public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
@ 2023-12-21 3:29 hjl.tools at gmail dot com
2023-12-22 13:37 ` [Bug dynamic-link/31185] " cvs-commit at gcc dot gnu.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: hjl.tools at gmail dot com @ 2023-12-21 3:29 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
Bug ID: 31185
Summary: Incorrect thread point access in _dl_tlsdesc_undefweak
and _dl_tlsdesc_dynamic
Product: glibc
Version: 2.38
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
Target: x32
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic in sysdeps/x86_64/dl-tlsdesc.S
access the thread pointer via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
,,,
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
@ 2023-12-22 13:37 ` cvs-commit at gcc dot gnu.org
2023-12-22 14:44 ` sam at gentoo dot org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-12-22 13:37 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
--- Comment #1 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=81be2a61dafc168327c1639e97b6dae128c7ccf3
commit 81be2a61dafc168327c1639e97b6dae128c7ccf3
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Dec 20 19:42:12 2023 -0800
x86-64: Fix the tcb field load for x32 [BZ #31185]
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
...
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64. This
fixes BZ #31185.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
2023-12-22 13:37 ` [Bug dynamic-link/31185] " cvs-commit at gcc dot gnu.org
@ 2023-12-22 14:44 ` sam at gentoo dot org
2023-12-23 15:08 ` cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: sam at gentoo dot org @ 2023-12-22 14:44 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
2023-12-22 13:37 ` [Bug dynamic-link/31185] " cvs-commit at gcc dot gnu.org
2023-12-22 14:44 ` sam at gentoo dot org
@ 2023-12-23 15:08 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:00 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-12-23 15:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
--- Comment #2 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.38/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4
commit 968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Dec 20 19:42:12 2023 -0800
x86-64: Fix the tcb field load for x32 [BZ #31185]
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
...
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64. This
fixes BZ #31185.
(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
` (2 preceding siblings ...)
2023-12-23 15:08 ` cvs-commit at gcc dot gnu.org
@ 2023-12-23 17:00 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:35 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-12-23 17:00 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
--- Comment #3 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.37/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d052665f359be24623c0ca0aea8abd372cbefe90
commit d052665f359be24623c0ca0aea8abd372cbefe90
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Dec 20 19:42:12 2023 -0800
x86-64: Fix the tcb field load for x32 [BZ #31185]
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
...
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64. This
fixes BZ #31185.
(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
` (3 preceding siblings ...)
2023-12-23 17:00 ` cvs-commit at gcc dot gnu.org
@ 2023-12-23 17:35 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:36 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-12-23 17:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
--- Comment #4 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.36/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5dfafca33cf5db5ca88af43f4f764c29a69aff18
commit 5dfafca33cf5db5ca88af43f4f764c29a69aff18
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Dec 20 19:42:12 2023 -0800
x86-64: Fix the tcb field load for x32 [BZ #31185]
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
...
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64. This
fixes BZ #31185.
(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
` (4 preceding siblings ...)
2023-12-23 17:35 ` cvs-commit at gcc dot gnu.org
@ 2023-12-23 17:36 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:38 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:40 ` hjl.tools at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-12-23 17:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
--- Comment #5 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5d1fe26b49a9ac373dabba217df9bd7179b267d2
commit 5d1fe26b49a9ac373dabba217df9bd7179b267d2
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Dec 20 19:42:12 2023 -0800
x86-64: Fix the tcb field load for x32 [BZ #31185]
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
...
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64. This
fixes BZ #31185.
(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
` (5 preceding siblings ...)
2023-12-23 17:36 ` cvs-commit at gcc dot gnu.org
@ 2023-12-23 17:38 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:40 ` hjl.tools at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-12-23 17:38 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
--- Comment #6 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by H.J. Lu
<hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2143fcd54025df8ee1e95a31b2cbadcb2e3547ac
commit 2143fcd54025df8ee1e95a31b2cbadcb2e3547ac
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Dec 20 19:42:12 2023 -0800
x86-64: Fix the tcb field load for x32 [BZ #31185]
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
via the tcb field in TCB:
_dl_tlsdesc_undefweak:
_CET_ENDBR
movq 8(%rax), %rax
subq %fs:0, %rax
ret
_dl_tlsdesc_dynamic:
...
subq %fs:0, %rax
movq -8(%rsp), %rdi
ret
Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since
_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
returns void *, RAX_LP is appropriate here for x32 and x86-64. This
fixes BZ #31185.
(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug dynamic-link/31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
` (6 preceding siblings ...)
2023-12-23 17:38 ` cvs-commit at gcc dot gnu.org
@ 2023-12-23 17:40 ` hjl.tools at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: hjl.tools at gmail dot com @ 2023-12-23 17:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31185
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.39
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #7 from H.J. Lu <hjl.tools at gmail dot com> ---
Fixed for 2.39 and backported to 2.38/2.37/2.36/2.35/2.34 branches.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-12-23 17:40 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-21 3:29 [Bug dynamic-link/31185] New: Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic hjl.tools at gmail dot com
2023-12-22 13:37 ` [Bug dynamic-link/31185] " cvs-commit at gcc dot gnu.org
2023-12-22 14:44 ` sam at gentoo dot org
2023-12-23 15:08 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:00 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:35 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:36 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:38 ` cvs-commit at gcc dot gnu.org
2023-12-23 17:40 ` hjl.tools at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).