Accepting request 909816 from home:Andreas_Schwab:Factory

- Update to glibc 2.34
  Major new features:
  * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
    PTHREAD_STACK_MIN is no longer constant and is redefined to
    sysconf(_SC_THREAD_STACK_MIN)
  * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ
  * The dynamic linker implements the --list-diagnostics option, printing
    a dump of information related to IFUNC resolver operation and
    glibc-hwcaps subdirectory selection
  * On Linux, the function execveat has been added
  * The ISO C2X function timespec_getres has been added
  * The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO
    C2X, is supported to enable declarations of functions defined in Annex F
    of C2X
  * Add support for 64-bit time_t on configurations like x86 where time_t
    is traditionally 32-bit
  * The main gconv-modules file in glibc now contains only a small set of
    essential converter modules and the rest have been moved into a supplementary
    configuration file gconv-modules-extra.conf in the gconv-modules.d directory
    in the same GCONV_PATH
  * On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used
    to configure the size of the thread stack cache
  * The function _Fork has been added as an async-signal-safe fork replacement
    since Austin Group issue 62 droped the async-signal-safe requirement for
    fork (and it will be included in the future POSIX standard)
  * On Linux, the close_range function has been added
  * The function closefrom has been added
  * The posix_spawn_file_actions_closefrom_np function has been added, enabling
    posix_spawn and posix_spawnp to close all file descriptors great than or
    equal to a giver integer

OBS-URL: https://build.opensuse.org/request/show/909816
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=601
This commit is contained in:
Andreas Schwab 2021-08-02 14:53:08 +00:00 committed by Git OBS Bridge
parent 73b0bc57c8
commit a589b37fb7
18 changed files with 122 additions and 2137 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2e2556000e105dbd57f0b6b2a32ff2cf173bde4f0d85dffccfd8b7e51a0677ff
size 17031280

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAmAYVMMACgkQFnkrTqJT
QPhWfg//VIXR1NrrEU0ekkojS0C+yFpxElmNa3yQ2mGiDLYHyOW8tEbuHLIbmDvx
psOIKudL86+JzVX9PmO6dZ1AteG2S3wHzv8dw4w5BC3EtvQJBZz7pXwEV+1t3CYR
SQZ6o1HuN/zcPZ0hvUSsmIBcCrGCg8tCcgc6A5VzIZdXno+WrvnnGioXwLp8BT/q
ZtWPQCGNidyzIOg9RjXyXkVzElW3Ym6/4kM4VttOT0D2zJ1w3b5Cj07P8GkQY0i9
iqkMGFHiDlPczHiVzQ85qKiVB9mCM/HNPkAIZaoM4ZzceFvde3BAFsIOzFSPpLjz
bodG2Sk7C3hoF8d1I8MtcmKhZbw8L1J5pl9qXS1tTpJO5DVupkIxc1pE3kvm5SkS
WjSti2xIXwGtC7nPkJVXNt8oRGfF6dJXoFgGEIkiEUShVmjO5AZxXq0Vt+GQw69i
I8QkFJ1PRcNToP1ephBaUS2jLg2OjpO7iITPOhwxKY9C8d59I50p0Zg52RC2t23c
ZAm2p96kf4O1RfpcBvAkdgyytoAu/hUvsZT+A6sbSej5WbJEInKavDllHQsBz/sm
LgdiA4KeEaiuoKu+NzLY378ZmQ5Sr9vZ/FAprS3xcAJ7k/kr2/Fb43V3AFV8zI0H
1khHp7g5yyMZqNCSAT8MxHMHknRVb5wJ3dtp/nXH1TbsWZeUp4M=
=FTNO
-----END PGP SIGNATURE-----

3
glibc-2.34.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:44d26a1fe20b8853a48f470ead01e4279e869ac149b195dda4e44a195d981ab2
size 17301232

16
glibc-2.34.tar.xz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAmEHYusACgkQFnkrTqJT
QPjoWA//RsX2/6ZMZYfLgE9qFeDqhYZUMQje5L3/5BRHmWKSug5JOAodQv/6/r/a
SEA9vBwjJXcciE7ZspP8iNtuNpOu0OAvPemnCuUbw77q57h8LX+dDHs5BS9Km4CL
NWI0vUuI8P1ulXX5BELXWx5uUTz6SSmWh+VmpQ+/CZ4VXkrVp1YIaD6ZrzIUbvVC
yGOY1cRiT2kjc/E+FEI0YCSqmUqvf/dqPZaeM4H9z2RJW5eddOr0ruHJeEhjschV
XVqcMJ75UzuWQJjm/nrq3dWRm+ZAkMhXnm695zv9OD+BzXUvNrGxtM3838bFPFQw
WYXFnrNXSoHV5SCn8xTvJvhjw4uTo7HrA8QJOOvE9lKgyon3NdBgo6graZEWQYiF
dn2OYX0zj+bArj16+XlJ2jk1e+IkwDZdenQDuJjucR4e6uwnKUcuaAwtqKxL6MBq
1PYjINL7XFNsDwk9OZLjTCYIQsB3tHS9g3GsVhsX5fZGxa5ZzzyP69kaBMGjsQ4m
s/aYn0NWpv8MdUe/Nq0lUbMiChp3IIyIG0Zy14NihUH1tirj7odCxmG3qjR5DgUE
kCWJ5oSNJdrOE1vf3T2mIoN32epYGMedkNbWUtCqJc3LHe21dvPc7sdBUXgl0oJX
1X2axqrehtrhsfTyzvEfaoMNJfgtQoXEgkJyS3b1zdee3S/O5fA=
=/JWM
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,75 @@
-------------------------------------------------------------------
Mon Aug 2 09:38:46 UTC 2021 - Andreas Schwab <schwab@suse.de>
- Update to glibc 2.34
Major new features:
* When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
PTHREAD_STACK_MIN is no longer constant and is redefined to
sysconf(_SC_THREAD_STACK_MIN)
* Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ
* The dynamic linker implements the --list-diagnostics option, printing
a dump of information related to IFUNC resolver operation and
glibc-hwcaps subdirectory selection
* On Linux, the function execveat has been added
* The ISO C2X function timespec_getres has been added
* The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO
C2X, is supported to enable declarations of functions defined in Annex F
of C2X
* Add support for 64-bit time_t on configurations like x86 where time_t
is traditionally 32-bit
* The main gconv-modules file in glibc now contains only a small set of
essential converter modules and the rest have been moved into a supplementary
configuration file gconv-modules-extra.conf in the gconv-modules.d directory
in the same GCONV_PATH
* On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used
to configure the size of the thread stack cache
* The function _Fork has been added as an async-signal-safe fork replacement
since Austin Group issue 62 droped the async-signal-safe requirement for
fork (and it will be included in the future POSIX standard)
* On Linux, the close_range function has been added
* The function closefrom has been added
* The posix_spawn_file_actions_closefrom_np function has been added, enabling
posix_spawn and posix_spawnp to close all file descriptors great than or
equal to a giver integer
Deprecated and removed features, and other changes affecting compatibility:
* The function pthread_mutex_consistent_np has been deprecated
* The function pthread_mutexattr_getrobust_np has been deprecated
* The function pthread_mutexattr_setrobust_np has been deprecated
* The function pthread_yield has been deprecated
* The function inet_neta declared in <arpa/inet.h> has been deprecated
* Various rarely-used functions declared in <resolv.h> and
<arpa/nameser.h> have been deprecated
* The pthread cancellation handler is now installed with SA_RESTART and
pthread_cancel will always send the internal SIGCANCEL on a cancellation
request
* The symbols mallwatch and tr_break are now deprecated and no longer used in
mtrace
* The __morecore and __after_morecore_hook malloc hooks and the default
implementation __default_morecore have been removed from the API
* Debugging features in malloc such as the MALLOC_CHECK_ environment variable
(or the glibc.malloc.check tunable), mtrace() and mcheck() have now been
disabled by default in the main C library
* The deprecated functions malloc_get_state and malloc_set_state have been
moved from the core C library into libc_malloc_debug.so
* The deprecated memory allocation hooks __malloc_hook, __realloc_hook,
__memalign_hook and __free_hook are now removed from the API
Changes to build and runtime requirements:
* On Linux, the shm_open, sem_open, and related functions now expect the
file shared memory file system to be mounted at /dev/shm
Security related changes:
CVE-2021-27645: The nameserver caching daemon (nscd), when processing
a request for netgroup lookup, may crash due to a double-free,
potentially resulting in degraded service or Denial of Service on the
local system
CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask
- nss-database-check-reload.patch, nss-load-chroot.patch,
x86-isa-level.patch, nscd-netgroupcache.patch,
nss-database-lookup.patch, select-modify-timeout.patch,
nptl-db-libpthread-load-order.patch, rawmemchr-warning.patch,
tst-cpu-features-amx.patch, mq-notify-use-after-free.patch: Removed
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jun 11 11:42:10 UTC 2021 - Ludwig Nussel <lnussel@suse.de> Fri Jun 11 11:42:10 UTC 2021 - Ludwig Nussel <lnussel@suse.de>

View File

@ -1,3 +1,8 @@
Member GPG keyring of libc group.
Note that this keyring is not intended for checking releases of that group.
Use Group Release Keyring instead.
GPG keys of Andreas Schwab <schwab> GPG keys of Andreas Schwab <schwab>
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2 Version: GnuPG v2

View File

@ -1,5 +1,5 @@
# #
# spec file for package glibc%{name_suffix} # spec file
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
@ -131,10 +131,10 @@ BuildArch: i686
%define enablekernel 4.15 %define enablekernel 4.15
%endif %endif
Version: 2.33 Version: 2.34
Release: 0 Release: 0
%if !%{build_snapshot} %if !%{build_snapshot}
%define git_id 9826b03b74 %define git_id ae37d06c7d
%define libversion %version %define libversion %version
%else %else
%define git_id %(echo %version | sed 's/.*\.g//') %define git_id %(echo %version | sed 's/.*\.g//')
@ -246,26 +246,6 @@ Patch306: glibc-fix-double-loopback.diff
### ###
# Patches from upstream # Patches from upstream
### ###
# PATCH-FIX-UPSTREAM nsswitch: return result when nss database is locked (BZ #27343)
Patch1000: nss-database-check-reload.patch
# PATCH-FIX-UPSTREAM nss: Re-enable NSS module loading after chroot (BZ #27389)
Patch1001: nss-load-chroot.patch
# PATCH-FIX-UPSTREAM x86: Set minimum x86-64 level marker (BZ #27318)
Patch1002: x86-isa-level.patch
# PATCH-FIX-UPSTREAM nscd: Fix double free in netgroupcache (CVE-2021-27645, BZ #27462)
Patch1003: nscd-netgroupcache.patch
# PATCH-FIX-UPSTREAM nss: fix nss_database_lookup2's alternate handling (BZ #27416)
Patch1004: nss-database-lookup.patch
# PATCH-FIX-UPSTREAM linux: always update select timeout (BZ #27706)
Patch1005: select-modify-timeout.patch
# PATCH-FIX-UPSTREAM: nptl_db: Support different libpthread/ld.so load orders (BZ #27744)
Patch1006: nptl-db-libpthread-load-order.patch
# PATCH-FIX-UPSTREAM: string: Work around GCC PR 98512 in rawmemchr
Patch1007: rawmemchr-warning.patch
# PATCH-FIX-UPSTREAM: x86: tst-cpu-features-supports.c: Update AMX check
Patch1008: tst-cpu-features-amx.patch
# PATCH-FIX-UPSTREAM: Use __pthread_attr_copy in mq_notify (CVE-2021-33574, BZ #27896)
Patch1009: mq-notify-use-after-free.patch
### ###
# Patches awaiting upstream approval # Patches awaiting upstream approval
@ -474,17 +454,6 @@ makedb: A program to create a database for nss
%patch304 -p1 %patch304 -p1
%patch306 -p1 %patch306 -p1
%patch1000 -p1
%patch1001 -p1
%patch1002 -p1
%patch1003 -p1
%patch1004 -p1
%patch1005 -p1
%patch1006 -p1
%patch1007 -p1
%patch1008 -p1
%patch1009 -p1
%patch2000 -p1 %patch2000 -p1
%patch2001 -p1 %patch2001 -p1
@ -753,7 +722,7 @@ ln -s . %{buildroot}%{slibdir}/lp64d
%if %{build_main} %if %{build_main}
# We don't want to strip the .symtab from our libraries in find-debuginfo.sh, # We don't want to strip the .symtab from our libraries in find-debuginfo.sh,
# certainly not from libpthread.so.* because it is used by libthread_db to find # certainly not from libc.so.* because it is used by libthread_db to find
# some non-exported symbols in order to detect if threading support # some non-exported symbols in order to detect if threading support
# should be enabled. These symbols are _not_ exported, and we can't easily # should be enabled. These symbols are _not_ exported, and we can't easily
# export them retroactively without changing the ABI. So we have to # export them retroactively without changing the ABI. So we have to
@ -857,7 +826,7 @@ install -m 644 %{SOURCE21} %{buildroot}/usr/lib/systemd/system
%if 0%{?rtld_oldname:1} %if 0%{?rtld_oldname:1}
# Provide compatibility link # Provide compatibility link
ln -s %{slibdir}/ld-%{libversion}.so %{buildroot}%{rtlddir}/%{rtld_oldname} ln -s %{rtlddir}/%{rtld_name} %{buildroot}%{rtlddir}/%{rtld_oldname}
%endif %endif
# Move getconf to %{_libexecdir}/getconf/ to avoid cross device link # Move getconf to %{_libexecdir}/getconf/ to avoid cross device link
@ -894,22 +863,22 @@ ln -s %{_prefix}/share/misc/Makefile.makedb %{buildroot}/var/lib/misc/Makefile
# LSB # LSB
%ifarch %ix86 %ifarch %ix86
ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb.so.3 ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb.so.3
%endif %endif
%ifarch x86_64 %ifarch x86_64
ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-x86-64.so.3 ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-x86-64.so.3
%endif %endif
%ifarch ppc %ifarch ppc
ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc32.so.3 ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc32.so.3
%endif %endif
%ifarch ppc64 %ifarch ppc64
ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc64.so.3 ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-ppc64.so.3
%endif %endif
%ifarch s390 %ifarch s390
ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390.so.3 ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390.so.3
%endif %endif
%ifarch s390x %ifarch s390x
ln -sf %{slibdir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390x.so.3 ln -sf %{rtlddir}/%{rtld_name} $RPM_BUILD_ROOT%{slibdir}/ld-lsb-s390x.so.3
%endif %endif
%else %else
@ -920,10 +889,7 @@ make %{?_smp_mflags} install_root=%{buildroot} install -C cc-base \
subdirs='malloc debug elf' subdirs='malloc debug elf'
cd manpages; make install_root=%{buildroot} install; cd .. cd manpages; make install_root=%{buildroot} install; cd ..
# Remove unwanted files # Remove unwanted files
rm -f %{buildroot}%{slibdir}/ld*.so* %{buildroot}%{slibdir}/lib[!mp]* rm -f %{buildroot}%{rtlddir}/ld*.so* %{buildroot}%{slibdir}/lib[!mp]*
%if "%{rtlddir}" != "%{slibdir}"
rm -f %{buildroot}%{rtlddir}/ld*.so*
%endif
%if "%{_libdir}" != "%{slibdir}" %if "%{_libdir}" != "%{slibdir}"
rm -f %{buildroot}%{_libdir}/lib* rm -f %{buildroot}%{_libdir}/lib*
%else %else
@ -1063,11 +1029,7 @@ exit 0
%doc %{_mandir}/man1/getconf.1.gz %doc %{_mandir}/man1/getconf.1.gz
%doc %{_mandir}/man5/* %doc %{_mandir}/man5/*
%{slibdir}/ld-%{libversion}.so
%{slibdir}/%{rtld_name}
%if "%{rtlddir}" != "%{slibdir}"
%{rtlddir}/%{rtld_name} %{rtlddir}/%{rtld_name}
%endif
%if 0%{?rtld_oldname:1} %if 0%{?rtld_oldname:1}
%{rtlddir}/%{rtld_oldname} %{rtlddir}/%{rtld_oldname}
%endif %endif
@ -1083,42 +1045,26 @@ exit 0
%endif %endif
%endif %endif
%{slibdir}/libBrokenLocale-%{libversion}.so
%{slibdir}/libBrokenLocale.so.1 %{slibdir}/libBrokenLocale.so.1
%{slibdir}/libSegFault.so %{slibdir}/libSegFault.so
%{slibdir}/libanl-%{libversion}.so
%{slibdir}/libanl.so.1 %{slibdir}/libanl.so.1
%{slibdir}/libc-%{libversion}.so
%{slibdir}/libc.so.6* %{slibdir}/libc.so.6*
%{slibdir}/libdl-%{libversion}.so %{slibdir}/libc_malloc_debug.so.0
%{slibdir}/libdl.so.2* %{slibdir}/libdl.so.2*
%{slibdir}/libm-%{libversion}.so
%{slibdir}/libm.so.6* %{slibdir}/libm.so.6*
%ifarch x86_64 %ifarch x86_64
%{slibdir}/libmvec-%{libversion}.so
%{slibdir}/libmvec.so.1 %{slibdir}/libmvec.so.1
%endif %endif
%{slibdir}/libnsl-%{libversion}.so
%{slibdir}/libnsl.so.1 %{slibdir}/libnsl.so.1
%{slibdir}/libnss_compat-%{libversion}.so
%{slibdir}/libnss_compat.so.2 %{slibdir}/libnss_compat.so.2
%{slibdir}/libnss_db-%{libversion}.so
%{slibdir}/libnss_db.so.2 %{slibdir}/libnss_db.so.2
%{slibdir}/libnss_dns-%{libversion}.so
%{slibdir}/libnss_dns.so.2 %{slibdir}/libnss_dns.so.2
%{slibdir}/libnss_files-%{libversion}.so
%{slibdir}/libnss_files.so.2 %{slibdir}/libnss_files.so.2
%{slibdir}/libnss_hesiod-%{libversion}.so
%{slibdir}/libnss_hesiod.so.2 %{slibdir}/libnss_hesiod.so.2
%{slibdir}/libpthread-%{libversion}.so
%{slibdir}/libpthread.so.0 %{slibdir}/libpthread.so.0
%{slibdir}/libresolv-%{libversion}.so
%{slibdir}/libresolv.so.2 %{slibdir}/libresolv.so.2
%{slibdir}/librt-%{libversion}.so
%{slibdir}/librt.so.1 %{slibdir}/librt.so.1
%{slibdir}/libthread_db-1.0.so
%{slibdir}/libthread_db.so.1 %{slibdir}/libthread_db.so.1
%{slibdir}/libutil-%{libversion}.so
%{slibdir}/libutil.so.1 %{slibdir}/libutil.so.1
%dir %attr(0700,root,root) /var/cache/ldconfig %dir %attr(0700,root,root) /var/cache/ldconfig
%{rootsbindir}/ldconfig %{rootsbindir}/ldconfig
@ -1147,6 +1093,7 @@ exit 0
%dir %{_libdir}/gconv %dir %{_libdir}/gconv
%{_libdir}/gconv/*.so %{_libdir}/gconv/*.so
%{_libdir}/gconv/gconv-modules %{_libdir}/gconv/gconv-modules
%{_libdir}/gconv/gconv-modules.d
%attr(0644,root,root) %verify(not md5 size mtime) %ghost %{_libdir}/gconv/gconv-modules.cache %attr(0644,root,root) %verify(not md5 size mtime) %ghost %{_libdir}/gconv/gconv-modules.cache
%files locale %files locale
@ -1170,45 +1117,40 @@ exit 0
%{_libdir}/libBrokenLocale.so %{_libdir}/libBrokenLocale.so
%{_libdir}/libanl.so %{_libdir}/libanl.so
%{_libdir}/libc.so %{_libdir}/libc.so
%{_libdir}/libdl.so %{_libdir}/libc_malloc_debug.so
%{_libdir}/libm.so %{_libdir}/libm.so
%ifarch x86_64 %ifarch x86_64
%{_libdir}/libmvec.so %{_libdir}/libmvec.so
%endif %endif
%{_libdir}/libnss_compat.so %{_libdir}/libnss_compat.so
%{_libdir}/libnss_db.so %{_libdir}/libnss_db.so
%{_libdir}/libnss_dns.so
%{_libdir}/libnss_files.so
%{_libdir}/libnss_hesiod.so %{_libdir}/libnss_hesiod.so
%{_libdir}/libpthread.so
%{_libdir}/libresolv.so %{_libdir}/libresolv.so
%{_libdir}/librt.so
%{_libdir}/libthread_db.so %{_libdir}/libthread_db.so
%{_libdir}/libutil.so
# These static libraries are needed even for shared builds # These static libraries are needed even for shared builds
%{_libdir}/libc_nonshared.a %{_libdir}/libc_nonshared.a
%{_libdir}/libdl.a
%{_libdir}/libg.a %{_libdir}/libg.a
%ifarch ppc ppc64 ppc64le s390 s390x sparc sparcv8 sparcv9 sparcv9v %ifarch ppc ppc64 ppc64le s390 s390x sparc sparcv8 sparcv9 sparcv9v
# This is not built on sparc64. # This is not built on sparc64.
%{_libdir}/libnldbl_nonshared.a %{_libdir}/libnldbl_nonshared.a
%endif %endif
%{_libdir}/libmcheck.a %{_libdir}/libmcheck.a
%{_libdir}/libpthread.a
%{_libdir}/librt.a
%{_libdir}/libutil.a
%files devel-static %files devel-static
%defattr(-,root,root) %defattr(-,root,root)
%{_libdir}/libBrokenLocale.a %{_libdir}/libBrokenLocale.a
%{_libdir}/libanl.a %{_libdir}/libanl.a
%{_libdir}/libc.a %{_libdir}/libc.a
%{_libdir}/libdl.a
%{_libdir}/libm.a %{_libdir}/libm.a
%ifarch x86_64 %ifarch x86_64
%{_libdir}/libm-%{libversion}.a %{_libdir}/libm-%{libversion}.a
%{_libdir}/libmvec.a %{_libdir}/libmvec.a
%endif %endif
%{_libdir}/libpthread.a
%{_libdir}/libresolv.a %{_libdir}/libresolv.a
%{_libdir}/librt.a
%{_libdir}/libutil.a
%ifnarch i686 %ifnarch i686
%files info %files info

View File

@ -1,11 +1,11 @@
* elf/cache.c (save_cache): Use unique temporary name. * elf/cache.c (save_cache): Use unique temporary name.
(save_aux_cache): Likewise. (save_aux_cache): Likewise.
Index: glibc-2.29/elf/cache.c Index: glibc-2.34/elf/cache.c
=================================================================== ===================================================================
--- glibc-2.29.orig/elf/cache.c --- glibc-2.34.orig/elf/cache.c
+++ glibc-2.29/elf/cache.c +++ glibc-2.34/elf/cache.c
@@ -427,12 +427,12 @@ save_cache (const char *cache_name) @@ -716,12 +716,12 @@ save_cache (const char *cache_name)
/* Write out the cache. */ /* Write out the cache. */
/* Write cache first to a temporary file and rename it later. */ /* Write cache first to a temporary file and rename it later. */
@ -22,15 +22,7 @@ Index: glibc-2.29/elf/cache.c
if (fd < 0) if (fd < 0)
error (EXIT_FAILURE, errno, _("Can't create temporary cache file %s"), error (EXIT_FAILURE, errno, _("Can't create temporary cache file %s"),
temp_name); temp_name);
@@ -481,6 +481,7 @@ save_cache (const char *cache_name) @@ -1128,8 +1128,9 @@ save_aux_cache (const char *aux_cache_na
free (file_entries_new);
free (file_entries);
free (strings_finalized.strings);
+ free (temp_name);
while (entries)
{
@@ -804,8 +805,9 @@ save_aux_cache (const char *aux_cache_na
/* Write out auxiliary cache file. */ /* Write out auxiliary cache file. */
/* Write auxiliary cache first to a temporary file and rename it later. */ /* Write auxiliary cache first to a temporary file and rename it later. */
@ -42,7 +34,7 @@ Index: glibc-2.29/elf/cache.c
/* Check that directory exists and create if needed. */ /* Check that directory exists and create if needed. */
char *dir = strdupa (aux_cache_name); char *dir = strdupa (aux_cache_name);
@@ -819,8 +821,7 @@ save_aux_cache (const char *aux_cache_na @@ -1143,8 +1144,7 @@ save_aux_cache (const char *aux_cache_na
} }
/* Create file. */ /* Create file. */
@ -52,7 +44,7 @@ Index: glibc-2.29/elf/cache.c
if (fd < 0) if (fd < 0)
goto out_fail; goto out_fail;
@@ -840,5 +841,6 @@ save_aux_cache (const char *aux_cache_na @@ -1167,5 +1167,6 @@ save_aux_cache (const char *aux_cache_na
out_fail: out_fail:
/* Free allocated memory. */ /* Free allocated memory. */
free (temp_name); free (temp_name);

View File

@ -1,109 +0,0 @@
From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@linux-m68k.org>
Date: Thu, 27 May 2021 12:49:47 +0200
Subject: [PATCH 1/2] Use __pthread_attr_copy in mq_notify (bug 27896)
Make a deep copy of the pthread attribute object to remove a potential
use-after-free issue.
CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.
diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
index cc575a0cdd..f7ddfe5a6c 100644
--- a/sysdeps/unix/sysv/linux/mq_notify.c
+++ b/sysdeps/unix/sysv/linux/mq_notify.c
@@ -133,8 +133,11 @@ helper_thread (void *arg)
(void) __pthread_barrier_wait (&notify_barrier);
}
else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
- /* The only state we keep is the copy of the thread attributes. */
- free (data.attr);
+ {
+ /* The only state we keep is the copy of the thread attributes. */
+ pthread_attr_destroy (data.attr);
+ free (data.attr);
+ }
}
return NULL;
}
@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
if (data.attr == NULL)
return -1;
- memcpy (data.attr, notification->sigev_notify_attributes,
- sizeof (pthread_attr_t));
+ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
}
/* Construct the new request. */
@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
/* If it failed, free the allocated memory. */
if (__glibc_unlikely (retval != 0))
- free (data.attr);
+ {
+ pthread_attr_destroy (data.attr);
+ free (data.attr);
+ }
return retval;
}
--
2.31.1
From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 1 Jun 2021 17:51:41 +0200
Subject: [PATCH 2/2] Fix use of __pthread_attr_copy in mq_notify (bug 27896)
__pthread_attr_copy can fail and does not initialize the attribute
structure in that case.
If __pthread_attr_copy is never called and there is no allocated
attribute, pthread_attr_destroy should not be called, otherwise
there is a null pointer dereference in rt/tst-mqueue6.
Fixes commit 42d359350510506b87101cf77202fefcbfc790cb
("Use __pthread_attr_copy in mq_notify (bug 27896)").
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
index f7ddfe5a6c..6f46d29d1d 100644
--- a/sysdeps/unix/sysv/linux/mq_notify.c
+++ b/sysdeps/unix/sysv/linux/mq_notify.c
@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
if (data.attr == NULL)
return -1;
- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
+ int ret = __pthread_attr_copy (data.attr,
+ notification->sigev_notify_attributes);
+ if (ret != 0)
+ {
+ free (data.attr);
+ __set_errno (ret);
+ return -1;
+ }
}
/* Construct the new request. */
@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se);
/* If it failed, free the allocated memory. */
- if (__glibc_unlikely (retval != 0))
+ if (retval != 0 && data.attr != NULL)
{
pthread_attr_destroy (data.attr);
free (data.attr);
--
2.31.1

View File

@ -1,380 +0,0 @@
From a64afc225240b2b27129ccfb0516d7c958b98040 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 21 Apr 2021 11:50:43 +0200
Subject: [PATCH] nptl_db: Support different libpthread/ld.so load orders (bug
27744)
libthread_db is loaded once GDB encounters libpthread, and at this
point, ld.so may not have been processed by GDB yet. As a result,
_rtld_global cannot be accessed by regular means from libthread_db.
To make this work until GDB can be fixed, acess _rtld_global through
a pointer stored in libpthread.
The new test does not reproduce bug 27744 with
--disable-hardcoded-path-in-tests, but is still a valid smoke test.
With --enable-hardcoded-path-in-tests, it is necessary to avoid
add-symbol-file because this can tickle a GDB bug.
Fixes commit 1daccf403b1bd86370eb94edca794dc106d02039 ("nptl: Move
stack list variables into _rtld_global").
Tested-by: Emil Velikov <emil.velikov@collabora.com>
---
nptl/Makefile | 19 +++-
nptl/pthread_create.c | 8 ++
nptl/tst-pthread-gdb-attach-static.c | 1 +
nptl/tst-pthread-gdb-attach.c | 143 +++++++++++++++++++++++++++
nptl_db/structs.def | 3 +-
nptl_db/td_init.c | 15 +--
nptl_db/thread_dbP.h | 2 +
7 files changed, 180 insertions(+), 11 deletions(-)
create mode 100644 nptl/tst-pthread-gdb-attach-static.c
create mode 100644 nptl/tst-pthread-gdb-attach.c
Index: glibc-2.33/nptl/Makefile
===================================================================
--- glibc-2.33.orig/nptl/Makefile
+++ glibc-2.33/nptl/Makefile
@@ -294,7 +294,8 @@ tests = tst-attr2 tst-attr3 tst-default-
tst-thread-affinity-sched \
tst-pthread-defaultattr-free \
tst-pthread-attr-sigmask \
- tst-pthread-timedlock-lockloop
+ tst-pthread-timedlock-lockloop \
+ tst-pthread-gdb-attach tst-pthread-gdb-attach-static
tests-container = tst-pthread-getattr
@@ -344,6 +345,22 @@ CPPFLAGS-test-cond-printers.c := $(CFLAG
CPPFLAGS-test-rwlockattr-printers.c := $(CFLAGS-printers-tests)
CPPFLAGS-test-rwlock-printers.c := $(CFLAGS-printers-tests)
+# Reuse the CFLAGS setting for the GDB attaching test. It needs
+# debugging information.
+CFLAGS-tst-pthread-gdb-attach.c := $(CFLAGS-printers-tests)
+CPPFLAGS-tst-pthread-gdb-attach.c := $(CFLAGS-printers-tests)
+ifeq ($(build-shared)$(build-hardcoded-path-in-tests),yesno)
+CPPFLAGS-tst-pthread-gdb-attach.c += -DDO_ADD_SYMBOL_FILE=1
+else
+CPPFLAGS-tst-pthread-gdb-attach.c += -DDO_ADD_SYMBOL_FILE=0
+endif
+CFLAGS-tst-pthread-gdb-attach-static.c := $(CFLAGS-printers-tests)
+CPPFLAGS-tst-pthread-gdb-attach-static.c := \
+ $(CFLAGS-printers-tests) -DDO_ADD_SYMBOL_FILE=0
+# As of version 9.2, GDB cannot attach properly to PIE programs that
+# were launched with an explicit ld.so invocation.
+tst-pthread-gdb-attach-no-pie = yes
+
ifeq ($(build-shared),yes)
tests-printers-libs := $(shared-thread-library)
else
@@ -415,7 +432,8 @@ link-libc-static := $(common-objpfx)libc
tests-static += tst-stackguard1-static \
tst-cancel24-static \
tst-mutex8-static tst-mutexpi8-static tst-sem11-static \
- tst-sem12-static tst-cond11-static
+ tst-sem12-static tst-cond11-static \
+ tst-pthread-gdb-attach-static
tests += tst-cancel24-static
Index: glibc-2.33/nptl/pthread_create.c
===================================================================
--- glibc-2.33.orig/nptl/pthread_create.c
+++ glibc-2.33/nptl/pthread_create.c
@@ -51,6 +51,14 @@ static td_thr_events_t __nptl_threads_ev
/* Pointer to descriptor with the last event. */
static struct pthread *__nptl_last_event __attribute_used__;
+#ifdef SHARED
+/* This variable is used to access _rtld_global from libthread_db. If
+ GDB loads libpthread before ld.so, it is not possible to resolve
+ _rtld_global directly during libpthread initialization. */
+static struct rtld_global *__nptl_rtld_global __attribute_used__
+ = &_rtld_global;
+#endif
+
/* Number of threads running. */
unsigned int __nptl_nthreads = 1;
Index: glibc-2.33/nptl/tst-pthread-gdb-attach-static.c
===================================================================
--- /dev/null
+++ glibc-2.33/nptl/tst-pthread-gdb-attach-static.c
@@ -0,0 +1 @@
+#include "tst-pthread-gdb-attach.c"
Index: glibc-2.33/nptl/tst-pthread-gdb-attach.c
===================================================================
--- /dev/null
+++ glibc-2.33/nptl/tst-pthread-gdb-attach.c
@@ -0,0 +1,217 @@
+/* Smoke testing GDB process attach with thread-local variable access.
+ Copyright (C) 2021 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* This test runs GDB against a forked copy of itself, to check
+ whether libthread_db can be loaded, and that access to thread-local
+ variables works. */
+
+#include <elf.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/support.h>
+#include <support/temp_file.h>
+#include <support/test-driver.h>
+#include <support/xstdio.h>
+#include <support/xthread.h>
+#include <support/xunistd.h>
+#include <unistd.h>
+
+/* Starts out as zero, changed to 1 or 2 by the debugger, depending on
+ the thread. */
+__thread volatile int altered_by_debugger;
+
+/* Common prefix between 32-bit and 64-bit ELF. */
+struct elf_prefix
+{
+ unsigned char e_ident[EI_NIDENT];
+ uint16_t e_type;
+ uint16_t e_machine;
+ uint32_t e_version;
+};
+_Static_assert (sizeof (struct elf_prefix) == EI_NIDENT + 8,
+ "padding in struct elf_prefix");
+
+/* Reads the ELF header from PATH. Returns true if the header can be
+ read, false if the file is too short. */
+static bool
+read_elf_header (const char *path, struct elf_prefix *elf)
+{
+ int fd = xopen (path, O_RDONLY, 0);
+ bool result = read (fd, elf, sizeof (*elf)) == sizeof (*elf);
+ xclose (fd);
+ return result;
+}
+
+/* Searches for "gdb" alongside the path variable. See execvpe. */
+static char *
+find_gdb (void)
+{
+ const char *path = getenv ("PATH");
+ if (path == NULL)
+ return NULL;
+ while (true)
+ {
+ const char *colon = strchrnul (path, ':');
+ char *candidate = xasprintf ("%.*s/gdb", (int) (colon - path), path);
+ if (access (candidate, X_OK) == 0)
+ return candidate;
+ free (candidate);
+ if (*colon == '\0')
+ break;
+ path = colon + 1;
+ }
+ return NULL;
+}
+
+/* Writes the GDB script to run the test to PATH. */
+static void
+write_gdbscript (const char *path, int tested_pid)
+{
+ FILE *fp = xfopen (path, "w");
+ fprintf (fp,
+ "set trace-commands on\n"
+ "set debug libthread-db 1\n"
+#if DO_ADD_SYMBOL_FILE
+ /* Do not do this unconditionally to work around a GDB
+ assertion failure: ../../gdb/symtab.c:6404:
+ internal-error: CORE_ADDR get_msymbol_address(objfile*,
+ const minimal_symbol*): Assertion `(objf->flags &
+ OBJF_MAINLINE) == 0' failed. */
+ "add-symbol-file %1$s/nptl/tst-pthread-gdb-attach\n"
+#endif
+ "set auto-load safe-path %1$s/nptl_db\n"
+ "set libthread-db-search-path %1$s/nptl_db\n"
+ "attach %2$d\n",
+ support_objdir_root, tested_pid);
+ fputs ("break debugger_inspection_point\n"
+ "continue\n"
+ "thread 1\n"
+ "print altered_by_debugger\n"
+ "print altered_by_debugger = 1\n"
+ "thread 2\n"
+ "print altered_by_debugger\n"
+ "print altered_by_debugger = 2\n"
+ "continue\n",
+ fp);
+ xfclose (fp);
+}
+
+/* The test sets a breakpoint on this function and alters the
+ altered_by_debugger thread-local variable. */
+void __attribute__ ((weak))
+debugger_inspection_point (void)
+{
+}
+
+/* Thread function for the test thread in the subprocess. */
+static void *
+subprocess_thread (void *closure)
+{
+ /* Wait until altered_by_debugger changes the value away from 0. */
+ while (altered_by_debugger == 0)
+ {
+ usleep (100 * 1000);
+ debugger_inspection_point ();
+ }
+
+ TEST_COMPARE (altered_by_debugger, 2);
+ return NULL;
+}
+
+/* This function implements the subprocess under test. It creates a
+ second thread, waiting for its value to change to 2, and checks
+ that the main thread also changed its value to 1. */
+static void
+in_subprocess (void)
+{
+ pthread_t thr = xpthread_create (NULL, subprocess_thread, NULL);
+ TEST_VERIFY (xpthread_join (thr) == NULL);
+ TEST_COMPARE (altered_by_debugger, 1);
+ _exit (0);
+}
+
+static int
+do_test (void)
+{
+ char *gdb_path = find_gdb ();
+ if (gdb_path == NULL)
+ FAIL_UNSUPPORTED ("gdb command not found in PATH: %s", getenv ("PATH"));
+
+ /* Check that libthread_db is compatible with the gdb architecture
+ because gdb loads it via dlopen. */
+ {
+ char *threaddb_path = xasprintf ("%s/nptl_db/libthread_db.so",
+ support_objdir_root);
+ struct elf_prefix elf_threaddb;
+ TEST_VERIFY_EXIT (read_elf_header (threaddb_path, &elf_threaddb));
+ struct elf_prefix elf_gdb;
+ /* If the ELF header cannot be read or "gdb" is not an ELF file,
+ assume this is a wrapper script that can run. */
+ if (read_elf_header (gdb_path, &elf_gdb)
+ && memcmp (&elf_gdb, ELFMAG, SELFMAG) == 0)
+ {
+ if (elf_gdb.e_ident[EI_CLASS] != elf_threaddb.e_ident[EI_CLASS])
+ FAIL_UNSUPPORTED ("GDB at %s has wrong class", gdb_path);
+ if (elf_gdb.e_ident[EI_DATA] != elf_threaddb.e_ident[EI_DATA])
+ FAIL_UNSUPPORTED ("GDB at %s has wrong data", gdb_path);
+ if (elf_gdb.e_machine != elf_threaddb.e_machine)
+ FAIL_UNSUPPORTED ("GDB at %s has wrong machine", gdb_path);
+ }
+ free (threaddb_path);
+ }
+
+ pid_t tested_pid = xfork ();
+ if (tested_pid == 0)
+ in_subprocess ();
+ char *tested_pid_string = xasprintf ("%d", tested_pid);
+
+ char *gdbscript;
+ xclose (create_temp_file ("tst-pthread-gdb-attach-", &gdbscript));
+ write_gdbscript (gdbscript, tested_pid);
+
+ pid_t gdb_pid = xfork ();
+ if (gdb_pid == 0)
+ {
+ xdup2 (STDOUT_FILENO, STDERR_FILENO);
+ execl (gdb_path, "gdb", "-nx", "-batch", "-x", gdbscript, NULL);
+ if (errno == ENOENT)
+ _exit (EXIT_UNSUPPORTED);
+ else
+ _exit (1);
+ }
+
+ int status;
+ TEST_COMPARE (xwaitpid (gdb_pid, &status, 0), gdb_pid);
+ if (WIFEXITED (status) && WEXITSTATUS (status) == EXIT_UNSUPPORTED)
+ /* gdb is not installed. */
+ return EXIT_UNSUPPORTED;
+ TEST_COMPARE (status, 0);
+ TEST_COMPARE (xwaitpid (tested_pid, &status, 0), tested_pid);
+ TEST_COMPARE (status, 0);
+
+ free (tested_pid_string);
+ free (gdbscript);
+ free (gdb_path);
+ return 0;
+}
+
+#include <support/test-driver.c>
Index: glibc-2.33/nptl_db/structs.def
===================================================================
--- glibc-2.33.orig/nptl_db/structs.def
+++ glibc-2.33/nptl_db/structs.def
@@ -100,8 +100,7 @@ DB_STRUCT_FIELD (pthread, dtvp)
#endif
#if !(IS_IN (libpthread) && !defined SHARED)
-DB_STRUCT (rtld_global)
-DB_RTLD_VARIABLE (_rtld_global)
+DB_VARIABLE (__nptl_rtld_global)
#endif
DB_RTLD_GLOBAL_FIELD (dl_tls_dtv_slotinfo_list)
DB_RTLD_GLOBAL_FIELD (dl_stack_user)
Index: glibc-2.33/nptl_db/td_init.c
===================================================================
--- glibc-2.33.orig/nptl_db/td_init.c
+++ glibc-2.33/nptl_db/td_init.c
@@ -33,13 +33,14 @@ td_init (void)
bool
__td_ta_rtld_global (td_thragent_t *ta)
{
- if (ta->ta_addr__rtld_global == 0
- && td_mod_lookup (ta->ph, LD_SO, SYM__rtld_global,
- &ta->ta_addr__rtld_global) != PS_OK)
+ if (ta->ta_addr__rtld_global == 0)
{
- ta->ta_addr__rtld_global = (void*)-1;
- return false;
+ psaddr_t rtldglobalp;
+ if (DB_GET_VALUE (rtldglobalp, ta, __nptl_rtld_global, 0) == TD_OK)
+ ta->ta_addr__rtld_global = rtldglobalp;
+ else
+ ta->ta_addr__rtld_global = (void *) -1;
}
- else
- return ta->ta_addr__rtld_global != (void*)-1;
+
+ return ta->ta_addr__rtld_global != (void *)-1;
}
Index: glibc-2.33/nptl_db/thread_dbP.h
===================================================================
--- glibc-2.33.orig/nptl_db/thread_dbP.h
+++ glibc-2.33/nptl_db/thread_dbP.h
@@ -108,6 +108,8 @@ struct td_thragent
# undef DB_SYMBOL
# undef DB_VARIABLE
+ psaddr_t ta_addr__rtld_global;
+
/* The method of locating a thread's th_unique value. */
enum
{

View File

@ -1,42 +0,0 @@
From a151f2e05a64727c552a297d129b8ef242ffb3b6 Mon Sep 17 00:00:00 2001
From: DJ Delorie <dj@redhat.com>
Date: Thu, 25 Feb 2021 16:08:21 -0500
Subject: [PATCH] nscd: Fix double free in netgroupcache [BZ #27462]
In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
was fixed, but this led to an occasional double-free. This patch
tracks the "live" allocation better.
Tested manually by a third party.
Related: RHBZ 1927877
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit dca565886b5e8bd7966e15f0ca42ee5cff686673)
---
nscd/netgroupcache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: glibc-2.33/nscd/netgroupcache.c
===================================================================
--- glibc-2.33.orig/nscd/netgroupcache.c
+++ glibc-2.33/nscd/netgroupcache.c
@@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db
: NULL);
ndomain = (ndomain ? newbuf + ndomaindiff
: NULL);
- buffer = newbuf;
+ *tofreep = buffer = newbuf;
}
nhost = memcpy (buffer + bufused,
@@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db
else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
{
buflen *= 2;
- buffer = xrealloc (buffer, buflen);
+ *tofreep = buffer = xrealloc (buffer, buflen);
}
else if (status == NSS_STATUS_RETURN
|| status == NSS_STATUS_NOTFOUND

View File

@ -1,45 +0,0 @@
From 17f0ff097887008b2d3dca270c8ffbb4b43a8749 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Fri, 5 Feb 2021 07:32:18 +0000
Subject: [PATCH] nsswitch: return result when nss database is locked [BZ
#27343]
Before the change nss_database_check_reload_and_get() did not populate
the '*result' value when it returned success in a case of chroot
detection. This caused initgroups() to use garage pointer in the
following test (extracted from unbound):
```
int main() {
// load some NSS modules
struct passwd * pw = getpwnam("root");
chdir("/tmp");
chroot("/tmp");
chdir("/");
// access nsswitch.conf in a chroot
initgroups("root", 0);
}
```
Reviewed-by: DJ Delorie <dj@redhat.com>
---
nss/nss_database.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: glibc-2.33/nss/nss_database.c
===================================================================
--- glibc-2.33.orig/nss/nss_database.c
+++ glibc-2.33/nss/nss_database.c
@@ -400,8 +400,9 @@ nss_database_check_reload_and_get (struc
&& (str.st_ino != local->root_ino
|| str.st_dev != local->root_dev)))
{
- /* Change detected; disable reloading. */
+ /* Change detected; disable reloading and return current state. */
atomic_store_release (&local->data.reload_disabled, 1);
+ *result = local->data.services[database_index];
__libc_lock_unlock (local->lock);
__nss_module_disable_loading ();
return true;

View File

@ -1,854 +0,0 @@
From 9b456c5da968ee832ea4b2b73a18a5bf6d2118a6 Mon Sep 17 00:00:00 2001
From: DJ Delorie <dj@redhat.com>
Date: Mon, 15 Feb 2021 21:34:23 -0500
Subject: [PATCH] nss: fix nss_database_lookup2's alternate handling [BZ
#27416]
__nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config
ignored) and shadow files (secondary name ignored) which relies on
these fallbacks.
This patch adds in the previous behavior by correcting the
initialization of the database list to reflect the fallbacks. This
means that the nss_database_lookup2 interface no longer needs to be
passed the fallback info, so API and callers were adjusted.
Since all callers needed to be edited anyway, the calls were changed
from __nss_database_lookup2 to the faster __nss_database_get. This
was an intended optimization which was deferred during the initial
lookup changes to avoid touching so many files.
The test case verifies that compat targets work (passwd) and that the
default configuration works (group). Tested on x86-64.
---
nscd/aicache.c | 4 +-
nscd/initgrcache.c | 3 +-
nscd/netgroupcache.c | 2 +-
nss/Makefile | 1 +
nss/Versions | 2 +-
nss/XXX-lookup.c | 17 +---
nss/databases.def | 3 +
nss/grp-lookup.c | 1 -
nss/hosts-lookup.c | 1 -
nss/key-lookup.c | 1 -
nss/network-lookup.c | 1 -
nss/nss_compat/compat-grp.c | 2 +-
nss/nss_compat/compat-initgroups.c | 2 +-
nss/nss_compat/compat-pwd.c | 2 +-
nss/nss_compat/compat-spwd.c | 3 +-
nss/nss_database.c | 38 +++++++-
nss/nss_database.h | 5 +-
nss/nss_module.c | 20 ++--
nss/nss_test.h | 7 ++
nss/nss_test1.c | 93 +++++++++++++++++++
nss/nsswitch.c | 40 --------
nss/nsswitch.h | 9 --
nss/pwd-lookup.c | 1 -
nss/sgrp-lookup.c | 2 -
nss/spwd-lookup.c | 2 -
nss/tst-nss-compat1.c | 81 ++++++++++++++++
nss/tst-nss-compat1.root/etc/group | 1 +
nss/tst-nss-compat1.root/etc/nsswitch.conf | 3 +
nss/tst-nss-compat1.root/etc/passwd | 3 +
nss/tst-nss-compat1.root/etc/shadow | 2 +
.../tst-nss-compat1.script | 1 +
sysdeps/posix/getaddrinfo.c | 4 +-
32 files changed, 252 insertions(+), 105 deletions(-)
create mode 100644 nss/tst-nss-compat1.c
create mode 100644 nss/tst-nss-compat1.root/etc/group
create mode 100644 nss/tst-nss-compat1.root/etc/nsswitch.conf
create mode 100644 nss/tst-nss-compat1.root/etc/passwd
create mode 100644 nss/tst-nss-compat1.root/etc/shadow
create mode 100644 nss/tst-nss-compat1.root/tst-nss-compat1.script
Index: glibc-2.33/nscd/aicache.c
===================================================================
--- glibc-2.33.orig/nscd/aicache.c
+++ glibc-2.33/nscd/aicache.c
@@ -77,9 +77,7 @@ addhstaiX (struct database_dyn *db, int
int rc4 = 0;
int herrno = 0;
- no_more = __nss_database_lookup2 ("hosts", NULL,
- "dns [!UNAVAIL=return] files",
- &nip);
+ no_more = !__nss_database_get (nss_database_hosts, &nip);
/* Initialize configurations. */
struct resolv_context *ctx = __resolv_context_get ();
Index: glibc-2.33/nscd/initgrcache.c
===================================================================
--- glibc-2.33.orig/nscd/initgrcache.c
+++ glibc-2.33/nscd/initgrcache.c
@@ -82,8 +82,7 @@ addinitgroupsX (struct database_dyn *db,
int no_more;
if (group_database == NULL)
- no_more = __nss_database_lookup2 ("group", NULL, "files",
- &group_database);
+ no_more = !__nss_database_get (nss_database_group, &group_database);
else
no_more = 0;
nip = group_database;
Index: glibc-2.33/nscd/netgroupcache.c
===================================================================
--- glibc-2.33.orig/nscd/netgroupcache.c
+++ glibc-2.33/nscd/netgroupcache.c
@@ -143,7 +143,7 @@ addgetnetgrentX (struct database_dyn *db
*tofreep = NULL;
if (netgroup_database == NULL
- && __nss_database_lookup2 ("netgroup", NULL, NULL, &netgroup_database))
+ && !__nss_database_get (nss_database_netgroup, &netgroup_database))
{
/* No such service. */
cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
Index: glibc-2.33/nss/Makefile
===================================================================
--- glibc-2.33.orig/nss/Makefile
+++ glibc-2.33/nss/Makefile
@@ -63,6 +63,7 @@ tests = test-netdb test-digits-dots ts
xtests = bug-erange
tests-container = \
+ tst-nss-compat1 \
tst-nss-test3 \
tst-nss-files-hosts-long \
tst-nss-db-endpwent \
Index: glibc-2.33/nss/Versions
===================================================================
--- glibc-2.33.orig/nss/Versions
+++ glibc-2.33/nss/Versions
@@ -17,7 +17,7 @@ libc {
__nss_passwd_lookup2; __nss_group_lookup2; __nss_hosts_lookup2;
__nss_services_lookup2; __nss_next2; __nss_lookup;
- __nss_hash; __nss_database_lookup2;
+ __nss_hash; __nss_database_get;
__nss_files_fopen; __nss_readline; __nss_parse_line_result;
}
}
Index: glibc-2.33/nss/XXX-lookup.c
===================================================================
--- glibc-2.33.orig/nss/XXX-lookup.c
+++ glibc-2.33/nss/XXX-lookup.c
@@ -37,27 +37,20 @@
#define CONCAT3_1(Pre, Name, Post) CONCAT3_2 (Pre, Name, Post)
#define CONCAT3_2(Pre, Name, Post) Pre##Name##Post
+#define DATABASE_NAME_ID CONCAT2_1 (nss_database_, DATABASE_NAME)
+#define CONCAT2_1(Pre, Name) CONCAT2_2 (Pre, Name)
+#define CONCAT2_2(Pre, Name) Pre##Name
+
#define DATABASE_NAME_SYMBOL CONCAT3_1 (__nss_, DATABASE_NAME, _database)
#define DATABASE_NAME_STRING STRINGIFY1 (DATABASE_NAME)
#define STRINGIFY1(Name) STRINGIFY2 (Name)
#define STRINGIFY2(Name) #Name
-#ifdef ALTERNATE_NAME
-#define ALTERNATE_NAME_STRING STRINGIFY1 (ALTERNATE_NAME)
-#else
-#define ALTERNATE_NAME_STRING NULL
-#endif
-
-#ifndef DEFAULT_CONFIG
-#define DEFAULT_CONFIG NULL
-#endif
-
int
DB_LOOKUP_FCT (nss_action_list *ni, const char *fct_name, const char *fct2_name,
void **fctp)
{
- if (__nss_database_lookup2 (DATABASE_NAME_STRING, ALTERNATE_NAME_STRING,
- DEFAULT_CONFIG, &DATABASE_NAME_SYMBOL) < 0)
+ if (! __nss_database_get (DATABASE_NAME_ID, &DATABASE_NAME_SYMBOL))
return -1;
*ni = DATABASE_NAME_SYMBOL;
Index: glibc-2.33/nss/databases.def
===================================================================
--- glibc-2.33.orig/nss/databases.def
+++ glibc-2.33/nss/databases.def
@@ -23,17 +23,20 @@
DEFINE_DATABASE (aliases)
DEFINE_DATABASE (ethers)
DEFINE_DATABASE (group)
+DEFINE_DATABASE (group_compat)
DEFINE_DATABASE (gshadow)
DEFINE_DATABASE (hosts)
DEFINE_DATABASE (initgroups)
DEFINE_DATABASE (netgroup)
DEFINE_DATABASE (networks)
DEFINE_DATABASE (passwd)
+DEFINE_DATABASE (passwd_compat)
DEFINE_DATABASE (protocols)
DEFINE_DATABASE (publickey)
DEFINE_DATABASE (rpc)
DEFINE_DATABASE (services)
DEFINE_DATABASE (shadow)
+DEFINE_DATABASE (shadow_compat)
/*
Local Variables:
Index: glibc-2.33/nss/grp-lookup.c
===================================================================
--- glibc-2.33.orig/nss/grp-lookup.c
+++ glibc-2.33/nss/grp-lookup.c
@@ -19,6 +19,5 @@
#include <config.h>
#define DATABASE_NAME group
-#define DEFAULT_CONFIG "files"
#include "XXX-lookup.c"
Index: glibc-2.33/nss/hosts-lookup.c
===================================================================
--- glibc-2.33.orig/nss/hosts-lookup.c
+++ glibc-2.33/nss/hosts-lookup.c
@@ -17,6 +17,5 @@
<https://www.gnu.org/licenses/>. */
#define DATABASE_NAME hosts
-#define DEFAULT_CONFIG "dns [!UNAVAIL=return] files"
#include "XXX-lookup.c"
Index: glibc-2.33/nss/key-lookup.c
===================================================================
--- glibc-2.33.orig/nss/key-lookup.c
+++ glibc-2.33/nss/key-lookup.c
@@ -17,6 +17,5 @@
<https://www.gnu.org/licenses/>. */
#define DATABASE_NAME publickey
-#define DEFAULT_CONFIG "nis nisplus"
#include "XXX-lookup.c"
Index: glibc-2.33/nss/network-lookup.c
===================================================================
--- glibc-2.33.orig/nss/network-lookup.c
+++ glibc-2.33/nss/network-lookup.c
@@ -17,6 +17,5 @@
<https://www.gnu.org/licenses/>. */
#define DATABASE_NAME networks
-#define DEFAULT_CONFIG "dns [!UNAVAIL=return] files"
#include "XXX-lookup.c"
Index: glibc-2.33/nss/nss_compat/compat-grp.c
===================================================================
--- glibc-2.33.orig/nss/nss_compat/compat-grp.c
+++ glibc-2.33/nss/nss_compat/compat-grp.c
@@ -81,7 +81,7 @@ static bool in_blacklist (const char *,
static void
init_nss_interface (void)
{
- if (__nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0)
+ if (__nss_database_get (nss_database_group_compat, &ni))
{
setgrent_impl = __nss_lookup_function (ni, "setgrent");
getgrnam_r_impl = __nss_lookup_function (ni, "getgrnam_r");
Index: glibc-2.33/nss/nss_compat/compat-initgroups.c
===================================================================
--- glibc-2.33.orig/nss/nss_compat/compat-initgroups.c
+++ glibc-2.33/nss/nss_compat/compat-initgroups.c
@@ -91,7 +91,7 @@ init_nss_interface (void)
/* Retest. */
if (ni == NULL
- && __nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0)
+ && __nss_database_get (nss_database_group_compat, &ni))
{
initgroups_dyn_impl = __nss_lookup_function (ni, "initgroups_dyn");
getgrnam_r_impl = __nss_lookup_function (ni, "getgrnam_r");
Index: glibc-2.33/nss/nss_compat/compat-pwd.c
===================================================================
--- glibc-2.33.orig/nss/nss_compat/compat-pwd.c
+++ glibc-2.33/nss/nss_compat/compat-pwd.c
@@ -91,7 +91,7 @@ static bool in_blacklist (const char *,
static void
init_nss_interface (void)
{
- if (__nss_database_lookup2 ("passwd_compat", NULL, "nis", &ni) >= 0)
+ if (__nss_database_get (nss_database_passwd_compat, &ni))
{
setpwent_impl = __nss_lookup_function (ni, "setpwent");
getpwnam_r_impl = __nss_lookup_function (ni, "getpwnam_r");
Index: glibc-2.33/nss/nss_compat/compat-spwd.c
===================================================================
--- glibc-2.33.orig/nss/nss_compat/compat-spwd.c
+++ glibc-2.33/nss/nss_compat/compat-spwd.c
@@ -88,8 +88,7 @@ static bool in_blacklist (const char *,
static void
init_nss_interface (void)
{
- if (__nss_database_lookup2 ("shadow_compat", "passwd_compat",
- "nis", &ni) >= 0)
+ if (__nss_database_get (nss_database_shadow_compat, &ni))
{
setspent_impl = __nss_lookup_function (ni, "setspent");
getspnam_r_impl = __nss_lookup_function (ni, "getspnam_r");
Index: glibc-2.33/nss/nss_database.c
===================================================================
--- glibc-2.33.orig/nss/nss_database.c
+++ glibc-2.33/nss/nss_database.c
@@ -93,13 +93,16 @@ enum nss_database_default
static const char per_database_defaults[NSS_DATABASE_COUNT] =
{
[nss_database_group] = nss_database_default_compat,
+ [nss_database_group_compat] = nss_database_default_nis,
[nss_database_gshadow] = nss_database_default_files,
[nss_database_hosts] = nss_database_default_dns,
[nss_database_initgroups] = nss_database_default_none,
[nss_database_networks] = nss_database_default_dns,
[nss_database_passwd] = nss_database_default_compat,
+ [nss_database_passwd_compat] = nss_database_default_nis,
[nss_database_publickey] = nss_database_default_nis_nisplus,
[nss_database_shadow] = nss_database_default_compat,
+ [nss_database_shadow_compat] = nss_database_default_nis,
};
struct nss_database_default_cache
@@ -166,13 +169,12 @@ nss_database_select_default (struct nss_
assert (errno == ENOMEM);
return false;
}
- else
- return true;
+ return true;
}
/* database_name must be large enough for each individual name plus a
null terminator. */
-typedef char database_name[11];
+typedef char database_name[14];
#define DEFINE_DATABASE(name) \
_Static_assert (sizeof (#name) <= sizeof (database_name), #name);
#include "databases.def"
@@ -325,14 +327,43 @@ nss_database_reload (struct nss_database
/* No other threads have access to fp. */
__fsetlocking (fp, FSETLOCKING_BYCALLER);
+ /* We start with all of *staging pointing to NULL. */
+
bool ok = true;
if (fp != NULL)
ok = nss_database_reload_1 (staging, fp);
+ /* Now we have non-NULL entries where the user explictly listed the
+ service in nsswitch.conf. */
+
/* Apply defaults. */
if (ok)
{
struct nss_database_default_cache cache = { };
+
+ /* These three default to other services if the user listed the
+ other service. */
+
+ /* "shadow_compat" defaults to "passwd_compat" if only the
+ latter is given. */
+ if (staging->services[nss_database_shadow_compat] == NULL)
+ staging->services[nss_database_shadow_compat] =
+ staging->services[nss_database_passwd_compat];
+
+ /* "shadow" defaults to "passwd" if only the latter is
+ given. */
+ if (staging->services[nss_database_shadow] == NULL)
+ staging->services[nss_database_shadow] =
+ staging->services[nss_database_passwd];
+
+ /* "gshadow" defaults to "group" if only the latter is
+ given. */
+ if (staging->services[nss_database_gshadow] == NULL)
+ staging->services[nss_database_gshadow] =
+ staging->services[nss_database_group];
+
+ /* For anything still unspecified, load the default configs. */
+
for (int i = 0; i < NSS_DATABASE_COUNT; ++i)
if (staging->services[i] == NULL)
{
@@ -442,6 +473,7 @@ __nss_database_get (enum nss_database db
struct nss_database_state *local = nss_database_state_get ();
return nss_database_check_reload_and_get (local, actions, db);
}
+libc_hidden_def (__nss_database_get)
nss_action_list
__nss_database_get_noreload (enum nss_database db)
Index: glibc-2.33/nss/nss_database.h
===================================================================
--- glibc-2.33.orig/nss/nss_database.h
+++ glibc-2.33/nss/nss_database.h
@@ -52,12 +52,11 @@ enum nss_database
NSS_DATABASE_COUNT
};
-
/* Looks up the action list for DB and stores it in *ACTIONS. Returns
true on success or false on failure. Success can mean that
*ACTIONS is NULL. */
-bool __nss_database_get (enum nss_database db, nss_action_list *actions)
- attribute_hidden;
+bool __nss_database_get (enum nss_database db, nss_action_list *actions);
+libc_hidden_proto (__nss_database_get)
/* Like __nss_database_get, but does not reload /etc/nsswitch.conf
from disk. This assumes that there has been a previous successful
Index: glibc-2.33/nss/nss_module.c
===================================================================
--- glibc-2.33.orig/nss/nss_module.c
+++ glibc-2.33/nss/nss_module.c
@@ -31,14 +31,6 @@
#include <stdlib.h>
#include <string.h>
-#ifdef LINK_OBSOLETE_NSL
-# define DEFAULT_CONFIG "compat [NOTFOUND=return] files"
-# define DEFAULT_DEFCONFIG "nis [NOTFOUND=return] files"
-#else
-# define DEFAULT_CONFIG "files"
-# define DEFAULT_DEFCONFIG "files"
-#endif
-
/* Suffix after .so of NSS service modules. This is a bit of magic,
but we assume LIBNSS_FILES_SO looks like "libnss_files.so.2" and we
want a pointer to the ".2" part. We have no API to extract this
@@ -292,11 +284,11 @@ __nss_module_get_function (struct nss_mo
#if defined SHARED && defined USE_NSCD
/* Load all libraries for the service. */
static void
-nss_load_all_libraries (const char *service, const char *def)
+nss_load_all_libraries (enum nss_database service)
{
nss_action_list ni = NULL;
- if (__nss_database_lookup2 (service, NULL, def, &ni) == 0)
+ if (__nss_database_get (service, &ni))
while (ni->module != NULL)
{
__nss_module_load (ni->module);
@@ -323,10 +315,10 @@ __nss_disable_nscd (void (*cb) (size_t,
is_nscd = true;
/* Find all the relevant modules so that the init functions are called. */
- nss_load_all_libraries ("passwd", DEFAULT_CONFIG);
- nss_load_all_libraries ("group", DEFAULT_CONFIG);
- nss_load_all_libraries ("hosts", "dns [!UNAVAIL=return] files");
- nss_load_all_libraries ("services", NULL);
+ nss_load_all_libraries (nss_database_passwd);
+ nss_load_all_libraries (nss_database_group);
+ nss_load_all_libraries (nss_database_hosts);
+ nss_load_all_libraries (nss_database_services);
/* Make sure NSCD purges its cache if nsswitch.conf changes. */
init_traced_file (&pwd_traced_file.file, _PATH_NSSWITCH_CONF, 0);
Index: glibc-2.33/nss/nss_test.h
===================================================================
--- glibc-2.33.orig/nss/nss_test.h
+++ glibc-2.33/nss/nss_test.h
@@ -33,11 +33,13 @@
#include <pwd.h>
#include <grp.h>
+#include <shadow.h>
#include <netdb.h>
typedef struct test_tables {
struct passwd *pwd_table;
struct group *grp_table;
+ struct spwd *spwd_table;
struct hostent *host_table;
} test_tables;
@@ -46,10 +48,12 @@ extern void _nss_test2_init_hook (test_t
#define PWD_LAST() { .pw_name = NULL, .pw_uid = 0 }
#define GRP_LAST() { .gr_name = NULL, .gr_gid = 0 }
+#define SPWD_LAST() { .sp_namp = NULL, .sp_pwdp = NULL }
#define HOST_LAST() { .h_name = NULL, .h_aliases = NULL, .h_length = 0, .h_addr_list = NULL }
#define PWD_ISLAST(p) ((p)->pw_name == NULL && (p)->pw_uid == 0)
#define GRP_ISLAST(g) ((g)->gr_name == NULL && (g)->gr_gid == 0)
+#define SPWD_ISLAST(s) ((s)->sp_namp == NULL && (s)->sp_pwdp == 0)
#define HOST_ISLAST(h) ((h)->h_name == NULL && (h)->h_length == 0)
/* Macros to fill in the tables easily. */
@@ -76,6 +80,9 @@ extern void _nss_test2_init_hook (test_t
{ .gr_name = (char *) n, .gr_passwd = (char *) "*", .gr_gid = u, \
.gr_mem = (char **) m }
+#define SPWD(u) \
+ { .sp_namp = (char *) "name" #u, .sp_pwdp = (char *) "passwd" #u }
+
#define HOST(u) \
{ .h_name = (char *) "name" #u, .h_aliases = NULL, .h_addrtype = u, \
.h_length = 4, \
Index: glibc-2.33/nss/nss_test1.c
===================================================================
--- glibc-2.33.orig/nss/nss_test1.c
+++ glibc-2.33/nss/nss_test1.c
@@ -66,6 +66,9 @@ static int npwd_data = default_npwd_data
static struct group *grp_data = NULL;
static int ngrp_data = 0;
+static struct spwd *spwd_data = NULL;
+static int nspwd_data = 0;
+
static struct hostent *host_data = NULL;
static int nhost_data = 0;
@@ -102,6 +105,13 @@ init(void)
;
ngrp_data = i;
}
+ if (t.spwd_table)
+ {
+ spwd_data = t.spwd_table;
+ for (i=0; ! SPWD_ISLAST(& spwd_data[i]); i++)
+ ;
+ nspwd_data = i;
+ }
if (t.host_table)
{
host_data = t.host_table;
@@ -322,6 +332,89 @@ NAME(getgrnam_r) (const char *name, stru
return NSS_STATUS_NOTFOUND;
}
+
+/* -------------------------------------------------- */
+/* Shadow password handling. */
+
+static size_t spwd_iter;
+#define CURSPWD spwd_data[spwd_iter]
+
+static pthread_mutex_t spwd_lock = PTHREAD_MUTEX_INITIALIZER;
+
+enum nss_status
+NAME(setspent) (int stayopen)
+{
+ init();
+ spwd_iter = 0;
+ return NSS_STATUS_SUCCESS;
+}
+
+
+enum nss_status
+NAME(endspwent) (void)
+{
+ init();
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status
+copy_shadow (struct spwd *result, struct spwd *local,
+ char *buffer, size_t buflen, int *errnop)
+{
+ struct alloc_buffer buf = alloc_buffer_create (buffer, buflen);
+
+ result->sp_namp = alloc_buffer_maybe_copy_string (&buf, local->sp_namp);
+ result->sp_pwdp = alloc_buffer_maybe_copy_string (&buf, local->sp_pwdp);
+ result->sp_lstchg = local->sp_lstchg;
+ result->sp_min = local->sp_min;
+ result->sp_max = local->sp_max;
+ result->sp_warn = local->sp_warn;
+ result->sp_inact = local->sp_inact;
+ result->sp_expire = local->sp_expire;
+ result->sp_flag = local->sp_flag;
+
+ if (alloc_buffer_has_failed (&buf))
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status
+NAME(getspent_r) (struct spwd *result, char *buffer, size_t buflen,
+ int *errnop)
+{
+ int res = NSS_STATUS_SUCCESS;
+
+ init();
+ pthread_mutex_lock (&spwd_lock);
+
+ if (spwd_iter >= nspwd_data)
+ res = NSS_STATUS_NOTFOUND;
+ else
+ {
+ res = copy_shadow (result, &CURSPWD, buffer, buflen, errnop);
+ ++spwd_iter;
+ }
+
+ pthread_mutex_unlock (&spwd_lock);
+
+ return res;
+}
+
+enum nss_status
+NAME(getspnam_r) (const char *name, struct spwd *result, char *buffer,
+ size_t buflen, int *errnop)
+{
+ init();
+ for (size_t idx = 0; idx < nspwd_data; ++idx)
+ if (strcmp (spwd_data[idx].sp_namp, name) == 0)
+ return copy_shadow (result, &spwd_data[idx], buffer, buflen, errnop);
+
+ return NSS_STATUS_NOTFOUND;
+}
/* -------------------------------------------------- */
/* Host handling. */
Index: glibc-2.33/nss/nsswitch.c
===================================================================
--- glibc-2.33.orig/nss/nsswitch.c
+++ glibc-2.33/nss/nsswitch.c
@@ -51,53 +51,13 @@
#undef DEFINE_DATABASE
-#undef DEFINE_DATABASE
-#define DEFINE_DATABASE(name) #name,
-static const char * database_names[] = {
-#include "databases.def"
- NULL
-};
-
#ifdef USE_NSCD
/* Flags whether custom rules for database is set. */
bool __nss_database_custom[NSS_DBSIDX_max];
#endif
-
/*__libc_lock_define_initialized (static, lock)*/
-/* -1 == database not found
- 0 == database entry pointer stored */
-int
-__nss_database_lookup2 (const char *database, const char *alternate_name,
- const char *defconfig, nss_action_list *ni)
-{
- int database_id;
-
- for (database_id = 0; database_names[database_id]; database_id++)
- if (strcmp (database_names[database_id], database) == 0)
- break;
-
- if (database_names[database_id] == NULL)
- return -1;
-
- /* If *NI is NULL, the database was not mentioned in nsswitch.conf.
- If *NI is not NULL, but *NI->module is NULL, the database was in
- nsswitch.conf but listed no actions. We test for the former. */
- if (__nss_database_get (database_id, ni) && *ni != NULL)
- {
- /* Success. */
- return 0;
- }
- else
- {
- /* Failure. */
- return -1;
- }
-}
-libc_hidden_def (__nss_database_lookup2)
-
-
/* -1 == not found
0 == function found
1 == finished */
Index: glibc-2.33/nss/nsswitch.h
===================================================================
--- glibc-2.33.orig/nss/nsswitch.h
+++ glibc-2.33/nss/nsswitch.h
@@ -88,15 +88,6 @@ extern bool __nss_database_custom[NSS_DB
/* Interface functions for NSS. */
-/* Get the data structure representing the specified database.
- If there is no configuration for this database in the file,
- parse a service list from DEFCONFIG and use that. More
- than one function can use the database. */
-extern int __nss_database_lookup2 (const char *database,
- const char *alternative_name,
- const char *defconfig, struct nss_action **ni);
-libc_hidden_proto (__nss_database_lookup2)
-
/* Put first function with name FCT_NAME for SERVICE in FCTP. The
position is remembered in NI. The function returns a value < 0 if
an error occurred or no such function exists. */
Index: glibc-2.33/nss/pwd-lookup.c
===================================================================
--- glibc-2.33.orig/nss/pwd-lookup.c
+++ glibc-2.33/nss/pwd-lookup.c
@@ -19,6 +19,5 @@
#include <config.h>
#define DATABASE_NAME passwd
-#define DEFAULT_CONFIG "files"
#include "XXX-lookup.c"
Index: glibc-2.33/nss/sgrp-lookup.c
===================================================================
--- glibc-2.33.orig/nss/sgrp-lookup.c
+++ glibc-2.33/nss/sgrp-lookup.c
@@ -17,7 +17,5 @@
<https://www.gnu.org/licenses/>. */
#define DATABASE_NAME gshadow
-#define ALTERNATE_NAME group
-#define DEFAULT_CONFIG "files"
#include "XXX-lookup.c"
Index: glibc-2.33/nss/spwd-lookup.c
===================================================================
--- glibc-2.33.orig/nss/spwd-lookup.c
+++ glibc-2.33/nss/spwd-lookup.c
@@ -19,7 +19,5 @@
#include <config.h>
#define DATABASE_NAME shadow
-#define ALTERNATE_NAME passwd
-#define DEFAULT_CONFIG "files"
#include "XXX-lookup.c"
Index: glibc-2.33/nss/tst-nss-compat1.c
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-nss-compat1.c
@@ -0,0 +1,81 @@
+/* Test error checking for group entries.
+ Copyright (C) 2021 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <nss.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <shadow.h>
+
+#include <support/support.h>
+#include <support/check.h>
+
+#include "nss_test.h"
+
+static struct passwd pwd_table[] = {
+ PWD (100),
+ PWD (30),
+ PWD_LAST ()
+ };
+
+static struct spwd spwd_table[] = {
+ SPWD (100),
+ SPWD (30),
+ SPWD_LAST ()
+ };
+
+void
+_nss_test1_init_hook(test_tables *t)
+{
+ t->pwd_table = pwd_table;
+ t->spwd_table = spwd_table;
+}
+
+static int
+do_test (void)
+{
+ struct passwd *p = NULL;
+ struct spwd *s = NULL;
+ struct group *g = NULL;
+
+ /* Test that compat-to-test works. */
+ p = getpwuid (100);
+ if (p == NULL)
+ FAIL_EXIT1("getpwuid-compat-test1 p");
+ else if (strcmp (p->pw_name, "name100") != 0)
+ FAIL_EXIT1("getpwuid-compat-test1 name100");
+
+ /* Shadow compat should use passwd via the alternate name. */
+ s = getspnam ("name30");
+ if (s == NULL)
+ FAIL_EXIT1("getspnam-compat-test1 s");
+ else if (strcmp (s->sp_namp, "name30") != 0)
+ FAIL_EXIT1("getpwuid-compat-test1 name30");
+
+ /* Test that internal defconfig works. */
+ g = getgrgid (100);
+ if (g == NULL)
+ FAIL_EXIT1("getgrgid-compat-null");
+ if (strcmp (g->gr_name, "wilma") != 0)
+ FAIL_EXIT1("getgrgid-compat-name");
+
+ return 0;
+}
+
+#include <support/test-driver.c>
Index: glibc-2.33/nss/tst-nss-compat1.root/etc/group
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-nss-compat1.root/etc/group
@@ -0,0 +1 @@
+wilma:x:100:
Index: glibc-2.33/nss/tst-nss-compat1.root/etc/nsswitch.conf
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-nss-compat1.root/etc/nsswitch.conf
@@ -0,0 +1,3 @@
+passwd : compat
+passwd_compat : test1
+
Index: glibc-2.33/nss/tst-nss-compat1.root/etc/passwd
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-nss-compat1.root/etc/passwd
@@ -0,0 +1,3 @@
+name5:x:5:555:name5 for testing:/home/name5:/bin/nologin
++name100
++name30
Index: glibc-2.33/nss/tst-nss-compat1.root/etc/shadow
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-nss-compat1.root/etc/shadow
@@ -0,0 +1,2 @@
++name100
++name30
Index: glibc-2.33/nss/tst-nss-compat1.root/tst-nss-compat1.script
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-nss-compat1.root/tst-nss-compat1.script
@@ -0,0 +1 @@
+cp $B/nss/libnss_test1.so $L/libnss_test1.so.2
Index: glibc-2.33/sysdeps/posix/getaddrinfo.c
===================================================================
--- glibc-2.33.orig/sysdeps/posix/getaddrinfo.c
+++ glibc-2.33/sysdeps/posix/getaddrinfo.c
@@ -720,9 +720,7 @@ gaih_inet (const char *name, const struc
}
#endif
- no_more = __nss_database_lookup2 ("hosts", NULL,
- "dns [!UNAVAIL=return] files",
- &nip);
+ no_more = !__nss_database_get (nss_database_hosts, &nip);
/* If we are looking for both IPv4 and IPv6 address we don't
want the lookup functions to automatically promote IPv4

View File

@ -1,172 +0,0 @@
From 3e880d733753183696d1a81c34caef3a9add2b0c Mon Sep 17 00:00:00 2001
From: DJ Delorie <dj@redhat.com>
Date: Thu, 18 Feb 2021 15:26:30 -0500
Subject: [PATCH] nss: Re-enable NSS module loading after chroot [BZ #27389]
The glibc 2.33 release enabled /etc/nsswitch.conf reloading,
and to prevent potential security issues like CVE-2019-14271
the re-loading of nsswitch.conf and all mdoules was disabled
when the root filesystem changes (see bug 27077).
Unfortunately php-lpfm and openldap both require the ability
to continue to load NSS modules after chroot. The packages
do not exec after the chroot, and so do not cause the
protections to be reset. The only solution is to re-enable
only NSS module loading (not nsswitch.conf reloading) and so
get back the previous glibc behaviour.
In the future we may introduce a way to harden applications
so they do not reload NSS modules once the root filesystem
changes, or that only files/dns are available pre-loaded
(or builtin).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 58673149f37389495c098421085ffdb468b3f7ad)
---
nss/nss_database.c | 1 -
nss/tst-reload2.c | 35 +++++++++++++++----
nss/tst-reload2.root/etc/hosts | 1 +
nss/tst-reload2.root/etc/nsswitch.conf | 1 +
nss/tst-reload2.root/subdir/etc/hosts | 1 +
nss/tst-reload2.root/subdir/etc/nsswitch.conf | 1 +
6 files changed, 32 insertions(+), 8 deletions(-)
create mode 100644 nss/tst-reload2.root/etc/hosts
create mode 100644 nss/tst-reload2.root/subdir/etc/hosts
Index: glibc-2.33/nss/nss_database.c
===================================================================
--- glibc-2.33.orig/nss/nss_database.c
+++ glibc-2.33/nss/nss_database.c
@@ -404,7 +404,6 @@ nss_database_check_reload_and_get (struc
atomic_store_release (&local->data.reload_disabled, 1);
*result = local->data.services[database_index];
__libc_lock_unlock (local->lock);
- __nss_module_disable_loading ();
return true;
}
local->root_ino = str.st_ino;
Index: glibc-2.33/nss/tst-reload2.c
===================================================================
--- glibc-2.33.orig/nss/tst-reload2.c
+++ glibc-2.33/nss/tst-reload2.c
@@ -26,6 +26,7 @@
#include <pwd.h>
#include <grp.h>
#include <unistd.h>
+#include <netdb.h>
#include <support/support.h>
#include <support/check.h>
@@ -48,7 +49,7 @@ static const char *group_4[] = {
"alpha", "beta", "gamma", "fred", NULL
};
-static struct group group_table_data[] =
+static struct group group_table_data1[] =
{
GRP (4),
GRP_LAST ()
@@ -58,7 +59,7 @@ void
_nss_test1_init_hook (test_tables *t)
{
t->pwd_table = pwd_table1;
- t->grp_table = group_table_data;
+ t->grp_table = group_table_data1;
}
static struct passwd pwd_table2[] =
@@ -68,10 +69,21 @@ static struct passwd pwd_table2[] =
PWD_LAST ()
};
+static const char *group_5[] = {
+ "fred", NULL
+};
+
+static struct group group_table_data2[] =
+ {
+ GRP (5),
+ GRP_LAST ()
+ };
+
void
_nss_test2_init_hook (test_tables *t)
{
t->pwd_table = pwd_table2;
+ t->grp_table = group_table_data2;
}
static int
@@ -79,6 +91,7 @@ do_test (void)
{
struct passwd *pw;
struct group *gr;
+ struct hostent *he;
char buf1[PATH_MAX];
char buf2[PATH_MAX];
@@ -99,7 +112,9 @@ do_test (void)
TEST_COMPARE (pw->pw_uid, 1234);
/* This just loads the test2 DSO. */
- gr = getgrnam ("name4");
+ gr = getgrgid (5);
+ TEST_VERIFY (gr != NULL);
+
/* Change the root dir. */
@@ -114,15 +129,21 @@ do_test (void)
if (pw)
TEST_VERIFY (pw->pw_uid != 2468);
- /* The "files" DSO should not be loaded. */
- gr = getgrnam ("test3");
- TEST_VERIFY (gr == NULL);
-
/* We should still be using the old configuration. */
pw = getpwnam ("test1");
TEST_VERIFY (pw != NULL);
if (pw)
TEST_COMPARE (pw->pw_uid, 1234);
+ gr = getgrgid (5);
+ TEST_VERIFY (gr != NULL);
+ gr = getgrnam ("name4");
+ TEST_VERIFY (gr == NULL);
+
+ /* hosts in the outer nsswitch is files; the inner one is test1.
+ Verify that we're still using the outer nsswitch *and* that we
+ can load the files DSO. */
+ he = gethostbyname ("test2");
+ TEST_VERIFY (he != NULL);
return 0;
}
Index: glibc-2.33/nss/tst-reload2.root/etc/hosts
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-reload2.root/etc/hosts
@@ -0,0 +1 @@
+1.2.3.4 test1
Index: glibc-2.33/nss/tst-reload2.root/etc/nsswitch.conf
===================================================================
--- glibc-2.33.orig/nss/tst-reload2.root/etc/nsswitch.conf
+++ glibc-2.33/nss/tst-reload2.root/etc/nsswitch.conf
@@ -1,2 +1,3 @@
passwd: test1
group: test2
+hosts: files
Index: glibc-2.33/nss/tst-reload2.root/subdir/etc/hosts
===================================================================
--- /dev/null
+++ glibc-2.33/nss/tst-reload2.root/subdir/etc/hosts
@@ -0,0 +1 @@
+1.2.3.4 test2
Index: glibc-2.33/nss/tst-reload2.root/subdir/etc/nsswitch.conf
===================================================================
--- glibc-2.33.orig/nss/tst-reload2.root/subdir/etc/nsswitch.conf
+++ glibc-2.33/nss/tst-reload2.root/subdir/etc/nsswitch.conf
@@ -1,2 +1,3 @@
passwd: test2
group: files
+hosts: test1

View File

@ -1,56 +0,0 @@
From 044e603b698093cf48f6e6229e0b66acf05227e4 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 19 Feb 2021 13:29:00 +0100
Subject: [PATCH] string: Work around GCC PR 98512 in rawmemchr
---
string/rawmemchr.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/string/rawmemchr.c b/string/rawmemchr.c
index 59bbeeaa42..b8523118e5 100644
--- a/string/rawmemchr.c
+++ b/string/rawmemchr.c
@@ -22,24 +22,28 @@
# define RAWMEMCHR __rawmemchr
#endif
-/* Find the first occurrence of C in S. */
-void *
-RAWMEMCHR (const void *s, int c)
-{
- DIAG_PUSH_NEEDS_COMMENT;
+/* The pragmata should be nested inside RAWMEMCHR below, but that
+ triggers GCC PR 98512. */
+DIAG_PUSH_NEEDS_COMMENT;
#if __GNUC_PREREQ (7, 0)
- /* GCC 8 warns about the size passed to memchr being larger than
- PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */
- DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
+/* GCC 8 warns about the size passed to memchr being larger than
+ PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */
+DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
#endif
#if __GNUC_PREREQ (11, 0)
- /* Likewise GCC 11, with a different warning option. */
- DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
+/* Likewise GCC 11, with a different warning option. */
+DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
#endif
+
+/* Find the first occurrence of C in S. */
+void *
+RAWMEMCHR (const void *s, int c)
+{
if (c != '\0')
return memchr (s, c, (size_t)-1);
- DIAG_POP_NEEDS_COMMENT;
return (char *)s + strlen (s);
}
libc_hidden_def (__rawmemchr)
weak_alias (__rawmemchr, rawmemchr)
+
+DIAG_POP_NEEDS_COMMENT;
--
2.31.1

View File

@ -1,154 +0,0 @@
From cedbf6d5f3f70ca911176de87d6e453eeab4b7a1 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu, 8 Apr 2021 07:39:32 -0300
Subject: [PATCH] linux: always update select timeout (BZ #27706)
The timeout should be updated even on failure for time64 support.
Checked on i686-linux-gnu.
From 9d7c5cc38e58fb0923e88901f87174a511b61552 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Wed, 31 Mar 2021 13:53:34 -0300
Subject: [PATCH] linux: Normalize and return timeout on select (BZ #27651)
The commit 2433d39b697, which added time64 support to select, changed
the function to use __NR_pselect6 (or __NR_pelect6_time64) on all
architectures. However, on architectures where the symbol was
implemented with __NR_select the kernel normalizes the passed timeout
instead of return EINVAL. For instance, the input timeval
{ 0, 5000000 } is interpreted as { 5, 0 }.
And as indicated by BZ #27651, this semantic seems to be expected
and changing it results in some performance issues (most likely
the program does not check the return code and keeps issuing
select with unormalized tv_usec argument).
To avoid a different semantic depending whether which syscall the
architecture used to issue, select now always normalize the timeout
input. This is a slight change for some ABIs (for instance aarch64).
Checked on x86_64-linux-gnu and i686-linux-gnu.
Index: glibc-2.33/include/time.h
===================================================================
--- glibc-2.33.orig/include/time.h
+++ glibc-2.33/include/time.h
@@ -502,6 +502,11 @@ time_now (void)
__clock_gettime (TIME_CLOCK_GETTIME_CLOCKID, &ts);
return ts.tv_sec;
}
+
+#define NSEC_PER_SEC 1000000000L /* Nanoseconds per second. */
+#define USEC_PER_SEC 1000000L /* Microseconds per second. */
+#define NSEC_PER_USEC 1000L /* Nanoseconds per microsecond. */
+
#endif
#endif
Index: glibc-2.33/sunrpc/svcauth_des.c
===================================================================
--- glibc-2.33.orig/sunrpc/svcauth_des.c
+++ glibc-2.33/sunrpc/svcauth_des.c
@@ -58,7 +58,6 @@
#define debug(msg) /*printf("svcauth_des: %s\n", msg) */
-#define USEC_PER_SEC ((uint32_t) 1000000L)
#define BEFORE(t1, t2) timercmp(t1, t2, <)
/*
Index: glibc-2.33/sysdeps/unix/sysv/linux/select.c
===================================================================
--- glibc-2.33.orig/sysdeps/unix/sysv/linux/select.c
+++ glibc-2.33/sysdeps/unix/sysv/linux/select.c
@@ -33,13 +33,35 @@ int
__select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
struct __timeval64 *timeout)
{
- struct __timespec64 ts64, *pts64 = NULL;
- if (timeout != NULL)
+ __time64_t s = timeout != NULL ? timeout->tv_sec : 0;
+ int32_t us = timeout != NULL ? timeout->tv_usec : 0;
+ int32_t ns;
+
+ if (s < 0 || us < 0)
+ return INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
+
+ /* Normalize the timeout, as legacy Linux __NR_select and __NR__newselect.
+ Different than syscall, it also handle possible overflow. */
+ if (us / USEC_PER_SEC > INT64_MAX - s)
{
- ts64 = timeval64_to_timespec64 (*timeout);
- pts64 = &ts64;
+ s = INT64_MAX;
+ ns = NSEC_PER_SEC - 1;
+ }
+ else
+ {
+ s += us / USEC_PER_SEC;
+ us = us % USEC_PER_SEC;
+ ns = us * NSEC_PER_USEC;
}
+ struct __timespec64 ts64, *pts64 = NULL;
+ if (timeout != NULL)
+ {
+ ts64.tv_sec = s;
+ ts64.tv_nsec = ns;
+ pts64 = &ts64;
+ }
+
#ifndef __NR_pselect6_time64
# define __NR_pselect6_time64 __NR_pselect6
#endif
@@ -52,10 +74,10 @@ __select64 (int nfds, fd_set *readfds, f
(though the pselect() glibc call suppresses this behavior).
Since select() on Linux has the same behavior as the pselect6
syscall, we update the timeout here. */
- if (r == 0 || errno != ENOSYS)
+ if (r >= 0 || errno != ENOSYS)
{
if (timeout != NULL)
- TIMEVAL_TO_TIMESPEC (timeout, &ts64);
+ TIMESPEC_TO_TIMEVAL (timeout, &ts64);
return r;
}
@@ -64,14 +86,15 @@ __select64 (int nfds, fd_set *readfds, f
#ifndef __ASSUME_TIME64_SYSCALLS
struct timespec ts32, *pts32 = NULL;
- if (timeout != NULL)
+ if (pts64 != NULL)
{
- if (! in_time_t_range (timeout->tv_sec))
+ if (! in_time_t_range (pts64->tv_sec))
{
__set_errno (EINVAL);
return -1;
}
- ts32 = valid_timespec64_to_timespec (ts64);
+ ts32.tv_sec = s;
+ ts32.tv_nsec = ns;
pts32 = &ts32;
}
# ifndef __ASSUME_PSELECT
@@ -84,7 +107,7 @@ __select64 (int nfds, fd_set *readfds, f
r = SYSCALL_CANCEL (pselect6, nfds, readfds, writefds, exceptfds, pts32,
NULL);
# endif
- if (r >= 0 && timeout != NULL)
+ if (timeout != NULL)
*timeout = valid_timespec_to_timeval64 (ts32);
#endif
@@ -105,7 +128,7 @@ __select (int nfds, fd_set *readfds, fd_
ptv64 = &tv64;
}
int r = __select64 (nfds, readfds, writefds, exceptfds, ptv64);
- if (r >= 0 && timeout != NULL)
+ if (timeout != NULL)
/* The remanining timeout will be always less the input TIMEOUT. */
*timeout = valid_timeval64_to_timeval (tv64);
return r;

View File

@ -1,31 +0,0 @@
From 7fc9152e831fb24091c0ceabdcecb9b07dd29dd6 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 21 Apr 2021 18:40:08 -0700
Subject: [PATCH] x86: tst-cpu-features-supports.c: Update AMX check
Pass "amx-bf16", "amx-int8" and "amx-tile", instead of "amx_bf16",
"amx_int8" and "amx_tile", to __builtin_cpu_supports for GCC 11.
---
sysdeps/x86/tst-cpu-features-supports.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sysdeps/x86/tst-cpu-features-supports.c b/sysdeps/x86/tst-cpu-features-supports.c
index ce78a7d8bc..a2cabc90be 100644
--- a/sysdeps/x86/tst-cpu-features-supports.c
+++ b/sysdeps/x86/tst-cpu-features-supports.c
@@ -59,9 +59,9 @@ do_test (int argc, char **argv)
fails += CHECK_SUPPORTS (aes, AES);
#endif
#if __GNUC_PREREQ (11, 1)
- fails += CHECK_SUPPORTS (amx_bf16, AMX_BF16);
- fails += CHECK_SUPPORTS (amx_int8, AMX_INT8);
- fails += CHECK_SUPPORTS (amx_tile, AMX_TILE);
+ fails += CHECK_SUPPORTS (amx-bf16, AMX_BF16);
+ fails += CHECK_SUPPORTS (amx-int8, AMX_INT8);
+ fails += CHECK_SUPPORTS (amx-tile, AMX_TILE);
#endif
fails += CHECK_SUPPORTS (avx, AVX);
fails += CHECK_SUPPORTS (avx2, AVX2);
--
2.31.1

View File

@ -1,183 +0,0 @@
From ee9f98d9cac12e843ca59c6e4d4b225f58a66727 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 2 Feb 2021 13:45:58 -0800
Subject: [PATCH] x86: Set minimum x86-64 level marker [BZ #27318]
Since the full ISA set used in an ELF binary is unknown to compiler,
an x86-64 ISA level marker indicates the minimum, not maximum, ISA set
required to run such an ELF binary. We never guarantee a library with
an x86-64 ISA level v3 marker doesn't contain other ISAs beyond x86-64
ISA level v3, like AVX VNNI. We check the x86-64 ISA level marker for
the minimum ISA set. Since -march=sandybridge enables only some ISAs
in x86-64 ISA level v3, we should set the needed ISA marker to v2.
Otherwise, libc is compiled with -march=sandybridge will fail to run on
Sandy Bridge:
$ ./elf/ld.so ./libc.so
./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3
Set the minimum, instead of maximum, x86-64 ISA level marker should have
no impact on the glibc-hwcaps directory assignment logic in ldconfig nor
ld.so.
(cherry picked from commit 339bf918ea4830fb35614632e96f3aab3237adce)
---
config.h.in | 6 ++++++
sysdeps/x86/configure | 28 ++++++++++++++++++++++++++++
sysdeps/x86/configure.ac | 16 ++++++++++++++++
sysdeps/x86/isa-level.c | 25 ++++++++++++++-----------
4 files changed, 64 insertions(+), 11 deletions(-)
Index: glibc-2.33/config.h.in
===================================================================
--- glibc-2.33.orig/config.h.in
+++ glibc-2.33/config.h.in
@@ -275,4 +275,10 @@
/* Define if x86 ISA level should be included in shared libraries. */
#undef INCLUDE_X86_ISA_LEVEL
+/* Define if -msahf is enabled by default on x86. */
+#undef HAVE_X86_LAHF_SAHF
+
+/* Define if -mmovbe is enabled by default on x86. */
+#undef HAVE_X86_MOVBE
+
#endif
Index: glibc-2.33/sysdeps/x86/configure
===================================================================
--- glibc-2.33.orig/sysdeps/x86/configure
+++ glibc-2.33/sysdeps/x86/configure
@@ -126,6 +126,8 @@ cat > conftest2.S <<EOF
4:
EOF
libc_cv_include_x86_isa_level=no
+libc_cv_have_x86_lahf_sahf=no
+libc_cv_have_x86_movbe=no
if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
@@ -135,6 +137,24 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS
count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
if test "$count" = 1; then
libc_cv_include_x86_isa_level=yes
+ cat > conftest.c <<EOF
+EOF
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; } | grep -q "\-msahf"; then
+ libc_cv_have_x86_lahf_sahf=yes
+ fi
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; } | grep -q "\-mmovbe"; then
+ libc_cv_have_x86_movbe=yes
+ fi
fi
fi
rm -f conftest*
@@ -145,5 +165,13 @@ if test $libc_cv_include_x86_isa_level =
$as_echo "#define INCLUDE_X86_ISA_LEVEL 1" >>confdefs.h
fi
+if test $libc_cv_have_x86_lahf_sahf = yes; then
+ $as_echo "#define HAVE_X86_LAHF_SAHF 1" >>confdefs.h
+
+fi
+if test $libc_cv_have_x86_movbe = yes; then
+ $as_echo "#define HAVE_X86_MOVBE 1" >>confdefs.h
+
+fi
config_vars="$config_vars
enable-x86-isa-level = $libc_cv_include_x86_isa_level"
Index: glibc-2.33/sysdeps/x86/configure.ac
===================================================================
--- glibc-2.33.orig/sysdeps/x86/configure.ac
+++ glibc-2.33/sysdeps/x86/configure.ac
@@ -98,14 +98,30 @@ cat > conftest2.S <<EOF
4:
EOF
libc_cv_include_x86_isa_level=no
+libc_cv_have_x86_lahf_sahf=no
+libc_cv_have_x86_movbe=no
if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then
count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
if test "$count" = 1; then
libc_cv_include_x86_isa_level=yes
+ cat > conftest.c <<EOF
+EOF
+ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-msahf"; then
+ libc_cv_have_x86_lahf_sahf=yes
+ fi
+ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-mmovbe"; then
+ libc_cv_have_x86_movbe=yes
+ fi
fi
fi
rm -f conftest*])
if test $libc_cv_include_x86_isa_level = yes; then
AC_DEFINE(INCLUDE_X86_ISA_LEVEL)
fi
+if test $libc_cv_have_x86_lahf_sahf = yes; then
+ AC_DEFINE(HAVE_X86_LAHF_SAHF)
+fi
+if test $libc_cv_have_x86_movbe = yes; then
+ AC_DEFINE(HAVE_X86_MOVBE)
+fi
LIBC_CONFIG_VAR([enable-x86-isa-level], [$libc_cv_include_x86_isa_level])
Index: glibc-2.33/sysdeps/x86/isa-level.c
===================================================================
--- glibc-2.33.orig/sysdeps/x86/isa-level.c
+++ glibc-2.33/sysdeps/x86/isa-level.c
@@ -29,32 +29,35 @@
/* ELF program property for x86 ISA level. */
#ifdef INCLUDE_X86_ISA_LEVEL
-# if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \
- || defined __MMX__ || defined __SSE__ || defined __SSE2__
+# if defined __SSE__ && defined __SSE2__
+/* NB: ISAs, excluding MMX, in x86-64 ISA level baseline are used. */
# define ISA_BASELINE GNU_PROPERTY_X86_ISA_1_BASELINE
# else
# define ISA_BASELINE 0
# endif
-# if defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \
- || (defined __x86_64__ && defined __LAHF_SAHF__) \
- || defined __POPCNT__ || defined __SSE3__ \
- || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__
+# if ISA_BASELINE && defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \
+ && defined HAVE_X86_LAHF_SAHF && defined __POPCNT__ \
+ && defined __SSE3__ && defined __SSSE3__ && defined __SSE4_1__ \
+ && defined __SSE4_2__
+/* NB: ISAs in x86-64 ISA level v2 are used. */
# define ISA_V2 GNU_PROPERTY_X86_ISA_1_V2
# else
# define ISA_V2 0
# endif
-# if defined __AVX__ || defined __AVX2__ || defined __F16C__ \
- || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \
- || defined __XSAVE__
+# if ISA_V2 && defined __AVX__ && defined __AVX2__ && defined __F16C__ \
+ && defined __FMA__ && defined __LZCNT__ && defined HAVE_X86_MOVBE
+/* NB: ISAs in x86-64 ISA level v3 are used. */
# define ISA_V3 GNU_PROPERTY_X86_ISA_1_V3
# else
# define ISA_V3 0
# endif
-# if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \
- || defined __AVX512DQ__ || defined __AVX512VL__
+# if ISA_V3 && defined __AVX512F__ && defined __AVX512BW__ \
+ && defined __AVX512CD__ && defined __AVX512DQ__ \
+ && defined __AVX512VL__
+/* NB: ISAs in x86-64 ISA level v4 are used. */
# define ISA_V4 GNU_PROPERTY_X86_ISA_1_V4
# else
# define ISA_V4 0