Commit Graph

2306 Commits

Author SHA1 Message Date
Lasse Collin 88588b1246 Build: Detect -fsanitize= in CFLAGS and incompatible build options.
Now configure will fail if -fsanitize= is found in CFLAGS
and sanitizer-incompatible ifunc or Landlock sandboxing
would be used. These are incompatible with one or more sanitizers.
It's simpler to reject all -fsanitize= uses instead of trying to
pass those that might not cause problems.

CMake-based build was updated similarly. It lets the configuration
finish (SEND_ERROR instead of FATAL_ERROR) so that both error
messages can be seen at once.
2023-10-25 20:18:04 +03:00
Jia Tan 5e3d890f88 CI: Disable sandboxing in fsanitize=address,undefined job.
The sandboxing on Linux now supports Landlock, which restricts all
supported filesystem actions after xz opens the files it needs. The
sandbox is only enabled when one file is input and we are writing to
standard out. With fsanitize=address,undefined, the instrumentation
needs to read additional files after the sandbox is in place. This
forces all xz based test to fail, so the sandbox must instead be
disabled.
2023-10-24 00:50:08 +08:00
Jia Tan b1408987ea CI: Allow disabling the sandbox in ci_build.sh. 2023-10-24 00:15:39 +08:00
Lasse Collin 91c435cf1c CMake: Don't shadow the cache entry ENABLE_THREADS with a normal variable.
Using set(ENABLE_THREADS "posix") is confusing because it sets
a new normal variable and leaves the cache entry with the same
name unchanged. The intent wasn't to change the cache entry so
this switches to a different variable name.
2023-10-22 19:03:52 +03:00
Lasse Collin fa1609eb93 Docs: Update INSTALL about sandboxing support. 2023-10-22 19:03:52 +03:00
Lasse Collin 8276c7f41c xz: Support basic sandboxing with Linux Landlock (ABI versions 1-3).
It is enabled only when decompressing one file to stdout,
similar to how Capsicum is used.

Landlock was added in Linux 5.13.
2023-10-22 19:03:52 +03:00
Lasse Collin 3a1e9fd031 CMake: Edit threading related messages.
It's mostly to change from "thread method" to "threading method".
2023-10-22 19:03:52 +03:00
Lasse Collin bf01135252 CMake: Use FATAL_ERROR if user-supplied options aren't understood.
This way typos are caught quickly and compounding error messages
are avoided (a single typo could cause more than one error).

This keeps using SEND_ERROR when the system is lacking a feature
(like threading library or sandboxing method). This way the whole
configuration log will be generated in case someone wishes to
report a problem upstream.
2023-10-22 19:03:52 +03:00
Lasse Collin 3f53870c24 CMake: Add sandboxing support. 2023-10-22 19:03:52 +03:00
Lasse Collin 2e2cd11535 Simplify detection of Capsicum support.
This removes support for FreeBSD 10.0 and 10.1 which used
<sys/capability.h> instead of <sys/capsicum.h>. Support for
FreeBSD 10.1 ended on 2016-12-31. So now FreeBSD >= 10.2 is
required to enable Capsicum support.

This also removes support for Capsicum on Linux (libcaprights)
which seems to have been unmaintained since 2017 and Linux 4.11:
https://github.com/google/capsicum-linux
2023-10-22 19:03:52 +03:00
Lasse Collin c57858b60e xz/Windows: Allow clock_gettime with POSIX threads.
If winpthreads are used for threading, it's OK to use clock_gettime()
from winpthreads too.
2023-10-22 18:59:45 +03:00
Lasse Collin dd32f628bb mythread.h: Make MYTHREAD_POSIX compatible with MinGW-w64's winpthreads.
This might be almost useless but it doesn't need much extra code either.
2023-10-22 18:59:45 +03:00
Lasse Collin 680e52cdd0 CMake: Check for clock_gettime() even on Windows.
This mirrors configure.ac although currently MinGW-w64 builds
don't use clock_gettime() even if it is found.
2023-10-22 18:59:45 +03:00
Lasse Collin 1c1a8c3ee4 Build: Check for clock_gettime() even if not using POSIX threads.
See the new comment in the code.

This also makes the check for clock_gettime() run with MinGW-w64
with which we don't want to use clock_gettime(). The previous
commit already took care of this situation.
2023-10-22 18:59:45 +03:00
Lasse Collin 46fd991cd2 xz/Windows: Ensure that clock_gettime() isn't used with MinGW-w64.
This commit alone doesn't change anything in the real-world:

  - configure.ac currently checks for clock_gettime() only
    when using pthreads.

  - CMakeLists.txt doesn't check for clock_gettime() on Windows.

So clock_gettime() wasn't used with MinGW-w64 before either.

clock_gettime() provides monotonic time and it's better than
gettimeofday() in this sense. But clock_gettime() is defined
in winpthreads, and liblzma or xz needs nothing else from
winpthreads. By avoiding clock_gettime(), we avoid the dependency on
libwinpthread-1.dll or the need to link against the static version.

As a bonus, GetTickCount64() and MinGW-w64's gettimeofday() can be
faster than clock_gettime(CLOCK_MONOTONIC, &tv). The resolution
is more than good enough for the progress indicator in xz.
2023-10-22 18:59:45 +03:00
Lasse Collin cdb4d91f24 xz/Windows: Use GetTickCount64() with MinGW-w64 if using Vista threads. 2023-10-22 18:59:45 +03:00
Jia Tan 988e09f27b liblzma: Move is_clmul_supported() back to crc_common.h.
This partially reverts creating crc_clmul.c
(8c0f9376f5) where is_clmul_supported()
was moved, extern'ed, and renamed to lzma_is_clmul_supported(). This
caused a problem when the function call to lzma_is_clmul_supported()
results in a call through the PLT. ifunc resolvers run very early in
the dynamic loading sequence, so the PLT may not be setup properly at
this point. Whether the PLT is used or not for
lzma_is_clmul_supported() depened upon the compiler-toolchain used and
flags.

In liblzma compiled with GCC, for instance, GCC will go through the PLT
for function calls internal to liblzma if the version scripts and
symbol visibility hiding are not used. If lazy-binding is disabled,
then it would have made any program linked with liblzma fail during
dynamic loading in the ifunc resolver.
2023-10-21 00:01:29 +08:00
Jia Tan 105c7ca90d Build: Remove check for COND_CHECK_CRC32 in check/Makefile.inc.
Currently crc32 is always enabled, so COND_CHECK_CRC32 must always be
set. Because of this, it makes the recent change to conditionally
compile check/crc_clmul.c appear wrong since that file has CLMUL
implementations for both CRC32 and CRC64.
2023-10-19 16:23:32 +08:00
Jia Tan 1397571704 CMake: Add ALLOW_CLMUL_CRC option to enable/disable CLMUL.
The option is enabled by default, but will only be visible to a user
listing cache variables or using a CMake GUI application if the
immintrin.h header file is found.

This mirrors our Autotools build --disable-clmul-crc functionality.
2023-10-19 16:09:01 +08:00
Jia Tan c60b25569d liblzma: Fix -fsanitize=address failure with crc_clmul functions.
After forcing crc_simd_body() to always be inlined it caused
-fsanitize=address to fail for lzma_crc32_clmul() and
lzma_crc64_clmul(). The __no_sanitize_address__ attribute was added
to lzma_crc32_clmul() and lzma_crc64_clmul(), but not removed from
crc_simd_body(). ASAN and inline functions behavior has changed over
the years for GCC specifically, so while strictly required we will
keep __attribute__((__no_sanitize_address__)) on crc_simd_body() in
case this becomes a requirement in the future.

Older GCC versions refuse to inline a function with ASAN if the
caller and callee do not agree on sanitization flags
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124#c3). If the
function was forced to be inlined, it will not compile if the callee
function has __no_sanitize_address__ but the caller doesn't.
2023-10-19 01:15:20 +08:00
Lasse Collin 9a78971261 tuklib_integer: Update the CMake test for fast unaligned access. 2023-10-18 19:02:45 +03:00
Lasse Collin 2f81ac852b Build: Enabled unaligned access by default on PowerPC64LE and some RISC-V.
PowerPC64LE wasn't tested but it seems like a safe change.
POWER8 supports unaligned access in little endian mode. Testing
on godbolt.org shows that GCC uses unaligned access by default.

The RISC-V macro __riscv_misaligned_fast is very new and not
in any stable compiler release yet.

Documentation in INSTALL was updated to match.

Documentation about an autodetection bug when using ARM64 GCC
with -mstrict-align was added to INSTALL.

CMake files weren't updated yet.
2023-10-18 19:02:45 +03:00
Lasse Collin c8f715f1bc tuklib_integer: Revise unaligned reads and writes on strict-align archs.
In XZ Utils context this doesn't matter much because
unaligned reads and writes aren't used in hot code
when TUKLIB_FAST_UNALIGNED_ACCESS isn't #defined.
2023-10-18 19:02:45 +03:00
Lasse Collin 6828242735 tuklib_integer: Add missing write64be and write64le fallback functions. 2023-10-18 19:02:45 +03:00
Jia Tan 1c8884f0af liblzma: Set the MSVC optimization fix to only cover lzma_crc64_clmul().
After testing a 32-bit Release build on MSVC, only lzma_crc64_clmul()
has the bug. crc_simd_body() and lzma_crc32_clmul() do not need the
optimizations disabled.
2023-10-18 23:54:41 +08:00
Lasse Collin 5ce0f7a48b liblzma: CRC_USE_GENERIC_FOR_SMALL_INPUTS cannot be used with ifunc. 2023-10-18 23:54:41 +08:00
Lasse Collin 2773538049 liblzma: Include common.h in crc_common.h.
crc_common.h depends on common.h. The headers include common.h except
when there is a reason to not do so.
2023-10-18 23:54:41 +08:00
Jia Tan e13b7947b9 liblzma: Add include guards to crc_common.h. 2023-10-18 23:54:41 +08:00
Jia Tan 40abd88afc liblzma: Add the crc_always_inline macro to crc_simd_body().
Forcing this to be inline has a significant speed improvement at the
cost of a few repeated instructions. The compilers tested on did not
inline this function since it is large and is used twice in the same
translation unit.
2023-10-18 23:54:41 +08:00
Jia Tan a5966c276b liblzma: Create crc_always_inline macro.
This macro must be used instead of the inline keyword. On MSVC, it is
a replacement for __forceinline which is an MSVC specific keyword that
should not be used with inline (it will issue a warning if it is).

It does not use a build system check to determine if
__attribute__((__always_inline__)) since all compilers that can use
CLMUL extensions (except the special case for MSVC) should support this
attribute. If this assumption is incorrect then it will result in a bug
report instead of silently producing slow code.
2023-10-18 23:54:41 +08:00
Jia Tan 96b663f67c liblzma: Refactor CRC comments.
A detailed description of the three dispatch methods was added. Also,
duplicated comments now only appear in crc32_fast.c or were removed from
both crc32_fast.c and crc64_fast.c if they appeared in crc_clmul.c.
2023-10-18 23:54:41 +08:00
Jia Tan 8c0f9376f5 liblzma: Create crc_clmul.c.
Both crc32_clmul() and crc64_clmul() are now exported from
crc32_clmul.c as lzma_crc32_clmul() and lzma_crc64_clmul(). This
ensures that is_clmul_supported() (now lzma_is_clmul_supported()) is
not duplicated between crc32_fast.c and crc64_fast.c.

Also, it encapsulates the complexity of the CLMUL implementations into a
single file and reduces the complexity of crc32_fast.c and crc64_fast.c.
Before, CLMUL code was present in crc32_fast.c, crc64_fast.c, and
crc_common.h.

During the conversion, various cleanups were applied to code (thanks to
Lasse Collin) including:

- Require using semicolons with MASK_/L/H/LH macros.
- Variable typing and const handling improvements.
- Improvements to comments.
- Fixes to the pragmas used.
- Removed unneeded variables.
- Whitespace improvements.
- Fixed CRC_USE_GENERIC_FOR_SMALL_INPUTS handling.
- Silenced warnings and removed the need for some #pragmas
2023-10-18 23:54:36 +08:00
Jia Tan a3ebc2c516 liblzma: Define CRC_USE_IFUNC in crc_common.h.
When ifunc is supported, we can define a simpler macro instead of
repeating the more complex check in both crc32_fast.c and crc64_fast.c.
2023-10-18 20:41:11 +08:00
Hans Jansen f1cd9d7194 liblzma: Added crc32_clmul to crc32_fast.c. 2023-10-13 20:54:05 +08:00
Hans Jansen 93e6fb08b2 liblzma: Moved CLMUL CRC logic to crc_common.h.
crc64_fast.c was updated to use the code from crc_common.h instead.
2023-10-13 20:54:05 +08:00
Hans Jansen 233885a437 liblzma: Rename crc_macros.h to crc_common.h. 2023-10-13 20:54:05 +08:00
Gabriela Gutierrez 37947d4a75 CI: Bump and ref actions by commit SHA in windows-ci.yml
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch.

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/msys2/setup-msys2/releases/tag/v2.20.1
27b3aa77f6

https://github.com/actions/checkout/releases/tag/v4.1.0
8ade135a41

https://github.com/actions/upload-artifact/releases/tag/v3.1.3
a8a3f3ad30

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-10-13 20:03:13 +08:00
Gabriela Gutierrez f28cc9bd48 CI: Bump and ref actions by commit SHA in ci.yml
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch.

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v4.1.0
8ade135a41

https://github.com/actions/upload-artifact/releases/tag/v3.1.3
a8a3f3ad30

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-10-13 20:03:13 +08:00
Jia Tan f74f174006 Build: Update visibility.m4 from Gnulib.
Updating from version 6 -> 8 from upstream. Declarations for variables
and function bodies were added to avoid unnecessary failures with
-Werror.
2023-10-12 20:12:18 +08:00
Lasse Collin 5c4bca521e Update THANKS. 2023-10-06 19:36:35 +03:00
Lasse Collin d91cb6e884 CMake/Windows: Fix when the windres workaround is applied.
CMake doesn't set WIN32 on CYGWIN but the workaround is
probably needed on Cygwin too. Same for MSYS and MSYS2.

The workaround must not be used with Clang that is acting in
MSVC mode. This fixes it by checking for the known environments
that need the workaround instead of using "NOT MSVC".

Thanks to Martin Storsjö.
0570308ddd (commitcomment-129098431)
2023-10-06 19:32:06 +03:00
Jia Tan 01e34aa117 CI: Disable CLANG64 MSYS2 environment until bug is resolved.
lld 17.0.1 searches for libraries to link first in the toolchain
directories before the local directory when building. The is a problem
for us because liblzma.a is installed in MSYS2 CLANG64 by default and
xz.exe will thus use the installed library instead of the one being
built.

This causes tests to fail when they are expecting features to be
disabled. More importantly, it will compile xz.exe with an incorrect
liblzma and could cause unexpected behavior by being unable to update
liblzma code in static builds. The CLANG64 environment can be tested
again once this is fixed.

Link to bug: https://github.com/llvm/llvm-project/issues/67779.
2023-09-29 22:11:54 +08:00
Jia Tan 30d0c35327 CMake: Rename xz and man page symlink custom targets.
The Ninja Generator for CMake cannot have a custom target and its
BYPRODUCTS have the same name. This has prevented Ninja builds on
Unix-like systems since the xz symlinks were introduced in
80a1a8bb83.
2023-09-29 20:14:39 +08:00
Jia Tan 506d03127a CMake: Specify LINKER_LANGUAGE for libgnu target to fix Ninja Generator.
CMake is unable to guess the linker language for just a header file so
it must be explicitly set.
2023-09-29 19:58:44 +08:00
Lasse Collin 0570308ddd CMake: Fix Windows build with Clang/LLVM 17.
llvm-windres 17.0.0 has more accurate emulation of GNU windres, so
the hack for GNU windres must now be used with llvm-windres too.

LLVM 16.0.6 has the old behavior and there likely won't be more
16.x releases. So we can simply check for >= 17.0.0.

See also:
2bcc0fdc58
2023-09-27 20:49:46 +03:00
Lasse Collin 5a9af95f85 liblzma: Update a comment.
The C standards don't allow an empty translation unit which can be
avoided by declaring something, without exporting any symbols.

When I committed f644473a21 I had
a feeling that some specific toolchain somewhere didn't like
empty object files (assembler or maybe "ar" complained) but
I cannot find anything to confirm this now. Quite likely I
remembered nonsense. I leave this here as a note to my future self. :-)
2023-09-26 21:47:13 +03:00
Jia Tan 8ebaf3f665 liblzma: Avoid compiler warning without creating extra symbol.
When the generic fast crc64 method is used, then we omit
lzma_crc64_table[][]. Similar to
d9166b52cf, we can avoid compiler warnings
with -Wempty-translation-unit (Clang) or -pedantic (GCC) by creating a
never used typedef instead of an extra symbol.
2023-09-27 00:04:40 +08:00
Lasse Collin 092d21db2e Build: Update the comment about -Werror usage in checks. 2023-09-26 17:24:15 +03:00
Lasse Collin a37a276338 Build: Fix __attribute__((ifunc(...))) detection with clang -Wall.
Now if user-supplied CFLAGS contains -Wall -Wextra -Wpedantic
the two checks that need -Werror will still work.

At CMake side there is add_compile_options(-Wall -Wextra)
but it didn't affect the -Werror tests. So with both Autotools
and CMake only user-supplied CFLAGS could make the checks fail
when they shouldn't.

This is not a full fix as things like -Wunused-macros in
user-supplied CFLAGS will still cause problems with both
GCC and Clang.
2023-09-26 15:00:43 +03:00
Lasse Collin 9c42f93693 Build: Fix underquoted AC_LANG_SOURCE.
It made no practical difference in this case.
2023-09-26 13:51:31 +03:00