Rich Felker [Tue, 16 Jun 2020 04:53:57 +0000 (00:53 -0400)]
only use memcpy realloc to shrink if an exact-sized free chunk exists
otherwise, shrink in-place. as explained in the description of commit
3e16313f8fe2ed143ae0267fd79d63014c24779f, the split here is valid
without holding split_merge_lock because all chunks involved are in
the in-use state.
Rich Felker [Tue, 16 Jun 2020 04:34:12 +0000 (00:34 -0400)]
fix memset overflow in oldmalloc race fix overhaul
commit
3e16313f8fe2ed143ae0267fd79d63014c24779f introduced this bug by
making the copy case reachable with n (new size) smaller than n0
(original size). this was left as the only way of shrinking an
allocation because it reduces fragmentation if a free chunk of the
appropriate size is available. when that's not the case, another
approach may be better, but any such improvement would be independent
of fixing this bug.
Rich Felker [Mon, 15 Jun 2020 22:59:59 +0000 (18:59 -0400)]
fix invalid use of access function in nftw
access always computes result with real ids not effective ones, so it
is not a valid means of determining whether the directory is readable.
instead, attempt to open it before reporting whether it's readable,
and then use fdopendir rather than opendir to open and read the
entries.
effort is made here to keep fd_limit behavior the same as before even
if it was not correct.
Rich Felker [Thu, 11 Jun 2020 04:12:48 +0000 (00:12 -0400)]
add fallback a_clz_32 implementation
some archs already have a_clz_32, used to provide a_ctz_32, but it
hasn't been mandatory because it's not used anywhere yet. mallocng
will need it, however, so add it now. it should probably be optimized
better, but doesn't seem to make a difference at present.
Rich Felker [Thu, 11 Jun 2020 02:05:03 +0000 (22:05 -0400)]
only disable aligned_alloc if malloc was replaced but it wasn't
it both malloc and aligned_alloc have been replaced but the internal
aligned_alloc still gets called, the replacement is a wrapper of some
sort. it's not clear if this usage should be officially supported, but
it's at least a plausibly interesting debugging usage, and easy to do.
it should not be relied upon unless it's documented as supported at
some later time.
Rich Felker [Thu, 11 Jun 2020 02:02:45 +0000 (22:02 -0400)]
have ldso track replacement of aligned_alloc
this is in preparation for improving behavior of malloc interposition.
Rich Felker [Thu, 11 Jun 2020 00:44:51 +0000 (20:44 -0400)]
reintroduce calloc elison of memset for direct-mmapped allocations
a new weak predicate function replacable by the malloc implementation,
__malloc_allzerop, is introduced. by default it's always false; the
default version will be used when static linking if the bump allocator
was used (in which case performance doesn't matter) or if malloc was
replaced by the application. only if the real internal malloc is
linked (always the case with dynamic linking) does the real version
get used.
if malloc was replaced dynamically, as indicated by __malloc_replaced,
the predicate function is ignored and conditional-memset is always
performed.
Rich Felker [Thu, 11 Jun 2020 00:42:54 +0000 (20:42 -0400)]
move __malloc_replaced to a top-level malloc file
it's not part of the malloc implementation but glue with musl dynamic
linker.
Rich Felker [Wed, 10 Jun 2020 23:41:27 +0000 (19:41 -0400)]
switch to a common calloc implementation
abstractly, calloc is completely malloc-implementation-independent;
it's malloc followed by memset, or as we do it, a "conditional memset"
that avoids touching fresh zero pages.
previously, calloc was kept separate for the bump allocator, which can
always skip memset, and the version of calloc provided with the full
malloc conditionally skipped the clearing for large direct-mmapped
allocations. the latter is a moderately attractive optimization, and
can be added back if needed. however, further consideration to make it
correct under malloc replacement would be needed.
commit
b4b1e10364c8737a632be61582e05a8d3acf5690 documented the
contract for malloc replacement as allowing omission of calloc, and
indeed that worked for dynamic linking, but for static linking it was
possible to get the non-clearing definition from the bump allocator;
if not for that, it would have been a link error trying to pull in
malloc.o.
the conditional-clearing code for the new common calloc is taken from
mal0_clear in oldmalloc, but drops the need to access actual page size
and just uses a fixed value of 4096. this avoids potentially needing
access to global data for the sake of an optimization that at best
marginally helps archs with offensively-large page sizes.
Rich Felker [Wed, 3 Jun 2020 23:22:12 +0000 (19:22 -0400)]
move oldmalloc to its own directory under src/malloc
this sets the stage for replacement, and makes it practical to keep
oldmalloc around as a build option for a while if that ends up being
useful.
only the files which are actually part of the implementation are
moved. memalign and posix_memalign are entirely generic. in theory
calloc could be pulled out too, but it's useful to have it tied to the
implementation so as to optimize out unnecessary memset when
implementation details make it possible to know the memory is already
clear.
Rich Felker [Wed, 3 Jun 2020 23:17:19 +0000 (19:17 -0400)]
move __expand_heap into malloc.c
this function is no longer used elsewhere, and moving it reduces the
number of source files specific to the malloc implementation.
Rich Felker [Wed, 3 Jun 2020 23:13:40 +0000 (19:13 -0400)]
rename memalign source file back to its proper name
Rich Felker [Wed, 3 Jun 2020 23:13:11 +0000 (19:13 -0400)]
rename aligned_alloc source file back to its proper name
Rich Felker [Wed, 3 Jun 2020 23:11:23 +0000 (19:11 -0400)]
reverse dependency order of memalign and aligned_alloc
this change eliminates the internal __memalign function and makes the
memalign and posix_memalign functions completely independent of the
malloc implementation, written portably in terms of aligned_alloc.
Rich Felker [Wed, 3 Jun 2020 23:07:38 +0000 (19:07 -0400)]
rename aligned_alloc source file
this is the first step of swapping the name of the actual
implementation to aligned_alloc while preserving history follow.
Rich Felker [Wed, 3 Jun 2020 22:51:21 +0000 (18:51 -0400)]
remove stale document from malloc src directory
this was an unfinished draft document present since the initial
check-in, that was never intended to ship in its current form. remove
it as part of reorganizing for replacement of the allocator.
Rich Felker [Wed, 3 Jun 2020 22:13:18 +0000 (18:13 -0400)]
rewrite bump allocator to fix corner cases, decouple from expand_heap
this affects the bump allocator used when static linking in programs
that don't need allocation metadata due to not using realloc, free,
etc.
commit
e3bc22f1eff87b8f029a6ab31f1a269d69e4b053 refactored the bump
allocator to share code with __expand_heap, used by malloc, for the
purpose of fixing the case (mainly nommu) where brk doesn't work.
however, the geometric growth behavior of __expand_heap is not
actually well-suited to the bump allocator, and can produce
significant excessive memory usage. in particular, by repeatedly
requesting just over the remaining free space in the current
mmap-allocated area, the total mapped memory will be roughly double
the nominal usage. and since the main user of the no-brk mmap fallback
in the bump allocator is nommu, this excessive usage is not just
virtual address space but physical memory.
in addition, even on systems with brk, having a unified size request
to __expand_heap without knowing whether the brk or mmap backend would
get used made it so the brk could be expanded twice as far as needed.
for example, with malloc(n) and n-1 bytes available before the current
brk, the brk would be expanded by n bytes rounded up to page size,
when expansion by just one page would have sufficed.
the new implementation computes request size separately for the cases
where brk expansion is being attempted vs using mmap, and also
performs individual mmap of large allocations without moving to a new
bump area and throwing away the rest of the old one. this greatly
reduces the need for geometric area size growth and limits the extent
to which free space at the end of one bump area might be unusable for
future allocations.
as a bonus, the resulting code size is somewhat smaller than the
combined old version plus __expand_heap.
Rich Felker [Wed, 3 Jun 2020 01:40:05 +0000 (21:40 -0400)]
move malloc_impl.h from src/internal to src/malloc
this reflects that it is no longer intended for consumption outside of
the malloc implementation.
Rich Felker [Wed, 3 Jun 2020 01:38:25 +0000 (21:38 -0400)]
move declaration of interfaces between malloc and ldso to dynlink.h
this eliminates consumers of malloc_impl.h outside of the malloc
implementation.
Rich Felker [Wed, 3 Jun 2020 00:21:48 +0000 (20:21 -0400)]
reformat clock_adjtime with always-true condition removed
Rich Felker [Wed, 3 Jun 2020 00:19:11 +0000 (20:19 -0400)]
always use time64 syscall first for clock_adjtime
clock_adjtime always returns the current clock setting in struct
timex, so it's always possible that the time64 version is needed.
Rich Felker [Wed, 3 Jun 2020 00:07:39 +0000 (20:07 -0400)]
fix broken time64 clock_adjtime
the 64-bit time code path used the wrong (time32) syscall. fortunately
this code path is not yet taken unless attempting to set a post-Y2038
time.
Rich Felker [Tue, 2 Jun 2020 21:37:14 +0000 (17:37 -0400)]
fix unbounded heap expansion race in malloc
this has been a longstanding issue reported many times over the years,
with it becoming increasingly clear that it could be hit in practice.
under concurrent malloc and free from multiple threads, it's possible
to hit usage patterns where unbounded amounts of new memory are
obtained via brk/mmap despite the total nominal usage being small and
bounded.
the underlying cause is that, as a fundamental consequence of keeping
locking as fine-grained as possible, the state where free has unbinned
an already-free chunk to merge it with a newly-freed one, but has not
yet re-binned the combined chunk, is exposed to other threads. this is
bad even with small chunks, and leads to suboptimal use of memory, but
where it really blows up is where the already-freed chunk in question
is the large free region "at the top of the heap". in this situation,
other threads momentarily see a state of having almost no free memory,
and conclude that they need to obtain more.
as far as I can tell there is no fix for this that does not harm
performance. the fix made here forces all split/merge of free chunks
to take place under a single lock, which also takes the place of the
old free_lock, being held at least momentarily at the time of free to
determine whether there are neighboring free chunks that need merging.
as a consequence, the pretrim, alloc_fwd, and alloc_rev operations no
longer make sense and are deleted. simplified merging now takes place
inline in free (__bin_chunk) and realloc.
as commented in the source, holding the split_merge_lock precludes any
chunk transition from in-use to free state. for the most part, it also
precludes change to chunk header sizes. however, __memalign may still
modify the sizes of an in-use chunk to split it into two in-use
chunks. arguably this should require holding the split_merge_lock, but
that would necessitate refactoring to expose it externally, which is a
mess. and it turns out not to be necessary, at least assuming the
existing sloppy memory model malloc has been using, because if free
(__bin_chunk) or realloc sees any unsynchronized change to the size,
it will also see the in-use bit being set, and thereby can't do
anything with the neighboring chunk that changed size.
Rich Felker [Tue, 2 Jun 2020 00:53:42 +0000 (20:53 -0400)]
suppress unwanted warnings when configuring with clang
coding style warnings enabled by default in clang have long been a
source of spurious questions/bug-reports. since clang provides a -w
that behaves differently from gcc's, and that lets us enable any
warnings we may actually want after turning them all off to start with
a clean slate, use it at configure time if clang is detected.
Rich Felker [Fri, 22 May 2020 21:45:47 +0000 (17:45 -0400)]
restore lock-skipping for processes that return to single-threaded state
the design used here relies on the barrier provided by the first lock
operation after the process returns to single-threaded state to
synchronize with actions by the last thread that exited. by storing
the intent to change modes in the same object used to detect whether
locking is needed, it's possible to avoid an extra (possibly costly)
memory load after the lock is taken.
Rich Felker [Fri, 22 May 2020 21:25:38 +0000 (17:25 -0400)]
cut down size of some libc struct members
these are all flags that can be single-byte values.
Rich Felker [Fri, 22 May 2020 03:32:45 +0000 (23:32 -0400)]
don't use libc.threads_minus_1 as relaxed atomic for skipping locks
after all but the last thread exits, the next thread to observe
libc.threads_minus_1==0 and conclude that it can skip locking fails to
synchronize with any changes to memory that were made by the
last-exiting thread. this can produce data races.
on some archs, at least x86, memory synchronization is unlikely to be
a problem; however, with the inline locks in malloc, skipping the lock
also eliminated the compiler barrier, and caused code that needed to
re-check chunk in-use bits after obtaining the lock to reuse a stale
value, possibly from before the process became single-threaded. this
in turn produced corruption of the heap state.
some uses of libc.threads_minus_1 remain, especially for allocation of
new TLS in the dynamic linker; otherwise, it could be removed
entirely. it's made non-volatile to reflect that the remaining
accesses are only made under lock on the thread list.
instead of libc.threads_minus_1, libc.threaded is now used for
skipping locks. the difference is that libc.threaded is permanently
true once an additional thread has been created. this will produce
some performance regression in processes that are mostly
single-threaded but occasionally creating threads. in the future it
may be possible to bring back the full lock-skipping, but more care
needs to be taken to produce a safe design.
Rich Felker [Fri, 22 May 2020 21:35:14 +0000 (17:35 -0400)]
reorder thread list unlink in pthread_exit after all locks
since the backend for LOCK() skips locking if single-threaded, it's
unsafe to make the process appear single-threaded before the last use
of lock.
this fixes potential unsynchronized access to a linked list via
__dl_thread_cleanup.
Rich Felker [Thu, 21 May 2020 17:06:21 +0000 (13:06 -0400)]
fix incorrect SIGSTKFLT on all mips archs
signal 7 is SIGEMT on Linux mips* ABI according to the man pages and
kernel. it's not clear where the wrong name came from but it dates
back to original mips commit.
Rich Felker [Thu, 21 May 2020 17:14:40 +0000 (13:14 -0400)]
handle possibility that SIGEMT replaces SIGSTKFLT in strsignal
presently all archs define SIGSTKFLT but this is not correct. change
strsignal as a prerequisite for fixing that.
Rich Felker [Tue, 19 May 2020 23:25:42 +0000 (19:25 -0400)]
fix return value of res_send, res_query on errors from nameserver
the internal __res_msend returns 0 on timeout without having obtained
any conclusive answer, but in this case has not filled in meaningful
anslen. res_send wrongly treated that as success, but returned a zero
answer length. any reasonable caller would eventually end up treating
that as an error when attempting to parse/validate it, but it should
just be reported as an error.
alternatively we could return the last-received inconclusive answer
(typically servfail), but doing so would require internal changes in
__res_msend. this may be considered later.
Rich Felker [Tue, 19 May 2020 23:11:16 +0000 (19:11 -0400)]
fix handling of errors resolving one of paired A+AAAA query
the old logic here likely dates back, at least in inspiration, to
before it was recognized that transient errors must not be allowed to
reflect the contents of successful results and must be reported to the
application.
here, the dns backend for getaddrinfo, when performing a paired query
for v4 and v6 addresses, accepted results for one address family even
if the other timed out. (the __res_msend backend does not propagate
error rcodes back to the caller, but continues to retry until timeout,
so other error conditions were not actually possible.)
this patch moves the checks to take place before answer parsing, and
performs them for each answer rather than only the answer to the first
query. if nxdomain is seen it's assumed to apply to both queries since
that's how dns semantics work.
Rich Felker [Tue, 19 May 2020 01:17:34 +0000 (21:17 -0400)]
set AD bit in dns queries, suppress for internal use
the AD (authenticated data) bit in outgoing dns queries is defined by
rfc3655 to request that the nameserver report (via the same bit in the
response) whether the result is authenticated by DNSSEC. while all
results returned by a DNSSEC conforming nameserver will be either
authenticated or cryptographically proven to lack DNSSEC protection,
for some applications it's necessary to be able to distinguish these
two cases. in particular, conforming and compatible handling of DANE
(TLSA) records requires enforcing them only in signed zones.
when the AD bit was first defined for queries, there were reports of
compatibility problems with broken firewalls and nameservers dropping
queries with it set. these problems are probably a thing of the past,
and broken nameservers are already unsupported. however, since there
is no use in the AD bit with the netdb.h interfaces, explicitly clear
it in the queries they make. this ensures that, even with broken
setups, the standard functions will work, and at most the res_*
functions break.
Rich Felker [Fri, 1 May 2020 01:36:43 +0000 (21:36 -0400)]
fix undefined behavior from signed overflow in strstr and memmem
unsigned char promotes to int, which can overflow when shifted left by
24 bits or more. this has been reported multiple times but then
forgotten. it's expected to be benign UB, but can trap when built with
explicit overflow catching (ubsan or similar). fix it now.
note that promotion to uint32_t is safe and portable even outside of
the assumptions usually made in musl, since either uint32_t has rank
at least unsigned int, so that no further default promotions happen,
or int is wide enough that the shift can't overflow. this is a
desirable property to have in case someone wants to reuse the code
elsewhere.
Rich Felker [Sun, 26 Apr 2020 20:47:49 +0000 (16:47 -0400)]
remove arm (32-bit) support for vdso clock_gettime
it's been reported that the vdso clock_gettime64 function on (32-bit)
arm is broken, producing erratic results that grow at a rate far
greater than one reported second per actual elapsed second. the vdso
function seems to have been added sometime between linux 5.4 and 5.6,
so if there's ever been a working version, it was only present for a
very short window.
it's not clear what the eventual upstream kernel solution will be, but
something needs to be done on the libc side so as not to be producing
binaries that seem to work on older/existing/lts kernels (which lack
the function and thus lack the bug) but will break fantastically when
moving to newer kernels.
hopefully vdso support will be added back soon, but with a new symbol
name or version from the kernel to allow continued rejection of broken
ones.
Rich Felker [Fri, 24 Apr 2020 14:35:01 +0000 (10:35 -0400)]
fix undefined behavior in wcsto[ld] family functions
analogous to commit
b287cd745c2243f8e5114331763a5a9813b5f6ee but for
the custom FILE stream type the wcstol and wcstod family use. __toread
could be used here as well, but there's a simple direct fix to make
the buffer pointers initially valid for subtraction, so just do that
to avoid pulling in stdio exit code in programs that don't use stdio.
Rich Felker [Sat, 18 Apr 2020 07:23:40 +0000 (03:23 -0400)]
fix sh fesetround failure to clear old mode
the sh version of fesetround or'd the new rounding mode onto the
control register without clearing the old rounding mode bits, making
changes sticky. this was the root cause of multiple test failures.
Rich Felker [Fri, 17 Apr 2020 20:18:07 +0000 (16:18 -0400)]
move __string_read into vsscanf source file
apparently this function was intended at some point to be used by
strto* family as well, and thus was put in its own file; however, as
far as I can tell, it's only ever been used by vsscanf. move it to the
same file to reduce the number of source files and external symbols.
Rich Felker [Fri, 17 Apr 2020 20:11:43 +0000 (16:11 -0400)]
remove spurious repeated semicolon in fmemopen
Rich Felker [Fri, 17 Apr 2020 20:10:28 +0000 (16:10 -0400)]
combine two calls to memset in fmemopen
this idea came up when I thought we might need to zero the UNGET
portion of buf as well, but it seems like a useful improvement even
when that turned out not to be necessary.
Rich Felker [Fri, 17 Apr 2020 19:31:16 +0000 (15:31 -0400)]
fix possible access to uninitialized memory in shgetc (via scanf)
shgetc sets up to be able to perform an "unget" operation without the
caller having to remember and pass back the character value, and for
this purpose used a conditional store idiom:
if (f->rpos[-1] != c) f->rpos[-1] = c
to make it safe to use with non-writable buffers (setup by the
sh_fromstring macro or __string_read with sscanf).
however, validity of this depends on the buffer space at rpos[-1]
being initialized, which is not the case under some conditions
(including at least unbuffered files and fmemopen ones).
whenever data was read "through the buffer", the desired character
value is already in place and does not need to be written. thus,
rather than testing for the absence of the value, we can test for
rpos<=buf, indicating that the last character read could not have come
from the buffer, and thereby that we have a "real" buffer (possibly of
zero length) with writable pushback (UNGET bytes) below it.
Rich Felker [Fri, 17 Apr 2020 17:46:57 +0000 (13:46 -0400)]
fix undefined behavior in scanf core
as reported/analyzed by Pascal Cuoq, the shlim and shcnt
macros/functions are called by the scanf core (vfscanf) with f->rpos
potentially null (if the FILE is not yet activated for reading at the
time of the call). in this case, they compute differences between a
null pointer (f->rpos) and a non-null one (f->buf), resulting in
undefined behavior.
it's unlikely that any observably wrong behavior occurred in practice,
at least without LTO, due to limits on what's visible to the compiler
from translation unit boundaries, but this has not been checked.
fix is simply ensuring that the FILE is activated for read mode before
entering the main scanf loop, and erroring out early if it can't be.
Alexander Monakov [Thu, 16 Jan 2020 20:58:13 +0000 (23:58 +0300)]
math: add x86_64 remquol
Alexander Monakov [Wed, 15 Jan 2020 15:42:46 +0000 (18:42 +0300)]
math: move x87-family fmod functions to C with inline asm
Alexander Monakov [Tue, 14 Jan 2020 20:36:44 +0000 (23:36 +0300)]
math: move x87-family remainder functions to C with inline asm
Alexander Monakov [Tue, 14 Jan 2020 11:53:38 +0000 (14:53 +0300)]
math: move x87-family rint functions to C with inline asm
Alexander Monakov [Sat, 11 Jan 2020 15:14:24 +0000 (18:14 +0300)]
math: move x87-family lrint functions to C with inline asm
Alexander Monakov [Fri, 10 Jan 2020 20:06:36 +0000 (23:06 +0300)]
math: move x86_64 (l)lrint(f) functions to C with inline asm
Alexander Monakov [Tue, 7 Jan 2020 12:53:03 +0000 (15:53 +0300)]
math: move i386 sqrt to C with inline asm
Alexander Monakov [Mon, 6 Jan 2020 17:31:47 +0000 (20:31 +0300)]
math: move i386 sqrtf to C with inline asm
Alexander Monakov [Mon, 6 Jan 2020 16:35:57 +0000 (19:35 +0300)]
math: move trivial x86-family sqrt functions to C with inline asm
Alexander Monakov [Mon, 6 Jan 2020 08:36:18 +0000 (11:36 +0300)]
math: move x87-family fabs functions to C with inline asm
Alexander Monakov [Sun, 5 Jan 2020 15:47:02 +0000 (18:47 +0300)]
math: move x86_64 fabs, fabsf to C with inline asm
Samuel Holland [Sat, 22 Feb 2020 22:01:13 +0000 (16:01 -0600)]
fix parsing offsets after long timezone names
TZ containg a timezone name with >TZNAME_MAX characters currently
breaks musl's timezone parsing. getname() stops after TZNAME_MAX
characters. getoff() will consume no characters (because the next
character is not a digit) and incorrectly return 0. Then, because
there are remaining alphabetic characters, __daylight == 1, and
dst_off == -3600.
getname() must consume the entire timezone name, even if it will not
fit in d/__tzname, so when it returns, s points to the offset digits.
Samuel Holland [Sat, 22 Feb 2020 22:01:12 +0000 (16:01 -0600)]
avoid out-of-bounds read for invalid quoted timezone
Parsing the timezone name must stop when reaching the null terminator.
In that case, there is no '>' to skip.
Alexander Monakov [Mon, 9 Mar 2020 18:32:16 +0000 (21:32 +0300)]
remove redundant condition in memccpy
Commit
d9bdfd164 ("fix memccpy to not access buffer past given size")
correctly added a check for 'n' nonzero, but made the pre-existing test
'*s==c' redundant: n!=0 implies *s==c. Remove the unnecessary check.
Reported by Alexey Izbyshev.
Fangrui Song [Sun, 8 Mar 2020 18:10:32 +0000 (11:10 -0700)]
ldso: remove redundant switch case for REL_NONE
as a result of commit
b6a6cd703ffefa6352249fb01f4da28d85d17306,
the REL_NONE case is now redundant.
Samuel Holland [Sat, 14 Mar 2020 05:31:40 +0000 (00:31 -0500)]
define MAP_SYNC on powerpc/powerpc64
Linux defines MAP_SYNC on powerpc and powerpc64 as of commit
22fcea6f85f2 ("mm: move MAP_SYNC to asm-generic/mman-common.h"),
so we can stop undefining it on those architectures.
Timo Teräs [Wed, 4 Mar 2020 09:27:01 +0000 (11:27 +0200)]
improve strerror speed
change the current O(n) lookup to O(1) based on the machinery
described in "How To Write Shared Libraries" (Appendix B).
Rich Felker [Fri, 13 Mar 2020 20:27:10 +0000 (16:27 -0400)]
fix corrupt sysvipc timestamps on 32-bit archs with old kernels
kernel commit
4693916846269d633a3664586650dbfac2c5562f (first included
in release v4.14) silently fixed a bug whereby the reserved space
(which was later used for high bits of time) in IPC_STAT structures
was left untouched rather than zeroed. this means that a caller that
wants to read the high bits needs to pre-zero the memory.
since it's not clear that these operations are permitted to modify the
destination buffer on failure, use a temp buffer and copy back to the
caller's buffer on success.
Rich Felker [Wed, 11 Mar 2020 23:02:52 +0000 (19:02 -0400)]
work around negated error code bug on some mips kernels
on all mips variants, Linux did (and maybe still does) have some
syscall return paths that wrongly return both the error flag in r7 and
a negated error code in r2. in particular this happened for at least
some causes of ENOSYS.
add an extra check to only negate the error code if it's positive to
begin with.
bug report and concept for patch by Andreas Dröscher.
Rich Felker [Wed, 11 Mar 2020 22:58:38 +0000 (18:58 -0400)]
remove useless mips syscall asm constraint, align style with mips64/n32
commit
4221f154ff29ab0d6be1e7beaa5ea2d1731bc58e added the r7
constraint apparently out of a misunderstanding of the breakage it was
addressing, and did so because the asm was in a shared macro used by
all the __syscallN inline functions. now "+r" is used in the output
section for the forms 4-argument and up, so having it in input is
redundant, and the forms with 0-3 arguments don't need it as an input
at all.
the r2 constraint is kept because without it most gcc versions (seems
to be all prior to 9.x) fail to honor the output register binding for
r2. this seems to be a variant of gcc bug #87733.
both the r7 and r2 input constraints look useless, but the r2 one was
a quiet workaround for gcc bug 87733, which affects all modern
versions prior to 9.x, so it's kept and documented.
Rich Felker [Wed, 11 Mar 2020 22:50:21 +0000 (18:50 -0400)]
revert mips (32-bit, o32) syscall asm clean-up due to regressions
exactly revert commit
604f8d3d8b08ee4f548de193050ef93a7753c2e0 which
was wrong; it caused a major regression on Linux versions prior to
2.6.36. old kernels did not properly preserve r2 across syscall
restart, and instead restarted with the instruction right before
syscall, imposing a contract that the previous instruction must load
r2 from an immediate or a register (or memory) not clobbered by the
syscall.
Rich Felker [Wed, 11 Mar 2020 22:43:11 +0000 (18:43 -0400)]
revert mips64/n32 syscall asm clean-up due to regressions
effectivly revert commit
ddc7c4f936c7a90781072f10dbaa122007e939d0
which was wrong; it caused a major regression on Linux versions prior
to 2.6.36. old kernels did not properly preserve r2 across syscall
restart, and instead restarted with the instruction right before
syscall, imposing a contract that the previous instruction must load
r2 from an immediate or a register (or memory) not clobbered by the
syscall.
since other changes were made since, including removal of the struct
stat conversion that was replaced by separate struct kstat, this is
not a direct revert, only a functional one.
the "0"(r2) input constraint added back seems useless/erroneous, but
without it most gcc versions (seems to be all prior to 9.x) fail to
honor the output register binding for r2. this seems to be a variant
of gcc bug #87733. further changes should be made later if a better
workaround is found, but this one has been working since 2012. it
seems this issue was encountered but misidentified then, when it
inspired commit
4221f154ff29ab0d6be1e7beaa5ea2d1731bc58e.
Rich Felker [Wed, 4 Mar 2020 17:33:35 +0000 (12:33 -0500)]
remove duplicate definitions of INET[6]_ADDRSTRLEN
these were leftover from early beginnings when arpa/inet.h was not
including netinet/in.h.
Rich Felker [Wed, 26 Feb 2020 15:09:32 +0000 (10:09 -0500)]
add PTHREAD_NULL
this is added for POSIX-future as the outcome of Austin Group issue
599. since it's in the reserved namespace for pthread.h, there are no
namespace considerations for adding it early.
Rich Felker [Sat, 22 Feb 2020 16:07:14 +0000 (11:07 -0500)]
use __socketcall to simplify socket()
commit
59324c8b0950ee94db846a50554183c845ede160 added __socketcall
analogous to __syscall, returning the negated error rather than
setting errno. use it to simplify the fallback path of socket(),
avoiding extern calls and access to errno.
Author: Rich Felker <dalias@aerifal.cx>
Date: Tue Jul 30 17:51:16 2019 -0400
make __socketcall analogous to __syscall, error-returning
Rich Felker [Sat, 22 Feb 2020 04:44:20 +0000 (23:44 -0500)]
remove wrap_write helper from vdprintf
this reverts commit
4ee039f3545976f9e3e25a7e5d7b58f1f2316dc3, which
added the helper as a hack to make vdprintf usable before relocation,
contingent on strong assumptions about the arch and tooling, back when
the dynamic linker did not have a real staged model for
self-relocation. since commit
f3ddd173806fd5c60b3f034528ca24542aecc5b9
this has been unnecessary and the function was just wasting size and
execution time.
Szabolcs Nagy [Mon, 20 Jan 2020 20:38:45 +0000 (20:38 +0000)]
math: fix sinh overflows in non-nearest rounding
The final rounding operation should be done with the correct sign
otherwise huge results may incorrectly get rounded to or away from
infinity in upward or downward rounding modes.
This affected sinh and sinhf which set the sign on the result after
a potentially overflowing mul. There may be other non-nearest rounding
issues, but this was a known long standing issue with large ulp error
(depending on how ulp is defined near infinity).
The fix should have no effect on sinh and sinhf performance but may
have a tiny effect on cosh and coshf.
Szabolcs Nagy [Sat, 18 Jan 2020 17:55:25 +0000 (17:55 +0000)]
math: fix __rem_pio2 in non-nearest rounding modes
Handle when after reduction |y| > pi/4+tiny. This happens in directed
rounding modes because the fast round to int code does not give the
nearest integer. In such cases the reduction may not be symmetric
between x and -x so e.g. cos(x)==cos(-x) may not hold (but polynomial
evaluation is not symmetric either with directed rounding so fixing
that would require more changes with bigger performance impact).
The fix only adds two predictable branches in nearest rounding mode,
simple ubenchmark does not show relevant performance regression in
nearest rounding mode.
The code could be improved: e.g reducing the medium size threshold
such that two step reduction is enough instead of three, and the
single precision case can avoid the issue by doing the round to int
differently, but this fix was kept minimal.
Rich Felker [Fri, 21 Feb 2020 00:37:02 +0000 (19:37 -0500)]
release 1.2.0
Rich Felker [Wed, 12 Feb 2020 22:23:29 +0000 (17:23 -0500)]
fix remaining direct use of stat syscalls outside fstatat.c
because struct stat is no longer assumed to correspond to the
structure used by the stat-family syscalls, it's not valid to make any
of these syscalls directly using a buffer of type struct stat.
commit
9493892021eac4edf1776d945bcdd3f7a96f6978 moved all logic around
this change for stat-family functions into fstatat.c, making the
others wrappers for it. but a few other direct uses of the syscall
were overlooked. the ones in tmpnam/tempnam are harmless since the
syscalls are just used to test for file existence. however, the uses
in fchmodat and __map_file depend on getting accurate file properties,
and these functions may actually have been broken one or more mips
variants due to removal of conversion hacks from syscall_arch.h.
as a low-risk fix, simply use struct kstat in place of struct stat in
the affected places.
Rich Felker [Thu, 6 Feb 2020 21:29:49 +0000 (16:29 -0500)]
remove i386 asm for single and double precision exp-family functions
these did not truncate excess precision in the return value. fixing
them looks like considerable work, and the current C code seems to
outperform them significantly anyway.
long double functions are left in place because they are not subject
to excess precision issues and probably better than the C code.
Rich Felker [Thu, 6 Feb 2020 21:24:03 +0000 (16:24 -0500)]
rename i386 exp.s to exp_ld.s
this commit is for the sake of reviewable history.
Rich Felker [Thu, 6 Feb 2020 18:29:45 +0000 (13:29 -0500)]
fix excess precision in return value of i386 log-family functions
Rich Felker [Thu, 6 Feb 2020 17:06:30 +0000 (12:06 -0500)]
fix excess precision in return value of i386 acos[f] and asin[f]
analogous to commit
1c9afd69051a64cf085c6fb3674a444ff9a43857 for
atan[2][f].
Rich Felker [Thu, 6 Feb 2020 16:34:54 +0000 (11:34 -0500)]
fix excess precision in return value of i386 atan[2][f]
for functions implemented in C, this is a requirement of C11 (F.6);
strictly speaking that text does not apply to standard library
functions, but it seems to be intended to apply to them, and C2x is
expected to make it a requirement.
failure to drop excess precision is particularly bad for inverse trig
functions, where a value with excess precision can be outside the
range of the function (entire range, or range for a particular
subdomain), breaking reasonable invariants a caller may expect.
Rich Felker [Wed, 5 Feb 2020 14:55:02 +0000 (09:55 -0500)]
remove legacy time32 timer[fd] syscalls from public syscall.h
this extends commit
5a105f19b5aae79dd302899e634b6b18b3dcd0d6, removing
timer[fd]_settime and timer[fd]_gettime. the timerfd ones are likely
to have been used in software that started using them before it could
rely on libc exposing functions.
Rich Felker [Wed, 5 Feb 2020 14:51:09 +0000 (09:51 -0500)]
remove further legacy time32 clock syscalls from public syscall.h
this extends commit
5a105f19b5aae79dd302899e634b6b18b3dcd0d6, removing
clock_settime, clock_getres, clock_nanosleep, and settimeofday.
Rich Felker [Wed, 5 Feb 2020 14:40:11 +0000 (09:40 -0500)]
fix incorrect results for catanf and catanl with some inputs
catan was fixed in
10e4bd3780050e75b72aac5d85c31816419bb17d but the
same bug in catanf and catanl was overlooked. the patch is completely
analogous.
Rich Felker [Tue, 4 Feb 2020 14:29:13 +0000 (09:29 -0500)]
move riscv64 register index constants to signal.h
under _GNU_SOURCE for namespace cleanliness, analogous to other archs.
the original placement in sys/reg.h seems not to have been motivated;
such a header isn't even present on other implementations.
Rich Felker [Thu, 30 Jan 2020 16:25:07 +0000 (11:25 -0500)]
remove legacy clock_gettime and gettimeofday from public syscall.h
some nontrivial number of applications have historically performed
direct syscalls for these operations rather than using the public
functions. such usage is invalid now that time_t is 64-bit and these
syscalls no longer match the types they are used with, and it was
already harmful before (by suppressing use of vdso).
since syscall() has no type safety, incorrect usage of these syscalls
can't be caught at compile-time. so, without manually inspecting or
running additional tools to check sources, the risk of such errors
slipping through is high.
this patch renames the syscalls on 32-bit archs to clock_gettime32 and
gettimeofday_time32, so that applications using the original names
will fail to build without being fixed.
note that there are a number of other syscalls that may also be unsafe
to use directly after the time64 switchover, but (1) these are the
main two that seem to be in widespread use, and (2) most of the others
continue to have valid usage with a null timeval/timespec argument, as
the argument is an optional timeout or similar.
Rich Felker [Wed, 29 Jan 2020 15:47:48 +0000 (10:47 -0500)]
fix misleading use of _POSIX_VDISABLE in sys/ttydefaults.h
_POSIX_VDISABLE is only visible if unistd.h has already been included,
so conditional use of it here makes no sense. the value is always 0
anyway; it does not vary.
Rich Felker [Wed, 29 Jan 2020 15:47:19 +0000 (10:47 -0500)]
fix unprotected macro argument in sys/ttydefaults.h
Alexander Monakov [Sat, 18 Jan 2020 16:15:16 +0000 (19:15 +0300)]
math/x32: correct lrintl.s for 32-bit long
Rich Felker [Sun, 26 Jan 2020 04:08:55 +0000 (23:08 -0500)]
move struct dirent to bits header, allow NAME_MAX to vary
this is not necessary for linux but is a simple, inexpensive change to
make that facilitates ports to systems where NAME_MAX needs to be
longer.
Luís Marques [Wed, 15 Jan 2020 13:24:41 +0000 (13:24 +0000)]
fix riscv64 a_cas inline asm operand sign extension
This patch adds an explicit cast to the int arguments passed to the
inline asm used in the RISC-V's implementation of `a_cas`, to ensure
that they are properly sign extended to 64 bits. They aren't
automatically sign extended by Clang, and GCC technically also doesn't
guarantee that they will be sign extended.
Will Dietz [Wed, 8 Jan 2020 19:20:44 +0000 (13:20 -0600)]
fix incorrect escaping in add-cfi.*.awk scripts
gawk 5 complains.
Andre McCurdy [Fri, 13 Sep 2019 18:44:31 +0000 (11:44 -0700)]
add thumb2 support to arm assembler memcpy
For Thumb2 compatibility, replace two instances of a single
instruction "orr with a variable shift" with the two instruction
equivalent. Neither of the replacements are in a performance critical
loop.
Rich Felker [Wed, 15 Jan 2020 21:15:49 +0000 (16:15 -0500)]
fix incorrect __hwcap seen in dynamic-linked __set_thread_area
the bug fixed in commit
b82cd6c78d812d38c31febba5a9e57dbaa7919c4 was
mostly masked on arm because __hwcap was zero at the point of the call
from the dynamic linker to __set_thread_area, causing the access to
libc.auxv to be skipped and kuser_helper versions of TLS access and
atomics to be used instead of the armv6 or v7 versions. however, on
kernels with kuser_helper removed for hardening it would crash.
since __set_thread_area potentially uses __hwcap, it must be
initialized before the function is called. move the AT_HWCAP lookup
from stage 3 to stage 2b.
Leah Neukirchen [Sat, 11 Jan 2020 19:16:59 +0000 (20:16 +0100)]
define RLIMIT_RTTIME, bump RLIMIT_NLIMITS
This macro exists since Linux 2.6.25 and is defined in glibc since 2011.
Rich Felker [Thu, 2 Jan 2020 01:02:51 +0000 (20:02 -0500)]
fix wcwidth wrongly returning 0 for most of planes 4 and up
commit
1b0ce9af6d2aa7b92edaf3e9c631cb635bae22bd introduced this bug
back in 2012 and it was never noticed, presumably since the affected
planes are essentially unused in Unicode.
Michael Forney [Tue, 19 Nov 2019 09:56:34 +0000 (01:56 -0800)]
unconditonally define alloca as __builtin_alloca
This enables alternative compilers, which may not define __GNUC__,
to implement alloca, which is still fairly widely used.
This is similar to how stdarg.h already works in musl; compilers must
implement __builtin_va_arg, there is no fallback definition.
Rich Felker [Wed, 1 Jan 2020 16:13:51 +0000 (11:13 -0500)]
update COPYRIGHT year
Rich Felker [Wed, 1 Jan 2020 16:10:07 +0000 (11:10 -0500)]
remove gratuitous aligned attribute from __ptrace_syscall_info
this change was discussed on the mailing list thread for the linux
uapi v5.3 patches, and submitted as a v2 patch, but overlooked when I
applied the patches much later.
revert commit
f291c09ec90e2514c954020e9b9bdb30e2adfc7f and apply the
v2 as submitted; the net change is just padding.
notes by Szabolcs Nagy follow:
compared to the linux uapi (and glibc) a padding is used instead of
aligned attribute for keeping the layout the same across targets, this
means the alignment of the struct may be different on some targets
(e.g. m68k where uint64_t is 2 byte aligned) but that should not affect
syscalls and this way the abi does not depend on nonstandard extensions.
Rich Felker [Wed, 1 Jan 2020 05:15:04 +0000 (00:15 -0500)]
fix fdpic regression in dynamic linker with overly smart compilers
at least gcc 9 broke execution of DT_INIT/DT_FINI for fdpic archs
(presently only sh) by recognizing that the stores to the
compound-literal function descriptor constructed to call them were
dead stores. there's no way to make a "may_alias function", so instead
launder the descriptor through an asm-statement barrier. in practice
just making the compound literal volatile seemed to have worked too,
but this should be less of a hack and more accurately convey the
semantics of what transformations are not valid.
Rich Felker [Wed, 1 Jan 2020 02:59:07 +0000 (21:59 -0500)]
fix crashing ldso on archs where __set_thread_area examines auxv
commit
1c84c99913bf1cd47b866ed31e665848a0da84a2 moved the call to
__init_tp above the initialization of libc.auxv, inadvertently
breaking archs where __set_thread_area examines auxv for the sake of
determining the TLS/atomic model needed at runtime. this broke armv6
and sh2.
Rich Felker [Wed, 1 Jan 2020 02:51:07 +0000 (21:51 -0500)]
move stage3_func typedef out of shared internal dynlink.h header
this interface contract is entirely internal to dynlink.c.
Szabolcs Nagy [Sun, 22 Dec 2019 12:31:44 +0000 (12:31 +0000)]
mips: add clone3 syscall numbers from linux v5.4
the syscall numbers were reserved in v5.3 but not wired up on mips, see
linux commit
0671c5b84e9e0a6d42d22da9b5d093787ac1c5f3
MIPS: Wire up clone3 syscall
Szabolcs Nagy [Sun, 22 Dec 2019 12:19:16 +0000 (12:19 +0000)]
mips: add hwcap bits from linux v5.4
mips application specific isa extensions were previously not exported
in hwcaps so userspace could not apply optimized code at runtime.
linux commit
38dffe1e4dde1d3174fdce09d67370412843ebb5
MIPS: elf_hwcap: Export userspace ASEs
projects / oweals / musl.git / log