From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from huawei.com (szxga01-in.huawei.com [45.249.212.187]) by sourceware.org (Postfix) with ESMTPS id AE67F3887000 for ; Mon, 13 Apr 2020 14:16:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org AE67F3887000 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=zhuyan34@huawei.com Received: from DGGEMM404-HUB.china.huawei.com (unknown [172.30.72.55]) by Forcepoint Email with ESMTP id 1EFE4E9CA4F2FA7C328E; Mon, 13 Apr 2020 22:16:11 +0800 (CST) Received: from dggeme759-chm.china.huawei.com (10.3.19.105) by DGGEMM404-HUB.china.huawei.com (10.3.20.212) with Microsoft SMTP Server (TLS) id 14.3.487.0; Mon, 13 Apr 2020 22:16:10 +0800 Received: from dggeme762-chm.china.huawei.com (10.3.19.108) by dggeme759-chm.china.huawei.com (10.3.19.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Mon, 13 Apr 2020 22:16:10 +0800 Received: from dggeme762-chm.china.huawei.com ([10.8.68.53]) by dggeme762-chm.china.huawei.com ([10.8.68.53]) with mapi id 15.01.1713.004; Mon, 13 Apr 2020 22:16:10 +0800 From: "zhuyan (M)" To: "libc-alpha@sourceware.org" CC: Carlos O'Donell , Joseph Myers Subject: [PATCH v2] memcpy: use bhs/bls instead of bge/blt [BZ #25620] Thread-Topic: [PATCH v2] memcpy: use bhs/bls instead of bge/blt [BZ #25620] Thread-Index: AdYRngYhJjsl9n/XTDeMc4+MLLtXHA== Date: Mon, 13 Apr 2020 14:16:10 +0000 Message-ID: <95923e664fc9426c9c121efeaa69268c@huawei.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.67.102.217] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Spam-Status: No, score=-22.5 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_DMARC_STATUS, KAM_SHORT, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Apr 2020 14:16:17 -0000 In ARMv7, the memcpy() implementation allows for program execution to conti= nue in scenarios where a segmentation fault or crash should have occurred. = The dangers occur in that subsequent execution and iterations of this code = will be executed with this corrupted data. Such as, we use 'memcpy' copy 0x80000000 byte to buffer(The buffer size is = 100 bytes), it didn't crash. Reference link: https://sourceware.org/bugzilla/attachment.cgi?id=3D12334&a= ction=3Dedit Signed-off-by: Yan Zhu --- sysdeps/arm/Makefile | 6 +++- sysdeps/arm/armv7/multiarch/memcpy_impl.S | 14 ++++---- sysdeps/arm/tst-armv7memcpybign.c | 54 +++++++++++++++++++++++++++= ++++ 3 files changed, 66 insertions(+), 8 deletions(-) create mode 100644 sysd= eps/arm/tst-armv7memcpybign.c diff --git a/sysdeps/arm/Makefile b/sysdeps/arm/Makefile index ad2042b93a..= 7c1f19e225 100644 --- a/sysdeps/arm/Makefile +++ b/sysdeps/arm/Makefile @@ -19,21 +19,25 @@ lib-noranlib: $(objpfx)libgcc-stubs.a =20 ifeq ($(build-shared),yes) ifeq ($(have-arm-tls-desc),yes) -tests +=3D tst-armtlsdescloc tst-armtlsdescextnow tst-armtlsdescextlazy +tests +=3D tst-armtlsdescloc tst-armtlsdescextnow tst-armtlsdescextlazy=20 +tst-armv7memcpybign modules-names +=3D tst-armtlsdesclocmod modules-names +=3D tst-armtlsdescextlazymod tst-armtlsdescextnowmod +modeles-names +=3D tst-armv7memcpybignmod CPPFLAGS-tst-armtlsdescextnowmod.c +=3D -Dstatic=3D CPPFLAGS-tst-armtlsde= scextlazymod.c +=3D -Dstatic=3D CFLAGS-tst-armtlsdesclocmod.c +=3D -mtls-d= ialect=3Dgnu2 CFLAGS-tst-armtlsdescextnowmod.c +=3D -mtls-dialect=3Dgnu2 = CFLAGS-tst-armtlsdescextlazymod.c +=3D -mtls-dialect=3Dgnu2 +CFLAGS-tst-armv7memcpybign.c +=3D -mtls-dialect=3Dgnu2 LDFLAGS-tst-armtlsdescextnowmod.so +=3D -Wl,-z,now tst-armtlsdescloc-ENV = =3D LD_BIND_NOW=3D1 tst-armtlsdescextnow-ENV =3D LD_BIND_NOW=3D1 tst-armt= lsdescextlazy-ENV =3D LD_BIND_NOW=3D1 +tst-armv7memcpybign-ENV =3D LD_BIND_NOW=3D1 $(objpfx)tst-armtlsdescloc: $(objpfx)tst-armtlsdesclocmod.so $(objpfx)tst-armtlsdescextnow: $(objpfx)tst-armtlsdescextnowmod.so $(objpfx)tst-armtlsdescextlazy: $(objpfx)tst-armtlsdescextlazymod.so +$(objpfx)tst-armv7memcpybign: $(objpfx)tst-armv7memcpybignmod.so endif endif endif diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/sysdeps/arm/armv7/= multiarch/memcpy_impl.S index bf4ac7077f..7455bdc6c7 100644 --- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S +++ b/sysdeps/arm/armv7/multiarch/memcpy_impl.S @@ -268,7 +268,7 @@ ENTRY(memcpy) =20 mov dst, dstin /* Preserve dstin, we need to return it. */ cmp count, #64 - bge .Lcpy_not_short + bhs .Lcpy_not_short /* Deal with small copies quickly by dropping straight into the exit block. */ =20 @@ -351,10 +351,10 @@ ENTRY(memcpy) =20 1: subs tmp2, count, #64 /* Use tmp2 for count. */ - blt .Ltail63aligned + bls .Ltail63aligned =20 cmp tmp2, #512 - bge .Lcpy_body_long + bhs .Lcpy_body_long =20 .Lcpy_body_medium: /* Count in tmp2. */ #ifdef USE_VFP @@ -378,7 +378,7 @@ ENTRY(memcpy) add src, src, #64 vstr d1, [dst, #56] add dst, dst, #64 - bge 1b + bhs 1b tst tmp2, #0x3f beq .Ldone =20 @@ -412,7 +412,7 @@ ENTRY(memcpy) ldrd A_l, A_h, [src, #64]! strd A_l, A_h, [dst, #64]! subs tmp2, tmp2, #64 - bge 1b + bhs 1b tst tmp2, #0x3f bne 1f ldr tmp2,[sp], #FRAME_SIZE @@ -482,7 +482,7 @@ ENTRY(memcpy) add src, src, #32 =20 subs tmp2, tmp2, #prefetch_lines * 64 * 2 - blt 2f + bls 2f 1: cpy_line_vfp d3, 0 cpy_line_vfp d4, 64 @@ -494,7 +494,7 @@ ENTRY(memcpy) add dst, dst, #2 * 64 add src, src, #2 * 64 subs tmp2, tmp2, #prefetch_lines * 64 - bge 1b + bhs 1b =20 2: cpy_tail_vfp d3, 0 diff --git a/sysdeps/arm/tst-armv7memcpybign.c b/sysdeps/arm/tst-armv7memcp= ybign.c new file mode 100644 index 0000000000..c9f0873c90 --- /dev/null +++ b/sysdeps/arm/tst-armv7memcpybign.c @@ -0,0 +1,54 @@ +/* Test scenes where ARMv7 memcpy parameter num is very large. + Copyright (C) 2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +int g_ret =3D 0; + +void +sigsegv_handle(int signum) +{ + printf("Enter sigsegv_handle function\n"); + g_ret =3D signum; + exit(0); +} + +int +memcpy_big_n (void) +{ + char buf[100] =3D {0}; + memcpy(buf, "abcd", 0x80000000); +} + +int +do_test (void) +{ + signal(SIGSEGV, sigsegv_handle); + memcpy_big_n(); + if (g_ret =3D=3D 0) + return 1; + else + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" + -- 2.12.3