (02:17 -0400)]
change jmp_buf to share an underlying type and struct tag with sigjmp_buf
this is necessary to meet the C++ ABI target. alternatives were
considered to avoid the size increase for non-sig jmp_buf objects, but
they seemed to have worse properties. moreover, the relative size
increase is only extreme on x86[_64]; one way of interpreting this is
that, if the size increase from this patch makes jmp_buf use too much
memory, then the program was already using too much memory when built
for non-x86 archs.
Rich Felker [Wed, 24 Jul 2013 03:40:26 +0000 (23:40 -0400)]
remove redundant check in memalign
the case where mem was already aligned is handled earlier in the
function now.
Rich Felker [Wed, 24 Jul 2013 03:18:49 +0000 (23:18 -0400)]
fix heap corruption bug in memalign
this bug was caught by the new footer-corruption check in realloc and
free.
if the block returned by malloc was already aligned to the desired
alignment, memalign's logic to split off the misaligned head was
incorrect; rather than writing to a point inside the allocated block,
it was overwriting the footer of the previous block on the heap with
the value 1 (length 0 plus an in-use flag).
fortunately, the impact of this bug was fairly low. (this is probably
why it was not caught sooner.) due to the way the heap works, malloc
will never return a block whose previous block is free. (doing so would
be harmful because it would increase fragmentation with no benefit.)
the footer is actually not needed for in-use blocks, except that its
in-use bit needs to remain set so that it does not get merged with
free blocks, so there was no harm in it being set to 1 instead of the
correct value.
however, there is one case where this bug could have had an impact: in
multi-threaded programs, if another thread freed the previous block
after memalign's call to malloc returned, but before memalign
overwrote the previous block's footer, the resulting block in the free
list could be left in a corrupt state. I have not analyzed the impact
of this bad state and whether it could lead to more serious
malfunction.
Rich Felker [Tue, 23 Jul 2013 01:22:04 +0000 (21:22 -0400)]
enhance build process to allow selective -O3 optimization
the motivation for this patch is that the vast majority of libc is
code that does not benefit at all from optimizations, but that certain
components like string/memory operations can be major performance
bottlenecks.
at the same time, the old -falign-*=1 options are removed, since they
were only beneficial for avoiding bloat when global -O3 was used, and
in that case, they may have prevented some of the performance gains.
to be the most useful, this patch will need further tuning. in
particular, research is needed to determine which components should be
built with -O3 by default, and it may be desirable to remove the
hard-coded -O3 and instead allow more customization of the
optimization level used for selected modules.
Rich Felker [Tue, 23 Jul 2013 00:58:04 +0000 (20:58 -0400)]
undefine internal-use type macros at the end of alltypes.h
this patch is something of a compromise for a compatibility
regression discovered after the header refactoring: libtiff uses
_Int64 for its own use. this is absolutely wrong, invalid C, and
should not be supported, but it's also frustrating for users when code
that used to work suddenly breaks.
rather than leave the breakage in place or change musl internals to
accommodate broken software, I've found a change that makes the
problem go away and improves musl. by undefining these macros at the
end of alltypes.h, the temptation to use them in other headers is
removed. (for example, I almost used _Int64 in sys/types.h to define
u_int64_t rather than adding it back to alltypes.h.) by confining use
of these macros to alltypes.h, we keep it easy to go back and change
the implementation of alltypes later, if needed.
Rich Felker [Mon, 22 Jul 2013 21:02:03 +0000 (17:02 -0400)]
remove SIG_ATOMIC_MIN/MAX from stdint bits headers
i386 was done with the big commit but I missed the others
Rich Felker [Mon, 22 Jul 2013 20:40:35 +0000 (16:40 -0400)]
move register_t and u_int64_t (back) to alltypes
during the header refactoring, I had moved u_int64_t out of alltypes
under the assumption that we could just use long long everywhere.
however, it seems some broken applications make inconsistent mixed use
of u_int64_t and uint64_t, resulting in build errors when the
underlying type differs.
Rich Felker [Mon, 22 Jul 2013 19:45:28 +0000 (15:45 -0400)]
fix regression in size of nlink_t (broken stat struct) on x86_64
rather than moving nlink_t back to the arch-specific file, I've added
a macro _Reg defined to the canonical type for register-size values on
the arch. this is not the same as _Addr for (not-yet-supported)
32-on-64 pseudo-archs like x32 and mips n32, so a new macro was
needed.
Rich Felker [Mon, 22 Jul 2013 18:39:59 +0000 (14:39 -0400)]
make regoff_t and regex_t match C++ ABI
for regoff_t, it's impossible to match on 64-bit archs because glibc
defined the type in a non-conforming way. however this change makes
the type match on 32-bit archs.
Rich Felker [Mon, 22 Jul 2013 18:08:33 +0000 (14:08 -0400)]
disable legacy init/fini processing on ARM
since the old, poorly-thought-out musl approach to init/fini arrays on
ARM (when it was the only arch that needed them) was to put the code
in crti/crtn and have the legacy _init/_fini code run the arrays,
adding proper init/fini array support caused the arrays to get
processed twice on ARM. I'm not sure skipping legacy init/fini
processing is the best solution to the problem, but it works, and it
shouldn't break anything since the legacy init/fini system was never
used for ARM EABI.
Rich Felker [Mon, 22 Jul 2013 18:03:25 +0000 (14:03 -0400)]
make pthread_key_t unsigned to match ABI
Rich Felker [Mon, 22 Jul 2013 17:57:02 +0000 (13:57 -0400)]
make pthread attribute types structs, even when they just have one field
this change is to get the right tags for C++ ABI matching. it should
have no other effects.
Rich Felker [Mon, 22 Jul 2013 17:05:41 +0000 (13:05 -0400)]
change wint_t to unsigned
aside from the obvious C++ ABI purpose for this change, it also brings
musl into alignment with the compiler's idea of the definition of
wint_t (use in -Wformat), and makes the situation less awkward on ARM,
where wchar_t is unsigned.
internal code using wint_t and WEOF was checked against this change,
and while a few cases of storing WEOF into wchar_t were found, they
all seem to operate properly with the natural conversion from unsigned
to signed.
Rich Felker [Mon, 22 Jul 2013 15:22:36 +0000 (11:22 -0400)]
refactor headers, especially alltypes.h, and improve C++ ABI compat
the arch-specific bits/alltypes.h.sh has been replaced with a generic
alltypes.h.in and minimal arch-specific bits/alltypes.h.in.
this commit is intended to have no functional changes except:
- exposing additional symbols that POSIX allows but does not require
- changing the C++ name mangling for some types
- fixing the signedness of blksize_t on powerpc (POSIX requires signed)
- fixing the limit macros for sig_atomic_t on x86_64
- making dev_t an unsigned type (ABI matching goal, and more logical)
in addition, some types that were wrongly defined with long on 32-bit
archs were changed to int, and vice versa; this change is
non-functional except for the possibility of making pointer types
mismatch, and only affects programs that were using them incorrectly,
and only at build-time, not runtime.
the following changes were made in the interest of moving
non-arch-specific types out of the alltypes system and into the
headers they're associated with, and also will tend to improve
application compatibility:
- netdb.h now includes netinet/in.h (for socklen_t and uint32_t)
- netinet/in.h now includes sys/socket.h and inttypes.h
- sys/resource.h now includes sys/time.h (for struct timeval)
- sys/wait.h now includes signal.h (for siginfo_t)
- langinfo.h now includes nl_types.h (for nl_item)
for the types in stdint.h:
- types which are of no interest to other headers were moved out of
the alltypes system.
- fast types for 8- and 64-bit are hard-coded (at least for now); only
the 16- and 32-bit ones have reason to vary by arch.
and the following types have been changed for C++ ABI purposes;
- mbstate_t now has a struct tag, __mbstate_t
- FILE's struct tag has been changed to _IO_FILE
- DIR's struct tag has been changed to __dirstream
- locale_t's struct tag has been changed to __locale_struct
- pthread_t is defined as unsigned long in C++ mode only
- fpos_t now has a struct tag, _G_fpos64_t
- fsid_t's struct tag has been changed to __fsid_t
- idtype_t has been made an enum type (also required by POSIX)
- nl_catd has been changed from long to void *
- siginfo_t's struct tag has been removed
- sigset_t's has been given a struct tag, __sigset_t
- stack_t has been given a struct tag, sigaltstack
- suseconds_t has been changed to long on 32-bit archs
- [u]intptr_t have been changed from long to int rank on 32-bit archs
- dev_t has been made unsigned
summary of tests that have been performed against these changes:
- nsz's libc-test (diff -u before and after)
- C++ ABI check symbol dump (diff -u before, after, glibc)
- grepped for __NEED, made sure types needed are still in alltypes
- built gcc 3.4.6
Rich Felker [Sun, 21 Jul 2013 07:48:35 +0000 (03:48 -0400)]
remove init/fini array asm from arm crti/crtn files
this code has been replaced by portable C code that works on all
archs. the old asm needs to be removed or ctors/dtors will run twice.
Rich Felker [Sun, 21 Jul 2013 07:34:31 +0000 (03:34 -0400)]
remove __libc_csu_* cruft
these functions were mistakenly assumed to be needed to match glibc
ABI, but glibc has them as part of the non-shared part of libc that's
always statically linked into the main program. moreover, the only
place they are referenced from is glibc's crt1.o.
Rich Felker [Sun, 21 Jul 2013 07:00:54 +0000 (03:00 -0400)]
add support for init/fini array in main program, and greatly simplify
modern (4.7.x and later) gcc uses init/fini arrays, rather than the
legacy _init/_fini function pasting and crtbegin/crtend ctors/dtors
system, on most or all archs. some archs had already switched a long
time ago. without following this change, global ctors/dtors will cease
to work under musl when building with new gcc versions.
the most surprising part of this patch is that it actually reduces the
size of the init code, for both static and shared libc. this is
achieved by (1) unifying the handling main program and shared
libraries in the dynamic linker, and (2) eliminating the
glibc-inspired rube goldberg machine for passing around init and fini
function pointers. to clarify, some background:
the function signature for __libc_start_main was based on glibc, as
part of the original goal of being able to run some glibc-linked
binaries. it worked by having the crt1 code, which is linked into
every application, static or dynamic, obtain and pass pointers to the
init and fini functions, which __libc_start_main is then responsible
for using and recording for later use, as necessary. however, in
neither the static-linked nor dynamic-linked case do we actually need
crt1.o's help. with dynamic linking, all the pointers are available in
the _DYNAMIC block. with static linking, it's safe to simply access
the _init/_fini and __init_array_start, etc. symbols directly.
obviously changing the __libc_start_main function signature in an
incompatible way would break both old musl-linked programs and
glibc-linked programs, so let's not do that. instead, the function can
just ignore the information it doesn't need. new archs need not even
provide the useless args in their versions of crt1.o. existing archs
should continue to provide it as long as there is an interest in
having newly-linked applications be able to run on old versions of
musl; at some point in the future, this support can be removed.
Rich Felker [Sun, 21 Jul 2013 06:35:46 +0000 (02:35 -0400)]
fix order of fini_array execution for shared libs
Rich Felker [Sat, 20 Jul 2013 22:26:17 +0000 (18:26 -0400)]
add support for init_array/fini_array ctors/dtors to dynamic linker
Rich Felker [Sat, 20 Jul 2013 17:19:14 +0000 (13:19 -0400)]
fix shm_open wrongly being cancellable
Rich Felker [Sat, 20 Jul 2013 04:21:11 +0000 (00:21 -0400)]
fix uninitialized/stale use of alloc (%m modifier) flag in scanf
for conversion specifiers, alloc is always set when the specifier is
parsed. however, if scanf stops due to mismatching literal text,
either an uninitialized (if no conversions have been performed yet) or
stale (from the previous conversion) of the flag will be used,
possibly causing an invalid pointer to be passed to free when the
function returns.
Rich Felker [Sat, 20 Jul 2013 00:00:11 +0000 (20:00 -0400)]
harden realloc/free to detect simple overflows
the sizes in the header and footer for a chunk should always match. if
they don't, the program has definitely invoked undefined behavior, and
the most likely cause is a simple overflow, either of a buffer in the
block being freed or the one just below it.
crashing here should not only improve security of buggy programs, but
also aid in debugging, since the crash happens in a context where you
have a pointer to the likely-overflowed buffer.
Rich Felker [Fri, 19 Jul 2013 23:57:52 +0000 (19:57 -0400)]
add UIO_MAXIOV macro in sys/uio.h
while there's no POSIX namespace provision for UIO_* in uio.h, this
exact macro name is reserved in XBD 2.2.2. apparently some
glibc-centric software expects it to exist, so let's provide it.
Rich Felker [Fri, 19 Jul 2013 06:48:18 +0000 (02:48 -0400)]
improve [f]stat[v]fs functions, and possibly work around old kernels
the main aim of this patch is to ensure that if not all fields are
filled in, they contain zeros, so as not to confuse applications.
reportedly some older kernels, including commonly used openvz kernels,
lack the f_flags field, resulting in applications reading random junk
as the mount flags; the common symptom seems to be wrongly considering
the filesystem to be mounted read-only and refusing to operate. glibc
has some amazingly ugly fallback code to get the mount flags for old
kernels, but having them really is not that important anyway; what
matters most is not presenting incorrect flags to the application.
I have also aimed to fill in some fields of statvfs that were
previously missing, and added code to explicitly zero the reserved
space at the end of the structure, which will make things easier in
the future if this space someday needs to be used.
Rich Felker [Fri, 19 Jul 2013 05:34:28 +0000 (01:34 -0400)]
change uid_t, gid_t, and id_t to unsigned types
this change is both to fix one of the remaining type (and thus C++
ABI) mismatches with glibc/LSB and to allow use of the full range of
uid and gid values, if so desired.
passwd/group access functions were not prepared to deal with unsigned
values, so they too have been fixed with this commit.