summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorLines
2013-05-05do not interpret errors in return value of times() syscallRich Felker-1/+1
all return values are valid, and on 32-bit systems, values that look like errors can and will occur. since the only actual error this function could return is EFAULT, and it is only returnable when the application has invoked undefined behavior, simply ignore the possibility that the return value is actually an error code.
2013-04-26transition to using functions for internal signal blocking/restoringRich Felker-12/+57
there are several reasons for this change. one is getting rid of the repetition of the syscall signature all over the place. another is sharing the constant masks without costly GOT accesses in PIC. the main motivation, however, is accurately representing whether we want to block signals that might be handled by the application, or all signals.
2013-04-26optimize/debloat raiseRich Felker-2/+2
use __syscall rather than syscall when failure is not possible or not to be considered.
2013-04-26prevent code from running under a thread id which already gave ESRCHRich Felker-1/+7
2013-04-26synccall signal handler need not handle dead threads anymoreRich Felker-9/+0
they have already blocked signals before decrementing the thread count, so the code being removed is unreachable in the case where the thread is no longer counted.
2013-04-26fix clobbering of signal mask when creating thread with sched attributesRich Felker-1/+1
this was simply a case of saving the state in the wrong place.
2013-04-26make last thread's pthread_exit give exit(0) a consistent stateRich Felker-3/+13
the previous few commits ended up leaving the thread count and signal mask wrong for atexit handlers and stdio cleanup.
2013-04-26use atomic decrement rather than cas in pthread_exit thread countRich Felker-4/+1
now that blocking signals prevents any application code from running while the last thread is exiting, the cas logic is no longer needed to prevent decrementing below zero.
2013-04-26add comments on some of the pthread_exit logicRich Felker-2/+15
2013-04-26always block signals in pthread_exit before decrementing thread countRich Felker-2/+2
the thread count (1+libc.threads_minus_1) must always be greater than or equal to the number of threads which could have application code running, even in an async-signal-safe sense. there is at least one dangerous race condition if this invariant fails to hold: dlopen could allocate too little TLS for existing threads, and a signal handler running in the exiting thread could claim the allocated TLS for itself (via __tls_get_addr), leaving too little for the other threads it was allocated for and thereby causing out-of-bounds access. there may be other situations where it's dangerous for the thread count to be too low, particularly in the case where only one thread should be left, in which case locking may be omitted. however, all such code paths seem to arise from undefined behavior, since async-signal-unsafe functions are not permitted to be called from a signal handler that interrupts pthread_exit (which is itself async-signal-unsafe). this change may also simplify logic in __synccall and improve the chances of making __synccall async-signal-safe.
2013-04-26remove explicit locking to prevent __synccall setuid during posix_spawnRich Felker-13/+0
for the duration of the vm-sharing clone used by posix_spawn, all signals are blocked in the parent process, including implementation-internal signals. since __synccall cannot do anything until successfully signaling all threads, the fact that signals are blocked automatically yields the necessary safety. aside from debloating and general simplification, part of the motivation for removing the explicit lock is to simplify the synchronization logic of __synccall in hopes that it can be made async-signal-safe, which is needed to make setuid and setgid, which depend on __synccall, conform to the standard. whether this will be possible remains to be seen.
2013-04-22fix reversed argument order x86_64 sigsetjmp's call to sigprocmaskRich Felker-2/+2
this caused sigsetjmp not to save the signal mask but instead to clobber it with whatever happened to be in the sigjmb_buf prior to the call.
2013-04-20comment potentially-confusing use of struct crypt_data typeRich Felker-1/+10
2013-04-20make dynamic linker accept : or \n as path separatorRich Felker-8/+8
this allows /etc/ld-musl-$(ARCH).path to contain one path per line, which is much more convenient for users than the :-delimited format, which was a source of repeated and unnecessary confusion. for simplicity, \n is also accepted in environment variables, though it should probably not be used there. at the same time, issues with overly long paths invoking UB or getting truncated have been fixed. such issues should not have arisen with the environment (which is size-limited) but could have been generated by a path file larger than 2**31 bytes in length.
2013-04-09getifaddrs: implement proper ipv6 netmasksrofl0r-2/+11
2013-04-08mbrtowc: do not leave mbstate_t in permanent-fail state after EILSEQRich Felker-1/+1
the standard is clear that the old behavior is conforming: "In this case, [EILSEQ] shall be stored in errno and the conversion state is undefined." however, the specification of mbrtowc has one peculiarity when the source argument is a null pointer: in this case, it's required to behave as mbrtowc(NULL, "", 1, ps). no motivation is provided for this requirement, but the natural one that comes to mind is that the intent is to reset the mbstate_t object. for stateful encodings, such behavior is actually specified: "If the corresponding wide character is the null wide character, the resulting state described shall be the initial conversion state." but in the case of UTF-8 where the mbstate_t object contains a partially-decoded character rather than a shift state, a subsequent '\0' byte indicates that the previous partial character is incomplete and thus an illegal sequence. naturally, applications using their own mbstate_t object should clear it themselves after an error, but the standard presently provides no way to clear the builtin mbstate_t object used when the ps argument is a null pointer. I suspect this issue may be addressed in the future by specifying that a null source argument resets the state, as this seems to have been the intent all along. for what it's worth, this change also slightly reduces code size.
2013-04-08implement mbtowc directly, not as a wrapper for mbrtowcRich Felker-5/+39
the interface contract for mbtowc admits a much faster implementation than mbrtowc can achieve; wrapping mbrtowc with an extra call frame only made the situation worse. since the regex implementation uses mbtowc already, this change should improve regex performance too. it may be possible to improve performance in other places internally by switching from mbrtowc to mbtowc.
2013-04-08optimize mbrtowcRich Felker-3/+2
this simple change, in my measurements, makes about a 7% performance improvement. at first glance this change would seem like a compiler-specific hack, since the modified code is not even used. however, I suspect the reason is that I'm eliminating a second path into the main body of the code, allowing the compiler more flexibility to optimize the normal (hot) path into the main body. so even if it weren't for the measurable (and quite notable) difference in performance, I think the change makes sense.
2013-04-08fix out-of-bounds access in UTF-8 decodingRich Felker-1/+1
SA and SB are used as the lowest and highest valid starter bytes, but the value of SB was one-past the last valid starter. this caused access past the end of the state table when the illegal byte '\xf5' was encountered in a starter position. the error did not show up in full-character decoding tests, since the bogus state read from just past the table was unlikely to admit any continuation bytes as valid, but would have shown up had we tested feeding '\xf5' to the byte-at-a-time decoding in mbrtowc: it would cause the funtion to wrongly return -2 rather than -1. I may eventually go back and remove all references to SA and SB, replacing them with the values; this would make the code more transparent, I think. the original motivation for using macros was to allow misguided users of the code to redefine them for the purpose of enlarging the set of accepted sequences past the end of Unicode...
2013-04-07fix signalfd not to ignore flagsRich Felker-1/+12
also include fallback code for broken kernels that don't support the flags. as usual, the fallback has a race condition that can leak file descriptors.
2013-04-06silence nonsensical warnings in timer_createRich Felker-2/+2
2013-04-06add support for program_invocation[_short]_nameRich Felker-2/+12
this is a bit ugly, and the motivation for supporting it is questionable. however the main factors were: 1. it will be useful to have this for certain internal purposes anyway -- things like syslog. 2. applications can just save argv[0] in main, but it's hard to fix non-portable library code that's depending on being able to get the invocation name without the main application's help.
2013-04-06fix argument omission in ABI-compat weak_alias for fscanfRich Felker-1/+1
2013-04-05Add ABI compatability aliases.Isaac Dunham-0/+38
GNU used several extensions that were incompatible with C99 and POSIX, so they used alternate names for the standard functions. The result is that we need these to run standards-conformant programs that were linked with glibc.
2013-04-06fix type error in pthread_create, introduced with pthread_getattr_npRich Felker-1/+1
2013-04-06getifaddrs: remove unused labelrofl0r-1/+0
2013-04-05getifaddrs: use if_nameindex to enumerate interfacesrofl0r-23/+9
2013-04-05getifaddrs: one less indent levelrofl0r-30/+28
2013-04-05getifaddrs: less mallocrofl0r-55/+52
2013-04-05add getifaddrsrofl0r-0/+191
supports ipv4 and ipv6, but not the "extended" usage where usage statistics and other info are assigned to ifa_data members of duplicate entries with AF_PACKET family.
2013-04-04implement dn_skipname (legacy resolver function)Rich Felker-0/+12
2013-04-04add put*ent functions for passwd/group files and similar for shadowRich Felker-0/+34
since shadow does not yet support enumeration (getspent), the corresponding FILE-based get and put versions are also subbed out for now. this is partly out of laziness and partly because it's not clear how they should work in the presence of TCB shadow files. the stubs should make it possible to compile some software that expects them to exist, but such software still may not work properly.
2013-04-04cleanup wcstombsRich Felker-12/+1
remove redundant headers and comments; this file is completely trivial now. also, avoid temp var.
2013-04-04cleanup mbstowcs wrapperRich Felker-10/+0
remove unneeded headers. this file is utterly trivial now and there's no sense in having a comment to state that it's in the public domain.
2013-04-04minor optimization to mbstowcsRich Felker-2/+1
there is no need to zero-fill an mbstate_t object in the caller; mbsrtowcs will automatically treat a null pointer as the initial state.
2013-04-04fix incorrect range checks in wcsrtombsRich Felker-3/+3
negative values of wchar_t need to be treated in the non-ASCII case so that they can properly generate EILSEQ rather than getting truncated to 8bit values and stored in the output.
2013-04-04overhaul mbsrtowcsRich Felker-69/+64
these changes fix at least two bugs: - misaligned access to the input as uint32_t for vectorized ASCII test - incorrect src pointer after stopping on EILSEQ in addition, the text of the standard makes it unclear whether the mbstate_t object is to be modified when the destination pointer is null; previously it was cleared either way; now, it's only cleared when the destination is non-null. this change may need revisiting, but it should not affect most applications, since calling mbsrtowcs with non-zero state can only happen when the head of the string was already processed with mbrtowc. finally, these changes shave about 20% size off the function and seem to improve performance by 1-5%.
2013-04-02__time_to_tm: initialize tm_zone and tm_gmtoffrofl0r-0/+2
2013-04-01fix typo in setpriority syscall wrapperRich Felker-1/+1
2013-03-31implement pthread_getattr_npRich Felker-2/+31
this function is mainly (purely?) for obtaining stack address information, but we also provide the detach state since it's easy to do anyway.
2013-03-26remove __SYSCALL_SSLEN arch macro in favor of using public _NSIGRich Felker-23/+27
the issue at hand is that many syscalls require as an argument the kernel-ABI size of sigset_t, intended to allow the kernel to switch to a larger sigset_t in the future. previously, each arch was defining this size in syscall_arch.h, which was redundant with the definition of _NSIG in bits/signal.h. as it's used in some not-quite-portable application code as well, _NSIG is much more likely to be recognized and understood immediately by someone reading the code, and it's also shorter and less cluttered. note that _NSIG is actually 65/129, not 64/128, but the division takes care of throwing away the off-by-one part.
2013-03-26provide emulation of fcntl F_DUPFD_CLOEXEC on old kernelsRich Felker-0/+16
I'm not entirely happy with the amount of ugliness here, but since F_DUPFD_CLOEXEC is used elsewhere in code that's expected to work on old kernels (popen), it seems necessary. reportedly even some modern kernels went back and broke F_DUPFD_CLOEXEC (making it behave like plain F_DUPFD), so it might be necessary to add some additional fixup code later to deal with that issue too.
2013-03-25in pipe2, use pipe() rather than __syscall(SYS_pipe, ...) for fallbackRich Felker-3/+3
SYS_pipe is not usable directly in general, since mips has a very broken calling convention for the pipe syscall. instead, just call the function, so that the mips-specific ugliness is isolated in mips/pipe.s and not copied elsewhere.
2013-03-24rewrite popen to use posix_spawn instead of fragile vfork hacksRich Felker-41/+41
2013-03-24remove cruft from pre-posix_spawn version of the system functionRich Felker-6/+0
2013-03-23fix multiple bugs in syslog interfacesRich Felker-24/+27
1. as reported by William Haddon, the value returned by snprintf was wrongly used as a length passed to sendto, despite it possibly exceeding the buffer length. this could lead to invalid reads and leaking additional data to syslog. 2. openlog was storing a pointer to the ident string passed by the caller, rather than copying it. this bug is shared with (and even documented in) other implementations like glibc, but such behavior does not seem to meet the requirements of the standard. 3. extremely long ident provided to openlog, or corrupt ident due to the above issue, could possibly have resulted in buffer overflows. despite having the potential for smashing the stack, i believe the impact is low since ident points to a short string literal in typical application usage (and per the above bug, other usages will break horribly on other implementations). 4. when used with LOG_NDELAY, openlog was not connecting the newly-opened socket; sendto was being used instead. this defeated the main purpose of LOG_NDELAY: preparing for chroot. 5. the default facility was not being used at all, so all messages without an explicit facility passed to syslog were getting logged at the kernel facility. 6. setlogmask was not thread-safe; no synchronization was performed updating the mask. the fix uses atomics rather than locking to avoid introducing a lock in the fast path for messages whose priority is not in the mask. 7. in some code paths, the syslog lock was being unlocked twice; this could result in releasing a lock that was actually held by a different thread. some additional enhancements to syslog such as a default identifier based on argv[0] or similar may still be desired; at this time, only the above-listed bugs have been fixed.
2013-03-04fix types for wctype_t and wctrans_tRich Felker-4/+4
wctype_t was incorrectly "int" rather than "long" on x86_64. not only is this an ABI incompatibility; it's also a major design flaw if we ever wanted wctype_t to be implemented as a pointer, which would be necessary if locales support custom character classes, since int is too small to store a converted pointer. this commit fixes wctype_t to be unsigned long on all archs, matching the LSB ABI; this change does not matter for C code, but for C++ it affects mangling. the same issue applied to wctrans_t. glibc/LSB defines this type as const __int32_t *, but since no such definition is visible, I've just expanded the definition, int, everywhere. it would be nice if these types (which don't vary by arch) could be in wctype.h, but the OB XSI requirement in POSIX that wchar.h expose some types and functions from wctype.h precludes doing so. glibc works around this with some hideous hacks, but trying to duplicate that would go against the intent of musl's headers.
2013-02-26fix integer type issue in strverscmpRich Felker-1/+3
lenl-lenr is not a valid expression for a signed int return value from strverscmp, since after implicit conversion from size_t to int this difference could have the wrong sign or might even be zero. using the difference for char values works since they're bounded well within the range of differences representable by int, but it does not work for size_t values.
2013-02-26implement non-stub strverscmpRich Felker-2/+35
patch by Isaac Dunham.
2013-02-21replace stub with working strcasestrRich Felker-2/+4