main/musl: apply upstream fixes, and vsz issue mitigation

update syslog patch to upstream commit version, add a_store fix
for x86, and apply some mitigation against unwanted vsz expansion
in multithreaded programs.

5 files changed, 211 insertions, 47 deletions

diff --git a/main/musl/0003-handle-loss-of-syslog-socket-connection.patch b/main/musl/0003-handle-loss-of-syslog-socket-connection.patch
new file mode 100644
index 0000000000..d33c2ff048
--- /dev/null
+++ b/main/musl/0003-handle-loss-of-syslog-socket-connection.patch
@@ -0,0 +1,77 @@
+From 0f9c2666aca95eb98eb0ef4f4d8d1473c8ce3fa0 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Thu, 9 Jul 2015 18:36:02 +0000
+Subject: [PATCH] handle loss of syslog socket connection
+
+when traditional syslogd implementations are restarted, the old server
+socket ceases to exist and a new unix socket with the same pathname is
+created. when this happens, the default destination address associated
+with the client socket via connect is no longer valid, and attempts to
+send produce errors. this happens despite the socket being datagram
+type, and is in contrast to the behavior that would be seen with an IP
+datagram (UDP) socket.
+
+in order to avoid a situation where the application is unable to send
+further syslog messages without calling closelog, this patch makes
+syslog attempt to reconnect the socket when send returns an error
+indicating a lost connection.
+
+additionally, initial failure to connect the socket no longer results
+in the socket being closed. this ensures that an application which
+calls openlog to reserve the socket file descriptor will not run into
+a situation where transient connection failure (e.g. due to syslogd
+restart) prevents fd reservation. however, applications which may be
+unable to connect the socket later (e.g. due to chroot, restricted
+permissions, seccomp, etc.) will still fail to log if the syslog
+socket cannot be connected at openlog time or if it has to be
+reconnected later.
+---
+ src/misc/syslog.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/src/misc/syslog.c b/src/misc/syslog.c
+index e026f9b..9dd1ddb 100644
+--- a/src/misc/syslog.c
++++ b/src/misc/syslog.c
+@@ -48,12 +48,8 @@ void closelog(void)
+ 
+ static void __openlog()
+ {
+-	int fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
+-	if (fd < 0) return;
+-	if (connect(fd, (void *)&log_addr, sizeof log_addr) < 0)
+-		close(fd);
+-	else
+-		log_fd = fd;
++	log_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
++	if (log_fd >= 0) connect(log_fd, (void *)&log_addr, sizeof log_addr);
+ }
+ 
+ void openlog(const char *ident, int opt, int facility)
+@@ -78,6 +74,11 @@ void openlog(const char *ident, int opt, int facility)
+ 	pthread_setcancelstate(cs, 0);
+ }
+ 
++static int is_lost_conn(int e)
++{
++	return e==ECONNREFUSED || e==ECONNRESET || e==ENOTCONN || e==EPIPE;
++}
++
+ static void _vsyslog(int priority, const char *message, va_list ap)
+ {
+ 	char timebuf[16];
+@@ -107,7 +108,10 @@ static void _vsyslog(int priority, const char *message, va_list ap)
+ 		if (l2 >= sizeof buf - l) l = sizeof buf - 1;
+ 		else l += l2;
+ 		if (buf[l-1] != '\n') buf[l++] = '\n';
+-		if (send(log_fd, buf, l, 0) < 0 && (log_opt & LOG_CONS)) {
++		if (send(log_fd, buf, l, 0) < 0 && (!is_lost_conn(errno)
++		    || connect(log_fd, (void *)&log_addr, sizeof log_addr) < 0
++		    || send(log_fd, buf, l, 0) < 0)
++		    && (log_opt & LOG_CONS)) {
+ 			fd = open("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
+ 			if (fd >= 0) {
+ 				dprintf(fd, "%.*s", l-hlen, buf+hlen);
+-- 
+2.4.6
+
diff --git a/main/musl/0003-reopen-syslog-socket-on-error.patch b/main/musl/0003-reopen-syslog-socket-on-error.patch
deleted file mode 100644
index d89d6be22a..0000000000
--- a/main/musl/0003-reopen-syslog-socket-on-error.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 324dbe39c6941f9d37d438cc528a3dedbc89c636 Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Tue, 7 Jul 2015 10:35:50 +0300
-Subject: [PATCH] reopen syslog socket on error
-
----
- src/misc/syslog.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/src/misc/syslog.c b/src/misc/syslog.c
-index e026f9b..f98944f 100644
---- a/src/misc/syslog.c
-+++ b/src/misc/syslog.c
-@@ -56,6 +56,14 @@ static void __openlog()
- 		log_fd = fd;
- }
- 
-+static int __reopenlog()
-+{
-+	close(log_fd);
-+	log_fd = -1;
-+	__openlog();
-+	return log_fd;
-+}
-+
- void openlog(const char *ident, int opt, int facility)
- {
- 	int cs;
-@@ -107,7 +115,9 @@ static void _vsyslog(int priority, const char *message, va_list ap)
- 		if (l2 >= sizeof buf - l) l = sizeof buf - 1;
- 		else l += l2;
- 		if (buf[l-1] != '\n') buf[l++] = '\n';
--		if (send(log_fd, buf, l, 0) < 0 && (log_opt & LOG_CONS)) {
-+		if (send(log_fd, buf, l, 0) < 0
-+		    && (__reopenlog() < 0 || send(log_fd, buf, l, 0) < 0)
-+		    && (log_opt & LOG_CONS)) {
- 			fd = open("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
- 			if (fd >= 0) {
- 				dprintf(fd, "%.*s", l-hlen, buf+hlen);
--- 
-2.4.5
-
diff --git a/main/musl/0004-fix-missing-synchronization-in-atomic-store-on-i386-.patch b/main/musl/0004-fix-missing-synchronization-in-atomic-store-on-i386-.patch
new file mode 100644
index 0000000000..f3195ff39e
--- /dev/null
+++ b/main/musl/0004-fix-missing-synchronization-in-atomic-store-on-i386-.patch
@@ -0,0 +1,68 @@
+From 3c43c0761e1725fd5f89a9c028cbf43250abb913 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Tue, 28 Jul 2015 18:40:18 +0000
+Subject: [PATCH] fix missing synchronization in atomic store on i386 and
+ x86_64
+
+despite being strongly ordered, the x86 memory model does not preclude
+reordering of loads across earlier stores. while a plain store
+suffices as a release barrier, we actually need a full barrier, since
+users of a_store subsequently load a waiter count to determine whether
+to issue a futex wait, and using a stale count will result in soft
+(fail-to-wake) deadlocks. these deadlocks were observed in malloc and
+possible with stdio locks and other libc-internal locking.
+
+on i386, an atomic operation on the caller's stack is used as the
+barrier rather than performing the store itself using xchg; this
+avoids the need to read the cache line on which the store is being
+performed. mfence is used on x86_64 where it's always available, and
+could be used on i386 with the appropriate cpu model checks if it's
+shown to perform better.
+---
+ arch/i386/atomic.h   | 2 +-
+ arch/x32/atomic.h    | 2 +-
+ arch/x86_64/atomic.h | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/arch/i386/atomic.h b/arch/i386/atomic.h
+index 95fecbd..25441df 100644
+--- a/arch/i386/atomic.h
++++ b/arch/i386/atomic.h
+@@ -88,7 +88,7 @@ static inline void a_dec(volatile int *x)
+ 
+ static inline void a_store(volatile int *p, int x)
+ {
+-	__asm__( "movl %1, %0" : "=m"(*p) : "r"(x) : "memory" );
++	__asm__( "movl %1, %0 ; lock ; orl $0,(%%esp)" : "=m"(*p) : "r"(x) : "memory" );
+ }
+ 
+ static inline void a_spin()
+diff --git a/arch/x32/atomic.h b/arch/x32/atomic.h
+index b2014cc..2ab1f7a 100644
+--- a/arch/x32/atomic.h
++++ b/arch/x32/atomic.h
+@@ -83,7 +83,7 @@ static inline void a_dec(volatile int *x)
+ 
+ static inline void a_store(volatile int *p, int x)
+ {
+-	__asm__( "mov %1, %0" : "=m"(*p) : "r"(x) : "memory" );
++	__asm__( "mov %1, %0 ; mfence" : "=m"(*p) : "r"(x) : "memory" );
+ }
+ 
+ static inline void a_spin()
+diff --git a/arch/x86_64/atomic.h b/arch/x86_64/atomic.h
+index b2014cc..2ab1f7a 100644
+--- a/arch/x86_64/atomic.h
++++ b/arch/x86_64/atomic.h
+@@ -83,7 +83,7 @@ static inline void a_dec(volatile int *x)
+ 
+ static inline void a_store(volatile int *p, int x)
+ {
+-	__asm__( "mov %1, %0" : "=m"(*p) : "r"(x) : "memory" );
++	__asm__( "mov %1, %0 ; mfence" : "=m"(*p) : "r"(x) : "memory" );
+ }
+ 
+ static inline void a_spin()
+-- 
+2.4.6
+
diff --git a/main/musl/0005-mitigate-vsz-explotion.patch b/main/musl/0005-mitigate-vsz-explotion.patch
new file mode 100644
index 0000000000..93e4a883df
--- /dev/null
+++ b/main/musl/0005-mitigate-vsz-explotion.patch
@@ -0,0 +1,53 @@
+diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
+index eb68d55..b90636c 100644
+--- a/src/malloc/malloc.c
++++ b/src/malloc/malloc.c
+@@ -464,18 +464,6 @@ void free(void *p)
+ 	if (next->psize != self->csize) a_crash();
+ 
+ 	for (;;) {
+-		/* Replace middle of large chunks with fresh zero pages */
+-		if (reclaim && (self->psize & next->csize & C_INUSE)) {
+-			uintptr_t a = (uintptr_t)self + SIZE_ALIGN+PAGE_SIZE-1 & -PAGE_SIZE;
+-			uintptr_t b = (uintptr_t)next - SIZE_ALIGN & -PAGE_SIZE;
+-#if 1
+-			__madvise((void *)a, b-a, MADV_DONTNEED);
+-#else
+-			__mmap((void *)a, b-a, PROT_READ|PROT_WRITE,
+-				MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0);
+-#endif
+-		}
+-
+ 		if (self->psize & next->csize & C_INUSE) {
+ 			self->csize = final_size | C_INUSE;
+ 			next->psize = final_size | C_INUSE;
+@@ -505,6 +493,9 @@ void free(void *p)
+ 		}
+ 	}
+ 
++	if (!(mal.binmap & 1ULL<<i))
++		a_or_64(&mal.binmap, 1ULL<<i);
++
+ 	self->csize = final_size;
+ 	next->psize = final_size;
+ 	unlock(mal.free_lock);
+@@ -514,8 +505,17 @@ void free(void *p)
+ 	self->next->prev = self;
+ 	self->prev->next = self;
+ 
+-	if (!(mal.binmap & 1ULL<<i))
+-		a_or_64(&mal.binmap, 1ULL<<i);
++	/* Replace middle of large chunks with fresh zero pages */
++	if (reclaim) {
++		uintptr_t a = (uintptr_t)self + SIZE_ALIGN+PAGE_SIZE-1 & -PAGE_SIZE;
++		uintptr_t b = (uintptr_t)next - SIZE_ALIGN & -PAGE_SIZE;
++#if 1
++		__madvise((void *)a, b-a, MADV_DONTNEED);
++#else
++		__mmap((void *)a, b-a, PROT_READ|PROT_WRITE,
++			MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0);
++#endif
++	}
+ 
+ 	unlock_bin(i);
+ }
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index 00a9414ab0..d1c65e085b 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Timo Teräs <timo.teras@iki.fi>
 pkgname=musl
 pkgver=1.1.10
-pkgrel=2
+pkgrel=3
 pkgdesc="the musl c library (libc) implementation"
 url="http://www.musl-libc.org/"
 arch="all"
@@ -14,7 +14,9 @@ subpackages="$pkgname-dev $pkgname-utils $pkgname-dbg libc6-compat:compat"
 source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
 	0001-fix-uselocale-locale_t-0-to-not-modify-locale.patch
 	0002-ns_parse.c-fix-ns_skiprr.patch
-	0003-reopen-syslog-socket-on-error.patch
+	0003-handle-loss-of-syslog-socket-connection.patch
+	0004-fix-missing-synchronization-in-atomic-store-on-i386-.patch
+	0005-mitigate-vsz-explotion.patch
 
 	ldconfig
 	__stack_chk_fail_local.c
@@ -134,7 +136,9 @@ compat() {
 md5sums="fc30892ee582c91920505bbd0021049f  musl-1.1.10.tar.gz
 787a1c3661a0fcf887ec0d3c4550e90b  0001-fix-uselocale-locale_t-0-to-not-modify-locale.patch
 b468a4063182bc08d6d100075067d7fe  0002-ns_parse.c-fix-ns_skiprr.patch
-eddb1f6cfca2a57ff5463bbcd70d95f1  0003-reopen-syslog-socket-on-error.patch
+ccf33ac806e1152b14316eadbb667fb3  0003-handle-loss-of-syslog-socket-connection.patch
+14dd2ac16696f3bd894ffd8ce2e5ea15  0004-fix-missing-synchronization-in-atomic-store-on-i386-.patch
+4b5d01740934c549173ef89575b70f97  0005-mitigate-vsz-explotion.patch
 830d01f7821b978df770b06db3790921  ldconfig
 0df687757221bbb0fc1aa67f1bd646f9  __stack_chk_fail_local.c
 57ef2c63b9ec6a2041694ace97d4ffa2  getconf.c
@@ -143,7 +147,9 @@ eddb1f6cfca2a57ff5463bbcd70d95f1  0003-reopen-syslog-socket-on-error.patch
 sha256sums="45bbe9b1c7f7a0f743477af1e103b6889bfe4dd9815e16f6c89f6c90831c8b7c  musl-1.1.10.tar.gz
 af5821fd50ad1587a9ef8117dc1e121cdda573f623286c6af4793e999afe840f  0001-fix-uselocale-locale_t-0-to-not-modify-locale.patch
 8b16b8bb3eef89c799aed85caf3f495abd00bbbba1819a5feeede781040296da  0002-ns_parse.c-fix-ns_skiprr.patch
-2d50958ed69ccb4c67c5b7d8dc442e792efd80a2cd40e140ecfb237aff83b0a4  0003-reopen-syslog-socket-on-error.patch
+624aeae194332de57c525306f00cc513a7708eff065fce75fe176645aa1c4062  0003-handle-loss-of-syslog-socket-connection.patch
+aca83a914e90d9d1dbf8584fd00363301d453e324477e705dc3086ba00db2fb5  0004-fix-missing-synchronization-in-atomic-store-on-i386-.patch
+b33c02f11b8ec1aad49bc054b1a52486077156dd7d91d3b68108f7e1cb6c53ac  0005-mitigate-vsz-explotion.patch
 b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7  ldconfig
 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da  __stack_chk_fail_local.c
 d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c  getconf.c
@@ -152,7 +158,9 @@ f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7  iconv.c"
 sha512sums="183a66a8cc9cd056a8387a1602dd44b502d8976642a21dd0dcef51165fa0dec8a4a124fda6c1918f402b20ad2d6037fcc188a8b174b07a0cbedf11fc2e011141  musl-1.1.10.tar.gz
 a77981c637a091e19435ee8b3ef3ee21dbc7171f8fa88b59cfd42934a270bb92c9c3777c176fa64c814cd531244764f440f46fce532c4192d9727baa144b98e6  0001-fix-uselocale-locale_t-0-to-not-modify-locale.patch
 08e2ce562acef8dc4232461ffdbc1c948c19025495a8c59b1328f83cb2baf3ee5db67b7d0d54794aa639d008286bedb5453d9afbc7e6e56b2f64f95d9b76be85  0002-ns_parse.c-fix-ns_skiprr.patch
-51415ef29feca5393db27ad885a973ec7bc51a6e150c1392143b7b1021a9822e4b61595ab7c402305f4093944373effff59133d49e3f3f30c7a849cc1e7ff8ec  0003-reopen-syslog-socket-on-error.patch
+68ea86c8a388c1b122ef2e07fff847c9fbecc0ca818b2710c52976fbd91c11e0ed07c612ce8771ab6e2520e813701ea764e84744d7e08fa54616230c6499da01  0003-handle-loss-of-syslog-socket-connection.patch
+9a696b0eeebffee21ae84d4fc415b36b93e412ddd4a7272ed3cfe93e06c9815c4070ea998d63de348b2ee82180162a586326f1741f1d98088c27989354c5ecb3  0004-fix-missing-synchronization-in-atomic-store-on-i386-.patch
+2141c557a5f71a38510703d8266ed3fd21adfe137892b0fe81adcb28841b20a495f419beb273f381e6d9cb7f61cb8b182a249da61bf5a7b9df42b84235a01bc4  0005-mitigate-vsz-explotion.patch
 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f  ldconfig
 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b  __stack_chk_fail_local.c
 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d  getconf.c