<feed xmlns='http://www.w3.org/2005/Atom'>
<title>glibc/gmon, branch master</title>
<subtitle>Fork of glibc for development</subtitle>
<id>https://git.zx2c4.com/glibc/atom/gmon?h=master</id>
<link rel='self' href='https://git.zx2c4.com/glibc/atom/gmon?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/'/>
<updated>2024-05-22T13:12:55Z</updated>
<entry>
<title>Define write_profiling functions only in profile library [BZ #31756]</title>
<updated>2024-05-22T13:12:55Z</updated>
<author>
<name>H.J. Lu</name>
<email>hjl.tools@gmail.com</email>
</author>
<published>2024-05-20T01:46:53Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=6d3b523eb54198d15af6e042054912cf9f5210de'/>
<id>urn:sha1:6d3b523eb54198d15af6e042054912cf9f5210de</id>
<content type='text'>
libc.so doesn't use nor export write_profiling functions.  There is no
point to define them in libc.so nor in libc.a.  Fix BZ #31756 by defining
them only in profile library.

Signed-off-by: H.J. Lu &lt;hjl.tools@gmail.com&gt;
Reviewed-by: Adhemerval Zanella  &lt;adhemerval.zanella@linaro.org&gt;
</content>
</entry>
<entry>
<title>gmon: Reformat Makefile.</title>
<updated>2024-02-25T18:38:16Z</updated>
<author>
<name>Carlos O'Donell</name>
<email>carlos@redhat.com</email>
</author>
<published>2023-06-08T11:58:00Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=5273dd98123f9f129ad735680974f6ed5a035efd'/>
<id>urn:sha1:5273dd98123f9f129ad735680974f6ed5a035efd</id>
<content type='text'>
Reflow and sort Makefile.

Code generation changes present due to link order changes.

No regressions on x86_64 and i686.
</content>
</entry>
<entry>
<title>Remove ia64-linux-gnu</title>
<updated>2024-01-08T20:09:36Z</updated>
<author>
<name>Adhemerval Zanella</name>
<email>adhemerval.zanella@linaro.org</email>
</author>
<published>2024-01-08T13:21:17Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=460860f457e2a889785c506e8c77d4a7dff24d3e'/>
<id>urn:sha1:460860f457e2a889785c506e8c77d4a7dff24d3e</id>
<content type='text'>
Linux 6.7 removed ia64 from the official tree [1], following the general
principle that a glibc port needs upstream support for the architecture
in all the components it depends on (binutils, GCC, and the Linux
kernel).

Apart from the removal of sysdeps/ia64 and sysdeps/unix/sysv/linux/ia64,
there are updates to various comments referencing ia64 for which removal
of those references seemed appropriate. The configuration is removed
from README and build-many-glibcs.py.

The CONTRIBUTED-BY, elf/elf.h, manual/contrib.texi (the porting
mention), *.po files, config.guess, and longlong.h are not changed.

For Linux it allows cleanup some clone2 support on multiple files.

The following bug can be closed as WONTFIX: BZ 22634 [2], BZ 14250 [3],
BZ 21634 [4], BZ 10163 [5], BZ 16401 [6], and BZ 11585 [7].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ff221426d33db909f7159fdf620c3b052e2d1c
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=22634
[3] https://sourceware.org/bugzilla/show_bug.cgi?id=14250
[4] https://sourceware.org/bugzilla/show_bug.cgi?id=21634
[5] https://sourceware.org/bugzilla/show_bug.cgi?id=10163
[6] https://sourceware.org/bugzilla/show_bug.cgi?id=16401
[7] https://sourceware.org/bugzilla/show_bug.cgi?id=11585
Reviewed-by: Carlos O'Donell &lt;carlos@redhat.com&gt;
</content>
</entry>
<entry>
<title>Update copyright dates with scripts/update-copyrights</title>
<updated>2024-01-01T18:53:40Z</updated>
<author>
<name>Paul Eggert</name>
<email>eggert@cs.ucla.edu</email>
</author>
<published>2024-01-01T18:12:26Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=dff8da6b3e89b986bb7f6b1ec18cf65d5972e307'/>
<id>urn:sha1:dff8da6b3e89b986bb7f6b1ec18cf65d5972e307</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Fix all the remaining misspellings -- BZ 25337</title>
<updated>2023-06-02T01:39:48Z</updated>
<author>
<name>Paul Pluzhnikov</name>
<email>ppluzhnikov@google.com</email>
</author>
<published>2023-05-20T13:37:47Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=7f0d9e61f40c669fca3cfd1e342fa8236c7220b7'/>
<id>urn:sha1:7f0d9e61f40c669fca3cfd1e342fa8236c7220b7</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Use O_CLOEXEC in more places (BZ #15722)</title>
<updated>2023-04-22T11:50:14Z</updated>
<author>
<name>Sergey Bugaev</name>
<email>bugaevc@gmail.com</email>
</author>
<published>2023-04-19T16:02:03Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=533deafbdf189f5fbb280c28562dd43ace2f4b0f'/>
<id>urn:sha1:533deafbdf189f5fbb280c28562dd43ace2f4b0f</id>
<content type='text'>
When opening a temporary file without O_CLOEXEC we risk leaking the
file descriptor if another thread calls (fork and then) exec while we
have the fd open. Fix this by consistently passing O_CLOEXEC everywhere
where we open a file for internal use (and not to return it to the user,
in which case the API defines whether or not the close-on-exec flag
shall be set on the returned fd).

Reviewed-by: Adhemerval Zanella &lt;adhemerval.zanella@linaro.org&gt;
Signed-off-by: Sergey Bugaev &lt;bugaevc@gmail.com&gt;
Message-Id: &lt;20230419160207.65988-4-bugaevc@gmail.com&gt;
</content>
</entry>
<entry>
<title>Remove --enable-tunables configure option</title>
<updated>2023-03-29T17:33:06Z</updated>
<author>
<name>Adhemerval Zanella Netto</name>
<email>adhemerval.zanella@linaro.org</email>
</author>
<published>2023-03-23T13:13:51Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=33237fe83d553dff111915024c9670adc3f06048'/>
<id>urn:sha1:33237fe83d553dff111915024c9670adc3f06048</id>
<content type='text'>
And make always supported.  The configure option was added on glibc 2.25
and some features require it (such as hwcap mask, huge pages support, and
lock elisition tuning).  It also simplifies the build permutations.

Changes from v1:
 * Remove glibc.rtld.dynamic_sort changes, it is orthogonal and needs
   more discussion.
 * Cleanup more code.
Reviewed-by: Siddhesh Poyarekar &lt;siddhesh@sourceware.org&gt;
</content>
</entry>
<entry>
<title>gmon: fix memory corruption issues [BZ# 30101]</title>
<updated>2023-02-23T02:03:30Z</updated>
<author>
<name>Simon Kissane</name>
<email>skissane@gmail.com</email>
</author>
<published>2023-02-10T21:58:02Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=bde121872001d8f3224eeafa5b7effb871c3fbca'/>
<id>urn:sha1:bde121872001d8f3224eeafa5b7effb871c3fbca</id>
<content type='text'>
V2 of this patch fixes an issue in V1, where the state was changed to ON not
OFF at end of _mcleanup. I hadn't noticed that (counterintuitively) ON=0 and
OFF=3, hence zeroing the buffer turned it back on. So set the state to OFF
after the memset.

1. Prevent double free, and reads from unallocated memory, when
   _mcleanup is (incorrectly) called two or more times in a row,
   without an intervening call to __monstartup; with this patch, the
   second and subsequent calls effectively become no-ops instead.
   While setting tos=NULL is minimal fix, safest action is to zero the
   whole gmonparam buffer.

2. Prevent memory leak when __monstartup is (incorrectly) called two
   or more times in a row, without an intervening call to _mcleanup;
   with this patch, the second and subsequent calls effectively become
   no-ops instead.

3. After _mcleanup, treat __moncontrol(1) as __moncontrol(0) instead.
   With zeroing of gmonparam buffer in _mcleanup, this stops the
   state incorrectly being changed to GMON_PROF_ON despite profiling
   actually being off. If we'd just done the minimal fix to _mcleanup
   of setting tos=NULL, there is risk of far worse memory corruption:
   kcount would point to deallocated memory, and the __profil syscall
   would make the kernel write profiling data into that memory,
   which could have since been reallocated to something unrelated.

4. Ensure __moncontrol(0) still turns off profiling even in error
   state. Otherwise, if mcount overflows and sets state to
   GMON_PROF_ERROR, when _mcleanup calls __moncontrol(0), the __profil
   syscall to disable profiling will not be invoked. _mcleanup will
   free the buffer, but the kernel will still be writing profiling
   data into it, potentially corrupted arbitrary memory.

Also adds a test case for (1). Issues (2)-(4) are not feasible to test.

Signed-off-by: Simon Kissane &lt;skissane@gmail.com&gt;
Reviewed-by: DJ Delorie &lt;dj@redhat.com&gt;
</content>
</entry>
<entry>
<title>gmon: improve mcount overflow handling [BZ# 27576]</title>
<updated>2023-02-23T02:00:14Z</updated>
<author>
<name>Simon Kissane</name>
<email>skissane@gmail.com</email>
</author>
<published>2023-02-11T09:12:13Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=31be941e4367c001b2009308839db5c67bf9dcbc'/>
<id>urn:sha1:31be941e4367c001b2009308839db5c67bf9dcbc</id>
<content type='text'>
When mcount overflows, no gmon.out file is generated, but no message is printed
to the user, leaving the user with no idea why, and thinking maybe there is
some bug - which is how BZ 27576 ended up being logged. Print a message to
stderr in this case so the user knows what is going on.

As a comment in sys/gmon.h acknowledges, the hardcoded MAXARCS value is too
small for some large applications, including the test case in that BZ. Rather
than increase it, add tunables to enable MINARCS and MAXARCS to be overridden
at runtime (glibc.gmon.minarcs and glibc.gmon.maxarcs). So if a user gets the
mcount overflow error, they can try increasing maxarcs (they might need to
increase minarcs too if the heuristic is wrong in their case.)

Note setting minarcs/maxarcs too large can cause monstartup to fail with an
out of memory error. If you set them large enough, it can cause an integer
overflow in calculating the buffer size. I haven't done anything to defend
against that - it would not generally be a security vulnerability, since these
tunables will be ignored in suid/sgid programs (due to the SXID_ERASE default),
and if you can set GLIBC_TUNABLES in the environment of a process, you can take
it over anyway (LD_PRELOAD, LD_LIBRARY_PATH, etc). I thought about modifying
the code of monstartup to defend against integer overflows, but doing so is
complicated, and I realise the existing code is susceptible to them even prior
to this change (e.g. try passing a pathologically large highpc argument to
monstartup), so I decided just to leave that possibility in-place.

Add a test case which demonstrates mcount overflow and the tunables.

Document the new tunables in the manual.

Signed-off-by: Simon Kissane &lt;skissane@gmail.com&gt;
Reviewed-by: DJ Delorie &lt;dj@redhat.com&gt;
</content>
</entry>
<entry>
<title>gmon: Fix allocated buffer overflow (bug 29444)</title>
<updated>2023-02-22T22:23:57Z</updated>
<author>
<name>Леонид Юрьев (Leonid Yuriev)</name>
<email>leo@yuriev.ru</email>
</author>
<published>2023-02-04T11:41:38Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/glibc/commit/?id=801af9fafd4689337ebf27260aa115335a0cb2bc'/>
<id>urn:sha1:801af9fafd4689337ebf27260aa115335a0cb2bc</id>
<content type='text'>
The `__monstartup()` allocates a buffer used to store all the data
accumulated by the monitor.

The size of this buffer depends on the size of the internal structures
used and the address range for which the monitor is activated, as well
as on the maximum density of call instructions and/or callable functions
that could be potentially on a segment of executable code.

In particular a hash table of arcs is placed at the end of this buffer.
The size of this hash table is calculated in bytes as
   p-&gt;fromssize = p-&gt;textsize / HASHFRACTION;

but actually should be
   p-&gt;fromssize = ROUNDUP(p-&gt;textsize / HASHFRACTION, sizeof(*p-&gt;froms));

This results in writing beyond the end of the allocated buffer when an
added arc corresponds to a call near from the end of the monitored
address range, since `_mcount()` check the incoming caller address for
monitored range but not the intermediate result hash-like index that
uses to write into the table.

It should be noted that when the results are output to `gmon.out`, the
table is read to the last element calculated from the allocated size in
bytes, so the arcs stored outside the buffer boundary did not fall into
`gprof` for analysis. Thus this "feature" help me to found this bug
during working with https://sourceware.org/bugzilla/show_bug.cgi?id=29438

Just in case, I will explicitly note that the problem breaks the
`make test t=gmon/tst-gmon-dso` added for Bug 29438.
There, the arc of the `f3()` call disappears from the output, since in
the DSO case, the call to `f3` is located close to the end of the
monitored range.

Signed-off-by: Леонид Юрьев (Leonid Yuriev) &lt;leo@yuriev.ru&gt;

Another minor error seems a related typo in the calculation of
`kcountsize`, but since kcounts are smaller than froms, this is
actually to align the p-&gt;froms data.

Co-authored-by: DJ Delorie &lt;dj@redhat.com&gt;
Reviewed-by: Carlos O'Donell &lt;carlos@redhat.com&gt;
</content>
</entry>
</feed>
