summaryrefslogtreecommitdiff
path: root/src/env
AgeCommit message (Collapse)AuthorLines
2012-11-30fix ordering of shared library ctors with respect to libc initRich Felker-0/+5
previously, shared library constructors were being called before important internal things like the environment (extern char **environ) and hwcap flags (needed for sjlj to work right with float on arm) were initialized in __libc_start_main. rather than trying to have to dynamic linker make sure this stuff all gets initialized right, I've opted to just defer calling shared library constructors until after the main program's entry point is reached. this also fixes the order of ctors to be the exact reverse of dtors, which is a desirable property and possibly even mandated by some languages. the main practical effect of this change is that shared libraries calling getenv from ctors will no longer fail.
2012-11-08clean up sloppy nested inclusion from pthread_impl.hRich Felker-0/+2
this mirrors the stdio_impl.h cleanup. one header which is not strictly needed, errno.h, is left in pthread_impl.h, because since pthread functions return their error codes rather than using errno, nearly every single pthread function needs the errno constants. in a few places, rather than bringing in string.h to use memset, the memset was replaced by direct assignment. this seems to generate much better code anyway, and makes many functions which were previously non-leaf functions into leaf functions (possibly eliminating a great deal of bloat on some platforms where non-leaf functions require ugly prologue and/or epilogue).
2012-11-01fix unused variable warningsRich Felker-2/+1
2012-10-21as an extension, have putenv("VAR") behave as unsetenv("VAR")Rich Felker-5/+5
the behavior of putenv is left undefined if the argument does not contain an equal sign, but traditional implementations behave this way and gnulib replaces putenv if it doesn't do this.
2012-10-19fix crashes in static-linked multithreaded programs without TLSRich Felker-0/+2
2012-10-15add support for TLS variant I, presently needed for arm and mipsRich Felker-1/+8
despite documentation that makes it sound a lot different, the only ABI-constraint difference between TLS variants II and I seems to be that variant II stores the initial TLS segment immediately below the thread pointer (i.e. the thread pointer points to the end of it) and variant I stores the initial TLS segment above the thread pointer, requiring the thread descriptor to be stored below. the actual value stored in the thread pointer register also tends to have per-arch random offsets applied to it for silly micro-optimization purposes. with these changes applied, TLS should be basically working on all supported archs except microblaze. I'm still working on getting the necessary information and a working toolchain that can build TLS binaries for microblaze, but in theory, static-linked programs with TLS and dynamic-linked programs where only the main executable uses TLS should already work on microblaze. alignment constraints have not yet been heavily tested, so it's possible that this code does not always align TLS segments correctly on archs that need TLS variant I.
2012-10-11i386 vsyscall support (vdso-provided sysenter/syscall instruction based)Rich Felker-0/+3
this doubles the performance of the fastest syscalls on the atom I tested it on; improvement is reportedly much more dramatic on worst-case cpus. cannot be used for cancellable syscalls.
2012-10-08ensure that buffer for decoding auxv at startup is initially zeroRich Felker-1/+1
2012-10-07clean up and refactor program initializationRich Felker-31/+30
the code in __libc_start_main is now responsible for parsing auxv, rather than duplicating the parsing all over the place. this should shave off a few cycles and some code size. __init_libc is left as an external-linkage function despite the fact that it could be static, to prevent it from being inlined and permanently wasting stack space when main is called. a few other minor changes are included, like eliminating per-thread ssp canaries (they were likely broken when combined with certain dlopen usages, and completely unnecessary) and some other unnecessary checks. since this code gets linked into every program, it should be as small and simple as possible.
2012-10-06fix buggy TLS size/alignment computations in static-linked TLSRich Felker-5/+22
2012-10-05support for TLS in dynamic-loaded (dlopen) modulesRich Felker-2/+2
unlike other implementations, this one reserves memory for new TLS in all pre-existing threads at dlopen-time, and dlopen will fail with no resources consumed and no new libraries loaded if memory is not available. memory is not immediately distributed to running threads; that would be too complex and too costly. instead, assurances are made that threads needing the new TLS can obtain it in an async-signal-safe way from a buffer belonging to the dynamic linker/new module (via atomic fetch-and-add based allocator). I've re-appropriated the lock that was previously used for __synccall (synchronizing set*id() syscalls between threads) as a general pthread_create lock. it's a "backwards" rwlock where the "read" operation is safe atomic modification of the live thread count, which multiple threads can perform at the same time, and the "write" operation is making sure the count does not increase during an operation that depends on it remaining bounded (__synccall or dlopen). in static-linked programs that don't use __synccall, this lock is a no-op and has no cost.
2012-10-04partial TLS support for dynamic-linked programsRich Felker-5/+5
only TLS in the main program is supported so far; TLS defined in shared libraries will not work yet.
2012-10-04TLS (GNU/C11 thread-local storage) support for static-linked programsRich Felker-0/+73
the design for TLS in dynamic-linked programs is mostly complete too, but I have not yet implemented it. cost is nonzero but still low for programs which do not use TLS and/or do not use threads (a few hundred bytes of new code, plus dependency on memcpy). i believe it can be made smaller at some point by merging __init_tls and __init_security into __libc_start_main and avoiding duplicate auxv-parsing code. at the same time, I've also slightly changed the logic pthread_create uses to allocate guard pages to ensure that guard pages are not counted towards commit charge.
2012-08-25ensure canary is setup if stack-prot libs are dlopen'd into non-ssp appRich Felker-1/+2
previously, this usage could lead to a crash if the thread pointer was still uninitialized, and otherwise would just cause the canary to be zero (less secure).
2012-07-27save AT_HWCAP from auxv for subsequent use in machine-specific codeRich Felker-0/+1
it's expected that this will be needed/useful only in asm, so I've given it its own symbol that can be addressed in pc-relative ways from asm rather than adding a field in the __libc structure which would require hard-coding the offset wherever it's used.
2012-06-14direct syscall to open in __init_security needs O_LARGEFILERich Felker-1/+1
it probably does not matter for /dev/null, but this should be done consistently anyway.
2012-05-10fix missing static (namespace clash)Rich Felker-1/+1
2012-05-03overhaul SSP support to use a real canaryRich Felker-8/+17
pthread structure has been adjusted to match the glibc/GCC abi for where the canary is stored on i386 and x86_64. it will need variants for other archs to provide the added security of the canary's entropy, but even without that it still works as well as the old "minimal" ssp support. eventually such changes will be made anyway, since they are also needed for GCC/C11 thread-local storage support (not yet implemented). care is taken not to attempt initializing the thread pointer unless the program actually uses SSP (by reference to __stack_chk_fail).
2012-04-30make stack protector work with gcc configured for non-tls canaryRich Felker-0/+2
2012-04-24first attempt at enabling stack protector supportRich Felker-0/+21
the code is written to pre-init the thread pointer in static linked programs that pull in __stack_chk_fail or dynamic-linked programs that lookup the symbol. no explicit canary is set; the canary will be whatever happens to be in the thread structure at the offset gcc hard-coded. this can be improved later.
2011-08-23bring back ___environ symbol (3 underscores)Rich Felker-0/+1
its existence doesn't hurt anything, and dynamic-linked binaries using previous versions of musl were wrongly binding to it instead of __environ.
2011-08-23security hardening: ensure suid programs have valid stdin/out/errRich Felker-13/+38
this behavior (opening fds 0-2 for a suid program) is explicitly allowed (but not required) by POSIX to protect badly-written suid programs from clobbering files they later open. this commit does add some cost in startup code, but the availability of auxv and the security flag will be useful elsewhere in the future. in particular auxv is needed for static-linked vdso support, which is still waiting to be committed (sorry nik!)
2011-07-28fix for setenv bogus var argument handlingRich Felker-1/+1
thanks to mikachu per POSIX: The setenv() function shall fail if: [EINVAL] The name argument is a null pointer, points to an empty string, or points to a string containing an '=' character.
2011-04-06add startup abi functions, dummy for now. eventually needed for c++ support.Rich Felker-0/+10
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker-0/+178