packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!766 backport patches from glibc upstream 2.38 branch

Browse Source 
From: @liqingqing_1229 
Reviewed-by: @yang_yanchao 
Signed-off-by: @yang_yanchao
This commit is contained in:
openeuler-ci-bot 2024-01-09 06:26:12 +00:00 committed by Gitee
commit d8de1a6a44
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
10 changed files with 663 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
LoongArch-Delete-excessively-allocated-memory.patch Normal file
View File

@ -0,0 +1,109 @@
From 44f757a6364a546359809d48c76b3debd26e77d4 Mon Sep 17 00:00:00 2001
From: caiyinyu <caiyinyu@loongson.cn>
Date: Thu, 26 Oct 2023 17:27:21 +0800
Subject: [PATCH 1/9] LoongArch: Delete excessively allocated memory.
Backported from glibc 2.39 development.
---
sysdeps/loongarch/dl-trampoline.h | 68 +++++++++++++++----------------
1 file changed, 34 insertions(+), 34 deletions(-)
diff --git a/sysdeps/loongarch/dl-trampoline.h b/sysdeps/loongarch/dl-trampoline.h
index 02375286f8..99fcacab76 100644
--- a/sysdeps/loongarch/dl-trampoline.h
+++ b/sysdeps/loongarch/dl-trampoline.h
@@ -19,9 +19,9 @@
/* Assembler veneer called from the PLT header code for lazy loading.
The PLT header passes its own args in t0-t2. */
#ifdef USE_LASX
-# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZXREG) & ALMASK))
+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZXREG) & ALMASK))
#elif defined USE_LSX
-# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZVREG) & ALMASK))
+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZVREG) & ALMASK))
#elif !defined __loongarch_soft_float
# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG) & ALMASK))
#else
@@ -44,23 +44,23 @@ ENTRY (_dl_runtime_resolve)
REG_S a7, sp, 8*SZREG
#ifdef USE_LASX
- xvst xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG
- xvst xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG
- xvst xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG
- xvst xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG
- xvst xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG
- xvst xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG
- xvst xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG
- xvst xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG
+ xvst xr0, sp, 9*SZREG + 0*SZXREG
+ xvst xr1, sp, 9*SZREG + 1*SZXREG
+ xvst xr2, sp, 9*SZREG + 2*SZXREG
+ xvst xr3, sp, 9*SZREG + 3*SZXREG
+ xvst xr4, sp, 9*SZREG + 4*SZXREG
+ xvst xr5, sp, 9*SZREG + 5*SZXREG
+ xvst xr6, sp, 9*SZREG + 6*SZXREG
+ xvst xr7, sp, 9*SZREG + 7*SZXREG
#elif defined USE_LSX
- vst vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG
- vst vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG
- vst vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG
- vst vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG
- vst vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG
- vst vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG
- vst vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG
- vst vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG
+ vst vr0, sp, 9*SZREG + 0*SZVREG
+ vst vr1, sp, 9*SZREG + 1*SZVREG
+ vst vr2, sp, 9*SZREG + 2*SZVREG
+ vst vr3, sp, 9*SZREG + 3*SZVREG
+ vst vr4, sp, 9*SZREG + 4*SZVREG
+ vst vr5, sp, 9*SZREG + 5*SZVREG
+ vst vr6, sp, 9*SZREG + 6*SZVREG
+ vst vr7, sp, 9*SZREG + 7*SZVREG
#elif !defined __loongarch_soft_float
FREG_S fa0, sp, 9*SZREG + 0*SZFREG
FREG_S fa1, sp, 9*SZREG + 1*SZFREG
@@ -92,23 +92,23 @@ ENTRY (_dl_runtime_resolve)
REG_L a7, sp, 8*SZREG
#ifdef USE_LASX
- xvld xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG
- xvld xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG
- xvld xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG
- xvld xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG
- xvld xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG
- xvld xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG
- xvld xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG
- xvld xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG
+ xvld xr0, sp, 9*SZREG + 0*SZXREG
+ xvld xr1, sp, 9*SZREG + 1*SZXREG
+ xvld xr2, sp, 9*SZREG + 2*SZXREG
+ xvld xr3, sp, 9*SZREG + 3*SZXREG
+ xvld xr4, sp, 9*SZREG + 4*SZXREG
+ xvld xr5, sp, 9*SZREG + 5*SZXREG
+ xvld xr6, sp, 9*SZREG + 6*SZXREG
+ xvld xr7, sp, 9*SZREG + 7*SZXREG
#elif defined USE_LSX
- vld vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG
- vld vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG
- vld vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG
- vld vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG
- vld vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG
- vld vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG
- vld vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG
- vld vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG
+ vld vr0, sp, 9*SZREG + 0*SZVREG
+ vld vr1, sp, 9*SZREG + 1*SZVREG
+ vld vr2, sp, 9*SZREG + 2*SZVREG
+ vld vr3, sp, 9*SZREG + 3*SZVREG
+ vld vr4, sp, 9*SZREG + 4*SZVREG
+ vld vr5, sp, 9*SZREG + 5*SZVREG
+ vld vr6, sp, 9*SZREG + 6*SZVREG
+ vld vr7, sp, 9*SZREG + 7*SZVREG
#elif !defined __loongarch_soft_float
FREG_L fa0, sp, 9*SZREG + 0*SZFREG
FREG_L fa1, sp, 9*SZREG + 1*SZFREG
--
2.33.0

27
NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch Normal file
View File

@ -0,0 +1,27 @@
From d25e2c8d5cb0778ae87ad43b1f4c301abe5a932b Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Sat, 23 Dec 2023 06:24:41 -0800
Subject: [PATCH 6/9] NEWS: Mention bug fixes for 29039/30694/30709/30721
---
NEWS | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/NEWS b/NEWS
index 6fbb8a9e1d..db4d6c8373 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,10 @@ Security related changes:
The following bugs are resolved with this release:
+ [29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS
+ [30694] The iconv program no longer tells the user which given encoding name was wrong
+ [30709] nscd fails to build with cleanup handler if built with -fexceptions
+ [30721] x86_64: Fix build with --disable-multiarch
[30723] posix_memalign repeatedly scans long bin lists
[30789] sem_open will fail on multithreaded scenarios when semaphore
file doesn't exist (O_CREAT)
--
2.33.0

30
NEWS-Mention-bug-fixes-for-30745-30843.patch Normal file
View File

@ -0,0 +1,30 @@
From 27339a3eb8f987eebae72b854af80256c1588ebd Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Sat, 23 Dec 2023 06:27:50 -0800
Subject: [PATCH 7/9] NEWS: Mention bug fixes for 30745/30843
---
NEWS | 2 ++
1 file changed, 2 insertions(+)
diff --git a/NEWS b/NEWS
index db4d6c8373..905230b838 100644
--- a/NEWS
+++ b/NEWS
@@ -36,11 +36,13 @@ The following bugs are resolved with this release:
[30709] nscd fails to build with cleanup handler if built with -fexceptions
[30721] x86_64: Fix build with --disable-multiarch
[30723] posix_memalign repeatedly scans long bin lists
+ [30745] Slight bug in cache info codes for x86
[30789] sem_open will fail on multithreaded scenarios when semaphore
file doesn't exist (O_CREAT)
[30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-D_FILE_OFFSET_BITS=64
[30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
+ [30843] potential use-after-free in getcanonname (CVE-2023-4806)
[31184] FAIL: elf/tst-tlsgap
[31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
--
2.33.0

210
elf-Add-TLS-modid-reuse-test-for-bug-29039.patch Normal file
View File

@ -0,0 +1,210 @@
From 0de9082ed8d8f149ca87d569a73692046e236c18 Mon Sep 17 00:00:00 2001
From: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Wed, 29 Nov 2023 11:31:37 +0000
Subject: [PATCH 3/9] elf: Add TLS modid reuse test for bug 29039
This is a minimal regression test for bug 29039 which only affects
targets with TLSDESC and a reproducer requires that
1) Have modid gaps (closed modules) with old generation.
2) Update a DTV to a newer generation (needs a newer dlopen).
3) But do not update the closed gap entry in that DTV.
4) Reuse the modid gap for a new module (another dlopen).
5) Use dynamic TLSDESC in that new module with old generation (bug).
6) Access TLS via this TLSDESC and the now outdated DTV.
However step (3) in practice rarely happens: during DTV update the
entries for closed modids are initialized to "unallocated" and then
dynamic TLSDESC calls __tls_get_addr independently of its generation.
The only exception to this is DTV setup at thread creation (gaps are
initialized to NULL instead of unallocated) or DTV resize where the
gap entries are outside the previous DTV array (again NULL instead
of unallocated, and this requires loading > DTV_SURPLUS modules).
So the bug can only cause NULL (+ offset) dereference, not use after
free. And the easiest way to get (3) is via thread creation.
Note that step (5) requires that the newly loaded module has larger
TLS than the remaining optional static TLS. And for (6) there cannot
be other TLS access or dlopen in the thread that updates the DTV.
Tested on aarch64-linux-gnu.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit 980450f12685326729d63ff72e93a996113bf073)
Conflict: This adapt the context elf/Makefile due to BZ 31035.
---
elf/Makefile | 15 +++++++
elf/tst-tlsgap-mod0.c | 2 +
elf/tst-tlsgap-mod1.c | 2 +
elf/tst-tlsgap-mod2.c | 2 +
elf/tst-tlsgap.c | 92 +++++++++++++++++++++++++++++++++++++++++++
5 files changed, 113 insertions(+)
create mode 100644 elf/tst-tlsgap-mod0.c
create mode 100644 elf/tst-tlsgap-mod1.c
create mode 100644 elf/tst-tlsgap-mod2.c
create mode 100644 elf/tst-tlsgap.c
diff --git a/elf/Makefile b/elf/Makefile
index 00ac7430..711f96fe 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -460,6 +460,7 @@ tests += \
tst-tls21 \
tst-tlsalign \
tst-tlsalign-extern \
+ tst-tlsgap \
tst-unique1 \
tst-unique2 \
tst-unwind-ctor \
@@ -885,6 +886,9 @@ modules-names += \
tst-tls20mod-bad \
tst-tls21mod \
tst-tlsalign-lib \
+ tst-tlsgap-mod0 \
+ tst-tlsgap-mod1 \
+ tst-tlsgap-mod2 \
tst-tlsmod1 \
tst-tlsmod10 \
tst-tlsmod11 \
@@ -3002,3 +3006,14 @@ $(objpfx)tst-non-directory-path.out: tst-non-directory-path.sh \
'$(test-wrapper-env)' '$(run_program_env)' \
'$(rpath-link)' $(objpfx) > $@; \
$(evaluate-test)
+
+$(objpfx)tst-tlsgap: $(shared-thread-library)
+$(objpfx)tst-tlsgap.out: \
+ $(objpfx)tst-tlsgap-mod0.so \
+ $(objpfx)tst-tlsgap-mod1.so \
+ $(objpfx)tst-tlsgap-mod2.so
+ifeq (yes,$(have-mtls-dialect-gnu2))
+CFLAGS-tst-tlsgap-mod0.c += -mtls-dialect=gnu2
+CFLAGS-tst-tlsgap-mod1.c += -mtls-dialect=gnu2
+CFLAGS-tst-tlsgap-mod2.c += -mtls-dialect=gnu2
+endif
diff --git a/elf/tst-tlsgap-mod0.c b/elf/tst-tlsgap-mod0.c
new file mode 100644
index 00000000..1478b0be
--- /dev/null
+++ b/elf/tst-tlsgap-mod0.c
@@ -0,0 +1,2 @@
+int __thread tls0;
+int *f0(void) { return &tls0; }
diff --git a/elf/tst-tlsgap-mod1.c b/elf/tst-tlsgap-mod1.c
new file mode 100644
index 00000000..b10fc370
--- /dev/null
+++ b/elf/tst-tlsgap-mod1.c
@@ -0,0 +1,2 @@
+int __thread tls1[100]; /* Size > glibc.rtld.optional_static_tls / 2. */
+int *f1(void) { return tls1; }
diff --git a/elf/tst-tlsgap-mod2.c b/elf/tst-tlsgap-mod2.c
new file mode 100644
index 00000000..166c27d7
--- /dev/null
+++ b/elf/tst-tlsgap-mod2.c
@@ -0,0 +1,2 @@
+int __thread tls2;
+int *f2(void) { return &tls2; }
diff --git a/elf/tst-tlsgap.c b/elf/tst-tlsgap.c
new file mode 100644
index 00000000..49328850
--- /dev/null
+++ b/elf/tst-tlsgap.c
@@ -0,0 +1,92 @@
+/* TLS modid gap reuse regression test for bug 29039.
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdio.h>
+#include <dlfcn.h>
+#include <pthread.h>
+#include <support/xdlfcn.h>
+#include <support/xthread.h>
+#include <support/check.h>
+
+static void *mod[3];
+#define MOD(i) "tst-tlsgap-mod" #i ".so"
+static const char *modname[3] = { MOD(0), MOD(1), MOD(2) };
+#undef MOD
+
+static void
+open_mod (int i)
+{
+ mod[i] = xdlopen (modname[i], RTLD_LAZY);
+ printf ("open %s\n", modname[i]);
+}
+
+static void
+close_mod (int i)
+{
+ xdlclose (mod[i]);
+ mod[i] = NULL;
+ printf ("close %s\n", modname[i]);
+}
+
+static void
+access_mod (int i, const char *sym)
+{
+ int *(*f) (void) = xdlsym (mod[i], sym);
+ int *p = f ();
+ printf ("access %s: %s() = %p\n", modname[i], sym, p);
+ TEST_VERIFY_EXIT (p != NULL);
+ ++*p;
+}
+
+static void *
+start (void *arg)
+{
+ /* The DTV generation is at the last dlopen of mod0 and the
+ entry for mod1 is NULL. */
+
+ open_mod (1); /* Reuse modid of mod1. Uses dynamic TLS. */
+
+ /* DTV is unchanged: dlopen only updates the DTV to the latest
+ generation if static TLS is allocated for a loaded module.
+
+ With bug 29039, the TLSDESC relocation in mod1 uses the old
+ dlclose generation of mod1 instead of the new dlopen one so
+ DTV is not updated on TLS access. */
+
+ access_mod (1, "f1");
+
+ return arg;
+}
+
+static int
+do_test (void)
+{
+ open_mod (0);
+ open_mod (1);
+ open_mod (2);
+ close_mod (0);
+ close_mod (1); /* Create modid gap at mod1. */
+ open_mod (0); /* Reuse modid of mod0, bump generation count. */
+
+ /* Create a thread where DTV of mod1 is NULL. */
+ pthread_t t = xpthread_create (NULL, start, NULL);
+ xpthread_join (t);
+ return 0;
+}
+
+#include <support/test-driver.c>
--
2.33.0

53
elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch Normal file
View File

@ -0,0 +1,53 @@
From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Tue, 28 Nov 2023 15:23:07 +0900
Subject: [PATCH 2/9] elf: Fix TLS modid reuse generation assignment (BZ 29039)
_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but
does *not* do anything to the generation counter. The first time this
happens, the generation is zero and map_generation() returns the current
generation to be used during relocation processing. However, if
a slotinfo entry is later reused, it will already have a generation
assigned. If this generation has fallen behind the current global max
generation, then this causes an obsolete generation to be assigned
during relocation processing, as map_generation() returns this
generation if nonzero. _dl_add_to_slotinfo() eventually resets the
generation, but by then it is too late. This causes DTV updates to be
skipped, leading to NULL or broken TLS slot pointers and segfaults.
Fix this by resetting the generation to zero in _dl_assign_tls_modid(),
so it behaves the same as the first time a slot is assigned.
_dl_add_to_slotinfo() will still assign the correct static generation
later during module load, but relocation processing will no longer use
an obsolete generation.
Note that slotinfo entry (aka modid) reuse typically happens after a
dlclose and only TLS access via dynamic tlsdesc is affected. Because
tlsdesc is optimized to use the optional part of static TLS, dynamic
tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls
tunable to a large enough value, or by LD_PRELOAD-ing the affected
modules.
Fixes bug 29039.
Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59)
---
elf/dl-tls.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/elf/dl-tls.c b/elf/dl-tls.c
index 99b83ca696..1f6f820819 100644
--- a/elf/dl-tls.c
+++ b/elf/dl-tls.c
@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l)
{
/* Mark the entry as used, so any dependency see it. */
atomic_store_relaxed (&runp->slotinfo[result - disp].map, l);
+ atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0);
break;
}
--
2.33.0

36
getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch Normal file
View File

@ -0,0 +1,36 @@
From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Wed, 6 Dec 2023 14:48:22 +0100
Subject: [PATCH 8/9] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163)
When __resolv_context_get returns NULL due to out of memory, translate it
to a return value of EAI_MEMORY.
(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f)
---
sysdeps/posix/getaddrinfo.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 13082305d3..da573bea24 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
function variant. */
res_ctx = __resolv_context_get ();
if (res_ctx == NULL)
- no_more = 1;
+ {
+ if (errno == ENOMEM)
+ {
+ result = -EAI_MEMORY;
+ goto out;
+ }
+ no_more = 1;
+ }
while (!no_more)
{
--
2.33.0

14
glibc.spec
View File

@ -67,7 +67,7 @@
##############################################################################
Name: glibc
Version: 2.38
Release: 15
Release: 16
Summary: The GNU libc libraries
License: %{all_license}
URL: http://www.gnu.org/software/glibc/
@ -119,6 +119,15 @@ Patch30: 0003-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch
Patch31: sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch
Patch32: elf-Fix-wrong-break-removal-from-8ee878592c.patch
Patch33: backport-elf-Handle-non-directory-name-in-search-path-BZ-3103.patch
Patch34: LoongArch-Delete-excessively-allocated-memory.patch
Patch35: elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch
Patch36: elf-Add-TLS-modid-reuse-test-for-bug-29039.patch
Patch37: x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch
Patch38: x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch
Patch39: NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch
Patch40: NEWS-Mention-bug-fixes-for-30745-30843.patch
Patch41: getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch
Patch42: libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch
Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
Patch9001: locale-delete-no-hard-link-to-avoid-all_language-pac.patch
@ -1332,6 +1341,9 @@ fi
%endif
%changelog
* Wed Jan 3 Qingqing Li <liqingqing3@huawei.com> - 2.38-16
- backport patches from glibc upstream 2.38 branch
* Thu Dec 14 shixuantong <shixuantong1@huawei.com> - 2.38-15
- elf: Handle non-directory name in search path (BZ 31035)

48
libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch Normal file
View File

@ -0,0 +1,48 @@
From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 2 Jan 2024 14:36:17 +0100
Subject: [PATCH 9/9] libio: Check remaining buffer size in _IO_wdo_write (bug
31183)
The multibyte character needs to fit into the remaining buffer space,
not the already-written buffer space. Without the fix, we were never
moving the write pointer from the start of the buffer, always using
the single-character fallback buffer.
Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing
a multibyte character to an unbuffered stream (bug 17522)").
(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60)
---
NEWS | 1 +
libio/wfileops.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 905230b838..6768c2da6f 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,7 @@ The following bugs are resolved with this release:
-D_FILE_OFFSET_BITS=64
[30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
[30843] potential use-after-free in getcanonname (CVE-2023-4806)
+ [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix
[31184] FAIL: elf/tst-tlsgap
[31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
diff --git a/libio/wfileops.c b/libio/wfileops.c
index f16f6db1c3..9ab8f2e7f3 100644
--- a/libio/wfileops.c
+++ b/libio/wfileops.c
@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do)
char mb_buf[MB_LEN_MAX];
char *write_base, *write_ptr, *buf_end;
- if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf))
+ if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf))
{
/* Make sure we have room for at least one multibyte
character. */
--
2.33.0

68
x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch Normal file
View File

@ -0,0 +1,68 @@
From 35ea7549751d4f13a28c732e6ad68204f5e60a06 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 20 Dec 2023 16:31:43 -0800
Subject: [PATCH 4/9] x86-64: Fix the dtv field load for x32 [BZ #31184]
On x32, I got
FAIL: elf/tst-tlsgap
$ gdb elf/tst-tlsgap
...
open tst-tlsgap-mod1.so
Thread 2 "tst-tlsgap" received signal SIGSEGV, Segmentation fault.
[Switching to LWP 2268754]
_dl_tlsdesc_dynamic () at ../sysdeps/x86_64/dl-tlsdesc.S:108
108 movq (%rsi), %rax
(gdb) p/x $rsi
$4 = 0xf7dbf9005655fb18
(gdb)
This is caused by
_dl_tlsdesc_dynamic:
_CET_ENDBR
/* Preserve call-clobbered registers that we modify.
We need two scratch regs anyway. */
movq %rsi, -16(%rsp)
movq %fs:DTV_OFFSET, %rsi
Since the dtv field in TCB is a pointer, %fs:DTV_OFFSET is a 32-bit
location, not 64-bit. Load the dtv field to RSI_LP instead of rsi.
This fixes BZ #31184.
(cherry picked from commit 3502440397bbb840e2f7223734aa5cc2cc0e29b6)
---
NEWS | 1 +
sysdeps/x86_64/dl-tlsdesc.S | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 5ac488bf9b..71057e4793 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,7 @@ The following bugs are resolved with this release:
[30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-D_FILE_OFFSET_BITS=64
[30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
+ [31184] FAIL: elf/tst-tlsgap
Version 2.38
diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S
index 5593897e29..c4823547d7 100644
--- a/sysdeps/x86_64/dl-tlsdesc.S
+++ b/sysdeps/x86_64/dl-tlsdesc.S
@@ -102,7 +102,7 @@ _dl_tlsdesc_dynamic:
/* Preserve call-clobbered registers that we modify.
We need two scratch regs anyway. */
movq %rsi, -16(%rsp)
- movq %fs:DTV_OFFSET, %rsi
+ mov %fs:DTV_OFFSET, %RSI_LP
movq %rdi, -8(%rsp)
movq TLSDESC_ARG(%rax), %rdi
movq (%rsi), %rax
--
2.33.0

69
x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch Normal file
View File

@ -0,0 +1,69 @@
From 968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 20 Dec 2023 19:42:12 -0800
Subject: [PATCH 5/9] x86-64: Fix the tcb field load for x32 [BZ #31185]
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
...
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64. This
fixes BZ #31185.
(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
---
NEWS | 1 +
sysdeps/x86_64/dl-tlsdesc.S | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 71057e4793..6fbb8a9e1d 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,7 @@ The following bugs are resolved with this release:
-D_FILE_OFFSET_BITS=64
[30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
[31184] FAIL: elf/tst-tlsgap
+ [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
Version 2.38
diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S
index c4823547d7..4579424bf7 100644
--- a/sysdeps/x86_64/dl-tlsdesc.S
+++ b/sysdeps/x86_64/dl-tlsdesc.S
@@ -61,7 +61,7 @@ _dl_tlsdesc_return:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
- subq %fs:0, %rax
+ sub %fs:0, %RAX_LP
ret
cfi_endproc
.size _dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak
@@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic:
addq TLSDESC_MODOFF(%rdi), %rax
.Lret:
movq -16(%rsp), %rsi
- subq %fs:0, %rax
+ sub %fs:0, %RAX_LP
movq -8(%rsp), %rdi
ret
.Lslow:
--
2.33.0