vapier 16/02/16 20:39:04
Modified: README.history
Added: 00_all_0027-BZ-18796.patch
00_all_0028-strcoll-Remove-incorrect-STRDIFF-based-optimization-.patch
00_all_0029-Harden-tls_dtor_list-with-pointer-mangling-BZ-19018.patch
00_all_0030-PowerPC-Fix-a-race-condition-when-eliding-a-lock.patch
00_all_0031-Keep-only-ELF_RTYPE_CLASS_-PLT-COPY-bits-for-prelink.patch
00_all_0032-Better-workaround-for-aliases-of-_finite-symbols-in-.patch
00_all_0033-Corrected-path-to-installed-libmvec_nonshared.a.patch
00_all_0034-powerpc-Fix-usage-of-elision-transient-failure-adapt.patch
00_all_0035-alpha-hppa-fix-libc.abilist-sorting-wrt-fmemopen.patch
00_all_0036-Fix-BZ-17905.patch
00_all_0037-Fix-BZ-18985-out-of-range-data-to-strftime-causes-a-.patch
00_all_0038-Gracefully-handle-incompatible-locale-data.patch
00_all_0039-Handle-overflow-in-__hcreate_r.patch
00_all_0040-Improve-check-against-integer-wraparound-in-hcreate_.patch
10_all_glibc-CVE-2015-7547.patch
Log:
misc upstream fixes
Revision Changes Path
1.10 src/patchsets/glibc/2.22/README.history
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/README.history?rev=1.10&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/README.history?rev=1.10&content-type=text/plain
diff :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/README.history?r1=1.9&r2=1.10
Index: README.history
===================================================================
RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.22/README.history,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- README.history 17 Oct 2015 04:54:52 -0000 1.9
+++ README.history 16 Feb 2016 20:39:04 -0000 1.10
@@ -1,3 +1,20 @@
+10 16 Feb 2016
+ + 00_all_0027-BZ-18796.patch
+ + 00_all_0028-strcoll-Remove-incorrect-STRDIFF-based-optimization-.patch
+ + 00_all_0029-Harden-tls_dtor_list-with-pointer-mangling-BZ-19018.patch
+ + 00_all_0030-PowerPC-Fix-a-race-condition-when-eliding-a-lock.patch
+ + 00_all_0031-Keep-only-ELF_RTYPE_CLASS_-PLT-COPY-bits-for-prelink.patch
+ + 00_all_0032-Better-workaround-for-aliases-of-_finite-symbols-in-.patch
+ + 00_all_0033-Corrected-path-to-installed-libmvec_nonshared.a.patch
+ + 00_all_0034-powerpc-Fix-usage-of-elision-transient-failure-adapt.patch
+ + 00_all_0035-alpha-hppa-fix-libc.abilist-sorting-wrt-fmemopen.patch
+ + 00_all_0036-Fix-BZ-17905.patch
+ + 00_all_0037-Fix-BZ-18985-out-of-range-data-to-strftime-causes-a-.patch
+ + 00_all_0038-Gracefully-handle-incompatible-locale-data.patch
+ + 00_all_0039-Handle-overflow-in-__hcreate_r.patch
+ + 00_all_0040-Improve-check-against-integer-wraparound-in-hcreate_.patch
+ + 10_all_glibc-CVE-2015-7547.patch
+
9 17 Oct 2015
+ 00_all_0023-Fix-non-v9-32-bit-sparc-build.patch
+ 00_all_0024-BZ-18921-Fix-opendir-inverted-o_directory_works-test.patch
1.1 src/patchsets/glibc/2.22/00_all_0027-BZ-18796.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0027-BZ-18796.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0027-BZ-18796.patch?rev=1.1&content-type=text/plain
Index: 00_all_0027-BZ-18796.patch
===================================================================
>From 68baefe5b845e0a035ccc393d32a128542ea837b Mon Sep 17 00:00:00 2001
From: Andrew Senkevich <[email protected]>
Date: Wed, 19 Aug 2015 19:02:32 +0300
Subject: [PATCH] [BZ #18796] * scripts/test-installation.pl: Don't add
-lmvec to build options if libmvec wasn't built. * NEWS: Mention this
fix.
(cherry picked from commit 9031106ea063f0476bdabf3f5ec22758cdcf987b)
---
scripts/test-installation.pl | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/scripts/test-installation.pl b/scripts/test-installation.pl
index cac1562..79b2b3e 100755
--- a/scripts/test-installation.pl
+++ b/scripts/test-installation.pl
@@ -80,16 +80,25 @@ arglist: while (@ARGV) {
# We expect none or one argument.
if ($#ARGV == -1) {
$soversions="soversions.mk";
+ $config="config.make";
} elsif ($#ARGV == 0) {
if (-d $ARGV[0]) {
$soversions = "$ARGV[0]/soversions.mk";
+ $config = "$ARGV[0]/config.make";
} else {
- $soversions = $ARGV[0];
+ $soversions = $dir = $ARGV[0];
+ $dir =~ s!/?[^/]*/*$!!;
+ $config = $dir . "/config.make";
}
} else {
die "Wrong number of arguments.";
}
+if (system ("grep -q \"build-mathvec = yes\" $config") == 0) {
+ $build_mathvec = 1;
+} else {
+ $build_mathvec = 0;
+}
# Read names and versions of all shared libraries that are part of
# glibc
@@ -111,6 +120,8 @@ while (<SOVERSIONS>) {
# - libthread_db since it contains unresolved references
# - it's just a test NSS module
# - We don't provide the libgcc so we don't test it
+ # - libmvec if it wasn't built
+ next if ($build_mathvec == 0 && $name eq "mvec");
if ($name ne "nss_ldap" && $name ne "db1"
&& !($name =~/^nss1_/) && $name ne "thread_db"
&& $name ne "nss_test1" && $name ne "libgcc_s") {
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0028-strcoll-Remove-incorrect-STRDIFF-based-optimization-.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0028-strcoll-Remove-incorrect-STRDIFF-based-optimization-.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0028-strcoll-Remove-incorrect-STRDIFF-based-optimization-.patch?rev=1.1&content-type=text/plain
Index: 00_all_0028-strcoll-Remove-incorrect-STRDIFF-based-optimization-.patch
===================================================================
>From d717c3fd0e1a5bf9a2fdb61234363ce805fcc148 Mon Sep 17 00:00:00 2001
From: Carlos O'Donell <[email protected]>
Date: Thu, 8 Oct 2015 16:34:53 -0400
Subject: [PATCH] strcoll: Remove incorrect STRDIFF-based optimization (Bug
18589).
The optimization introduced in commit
f13c2a8dff2329c6692a80176262ceaaf8a6f74e, causes regressions in
sorting for languages that have digraphs that change sort order, like
cs_CZ which sorts ch between h and i.
My analysis shows the fast-forwarding optimization in STRCOLL advances
through a digraph while possibly stopping in the middle which results
in a subsequent skipping of the digraph and incorrect sorting. The
optimization is incorrect as implemented and because of that I'm
removing it for 2.23, and I will also commit this fix for 2.22 where
it was originally introduced.
This patch reverts the optimization, introduces a new bug-strcoll2.c
regression test that tests both cs_CZ.UTF-8 and da_DK.ISO-8859-1 and
ensures they sort one digraph each correctly. The optimization can't be
applied without regressing this test.
Checked on x86_64, bug-strcoll2.c fails without this patch and passes
after. This will also get a fix on 2.22 which has the same bug.
(cherry picked from commit 87701a58e291bd7ac3b407d10a829dac52c9c16e)
(cherry picked from commit 6c84109cfa26f35c3dfed3acb97d347361bd5849)
---
locale/C-collate.c | 4 +-
locale/categories.def | 1 -
locale/langinfo.h | 1 -
locale/localeinfo.h | 8 ----
locale/programs/ld-collate.c | 9 -----
string/bug-strcoll2.c | 93 ++++++++++++++++++++++++++++++++++++++++++++
string/strcoll_l.c | 38 +-----------------
wcsmbs/wcscoll_l.c | 1 -
8 files changed, 95 insertions(+), 60 deletions(-)
create mode 100644 string/bug-strcoll2.c
diff --git a/locale/C-collate.c b/locale/C-collate.c
index d7f3c55..06dfdfa 100644
--- a/locale/C-collate.c
+++ b/locale/C-collate.c
@@ -144,8 +144,6 @@ const struct __locale_data _nl_C_LC_COLLATE
attribute_hidden =
/* _NL_COLLATE_COLLSEQWC */
{ .string = (const char *) collseqwc },
/* _NL_COLLATE_CODESET */
- { .string = _nl_C_codeset },
- /* _NL_COLLATE_ENCODING_TYPE */
- { .word = __cet_8bit }
+ { .string = _nl_C_codeset }
}
};
diff --git a/locale/categories.def b/locale/categories.def
index 045489d..a8dda53 100644
--- a/locale/categories.def
+++ b/locale/categories.def
@@ -58,7 +58,6 @@ DEFINE_CATEGORY
DEFINE_ELEMENT (_NL_COLLATE_COLLSEQMB, "collate-collseqmb",
std, wstring)
DEFINE_ELEMENT (_NL_COLLATE_COLLSEQWC, "collate-collseqwc",
std, wstring)
DEFINE_ELEMENT (_NL_COLLATE_CODESET, "collate-codeset",
std, string)
- DEFINE_ELEMENT (_NL_COLLATE_ENCODING_TYPE, "collate-encoding-type",
std, word)
), NO_POSTLOAD)
diff --git a/locale/langinfo.h b/locale/langinfo.h
index ffc5c7f..a565d9d 100644
--- a/locale/langinfo.h
+++ b/locale/langinfo.h
@@ -255,7 +255,6 @@ enum
_NL_COLLATE_COLLSEQMB,
_NL_COLLATE_COLLSEQWC,
_NL_COLLATE_CODESET,
- _NL_COLLATE_ENCODING_TYPE,
_NL_NUM_LC_COLLATE,
/* LC_CTYPE category: character classification.
diff --git a/locale/localeinfo.h b/locale/localeinfo.h
index bdab9fe..1d2ee00 100644
--- a/locale/localeinfo.h
+++ b/locale/localeinfo.h
@@ -110,14 +110,6 @@ enum coll_sort_rule
sort_mask
};
-/* Collation encoding type. */
-enum collation_encoding_type
-{
- __cet_other,
- __cet_8bit,
- __cet_utf8
-};
-
/* We can map the types of the entries into a few categories. */
enum value_type
{
diff --git a/locale/programs/ld-collate.c b/locale/programs/ld-collate.c
index a39a94f..dc0fe30 100644
--- a/locale/programs/ld-collate.c
+++ b/locale/programs/ld-collate.c
@@ -32,7 +32,6 @@
#include "linereader.h"
#include "locfile.h"
#include "elem-hash.h"
-#include "../localeinfo.h"
/* Uncomment the following line in the production version. */
/* #define NDEBUG 1 */
@@ -2131,8 +2130,6 @@ collate_output (struct localedef_t *locale, const struct
charmap_t *charmap,
/* The words have to be handled specially. */
if (idx == _NL_ITEM_INDEX (_NL_COLLATE_SYMB_HASH_SIZEMB))
add_locale_uint32 (&file, 0);
- else if (idx == _NL_ITEM_INDEX (_NL_COLLATE_ENCODING_TYPE))
- add_locale_uint32 (&file, __cet_other);
else
add_locale_empty (&file);
}
@@ -2496,12 +2493,6 @@ collate_output (struct localedef_t *locale, const struct
charmap_t *charmap,
add_locale_raw_data (&file, collate->mbseqorder, 256);
add_locale_collseq_table (&file, &collate->wcseqorder);
add_locale_string (&file, charmap->code_set_name);
- if (strcmp (charmap->code_set_name, "UTF-8") == 0)
- add_locale_uint32 (&file, __cet_utf8);
- else if (charmap->mb_cur_max == 1)
- add_locale_uint32 (&file, __cet_8bit);
- else
- add_locale_uint32 (&file, __cet_other);
write_locale_data (output_path, LC_COLLATE, "LC_COLLATE", &file);
obstack_free (&weightpool, NULL);
diff --git a/string/bug-strcoll2.c b/string/bug-strcoll2.c
new file mode 100644
index 0000000..5ce2f94
--- /dev/null
+++ b/string/bug-strcoll2.c
@@ -0,0 +1,93 @@
+/* Bug 18589: sort-test.sh fails at random.
+ Copyright (C) 1998-2015 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+ Contributed by Ulrich Drepper <[email protected]>, 1998.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stdio.h>
+#include <string.h>
+#include <locale.h>
+
+/* An incorrect strcoll optimization resulted in incorrect
+ results from strcoll for cs_CZ and da_DK. */
+
+int
+test_cs_CZ (void)
+{
+ const char t1[] = "config";
+ const char t2[] = "choose";
+ if (setlocale (LC_ALL, "cs_CZ.UTF-8") == NULL)
+ {
+ perror ("setlocale");
+ return 1;
+ }
+ /* In Czech the digraph ch sorts after c, therefore we expect
+ config to sort before choose. */
+ int a = strcoll (t1, t2);
+ int b = strcoll (t2, t1);
+ printf ("strcoll (\"%s\", \"%s\") = %d\n", t1, t2, a);
+ printf ("strcoll (\"%s\", \"%s\") = %d\n", t2, t1, b);
+ if (a < 0 && b > 0)
+ {
+ puts ("PASS: config < choose");
+ return 0;
+ }
+ else
+ {
+ puts ("FAIL: Wrong sorting in cz_CZ.UTF-8.");
+ return 1;
+ }
+}
+
+int
+test_da_DK (void)
+{
+ const char t1[] = "AS";
+ const char t2[] = "AA";
+ if (setlocale (LC_ALL, "da_DK.ISO-8859-1") == NULL)
+ {
+ perror ("setlocale");
+ return 1;
+ }
+ /* AA should be treated as the last letter of the Danish alphabet,
+ hence sorting after AS. */
+ int a = strcoll (t1, t2);
+ int b = strcoll (t2, t1);
+ printf ("strcoll (\"%s\", \"%s\") = %d\n", t1, t2, a);
+ printf ("strcoll (\"%s\", \"%s\") = %d\n", t2, t1, b);
+ if (a < 0 && b > 0)
+ {
+ puts ("PASS: AS < AA");
+ return 0;
+ }
+ else
+ {
+ puts ("FAIL: Wrong sorting in da_DK.ISO-8859-1");
+ return 1;
+ }
+}
+
+static int
+do_test (void)
+{
+ int err = 0;
+ err |= test_cs_CZ ();
+ err |= test_da_DK ();
+ return err;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/string/strcoll_l.c b/string/strcoll_l.c
index 8f1225f..35bc0e4 100644
--- a/string/strcoll_l.c
+++ b/string/strcoll_l.c
@@ -29,7 +29,6 @@
# define STRING_TYPE char
# define USTRING_TYPE unsigned char
# define STRCOLL __strcoll_l
-# define STRDIFF __strdiff
# define STRCMP strcmp
# define WEIGHT_H "../locale/weight.h"
# define SUFFIX MB
@@ -42,20 +41,6 @@
#include "../locale/localeinfo.h"
#include WEIGHT_H
-#define MASK_UTF8_7BIT (1 << 7)
-#define MASK_UTF8_START (3 << 6)
-
-size_t
-STRDIFF (const STRING_TYPE *s, const STRING_TYPE *t)
-{
- size_t n;
-
- for (n = 0; *s != '\0' && *s++ == *t++; ++n)
- continue;
-
- return n;
-}
-
/* Track status while looking for sequences in a string. */
typedef struct
{
@@ -269,29 +254,9 @@ STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2,
__locale_t l)
const USTRING_TYPE *extra;
const int32_t *indirect;
- /* In case there is no locale specific sort order (C / POSIX). */
if (nrules == 0)
return STRCMP (s1, s2);
- /* Fast forward to the position of the first difference. Needs to be
- encoding aware as the byte-by-byte comparison can stop in the middle
- of a char sequence for multibyte encodings like UTF-8. */
- uint_fast32_t encoding =
- current->values[_NL_ITEM_INDEX (_NL_COLLATE_ENCODING_TYPE)].word;
- if (encoding != __cet_other)
- {
- size_t diff = STRDIFF (s1, s2);
- if (diff > 0)
- {
- if (encoding == __cet_utf8 && (*(s1 + diff) & MASK_UTF8_7BIT) != 0)
- do
- diff--;
- while (diff > 0 && (*(s1 + diff) & MASK_UTF8_START) !=
MASK_UTF8_START);
- s1 += diff;
- s2 += diff;
- }
- }
-
/* Catch empty strings. */
if (__glibc_unlikely (*s1 == '\0') || __glibc_unlikely (*s2 == '\0'))
return (*s1 != '\0') - (*s2 != '\0');
@@ -358,8 +323,7 @@ STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2,
__locale_t l)
byte-level comparison to ensure that we don't waste time
going through multiple passes for totally equal strings
before proceeding to subsequent passes. */
- if (pass == 0 && encoding == __cet_other &&
- STRCMP (s1, s2) == 0)
+ if (pass == 0 && STRCMP (s1, s2) == 0)
return result;
else
break;
diff --git a/wcsmbs/wcscoll_l.c b/wcsmbs/wcscoll_l.c
index 6d9384a..87f240d 100644
--- a/wcsmbs/wcscoll_l.c
+++ b/wcsmbs/wcscoll_l.c
@@ -23,7 +23,6 @@
#define STRING_TYPE wchar_t
#define USTRING_TYPE wint_t
#define STRCOLL __wcscoll_l
-#define STRDIFF __wcsdiff
#define STRCMP __wcscmp
#define WEIGHT_H "../locale/weightwc.h"
#define SUFFIX WC
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0029-Harden-tls_dtor_list-with-pointer-mangling-BZ-19018.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0029-Harden-tls_dtor_list-with-pointer-mangling-BZ-19018.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0029-Harden-tls_dtor_list-with-pointer-mangling-BZ-19018.patch?rev=1.1&content-type=text/plain
Index: 00_all_0029-Harden-tls_dtor_list-with-pointer-mangling-BZ-19018.patch
===================================================================
>From 0f74aed2de00dfbcae8e0217d6abdd5634e1c69c Mon Sep 17 00:00:00 2001
From: Florian Weimer <[email protected]>
Date: Tue, 6 Oct 2015 13:12:36 +0200
Subject: [PATCH] Harden tls_dtor_list with pointer mangling [BZ #19018]
(cherry picked from commit f586e1328681b400078c995a0bb6ad301ef73549)
(cherry picked from commit 5fb7924cb6cf606ce865122e5bbac9df934db14e)
---
stdlib/cxa_thread_atexit_impl.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/stdlib/cxa_thread_atexit_impl.c b/stdlib/cxa_thread_atexit_impl.c
index 2d5d56a..5717f09 100644
--- a/stdlib/cxa_thread_atexit_impl.c
+++ b/stdlib/cxa_thread_atexit_impl.c
@@ -98,6 +98,10 @@ static __thread struct link_map *lm_cache;
int
__cxa_thread_atexit_impl (dtor_func func, void *obj, void *dso_symbol)
{
+#ifdef PTR_MANGLE
+ PTR_MANGLE (func);
+#endif
+
/* Prepend. */
struct dtor_list *new = calloc (1, sizeof (struct dtor_list));
new->func = func;
@@ -142,9 +146,13 @@ __call_tls_dtors (void)
while (tls_dtor_list)
{
struct dtor_list *cur = tls_dtor_list;
+ dtor_func func = cur->func;
+#ifdef PTR_DEMANGLE
+ PTR_DEMANGLE (func);
+#endif
tls_dtor_list = tls_dtor_list->next;
- cur->func (cur->obj);
+ func (cur->obj);
/* Ensure that the MAP dereference happens before
l_tls_dtor_count decrement. That way, we protect this access from a
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0030-PowerPC-Fix-a-race-condition-when-eliding-a-lock.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0030-PowerPC-Fix-a-race-condition-when-eliding-a-lock.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0030-PowerPC-Fix-a-race-condition-when-eliding-a-lock.patch?rev=1.1&content-type=text/plain
Index: 00_all_0030-PowerPC-Fix-a-race-condition-when-eliding-a-lock.patch
===================================================================
>From b4f19537f9d26dbf95bd2e7d9c056400ad1b5723 Mon Sep 17 00:00:00 2001
From: Tulio Magno Quites Machado Filho <[email protected]>
Date: Wed, 22 Jul 2015 09:26:02 -0300
Subject: [PATCH] PowerPC: Fix a race condition when eliding a lock
The previous code used to evaluate the preprocessor token is_lock_free to
a variable before starting a transaction. This behavior can cause an
error if another thread got the lock (without using a transaction)
between the evaluation of the token and the beginning of the transaction.
This bug can be triggered with the following order of events:
1. The lock accessed by is_lock_free is free.
2. Thread T1 evaluates is_lock_free and stores into register R1 that the
lock is free.
3. Thread T2 acquires the same lock used in is_lock_free.
4. T1 begins the transaction, creating a memory barrier where is_lock_free
is false, but R1 is true.
5. T1 reads R1 and doesn't abort the transaction.
6. T1 calls ELIDE_UNLOCK, which reads false from is_lock_free and decides
to unlock a lock acquired by T2, leading to undefined behavior.
This patch delays the evaluation of is_lock_free to inside a transaction
by moving this part of the code to the macro ELIDE_LOCK.
[BZ #18743]
* sysdeps/powerpc/nptl/elide.h (__elide_lock): Move most of this
code to...
(ELIDE_LOCK): ...here.
(__get_new_count): New function with part of the code from
__elide_lock that updates the value of adapt_count after a
transaction abort.
(__elided_trylock): Moved this code to...
(ELIDE_TRYLOCK): ...here.
(cherry picked from commit 6ec52bf634b7650b57ff67b5f5053bce8992d549)
(cherry picked from commit 5b319ce2949cf6fb97862ff81558944f76c704f1)
---
sysdeps/powerpc/nptl/elide.h | 115 ++++++++++++++++++++++++-------------------
1 file changed, 63 insertions(+), 52 deletions(-)
diff --git a/sysdeps/powerpc/nptl/elide.h b/sysdeps/powerpc/nptl/elide.h
index 389f5a5..12171f4 100644
--- a/sysdeps/powerpc/nptl/elide.h
+++ b/sysdeps/powerpc/nptl/elide.h
@@ -23,67 +23,78 @@
# include <htm.h>
# include <elision-conf.h>
-/* Returns true if the lock defined by is_lock_free as elided.
- ADAPT_COUNT is a pointer to per-lock state variable. */
-
+/* Get the new value of adapt_count according to the elision
+ configurations. Returns true if the system should retry again or false
+ otherwise. */
static inline bool
-__elide_lock (uint8_t *adapt_count, int is_lock_free)
+__get_new_count (uint8_t *adapt_count)
{
- if (*adapt_count > 0)
+ /* A persistent failure indicates that a retry will probably
+ result in another failure. Use normal locking now and
+ for the next couple of calls. */
+ if (_TEXASRU_FAILURE_PERSISTENT (__builtin_get_texasru ()))
{
- (*adapt_count)--;
+ if (__elision_aconf.skip_lock_internal_abort > 0)
+ *adapt_count = __elision_aconf.skip_lock_internal_abort;
return false;
}
-
- for (int i = __elision_aconf.try_tbegin; i > 0; i--)
- {
- if (__builtin_tbegin (0))
- {
- if (is_lock_free)
- return true;
- /* Lock was busy. */
- __builtin_tabort (_ABORT_LOCK_BUSY);
- }
- else
- {
- /* A persistent failure indicates that a retry will probably
- result in another failure. Use normal locking now and
- for the next couple of calls. */
- if (_TEXASRU_FAILURE_PERSISTENT (__builtin_get_texasru ()))
- {
- if (__elision_aconf.skip_lock_internal_abort > 0)
- *adapt_count = __elision_aconf.skip_lock_internal_abort;
- break;
- }
- /* Same logic as above, but for a number of temporary failures in a
- a row. */
- else if (__elision_aconf.skip_lock_out_of_tbegin_retries > 0
- && __elision_aconf.try_tbegin > 0)
- *adapt_count = __elision_aconf.skip_lock_out_of_tbegin_retries;
- }
- }
-
- return false;
+ /* Same logic as above, but for a number of temporary failures in a
+ a row. */
+ else if (__elision_aconf.skip_lock_out_of_tbegin_retries > 0
+ && __elision_aconf.try_tbegin > 0)
+ *adapt_count = __elision_aconf.skip_lock_out_of_tbegin_retries;
+ return true;
}
-# define ELIDE_LOCK(adapt_count, is_lock_free) \
- __elide_lock (&(adapt_count), is_lock_free)
-
-
-static inline bool
-__elide_trylock (uint8_t *adapt_count, int is_lock_free, int write)
-{
- if (__elision_aconf.try_tbegin > 0)
- {
- if (write)
- __builtin_tabort (_ABORT_NESTED_TRYLOCK);
- return __elide_lock (adapt_count, is_lock_free);
- }
- return false;
-}
+/* CONCURRENCY NOTES:
+
+ The evaluation of the macro expression is_lock_free encompasses one or
+ more loads from memory locations that are concurrently modified by other
+ threads. For lock elision to work, this evaluation and the rest of the
+ critical section protected by the lock must be atomic because an
+ execution with lock elision must be equivalent to an execution in which
+ the lock would have been actually acquired and released. Therefore, we
+ evaluate is_lock_free inside of the transaction that represents the
+ critical section for which we want to use lock elision, which ensures
+ the atomicity that we require. */
+
+/* Returns 0 if the lock defined by is_lock_free was elided.
+ ADAPT_COUNT is a per-lock state variable. */
+# define ELIDE_LOCK(adapt_count, is_lock_free) \
+ ({ \
+ int ret = 0; \
+ if (adapt_count > 0) \
+ (adapt_count)--; \
+ else \
+ for (int i = __elision_aconf.try_tbegin; i > 0; i--) \
+ { \
+ if (__builtin_tbegin (0)) \
+ { \
+ if (is_lock_free) \
+ { \
+ ret = 1; \
+ break; \
+ } \
+ __builtin_tabort (_ABORT_LOCK_BUSY); \
+ } \
+ else \
+ if (!__get_new_count(&adapt_count)) \
+ break; \
+ } \
+ ret; \
+ })
# define ELIDE_TRYLOCK(adapt_count, is_lock_free, write) \
- __elide_trylock (&(adapt_count), is_lock_free, write)
+ ({ \
+ int ret = 0; \
+ if (__elision_aconf.try_tbegin > 0) \
+ { \
+ if (write) \
+ __builtin_tabort (_ABORT_NESTED_TRYLOCK); \
+ ret = ELIDE_LOCK (adapt_count, is_lock_free); \
+ } \
+ ret; \
+ })
static inline bool
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0031-Keep-only-ELF_RTYPE_CLASS_-PLT-COPY-bits-for-prelink.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0031-Keep-only-ELF_RTYPE_CLASS_-PLT-COPY-bits-for-prelink.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0031-Keep-only-ELF_RTYPE_CLASS_-PLT-COPY-bits-for-prelink.patch?rev=1.1&content-type=text/plain
Index: 00_all_0031-Keep-only-ELF_RTYPE_CLASS_-PLT-COPY-bits-for-prelink.patch
===================================================================
>From fb3642bf3c7743da1928d01525d912ca979b468e Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <[email protected]>
Date: Sat, 7 Nov 2015 06:32:30 -0800
Subject: [PATCH] Keep only ELF_RTYPE_CLASS_{PLT|COPY} bits for prelink
prelink runs ld.so with the environment variable LD_TRACE_PRELINKING
set to dump the relocation type class from _dl_debug_bindings. prelink
has the following relocation type classes:
#define RTYPE_CLASS_VALID 8
#define RTYPE_CLASS_PLT (8|1)
#define RTYPE_CLASS_COPY (8|2)
#define RTYPE_CLASS_TLS (8|4)
where ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA has a conflict with
RTYPE_CLASS_TLS.
Since prelink only uses ELF_RTYPE_CLASS_PLT and ELF_RTYPE_CLASS_COPY
bits, we should clear the other bits when the DL_DEBUG_PRELINK bit is
set.
[BZ #19178]
* elf/dl-lookup.c (RTYPE_CLASS_VALID): New.
(RTYPE_CLASS_PLT): Likewise.
(RTYPE_CLASS_COPY): Likewise.
(RTYPE_CLASS_TLS): Likewise.
(_dl_debug_bindings): Use RTYPE_CLASS_TLS and RTYPE_CLASS_VALID
to set relocation type class for DL_DEBUG_PRELINK. Keep only
ELF_RTYPE_CLASS_PLT and ELF_RTYPE_CLASS_COPY bits for
DL_DEBUG_PRELINK.
(cherry picked from commit f3d18efb8a720121066dc3401e822043beb98cde)
(cherry picked from commit 387011e0b6f9cbefd26691f0df8ce76bb7ddfa03)
---
elf/dl-lookup.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/elf/dl-lookup.c b/elf/dl-lookup.c
index 11cb44b..acf5280 100644
--- a/elf/dl-lookup.c
+++ b/elf/dl-lookup.c
@@ -1016,6 +1016,18 @@ _dl_debug_bindings (const char *undef_name, struct
link_map *undef_map,
#ifdef SHARED
if (GLRO(dl_debug_mask) & DL_DEBUG_PRELINK)
{
+/* ELF_RTYPE_CLASS_XXX must match RTYPE_CLASS_XXX used by prelink with
+ LD_TRACE_PRELINKING. */
+#define RTYPE_CLASS_VALID 8
+#define RTYPE_CLASS_PLT (8|1)
+#define RTYPE_CLASS_COPY (8|2)
+#define RTYPE_CLASS_TLS (8|4)
+#if ELF_RTYPE_CLASS_PLT != 0 && ELF_RTYPE_CLASS_PLT != 1
+# error ELF_RTYPE_CLASS_PLT must be 0 or 1!
+#endif
+#if ELF_RTYPE_CLASS_COPY != 0 && ELF_RTYPE_CLASS_COPY != 2
+# error ELF_RTYPE_CLASS_COPY must be 0 or 2!
+#endif
int conflict = 0;
struct sym_val val = { NULL, NULL };
@@ -1071,12 +1083,17 @@ _dl_debug_bindings (const char *undef_name, struct
link_map *undef_map,
if (value->s)
{
+ /* Keep only ELF_RTYPE_CLASS_PLT and ELF_RTYPE_CLASS_COPY
+ bits since since prelink only uses them. */
+ type_class &= ELF_RTYPE_CLASS_PLT | ELF_RTYPE_CLASS_COPY;
if (__glibc_unlikely (ELFW(ST_TYPE) (value->s->st_info)
== STT_TLS))
- type_class = 4;
+ /* Clear the RTYPE_CLASS_VALID bit in RTYPE_CLASS_TLS. */
+ type_class = RTYPE_CLASS_TLS & ~RTYPE_CLASS_VALID;
else if (__glibc_unlikely (ELFW(ST_TYPE) (value->s->st_info)
== STT_GNU_IFUNC))
- type_class |= 8;
+ /* Set the RTYPE_CLASS_VALID bit. */
+ type_class |= RTYPE_CLASS_VALID;
}
if (conflict
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0032-Better-workaround-for-aliases-of-_finite-symbols-in-.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0032-Better-workaround-for-aliases-of-_finite-symbols-in-.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0032-Better-workaround-for-aliases-of-_finite-symbols-in-.patch?rev=1.1&content-type=text/plain
Index: 00_all_0032-Better-workaround-for-aliases-of-_finite-symbols-in-.patch
===================================================================
>From 65402b410d9c0f3b85749a6d771d27f783026da1 Mon Sep 17 00:00:00 2001
From: Andrew Senkevich <[email protected]>
Date: Fri, 27 Nov 2015 17:30:04 +0300
Subject: [PATCH] Better workaround for aliases of *_finite symbols in vector
math library.
Old workaround based on assembly aliases can lead to link fail (bug 19058).
This patch makes workaround in another way to avoid it.
[BZ #19058]
* math/Makefile ($(inst_libdir)/libm.so): Added libmvec_nonshared.a
to AS_NEEDED.
* sysdeps/x86/fpu/bits/math-vector.h: Removed code with old workaround.
* sysdeps/x86_64/fpu/Makefile (libmvec-support,
libmvec-static-only-routines): Added new file.
* sysdeps/x86_64/fpu/svml_finite_alias.S: New file.
* NEWS: Mention this fix.
(cherry picked from commit 060f8dbd0ca6eb17d20442dc4df72c2a707bdf86)
---
math/Makefile | 2 +-
sysdeps/x86/fpu/bits/math-vector.h | 29 -----------------
sysdeps/x86_64/fpu/Makefile | 5 ++-
sysdeps/x86_64/fpu/svml_finite_alias.S | 59 ++++++++++++++++++++++++++++++++++
4 files changed, 64 insertions(+), 31 deletions(-)
create mode 100644 sysdeps/x86_64/fpu/svml_finite_alias.S
diff --git a/math/Makefile b/math/Makefile
index 6388bae..76f99fb 100644
--- a/math/Makefile
+++ b/math/Makefile
@@ -98,7 +98,7 @@ $(inst_libdir)/libm.so: $(common-objpfx)format.lds \
(echo '/* GNU ld script'; echo '*/';\
cat $<; \
echo 'GROUP ( $(slibdir)/libm.so$(libm.so-version) ' \
- 'AS_NEEDED ( $(slibdir)/libmvec.so$(libmvec.so-version) ) )' \
+ 'AS_NEEDED ( $(slibdir)/libmvec_nonshared.a
$(slibdir)/libmvec.so$(libmvec.so-version) ) )' \
) > $@
endif
diff --git a/sysdeps/x86/fpu/bits/math-vector.h
b/sysdeps/x86/fpu/bits/math-vector.h
index f9e798b..f3bfb86 100644
--- a/sysdeps/x86/fpu/bits/math-vector.h
+++ b/sysdeps/x86/fpu/bits/math-vector.h
@@ -53,34 +53,5 @@
# undef __DECL_SIMD_powf
# define __DECL_SIMD_powf __DECL_SIMD_x86_64
-/* Workaround to exclude unnecessary symbol aliases in libmvec
- while GCC creates the vector names based on scalar asm name.
- Corresponding discussion started at
- <https://gcc.gnu.org/ml/gcc/2015-06/msg00173.html>. */
-__asm__ ("_ZGVbN2v___log_finite = _ZGVbN2v_log");
-__asm__ ("_ZGVcN4v___log_finite = _ZGVcN4v_log");
-__asm__ ("_ZGVdN4v___log_finite = _ZGVdN4v_log");
-__asm__ ("_ZGVeN8v___log_finite = _ZGVeN8v_log");
-__asm__ ("_ZGVbN4v___logf_finite = _ZGVbN4v_logf");
-__asm__ ("_ZGVcN8v___logf_finite = _ZGVcN8v_logf");
-__asm__ ("_ZGVdN8v___logf_finite = _ZGVdN8v_logf");
-__asm__ ("_ZGVeN16v___logf_finite = _ZGVeN16v_logf");
-__asm__ ("_ZGVbN2v___exp_finite = _ZGVbN2v_exp");
-__asm__ ("_ZGVcN4v___exp_finite = _ZGVcN4v_exp");
-__asm__ ("_ZGVdN4v___exp_finite = _ZGVdN4v_exp");
-__asm__ ("_ZGVeN8v___exp_finite = _ZGVeN8v_exp");
-__asm__ ("_ZGVbN4v___expf_finite = _ZGVbN4v_expf");
-__asm__ ("_ZGVcN8v___expf_finite = _ZGVcN8v_expf");
-__asm__ ("_ZGVdN8v___expf_finite = _ZGVdN8v_expf");
-__asm__ ("_ZGVeN16v___expf_finite = _ZGVeN16v_expf");
-__asm__ ("_ZGVbN2vv___pow_finite = _ZGVbN2vv_pow");
-__asm__ ("_ZGVcN4vv___pow_finite = _ZGVcN4vv_pow");
-__asm__ ("_ZGVdN4vv___pow_finite = _ZGVdN4vv_pow");
-__asm__ ("_ZGVeN8vv___pow_finite = _ZGVeN8vv_pow");
-__asm__ ("_ZGVbN4vv___powf_finite = _ZGVbN4vv_powf");
-__asm__ ("_ZGVcN8vv___powf_finite = _ZGVcN8vv_powf");
-__asm__ ("_ZGVdN8vv___powf_finite = _ZGVdN8vv_powf");
-__asm__ ("_ZGVeN16vv___powf_finite = _ZGVeN16vv_powf");
-
# endif
#endif
diff --git a/sysdeps/x86_64/fpu/Makefile b/sysdeps/x86_64/fpu/Makefile
index 1ebe511..b32b852 100644
--- a/sysdeps/x86_64/fpu/Makefile
+++ b/sysdeps/x86_64/fpu/Makefile
@@ -20,7 +20,10 @@ libmvec-support += svml_d_cos2_core svml_d_cos4_core_avx \
svml_d_pow_data svml_s_powf4_core svml_s_powf8_core_avx \
svml_s_powf8_core svml_s_powf16_core svml_s_powf_data \
svml_s_sincosf4_core svml_s_sincosf8_core_avx \
- svml_s_sincosf8_core svml_s_sincosf16_core init-arch
+ svml_s_sincosf8_core svml_s_sincosf16_core init-arch \
+ svml_finite_alias
+
+libmvec-static-only-routines = svml_finite_alias
endif
# Variables for libmvec tests.
diff --git a/sysdeps/x86_64/fpu/svml_finite_alias.S
b/sysdeps/x86_64/fpu/svml_finite_alias.S
new file mode 100644
index 0000000..f8bcfeb
--- /dev/null
+++ b/sysdeps/x86_64/fpu/svml_finite_alias.S
@@ -0,0 +1,59 @@
+/* These aliases added as workaround to exclude unnecessary symbol
+ aliases in libmvec.so while compiler creates the vector names
+ based on scalar asm name. Corresponding discussion is at
+ <https://gcc.gnu.org/ml/gcc/2015-06/msg00173.html>.
+ Copyright (C) 2015 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <sysdep.h>
+
+#define ALIAS_IMPL(alias, target) \
+ENTRY (alias); \
+ call target; \
+ ret; \
+END (alias)
+
+ .text
+ALIAS_IMPL (_ZGVbN2v___log_finite, _ZGVbN2v_log)
+ALIAS_IMPL (_ZGVcN4v___log_finite, _ZGVcN4v_log)
+ALIAS_IMPL (_ZGVdN4v___log_finite, _ZGVdN4v_log)
+ALIAS_IMPL (_ZGVeN8v___log_finite, _ZGVeN8v_log)
+
+ALIAS_IMPL (_ZGVbN4v___logf_finite, _ZGVbN4v_logf)
+ALIAS_IMPL (_ZGVcN8v___logf_finite, _ZGVcN8v_logf)
+ALIAS_IMPL (_ZGVdN8v___logf_finite, _ZGVdN8v_logf)
+ALIAS_IMPL (_ZGVeN16v___logf_finite, _ZGVeN16v_logf)
+
+ALIAS_IMPL (_ZGVbN2v___exp_finite, _ZGVbN2v_exp)
+ALIAS_IMPL (_ZGVcN4v___exp_finite, _ZGVcN4v_exp)
+ALIAS_IMPL (_ZGVdN4v___exp_finite, _ZGVdN4v_exp)
+ALIAS_IMPL (_ZGVeN8v___exp_finite, _ZGVeN8v_exp)
+
+ALIAS_IMPL (_ZGVbN4v___expf_finite, _ZGVbN4v_expf)
+ALIAS_IMPL (_ZGVcN8v___expf_finite, _ZGVcN8v_expf)
+ALIAS_IMPL (_ZGVdN8v___expf_finite, _ZGVdN8v_expf)
+ALIAS_IMPL (_ZGVeN16v___expf_finite, _ZGVeN16v_expf)
+
+ALIAS_IMPL (_ZGVbN2vv___pow_finite, _ZGVbN2vv_pow)
+ALIAS_IMPL (_ZGVcN4vv___pow_finite, _ZGVcN4vv_pow)
+ALIAS_IMPL (_ZGVdN4vv___pow_finite, _ZGVdN4vv_pow)
+ALIAS_IMPL (_ZGVeN8vv___pow_finite, _ZGVeN8vv_pow)
+
+ALIAS_IMPL (_ZGVbN4vv___powf_finite, _ZGVbN4vv_powf)
+ALIAS_IMPL (_ZGVcN8vv___powf_finite, _ZGVcN8vv_powf)
+ALIAS_IMPL (_ZGVdN8vv___powf_finite, _ZGVdN8vv_powf)
+ALIAS_IMPL (_ZGVeN16vv___powf_finite, _ZGVeN16vv_powf)
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0033-Corrected-path-to-installed-libmvec_nonshared.a.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0033-Corrected-path-to-installed-libmvec_nonshared.a.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0033-Corrected-path-to-installed-libmvec_nonshared.a.patch?rev=1.1&content-type=text/plain
Index: 00_all_0033-Corrected-path-to-installed-libmvec_nonshared.a.patch
===================================================================
>From b84ee767b4303b77a5a284b2d03f56c98d89263c Mon Sep 17 00:00:00 2001
From: Andrew Senkevich <[email protected]>
Date: Thu, 3 Dec 2015 20:54:52 +0300
Subject: [PATCH] Corrected path to installed libmvec_nonshared.a
* math/Makefile ($(inst_libdir)/libm.so): Corrected path to
libmvec_nonshared.a
(cherry picked from commit 13ff0739fdca293adab02b9f4fe78395de251086)
---
math/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/math/Makefile b/math/Makefile
index 76f99fb..2c9d72d 100644
--- a/math/Makefile
+++ b/math/Makefile
@@ -98,7 +98,7 @@ $(inst_libdir)/libm.so: $(common-objpfx)format.lds \
(echo '/* GNU ld script'; echo '*/';\
cat $<; \
echo 'GROUP ( $(slibdir)/libm.so$(libm.so-version) ' \
- 'AS_NEEDED ( $(slibdir)/libmvec_nonshared.a
$(slibdir)/libmvec.so$(libmvec.so-version) ) )' \
+ 'AS_NEEDED ( $(libdir)/libmvec_nonshared.a
$(slibdir)/libmvec.so$(libmvec.so-version) ) )' \
) > $@
endif
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0034-powerpc-Fix-usage-of-elision-transient-failure-adapt.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0034-powerpc-Fix-usage-of-elision-transient-failure-adapt.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0034-powerpc-Fix-usage-of-elision-transient-failure-adapt.patch?rev=1.1&content-type=text/plain
Index: 00_all_0034-powerpc-Fix-usage-of-elision-transient-failure-adapt.patch
===================================================================
>From 23f12d0a815e55ab60a0e6d973fc3f4730ca6980 Mon Sep 17 00:00:00 2001
From: Paul Murphy <[email protected]>
Date: Thu, 27 Aug 2015 09:48:04 -0500
Subject: [PATCH] powerpc: Fix usage of elision transient failure adapt param
The skip_lock_out_of_tbegin_retries adaptive parameter was
not being used correctly, nor as described. This prevents
a fallback for all users of the lock if a transient abort
occurs within the accepted number of retries.
[BZ #19174]
* sysdeps/powerpc/nptl/elide.h (__elide_lock): Fix usage of
.skip_lock_out_of_tbegin_retries.
* sysdeps/unix/sysv/linux/powerpc/elision-lock.c
(__lll_lock_elision): Likewise, and respect a value of
try_tbegin <= 0.
(cherry picked from commit 72f1463df85a522bfd1568e47bd81371522ee358)
Conflicts:
NEWS
(cherry picked from commit cd51b1424477652cccdb83e7a95644d198fd4513)
---
sysdeps/powerpc/nptl/elide.h | 6 +++---
sysdeps/unix/sysv/linux/powerpc/elision-lock.c | 15 ++++++---------
2 files changed, 9 insertions(+), 12 deletions(-)
diff --git a/sysdeps/powerpc/nptl/elide.h b/sysdeps/powerpc/nptl/elide.h
index 12171f4..2e1e443 100644
--- a/sysdeps/powerpc/nptl/elide.h
+++ b/sysdeps/powerpc/nptl/elide.h
@@ -27,7 +27,7 @@
configurations. Returns true if the system should retry again or false
otherwise. */
static inline bool
-__get_new_count (uint8_t *adapt_count)
+__get_new_count (uint8_t *adapt_count, int attempt)
{
/* A persistent failure indicates that a retry will probably
result in another failure. Use normal locking now and
@@ -40,7 +40,7 @@ __get_new_count (uint8_t *adapt_count)
}
/* Same logic as above, but for a number of temporary failures in a
a row. */
- else if (__elision_aconf.skip_lock_out_of_tbegin_retries > 0
+ else if (attempt <= 1 && __elision_aconf.skip_lock_out_of_tbegin_retries > 0
&& __elision_aconf.try_tbegin > 0)
*adapt_count = __elision_aconf.skip_lock_out_of_tbegin_retries;
return true;
@@ -78,7 +78,7 @@ __get_new_count (uint8_t *adapt_count)
__builtin_tabort (_ABORT_LOCK_BUSY); \
} \
else \
- if (!__get_new_count(&adapt_count)) \
+ if (!__get_new_count (&adapt_count,i)) \
break; \
} \
ret; \
diff --git a/sysdeps/unix/sysv/linux/powerpc/elision-lock.c
b/sysdeps/unix/sysv/linux/powerpc/elision-lock.c
index 7f9bcc2..c6731ca 100644
--- a/sysdeps/unix/sysv/linux/powerpc/elision-lock.c
+++ b/sysdeps/unix/sysv/linux/powerpc/elision-lock.c
@@ -72,8 +72,7 @@ __lll_lock_elision (int *lock, short *adapt_count, EXTRAARG
int pshared)
goto use_lock;
}
- int try_begin = aconf.try_tbegin;
- while (1)
+ for (int i = aconf.try_tbegin; i > 0; i--)
{
if (__builtin_tbegin (0))
{
@@ -87,21 +86,19 @@ __lll_lock_elision (int *lock, short *adapt_count, EXTRAARG
int pshared)
/* A persistent failure indicates that a retry will probably
result in another failure. Use normal locking now and
for the next couple of calls. */
- if (try_begin-- <= 0
- || _TEXASRU_FAILURE_PERSISTENT (__builtin_get_texasru ()))
+ if (_TEXASRU_FAILURE_PERSISTENT (__builtin_get_texasru ()))
{
if (aconf.skip_lock_internal_abort > 0)
*adapt_count = aconf.skip_lock_internal_abort;
goto use_lock;
}
- /* Same logic as above, but for for a number of temporary failures
- in a row. */
- else if (aconf.skip_lock_out_of_tbegin_retries > 0
- && aconf.try_tbegin > 0)
- *adapt_count = aconf.skip_lock_out_of_tbegin_retries;
}
}
+ /* Fall back to locks for a bit if retries have been exhausted */
+ if (aconf.try_tbegin > 0 && aconf.skip_lock_out_of_tbegin_retries > 0)
+ *adapt_count = aconf.skip_lock_out_of_tbegin_retries;
+
use_lock:
return LLL_LOCK ((*lock), pshared);
}
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0035-alpha-hppa-fix-libc.abilist-sorting-wrt-fmemopen.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0035-alpha-hppa-fix-libc.abilist-sorting-wrt-fmemopen.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0035-alpha-hppa-fix-libc.abilist-sorting-wrt-fmemopen.patch?rev=1.1&content-type=text/plain
Index: 00_all_0035-alpha-hppa-fix-libc.abilist-sorting-wrt-fmemopen.patch
===================================================================
>From 5b4ed59d74ed8ff011fc9a7a08c27d616b7fe528 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <[email protected]>
Date: Mon, 7 Dec 2015 15:40:01 +0100
Subject: [PATCH] alpha/hppa: fix libc.abilist sorting wrt fmemopen
Commit fdb7d390 introduced the fmemopen symbol at the wrong location
in alpha/libc.abilist and hppa/libc.abilist. The file needs to keep
sorted, fix that.
Note: this is for 2.22 only, for master the format has been changed in
commit 8c77b6ad.
* sysdeps/unix/sysv/linux/alpha/libc.abilist [GLIBC_2.22]: Move
to keep the file sorted.
* sysdeps/unix/sysv/linux/hppa/libc.abilist [GLIBC_2.22]: Likewise.
(cherry picked from commit 3b54d911809643fb6a293807333b7f2cf15a3b50)
---
sysdeps/unix/sysv/linux/alpha/libc.abilist | 6 +++---
sysdeps/unix/sysv/linux/hppa/libc.abilist | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/alpha/libc.abilist
b/sysdeps/unix/sysv/linux/alpha/libc.abilist
index 58c8b32..aa20e22 100644
--- a/sysdeps/unix/sysv/linux/alpha/libc.abilist
+++ b/sysdeps/unix/sysv/linux/alpha/libc.abilist
@@ -1822,9 +1822,6 @@ GLIBC_2.17
GLIBC_2.18
GLIBC_2.18 A
__cxa_thread_atexit_impl F
-GLIBC_2.22
- GLIBC_2.22 A
- fmemopen F
GLIBC_2.2
GLIBC_2.2 A
_IO_adjust_wcolumn F
@@ -2015,6 +2012,9 @@ GLIBC_2.2.4
GLIBC_2.2.6
GLIBC_2.2.6 A
__nanosleep F
+GLIBC_2.22
+ GLIBC_2.22 A
+ fmemopen F
GLIBC_2.3
GLIBC_2.3 A
__ctype_b_loc F
diff --git a/sysdeps/unix/sysv/linux/hppa/libc.abilist
b/sysdeps/unix/sysv/linux/hppa/libc.abilist
index cf0ad90..224e1f3 100644
--- a/sysdeps/unix/sysv/linux/hppa/libc.abilist
+++ b/sysdeps/unix/sysv/linux/hppa/libc.abilist
@@ -95,9 +95,6 @@ GLIBC_2.18
GLIBC_2.19
GLIBC_2.19 A
fanotify_mark F
-GLIBC_2.22
- GLIBC_2.22 A
- fmemopen F
GLIBC_2.2
GLIBC_2.2 A
_Exit F
@@ -1863,6 +1860,9 @@ GLIBC_2.2.4
GLIBC_2.2.6
GLIBC_2.2.6 A
__nanosleep F
+GLIBC_2.22
+ GLIBC_2.22 A
+ fmemopen F
GLIBC_2.3
GLIBC_2.3 A
__ctype_b_loc F
--
2.6.2
1.1 src/patchsets/glibc/2.22/00_all_0036-Fix-BZ-17905.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0036-Fix-BZ-17905.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0036-Fix-BZ-17905.patch?rev=1.1&content-type=text/plain
Index: 00_all_0036-Fix-BZ-17905.patch
===================================================================
>From 3df131efebaf00ee70841d0a31ebd94bcf75f0d1 Mon Sep 17 00:00:00 2001
From: Paul Pluzhnikov <[email protected]>
Date: Sat, 8 Aug 2015 15:53:03 -0700
Subject: [PATCH] Fix BZ #17905
(cherry picked from commit 0f58539030e436449f79189b6edab17d7479796e)
(cherry picked from commit 0c5f5b233964aa97d1aa470488a1731c022ff615)
---
catgets/Makefile | 9 ++++++++-
catgets/catgets.c | 19 ++++++++++++-------
catgets/open_catalog.c | 23 ++++++++++++++---------
catgets/tst-catgets.c | 31 +++++++++++++++++++++++++++++++
4 files changed, 65 insertions(+), 17 deletions(-)
diff --git a/catgets/Makefile b/catgets/Makefile
index 4624a88..56de38b 100644
--- a/catgets/Makefile
+++ b/catgets/Makefile
@@ -34,6 +34,7 @@ test-srcs = test-gencat
ifeq ($(run-built-tests),yes)
tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \
$(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out
+tests-special += $(objpfx)tst-catgets-mem.out
endif
gencat-modules = xmalloc
@@ -50,9 +51,11 @@ catgets-CPPFLAGS :=
-DNLSPATH='"$(msgcatdir)/%L/%N:$(msgcatdir)/%L/LC_MESSAGES/%
generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \
test-gencat.h
+generated += tst-catgets.mtrace tst-catgets-mem.out
+
generated-dirs += de
-tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
+tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
MALLOC_TRACE=$(objpfx)tst-catgets.mtrace
ifeq ($(run-built-tests),yes)
# This test just checks whether the program produces any error or not.
@@ -86,4 +89,8 @@ $(objpfx)test-gencat.out: test-gencat.sh $(objpfx)test-gencat
\
$(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat
$(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \
$(evaluate-test)
+
+$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out
+ $(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \
+ $(evaluate-test)
endif
diff --git a/catgets/catgets.c b/catgets/catgets.c
index cf93d56..4be452d 100644
--- a/catgets/catgets.c
+++ b/catgets/catgets.c
@@ -16,7 +16,6 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
-#include <alloca.h>
#include <errno.h>
#include <locale.h>
#include <nl_types.h>
@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag)
__nl_catd result;
const char *env_var = NULL;
const char *nlspath = NULL;
+ char *tmp = NULL;
if (strchr (cat_name, '/') == NULL)
{
@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag)
{
/* Append the system dependent directory. */
size_t len = strlen (nlspath) + 1 + sizeof NLSPATH;
- char *tmp = alloca (len);
+ tmp = malloc (len);
+
+ if (__glibc_unlikely (tmp == NULL))
+ return (nl_catd) -1;
__stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH);
nlspath = tmp;
@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag)
result = (__nl_catd) malloc (sizeof (*result));
if (result == NULL)
- /* We cannot get enough memory. */
- return (nl_catd) -1;
-
- if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
+ {
+ /* We cannot get enough memory. */
+ result = (nl_catd) -1;
+ }
+ else if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
{
/* Couldn't open the file. */
free ((void *) result);
- return (nl_catd) -1;
+ result = (nl_catd) -1;
}
+ free (tmp);
return (nl_catd) result;
}
diff --git a/catgets/open_catalog.c b/catgets/open_catalog.c
index e069416..9f4d776 100644
--- a/catgets/open_catalog.c
+++ b/catgets/open_catalog.c
@@ -47,6 +47,7 @@ __open_catalog (const char *cat_name, const char *nlspath,
const char *env_var,
size_t tab_size;
const char *lastp;
int result = -1;
+ char *buf = NULL;
if (strchr (cat_name, '/') != NULL || nlspath == NULL)
fd = open_not_cancel_2 (cat_name, O_RDONLY);
@@ -57,23 +58,23 @@ __open_catalog (const char *cat_name, const char *nlspath,
const char *env_var,
if (__glibc_unlikely (bufact + (n) >= bufmax)) \
{ \
char *old_buf = buf; \
- bufmax += 256 + (n); \
- buf = (char *) alloca (bufmax); \
- memcpy (buf, old_buf, bufact); \
+ bufmax += (bufmax < 256 + (n)) ? 256 + (n) : bufmax; \
+ buf = realloc (buf, bufmax); \
+ if (__glibc_unlikely (buf == NULL)) \
+ { \
+ free (old_buf); \
+ return -1; \
+ } \
}
/* The RUN_NLSPATH variable contains a colon separated list of
descriptions where we expect to find catalogs. We have to
recognize certain % substitutions and stop when we found the
first existing file. */
- char *buf;
size_t bufact;
- size_t bufmax;
+ size_t bufmax = 0;
size_t len;
- buf = NULL;
- bufmax = 0;
-
fd = -1;
while (*run_nlspath != '\0')
{
@@ -188,7 +189,10 @@ __open_catalog (const char *cat_name, const char *nlspath,
const char *env_var,
/* Avoid dealing with directories and block devices */
if (__builtin_expect (fd, 0) < 0)
- return -1;
+ {
+ free (buf);
+ return -1;
+ }
if (__builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) < 0)
goto close_unlock_return;
@@ -325,6 +329,7 @@ __open_catalog (const char *cat_name, const char *nlspath,
const char *env_var,
/* Release the lock again. */
close_unlock_return:
close_not_cancel_no_status (fd);
+ free (buf);
return result;
}
diff --git a/catgets/tst-catgets.c b/catgets/tst-catgets.c
index a0a4089..140de72 100644
--- a/catgets/tst-catgets.c
+++ b/catgets/tst-catgets.c
@@ -1,7 +1,10 @@
+#include <assert.h>
#include <mcheck.h>
#include <nl_types.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
+#include <sys/resource.h>
static const char *msgs[] =
@@ -12,6 +15,33 @@ static const char *msgs[] =
};
#define nmsgs (sizeof (msgs) / sizeof (msgs[0]))
+
+/* Test for unbounded alloca. */
+static int
+do_bz17905 (void)
+{
+ char *buf;
+ struct rlimit rl;
+ nl_catd result;
+
+ const int sz = 1024 * 1024;
+
+ getrlimit (RLIMIT_STACK, &rl);
+ rl.rlim_cur = sz;
+ setrlimit (RLIMIT_STACK, &rl);
+
+ buf = malloc (sz + 1);
+ memset (buf, 'A', sz);
+ buf[sz] = '\0';
+ setenv ("NLSPATH", buf, 1);
+
+ result = catopen (buf, NL_CAT_LOCALE);
+ assert (result == (nl_catd) -1);
+
+ free (buf);
+ return 0;
+}
+
#define ROUNDS 5
static int
@@ -62,6 +92,7 @@ do_test (void)
}
}
+ result += do_bz17905 ();
return result;
}
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0037-Fix-BZ-18985-out-of-range-data-to-strftime-causes-a-.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0037-Fix-BZ-18985-out-of-range-data-to-strftime-causes-a-.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0037-Fix-BZ-18985-out-of-range-data-to-strftime-causes-a-.patch?rev=1.1&content-type=text/plain
Index: 00_all_0037-Fix-BZ-18985-out-of-range-data-to-strftime-causes-a-.patch
===================================================================
>From 11c8218f1416db2b34937b2e98d848a6e5b9bf83 Mon Sep 17 00:00:00 2001
From: Paul Pluzhnikov <[email protected]>
Date: Sat, 26 Sep 2015 13:27:48 -0700
Subject: [PATCH] Fix BZ #18985 -- out of range data to strftime() causes a
segfault
(cherry picked from commit d36c75fc0d44deec29635dd239b0fbd206ca49b7)
(cherry picked from commit 7a5d3129638db8a832e2c3090d263bbc1b1b919b)
---
time/strftime_l.c | 20 +++++++++++++-------
time/tst-strftime.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 64 insertions(+), 8 deletions(-)
diff --git a/time/strftime_l.c b/time/strftime_l.c
index b48ef34..4eb647c 100644
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -510,13 +510,17 @@ __strftime_internal (s, maxsize, format, tp, tzset_called
ut_argument
only a few elements. Dereference the pointers only if the format
requires this. Then it is ok to fail if the pointers are invalid. */
# define a_wkday \
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))
+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6
\
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)))
# define f_wkday \
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))
+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6
\
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)))
# define a_month \
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))
+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)))
# define f_month \
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))
+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
+ ? "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)))
# define ampm \
((const CHAR_T *) _NL_CURRENT (LC_TIME, tp->tm_hour > 11 \
? NLW(PM_STR) : NLW(AM_STR)))
@@ -526,8 +530,10 @@ __strftime_internal (s, maxsize, format, tp, tzset_called
ut_argument
# define ap_len STRLEN (ampm)
#else
# if !HAVE_STRFTIME
-# define f_wkday (weekday_name[tp->tm_wday])
-# define f_month (month_name[tp->tm_mon])
+# define f_wkday (tp->tm_wday < 0 || tp->tm_wday > 6 \
+ ? "?" : weekday_name[tp->tm_wday])
+# define f_month (tp->tm_mon < 0 || tp->tm_mon > 11 \
+ ? "?" : month_name[tp->tm_mon])
# define a_wkday f_wkday
# define a_month f_month
# define ampm (L_("AMPM") + 2 * (tp->tm_hour > 11))
@@ -1321,7 +1327,7 @@ __strftime_internal (s, maxsize, format, tp, tzset_called
ut_argument
*tzset_called = true;
}
# endif
- zone = tzname[tp->tm_isdst];
+ zone = tp->tm_isdst <= 1 ? tzname[tp->tm_isdst] : "?";
}
#endif
if (! zone)
diff --git a/time/tst-strftime.c b/time/tst-strftime.c
index 374fba4..af3ff72 100644
--- a/time/tst-strftime.c
+++ b/time/tst-strftime.c
@@ -4,6 +4,56 @@
#include <time.h>
+static int
+do_bz18985 (void)
+{
+ char buf[1000];
+ struct tm ttm;
+ int rc, ret = 0;
+
+ memset (&ttm, 1, sizeof (ttm));
+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
+
+ if (rc == 66)
+ {
+ const char expected[]
+ = "? ? ? ? ? ? 16843009 16843009:16843009:16843009 16844909 +467836 ?";
+ if (0 != strcmp (buf, expected))
+ {
+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
+ ret += 1;
+ }
+ }
+ else
+ {
+ printf ("expected 66, got %d\n", rc);
+ ret += 1;
+ }
+
+ /* Check negative values as well. */
+ memset (&ttm, 0xFF, sizeof (ttm));
+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
+
+ if (rc == 30)
+ {
+ const char expected[] = "? ? ? ? ? ? -1 -1:-1:-1 1899 ";
+ if (0 != strcmp (buf, expected))
+ {
+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
+ ret += 1;
+ }
+ }
+ else
+ {
+ printf ("expected 30, got %d\n", rc);
+ ret += 1;
+ }
+
+ return ret;
+}
+
static struct
{
const char *fmt;
@@ -104,7 +154,7 @@ do_test (void)
}
}
- return result;
+ return result + do_bz18985 ();
}
#define TEST_FUNCTION do_test ()
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0038-Gracefully-handle-incompatible-locale-data.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0038-Gracefully-handle-incompatible-locale-data.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0038-Gracefully-handle-incompatible-locale-data.patch?rev=1.1&content-type=text/plain
Index: 00_all_0038-Gracefully-handle-incompatible-locale-data.patch
===================================================================
>From 86de23c240e7d2f778001ae1dc871ca1631d3328 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <[email protected]>
Date: Tue, 27 Oct 2015 13:33:26 +0100
Subject: [PATCH] Gracefully handle incompatible locale data
* locale/loadlocale.c (_nl_intern_locale_data): Change assertion
on CNT to a conditional jump to 'puntdata'.
(cherry picked from commit 0062ace2292effc4135c15ea99b1931fea5e0203)
(cherry picked from commit 84f80d5ea11fb3b6325c18c31ba0a6a99d5f68bb)
---
locale/loadlocale.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/locale/loadlocale.c b/locale/loadlocale.c
index fdba6e9..dcbb833 100644
--- a/locale/loadlocale.c
+++ b/locale/loadlocale.c
@@ -121,9 +121,10 @@ _nl_intern_locale_data (int category, const void *data,
size_t datasize)
switch (category)
{
#define CATTEST(cat) \
- case LC_##cat: \
- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \
- / sizeof (_nl_value_type_LC_##cat[0]))); \
+ case LC_##cat: \
+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \
+ / sizeof (_nl_value_type_LC_##cat[0]))) \
+ goto puntdata; \
break
CATTEST (NUMERIC);
CATTEST (TIME);
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0039-Handle-overflow-in-__hcreate_r.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0039-Handle-overflow-in-__hcreate_r.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0039-Handle-overflow-in-__hcreate_r.patch?rev=1.1&content-type=text/plain
Index: 00_all_0039-Handle-overflow-in-__hcreate_r.patch
===================================================================
>From fc47e2dcdde3aad31e7f33e5ba0ddabc7d32a48c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20B=C3=ADlka?= <[email protected]>
Date: Sat, 11 Jul 2015 17:44:10 +0200
Subject: [PATCH] Handle overflow in __hcreate_r
Hi,
As in bugzilla entry there is overflow in hsearch when looking for prime
number as SIZE_MAX - 1 is divisible by 5. We fix that by rejecting large
inputs before looking for prime.
* misc/hsearch_r.c (__hcreate_r): Handle overflow.
(cherry picked from commit 2f5c1750558fe64bac361f52d6827ab1bcfe52bc)
(cherry picked from commit 43f189b0032fbce67fc0c0f4e122e917cd232670)
---
misc/hsearch_r.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/misc/hsearch_r.c b/misc/hsearch_r.c
index 9f55e84..559df29 100644
--- a/misc/hsearch_r.c
+++ b/misc/hsearch_r.c
@@ -19,7 +19,7 @@
#include <errno.h>
#include <malloc.h>
#include <string.h>
-
+#include <stdint.h>
#include <search.h>
/* [Aho,Sethi,Ullman] Compilers: Principles, Techniques and Tools, 1986
@@ -73,6 +73,13 @@ __hcreate_r (nel, htab)
return 0;
}
+ if (nel >= SIZE_MAX / sizeof (_ENTRY))
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
+
/* There is still another table active. Return with error. */
if (htab->table != NULL)
return 0;
--
2.6.2
1.1
src/patchsets/glibc/2.22/00_all_0040-Improve-check-against-integer-wraparound-in-hcreate_.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0040-Improve-check-against-integer-wraparound-in-hcreate_.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0040-Improve-check-against-integer-wraparound-in-hcreate_.patch?rev=1.1&content-type=text/plain
Index: 00_all_0040-Improve-check-against-integer-wraparound-in-hcreate_.patch
===================================================================
>From 332366ec5afd3543c0e22e86bf0a851df8aa8a62 Mon Sep 17 00:00:00 2001
From: Florian Weimer <[email protected]>
Date: Thu, 28 Jan 2016 13:59:11 +0100
Subject: [PATCH] Improve check against integer wraparound in hcreate_r [BZ
#18240]
(cherry picked from commit bae7c7c764413b23e61cb099ce33be4c4ee259bb)
(cherry picked from commit 287de30e170cb765ed326d23d22791a81aab6e0f)
---
misc/Makefile | 2 +-
misc/bug18240.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
misc/hsearch_r.c | 35 +++++++++++++-------------
3 files changed, 93 insertions(+), 19 deletions(-)
create mode 100644 misc/bug18240.c
diff --git a/misc/Makefile b/misc/Makefile
index 2f5edf6..12055ce 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -77,7 +77,7 @@ gpl2lgpl := error.c error.h
tests := tst-dirname tst-tsearch tst-fdset tst-efgcvt tst-mntent tst-hsearch \
tst-error1 tst-pselect tst-insremque tst-mntent2 bug-hsearch1 \
- tst-mntent-blank-corrupt tst-mntent-blank-passno
+ tst-mntent-blank-corrupt tst-mntent-blank-passno bug18240
ifeq ($(run-built-tests),yes)
tests-special += $(objpfx)tst-error1-mem.out
endif
diff --git a/misc/bug18240.c b/misc/bug18240.c
new file mode 100644
index 0000000..4b26865
--- /dev/null
+++ b/misc/bug18240.c
@@ -0,0 +1,75 @@
+/* Test integer wraparound in hcreate.
+ Copyright (C) 2016 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <limits.h>
+#include <search.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static void
+test_size (size_t size)
+{
+ int res = hcreate (size);
+ if (res == 0)
+ {
+ if (errno == ENOMEM)
+ return;
+ printf ("error: hcreate (%zu): %m\n", size);
+ exit (1);
+ }
+ char *keys[100];
+ for (int i = 0; i < 100; ++i)
+ {
+ if (asprintf (keys + i, "%d", i) < 0)
+ {
+ printf ("error: asprintf: %m\n");
+ exit (1);
+ }
+ ENTRY e = { keys[i], (char *) "value" };
+ if (hsearch (e, ENTER) == NULL)
+ {
+ printf ("error: hsearch (\"%s\"): %m\n", keys[i]);
+ exit (1);
+ }
+ }
+ hdestroy ();
+
+ for (int i = 0; i < 100; ++i)
+ free (keys[i]);
+}
+
+static int
+do_test (void)
+{
+ test_size (500);
+ test_size (-1);
+ test_size (-3);
+ test_size (INT_MAX - 2);
+ test_size (INT_MAX - 1);
+ test_size (INT_MAX);
+ test_size (((unsigned) INT_MAX) + 1);
+ test_size (UINT_MAX - 2);
+ test_size (UINT_MAX - 1);
+ test_size (UINT_MAX);
+ return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/misc/hsearch_r.c b/misc/hsearch_r.c
index 559df29..661f0f6 100644
--- a/misc/hsearch_r.c
+++ b/misc/hsearch_r.c
@@ -46,15 +46,12 @@ static int
isprime (unsigned int number)
{
/* no even number will be passed */
- unsigned int div = 3;
-
- while (div * div < number && number % div != 0)
- div += 2;
-
- return number % div != 0;
+ for (unsigned int div = 3; div <= number / div; div += 2)
+ if (number % div == 0)
+ return 0;
+ return 1;
}
-
/* Before using the hash table we must allocate memory for it.
Test for an existing table are done. We allocate one element
more as the found prime number says. This is done for more effective
@@ -73,13 +70,6 @@ __hcreate_r (nel, htab)
return 0;
}
- if (nel >= SIZE_MAX / sizeof (_ENTRY))
- {
- __set_errno (ENOMEM);
- return 0;
- }
-
-
/* There is still another table active. Return with error. */
if (htab->table != NULL)
return 0;
@@ -88,10 +78,19 @@ __hcreate_r (nel, htab)
use will not work. */
if (nel < 3)
nel = 3;
- /* Change nel to the first prime number not smaller as nel. */
- nel |= 1; /* make odd */
- while (!isprime (nel))
- nel += 2;
+
+ /* Change nel to the first prime number in the range [nel, UINT_MAX - 2],
+ The '- 2' means 'nel += 2' cannot overflow. */
+ for (nel |= 1; ; nel += 2)
+ {
+ if (UINT_MAX - 2 < nel)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+ if (isprime (nel))
+ break;
+ }
htab->size = nel;
htab->filled = 0;
--
2.6.2
1.1 src/patchsets/glibc/2.22/10_all_glibc-CVE-2015-7547.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/10_all_glibc-CVE-2015-7547.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/10_all_glibc-CVE-2015-7547.patch?rev=1.1&content-type=text/plain
Index: 10_all_glibc-CVE-2015-7547.patch
===================================================================
https://bugs.gentoo.org/574880
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int
anslen, const char *qname,
int h_namelen = 0;
if (ancount == 0)
- return NSS_STATUS_NOTFOUND;
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
while (ancount-- > 0 && cp < end_of_message && had_error == 0)
{
@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int
anslen, const char *qname,
/* Special case here: if the resolver sent a result but it only
contains a CNAME while we are looking for a T_A or T_AAAA record,
we fail with NOTFOUND instead of TRYAGAIN. */
- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
+ if (canon != NULL)
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_TRYAGAIN;
}
@@ -1242,8 +1252,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1,
const querybuf *answer2,
&pat, &buffer, &buflen,
errnop, h_errnop, ttlp,
&first);
+ /* Use the second response status in some cases. */
if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
status = status2;
+ /* Do not return a truncated second response (unless it was
+ unavoidable e.g. unrecoverable TRYAGAIN). */
+ if (status == NSS_STATUS_SUCCESS
+ && (status2 == NSS_STATUS_TRYAGAIN
+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
+ status = NSS_STATUS_TRYAGAIN;
}
return status;
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
}
@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
if (saved_herrno != -1)
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -639,11 +639,7 @@ send_vc(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
- // XXX REMOVE
- // int anssiz = *anssizp;
- HEADER *anhp = (HEADER *) ans;
+ HEADER *anhp = (HEADER *) *ansp;
struct sockaddr *nsap = get_nsaddr (statp, ns);
int truncating, connreset, n;
/* On some architectures compiler might emit a warning indicating
@@ -767,35 +763,6 @@ send_vc(res_state statp,
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if __GNUC_PREREQ (4, 7)
- DIAG_PUSH_NEEDS_COMMENT;
- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
-#endif
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
-#if __GNUC_PREREQ (4, 7)
- DIAG_POP_NEEDS_COMMENT;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
@@ -804,10 +771,14 @@ send_vc(res_state statp,
anhp = (HEADER *) *thisansp;
*thisresplenp = rlen;
- if (rlen > *thisanssizp) {
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- if (__glibc_likely (anscp != NULL)) {
+ /* Is the answer buffer too small? */
+ if (*thisanssizp < rlen) {
+ /* If the current buffer is not the the static
+ user-supplied buffer then we can reallocate
+ it. */
+ if (thisansp != NULL && thisansp != ansp) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp == NULL) {
*terrno = ENOMEM;
@@ -957,8 +928,6 @@ send_dg(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
struct timespec now, timeout, finish;
struct pollfd pfd[1];
int ptimeout;
@@ -1154,50 +1123,48 @@ send_dg(res_state statp,
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
}
if (*thisanssizp < MAXPACKET
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- && anscp
+ /* If the current buffer is not the the static
+ user-supplied buffer then we can reallocate
+ it. */
+ && (thisansp != NULL && thisansp != ansp)
#ifdef FIONREAD
+ /* Is the size too small? */
&& (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
|| *thisanssizp < *thisresplenp)
#endif
) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp != NULL) {
- *anssizp = MAXPACKET;
- *thisansp = ans = newp;
+ *thisanssizp = MAXPACKET;
+ *thisansp = newp;
if (thisansp == ansp2)
*ansp2_malloced = 1;
}
}
+ /* We could end up with truncation if anscp was NULL
+ (not allowed to change caller's buffer) and the
+ response buffer size is too small. This isn't a
+ reliable way to detect truncation because the ioctl
+ may be an inaccurate report of the UDP message size.
+ Therefore we use this only to issue debug output.
+ To do truncation accurately with UDP we need
+ MSG_TRUNC which is only available on Linux. We
+ can abstract out the Linux-specific feature in the
+ future to detect truncation. */
+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
+ Dprint(statp->options & RES_DEBUG,
+ (stdout, ";; response may be truncated (UDP)\n")
+ );
+ }
+
HEADER *anhp = (HEADER *) *thisansp;
socklen_t fromlen = sizeof(struct sockaddr_in6);
assert (sizeof(from) <= fromlen);
