1.1.24 release notes new features: - GLOB_TILDE extension to glob - non-stub catgets localization API, using netbsd binary catalog format - posix_spawn file actions for [f]chdir (extension, pending future standard) - secure_getenv function (extension) - copy_file_range syscall wrapper (Linux extension) - header-level support for new linux features in 5.2 performance: - new fast path for lrint (generic C version) on 32-bit archs major internal changes: - functions involving time are overhauled to be time64-ready in 32-bit archs - x32 uses the new time64 code paths to replace nasty hacks in syscall glue compatibility & conformance: - support for powerpc[64] unaligned relocation types - powerpc[64] and sh sys/user.h no longer clash with kernel asm/ptrace.h - select no longer modifies timeout on failure (or at all) - mips64 stat results are no longer limited to 32-bit time range - optreset (BSD extension) now has a public declaration - support for clang inconsistencies in wchar_t type vs some 32-bit archs - mips r6 syscall asm no longer has invalid lo/hi register clobbers - vestigial asm declarations of __tls_get_new are removed (broke some tooling) - riscv64 mcontext_t mismatch glibc's member naming is corrected bugs fixed: - glob failed to match broken symlinks consistently - invalid use of interposed calloc to allocate initial TLS - various dlsym symbol resolution logic errors - semctl with SEM_STAT_ANY didn't work - pthread_create with explicit scheduling was subject to priority inversion - pthread_create failure path had data race for thread count - timer_create with SIGEV_THREAD notification had data race getting timer id - wide printf family failed to support l modifier for float formats arch-specific bugs fixed: - x87 floating point stack imbalance in math asm (i386-only CVE-2019-14697) - x32 clock_adjtime, getrusage, wait3, wait4 produced junk (struct mismatches) - lseek broken on x32 and mipsn32 with large file offsets - riscv64 atomics weren't compiler barriers - riscv64 atomics had broken asm constraints (missing earlyclobber flag) - arm clone() was broken when compiled as thumb if start function returned - mipsr6 setjmp/longjmp did not preserve fpu register state correctly Refreshed all patches. Removed upstreamed. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>master
Koen Vandeputte
5 years ago
parent
4c92859945
commit
00f96dcddb
@ -1,136 +0,0 @@ |
||||
>From a57cd35acf26ba6202ed6534a57f496464f431a1 Mon Sep 17 00:00:00 2001
|
||||
From: Szabolcs Nagy <nsz@port70.net>
|
||||
Date: Sat, 10 Aug 2019 23:14:40 +0000
|
||||
Subject: [PATCH] make relocation time symbol lookup and dlsym consistent
|
||||
|
||||
Using common code path for all symbol lookups fixes three dlsym issues:
|
||||
|
||||
- st_shndx of STT_TLS symbols were not checked and thus an undefined
|
||||
tls symbol reference could be incorrectly treated as a definition
|
||||
(the sysv hash lookup returns undefined symbols, gnu does not, so should
|
||||
be rare in practice).
|
||||
|
||||
- symbol binding was not checked so a hidden symbol may be returned
|
||||
(in principle STB_LOCAL symbols may appear in the dynamic symbol table
|
||||
for hidden symbols, but linkers most likely don't produce it).
|
||||
|
||||
- mips specific behaviour was not applied (ARCH_SYM_REJECT_UND) so
|
||||
undefined symbols may be returned on mips.
|
||||
|
||||
always_inline is used to avoid relocation performance regression, the
|
||||
code generation for find_sym should not be affected.
|
||||
---
|
||||
ldso/dynlink.c | 84 +++++++++++++++++++-------------------------------
|
||||
1 file changed, 31 insertions(+), 53 deletions(-)
|
||||
|
||||
--- a/ldso/dynlink.c
|
||||
+++ b/ldso/dynlink.c
|
||||
@@ -283,12 +283,16 @@ static Sym *gnu_lookup_filtered(uint32_t
|
||||
#define ARCH_SYM_REJECT_UND(s) 0
|
||||
#endif
|
||||
|
||||
-static struct symdef find_sym(struct dso *dso, const char *s, int need_def)
|
||||
+#if defined(__GNUC__)
|
||||
+__attribute__((always_inline))
|
||||
+#endif
|
||||
+static inline struct symdef find_sym2(struct dso *dso, const char *s, int need_def, int use_deps)
|
||||
{
|
||||
uint32_t h = 0, gh = gnu_hash(s), gho = gh / (8*sizeof(size_t)), *ght;
|
||||
size_t ghm = 1ul << gh % (8*sizeof(size_t));
|
||||
struct symdef def = {0};
|
||||
- for (; dso; dso=dso->syms_next) {
|
||||
+ struct dso **deps = use_deps ? dso->deps : 0;
|
||||
+ for (; dso; dso=use_deps ? *deps++ : dso->syms_next) {
|
||||
Sym *sym;
|
||||
if ((ght = dso->ghashtab)) {
|
||||
sym = gnu_lookup_filtered(gh, ght, dso, s, gho, ghm);
|
||||
@@ -313,6 +317,11 @@ static struct symdef find_sym(struct dso
|
||||
return def;
|
||||
}
|
||||
|
||||
+static struct symdef find_sym(struct dso *dso, const char *s, int need_def)
|
||||
+{
|
||||
+ return find_sym2(dso, s, need_def, 0);
|
||||
+}
|
||||
+
|
||||
static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stride)
|
||||
{
|
||||
unsigned char *base = dso->base;
|
||||
@@ -2118,58 +2127,27 @@ static void *addr2dso(size_t a)
|
||||
|
||||
static void *do_dlsym(struct dso *p, const char *s, void *ra)
|
||||
{
|
||||
- size_t i;
|
||||
- uint32_t h = 0, gh = 0, *ght;
|
||||
- Sym *sym;
|
||||
- if (p == head || p == RTLD_DEFAULT || p == RTLD_NEXT) {
|
||||
- if (p == RTLD_DEFAULT) {
|
||||
- p = head;
|
||||
- } else if (p == RTLD_NEXT) {
|
||||
- p = addr2dso((size_t)ra);
|
||||
- if (!p) p=head;
|
||||
- p = p->next;
|
||||
- }
|
||||
- struct symdef def = find_sym(p, s, 0);
|
||||
- if (!def.sym) goto failed;
|
||||
- if ((def.sym->st_info&0xf) == STT_TLS)
|
||||
- return __tls_get_addr((tls_mod_off_t []){def.dso->tls_id, def.sym->st_value-DTP_OFFSET});
|
||||
- if (DL_FDPIC && (def.sym->st_info&0xf) == STT_FUNC)
|
||||
- return def.dso->funcdescs + (def.sym - def.dso->syms);
|
||||
- return laddr(def.dso, def.sym->st_value);
|
||||
- }
|
||||
- if (__dl_invalid_handle(p))
|
||||
+ int use_deps = 0;
|
||||
+ if (p == head || p == RTLD_DEFAULT) {
|
||||
+ p = head;
|
||||
+ } else if (p == RTLD_NEXT) {
|
||||
+ p = addr2dso((size_t)ra);
|
||||
+ if (!p) p=head;
|
||||
+ p = p->next;
|
||||
+ } else if (__dl_invalid_handle(p)) {
|
||||
+ return 0;
|
||||
+ } else
|
||||
+ use_deps = 1;
|
||||
+ struct symdef def = find_sym2(p, s, 0, use_deps);
|
||||
+ if (!def.sym) {
|
||||
+ error("Symbol not found: %s", s);
|
||||
return 0;
|
||||
- if ((ght = p->ghashtab)) {
|
||||
- gh = gnu_hash(s);
|
||||
- sym = gnu_lookup(gh, ght, p, s);
|
||||
- } else {
|
||||
- h = sysv_hash(s);
|
||||
- sym = sysv_lookup(s, h, p);
|
||||
- }
|
||||
- if (sym && (sym->st_info&0xf) == STT_TLS)
|
||||
- return __tls_get_addr((tls_mod_off_t []){p->tls_id, sym->st_value-DTP_OFFSET});
|
||||
- if (DL_FDPIC && sym && sym->st_shndx && (sym->st_info&0xf) == STT_FUNC)
|
||||
- return p->funcdescs + (sym - p->syms);
|
||||
- if (sym && sym->st_value && (1<<(sym->st_info&0xf) & OK_TYPES))
|
||||
- return laddr(p, sym->st_value);
|
||||
- for (i=0; p->deps[i]; i++) {
|
||||
- if ((ght = p->deps[i]->ghashtab)) {
|
||||
- if (!gh) gh = gnu_hash(s);
|
||||
- sym = gnu_lookup(gh, ght, p->deps[i], s);
|
||||
- } else {
|
||||
- if (!h) h = sysv_hash(s);
|
||||
- sym = sysv_lookup(s, h, p->deps[i]);
|
||||
- }
|
||||
- if (sym && (sym->st_info&0xf) == STT_TLS)
|
||||
- return __tls_get_addr((tls_mod_off_t []){p->deps[i]->tls_id, sym->st_value-DTP_OFFSET});
|
||||
- if (DL_FDPIC && sym && sym->st_shndx && (sym->st_info&0xf) == STT_FUNC)
|
||||
- return p->deps[i]->funcdescs + (sym - p->deps[i]->syms);
|
||||
- if (sym && sym->st_value && (1<<(sym->st_info&0xf) & OK_TYPES))
|
||||
- return laddr(p->deps[i], sym->st_value);
|
||||
}
|
||||
-failed:
|
||||
- error("Symbol not found: %s", s);
|
||||
- return 0;
|
||||
+ if ((def.sym->st_info&0xf) == STT_TLS)
|
||||
+ return __tls_get_addr((tls_mod_off_t []){def.dso->tls_id, def.sym->st_value-DTP_OFFSET});
|
||||
+ if (DL_FDPIC && (def.sym->st_info&0xf) == STT_FUNC)
|
||||
+ return def.dso->funcdescs + (def.sym - def.dso->syms);
|
||||
+ return laddr(def.dso, def.sym->st_value);
|
||||
}
|
||||
|
||||
int dladdr(const void *addr_arg, Dl_info *info)
|
||||
@ -1,179 +0,0 @@ |
||||
From f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441 Mon Sep 17 00:00:00 2001
|
||||
From: Rich Felker <dalias@aerifal.cx>
|
||||
Date: Mon, 5 Aug 2019 18:41:47 -0400
|
||||
Subject: fix x87 stack imbalance in corner cases of i386 math asm
|
||||
|
||||
commit 31c5fb80b9eae86f801be4f46025bc6532a554c5 introduced underflow
|
||||
code paths for the i386 math asm, along with checks on the fpu status
|
||||
word to skip the underflow-generation instructions if the underflow
|
||||
flag was already raised. unfortunately, at least one such path, in
|
||||
log1p, returned with 2 items on the x87 stack rather than just 1 item
|
||||
for the return value. this is a violation of the ABI's calling
|
||||
convention, and could cause subsequent floating point code to produce
|
||||
NANs due to x87 stack overflow. if floating point results are used in
|
||||
flow control, this can lead to runaway wrong code execution.
|
||||
|
||||
rather than reviewing each "underflow already raised" code path for
|
||||
correctness, remove them all. they're likely slower than just
|
||||
performing the underflow code unconditionally, and significantly more
|
||||
complex.
|
||||
|
||||
all of this code should be ripped out and replaced by C source files
|
||||
with inline asm. doing so would preclude this kind of error by having
|
||||
the compiler perform all x87 stack register allocation and stack
|
||||
manipulation, and would produce comparable or better code. however
|
||||
such a change is a much larger project.
|
||||
---
|
||||
src/math/i386/asin.s | 10 ++--------
|
||||
src/math/i386/atan.s | 7 ++-----
|
||||
src/math/i386/atan2.s | 5 +----
|
||||
src/math/i386/atan2f.s | 5 +----
|
||||
src/math/i386/atanf.s | 7 ++-----
|
||||
src/math/i386/exp.s | 10 ++--------
|
||||
src/math/i386/log1p.s | 7 ++-----
|
||||
src/math/i386/log1pf.s | 7 ++-----
|
||||
8 files changed, 14 insertions(+), 44 deletions(-)
|
||||
|
||||
--- a/src/math/i386/asin.s
|
||||
+++ b/src/math/i386/asin.s
|
||||
@@ -7,13 +7,10 @@ asinf:
|
||||
cmp $0x01000000,%eax
|
||||
jae 1f
|
||||
# subnormal x, return x with underflow
|
||||
- fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 2f
|
||||
fld %st(0)
|
||||
fmul %st(1)
|
||||
fstps 4(%esp)
|
||||
-2: ret
|
||||
+ ret
|
||||
|
||||
.global asinl
|
||||
.type asinl,@function
|
||||
@@ -30,11 +27,8 @@ asin:
|
||||
cmp $0x00200000,%eax
|
||||
jae 1f
|
||||
# subnormal x, return x with underflow
|
||||
- fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 2f
|
||||
fsts 4(%esp)
|
||||
-2: ret
|
||||
+ ret
|
||||
1: fld %st(0)
|
||||
fld1
|
||||
fsub %st(0),%st(1)
|
||||
--- a/src/math/i386/atan.s
|
||||
+++ b/src/math/i386/atan.s
|
||||
@@ -10,8 +10,5 @@ atan:
|
||||
fpatan
|
||||
ret
|
||||
# subnormal x, return x with underflow
|
||||
-1: fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 2f
|
||||
- fsts 4(%esp)
|
||||
-2: ret
|
||||
+1: fsts 4(%esp)
|
||||
+ ret
|
||||
--- a/src/math/i386/atan2.s
|
||||
+++ b/src/math/i386/atan2.s
|
||||
@@ -10,8 +10,5 @@ atan2:
|
||||
cmp $0x00200000,%eax
|
||||
jae 1f
|
||||
# subnormal x, return x with underflow
|
||||
- fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 1f
|
||||
fsts 4(%esp)
|
||||
-1: ret
|
||||
+ ret
|
||||
--- a/src/math/i386/atan2f.s
|
||||
+++ b/src/math/i386/atan2f.s
|
||||
@@ -10,10 +10,7 @@ atan2f:
|
||||
cmp $0x01000000,%eax
|
||||
jae 1f
|
||||
# subnormal x, return x with underflow
|
||||
- fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 1f
|
||||
fld %st(0)
|
||||
fmul %st(1)
|
||||
fstps 4(%esp)
|
||||
-1: ret
|
||||
+ ret
|
||||
--- a/src/math/i386/atanf.s
|
||||
+++ b/src/math/i386/atanf.s
|
||||
@@ -10,10 +10,7 @@ atanf:
|
||||
fpatan
|
||||
ret
|
||||
# subnormal x, return x with underflow
|
||||
-1: fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 2f
|
||||
- fld %st(0)
|
||||
+1: fld %st(0)
|
||||
fmul %st(1)
|
||||
fstps 4(%esp)
|
||||
-2: ret
|
||||
+ ret
|
||||
--- a/src/math/i386/exp.s
|
||||
+++ b/src/math/i386/exp.s
|
||||
@@ -7,13 +7,10 @@ expm1f:
|
||||
cmp $0x01000000,%eax
|
||||
jae 1f
|
||||
# subnormal x, return x with underflow
|
||||
- fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 2f
|
||||
fld %st(0)
|
||||
fmul %st(1)
|
||||
fstps 4(%esp)
|
||||
-2: ret
|
||||
+ ret
|
||||
|
||||
.global expm1l
|
||||
.type expm1l,@function
|
||||
@@ -30,11 +27,8 @@ expm1:
|
||||
cmp $0x00200000,%eax
|
||||
jae 1f
|
||||
# subnormal x, return x with underflow
|
||||
- fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 2f
|
||||
fsts 4(%esp)
|
||||
-2: ret
|
||||
+ ret
|
||||
1: fldl2e
|
||||
fmulp
|
||||
mov $0xc2820000,%eax
|
||||
--- a/src/math/i386/log1p.s
|
||||
+++ b/src/math/i386/log1p.s
|
||||
@@ -16,9 +16,6 @@ log1p:
|
||||
fyl2x
|
||||
ret
|
||||
# subnormal x, return x with underflow
|
||||
-2: fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 1f
|
||||
- fsts 4(%esp)
|
||||
+2: fsts 4(%esp)
|
||||
fstp %st(1)
|
||||
-1: ret
|
||||
+ ret
|
||||
--- a/src/math/i386/log1pf.s
|
||||
+++ b/src/math/i386/log1pf.s
|
||||
@@ -16,10 +16,7 @@ log1pf:
|
||||
fyl2x
|
||||
ret
|
||||
# subnormal x, return x with underflow
|
||||
-2: fnstsw %ax
|
||||
- and $16,%ax
|
||||
- jnz 1f
|
||||
- fxch
|
||||
+2: fxch
|
||||
fmul %st(1)
|
||||
fstps 4(%esp)
|
||||
-1: ret
|
||||
+ ret
|
||||
@ -1,28 +0,0 @@ |
||||
From 6818c31c9bc4bbad5357f1de14bedf781e5b349e Mon Sep 17 00:00:00 2001
|
||||
From: Rich Felker <dalias@aerifal.cx>
|
||||
Date: Mon, 5 Aug 2019 19:57:07 -0400
|
||||
Subject: fix build regression in i386 asm for atan2, atan2f
|
||||
|
||||
commit f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441 inadvertently removed
|
||||
labels that were still needed.
|
||||
---
|
||||
src/math/i386/atan2.s | 2 +-
|
||||
src/math/i386/atan2f.s | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/src/math/i386/atan2.s
|
||||
+++ b/src/math/i386/atan2.s
|
||||
@@ -11,4 +11,4 @@ atan2:
|
||||
jae 1f
|
||||
# subnormal x, return x with underflow
|
||||
fsts 4(%esp)
|
||||
- ret
|
||||
+1: ret
|
||||
--- a/src/math/i386/atan2f.s
|
||||
+++ b/src/math/i386/atan2f.s
|
||||
@@ -13,4 +13,4 @@ atan2f:
|
||||
fld %st(0)
|
||||
fmul %st(1)
|
||||
fstps 4(%esp)
|
||||
- ret
|
||||
+1: ret
|
||||
Loading…
Reference in new issue