simplify/refactor fflush and make fflush_unlocked an alias for fflush
previously, fflush_unlocked was an alias for an internal backend that
was called by fflush, either for its argument or in a loop for each
file if a null pointer was passed. since the logic for the latter was
in the main fflush function, fflush_unlocked crashed when passed a
null pointer, rather than flushing all open files. since
fflush_unlocked is not a standard function and has no specification,
it's not clear whether it should be expected to accept null pointers
like fflush does, but a reasonable argument could be made that it
should.
this patch eliminates the helper function, simplifying fflush, and
makes fflush_unlocked an alias for fflush, which is valid because the
two functions agree in their behavior in all cases where their
behavior is defined (the unlocked version has undefined behavior if
another thread could hold locks).
fix printf regression with alt-form octal, zero flag, and field width
commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another
issue, changed the logic for how alt-form octal adds the leading zero
to adjust the precision rather than using a prefix character. this
wrongly suppressed the zero flag by mimicing an explicit precision
given by the format string. switch back to using a prefix character.
based on bug report and patch by Dmitry V. Levin, but simplified.
Rich Felker [Tue, 30 Aug 2016 20:39:54 +0000 (16:39 -0400)]
restore _Noreturn to __assert_fail
this reverts commit 2c1f8fd5da3306fd7c8a2267467e44eb61f12dd4. without
the _Noreturn attribute, the compiler cannot use asserts to perform
reachability/range analysis. this leads to missed optimizations and
spurious warnings.
the original backtrace problem that prompted the removal of _Noreturn
was not clearly documented at the time, but it seems to happen only
when libc was built without -g, which also breaks many other
backtracing cases.
Szabolcs Nagy [Tue, 23 Aug 2016 19:47:53 +0000 (21:47 +0200)]
math: fix 128bit long double inverse trigonometric functions
there was a copy paste error that could cause large ulp errors
in atan2l, atanl, asinl and acosl on aarch64, mips64 and mipsn32.
(the implementation is from freebsd fdlibm, but the tail end
of the polynomial was wrong. 128 bit long double functions
are not yet tested so this went undetected.)
Szabolcs Nagy [Sat, 20 Aug 2016 19:04:31 +0000 (21:04 +0200)]
verify that ttyname refers to the same file as the fd
linux containers use separate mount namespace so the /proc
symlink might not point to the right device if the fd was
opened in the parent namespace, in this case return ENOENT.
Rich Felker [Thu, 11 Aug 2016 22:36:46 +0000 (18:36 -0400)]
fix pread/pwrite syscall calling convention on sh
despite sh not generally using register-pair alignment for 64-bit
syscall arguments, there are arch-specific versions of the syscall
entry points for pread and pwrite which include a dummy argument for
alignment before the 64-bit offset argument.
remove obsolete and unused gethostbyaddr implementation
this code was already under #if 0, but could be confusing if a reader
didn't notice that, and it's almost surely full of bugs and/or
inconsistencies with the current code that uses the gethostbyname2_r
backend.
add stdc-predef.h for library-level predefined macros
modern compilers (for gcc, versions 4.8 and later) automatically
pre-include <stdc-predef.h> to obtain the values of certain predefined
macros specified by ISO C but which reflect properties of the library
implementation, not just the compiler. provide values indicating that
wchar_t is Unicode-encoded and that Annex F (IEEE floating point) is
supported unless the compiler indicates otherwise.
improve abort fallback behavior when raising SIGABRT fails to terminate
these changes still do not yield a fully-conforming abort, but they
fix two known issues:
- per POSIX, termination via SIGKILL is not "abnormal", but both ISO C
and POSIX require abort to yield abnormal termination.
- raising SIGKILL fails to do anything to pid 1 in some containers.
now, the trapping instruction produced by a_crash() is expected to
produce abnormal termination, without the risk of invoking a signal
handler since SIGILL and SIGSEGV are blocked, and _Exit, which
contains an infinite loop analogous to the one being removed from
abort itself, is used as a last resort.
this implementation still fails to produce an exit status as if the
process terminated via SIGABRT in cases where SIGABRT is blocked or
ignored, but fixing that is not easy; the obvious pseudo-solutions all
have subtle race conditions where a concurrent fork or exec can expose
incorrect signal state.
Szabolcs Nagy [Wed, 20 Apr 2016 11:14:13 +0000 (13:14 +0200)]
add EM_OPENRISC again to elf.h
it was changed to EM_OR1K in 200d15479c0bc48471ee7b8e538ce33af990f82e
as that was meant to be the official name, but glibc and the latest
gabi spec still uses the EM_OPENRISC name:
http://www.sco.com/developers/gabi/latest/ch4.eheader.html
binutils defines both macros so we should do the same for backward
compatibility.
make brace placement in public header struct definitions consistent
placing the opening brace on the same line as the struct keyword/tag
is the style I prefer and seems to be the prevailing practice in more
recent additions.
add EXTA, EXTB, CIBAUD, CMSPAR, XCASE macros and hide them as well as
CBAUD, ECHOCTL, ECHOPRT, ECHOKE, FLUSHO, PENDIN in standard mode.
the new macros are both in glibc termios.h and in linux asm/termbits.h,
the later also contains IBSHIFT and BOTHER, those were not added.
these are not standard macros, but some of them are in the reserved
namespace so could be exposed, the ones which are not reserved are
CIBAUD, CMSPAR and XCASE (which was removed in issue 6), the rest
got hidden to be consistent with glibc.
Szabolcs Nagy [Sun, 3 Jul 2016 15:05:08 +0000 (17:05 +0200)]
remove mips and powerpc ioctls that are missing from linux uapi
mips and powerpc use their own asm/ioctls.h, not the asm-generic/ioctls.h
and they lack termiox macros that are available on other targets.
see kernel commit 1d65b4a088de407e99714fdc27862449db04fb5c
add consistent reserved fields in mips64/n32 termios structures
the (unused) speed fields were omitted when these ports were first
added (within this release cycle, so not present in any release yet)
in accordance with how glibc defines the structure on mips archs.
however their omission does not match existing musl practice/intent.
glibc provides its own, mostly-unified termios structure definition
and performs translation in userspace to match the kernel structure
for the arch, but has gratuitous differences on a few archs like mips,
presumably as a result of historical mistakes. some other libcs use
the kernel definitions directly. musl essentially does that, by
matching the kernel layout in the part of the structure the kernel
will read/write, but leaves additional space at the end for
extensibility. these are nominally the (nonstandard) speed fields and
(on most archs) extra c_cc elements, but since they are not used they
could be repurposed if there's ever a need.
fix posix_fadvise syscall args on powerpc, unify with arm fix
commit 6d38c9cf80f47623e5e48190046673bbd0dc410b provided an
arm-specific version of posix_fadvise to address the alternate
argument order the kernel expects on arm, but neglected to address
that powerpc (32-bit) has the same issue. instead of having arch
variant files in duplicate, simply put the alternate version in the
top-level file under the control of a macro defined in syscall_arch.h.
Rich Felker [Wed, 29 Jun 2016 15:54:03 +0000 (11:54 -0400)]
fix incorrect definition of RUSAGE_CHILDREN in sys/resource.h
the kernel ABI value for RUSAGE_CHILDREN is -1, not 1. the latter is
actually interpreted as RUSAGE_THREAD, to obtain values for just the
calling thread and not the whole process.
Rich Felker [Mon, 27 Jun 2016 19:18:13 +0000 (15:18 -0400)]
fix failure to obtain EOWNERDEAD status for process-shared robust mutexes
Linux's documentation (robust-futex-ABI.txt) claims that, when a
process dies with a futex on the robust list, bit 30 (0x40000000) is
set to indicate the status. however, what actually happens is that
bits 0-30 are replaced with the value 0x40000000, i.e. bits 0-29
(containing the old owner tid) are cleared at the same time bit 30 is
set.
our userspace-side code for robust mutexes was written based on that
documentation, assuming that kernel would never produce a futex value
of 0x40000000, since the low (owner) bits would always be non-zero.
commit d338b506e39b1e2c68366b12be90704c635602ce introduced this
assumption explicitly while fixing another bug in how non-recoverable
status for robust mutexes was tracked. presumably the tests conducted
at that time only checked non-process-shared robust mutexes, which are
handled in pthread_exit (which implemented the documented kernel
protocol, not the actual one) rather than by the kernel.
change pthread_exit robust list processing to match the kernel
behavior, clearing bits 0-29 while setting bit 30, and use the value
0x7fffffff instead of 0x40000000 to encode non-recoverable status. the
choice of value here is arbitrary; any value with at least one of bits
0-29 set should work just as well,
Rich Felker [Tue, 21 Jun 2016 20:33:14 +0000 (16:33 -0400)]
remove comments on copyright status from UTF-8 implementation files
despite clarifications made to the COPYRIGHT file in commit f0a61399330bae42beeb27d6ecd05570b3382a60, there continues to be
confusion about whether the permissions granted actually apply to all
files. I am the sole author of these files and clearly intend, and
have always intended, for the grant of permission to apply to them.
Rich Felker [Thu, 9 Jun 2016 17:42:06 +0000 (13:42 -0400)]
avoid padding gaps in struct sockaddr_storage
compilers are free not to copy, or in some cases to clobber, padding
bytes in a structure. while it's an aliasing violation, and thus
undefined behavior, to copy or manipulate other sockaddr types using
sockaddr_storage, it seems likely that traditional code attempts to do
so, and the original intent of the sockaddr_storage structure was
probably to allow such usage.
in the interest of avoiding silent and potentially dangerous breakage,
ensure that there are no actual padding bytes in sockaddr_storage by
moving and adjusting the size of the __ss_padding member so that it
fits exactly.
this change also removes a silent assumption that the alignment of
long is equal to its size.
SOL_* macros are now synced with linux socket.h which is not a uapi
header and glibc did not have the macros either, but that has changed
http://sourceware.org/ml/libc-alpha/2016-05/msg00322.html
Szabolcs Nagy [Thu, 26 May 2016 20:05:25 +0000 (22:05 +0200)]
add SO_CNX_ADVICE to sys/socket.h, new in linux v4.6
new socket option so application can give advice about routing
path quality of connected udp sockets, added in linux commit a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314
Rich Felker [Mon, 23 May 2016 22:19:11 +0000 (18:19 -0400)]
fix a64l undefined behavior on ILP32 archs, wrong results on LP64 archs
the difference of pointers is a signed type ptrdiff_t; if it is only
32-bit, left-shifting it by 30 bits produces undefined behavior. cast
the difference to an appropriate unsigned type, uint32_t, before
shifting to avoid this.
the a64l function is specified to return a signed 32-bit result in
type long. as noted in the bug report by Ed Schouten, converting
implicitly from uint32_t only produces the desired result when long is
a 32-bit type. since the computation has to be done in unsigned
arithmetic to avoid overflow, simply cast the result to int32_t.
further, POSIX leaves the behavior on invalid input unspecified but
not undefined, so we should not take the difference between the
potentially-null result of strchr and the base pointer without first
checking the result. the simplest behavior is just returning the
partial conversion already performed in this case, so do that.
Rich Felker [Sun, 22 May 2016 22:49:59 +0000 (18:49 -0400)]
fix undefined pointer arithmetic in CMSG_NXTHDR macro
previously, the only way the stopping condition could be met with
correct lengths in the headers invoked undefined behavior, adding
sizeof(struct cmsghdr) beyond the end of the cmsg buffer.
instead, compute and compare sizes rather than pointers.
Szabolcs Nagy [Sat, 21 May 2016 13:21:38 +0000 (15:21 +0200)]
fix the use of uninitialized value in regcomp
the num_submatches field of some ast nodes was not initialized in
tre_add_tag_{left,right}, but was accessed later.
this was a benign bug since the uninitialized values were never used
(these values are created during tre_add_tags and copied around during
tre_expand_ast where they are also used in computations, but nothing
in the final tnfa depends on them).
LeMay, Michael [Wed, 4 May 2016 03:29:42 +0000 (03:29 +0000)]
fix redundant processing of --build flag in configure script
The --build flag is listed in two case statement entries in configure,
which causes the second entry to be ignored. This patch removes it
from the first entry.
Signed-off-by: Michael LeMay <michael.lemay@intel.com>
Andrew Kelley [Wed, 4 May 2016 20:29:11 +0000 (13:29 -0700)]
fix incorrect protocol name and number for egp
previously if you called getprotobyname("egp") you would get
NULL because \008 is invalid octal and so the protocol id was
interpreted as 0 and name as "8egp".
follow standard configure behavior for cross compile prefix
the standard configure interface, which our configure script tries to
implement, identifies cross compiling (build != host) and searches for
the properly-prefixed cross tools. our script was not doing that,
forcing users to explicitly provide either CC or a CROSS_COMPILE tool
prefix, and the more common choice, just providing CC, was incomplete
because the Makefile would still invoke the native ar and ranlib
programs. this happened to work when building on ELF-based systems
with GNU binutils, but could easily fail when cross-compiling from
dissimilar systems.
like before, and like the standard configure behavior, an explicit CC
or CROSS_COMPILE variable on the command line or in the environment
overrides the automatic prefixing.
update COPYRIGHT file to clarify that permissions apply for all files
these changes are the outcome of a long mailing list thread that took
place March 2016, "musl licensing". among minor other issues,
prospective users were not confident that the whole-project MIT
license would grant permission for files to which the COPYRIGHT file
expressed a belief that copyright not apply, if it turned out that
these files were actually subject to copyright.
in accordance with the original intent of applying a permissive
license to the project, which was that license issues not be an
obstacle to use, the text which was causing confusion is removed. no
new claims of copyright are made, but new text is added to clarify
that the grant of permissions applies to all files, and an explicit
grant of permission to use public headers and crt files without
attribution has been made.
this patch was reviewed and approved by all substantial contributors
to the affected files: Bobby Bingham, John Spencer (rofl0r), Nicholas
J. Kain, Rich Felker, Richard Pennington, Stefan Kristiansson, and
Szabolcs Nagy.
commit 7e816a6487932cbb3cb71d94b609e50e81f4e5bf (version 1.1.11
release cycle) moved the code that performs wchar_t to multibyte
conversion across code that used the resulting length in bytes,
thereby breaking the unget buffer space check in ungetwc and
clobbering up to three bytes below the start of the buffer.
for allocated FILEs (all read-enabled FILEs except stdin), the
underflow clobbers at most the FILE-specific locale pointer. no stores
are performed through this pointer, but subsequent loads may result in
a crash or mismatching encoding rule (UTF-8 multibyte vs byte-based).
for stdin, the buffer lies in .bss and the underflow may clobber
another object. in practice, for libc.so the adjacent object seems to
be stderr's buffer, which is completely unused, but this could vary
with linking options, or when static linking.
applications which do not attempt to use more than one character of
ungetwc pushback, or which do not use ungetwc, are not affected.
fix thread structure/dtv-pointer corruption on powerpc
per the powerpc psabi, offset 4 of the stack at call time belongs to
the callee and is used for spilling lr (return address). in addition,
offset 0 on the stack must contain a pointer to the previous stack
frame, or a null pointer for the initial stack frame of a thread.
__clone failed to setup any stack frame on the new thread's stack,
thereby allowing the start function it called to clobber offset 4 of
the new thread's struct __pthread, which contains the dtv pointer.
add code to setup a proper stack frame and align the stack pointer to
a multiple of 16 (also an abi requirement) if it was not already
aligned.
mips32r6 and mips64r6 are actually new isas at both the asm source and
opcode levels (pre-r6 code cannot run on r6) and thus need to be
treated as a new subarch. the following changes are made, some of
which yield code generation improvements for non-r6 targets too:
- add subarch logic in configure script and reloc.h files for dynamic
linker name.
- suppress use of .set mips2 asm directives (used to allow mips2
atomic instructions on baseline mips1 builds; the kernel has to
emulate them on mips1) except when actually needed. they cause wrong
instruction encodings on r6, and pessimize inlining on at least some
compilers.
- only hard-code sync instruction encoding on mips1.
- use "ZC" constraint instead of "m" constraint for llsc memory
operands on r6, where the ll/sc instructions no longer accept full
16-bit offsets.
- only hard-code rdhwr instruction encoding with .word on targets
(pre-r2) where it may need trap-and-emulate by the kernel.
otherwise, just use the instruction mnemonic, and allow an arbitrary
destination register to be used.
fix read past end of haystack buffer for short needles in memmem
the two/three/four byte memmem specializations are not prepared to
handle haystacks shorter than the needle; they unconditionally read at
least up to the needle length and subtract from the haystack length.
if the haystack is shorter, the remaining haystack length underflows
and produces an unbounded search which will eventually either crash or
find a spurious match.
the top-level memmem function attempted to avoid this case already by
checking for haystack shorter than needle, but it failed to re-check
after using memchr to remove the maximal prefix not containing the
first byte of the needle.
Rich Felker [Wed, 30 Mar 2016 01:22:52 +0000 (21:22 -0400)]
fix regression disabling use of pause instruction for x86 a_spin
commits e24984efd5c6ac5ea8e6cb6cd914fa8435d458bc and 16b55298dc4b6a54d287d7494e04542667ef8861 inadvertently disabled the
a_spin implementations for i386, x86_64, and x32 by defining a macro
named a_pause instead of a_spin. this should not have caused any
functional regression, but it inhibited cpu relaxation while spinning
for locks.
Rich Felker [Tue, 29 Mar 2016 03:41:17 +0000 (23:41 -0400)]
fix undefined pointer comparison in stdio-internal __toread
the comparison f->wpos > f->buf has undefined behavior when f->wpos is
a null pointer, despite the intuition (and actual compiler behavior,
for all known compilers) being that NULL > ptr is false for all valid
pointers ptr.
the purpose of the comparison is to determine if the write buffer is
non-empty, and the idiom used elsewhere for that is comparison against
f->wbase, which is either a null pointer when not writing, or equal to
f->buf when writing. in the former case, both f->wpos and f->wbase are
null; in the latter they are both non-null and point into the same
array.
Szabolcs Nagy [Sat, 19 Mar 2016 12:37:37 +0000 (13:37 +0100)]
add MADV_FREE madvise command from linux v4.5
allows the os to free the marked pages lazily on memory pressure.
expected to increase malloc performance.
new in linux commit 854e9ed09dedf0c19ac8640e91bcc74bc3f9e5c9
Szabolcs Nagy [Sat, 19 Mar 2016 12:37:03 +0000 (13:37 +0100)]
add EPOLLEXCLUSIVE epoll flag from linux v4.5
new flag for exclusive wakeup mode when an event source fd is attached
to multiple epoll fds but they should not all receive the events.
new in linux commit df0108c5da561c66c333bb46bfe3c1fc65905898
Szabolcs Nagy [Sat, 19 Mar 2016 12:36:42 +0000 (13:36 +0100)]
add SO_ATTACH_REUSEPORT_[CE]BPF socket options from linux v4.5
new socket options for setting classic or extended BPF program
for sockets in a SO_REUSEPORT group. added in linux commit 538950a1b7527a0a52ccd9337e3fcd304f027f13