Sync with upstream branch release/2.34/master

Upstream commit: 94ab2088c37d8e4285354af120b7ed6b887b9e53

- nss: handle stat failure in check_reload_and_get (BZ #28752)
- nss: add assert to DB_LOOKUP_FCT (BZ #28752)
- nios2: Remove _dl_skip_args usage (BZ# 29187)
- hppa: Remove _dl_skip_args usage (BZ# 29165)
- nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214)

glibc-upstream-2.34-269.patch

@@ -0,0 +1,126 @@
+commit a7ec6363a3a8fd7a2014fd7398bcdcab42919ec1
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Tue May 31 17:13:35 2022 -0300
+
+    nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214)
+    
+    This was due a wrong revert done on 404656009b459658.
+    
+    Checked on x86_64-linux-gnu.
+    
+    (cherry picked from commit c7d36dcecc08a29825175f65c4ee873ff3177a23)
+
+diff --git a/nptl/libc-cleanup.c b/nptl/libc-cleanup.c
+index fccb1abe69aa693c..a37c48ff876d613a 100644
+--- a/nptl/libc-cleanup.c
++++ b/nptl/libc-cleanup.c
+@@ -58,7 +58,8 @@ __libc_cleanup_pop_restore (struct _pthread_cleanup_buffer *buffer)
+   THREAD_SETMEM (self, cleanup, buffer->__prev);
+ 
+   int cancelhandling = atomic_load_relaxed (&self->cancelhandling);
+-  if (cancelhandling & CANCELTYPE_BITMASK)
++  if (buffer->__canceltype != PTHREAD_CANCEL_DEFERRED
++      && (cancelhandling & CANCELTYPE_BITMASK) == 0)
+     {
+       int newval;
+       do
+diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
+index 5147588c130c9415..d99c161c827ef4b8 100644
+--- a/sysdeps/pthread/Makefile
++++ b/sysdeps/pthread/Makefile
+@@ -126,6 +126,7 @@ tests += tst-cnd-basic tst-mtx-trylock tst-cnd-broadcast \
+ 	 tst-pthread-raise-blocked-self \
+ 	 tst-pthread_kill-exited \
+ 	 tst-pthread_kill-exiting \
++	 tst-cancel30 \
+ 	 # tests
+ 
+ tests-time64 := \
+diff --git a/sysdeps/pthread/tst-cancel30.c b/sysdeps/pthread/tst-cancel30.c
+new file mode 100644
+index 0000000000000000..e08392f96874de5f
+--- /dev/null
++++ b/sysdeps/pthread/tst-cancel30.c
+@@ -0,0 +1,82 @@
++/* Check if printf like functions does not disable asynchronous cancellation
++   mode (BZ#29214).
++
++   Copyright (C) 2022 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <support/check.h>
++#include <support/xstdio.h>
++#include <support/xthread.h>
++#include <sys/syscall.h>
++#include <unistd.h>
++
++static pthread_barrier_t b;
++
++static void *
++tf (void *arg)
++{
++  int old;
++
++  TEST_COMPARE (pthread_setcanceltype (PTHREAD_CANCEL_ASYNCHRONOUS, NULL), 0);
++
++  TEST_COMPARE (pthread_setcanceltype (PTHREAD_CANCEL_ASYNCHRONOUS, &old), 0);
++  TEST_COMPARE (old, PTHREAD_CANCEL_ASYNCHRONOUS);
++
++  /* Check if internal lock cleanup routines restore the cancellation type
++     correctly.  */
++  printf ("...\n");
++  TEST_COMPARE (pthread_setcanceltype (PTHREAD_CANCEL_ASYNCHRONOUS, &old), 0);
++  TEST_COMPARE (old, PTHREAD_CANCEL_ASYNCHRONOUS);
++
++  xpthread_barrier_wait (&b);
++
++  /* Wait indefinitely for cancellation, which only works if asynchronous
++     cancellation is enabled.  */
++#ifdef SYS_pause
++  syscall (SYS_pause);
++#elif defined SYS_ppoll || defined SYS_ppoll_time64
++# ifndef SYS_ppoll_time64
++#  define SYS_ppoll_time64 SYS_ppoll
++# endif
++  syscall (SYS_ppoll_time64, NULL, 0, NULL, NULL);
++#else
++  for (;;);
++#endif
++
++  return 0;
++}
++
++static int
++do_test (void)
++{
++  xpthread_barrier_init (&b, NULL, 2);
++
++  pthread_t th = xpthread_create (NULL, tf, NULL);
++
++  xpthread_barrier_wait (&b);
++
++  xpthread_cancel (th);
++
++  void *status = xpthread_join (th);
++  TEST_VERIFY (status == PTHREAD_CANCELED);
++
++  return 0;
++}
++
++/* There is no need to wait full TIMEOUT if asynchronous is not working.  */
++#define TIMEOUT 3
++#include <support/test-driver.c>

glibc-upstream-2.34-270.patch

@@ -0,0 +1,83 @@
+commit 96944f0f81870b733f518950a108c7ad6b078da6
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Wed May 25 08:58:38 2022 -0300
+
+    hppa: Remove _dl_skip_args usage (BZ# 29165)
+    
+    Different than other architectures, hppa creates an unrelated stack
+    frame where ld.so argc/argv adjustments done by ad43cac44a6860eaefc
+    is not done on the argc/argv saved/restore by _dl_start_user.
+    
+    Instead load _dl_argc and _dl_argv directlty instead of adjust them
+    using _dl_skip_args value.
+    
+    Checked on hppa-linux-gnu.
+    
+    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+    (cherry picked from commit 6242602273feb8d68cd51cff0ad21b3c8ee11fc6)
+
+diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h
+index ac66f044189edd18..df6269209f3268b7 100644
+--- a/sysdeps/hppa/dl-machine.h
++++ b/sysdeps/hppa/dl-machine.h
+@@ -374,10 +374,6 @@ asm (									\
+ "_start:\n"								\
+ 	/* The kernel does not give us an initial stack frame. */	\
+ "	ldo	64(%sp),%sp\n"						\
+-	/* Save the relevant arguments (yes, those are the correct	\
+-	   registers, the kernel is weird) in their stack slots. */	\
+-"	stw	%r25,-40(%sp)\n" /* argc */				\
+-"	stw	%r24,-44(%sp)\n" /* argv */				\
+ 									\
+ 	/* We need the LTP, and we need it now.				\
+ 	   $PIC_pcrel$0 points 8 bytes past the current instruction,	\
+@@ -435,12 +431,7 @@ asm (									\
+ 	  So, obviously, we can't just pass %sp to _dl_start.  That's	\
+ 	  okay, argv-4 will do just fine.				\
+ 									\
+-	  The pleasant part of this is that if we need to skip		\
+-	  arguments we can just decrement argc and move argv, because	\
+-	  the stack pointer is utterly unrelated to the location of	\
+-	  the environment and argument vectors. */			\
+-									\
+-	/* This is always within range so we'll be okay. */		\
++	  This is always within range so we'll be okay. */		\
+ "	bl	_dl_start,%rp\n"					\
+ "	ldo	-4(%r24),%r26\n"					\
+ 									\
+@@ -450,22 +441,23 @@ asm (									\
+ 	/* Save the entry point in %r3. */				\
+ "	copy	%ret0,%r3\n"						\
+ 									\
+-	/* See if we were called as a command with the executable file	\
+-	   name as an extra leading argument. */			\
+-"	addil	LT'_dl_skip_args,%r19\n"				\
+-"	ldw	RT'_dl_skip_args(%r1),%r20\n"				\
+-"	ldw	0(%r20),%r20\n"						\
+-									\
+-"	ldw	-40(%sp),%r25\n"	/* argc */			\
+-"	comib,=	0,%r20,.Lnofix\n"	/* FIXME: Mispredicted branch */\
+-"	ldw	-44(%sp),%r24\n"	/* argv (delay slot) */		\
++	/* The loader adjusts argc, argv, env, and the aux vectors	\
++	   directly on the stack to remove any arguments used for	\
++	   direct loader invocation.  Thus, argc and argv must be	\
++	   reloaded from from _dl_argc and _dl_argv.  */		\
+ 									\
+-"	sub	%r25,%r20,%r25\n"					\
++	/* Load argc from _dl_argc.  */					\
++"	addil	LT'_dl_argc,%r19\n"					\
++"	ldw	RT'_dl_argc(%r1),%r20\n"				\
++"	ldw	0(%r20),%r25\n"						\
+ "	stw	%r25,-40(%sp)\n"					\
+-"	sh2add	%r20,%r24,%r24\n"					\
++									\
++	/* Same for argv with _dl_argv.  */				\
++"	addil	LT'_dl_argv,%r19\n"					\
++"	ldw	RT'_dl_argv(%r1),%r20\n"				\
++"	ldw	0(%r20),%r24\n"						\
+ "	stw	%r24,-44(%sp)\n"					\
+ 									\
+-".Lnofix:\n"								\
+ 	/* Call _dl_init(main_map, argc, argv, envp). */		\
+ "	addil	LT'_rtld_local,%r19\n"					\
+ "	ldw	RT'_rtld_local(%r1),%r26\n"				\

glibc-upstream-2.34-271.patch

@@ -0,0 +1,84 @@
+commit bb4148283fa7c52fbc7efe19e81cd129adc7fd61
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Thu May 26 13:12:21 2022 -0300
+
+    nios2: Remove _dl_skip_args usage (BZ# 29187)
+    
+    Since ad43cac44a the generic code already shuffles the argv/envp/auxv
+    on the stack to remove the ld.so own arguments and thus _dl_skip_args
+    is always 0.   So there is no need to adjust the argc or argv.
+    
+    Checked with qemu-user that arguments are correctly passed on both
+    constructors and main program.
+    
+    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+    (cherry picked from commit 4868ba5d257a7fb415674e79c4ae5a3af2827f55)
+
+diff --git a/sysdeps/nios2/dl-machine.h b/sysdeps/nios2/dl-machine.h
+index 430ca5d7ae1e0372..47b3f6acd7624bcb 100644
+--- a/sysdeps/nios2/dl-machine.h
++++ b/sysdeps/nios2/dl-machine.h
+@@ -128,53 +128,23 @@ _start:\n\
+         ldw r8, %call(_dl_nios2_get_gp_value)(r22)\n\
+         callr r8\n\
+         mov gp, r2\n\
+-\n\
+-        /* Find the number of arguments to skip.  */\n\
+-        ldw r8, %got(_dl_skip_args)(r22)\n\
+-        ldw r8, 0(r8)\n\
+ \n\
+         /* Find the main_map from the GOT.  */\n\
+         ldw r4, %got(_rtld_local)(r22)\n\
+         ldw r4, 0(r4)\n\
+ \n\
+-        /* Find argc.  */\n\
+-        ldw r5, 0(sp)\n\
+-        sub r5, r5, r8\n\
+-        stw r5, 0(sp)\n\
+-\n\
+-        /* Find the first unskipped argument.  */\n\
+-        slli r8, r8, 2\n\
+-        addi r6, sp, 4\n\
+-        add r9, r6, r8\n\
+-        mov r10, r6\n\
+-\n\
+-        /* Shuffle argv down.  */\n\
+-3:      ldw r11, 0(r9)\n\
+-        stw r11, 0(r10)\n\
+-        addi r9, r9, 4\n\
+-        addi r10, r10, 4\n\
+-        bne r11, zero, 3b\n\
++        /* Load adjusted argc.  */\n\
++        ldw r2, %got(_dl_argc)(r22)\n\
++	ldw r5, 0(r2)\n\
+ \n\
+-        /* Shuffle envp down.  */\n\
+-        mov r7, r10\n\
+-4:      ldw r11, 0(r9)\n\
+-        stw r11, 0(r10)\n\
+-        addi r9, r9, 4\n\
+-        addi r10, r10, 4\n\
+-        bne r11, zero, 4b\n\
+-\n\
+-        /* Shuffle auxv down.  */\n\
+-5:      ldw r11, 4(r9)\n\
+-        stw r11, 4(r10)\n\
+-        ldw r11, 0(r9)\n\
+-        stw r11, 0(r10)\n\
+-        addi r9, r9, 8\n\
+-        addi r10, r10, 8\n\
+-        bne r11, zero, 5b\n\
+-\n\
+-        /* Update _dl_argv.  */\n\
++        /* Load adjsuted argv.  */\n\
+         ldw r2, %got(_dl_argv)(r22)\n\
+-        stw r6, 0(r2)\n\
++	ldw r6, 0(r2)\n\
++\n\
++	/* envp = argv + argc + 1  */\n\
++        addi r7, r5, 1\n\
++        slli r7, r7, 2\n\
++        add  r7, r7, r6\n\
+ \n\
+         /* Call _dl_init through the PLT.  */\n\
+         ldw r8, %call(_dl_init)(r22)\n\

glibc-upstream-2.34-272.patch

@@ -0,0 +1,37 @@
+commit 368c5c3e001a37571b61ab342f2b654c3d23643d
+Author: Sam James <sam@gentoo.org>
+Date:   Sun Jun 5 04:57:09 2022 +0100
+
+    nss: add assert to DB_LOOKUP_FCT (BZ #28752)
+    
+    It's interesting if we have a null action list,
+    so an assert is worthwhile.
+    
+    Suggested-by: DJ Delorie <dj@redhat.com>
+    Signed-off-by: Sam James <sam@gentoo.org>
+    Reviewed-by: DJ Delorie <dj@redhat.com>
+    (cherry picked from commit 3fdf0a205b622e40fa7e3c4ed1e4ed4d5c6c5380)
+
+diff --git a/nss/XXX-lookup.c b/nss/XXX-lookup.c
+index dbc87868dd408d9f..343fd9869bd12714 100644
+--- a/nss/XXX-lookup.c
++++ b/nss/XXX-lookup.c
+@@ -16,6 +16,7 @@
+    License along with the GNU C Library; if not, see
+    <https://www.gnu.org/licenses/>.  */
+ 
++#include <assert.h>
+ #include "nsswitch.h"
+ 
+ /*******************************************************************\
+@@ -55,6 +56,10 @@ DB_LOOKUP_FCT (nss_action_list *ni, const char *fct_name, const char *fct2_name,
+ 
+   *ni = DATABASE_NAME_SYMBOL;
+ 
++  /* We want to know about it if we've somehow got a NULL action list;
++   in the past, we had bad state if seccomp interfered with setup. */
++  assert(*ni != NULL);
++
+   return __nss_lookup (ni, fct_name, fct2_name, fctp);
+ }
+ libc_hidden_def (DB_LOOKUP_FCT)

glibc-upstream-2.34-273.patch

@@ -0,0 +1,74 @@
+commit 94ab2088c37d8e4285354af120b7ed6b887b9e53
+Author: Sam James <sam@gentoo.org>
+Date:   Sun Jun 5 04:57:10 2022 +0100
+
+    nss: handle stat failure in check_reload_and_get (BZ #28752)
+    
+    Skip the chroot test if the database isn't loaded
+    correctly (because the chroot test uses some
+    existing DB state).
+    
+    The __stat64_time64 -> fstatat call can fail if
+    running under an (aggressive) seccomp filter,
+    like Firefox seems to use.
+    
+    This manifested in a crash when using glib built
+    with FAM support with such a Firefox build.
+    
+    Suggested-by: DJ Delorie <dj@redhat.com>
+    Signed-off-by: Sam James <sam@gentoo.org>
+    Reviewed-by: DJ Delorie <dj@redhat.com>
+    (cherry picked from commit ace9e3edbca62d978b1e8f392d8a5d78500272d9)
+
+diff --git a/nss/nss_database.c b/nss/nss_database.c
+index 54561f03287db2e4..e807e9d84ca03680 100644
+--- a/nss/nss_database.c
++++ b/nss/nss_database.c
+@@ -420,23 +420,32 @@ nss_database_check_reload_and_get (struct nss_database_state *local,
+       return true;
+     }
+ 
+-  /* Before we reload, verify that "/" hasn't changed.  We assume that
+-     errors here are very unlikely, but the chance that we're entering
+-     a container is also very unlikely, so we err on the side of both
+-     very unlikely things not happening at the same time.  */
+-  if (__stat64_time64 ("/", &str) != 0
+-      || (local->root_ino != 0
+-	  && (str.st_ino != local->root_ino
+-	      ||  str.st_dev != local->root_dev)))
++  int stat_rv = __stat64_time64 ("/", &str);
++
++  if (local->data.services[database_index] != NULL)
+     {
+-      /* Change detected; disable reloading and return current state.  */
+-      atomic_store_release (&local->data.reload_disabled, 1);
+-      *result = local->data.services[database_index];
+-      __libc_lock_unlock (local->lock);
+-      return true;
++      /* Before we reload, verify that "/" hasn't changed.  We assume that
++        errors here are very unlikely, but the chance that we're entering
++        a container is also very unlikely, so we err on the side of both
++        very unlikely things not happening at the same time.  */
++      if (stat_rv != 0
++	  || (local->root_ino != 0
++	      && (str.st_ino != local->root_ino
++		  ||  str.st_dev != local->root_dev)))
++	{
++        /* Change detected; disable reloading and return current state.  */
++        atomic_store_release (&local->data.reload_disabled, 1);
++        *result = local->data.services[database_index];
++        __libc_lock_unlock (local->lock);
++        return true;
++      }
++    }
++  if (stat_rv == 0)
++    {
++      local->root_ino = str.st_ino;
++      local->root_dev = str.st_dev;
+     }
+-  local->root_ino = str.st_ino;
+-  local->root_dev = str.st_dev;
++
+   __libc_lock_unlock (local->lock);
+ 
+   /* Avoid overwriting the global configuration until we have loaded

glibc.spec

@@ -148,7 +148,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 37%{?dist}
+Release: 38%{?dist}
 
 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@@ -543,6 +543,11 @@ Patch335: glibc-rh2085529-1.patch
 Patch336: glibc-rh2085529-2.patch
 Patch337: glibc-rh2085529-3.patch
 Patch338: glibc-rh2085529-4.patch
+Patch339: glibc-upstream-2.34-269.patch
+Patch340: glibc-upstream-2.34-270.patch
+Patch341: glibc-upstream-2.34-271.patch
+Patch342: glibc-upstream-2.34-272.patch
+Patch343: glibc-upstream-2.34-273.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -2599,6 +2604,15 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
 
 %changelog
+* Tue Jun 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-38
+- Sync with upstream branch release/2.34/master,
+  commit 94ab2088c37d8e4285354af120b7ed6b887b9e53:
+- nss: handle stat failure in check_reload_and_get (BZ #28752)
+- nss: add assert to DB_LOOKUP_FCT (BZ #28752)
+- nios2: Remove _dl_skip_args usage (BZ# 29187)
+- hppa: Remove _dl_skip_args usage (BZ# 29165)
+- nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214)
+
 * Wed Jun  8 2022 Florian Weimer <fweimer@redhat.com> - 2.34-37
 - Enable rseq by default and add GLIBC_2.35 rseq symbols (#2085529)