GNU C Library https://git.stealer.net/cgit.cgi/user/sven/glibc.git/atom?h=master 2025-03-05T14:22:09Z 2025-03-05T14:22:09Z Adhemerval Zanella adhemerval.zanella@linaro.org 2025-02-26T17:11:44Z urn:sha1:1d60b9dfdab411a0cd8856adffc5124c86cde5e1 powerpc was the only architecture with arch-specific hooks for LD_SHOW_AUXV, and with the information moved to ld diagnostics there is no need to keep the _dl_procinfo hook. Checked with a build for all affected ABIs. Reviewed-by: Peter Bergner <bergner@linux.ibm.com> 2024-06-12T18:45:18Z DJ Delorie dj@redhat.com 2024-06-11T23:28:36Z urn:sha1:8859607eaa068a3aaa7df7f54eff186b25ecdad0 Sort tunables list at the time it's generated. Note: adding new tunables will cause other tunable IDs to change, but that was the case before anyway. POSIX does not guarantee the order of "foo in bar" AWK operators, so the order was indeterminate before anyway. Even depending on the order to be the same across multiple calls, such as in this script, is undefined, so sorting the list resolves that also. Note that sorting is not dependent on the user's locale. 2024-05-07T15:16:36Z Adhemerval Zanella adhemerval.zanella@linaro.org 2024-05-06T16:18:48Z urn:sha1:eb59c7b43dd5c64c38e4c3cd21e7ad75d8d29cb0 Tunable with environment variables aliases are also ignored if glibc.rtld.enable_secure is enabled. The tunable parsing is also optimized a bit, where the loop that checks each environment variable only checks for the tunables with aliases instead of all tables. Checked on aarch64-linux-gnu and x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> 2023-11-29T12:30:00Z Adhemerval Zanella adhemerval.zanella@linaro.org 2023-11-23T17:29:14Z urn:sha1:a4c3f5f46e850c977cda81c251036475aab8313c The patch adds two new macros, TUNABLE_GET_DEFAULT and TUNABLE_IS_INITIALIZED, here the former get the default value with a signature similar to TUNABLE_GET, while the later returns whether the tunable was set by the environment variable. Checked on x86_64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> 2023-11-21T19:15:42Z Adhemerval Zanella adhemerval.zanella@linaro.org 2023-11-06T20:25:36Z urn:sha1:9c96c87d60eafa4d78406e606e92b42bd4b570ad The tunable privilege levels were a retrofit to try and keep the malloc tunable environment variables' behavior unchanged across security boundaries. However, CVE-2023-4911 shows how tricky can be tunable parsing in a security-sensitive environment. Not only parsing, but the malloc tunable essentially changes some semantics on setuid/setgid processes. Although it is not a direct security issue, allowing users to change setuid/setgid semantics is not a good security practice, and requires extra code and analysis to check if each tunable is safe to use on all security boundaries. It also means that security opt-in features, like aarch64 MTE, would need to be explicit enabled by an administrator with a wrapper script or with a possible future system-wide tunable setting. Co-authored-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: DJ Delorie <dj@redhat.com> 2022-10-28T10:14:54Z Szabolcs Nagy szabolcs.nagy@arm.com 2021-06-08T13:03:38Z urn:sha1:0b845d3b3fde40e72c5372d6fa0f129b5e45c363 The initializer for a tunable_t set the bool initialized flag to NULL. This causes a build failure when pointer to bool conversion warns. Reviewed-by: Florian Weimer <fweimer@redhat.com> 2021-01-21T14:05:15Z Szabolcs Nagy szabolcs.nagy@arm.com 2021-01-12T16:28:27Z urn:sha1:bfe04789a8d9014cf3177137651f8f93dd4a00ca With static pie linking pointers in the tunables list need RELATIVE relocs since the absolute address is not known at link time. We want to avoid relocations so the static pie self relocation can be done after tunables are initialized. This is a simple fix that embeds the tunable strings into the tunable list instead of using pointers. It is possible to have a more compact representation of tunables with some additional complexity in the generator and tunable parser logic. Such optimization will be useful if the list of tunables grows. There is still an issue that tunables_strdup allocates and the failure handling code path is sufficiently complex that it can easily have RELATIVE relocations. It is possible to avoid the early allocation and only change environment variables in a setuid exe after relocations are processed. But that is a bigger change and early failure is fatal anyway so it is not as critical to fix right away. This is bug 27181. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> 2021-01-21T14:05:15Z Szabolcs Nagy szabolcs.nagy@arm.com 2021-01-06T17:19:24Z urn:sha1:058308066c9ee3d08361a61cc36835abfe5ecfb6 The representation of the tunables including type information and the tunable list structure are only used in the implementation not in the tunables api that is exposed to usage within glibc. This patch moves the representation related definitions into the existing dl-tunable-types.h and uses that only for implementation. The tunable callback and related types are moved to dl-tunables.h because they are part of the tunables api. This reduces the details exposed in the tunables api so the internals are easier to change. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> 2017-09-26T21:14:09Z Alexey Makhalov amakhalov@vmware.com 2017-09-26T21:14:09Z urn:sha1:cebcb9f864d4ca29e155363e71b7de6826d13cf1 Current implementation of tunables does not set arena_max and arena_test values. Any value provided by glibc.malloc.arena_max and glibc.malloc.arena_test parameters is ignored. These tunables have minval value set to 1 (see elf/dl-tunables.list file) and undefined maxval value. In that case default value (which is 0. see scripts/gen-tunables.awk) is being used to set maxval. For instance, generated tunable_list[] entry for arena_max is: (gdb) p *cur $1 = {name = 0x7ffff7df6217 "glibc.malloc.arena_max", type = {type_code = TUNABLE_TYPE_SIZE_T, min = 1, max = 0}, val = {numval = 0, strval = 0x0}, initialized = false, security_level = TUNABLE_SECLEVEL_SXID_IGNORE, env_alias = 0x7ffff7df622e "MALLOC_ARENA_MAX"} As a result, any value of glibc.malloc.arena_max is ignored by TUNABLE_SET_VAL_IF_VALID_RANGE macro __type min = (__cur)->type.min; <- initialized to 1 __type max = (__cur)->type.max; <- initialized to 0! if (min == max) <- false { min = __default_min; max = __default_max; } if ((__type) (__val) >= min && (__type) (val) <= max) <- false { (__cur)->val.numval = val; (__cur)->initialized = true; } Assigning correct min/max values at a build time fixes a problem. Plus, a bit of optimization: Setting of default min/max values for the given type at a run time might be eliminated. * elf/dl-tunables.c (do_tunable_update_val): Range checking fix. * scripts/gen-tunables.awk: Set unspecified minval and/or maxval values to correct default value for given type. 2017-06-19T09:17:22Z Adhemerval Zanella adhemerval.zanella@linaro.org 2017-06-19T09:17:21Z urn:sha1:a4de0a9008d6f15e1509c9818ba6e50d78bb83f3 Awk 3.1.x does not support multi-dimensional arrays, so fix up to make sure that gen-tunables.awk works on it. * scripts/gen-tunables.awk: Avoid multi-dimensional arrays.