forked from pool/glibc
Accepting request 1114023 from Base:System
- fstat-implementation.patch: io: Do not implement fstat with fstatat (forwarded request 1114022 from Andreas_Schwab) OBS-URL: https://build.opensuse.org/request/show/1114023 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glibc?expand=0&rev=279
This commit is contained in:
commit
f1ef701e3c
37
call-init-proxy-objects.patch
Normal file
37
call-init-proxy-objects.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 7ae211a01b085d0bde54bd13b887ce8f9d57c2b4 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Tue, 22 Aug 2023 13:56:25 +0200
|
||||
Subject: [PATCH] elf: Do not run constructors for proxy objects
|
||||
|
||||
Otherwise, the ld.so constructor runs for each audit namespace
|
||||
and each dlmopen namespace.
|
||||
|
||||
(cherry picked from commit f6c8204fd7fabf0cf4162eaf10ccf23258e4d10e)
|
||||
---
|
||||
elf/dl-init.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/elf/dl-init.c b/elf/dl-init.c
|
||||
index 5b0732590f..ba4d2fdc85 100644
|
||||
--- a/elf/dl-init.c
|
||||
+++ b/elf/dl-init.c
|
||||
@@ -25,10 +25,14 @@
|
||||
static void
|
||||
call_init (struct link_map *l, int argc, char **argv, char **env)
|
||||
{
|
||||
+ /* Do not run constructors for proxy objects. */
|
||||
+ if (l != l->l_real)
|
||||
+ return;
|
||||
+
|
||||
/* If the object has not been relocated, this is a bug. The
|
||||
function pointers are invalid in this case. (Executables do not
|
||||
- need relocation, and neither do proxy objects.) */
|
||||
- assert (l->l_real->l_relocated || l->l_real->l_type == lt_executable);
|
||||
+ need relocation.) */
|
||||
+ assert (l->l_relocated || l->l_type == lt_executable);
|
||||
|
||||
if (l->l_init_called)
|
||||
/* This object is all done. */
|
||||
--
|
||||
2.42.0
|
||||
|
834
dtors-reverse-ctor-order.patch
Normal file
834
dtors-reverse-ctor-order.patch
Normal file
@ -0,0 +1,834 @@
|
||||
From a3189f66a5f2fe86568286fa025fa153be04c6c0 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Fri, 8 Sep 2023 12:32:14 +0200
|
||||
Subject: [PATCH] elf: Always call destructors in reverse constructor order
|
||||
(bug 30785)
|
||||
|
||||
The current implementation of dlclose (and process exit) re-sorts the
|
||||
link maps before calling ELF destructors. Destructor order is not the
|
||||
reverse of the constructor order as a result: The second sort takes
|
||||
relocation dependencies into account, and other differences can result
|
||||
from ambiguous inputs, such as cycles. (The force_first handling in
|
||||
_dl_sort_maps is not effective for dlclose.) After the changes in
|
||||
this commit, there is still a required difference due to
|
||||
dlopen/dlclose ordering by the application, but the previous
|
||||
discrepancies went beyond that.
|
||||
|
||||
A new global (namespace-spanning) list of link maps,
|
||||
_dl_init_called_list, is updated right before ELF constructors are
|
||||
called from _dl_init.
|
||||
|
||||
In dl_close_worker, the maps variable, an on-stack variable length
|
||||
array, is eliminated. (VLAs are problematic, and dlclose should not
|
||||
call malloc because it cannot readily deal with malloc failure.)
|
||||
Marking still-used objects uses the namespace list directly, with
|
||||
next and next_idx replacing the done_index variable.
|
||||
|
||||
After marking, _dl_init_called_list is used to call the destructors
|
||||
of now-unused maps in reverse destructor order. These destructors
|
||||
can call dlopen. Previously, new objects do not have l_map_used set.
|
||||
This had to change: There is no copy of the link map list anymore,
|
||||
so processing would cover newly opened (and unmarked) mappings,
|
||||
unloading them. Now, _dl_init (indirectly) sets l_map_used, too.
|
||||
(dlclose is handled by the existing reentrancy guard.)
|
||||
|
||||
After _dl_init_called_list traversal, two more loops follow. The
|
||||
processing order changes to the original link map order in the
|
||||
namespace. Previously, dependency order was used. The difference
|
||||
should not matter because relocation dependencies could already
|
||||
reorder link maps in the old code.
|
||||
|
||||
The changes to _dl_fini remove the sorting step and replace it with
|
||||
a traversal of _dl_init_called_list. The l_direct_opencount
|
||||
decrement outside the loader lock is removed because it appears
|
||||
incorrect: the counter manipulation could race with other dynamic
|
||||
loader operations.
|
||||
|
||||
tst-audit23 needs adjustments to the changes in LA_ACT_DELETE
|
||||
notifications. The new approach for checking la_activity should
|
||||
make it clearer that la_activty calls come in pairs around namespace
|
||||
updates.
|
||||
|
||||
The dependency sorting test cases need updates because the destructor
|
||||
order is always the opposite order of constructor order, even with
|
||||
relocation dependencies or cycles present.
|
||||
|
||||
There is a future cleanup opportunity to remove the now-constant
|
||||
force_first and for_fini arguments from the _dl_sort_maps function.
|
||||
|
||||
Fixes commit 1df71d32fe5f5905ffd5d100e5e9ca8ad62 ("elf: Implement
|
||||
force_first handling in _dl_sort_maps_dfs (bug 28937)").
|
||||
|
||||
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||||
(cherry picked from commit 6985865bc3ad5b23147ee73466583dd7fdf65892)
|
||||
---
|
||||
NEWS | 7 ++
|
||||
elf/dl-close.c | 113 +++++++++++++++++----------
|
||||
elf/dl-fini.c | 152 +++++++++++++------------------------
|
||||
elf/dl-init.c | 16 ++++
|
||||
elf/dso-sort-tests-1.def | 19 ++---
|
||||
elf/tst-audit23.c | 44 ++++++-----
|
||||
include/link.h | 4 +
|
||||
sysdeps/generic/ldsodefs.h | 4 +
|
||||
8 files changed, 186 insertions(+), 173 deletions(-)
|
||||
|
||||
diff --git a/elf/dl-close.c b/elf/dl-close.c
|
||||
index b887a44888..ea62d0e601 100644
|
||||
--- a/elf/dl-close.c
|
||||
+++ b/elf/dl-close.c
|
||||
@@ -138,30 +138,31 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
|
||||
bool any_tls = false;
|
||||
const unsigned int nloaded = ns->_ns_nloaded;
|
||||
- struct link_map *maps[nloaded];
|
||||
|
||||
- /* Run over the list and assign indexes to the link maps and enter
|
||||
- them into the MAPS array. */
|
||||
+ /* Run over the list and assign indexes to the link maps. */
|
||||
int idx = 0;
|
||||
for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next)
|
||||
{
|
||||
l->l_map_used = 0;
|
||||
l->l_map_done = 0;
|
||||
l->l_idx = idx;
|
||||
- maps[idx] = l;
|
||||
++idx;
|
||||
}
|
||||
assert (idx == nloaded);
|
||||
|
||||
- /* Keep track of the lowest index link map we have covered already. */
|
||||
- int done_index = -1;
|
||||
- while (++done_index < nloaded)
|
||||
+ /* Keep marking link maps until no new link maps are found. */
|
||||
+ for (struct link_map *l = ns->_ns_loaded; l != NULL; )
|
||||
{
|
||||
- struct link_map *l = maps[done_index];
|
||||
+ /* next is reset to earlier link maps for remarking. */
|
||||
+ struct link_map *next = l->l_next;
|
||||
+ int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL. */
|
||||
|
||||
if (l->l_map_done)
|
||||
- /* Already handled. */
|
||||
- continue;
|
||||
+ {
|
||||
+ /* Already handled. */
|
||||
+ l = next;
|
||||
+ continue;
|
||||
+ }
|
||||
|
||||
/* Check whether this object is still used. */
|
||||
if (l->l_type == lt_loaded
|
||||
@@ -171,7 +172,10 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
acquire is sufficient and correct. */
|
||||
&& atomic_load_acquire (&l->l_tls_dtor_count) == 0
|
||||
&& !l->l_map_used)
|
||||
- continue;
|
||||
+ {
|
||||
+ l = next;
|
||||
+ continue;
|
||||
+ }
|
||||
|
||||
/* We need this object and we handle it now. */
|
||||
l->l_map_used = 1;
|
||||
@@ -198,8 +202,11 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
already processed it, then we need to go back
|
||||
and process again from that point forward to
|
||||
ensure we keep all of its dependencies also. */
|
||||
- if ((*lp)->l_idx - 1 < done_index)
|
||||
- done_index = (*lp)->l_idx - 1;
|
||||
+ if ((*lp)->l_idx < next_idx)
|
||||
+ {
|
||||
+ next = *lp;
|
||||
+ next_idx = next->l_idx;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -219,44 +226,65 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
if (!jmap->l_map_used)
|
||||
{
|
||||
jmap->l_map_used = 1;
|
||||
- if (jmap->l_idx - 1 < done_index)
|
||||
- done_index = jmap->l_idx - 1;
|
||||
+ if (jmap->l_idx < next_idx)
|
||||
+ {
|
||||
+ next = jmap;
|
||||
+ next_idx = next->l_idx;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
- }
|
||||
|
||||
- /* Sort the entries. We can skip looking for the binary itself which is
|
||||
- at the front of the search list for the main namespace. */
|
||||
- _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true);
|
||||
+ l = next;
|
||||
+ }
|
||||
|
||||
- /* Call all termination functions at once. */
|
||||
- bool unload_any = false;
|
||||
- bool scope_mem_left = false;
|
||||
- unsigned int unload_global = 0;
|
||||
- unsigned int first_loaded = ~0;
|
||||
- for (unsigned int i = 0; i < nloaded; ++i)
|
||||
+ /* Call the destructors in reverse constructor order, and remove the
|
||||
+ closed link maps from the list. */
|
||||
+ for (struct link_map **init_called_head = &_dl_init_called_list;
|
||||
+ *init_called_head != NULL; )
|
||||
{
|
||||
- struct link_map *imap = maps[i];
|
||||
+ struct link_map *imap = *init_called_head;
|
||||
|
||||
- /* All elements must be in the same namespace. */
|
||||
- assert (imap->l_ns == nsid);
|
||||
-
|
||||
- if (!imap->l_map_used)
|
||||
+ /* _dl_init_called_list is global, to produce a global odering.
|
||||
+ Ignore the other namespaces (and link maps that are still used). */
|
||||
+ if (imap->l_ns != nsid || imap->l_map_used)
|
||||
+ init_called_head = &imap->l_init_called_next;
|
||||
+ else
|
||||
{
|
||||
assert (imap->l_type == lt_loaded && !imap->l_nodelete_active);
|
||||
|
||||
- /* Call its termination function. Do not do it for
|
||||
- half-cooked objects. Temporarily disable exception
|
||||
- handling, so that errors are fatal. */
|
||||
- if (imap->l_init_called)
|
||||
+ /* _dl_init_called_list is updated at the same time as
|
||||
+ l_init_called. */
|
||||
+ assert (imap->l_init_called);
|
||||
+
|
||||
+ if (imap->l_info[DT_FINI_ARRAY] != NULL
|
||||
+ || imap->l_info[DT_FINI] != NULL)
|
||||
_dl_catch_exception (NULL, _dl_call_fini, imap);
|
||||
|
||||
#ifdef SHARED
|
||||
/* Auditing checkpoint: we remove an object. */
|
||||
_dl_audit_objclose (imap);
|
||||
#endif
|
||||
+ /* Unlink this link map. */
|
||||
+ *init_called_head = imap->l_init_called_next;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+ bool unload_any = false;
|
||||
+ bool scope_mem_left = false;
|
||||
+ unsigned int unload_global = 0;
|
||||
+
|
||||
+ /* For skipping un-unloadable link maps in the second loop. */
|
||||
+ struct link_map *first_loaded = ns->_ns_loaded;
|
||||
|
||||
+ /* Iterate over the namespace to find objects to unload. Some
|
||||
+ unloadable objects may not be on _dl_init_called_list due to
|
||||
+ dlopen failure. */
|
||||
+ for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next)
|
||||
+ {
|
||||
+ if (!imap->l_map_used)
|
||||
+ {
|
||||
/* This object must not be used anymore. */
|
||||
imap->l_removed = 1;
|
||||
|
||||
@@ -267,8 +295,8 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
++unload_global;
|
||||
|
||||
/* Remember where the first dynamically loaded object is. */
|
||||
- if (i < first_loaded)
|
||||
- first_loaded = i;
|
||||
+ if (first_loaded == NULL)
|
||||
+ first_loaded = imap;
|
||||
}
|
||||
/* Else imap->l_map_used. */
|
||||
else if (imap->l_type == lt_loaded)
|
||||
@@ -404,8 +432,8 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
imap->l_loader = NULL;
|
||||
|
||||
/* Remember where the first dynamically loaded object is. */
|
||||
- if (i < first_loaded)
|
||||
- first_loaded = i;
|
||||
+ if (first_loaded == NULL)
|
||||
+ first_loaded = imap;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -476,10 +504,11 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
|
||||
/* Check each element of the search list to see if all references to
|
||||
it are gone. */
|
||||
- for (unsigned int i = first_loaded; i < nloaded; ++i)
|
||||
+ for (struct link_map *imap = first_loaded; imap != NULL; )
|
||||
{
|
||||
- struct link_map *imap = maps[i];
|
||||
- if (!imap->l_map_used)
|
||||
+ if (imap->l_map_used)
|
||||
+ imap = imap->l_next;
|
||||
+ else
|
||||
{
|
||||
assert (imap->l_type == lt_loaded);
|
||||
|
||||
@@ -690,7 +719,9 @@ _dl_close_worker (struct link_map *map, bool force)
|
||||
if (imap == GL(dl_initfirst))
|
||||
GL(dl_initfirst) = NULL;
|
||||
|
||||
+ struct link_map *next = imap->l_next;
|
||||
free (imap);
|
||||
+ imap = next;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/elf/dl-fini.c b/elf/dl-fini.c
|
||||
index 9acb64f47c..e201d36651 100644
|
||||
--- a/elf/dl-fini.c
|
||||
+++ b/elf/dl-fini.c
|
||||
@@ -24,116 +24,68 @@
|
||||
void
|
||||
_dl_fini (void)
|
||||
{
|
||||
- /* Lots of fun ahead. We have to call the destructors for all still
|
||||
- loaded objects, in all namespaces. The problem is that the ELF
|
||||
- specification now demands that dependencies between the modules
|
||||
- are taken into account. I.e., the destructor for a module is
|
||||
- called before the ones for any of its dependencies.
|
||||
-
|
||||
- To make things more complicated, we cannot simply use the reverse
|
||||
- order of the constructors. Since the user might have loaded objects
|
||||
- using `dlopen' there are possibly several other modules with its
|
||||
- dependencies to be taken into account. Therefore we have to start
|
||||
- determining the order of the modules once again from the beginning. */
|
||||
-
|
||||
- /* We run the destructors of the main namespaces last. As for the
|
||||
- other namespaces, we pick run the destructors in them in reverse
|
||||
- order of the namespace ID. */
|
||||
-#ifdef SHARED
|
||||
- int do_audit = 0;
|
||||
- again:
|
||||
-#endif
|
||||
- for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns)
|
||||
- {
|
||||
- /* Protect against concurrent loads and unloads. */
|
||||
- __rtld_lock_lock_recursive (GL(dl_load_lock));
|
||||
-
|
||||
- unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded;
|
||||
- /* No need to do anything for empty namespaces or those used for
|
||||
- auditing DSOs. */
|
||||
- if (nloaded == 0
|
||||
-#ifdef SHARED
|
||||
- || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit
|
||||
-#endif
|
||||
- )
|
||||
- __rtld_lock_unlock_recursive (GL(dl_load_lock));
|
||||
- else
|
||||
- {
|
||||
+ /* Call destructors strictly in the reverse order of constructors.
|
||||
+ This causes fewer surprises than some arbitrary reordering based
|
||||
+ on new (relocation) dependencies. None of the objects are
|
||||
+ unmapped, so applications can deal with this if their DSOs remain
|
||||
+ in a consistent state after destructors have run. */
|
||||
+
|
||||
+ /* Protect against concurrent loads and unloads. */
|
||||
+ __rtld_lock_lock_recursive (GL(dl_load_lock));
|
||||
+
|
||||
+ /* Ignore objects which are opened during shutdown. */
|
||||
+ struct link_map *local_init_called_list = _dl_init_called_list;
|
||||
+
|
||||
+ for (struct link_map *l = local_init_called_list; l != NULL;
|
||||
+ l = l->l_init_called_next)
|
||||
+ /* Bump l_direct_opencount of all objects so that they
|
||||
+ are not dlclose()ed from underneath us. */
|
||||
+ ++l->l_direct_opencount;
|
||||
+
|
||||
+ /* After this point, everything linked from local_init_called_list
|
||||
+ cannot be unloaded because of the reference counter update. */
|
||||
+ __rtld_lock_unlock_recursive (GL(dl_load_lock));
|
||||
+
|
||||
+ /* Perform two passes: One for non-audit modules, one for audit
|
||||
+ modules. This way, audit modules receive unload notifications
|
||||
+ for non-audit objects, and the destructors for audit modules
|
||||
+ still run. */
|
||||
#ifdef SHARED
|
||||
- _dl_audit_activity_nsid (ns, LA_ACT_DELETE);
|
||||
+ int last_pass = GLRO(dl_naudit) > 0;
|
||||
+ Lmid_t last_ns = -1;
|
||||
+ for (int do_audit = 0; do_audit <= last_pass; ++do_audit)
|
||||
#endif
|
||||
-
|
||||
- /* Now we can allocate an array to hold all the pointers and
|
||||
- copy the pointers in. */
|
||||
- struct link_map *maps[nloaded];
|
||||
-
|
||||
- unsigned int i;
|
||||
- struct link_map *l;
|
||||
- assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL);
|
||||
- for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next)
|
||||
- /* Do not handle ld.so in secondary namespaces. */
|
||||
- if (l == l->l_real)
|
||||
- {
|
||||
- assert (i < nloaded);
|
||||
-
|
||||
- maps[i] = l;
|
||||
- l->l_idx = i;
|
||||
- ++i;
|
||||
-
|
||||
- /* Bump l_direct_opencount of all objects so that they
|
||||
- are not dlclose()ed from underneath us. */
|
||||
- ++l->l_direct_opencount;
|
||||
- }
|
||||
- assert (ns != LM_ID_BASE || i == nloaded);
|
||||
- assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1);
|
||||
- unsigned int nmaps = i;
|
||||
-
|
||||
- /* Now we have to do the sorting. We can skip looking for the
|
||||
- binary itself which is at the front of the search list for
|
||||
- the main namespace. */
|
||||
- _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true);
|
||||
-
|
||||
- /* We do not rely on the linked list of loaded object anymore
|
||||
- from this point on. We have our own list here (maps). The
|
||||
- various members of this list cannot vanish since the open
|
||||
- count is too high and will be decremented in this loop. So
|
||||
- we release the lock so that some code which might be called
|
||||
- from a destructor can directly or indirectly access the
|
||||
- lock. */
|
||||
- __rtld_lock_unlock_recursive (GL(dl_load_lock));
|
||||
-
|
||||
- /* 'maps' now contains the objects in the right order. Now
|
||||
- call the destructors. We have to process this array from
|
||||
- the front. */
|
||||
- for (i = 0; i < nmaps; ++i)
|
||||
- {
|
||||
- struct link_map *l = maps[i];
|
||||
-
|
||||
- if (l->l_init_called)
|
||||
- {
|
||||
- _dl_call_fini (l);
|
||||
+ for (struct link_map *l = local_init_called_list; l != NULL;
|
||||
+ l = l->l_init_called_next)
|
||||
+ {
|
||||
#ifdef SHARED
|
||||
- /* Auditing checkpoint: another object closed. */
|
||||
- _dl_audit_objclose (l);
|
||||
+ if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit)
|
||||
+ continue;
|
||||
+
|
||||
+ /* Avoid back-to-back calls of _dl_audit_activity_nsid for the
|
||||
+ same namespace. */
|
||||
+ if (last_ns != l->l_ns)
|
||||
+ {
|
||||
+ if (last_ns >= 0)
|
||||
+ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
|
||||
+ _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE);
|
||||
+ last_ns = l->l_ns;
|
||||
+ }
|
||||
#endif
|
||||
- }
|
||||
|
||||
- /* Correct the previous increment. */
|
||||
- --l->l_direct_opencount;
|
||||
- }
|
||||
+ /* There is no need to re-enable exceptions because _dl_fini
|
||||
+ is not called from a context where exceptions are caught. */
|
||||
+ _dl_call_fini (l);
|
||||
|
||||
#ifdef SHARED
|
||||
- _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT);
|
||||
+ /* Auditing checkpoint: another object closed. */
|
||||
+ _dl_audit_objclose (l);
|
||||
#endif
|
||||
- }
|
||||
- }
|
||||
+ }
|
||||
|
||||
#ifdef SHARED
|
||||
- if (! do_audit && GLRO(dl_naudit) > 0)
|
||||
- {
|
||||
- do_audit = 1;
|
||||
- goto again;
|
||||
- }
|
||||
+ if (last_ns >= 0)
|
||||
+ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
|
||||
|
||||
if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS))
|
||||
_dl_debug_printf ("\nruntime linker statistics:\n"
|
||||
diff --git a/elf/dl-init.c b/elf/dl-init.c
|
||||
index ba4d2fdc85..ffd05b7806 100644
|
||||
--- a/elf/dl-init.c
|
||||
+++ b/elf/dl-init.c
|
||||
@@ -21,6 +21,7 @@
|
||||
#include <ldsodefs.h>
|
||||
#include <elf-initfini.h>
|
||||
|
||||
+struct link_map *_dl_init_called_list;
|
||||
|
||||
static void
|
||||
call_init (struct link_map *l, int argc, char **argv, char **env)
|
||||
@@ -42,6 +43,21 @@ call_init (struct link_map *l, int argc, char **argv, char **env)
|
||||
dependency. */
|
||||
l->l_init_called = 1;
|
||||
|
||||
+ /* Help an already-running dlclose: The just-loaded object must not
|
||||
+ be removed during the current pass. (No effect if no dlclose in
|
||||
+ progress.) */
|
||||
+ l->l_map_used = 1;
|
||||
+
|
||||
+ /* Record execution before starting any initializers. This way, if
|
||||
+ the initializers themselves call dlopen, their ELF destructors
|
||||
+ will eventually be run before this object is destructed, matching
|
||||
+ that their ELF constructors have run before this object was
|
||||
+ constructed. _dl_fini uses this list for audit callbacks, so
|
||||
+ register objects on the list even if they do not have a
|
||||
+ constructor. */
|
||||
+ l->l_init_called_next = _dl_init_called_list;
|
||||
+ _dl_init_called_list = l;
|
||||
+
|
||||
/* Check for object which constructors we do not run here. */
|
||||
if (__builtin_expect (l->l_name[0], 'a') == '\0'
|
||||
&& l->l_type == lt_executable)
|
||||
diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def
|
||||
index 4bf9052db1..61dc54f8ae 100644
|
||||
--- a/elf/dso-sort-tests-1.def
|
||||
+++ b/elf/dso-sort-tests-1.def
|
||||
@@ -53,21 +53,14 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c
|
||||
output: b>a>{}<a<b
|
||||
|
||||
# Complex example from Bugzilla #15311, under-linked and with circular
|
||||
-# relocation(dynamic) dependencies. While this is technically unspecified, the
|
||||
-# presumed reasonable practical behavior is for the destructor order to respect
|
||||
-# the static DT_NEEDED links (here this means the a->b->c->d order).
|
||||
-# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based
|
||||
-# dynamic_sort=2 algorithm does, although it is still arguable whether going
|
||||
-# beyond spec to do this is the right thing to do.
|
||||
-# The below expected outputs are what the two algorithms currently produce
|
||||
-# respectively, for regression testing purposes.
|
||||
+# relocation(dynamic) dependencies. For both sorting algorithms, the
|
||||
+# destruction order is the reverse of the construction order, and
|
||||
+# relocation dependencies are not taken into account.
|
||||
tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c
|
||||
-output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];}
|
||||
-output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];}
|
||||
+output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<e<a<b<c<d];}
|
||||
|
||||
# Test that even in the presence of dependency loops involving dlopen'ed
|
||||
# object, that object is initialized last (and not unloaded prematurely).
|
||||
-# Final destructor order is indeterminate due to the cycle.
|
||||
+# Final destructor order is the opposite of constructor order.
|
||||
tst-bz28937: {+a;+b;-b;+c;%c};a->a1;a->a2;a2->a;b->b1;c->a1;c=>a1
|
||||
-output(glibc.rtld.dynamic_sort=1): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a<a2<c<a1
|
||||
-output(glibc.rtld.dynamic_sort=2): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a2<a<c<a1
|
||||
+output: {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<c<a<a1<a2
|
||||
diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c
|
||||
index bb7d66c385..503699c36a 100644
|
||||
--- a/elf/tst-audit23.c
|
||||
+++ b/elf/tst-audit23.c
|
||||
@@ -98,6 +98,8 @@ do_test (int argc, char *argv[])
|
||||
char *lname;
|
||||
uintptr_t laddr;
|
||||
Lmid_t lmid;
|
||||
+ uintptr_t cookie;
|
||||
+ uintptr_t namespace;
|
||||
bool closed;
|
||||
} objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } };
|
||||
size_t nobjs = 0;
|
||||
@@ -117,6 +119,9 @@ do_test (int argc, char *argv[])
|
||||
size_t buffer_length = 0;
|
||||
while (xgetline (&buffer, &buffer_length, out))
|
||||
{
|
||||
+ *strchrnul (buffer, '\n') = '\0';
|
||||
+ printf ("info: subprocess output: %s\n", buffer);
|
||||
+
|
||||
if (startswith (buffer, "la_activity: "))
|
||||
{
|
||||
uintptr_t cookie;
|
||||
@@ -125,29 +130,26 @@ do_test (int argc, char *argv[])
|
||||
&cookie);
|
||||
TEST_COMPARE (r, 2);
|
||||
|
||||
- /* The cookie identifies the object at the head of the link map,
|
||||
- so we only add a new namespace if it changes from the previous
|
||||
- one. This works since dlmopen is the last in the test body. */
|
||||
- if (cookie != last_act_cookie && last_act_cookie != -1)
|
||||
- TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
|
||||
-
|
||||
if (this_act == LA_ACT_ADD && acts[nacts] != cookie)
|
||||
{
|
||||
+ /* The cookie identifies the object at the head of the
|
||||
+ link map, so we only add a new namespace if it
|
||||
+ changes from the previous one. This works since
|
||||
+ dlmopen is the last in the test body. */
|
||||
+ if (cookie != last_act_cookie && last_act_cookie != -1)
|
||||
+ TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
|
||||
+
|
||||
acts[nacts++] = cookie;
|
||||
last_act_cookie = cookie;
|
||||
}
|
||||
- /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD
|
||||
- at program termination (if the tests adds a dlclose or a library
|
||||
- with extra dependencies this will need to be adapted). */
|
||||
+ /* LA_ACT_DELETE is called multiple times for each
|
||||
+ namespace, depending on destruction order. */
|
||||
else if (this_act == LA_ACT_DELETE)
|
||||
- {
|
||||
- last_act_cookie = acts[--nacts];
|
||||
- TEST_COMPARE (acts[nacts], cookie);
|
||||
- acts[nacts] = 0;
|
||||
- }
|
||||
+ last_act_cookie = cookie;
|
||||
else if (this_act == LA_ACT_CONSISTENT)
|
||||
{
|
||||
TEST_COMPARE (cookie, last_act_cookie);
|
||||
+ last_act_cookie = -1;
|
||||
|
||||
/* LA_ACT_DELETE must always be followed by an la_objclose. */
|
||||
if (last_act == LA_ACT_DELETE)
|
||||
@@ -179,6 +181,8 @@ do_test (int argc, char *argv[])
|
||||
objs[nobjs].lname = lname;
|
||||
objs[nobjs].laddr = laddr;
|
||||
objs[nobjs].lmid = lmid;
|
||||
+ objs[nobjs].cookie = cookie;
|
||||
+ objs[nobjs].namespace = last_act_cookie;
|
||||
objs[nobjs].closed = false;
|
||||
nobjs++;
|
||||
|
||||
@@ -201,6 +205,12 @@ do_test (int argc, char *argv[])
|
||||
if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid)
|
||||
{
|
||||
TEST_COMPARE (objs[i].closed, false);
|
||||
+ TEST_COMPARE (objs[i].cookie, cookie);
|
||||
+ if (objs[i].namespace == -1)
|
||||
+ /* No LA_ACT_ADD before the first la_objopen call. */
|
||||
+ TEST_COMPARE (acts[0], last_act_cookie);
|
||||
+ else
|
||||
+ TEST_COMPARE (objs[i].namespace, last_act_cookie);
|
||||
objs[i].closed = true;
|
||||
break;
|
||||
}
|
||||
@@ -209,11 +219,7 @@ do_test (int argc, char *argv[])
|
||||
/* la_objclose should be called after la_activity(LA_ACT_DELETE) for
|
||||
the closed object's namespace. */
|
||||
TEST_COMPARE (last_act, LA_ACT_DELETE);
|
||||
- if (!seen_first_objclose)
|
||||
- {
|
||||
- TEST_COMPARE (last_act_cookie, cookie);
|
||||
- seen_first_objclose = true;
|
||||
- }
|
||||
+ seen_first_objclose = true;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/include/link.h b/include/link.h
|
||||
index 1d74feb2bd..69bda3ed17 100644
|
||||
--- a/include/link.h
|
||||
+++ b/include/link.h
|
||||
@@ -278,6 +278,10 @@ struct link_map
|
||||
/* List of object in order of the init and fini calls. */
|
||||
struct link_map **l_initfini;
|
||||
|
||||
+ /* Linked list of objects in reverse ELF constructor execution
|
||||
+ order. Head of list is stored in _dl_init_called_list. */
|
||||
+ struct link_map *l_init_called_next;
|
||||
+
|
||||
/* List of the dependencies introduced through symbol binding. */
|
||||
struct link_map_reldeps
|
||||
{
|
||||
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
|
||||
index e8b7359b04..9ea9389a39 100644
|
||||
--- a/sysdeps/generic/ldsodefs.h
|
||||
+++ b/sysdeps/generic/ldsodefs.h
|
||||
@@ -1037,6 +1037,10 @@ extern int _dl_check_map_versions (struct link_map *map, int verbose,
|
||||
extern void _dl_init (struct link_map *main_map, int argc, char **argv,
|
||||
char **env) attribute_hidden;
|
||||
|
||||
+/* List of ELF objects in reverse order of their constructor
|
||||
+ invocation. */
|
||||
+extern struct link_map *_dl_init_called_list attribute_hidden;
|
||||
+
|
||||
/* Call the finalizer functions of all shared objects whose
|
||||
initializer functions have completed. */
|
||||
extern void _dl_fini (void) attribute_hidden;
|
||||
--
|
||||
2.42.0
|
||||
|
||||
From 750f19526ae71aac801c77a3f7ef5374890c09b7 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Fri, 8 Sep 2023 13:02:06 +0200
|
||||
Subject: [PATCH] elf: Remove unused l_text_end field from struct link_map
|
||||
|
||||
It is a left-over from commit 52a01100ad011293197637e42b5be1a479a2
|
||||
("elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]").
|
||||
|
||||
When backporting commmit 6985865bc3ad5b23147ee73466583dd7fdf65892
|
||||
("elf: Always call destructors in reverse constructor order
|
||||
(bug 30785)"), we can move the l_init_called_next field to this
|
||||
place, so that the internal GLIBC_PRIVATE ABI does not change.
|
||||
|
||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||
Tested-by: Carlos O'Donell <carlos@redhat.com>
|
||||
(cherry picked from commit 53df2ce6885da3d0e89e87dca7b095622296014f)
|
||||
---
|
||||
elf/dl-load.c | 2 +-
|
||||
elf/dl-load.h | 7 ++-----
|
||||
elf/rtld.c | 6 ------
|
||||
elf/setup-vdso.h | 4 ----
|
||||
include/link.h | 2 --
|
||||
5 files changed, 3 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/elf/dl-load.c b/elf/dl-load.c
|
||||
index 9a87fda9c9..2923b1141d 100644
|
||||
--- a/elf/dl-load.c
|
||||
+++ b/elf/dl-load.c
|
||||
@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
|
||||
|
||||
/* Now process the load commands and map segments into memory.
|
||||
This is responsible for filling in:
|
||||
- l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
|
||||
+ l_map_start, l_map_end, l_addr, l_contiguous, l_phdr
|
||||
*/
|
||||
errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
|
||||
maplength, has_holes, loader);
|
||||
diff --git a/elf/dl-load.h b/elf/dl-load.h
|
||||
index ecf6910c68..1d5207694b 100644
|
||||
--- a/elf/dl-load.h
|
||||
+++ b/elf/dl-load.h
|
||||
@@ -83,14 +83,11 @@ struct loadcmd
|
||||
|
||||
/* This is a subroutine of _dl_map_segments. It should be called for each
|
||||
load command, some time after L->l_addr has been set correctly. It is
|
||||
- responsible for setting up the l_text_end and l_phdr fields. */
|
||||
+ responsible for setting the l_phdr fields */
|
||||
static __always_inline void
|
||||
_dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
|
||||
const struct loadcmd *c)
|
||||
{
|
||||
- if (c->prot & PROT_EXEC)
|
||||
- l->l_text_end = l->l_addr + c->mapend;
|
||||
-
|
||||
if (l->l_phdr == 0
|
||||
&& c->mapoff <= header->e_phoff
|
||||
&& ((size_t) (c->mapend - c->mapstart + c->mapoff)
|
||||
@@ -103,7 +100,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
|
||||
|
||||
/* This is a subroutine of _dl_map_object_from_fd. It is responsible
|
||||
for filling in several fields in *L: l_map_start, l_map_end, l_addr,
|
||||
- l_contiguous, l_text_end, l_phdr. On successful return, all the
|
||||
+ l_contiguous, l_phdr. On successful return, all the
|
||||
segments are mapped (or copied, or whatever) from the file into their
|
||||
final places in the address space, with the correct page permissions,
|
||||
and any bss-like regions already zeroed. It returns a null pointer
|
||||
diff --git a/elf/rtld.c b/elf/rtld.c
|
||||
index a91e2a4471..5107d16fe3 100644
|
||||
--- a/elf/rtld.c
|
||||
+++ b/elf/rtld.c
|
||||
@@ -477,7 +477,6 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
|
||||
GL(dl_rtld_map).l_real = &GL(dl_rtld_map);
|
||||
GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start;
|
||||
GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end;
|
||||
- GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext;
|
||||
/* Copy the TLS related data if necessary. */
|
||||
#ifndef DONT_USE_BOOTSTRAP_MAP
|
||||
# if NO_TLS_OFFSET != 0
|
||||
@@ -1119,7 +1118,6 @@ rtld_setup_main_map (struct link_map *main_map)
|
||||
bool has_interp = false;
|
||||
|
||||
main_map->l_map_end = 0;
|
||||
- main_map->l_text_end = 0;
|
||||
/* Perhaps the executable has no PT_LOAD header entries at all. */
|
||||
main_map->l_map_start = ~0;
|
||||
/* And it was opened directly. */
|
||||
@@ -1211,8 +1209,6 @@ rtld_setup_main_map (struct link_map *main_map)
|
||||
allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz;
|
||||
if (main_map->l_map_end < allocend)
|
||||
main_map->l_map_end = allocend;
|
||||
- if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end)
|
||||
- main_map->l_text_end = allocend;
|
||||
|
||||
/* The next expected address is the page following this load
|
||||
segment. */
|
||||
@@ -1272,8 +1268,6 @@ rtld_setup_main_map (struct link_map *main_map)
|
||||
= (char *) main_map->l_tls_initimage + main_map->l_addr;
|
||||
if (! main_map->l_map_end)
|
||||
main_map->l_map_end = ~0;
|
||||
- if (! main_map->l_text_end)
|
||||
- main_map->l_text_end = ~0;
|
||||
if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name)
|
||||
{
|
||||
/* We were invoked directly, so the program might not have a
|
||||
diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h
|
||||
index 0079842d1f..d92b12a7aa 100644
|
||||
--- a/elf/setup-vdso.h
|
||||
+++ b/elf/setup-vdso.h
|
||||
@@ -51,9 +51,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
|
||||
l->l_addr = ph->p_vaddr;
|
||||
if (ph->p_vaddr + ph->p_memsz >= l->l_map_end)
|
||||
l->l_map_end = ph->p_vaddr + ph->p_memsz;
|
||||
- if ((ph->p_flags & PF_X)
|
||||
- && ph->p_vaddr + ph->p_memsz >= l->l_text_end)
|
||||
- l->l_text_end = ph->p_vaddr + ph->p_memsz;
|
||||
}
|
||||
else
|
||||
/* There must be no TLS segment. */
|
||||
@@ -62,7 +59,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
|
||||
l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso);
|
||||
l->l_addr = l->l_map_start - l->l_addr;
|
||||
l->l_map_end += l->l_addr;
|
||||
- l->l_text_end += l->l_addr;
|
||||
l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr);
|
||||
elf_get_dynamic_info (l, false, false);
|
||||
_dl_setup_hash (l);
|
||||
diff --git a/include/link.h b/include/link.h
|
||||
index 69bda3ed17..c6af095d87 100644
|
||||
--- a/include/link.h
|
||||
+++ b/include/link.h
|
||||
@@ -253,8 +253,6 @@ struct link_map
|
||||
/* Start and finish of memory map for this object. l_map_start
|
||||
need not be the same as l_addr. */
|
||||
ElfW(Addr) l_map_start, l_map_end;
|
||||
- /* End of the executable part of the mapping. */
|
||||
- ElfW(Addr) l_text_end;
|
||||
|
||||
/* Default array for 'l_scope'. */
|
||||
struct r_scope_elem *l_scope_mem[4];
|
||||
--
|
||||
2.42.0
|
||||
|
||||
From d3ba6c1333b10680ce5900a628108507d9d4b844 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Mon, 11 Sep 2023 09:17:52 +0200
|
||||
Subject: [PATCH] elf: Move l_init_called_next to old place of l_text_end in
|
||||
link map
|
||||
|
||||
This preserves all member offsets and the GLIBC_PRIVATE ABI
|
||||
for backporting.
|
||||
---
|
||||
include/link.h | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/include/link.h b/include/link.h
|
||||
index c6af095d87..686813f281 100644
|
||||
--- a/include/link.h
|
||||
+++ b/include/link.h
|
||||
@@ -254,6 +254,10 @@ struct link_map
|
||||
need not be the same as l_addr. */
|
||||
ElfW(Addr) l_map_start, l_map_end;
|
||||
|
||||
+ /* Linked list of objects in reverse ELF constructor execution
|
||||
+ order. Head of list is stored in _dl_init_called_list. */
|
||||
+ struct link_map *l_init_called_next;
|
||||
+
|
||||
/* Default array for 'l_scope'. */
|
||||
struct r_scope_elem *l_scope_mem[4];
|
||||
/* Size of array allocated for 'l_scope'. */
|
||||
@@ -276,10 +280,6 @@ struct link_map
|
||||
/* List of object in order of the init and fini calls. */
|
||||
struct link_map **l_initfini;
|
||||
|
||||
- /* Linked list of objects in reverse ELF constructor execution
|
||||
- order. Head of list is stored in _dl_init_called_list. */
|
||||
- struct link_map *l_init_called_next;
|
||||
-
|
||||
/* List of the dependencies introduced through symbol binding. */
|
||||
struct link_map_reldeps
|
||||
{
|
||||
--
|
||||
2.42.0
|
||||
|
165
fstat-implementation.patch
Normal file
165
fstat-implementation.patch
Normal file
@ -0,0 +1,165 @@
|
||||
From 551101e8240b7514fc646d1722f8b79c90362b8f Mon Sep 17 00:00:00 2001
|
||||
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
Date: Mon, 11 Sep 2023 10:25:48 -0300
|
||||
Subject: [PATCH] io: Do not implement fstat with fstatat
|
||||
|
||||
AT_EMPTY_PATH is a requirement to implement fstat over fstatat,
|
||||
however it does not prevent the kernel to read the path argument.
|
||||
It is not an issue, but on x86-64 with SMAP-capable CPUs the kernel is
|
||||
forced to perform expensive user memory access. After that regular
|
||||
lookup is performed which adds even more overhead.
|
||||
|
||||
Instead, issue the fstat syscall directly on LFS fstat implementation
|
||||
(32 bit architectures will still continue to use statx, which is
|
||||
required to have 64 bit time_t support). it should be even a
|
||||
small performance gain on non x86_64, since there is no need
|
||||
to handle the path argument.
|
||||
|
||||
Checked on x86_64-linux-gnu.
|
||||
---
|
||||
sysdeps/unix/sysv/linux/fstat64.c | 37 +++++++++++++++++++++++--
|
||||
sysdeps/unix/sysv/linux/fstatat64.c | 12 ++------
|
||||
sysdeps/unix/sysv/linux/internal-stat.h | 31 +++++++++++++++++++++
|
||||
3 files changed, 68 insertions(+), 12 deletions(-)
|
||||
create mode 100644 sysdeps/unix/sysv/linux/internal-stat.h
|
||||
|
||||
diff --git a/sysdeps/unix/sysv/linux/fstat64.c b/sysdeps/unix/sysv/linux/fstat64.c
|
||||
index 124384e57f..a291f0825b 100644
|
||||
--- a/sysdeps/unix/sysv/linux/fstat64.c
|
||||
+++ b/sysdeps/unix/sysv/linux/fstat64.c
|
||||
@@ -19,20 +19,53 @@
|
||||
#define __fstat __redirect___fstat
|
||||
#define fstat __redirect_fstat
|
||||
#include <sys/stat.h>
|
||||
+#undef __fstat
|
||||
+#undef fstat
|
||||
#include <fcntl.h>
|
||||
-#include <kernel_stat.h>
|
||||
-#include <stat_t64_cp.h>
|
||||
+#include <internal-stat.h>
|
||||
#include <errno.h>
|
||||
|
||||
int
|
||||
__fstat64_time64 (int fd, struct __stat64_t64 *buf)
|
||||
{
|
||||
+#if !FSTATAT_USE_STATX
|
||||
+# if XSTAT_IS_XSTAT64
|
||||
+# ifdef __NR_fstat
|
||||
+ /* 64-bit kABI, e.g. aarch64, ia64, powerpc64*, s390x, riscv64, and
|
||||
+ x86_64. */
|
||||
+ return INLINE_SYSCALL_CALL (fstat, fd, buf);
|
||||
+# elif defined __NR_fstat64
|
||||
+# if STAT64_IS_KERNEL_STAT64
|
||||
+ /* 64-bit kABI outlier, e.g. alpha */
|
||||
+ return INLINE_SYSCALL_CALL (fstat64, fd, buf);
|
||||
+# else
|
||||
+ /* 64-bit kABI outlier, e.g. sparc64. */
|
||||
+ struct kernel_stat64 kst64;
|
||||
+ int r = INLINE_SYSCALL_CALL (fstat64, fd, &kst64);
|
||||
+ if (r == 0)
|
||||
+ __cp_stat64_kstat64 (buf, &kst64);
|
||||
+ return r;
|
||||
+# endif /* STAT64_IS_KERNEL_STAT64 */
|
||||
+# endif
|
||||
+# else /* XSTAT_IS_XSTAT64 */
|
||||
+ /* 64-bit kabi outlier, e.g. mips64 and mips64-n32. */
|
||||
+ struct kernel_stat kst;
|
||||
+ int r = INLINE_SYSCALL_CALL (fstat, fd, &kst);
|
||||
+ if (r == 0)
|
||||
+ __cp_kstat_stat64_t64 (&kst, buf);
|
||||
+ return r;
|
||||
+# endif
|
||||
+#else /* !FSTATAT_USE_STATX */
|
||||
+ /* All kABIs with non-LFS support and with old 32-bit time_t support
|
||||
+ e.g. arm, csky, i386, hppa, m68k, microblaze, nios2, sh, powerpc32,
|
||||
+ and sparc32. */
|
||||
if (fd < 0)
|
||||
{
|
||||
__set_errno (EBADF);
|
||||
return -1;
|
||||
}
|
||||
return __fstatat64_time64 (fd, "", buf, AT_EMPTY_PATH);
|
||||
+#endif
|
||||
}
|
||||
#if __TIMESIZE != 64
|
||||
hidden_def (__fstat64_time64)
|
||||
diff --git a/sysdeps/unix/sysv/linux/fstatat64.c b/sysdeps/unix/sysv/linux/fstatat64.c
|
||||
index 3509d3ca6d..127c6ff601 100644
|
||||
--- a/sysdeps/unix/sysv/linux/fstatat64.c
|
||||
+++ b/sysdeps/unix/sysv/linux/fstatat64.c
|
||||
@@ -21,12 +21,10 @@
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <string.h>
|
||||
-#include <kernel_stat.h>
|
||||
#include <sysdep.h>
|
||||
#include <time.h>
|
||||
-#include <kstat_cp.h>
|
||||
-#include <stat_t64_cp.h>
|
||||
#include <sys/sysmacros.h>
|
||||
+#include <internal-stat.h>
|
||||
|
||||
#if __TIMESIZE == 64 \
|
||||
&& (__WORDSIZE == 32 \
|
||||
@@ -40,11 +38,7 @@ _Static_assert (sizeof (__blkcnt_t) == sizeof (__blkcnt64_t),
|
||||
"__blkcnt_t and __blkcnt64_t must match");
|
||||
#endif
|
||||
|
||||
-#if (__WORDSIZE == 32 \
|
||||
- && (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE == 32)) \
|
||||
- || defined STAT_HAS_TIME32 \
|
||||
- || (!defined __NR_newfstatat && !defined __NR_fstatat64)
|
||||
-# define FSTATAT_USE_STATX 1
|
||||
+#if FSTATAT_USE_STATX
|
||||
|
||||
static inline int
|
||||
fstatat64_time64_statx (int fd, const char *file, struct __stat64_t64 *buf,
|
||||
@@ -79,8 +73,6 @@ fstatat64_time64_statx (int fd, const char *file, struct __stat64_t64 *buf,
|
||||
|
||||
return r;
|
||||
}
|
||||
-#else
|
||||
-# define FSTATAT_USE_STATX 0
|
||||
#endif
|
||||
|
||||
/* Only statx supports 64-bit timestamps for 32-bit architectures with
|
||||
diff --git a/sysdeps/unix/sysv/linux/internal-stat.h b/sysdeps/unix/sysv/linux/internal-stat.h
|
||||
new file mode 100644
|
||||
index 0000000000..e3b0569853
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/unix/sysv/linux/internal-stat.h
|
||||
@@ -0,0 +1,31 @@
|
||||
+/* Internal stat definitions.
|
||||
+ Copyright (C) 2023 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <sysdep.h>
|
||||
+#include <stat_t64_cp.h>
|
||||
+#include <kernel_stat.h>
|
||||
+#include <kstat_cp.h>
|
||||
+
|
||||
+#if (__WORDSIZE == 32 \
|
||||
+ && (!defined __SYSCALL_WORDSIZE || __SYSCALL_WORDSIZE == 32)) \
|
||||
+ || defined STAT_HAS_TIME32 \
|
||||
+ || (!defined __NR_newfstatat && !defined __NR_fstatat64)
|
||||
+# define FSTATAT_USE_STATX 1
|
||||
+#else
|
||||
+# define FSTATAT_USE_STATX 0
|
||||
+#endif
|
||||
--
|
||||
2.42.0
|
||||
|
92
getaddrinfo-memory-leak.patch
Normal file
92
getaddrinfo-memory-leak.patch
Normal file
@ -0,0 +1,92 @@
|
||||
From ec6b95c3303c700eb89eebeda2d7264cc184a796 Mon Sep 17 00:00:00 2001
|
||||
From: Romain Geissler <romain.geissler@amadeus.com>
|
||||
Date: Mon, 25 Sep 2023 01:21:51 +0100
|
||||
Subject: [PATCH] Fix leak in getaddrinfo introduced by the fix for
|
||||
CVE-2023-4806 [BZ #30843]
|
||||
|
||||
This patch fixes a very recently added leak in getaddrinfo.
|
||||
|
||||
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
---
|
||||
nss/Makefile | 20 ++++++++++++++++++++
|
||||
nss/tst-nss-gai-hv2-canonname.c | 3 +++
|
||||
sysdeps/posix/getaddrinfo.c | 4 +---
|
||||
3 files changed, 24 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/nss/Makefile b/nss/Makefile
|
||||
index 8a5126ecf3..668ba34b18 100644
|
||||
--- a/nss/Makefile
|
||||
+++ b/nss/Makefile
|
||||
@@ -149,6 +149,15 @@ endif
|
||||
extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \
|
||||
nss_test_gai_hv2_canonname.os
|
||||
|
||||
+ifeq ($(run-built-tests),yes)
|
||||
+ifneq (no,$(PERL))
|
||||
+tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
|
||||
+endif
|
||||
+endif
|
||||
+
|
||||
+generated += mtrace-tst-nss-gai-hv2-canonname.out \
|
||||
+ tst-nss-gai-hv2-canonname.mtrace
|
||||
+
|
||||
include ../Rules
|
||||
|
||||
ifeq (yes,$(have-selinux))
|
||||
@@ -217,6 +226,17 @@ endif
|
||||
$(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
|
||||
$(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
|
||||
|
||||
+tst-nss-gai-hv2-canonname-ENV = \
|
||||
+ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
|
||||
+ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
|
||||
+$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \
|
||||
+ $(objpfx)tst-nss-gai-hv2-canonname.out
|
||||
+ { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
|
||||
+ || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \
|
||||
+ && $(common-objpfx)malloc/mtrace \
|
||||
+ $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
|
||||
+ $(evaluate-test)
|
||||
+
|
||||
# Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
|
||||
# functions can load testing NSS modules via DT_RPATH.
|
||||
LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
|
||||
diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
|
||||
index d5f10c07d6..7db53cf09d 100644
|
||||
--- a/nss/tst-nss-gai-hv2-canonname.c
|
||||
+++ b/nss/tst-nss-gai-hv2-canonname.c
|
||||
@@ -21,6 +21,7 @@
|
||||
#include <netdb.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
+#include <mcheck.h>
|
||||
#include <support/check.h>
|
||||
#include <support/xstdio.h>
|
||||
#include "nss/tst-nss-gai-hv2-canonname.h"
|
||||
@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av)
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
+ mtrace ();
|
||||
+
|
||||
__nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
|
||||
|
||||
struct addrinfo hints = {};
|
||||
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
|
||||
index 47f421fddf..531124958d 100644
|
||||
--- a/sysdeps/posix/getaddrinfo.c
|
||||
+++ b/sysdeps/posix/getaddrinfo.c
|
||||
@@ -1196,9 +1196,7 @@ free_and_return:
|
||||
if (malloc_name)
|
||||
free ((char *) name);
|
||||
free (addrmem);
|
||||
- if (res.free_at)
|
||||
- free (res.at);
|
||||
- free (res.canon);
|
||||
+ gaih_result_reset (&res);
|
||||
|
||||
return result;
|
||||
}
|
||||
--
|
||||
2.42.0
|
||||
|
338
getcanonname-use-after-free.patch
Normal file
338
getcanonname-use-after-free.patch
Normal file
@ -0,0 +1,338 @@
|
||||
From 00ae4f10b504bc4564e9f22f00907093f1ab9338 Mon Sep 17 00:00:00 2001
|
||||
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
Date: Fri, 15 Sep 2023 13:51:12 -0400
|
||||
Subject: [PATCH] getaddrinfo: Fix use after free in getcanonname
|
||||
(CVE-2023-4806)
|
||||
|
||||
When an NSS plugin only implements the _gethostbyname2_r and
|
||||
_getcanonname_r callbacks, getaddrinfo could use memory that was freed
|
||||
during tmpbuf resizing, through h_name in a previous query response.
|
||||
|
||||
The backing store for res->at->name when doing a query with
|
||||
gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in
|
||||
gethosts during the query. For AF_INET6 lookup with AI_ALL |
|
||||
AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second
|
||||
for a v4 lookup. In this case, if the first call reallocates tmpbuf
|
||||
enough number of times, resulting in a malloc, th->h_name (that
|
||||
res->at->name refers to) ends up on a heap allocated storage in tmpbuf.
|
||||
Now if the second call to gethosts also causes the plugin callback to
|
||||
return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF
|
||||
reference in res->at->name. This then gets dereferenced in the
|
||||
getcanonname_r plugin call, resulting in the use after free.
|
||||
|
||||
Fix this by copying h_name over and freeing it at the end. This
|
||||
resolves BZ #30843, which is assigned CVE-2023-4806.
|
||||
|
||||
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
(cherry picked from commit 973fe93a5675c42798b2161c6f29c01b0e243994)
|
||||
---
|
||||
nss/Makefile | 15 ++++-
|
||||
nss/nss_test_gai_hv2_canonname.c | 56 +++++++++++++++++
|
||||
nss/tst-nss-gai-hv2-canonname.c | 63 +++++++++++++++++++
|
||||
nss/tst-nss-gai-hv2-canonname.h | 1 +
|
||||
.../postclean.req | 0
|
||||
.../tst-nss-gai-hv2-canonname.script | 2 +
|
||||
sysdeps/posix/getaddrinfo.c | 25 +++++---
|
||||
7 files changed, 152 insertions(+), 10 deletions(-)
|
||||
create mode 100644 nss/nss_test_gai_hv2_canonname.c
|
||||
create mode 100644 nss/tst-nss-gai-hv2-canonname.c
|
||||
create mode 100644 nss/tst-nss-gai-hv2-canonname.h
|
||||
create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req
|
||||
create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
|
||||
|
||||
diff --git a/nss/Makefile b/nss/Makefile
|
||||
index 06fcdc450f..8a5126ecf3 100644
|
||||
--- a/nss/Makefile
|
||||
+++ b/nss/Makefile
|
||||
@@ -82,6 +82,7 @@ tests-container := \
|
||||
tst-nss-test3 \
|
||||
tst-reload1 \
|
||||
tst-reload2 \
|
||||
+ tst-nss-gai-hv2-canonname \
|
||||
# tests-container
|
||||
|
||||
# Tests which need libdl
|
||||
@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
|
||||
ifeq ($(build-static-nss),yes)
|
||||
tests-static += tst-nss-static
|
||||
endif
|
||||
-extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os
|
||||
+extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \
|
||||
+ nss_test_gai_hv2_canonname.os
|
||||
|
||||
include ../Rules
|
||||
|
||||
@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver
|
||||
libof-nss_test1 = extramodules
|
||||
libof-nss_test2 = extramodules
|
||||
libof-nss_test_errno = extramodules
|
||||
+libof-nss_test_gai_hv2_canonname = extramodules
|
||||
$(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
|
||||
$(build-module)
|
||||
$(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
|
||||
$(build-module)
|
||||
$(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
|
||||
$(build-module)
|
||||
+$(objpfx)/libnss_test_gai_hv2_canonname.so: \
|
||||
+ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps)
|
||||
+ $(build-module)
|
||||
$(objpfx)nss_test2.os : nss_test1.c
|
||||
# Use the nss_files suffix for these objects as well.
|
||||
$(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so
|
||||
@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so
|
||||
$(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
|
||||
$(objpfx)/libnss_test_errno.so
|
||||
$(make-link)
|
||||
+$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
|
||||
+ $(objpfx)/libnss_test_gai_hv2_canonname.so
|
||||
+ $(make-link)
|
||||
$(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
|
||||
$(objpfx)/libnss_test1.so$(libnss_files.so-version) \
|
||||
$(objpfx)/libnss_test2.so$(libnss_files.so-version) \
|
||||
- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version)
|
||||
+ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \
|
||||
+ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
|
||||
|
||||
ifeq (yes,$(have-thread-library))
|
||||
$(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
|
||||
@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
|
||||
LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
|
||||
LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
|
||||
LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
|
||||
+LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags
|
||||
diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c
|
||||
new file mode 100644
|
||||
index 0000000000..4439c83c9f
|
||||
--- /dev/null
|
||||
+++ b/nss/nss_test_gai_hv2_canonname.c
|
||||
@@ -0,0 +1,56 @@
|
||||
+/* NSS service provider that only provides gethostbyname2_r.
|
||||
+ Copyright The GNU Toolchain Authors.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <nss.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include "nss/tst-nss-gai-hv2-canonname.h"
|
||||
+
|
||||
+/* Catch misnamed and functions. */
|
||||
+#pragma GCC diagnostic error "-Wmissing-prototypes"
|
||||
+NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname)
|
||||
+
|
||||
+extern enum nss_status _nss_files_gethostbyname2_r (const char *, int,
|
||||
+ struct hostent *, char *,
|
||||
+ size_t, int *, int *);
|
||||
+
|
||||
+enum nss_status
|
||||
+_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af,
|
||||
+ struct hostent *result,
|
||||
+ char *buffer, size_t buflen,
|
||||
+ int *errnop, int *herrnop)
|
||||
+{
|
||||
+ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop,
|
||||
+ herrnop);
|
||||
+}
|
||||
+
|
||||
+enum nss_status
|
||||
+_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer,
|
||||
+ size_t buflen, char **result,
|
||||
+ int *errnop, int *h_errnop)
|
||||
+{
|
||||
+ /* We expect QUERYNAME, which is a small enough string that it shouldn't fail
|
||||
+ the test. */
|
||||
+ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME))
|
||||
+ || buflen < sizeof (QUERYNAME))
|
||||
+ abort ();
|
||||
+
|
||||
+ strncpy (buffer, name, buflen);
|
||||
+ *result = buffer;
|
||||
+ return NSS_STATUS_SUCCESS;
|
||||
+}
|
||||
diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
|
||||
new file mode 100644
|
||||
index 0000000000..d5f10c07d6
|
||||
--- /dev/null
|
||||
+++ b/nss/tst-nss-gai-hv2-canonname.c
|
||||
@@ -0,0 +1,63 @@
|
||||
+/* Test NSS query path for plugins that only implement gethostbyname2
|
||||
+ (#30843).
|
||||
+ Copyright The GNU Toolchain Authors.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <nss.h>
|
||||
+#include <netdb.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include <support/check.h>
|
||||
+#include <support/xstdio.h>
|
||||
+#include "nss/tst-nss-gai-hv2-canonname.h"
|
||||
+
|
||||
+#define PREPARE do_prepare
|
||||
+
|
||||
+static void do_prepare (int a, char **av)
|
||||
+{
|
||||
+ FILE *hosts = xfopen ("/etc/hosts", "w");
|
||||
+ for (unsigned i = 2; i < 255; i++)
|
||||
+ {
|
||||
+ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i);
|
||||
+ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i);
|
||||
+ }
|
||||
+ xfclose (hosts);
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
|
||||
+
|
||||
+ struct addrinfo hints = {};
|
||||
+ struct addrinfo *result = NULL;
|
||||
+
|
||||
+ hints.ai_family = AF_INET6;
|
||||
+ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME;
|
||||
+
|
||||
+ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result);
|
||||
+
|
||||
+ if (ret != 0)
|
||||
+ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret));
|
||||
+
|
||||
+ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME);
|
||||
+
|
||||
+ freeaddrinfo(result);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
||||
diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h
|
||||
new file mode 100644
|
||||
index 0000000000..14f2a9cb08
|
||||
--- /dev/null
|
||||
+++ b/nss/tst-nss-gai-hv2-canonname.h
|
||||
@@ -0,0 +1 @@
|
||||
+#define QUERYNAME "test.example.com"
|
||||
diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req
|
||||
new file mode 100644
|
||||
index 0000000000..e69de29bb2
|
||||
diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
|
||||
new file mode 100644
|
||||
index 0000000000..31848b4a28
|
||||
--- /dev/null
|
||||
+++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
|
||||
@@ -0,0 +1,2 @@
|
||||
+cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2
|
||||
+su
|
||||
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
|
||||
index 0356b622be..b2236b105c 100644
|
||||
--- a/sysdeps/posix/getaddrinfo.c
|
||||
+++ b/sysdeps/posix/getaddrinfo.c
|
||||
@@ -120,6 +120,7 @@ struct gaih_result
|
||||
{
|
||||
struct gaih_addrtuple *at;
|
||||
char *canon;
|
||||
+ char *h_name;
|
||||
bool free_at;
|
||||
bool got_ipv6;
|
||||
};
|
||||
@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res)
|
||||
if (res->free_at)
|
||||
free (res->at);
|
||||
free (res->canon);
|
||||
+ free (res->h_name);
|
||||
memset (res, 0, sizeof (*res));
|
||||
}
|
||||
|
||||
@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
|
||||
return 0;
|
||||
}
|
||||
|
||||
-/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name
|
||||
- is not copied, and the struct hostent object must not be deallocated
|
||||
- prematurely. The new addresses are appended to the tuple array in RES. */
|
||||
+/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new
|
||||
+ addresses are appended to the tuple array in RES. */
|
||||
static bool
|
||||
convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
|
||||
struct hostent *h, struct gaih_result *res)
|
||||
@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
|
||||
res->at = array;
|
||||
res->free_at = true;
|
||||
|
||||
+ /* Duplicate h_name because it may get reclaimed when the underlying storage
|
||||
+ is freed. */
|
||||
+ if (res->h_name == NULL)
|
||||
+ {
|
||||
+ res->h_name = __strdup (h->h_name);
|
||||
+ if (res->h_name == NULL)
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
/* Update the next pointers on reallocation. */
|
||||
for (size_t i = 0; i < old; i++)
|
||||
array[i].next = array + i + 1;
|
||||
@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
|
||||
}
|
||||
array[i].next = array + i + 1;
|
||||
}
|
||||
- array[0].name = h->h_name;
|
||||
array[count - 1].next = NULL;
|
||||
|
||||
return true;
|
||||
@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name,
|
||||
memory allocation failure. The returned string is allocated on the
|
||||
heap; the caller has to free it. */
|
||||
static char *
|
||||
-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name)
|
||||
+getcanonname (nss_action_list nip, const char *hname, const char *name)
|
||||
{
|
||||
nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r");
|
||||
char *s = (char *) name;
|
||||
if (cfct != NULL)
|
||||
{
|
||||
char buf[256];
|
||||
- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf),
|
||||
- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS)
|
||||
+ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno,
|
||||
+ &h_errno)) != NSS_STATUS_SUCCESS)
|
||||
/* If the canonical name cannot be determined, use the passed
|
||||
string. */
|
||||
s = (char *) name;
|
||||
@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
|
||||
if ((req->ai_flags & AI_CANONNAME) != 0
|
||||
&& res->canon == NULL)
|
||||
{
|
||||
- char *canonbuf = getcanonname (nip, res->at, name);
|
||||
+ char *canonbuf = getcanonname (nip, res->h_name, name);
|
||||
if (canonbuf == NULL)
|
||||
{
|
||||
__resolv_context_put (res_ctx);
|
||||
--
|
||||
2.42.0
|
||||
|
@ -1,12 +0,0 @@
|
||||
Index: glibc-2.27/intl/dcigettext.c
|
||||
===================================================================
|
||||
--- glibc-2.27.orig/intl/dcigettext.c
|
||||
+++ glibc-2.27/intl/dcigettext.c
|
||||
@@ -695,6 +695,7 @@ DCIGETTEXT (const char *domainname, cons
|
||||
/* If the current locale value is C (or POSIX) we don't load a
|
||||
domain. Return the MSGID. */
|
||||
if (strcmp (single_locale, "C") == 0
|
||||
+ || strcmp (single_locale, "C.UTF-8") == 0
|
||||
|| strcmp (single_locale, "POSIX") == 0)
|
||||
break;
|
||||
|
@ -1,3 +1,51 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 27 14:08:48 UTC 2023 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- fstat-implementation.patch: io: Do not implement fstat with fstatat
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 25 07:58:08 UTC 2023 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the
|
||||
fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 18 08:48:59 UTC 2023 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- getcanonname-use-after-free.patch: getaddrinfo: Fix use after free in
|
||||
getcanonname (CVE-2023-4806, bsc#1215281, BZ #30843)
|
||||
- Do not build any cross packages in SLES
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 13 12:25:56 UTC 2023 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- no-aaaa-read-overflow.patch: Stack read overflow with large TCP
|
||||
responses in no-aaaa mode (CVE-2023-4527, bsc#1215280, BZ #30842)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 12 12:52:55 UTC 2023 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- Add systemd to passwd, group and shadow lookups (jsc#PED-5188)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 11 09:20:07 UTC 2023 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- ppc64-flock-fob64.patch: io: Fix record locking contants for powerpc64
|
||||
with __USE_FILE_OFFSET64 (BZ #30804)
|
||||
- libio-io-vtables.patch: libio: Fix oversized __io_vtables
|
||||
- call-init-proxy-objects.patch: elf: Do not run constructors for proxy
|
||||
objects
|
||||
- dtors-reverse-ctor-order.patch: elf: Always call destructors in reverse
|
||||
constructor order (BZ #30785)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 5 11:13:13 UTC 2023 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
- intl-c-utf-8-like-c-locale.patch: intl: Treat C.UTF-8 locale like C
|
||||
locale (BZ #16621)
|
||||
- glibc-disable-gettext-for-c-utf8.patch: Removed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 28 11:56:10 UTC 2023 - Richard Biener <rguenther@suse.com>
|
||||
|
||||
- Add cross-ppc64le package
|
||||
|
33
glibc.spec
33
glibc.spec
@ -96,6 +96,9 @@ ExclusiveArch: do_not_build
|
||||
%define build_cross 1
|
||||
%undefine _build_create_debug
|
||||
ExcludeArch: %{cross_arch}
|
||||
%if 0%{?suse_version} < 1600
|
||||
ExclusiveArch: do_not_build
|
||||
%endif
|
||||
%endif
|
||||
%define host_arch %{?cross_cpu}%{!?cross_cpu:%{_target_cpu}}
|
||||
|
||||
@ -287,8 +290,6 @@ Patch100: add-locales.patch
|
||||
Patch102: glibc-2.4.90-no_NO.diff
|
||||
# PATCH-FIX-OPENSUSE -- Renames for China
|
||||
Patch103: glibc-2.4-china.diff
|
||||
# PATCH-FIX-OPENSUSE -- Disable gettext for C.UTF-8 locale
|
||||
Patch104: glibc-disable-gettext-for-c-utf8.patch
|
||||
|
||||
### Network related patches
|
||||
# PATCH-FIX-OPENSUSE Warn about usage of mdns in resolv.conv
|
||||
@ -307,6 +308,24 @@ Patch1001: cache-amd-legacy.patch
|
||||
Patch1002: cache-intel-shared.patch
|
||||
# PATCH-FIX-UPSTREAM malloc: Enable merging of remainders in memalign, remove bin scanning from memalign (BZ #30723)
|
||||
Patch1003: posix-memalign-fragmentation.patch
|
||||
# PATCH-FIX-UPSTREAM intl: Treat C.UTF-8 locale like C locale (BZ #16621)
|
||||
Patch1004: intl-c-utf-8-like-c-locale.patch
|
||||
# PATCH-FIX-UPSTREAM io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 (BZ #30804)
|
||||
Patch1005: ppc64-flock-fob64.patch
|
||||
# PATCH-FIX-UPSTREAM libio: Fix oversized __io_vtables
|
||||
Patch1006: libio-io-vtables.patch
|
||||
# PATCH-FIX-UPSTREAM elf: Do not run constructors for proxy objects
|
||||
Patch1007: call-init-proxy-objects.patch
|
||||
# PATCH-FIX-UPSTREAM elf: Always call destructors in reverse constructor order (BZ #30785)
|
||||
Patch1008: dtors-reverse-ctor-order.patch
|
||||
# PATCH-FIX-UPSTREAM Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527, BZ #30842)
|
||||
Patch1009: no-aaaa-read-overflow.patch
|
||||
# PATCH-FIX-UPSTREAM getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806, BZ #30843)
|
||||
Patch1010: getcanonname-use-after-free.patch
|
||||
# PATCH-FIX-UPSTREAM Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 (CVE-2023-5156, BZ #30884)
|
||||
Patch1011: getaddrinfo-memory-leak.patch
|
||||
# PATCH-FIX-UPSTREAM io: Do not implement fstat with fstatat
|
||||
Patch1012: fstat-implementation.patch
|
||||
|
||||
###
|
||||
# Patches awaiting upstream approval
|
||||
@ -524,7 +543,6 @@ library in a cross compilation setting.
|
||||
%patch100 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%patch104 -p1
|
||||
|
||||
%patch304 -p1
|
||||
%patch306 -p1
|
||||
@ -534,6 +552,15 @@ library in a cross compilation setting.
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
%patch1004 -p1
|
||||
%patch1005 -p1
|
||||
%patch1006 -p1
|
||||
%patch1007 -p1
|
||||
%patch1008 -p1
|
||||
%patch1009 -p1
|
||||
%patch1010 -p1
|
||||
%patch1011 -p1
|
||||
%patch1012 -p1
|
||||
%endif
|
||||
|
||||
%patch2000 -p1
|
||||
|
39
intl-c-utf-8-like-c-locale.patch
Normal file
39
intl-c-utf-8-like-c-locale.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 2897b231a6b71ee17d47d3d63f1112b2641a476c Mon Sep 17 00:00:00 2001
|
||||
From: Bruno Haible <bruno@clisp.org>
|
||||
Date: Mon, 4 Sep 2023 15:31:36 +0200
|
||||
Subject: [PATCH] intl: Treat C.UTF-8 locale like C locale (BZ# 16621)
|
||||
|
||||
The wiki page https://sourceware.org/glibc/wiki/Proposals/C.UTF-8
|
||||
says that "Setting LC_ALL=C.UTF-8 will ignore LANGUAGE just like it
|
||||
does with LC_ALL=C." This patch implements it.
|
||||
|
||||
* intl/dcigettext.c (guess_category_value): Treat C.<encoding> locale
|
||||
like the C locale.
|
||||
|
||||
Reviewed-by: Florian Weimer <fweimer@redhat.com>
|
||||
---
|
||||
intl/dcigettext.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/intl/dcigettext.c b/intl/dcigettext.c
|
||||
index 7886ac9545..27063886d2 100644
|
||||
--- a/intl/dcigettext.c
|
||||
+++ b/intl/dcigettext.c
|
||||
@@ -1560,8 +1560,12 @@ guess_category_value (int category, const char *categoryname)
|
||||
2. The precise output of some programs in the "C" locale is specified
|
||||
by POSIX and should not depend on environment variables like
|
||||
"LANGUAGE" or system-dependent information. We allow such programs
|
||||
- to use gettext(). */
|
||||
- if (strcmp (locale, "C") == 0)
|
||||
+ to use gettext().
|
||||
+ Ignore LANGUAGE and its system-dependent analogon also if the locale is
|
||||
+ set to "C.UTF-8" or, more generally, to "C.<encoding>", because that's
|
||||
+ the by-design behaviour for glibc, see
|
||||
+ <https://sourceware.org/glibc/wiki/Proposals/C.UTF-8>. */
|
||||
+ if (locale[0] == 'C' && (locale[1] == '\0' || locale[1] == '.'))
|
||||
return locale;
|
||||
|
||||
/* The highest priority value is the value of the 'LANGUAGE' environment
|
||||
--
|
||||
2.42.0
|
||||
|
51
libio-io-vtables.patch
Normal file
51
libio-io-vtables.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From 92201f16cbcfd9eafe314ef6654be2ea7ba25675 Mon Sep 17 00:00:00 2001
|
||||
From: Adam Jackson <ajax@redhat.com>
|
||||
Date: Fri, 8 Sep 2023 15:55:19 -0400
|
||||
Subject: [PATCH] libio: Fix oversized __io_vtables
|
||||
|
||||
IO_VTABLES_LEN is the size of the struct array in bytes, not the number
|
||||
of __IO_jump_t's in the array. Drops just under 384kb from .rodata on
|
||||
LP64 machines.
|
||||
|
||||
Fixes: 3020f72618e ("libio: Remove the usage of __libc_IO_vtables")
|
||||
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
||||
Reviewed-by: Florian Weimer <fweimer@redhat.com>
|
||||
Tested-by: Florian Weimer <fweimer@redhat.com>
|
||||
(cherry picked from commit 8cb69e054386f980f9ff4d93b157861d72b2019e)
|
||||
---
|
||||
libio/vtables.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libio/vtables.c b/libio/vtables.c
|
||||
index 1d8ad612e9..34f7e15f1c 100644
|
||||
--- a/libio/vtables.c
|
||||
+++ b/libio/vtables.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <libioP.h>
|
||||
#include <stdio.h>
|
||||
#include <ldsodefs.h>
|
||||
+#include <array_length.h>
|
||||
#include <pointer_guard.h>
|
||||
#include <libio-macros.h>
|
||||
|
||||
@@ -88,7 +89,7 @@
|
||||
# pragma weak __wprintf_buffer_as_file_xsputn
|
||||
#endif
|
||||
|
||||
-const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro =
|
||||
+const struct _IO_jump_t __io_vtables[] attribute_relro =
|
||||
{
|
||||
/* _IO_str_jumps */
|
||||
[IO_STR_JUMPS] =
|
||||
@@ -485,6 +486,8 @@ const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro =
|
||||
},
|
||||
#endif
|
||||
};
|
||||
+_Static_assert (array_length (__io_vtables) == IO_VTABLES_NUM,
|
||||
+ "initializer count");
|
||||
|
||||
#ifdef SHARED
|
||||
|
||||
--
|
||||
2.42.0
|
||||
|
193
no-aaaa-read-overflow.patch
Normal file
193
no-aaaa-read-overflow.patch
Normal file
@ -0,0 +1,193 @@
|
||||
From bd77dd7e73e3530203be1c52c8a29d08270cb25d Mon Sep 17 00:00:00 2001
|
||||
From: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed, 13 Sep 2023 14:10:56 +0200
|
||||
Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses
|
||||
in no-aaaa mode
|
||||
|
||||
Without passing alt_dns_packet_buffer, __res_context_search can only
|
||||
store 2048 bytes (what fits into dns_packet_buffer). However,
|
||||
the function returns the total packet size, and the subsequent
|
||||
DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
|
||||
of the stack-allocated buffer.
|
||||
|
||||
Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa
|
||||
stub resolver option") and bug 30842.
|
||||
---
|
||||
NEWS | 6 +-
|
||||
resolv/Makefile | 2 +
|
||||
resolv/nss_dns/dns-host.c | 2 +-
|
||||
resolv/tst-resolv-noaaaa-vc.c | 129 ++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 137 insertions(+), 2 deletions(-)
|
||||
create mode 100644 resolv/tst-resolv-noaaaa-vc.c
|
||||
|
||||
diff --git a/resolv/Makefile b/resolv/Makefile
|
||||
index 054b1fa36c..2f99eb3862 100644
|
||||
--- a/resolv/Makefile
|
||||
+++ b/resolv/Makefile
|
||||
@@ -102,6 +102,7 @@ tests += \
|
||||
tst-resolv-invalid-cname \
|
||||
tst-resolv-network \
|
||||
tst-resolv-noaaaa \
|
||||
+ tst-resolv-noaaaa-vc \
|
||||
tst-resolv-nondecimal \
|
||||
tst-resolv-res_init-multi \
|
||||
tst-resolv-search \
|
||||
@@ -293,6 +294,7 @@ $(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \
|
||||
$(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \
|
||||
$(shared-thread-library)
|
||||
$(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
+$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
|
||||
index c8b77bbc35..119dc9f00f 100644
|
||||
--- a/resolv/nss_dns/dns-host.c
|
||||
+++ b/resolv/nss_dns/dns-host.c
|
||||
@@ -427,7 +427,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
|
||||
{
|
||||
n = __res_context_search (ctx, name, C_IN, T_A,
|
||||
dns_packet_buffer, sizeof (dns_packet_buffer),
|
||||
- NULL, NULL, NULL, NULL, NULL);
|
||||
+ &alt_dns_packet_buffer, NULL, NULL, NULL, NULL);
|
||||
if (n >= 0)
|
||||
status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n,
|
||||
&abuf, pat, errnop, herrnop, ttlp);
|
||||
diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c
|
||||
new file mode 100644
|
||||
index 0000000000..9f5aebd99f
|
||||
--- /dev/null
|
||||
+++ b/resolv/tst-resolv-noaaaa-vc.c
|
||||
@@ -0,0 +1,129 @@
|
||||
+/* Test the RES_NOAAAA resolver option with a large response.
|
||||
+ Copyright (C) 2022-2023 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <errno.h>
|
||||
+#include <netdb.h>
|
||||
+#include <resolv.h>
|
||||
+#include <stdbool.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <support/check.h>
|
||||
+#include <support/check_nss.h>
|
||||
+#include <support/resolv_test.h>
|
||||
+#include <support/support.h>
|
||||
+#include <support/xmemstream.h>
|
||||
+
|
||||
+/* Used to keep track of the number of queries. */
|
||||
+static volatile unsigned int queries;
|
||||
+
|
||||
+/* If true, add a large TXT record at the start of the answer section. */
|
||||
+static volatile bool stuff_txt;
|
||||
+
|
||||
+static void
|
||||
+response (const struct resolv_response_context *ctx,
|
||||
+ struct resolv_response_builder *b,
|
||||
+ const char *qname, uint16_t qclass, uint16_t qtype)
|
||||
+{
|
||||
+ /* If not using TCP, just force its use. */
|
||||
+ if (!ctx->tcp)
|
||||
+ {
|
||||
+ struct resolv_response_flags flags = {.tc = true};
|
||||
+ resolv_response_init (b, flags);
|
||||
+ resolv_response_add_question (b, qname, qclass, qtype);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* The test needs to send four queries, the first three are used to
|
||||
+ grow the NSS buffer via the ERANGE handshake. */
|
||||
+ ++queries;
|
||||
+ TEST_VERIFY (queries <= 4);
|
||||
+
|
||||
+ /* AAAA queries are supposed to be disabled. */
|
||||
+ TEST_COMPARE (qtype, T_A);
|
||||
+ TEST_COMPARE (qclass, C_IN);
|
||||
+ TEST_COMPARE_STRING (qname, "example.com");
|
||||
+
|
||||
+ struct resolv_response_flags flags = {};
|
||||
+ resolv_response_init (b, flags);
|
||||
+ resolv_response_add_question (b, qname, qclass, qtype);
|
||||
+
|
||||
+ resolv_response_section (b, ns_s_an);
|
||||
+
|
||||
+ if (stuff_txt)
|
||||
+ {
|
||||
+ resolv_response_open_record (b, qname, qclass, T_TXT, 60);
|
||||
+ int zero = 0;
|
||||
+ for (int i = 0; i <= 15000; ++i)
|
||||
+ resolv_response_add_data (b, &zero, sizeof (zero));
|
||||
+ resolv_response_close_record (b);
|
||||
+ }
|
||||
+
|
||||
+ for (int i = 0; i < 200; ++i)
|
||||
+ {
|
||||
+ resolv_response_open_record (b, qname, qclass, qtype, 60);
|
||||
+ char ipv4[4] = {192, 0, 2, i + 1};
|
||||
+ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
|
||||
+ resolv_response_close_record (b);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ struct resolv_test *obj = resolv_test_start
|
||||
+ ((struct resolv_redirect_config)
|
||||
+ {
|
||||
+ .response_callback = response
|
||||
+ });
|
||||
+
|
||||
+ _res.options |= RES_NOAAAA;
|
||||
+
|
||||
+ for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt)
|
||||
+ {
|
||||
+ queries = 0;
|
||||
+ stuff_txt = do_stuff_txt;
|
||||
+
|
||||
+ struct addrinfo *ai = NULL;
|
||||
+ int ret;
|
||||
+ ret = getaddrinfo ("example.com", "80",
|
||||
+ &(struct addrinfo)
|
||||
+ {
|
||||
+ .ai_family = AF_UNSPEC,
|
||||
+ .ai_socktype = SOCK_STREAM,
|
||||
+ }, &ai);
|
||||
+
|
||||
+ char *expected_result;
|
||||
+ {
|
||||
+ struct xmemstream mem;
|
||||
+ xopen_memstream (&mem);
|
||||
+ for (int i = 0; i < 200; ++i)
|
||||
+ fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1);
|
||||
+ xfclose_memstream (&mem);
|
||||
+ expected_result = mem.buffer;
|
||||
+ }
|
||||
+
|
||||
+ check_addrinfo ("example.com", ai, ret, expected_result);
|
||||
+
|
||||
+ free (expected_result);
|
||||
+ freeaddrinfo (ai);
|
||||
+ }
|
||||
+
|
||||
+ resolv_test_end (obj);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
||||
--
|
||||
2.42.0
|
||||
|
@ -52,9 +52,9 @@
|
||||
# shadow: db files
|
||||
# group: db files
|
||||
|
||||
passwd: compat
|
||||
group: compat
|
||||
shadow: compat
|
||||
passwd: compat systemd
|
||||
group: compat systemd
|
||||
shadow: compat systemd
|
||||
# Allow initgroups to default to the setting for group.
|
||||
# initgroups: compat
|
||||
|
||||
|
76
ppc64-flock-fob64.patch
Normal file
76
ppc64-flock-fob64.patch
Normal file
@ -0,0 +1,76 @@
|
||||
From 434bf72a94de68f0cc7fbf3c44bf38c1911b70cb Mon Sep 17 00:00:00 2001
|
||||
From: Aurelien Jarno <aurelien@aurel32.net>
|
||||
Date: Mon, 28 Aug 2023 23:30:37 +0200
|
||||
Subject: [PATCH] io: Fix record locking contants for powerpc64 with
|
||||
__USE_FILE_OFFSET64
|
||||
|
||||
Commit 5f828ff824e3b7cd1 ("io: Fix F_GETLK, F_SETLK, and F_SETLKW for
|
||||
powerpc64") fixed an issue with the value of the lock constants on
|
||||
powerpc64 when not using __USE_FILE_OFFSET64, but it ended-up also
|
||||
changing the value when using __USE_FILE_OFFSET64 causing an API change.
|
||||
|
||||
Fix that by also checking that define, restoring the pre
|
||||
4d0fe291aed3a476a commit values:
|
||||
|
||||
Default values:
|
||||
- F_GETLK: 5
|
||||
- F_SETLK: 6
|
||||
- F_SETLKW: 7
|
||||
|
||||
With -D_FILE_OFFSET_BITS=64:
|
||||
- F_GETLK: 12
|
||||
- F_SETLK: 13
|
||||
- F_SETLKW: 14
|
||||
|
||||
At the same time, it has been noticed that there was no test for io lock
|
||||
with __USE_FILE_OFFSET64, so just add one.
|
||||
|
||||
Tested on x86_64-linux-gnu, i686-linux-gnu and
|
||||
powerpc64le-unknown-linux-gnu.
|
||||
|
||||
Resolves: BZ #30804.
|
||||
Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
||||
---
|
||||
io/Makefile | 1 +
|
||||
io/tst-fcntl-lock-lfs.c | 2 ++
|
||||
sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h | 2 +-
|
||||
3 files changed, 4 insertions(+), 1 deletion(-)
|
||||
create mode 100644 io/tst-fcntl-lock-lfs.c
|
||||
|
||||
diff --git a/io/Makefile b/io/Makefile
|
||||
index 6ccc0e8691..8a3c83a3bb 100644
|
||||
--- a/io/Makefile
|
||||
+++ b/io/Makefile
|
||||
@@ -192,6 +192,7 @@ tests := \
|
||||
tst-fchownat \
|
||||
tst-fcntl \
|
||||
tst-fcntl-lock \
|
||||
+ tst-fcntl-lock-lfs \
|
||||
tst-fstatat \
|
||||
tst-fts \
|
||||
tst-fts-lfs \
|
||||
diff --git a/io/tst-fcntl-lock-lfs.c b/io/tst-fcntl-lock-lfs.c
|
||||
new file mode 100644
|
||||
index 0000000000..f2a909fb02
|
||||
--- /dev/null
|
||||
+++ b/io/tst-fcntl-lock-lfs.c
|
||||
@@ -0,0 +1,2 @@
|
||||
+#define _FILE_OFFSET_BITS 64
|
||||
+#include <io/tst-fcntl-lock.c>
|
||||
diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
|
||||
index f7615a447e..d8a291a331 100644
|
||||
--- a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
|
||||
+++ b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
|
||||
@@ -33,7 +33,7 @@
|
||||
# define __O_LARGEFILE 0200000
|
||||
#endif
|
||||
|
||||
-#if __WORDSIZE == 64
|
||||
+#if __WORDSIZE == 64 && !defined __USE_FILE_OFFSET64
|
||||
# define F_GETLK 5
|
||||
# define F_SETLK 6
|
||||
# define F_SETLKW 7
|
||||
--
|
||||
2.42.0
|
||||
|
Loading…
Reference in New Issue
Block a user