glibc/x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch

From 968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 20 Dec 2023 19:42:12 -0800
Subject: [PATCH 5/9] x86-64: Fix the tcb field load for x32 [BZ #31185]

_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:

_dl_tlsdesc_undefweak:
        _CET_ENDBR
        movq    8(%rax), %rax
        subq    %fs:0, %rax
        ret

_dl_tlsdesc_dynamic:
	...
        subq    %fs:0, %rax
        movq    -8(%rsp), %rdi
        ret

Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead.  Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64.  This
fixes BZ #31185.

(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
---
 NEWS                        | 1 +
 sysdeps/x86_64/dl-tlsdesc.S | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 71057e4793..6fbb8a9e1d 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,7 @@ The following bugs are resolved with this release:
     -D_FILE_OFFSET_BITS=64
   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
   [31184] FAIL: elf/tst-tlsgap
+  [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
 
 
 Version 2.38
diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S
index c4823547d7..4579424bf7 100644
--- a/sysdeps/x86_64/dl-tlsdesc.S
+++ b/sysdeps/x86_64/dl-tlsdesc.S
@@ -61,7 +61,7 @@ _dl_tlsdesc_return:
 _dl_tlsdesc_undefweak:
 	_CET_ENDBR
 	movq	8(%rax), %rax
-	subq	%fs:0, %rax
+	sub	%fs:0, %RAX_LP
 	ret
 	cfi_endproc
 	.size	_dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak
@@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic:
 	addq	TLSDESC_MODOFF(%rdi), %rax
 .Lret:
 	movq	-16(%rsp), %rsi
-	subq	%fs:0, %rax
+	sub	%fs:0, %RAX_LP
 	movq	-8(%rsp), %rdi
 	ret
 .Lslow:
-- 
2.33.0