Initial commit.

Author: corsix

.gitignore

@@ -0,0 +1,5 @@
+build/
+polyfill-glibc
+.ninja_deps
+.ninja_log
+

README.md

@@ -0,0 +1,46 @@
+## polyfill-glibc
+
+How often have you compiled a C/C++ program on a recent Linux system, tried to run that compiled program on an older Linux system, and then hit a GLIBC version error?
+Concretely, perhaps you're seeing something like this:
+
+```
+new-system$ gcc my-program.c -o my-program
+old-system$ scp new-system:my-program .
+old-system$ ./my-program
+./my-program: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./my-program)
+```
+
+The motivating idea behind polyfill-glibc is that an extra post-compilation step can prevent these errors from happening:
+
+```
+new-system$ gcc my-program.c -o my-program
+new-system$ polyfill-glibc --target-glibc=2.17 my-program
+old-system$ scp new-system:my-program .
+old-system$ ./my-program
+It works!
+```
+
+## Build and run instructions
+
+To build polyfill-glibc, you'll need a git client, a C11 compiler (such as `gcc`), and [`ninja`](https://github.com/ninja-build/ninja/wiki/Pre-built-Ninja-packages). With these tools present, the build process is:
+
+```
+$ git clone https://github.com/corsix/polyfill-glibc.git
+$ cd polyfill-glibc
+$ ninja polyfill-glibc
+```
+
+Once built, running it is intended to be as simple as passing the oldest version of glibc you want to support, along with the path to the program (or shared library) to modify, as in:
+```
+$ ./polyfill-glibc --target-glibc=2.17 /path/to/my-program
+```
+
+If running it _isn't_ this simple, then open a GitHub issue describing why not, and we'll try to improve things.
+
+Note that at present, the `--target-glibc` operation of polyfill-glibc is only implemented for x86_64. If other architectures are of interest to you, open a GitHub issue so that we can gauge demand.
+
+If distributing shared libraries, polyfill-glibc can also be used to inspect dependencies (with the `--print-imports` and `--print-exports` operations), and to modify how shared libraries are loaded (with the `--set-rpath`, `--set-runpath`, and `--set-soname` operations). Consult [the documentation](docs/Command_line_options.md) for a full list of command line options.
+
+## License
+
+polyfill-glibc itself is made available under the [MIT license](https://opensource.org/license/mit). The polyfilling procedure can sometimes involve linking small pieces of polyfill-glibc into the file being modified; the "the above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software" clause of the MIT license is explicitly waived for any such pieces.

build.ninja

@@ -0,0 +1,95 @@
+cc_opt = -O2 -s
+# cc_opt = -g -O0 -fsanitize=address
+link_opt = 
+
+rule cc
+  depfile = $out.d
+  command = gcc -MD -MF $out.d -Wall -Wextra -Wshadow -fvisibility=hidden -fno-math-errno -ffp-contract=off -fno-trapping-math -fno-semantic-interposition -fmax-errors=5 -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -std=c11 $cc_opt -c -o $out $in
+rule link
+  command = gcc $cc_opt -o $out $in $link_opt
+rule run
+  command = $in $out
+rule create_polyfill_so
+  command = ./$in empty:$arch --add-hash --add-gnu-hash --create-polyfill-so --target-glibc=$target_glibc --output $out
+rule run_polyfill_glibc_txt
+  command = ./polyfill-glibc >$out $in $link_opt
+rule run_polyfill_glibc
+  command = ./polyfill-glibc --output $out $in $link_opt
+
+build polyfill-glibc: link build/main.o build/renamer.o build/polyfiller.o build/x86_64/polyfiller.o build/erw.o build/v2f.o build/tokenise.o build/sht.o build/uuht.o build/arena.o build/reloc_kind.o build/common.o
+default polyfill-glibc
+build build/x86_64/polyfills.so: create_polyfill_so polyfill-glibc
+  arch = x86_64
+  target_glibc = 2.3.2
+build build/x86_64/polyfiller.o: cc src/x86_64/polyfiller.c | build/x86_64/assembled_gen.h
+build build/x86_64/assembled_gen.h: run build/x86_64/assembler src/x86_64/_init.s src/x86_64/c11_thread.s src/x86_64/fatal.s src/x86_64/glibc_2_6.s src/x86_64/glibc_2_7.s src/x86_64/glibc_2_15.s src/x86_64/glibc_2_16.s src/x86_64/glibc_2_18.s src/x86_64/glibc_2_25.s src/x86_64/glibc_2_26.s src/x86_64/glibc_2_30.s src/x86_64/glibc_2_31.s src/x86_64/glibc_2_34.s src/x86_64/glibc_2_36.s src/x86_64/glibc_2_38.s src/x86_64/posix_spawn.s src/x86_64/qsort.s src/x86_64/stdbit.s src/x86_64/syscalls.s src/x86_64/syscalls_ac.s
+build build/x86_64/assembler: link build/x86_64/assembler.o build/tokenise.o build/sht.o build/uuht.o build/common.o
+build build/x86_64/assembler.o: cc src/x86_64/assembler.c | build/x86_64/assembler_gen.h
+build build/x86_64/assembler_gen.h: run build/x86_64/build_assembler src/x86_64/insn_encoding.txt
+build build/x86_64/build_assembler: link build/x86_64/build_assembler.o build/tokenise.o build/sht.o
+build build/x86_64/build_assembler.o: cc src/x86_64/build_assembler.c
+build build/x86_64/renames.h: run build/parse_renames src/x86_64/renames.txt
+build build/polyfiller.o: cc src/polyfiller.c
+build build/main.o: cc src/main.c
+build build/renamer.o: cc src/renamer.c | build/x86_64/renames.h
+build build/parse_renames: link build/parse_renames.o build/tokenise.o build/sht.o build/common.o
+build build/parse_renames.o: cc src/parse_renames.c
+build build/erw.o: cc src/erw.c
+build build/v2f.o: cc src/v2f.c
+build build/tokenise.o: cc src/tokenise.c
+build build/sht.o: cc src/sht.c
+build build/uuht.o: cc src/uuht.c
+build build/arena.o: cc src/arena.c
+build build/reloc_kind.o: cc src/reloc_kind.c
+build build/common.o: cc src/common.c
+
+build build/x86_64/test/arc4random.txt: run build/x86_64/test/arc4random build/x86_64/polyfills.so
+build build/x86_64/test/arc4random: link build/x86_64/test/arc4random.o build/test/syscall_filter.o
+  link_opt = -ldl
+build build/x86_64/test/arc4random.o: cc test/x86_64/arc4random.c
+
+build build/x86_64/test/glibc_2_38.txt: run build/x86_64/test/glibc_2_38 build/x86_64/polyfills.so
+build build/x86_64/test/glibc_2_38: link build/x86_64/test/glibc_2_38.o
+  link_opt = -ldl
+build build/x86_64/test/glibc_2_38.o: cc test/x86_64/glibc_2_38.c
+
+build build/x86_64/test/nan.txt: run build/x86_64/test/nan build/x86_64/polyfills.so
+build build/x86_64/test/nan: link build/x86_64/test/nan.o
+  link_opt = -ldl
+build build/x86_64/test/nan.o: cc test/x86_64/nan.c
+
+build build/x86_64/test/qsort_r.txt: run build/x86_64/test/qsort_r build/x86_64/polyfills.so
+build build/x86_64/test/qsort_r: link build/x86_64/test/qsort_r.o
+  link_opt = -ldl
+build build/x86_64/test/qsort_r.o: cc test/x86_64/qsort_r.c
+
+build build/x86_64/test/stdbit.txt: run build/x86_64/test/stdbit build/x86_64/polyfills.so
+build build/x86_64/test/stdbit: link build/x86_64/test/stdbit.o
+  link_opt = -ldl
+build build/x86_64/test/stdbit.o: cc test/x86_64/stdbit.c
+
+build build/x86_64/test/totalorder.txt: run build/x86_64/test/totalorder build/x86_64/polyfills.so
+build build/x86_64/test/totalorder: link build/x86_64/test/totalorder.o
+  link_opt = -ldl
+build build/x86_64/test/totalorder.o: cc test/x86_64/totalorder.c
+
+build build/x86_64/test/twalk_r.txt: run build/x86_64/test/twalk_r build/x86_64/polyfills.so
+build build/x86_64/test/twalk_r: link build/x86_64/test/twalk_r.o
+  link_opt = -ldl
+build build/x86_64/test/twalk_r.o: cc test/x86_64/twalk_r.c
+
+build test/x86_64: phony build/x86_64/test/arc4random.txt build/x86_64/test/glibc_2_38.txt build/x86_64/test/qsort_r.txt build/x86_64/test/stdbit.txt build/x86_64/test/totalorder.txt build/x86_64/test/twalk_r.txt
+
+build build/test/getauxval.txt: run build/test/getauxval_pf build/test/getauxval_imp.txt build/test/getauxval_imp_pf.txt
+build build/test/getauxval_imp_pf.txt: run_polyfill_glibc_txt build/test/getauxval_pf | polyfill-glibc
+  link_opt = --print-imports
+build build/test/getauxval_pf: run_polyfill_glibc build/test/getauxval | polyfill-glibc
+  link_opt = --target_glibc=2.15
+build build/test/getauxval_imp.txt: run_polyfill_glibc_txt build/test/getauxval | polyfill-glibc
+  link_opt = --print-imports
+build build/test/getauxval: link build/test/getauxval.o build/common.o
+build build/test/getauxval.o: cc test/getauxval.c
+
+build build/test/syscall_filter.o: cc test/syscall_filter.c
+
+build test: phony test/x86_64 build/test/getauxval.txt

docs/Asynchronous_cancellation.md

@@ -0,0 +1,79 @@
+## Asynchronous cancellation
+
+The [`pthread_cancel`](https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_cancel.html) function is defective by design and should not be used. See [How to stop Linux threads cleanly](https://mazzo.li/posts/stopping-linux-threads.html) for a tour of the problem and various better solutions. That said, some applications still (misguidedly) make use of `pthread_cancel`, and some special caveats apply when polyfilling said applications.
+
+## What does `pthread_cancel` do?
+
+Every thread has three pieces of state:
+
+|Variable name|Possible values|Initial value|Changed by|
+|-------------|---------------|-------------|----------|
+|Cancel state|ENABLE, DISABLE|ENABLE|[`pthread_setcancelstate`](https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_setcancelstate.html)|
+|Cancel type|DEFERRED, ASYNCHRONOUS|DEFERRED|[`pthread_setcanceltype`](https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_setcancelstate.html)|
+|Cancel requested|NO, YES|NO|[`pthread_cancel`](https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_cancel.html) (always changes to YES)|
+
+A thread will be terminated (possibly with cleanup functions / destructors being called), if either of the following state combinations occur:
+1. _Cancel requested_ is YES, _Cancel state_ is ENABLE, _Cancel type_ is ASYNCHRONOUS.
+2. _Cancel requested_ is YES, _Cancel state_ is ENABLE, _Cancel type_ is DEFERRED, and the thread calls a libc function defined as a cancellation point.
+
+Roughly speaking, every libc function that _could_ block execution for a non-trivial amount of time is defined as a cancellation point. This includes, but is not limited to, the following functions:
+* `accept`
+* `close`
+* `connect`
+* `copy_file_range`
+* `epoll_wait` / `epoll_pwait` / `epoll_pwait2`
+* `fcntl` (when called with `F_SETLKW` or `F_OFD_SETLKW`)
+* `fsync` / `fdatasync` / `sync_file_range` / `msync`
+* `getrandom`
+* `open` / `openat` / `open_by_handle_at`
+* `pause` / `sigpause` / `sigsuspend`
+* `pthread_testcancel`
+* `read` / `readv` / `pread`
+* `recv` / `recvfrom` / `recvmsg` / `recvmmsg` / `msgrcv` / `mq_receive` / `mq_timedreceive`
+* `send` / `sendto` / `sendmsg` / `sendmmsg` / `msgsnd` / `mq_send` / `mq_timedsend`
+* `sigwait` / `sigwaitinfo` / `sigtimedwait`
+* `sleep` / `usleep` / `nanosleep` / `clock_nanosleep`
+* `write` / `writev` / `pwrite`
+
+## glibc semantics of cancellation points
+
+Taking `epoll_pwait2` as an example, at the time of writing, the glibc implementation of `epoll_pwait2` is roughly:
+
+```c
+old_type = pthread_setcanceltype(ASYNCHRONOUS);
+result = syscall(epoll_pwait2, ...);
+pthread_setcanceltype(old_type);
+check_for_pthread_cancel_race();
+return result;
+```
+
+When `pthread_cancel` is called, if the target thread has _Cancel state_ of ENABLE and _Cancel type_ of ASYNCHRONOUS, then a signal is sent to the target thread. Shortly thereafter, the signal will be received by the target thread, wherein the signal handler confirms that _Cancel state_ is still ENABLE and _Cancel type_ is still ASYNCHRONOUS. If so, the thread will be terminated. If not, the signal handler will do nothing (though delivery of the signal might cause an `EINTR` result from an unrelated syscall that was being made at the time of delivery).
+
+There are (at least) two issues with this implementation:
+1. `pthread_cancel` could send the signal _before_ `pthread_setcanceltype(old_type)`, but the signal might arrive _after_ `pthread_setcanceltype(old_type)`.
+2. A signal (unrelated to cancellation) could be delivered during the `syscall`, and the handler for that signal could perform a `longjmp`, thereby causing `pthread_setcanceltype(old_type)` to not be called.
+
+The 1<sup>st</sup> point is addressed by the `check_for_pthread_cancel_race` call: yet another piece of per-thread state tracks whether a `pthread_cancel` call is in the middle of sending a signal, and if so, `check_for_pthread_cancel_race` waits for the signal delivery, thereby avoiding it from causing `EINTR` on an unrelated syscall.
+
+The 2<sup>nd</sup> point is unaddressed. It is tracked as part of [glibc bug 12683](https://sourceware.org/bugzilla/show_bug.cgi?id=12683), where a solution has been proposed, but not yet implemented.
+
+## Polyfilled semantics of cancellation points
+
+For functions that don't meaningfully block in practice, such as `open_by_handle_at` and `getrandom`, the polyfill implementation of these functions inserts a `pthread_testcancel` call, as in:
+```c
+pthread_testcancel();
+return syscall(open_by_handle_at, ...);
+```
+
+For functions that really can block, the polyfill implementation takes a two-pronged strategy:
+1. If the ambient glibc provides the function being polyfilled, call that.
+2. Otherwise, implement it similarly to how glibc currently does, albeit without the `check_for_pthread_cancel_race` call:
+
+   ```c
+   old_type = pthread_setcanceltype(ASYNCHRONOUS);
+   result = syscall(epoll_pwait2, ...);
+   pthread_setcanceltype(old_type);
+   return result;
+   ```
+
+If glibc one day fixes [bug 12683](https://sourceware.org/bugzilla/show_bug.cgi?id=12683), then using the ambient glibc implementation will give bug-free behaviour (when running with a sufficiently new glibc). On older glibc versions, the polyfill implementation is only marginally worse than the glibc implementation: the lack of a `check_for_pthread_cancel_race` call is unfortunate, but applications should be prepared to handle `EINTR` anyway.