summaryrefslogtreecommitdiff
path: root/src/misc
AgeCommit message (Collapse)AuthorLines
2014-05-30fix for broken kernel side RLIM_INFINITY on mipsSzabolcs Nagy-2/+18
On 32 bit mips the kernel uses -1UL/2 to mark RLIM_INFINITY (and this is the definition in the userspace api), but since it is in the middle of the valid range of limits and limits are often compared with relational operators, various kernel side logic is broken if larger than -1UL/2 limits are used. So we truncate the limits to -1UL/2 in get/setrlimit and prlimit. Even if the kernel side logic consistently treated -1UL/2 as greater than any other limit value, there wouldn't be any clean workaround that allowed using large limits: * using -1UL/2 as RLIM_INFINITY in userspace would mean different infinity value for get/setrlimt and prlimit (where infinity is always -1ULL) and userspace logic could break easily (just like the kernel is broken now) and more special case code would be needed for mips. * translating -1UL/2 kernel side value to -1ULL in userspace would mean that -1UL/2 limit cannot be set (eg. -1UL/2+1 had to be passed to the kernel instead).
2014-05-24support kernels with no SYS_open syscall, only SYS_openatRich Felker-1/+1
open is handled specially because it is used from so many places, in so many variants (2 or 3 arguments, setting errno or not, and cancellable or not). trying to do it as a function would not only increase bloat, but would also risk subtle breakage. this is the first step towards supporting "new" archs where linux lacks "old" syscalls.
2014-04-07add getauxval functionRich Felker-0/+12
in a sense this implementation is incomplete since it doesn't provide the HWCAP_* macros for use with AT_HWCAP, which is perhaps the most important intended usage case for getauxval. they will be added at a later time.
2014-03-18use syscall_arg_t for arguments in public syscall() functionRich Felker-7/+7
on x32, this change allows programs which use syscall() with pointers or 64-bit values as arguments to work correctly, i.e. without truncation or incorrect sign extension. on all other supported archs, syscall_arg_t is defined as long, so this change is a no-op.
2014-03-17fix negated error codes from ptsname_rRich Felker-1/+1
the incorrect error codes also made their way into errno when __ptsname_r was called by plain ptsname, which reports errors via errno rather than a return value.
2014-02-01fix nftw FTW_MOUNT flagRich Felker-2/+1
the incorrect check for crossing device boundaries was preventing nftw from traversing anything except the initially provided pathname.
2013-12-13optimize get_current_dir_name to reduce stack bloatRich Felker-3/+1
our getcwd already (as an extension) supports allocation of a buffer when the buffer argument is a null pointer, so there's no need to duplicate the allocation logic in this wrapper function. duplicating it is actually harmful in that it doubles the stack usage from PATH_MAX to 2*PATH_MAX.
2013-12-12include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy-10/+3
2013-11-22fix and refactor child reaping logic in wordexpRich Felker-6/+16
loop condition was incorrect and confusing and caused an infinite loop when (broken) applications reaped the pid from a signal handler or another thread before wordexp's call to waitpid could do so.
2013-11-22fix fd leak and case where fd 1 is already closed in wordexpRich Felker-4/+4
2013-11-22fix resource exhaustion and zero-word cases in wordexpRich Felker-8/+18
when WRDE_NOSPACE is returned, the we_wordv and we_wordc members must be valid, because the interface contract allows them to return partial results. in the case of zero results (due either to resource exhaustion or a zero-word input) the we_wordv array still should contain a terminating null pointer and the initial we_offs null pointers. this is impossible on resource exhaustion, so a correct application must presumably check for a null pointer in we_wordv; POSIX however seems to ignore the issue. the previous code may have crashed under this situation.
2013-11-22improve robustness of wordexp and fix handling of 0-word caseRich Felker-11/+16
avoid using exit status to determine if a shell error occurred, since broken programs may install SIGCHLD handlers which reap all zombies, including ones that don't belong to them. using clone and __WCLONE does not seem to work for avoiding this problem since exec resets the exit signal to SIGCHLD. instead, the new code uses a dummy word at the beginning of the shell's output, which is ignored, to determine whether the command was executed successfully. this also fixes a corner case where a word string containing zero words was interpreted as a single zero-length word rather than no words at all. POSIX does not seem to require this case to be supported anyway, though. in addition, the new code uses the correct retry idiom for waitpid to ensure that spurious STOP/CONT signals in the child and/or EINTR in the parent do not prevent successful wait for the child, and blocks signals in the child.
2013-08-31remove incorrect cancellation points from realpathRich Felker-4/+4
2013-08-31debloat realpath's allocation strategyRich Felker-12/+6
rather than allocating a PATH_MAX-sized buffer when the caller does not provide an output buffer, work first with a PATH_MAX-sized temp buffer with automatic storage, and either copy it to the caller's buffer or strdup it on success. this not only avoids massive memory waste, but also avoids pulling in free (and thus the full malloc implementation) unnecessarily in static programs.
2013-08-31make realpath use O_PATH when opening the fileRich Felker-1/+1
this avoids failure if the file is not readable and avoids odd behavior for device nodes, etc. on old kernels that lack O_PATH, the old behavior (O_RDONLY) will naturally happen as the fallback.
2013-08-02debloat code that depends on /proc/self/fd/%d with shared functionRich Felker-1/+3
I intend to add more Linux workarounds that depend on using these pathnames, and some of them will be in "syscall" functions that, from an anti-bloat standpoint, should not depend on the whole snprintf framework.
2013-04-05Add ABI compatability aliases.Isaac Dunham-0/+2
GNU used several extensions that were incompatible with C99 and POSIX, so they used alternate names for the standard functions. The result is that we need these to run standards-conformant programs that were linked with glibc.
2013-04-01fix typo in setpriority syscall wrapperRich Felker-1/+1
2013-03-23fix multiple bugs in syslog interfacesRich Felker-24/+27
1. as reported by William Haddon, the value returned by snprintf was wrongly used as a length passed to sendto, despite it possibly exceeding the buffer length. this could lead to invalid reads and leaking additional data to syslog. 2. openlog was storing a pointer to the ident string passed by the caller, rather than copying it. this bug is shared with (and even documented in) other implementations like glibc, but such behavior does not seem to meet the requirements of the standard. 3. extremely long ident provided to openlog, or corrupt ident due to the above issue, could possibly have resulted in buffer overflows. despite having the potential for smashing the stack, i believe the impact is low since ident points to a short string literal in typical application usage (and per the above bug, other usages will break horribly on other implementations). 4. when used with LOG_NDELAY, openlog was not connecting the newly-opened socket; sendto was being used instead. this defeated the main purpose of LOG_NDELAY: preparing for chroot. 5. the default facility was not being used at all, so all messages without an explicit facility passed to syslog were getting logged at the kernel facility. 6. setlogmask was not thread-safe; no synchronization was performed updating the mask. the fix uses atomics rather than locking to avoid introducing a lock in the fast path for messages whose priority is not in the mask. 7. in some code paths, the syslog lock was being unlocked twice; this could result in releasing a lock that was actually held by a different thread. some additional enhancements to syslog such as a default identifier based on argv[0] or similar may still be desired; at this time, only the above-listed bugs have been fixed.
2012-12-07move new linux syscall wrapper functions to proper source dirRich Felker-16/+0
2012-12-07fix trailing whitespace issues that crept in here and thereRich Felker-2/+2
2012-12-06add arch_prctl syscall (amd64/x32 only)rofl0r-0/+9
2012-12-06add personality syscallrofl0r-0/+7
2012-09-30add getopt reset supportRich Felker-2/+18
based on proposed patches by Daniel Cegiełka, with minor changes: - use a weak symbol for optreset so it doesn't clash with namespace - also reset optpos (position in multi-option arg like -lR) - also make getopt_long support reset
2012-09-29fix some more O_CLOEXEC/SOCK_CLOEXEC issuesRich Felker-1/+1
2012-09-29emulate SOCK_CLOEXEC and SOCK_NONBLOCK for old (pre-2.6.27) kernelsRich Felker-2/+1
also update syslog to use SOCK_CLOEXEC rather than separate fcntl step, to make it safe in multithreaded programs that run external programs. emulation is not atomic; it could be made atomic by holding a lock on forking during the operation, but this seems like overkill. my goal is not to achieve perfect behavior on old kernels (which have plenty of other imperfect behavior already) but to avoid catastrophic breakage in (1) syslog, which would give no output on old kernels with the change to use SOCK_CLOEXEC, and (2) programs built on a new kernel where configure scripts detected a working SOCK_CLOEXEC, which later get run on older kernels (they may otherwise fail to work completely).
2012-09-26fix dirname to handle input of form "foo/" correctlyRich Felker-6/+5
also optimized a bit.
2012-09-09add setdomainname syscall, fix getdomainname (previously a stub)Rich Felker-1/+17
2012-09-07cleanup src/linux and src/misc trees, etc.Rich Felker-2697/+158
previously, it was pretty much random which one of these trees a given function appeared in. they have now been organized into: src/linux: non-POSIX linux syscalls (possibly shard with other nixen) src/legacy: various obsolete/legacy functions, mostly wrappers src/misc: still mostly uncategorized; some misc POSIX, some nonstd src/crypt: crypt hash functions further cleanup will be done later.
2012-09-06fix constraint violation in ftwRich Felker-1/+4
void* does not implicitly convert to function pointer types.
2012-09-06use restrict everywhere it's required by c99 and/or posix 2008Rich Felker-2/+2
to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
2012-08-30fix missing statics in crypt_sha256 codeRich Felker-3/+3
2012-08-29anti-DoS rounds count limits for blowfish and des cryptRich Felker-2/+2
all of the limits could use review, but err on the side of avoiding excessive rounds for now.
2012-08-29limit sha512 rounds to similar runtime to sha256 limitRich Felker-1/+1
these limits could definitely use review, but for now, i feel consistency and erring on the side of preventing servers from getting bogged down by excessively-slow user-provided settings (think .htpasswd) are the best policy. blowfish should be updated to match.
2012-08-29add sha256/sha512 cryptRich Felker-1/+700
based on versions sent to the list by nsz, with some simplification and debloating. i'd still like to get them a bit smaller, or ideally merge them into a single file with most of the code being shared, but that can be done later.
2012-08-23optimize legacy ffs functionRich Felker-4/+2
2012-08-10add blowfish hash support to cryptRich Felker-8/+806
there are still some discussions going on about tweaking the code, but at least thing brings us to the point of having something working in the repository. hopefully the remaining major hashes (md5,sha) will follow soon.
2012-08-09make crypt return an unmatchable hash rather than NULL on failureRich Felker-5/+2
unfortunately, a large portion of programs which call crypt are not prepared for its failure and do not check that the return value is non-null before using it. thus, always "succeeding" but giving an unmatchable hash is reportedly a better behavior than failing on error. it was suggested that we could do this the same way as other implementations and put the null-to-unmatchable translation in the wrapper rather than the individual crypt modules like crypt_des, but when i tried to do it, i found it was making the logic in __crypt_r for keeping track of which hash type we're working with and whether it succeeded or failed much more complex, and potentially error-prone. the way i'm doing it now seems to have essentially zero cost, anyway.
2012-08-02fix missing static in getusershell (namespace pollution)Rich Felker-1/+1
2012-06-29replace old and ugly crypt implementationRich Felker-2574/+1055
the new version is largely the work of Solar Designer, with minor changes for integration with musl. compared to the old code, text size is reduced by about 7k, stack space usage by about 70k, and performance is greatly improved by avoiding expensive calculation of constant tables on each run. this version also adds support for extended des-based password hashes, which allow for unlimited key (password) length and configurable iteration counts. i've also published the interface for crypt_r in a new crypt.h header. especially since this is not a standard interface, i did not feel compelled to match the glibc abi for the crypt_data structure. the glibc structure is way too big to allocate on the stack; in fact it's so big that the first usage may cause the main thread to exceed its pre-committed stack size of 128k and thus could cause the program to crash even on systems with overcommit disabled. the only legitimate use of crypt_data for crypt_r is to store the hash string to return, so i've reserved 256 bytes, which should be more than sufficient (longest known password hashes are ~60 characters, and beyond that is possibly even exceeding some implementations' passwd file field size limit).
2012-06-20fix ptsname_r to conform to the upcoming posix requirementsRich Felker-4/+13
it should return the error code rather than 0/-1 and setting errno.
2012-05-06add isastream (obsolete STREAMS junk)Rich Felker-0/+7
apparently some packages see stropts.h and want to be able to use this. the implementation checks that the file descriptor is valid by using fcntl/F_GETFD so it can report an error if not (as specified).
2012-05-03implement stub versions of sched_*Rich Felker-10/+0
these actually work, but for now they prohibit actually setting priority levels and report min/max priority as 0.
2012-04-24ditch the priority inheritance locks; use malloc's version of lockRich Felker-9/+9
i did some testing trying to switch malloc to use the new internal lock with priority inheritance, and my malloc contention test got 20-100 times slower. if priority inheritance futexes are this slow, it's simply too high a price to pay for avoiding priority inversion. maybe we can consider them somewhere down the road once the kernel folks get their act together on this (and perferably don't link it to glibc's inefficient lock API)... as such, i've switch __lock to use malloc's implementation of lightweight locks, and updated all the users of the code to use an array with a waiter count for their locks. this should give optimal performance in the vast majority of cases, and it's simple. malloc is still using its own internal copy of the lock code because it seems to yield measurably better performance with -O3 when it's inlined (20% or more difference in the contention stress test).
2012-04-22implement getusershell, etc. legacy functionsRich Felker-0/+33
I actually wrote these a month ago but forgot to integrate them. ugly, probably-harmful-to-use functions, but some legacy apps want them...
2012-04-22add getresuid and getresgid syscall wrappersRich Felker-0/+16
2012-04-16wordexp must set the we_offs entries of we_wordv to null pointersRich Felker-0/+4
2012-04-16fix crash in wordfree if we_offs is not initialized by the callerRich Felker-0/+2
I'm not sure if it's legal for wordexp to modify this field, but this is the only easy/straightforward fix, and applications should not care. if it's an issue, i can work out a different (but more complex) solution later.
2012-03-01implement a64l and l64a (legacy xsi stuff)Rich Felker-0/+26
2012-02-23fix (hopefully) PTRACE_TRACEME (command 0) argument handlingRich Felker-2/+2