From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2070.outbound.protection.outlook.com [40.107.15.70]) by sourceware.org (Postfix) with ESMTPS id 3DE113858436 for ; Wed, 14 Dec 2022 21:56:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 3DE113858436 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ftSB9C1c9TOoDoVFH/RiMcful08Zycq9qizvy6BYDwo=; b=63SlInHgHg201XjA9ukntHa4gyiOFLirbqNQWjS6ajmeWjAxVMNIUkYrLGaxWtpQ+O7XqrApt8UEg0YW9+IfrKT73MPjrG83H/Kf31M8pDDqk9AeRUxqilUZChuvgliF8NrpVkNMd1dsyrLY+PCzdxGaRSQ5IPYCDPc5+nuaGtw= Received: from DB6P192CA0011.EURP192.PROD.OUTLOOK.COM (2603:10a6:4:b8::21) by PAVPR08MB9627.eurprd08.prod.outlook.com (2603:10a6:102:31b::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.11; Wed, 14 Dec 2022 21:56:39 +0000 Received: from DBAEUR03FT048.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:b8:cafe::4) by DB6P192CA0011.outlook.office365.com (2603:10a6:4:b8::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.19 via Frontend Transport; Wed, 14 Dec 2022 21:56:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT048.mail.protection.outlook.com (100.127.142.200) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.11 via Frontend Transport; Wed, 14 Dec 2022 21:56:39 +0000 Received: ("Tessian outbound 58faf9791229:v130"); Wed, 14 Dec 2022 21:56:39 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: b5753b7417cccf21 X-CR-MTA-TID: 64aa7808 Received: from 6fa599781833.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 0A45A6DD-40DB-4946-A916-275FC840DCA6.1; Wed, 14 Dec 2022 21:56:31 +0000 Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 6fa599781833.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 14 Dec 2022 21:56:31 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L6vUI03ZB+eJudI+OoR5iVf4oeTOzyHlQ8PpvHYGFn9BnKrGi3M6rtOqZy0zqi5dJJ7qtoEbvKb3eyXugatLR+Hf9+apm60DNFak0yVtHAWyLVktNnCO46RhtNFDD/tAYtxcNkrWtcJpCB2wf0usM0Z1rRt6JCcb0UFr2G7AtbrfbScl871F87Sqmtg58zmnaBc5IGcbeuJKQ6TJRWWV0PaRuQO41HiytpOGao2iALj+pMdCwYMaHDb+eLM+IpW4vXlW2HPhw/bIa6DqJ+0TPQOE+cA4NBEbNOPH/mzB2ozwYfzt2Fu94MQpNg84fLT4o3mGni3IZ3xsM7veZCtXWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ftSB9C1c9TOoDoVFH/RiMcful08Zycq9qizvy6BYDwo=; b=F4rjvNdGJ4mzUpqE4zAqNPg7/Q1DlaZt1iwG71zV2gsTfzHjbh/Atah74SXiIT3l9WO9yUfpijqULTIZ7sV0JrSFTNsQXMeh0jE0JPLTjkqksbg4zUiLYlricbsqEDnmMu3kDSBAUsYTAvGm308JB/nfpbVQqo1sHtGJf+Gflh5n1KYL3qRkyh7u68QIVRnG0CWjMCJNWwQWJWBcjRfaFlUtO5EPEivbTNpZ6A/dvRU74iXFJBxllE3NehxOMa0t0dxgD187J3ckBDsq3IL6an6MqTZirdWMUeV34Vou8DR7ia6PlC/17yd5K9LfREFnOsLUZOoKW3RTzPMMfAh01A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ftSB9C1c9TOoDoVFH/RiMcful08Zycq9qizvy6BYDwo=; b=63SlInHgHg201XjA9ukntHa4gyiOFLirbqNQWjS6ajmeWjAxVMNIUkYrLGaxWtpQ+O7XqrApt8UEg0YW9+IfrKT73MPjrG83H/Kf31M8pDDqk9AeRUxqilUZChuvgliF8NrpVkNMd1dsyrLY+PCzdxGaRSQ5IPYCDPc5+nuaGtw= Received: from PAWPR08MB8982.eurprd08.prod.outlook.com (2603:10a6:102:33f::20) by DB5PR08MB10094.eurprd08.prod.outlook.com (2603:10a6:10:4a2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.9; Wed, 14 Dec 2022 21:56:28 +0000 Received: from PAWPR08MB8982.eurprd08.prod.outlook.com ([fe80::66e4:4940:d096:4f7]) by PAWPR08MB8982.eurprd08.prod.outlook.com ([fe80::66e4:4940:d096:4f7%9]) with mapi id 15.20.5924.010; Wed, 14 Dec 2022 21:56:28 +0000 From: Wilco Dijkstra To: "zack@owlfolio.org" , Carlos O'Donell CC: 'GNU C Library' Subject: Re: Bug 29863 - Segmentation fault in memcmp-sse2.S if memory contents can concurrently change Thread-Topic: Bug 29863 - Segmentation fault in memcmp-sse2.S if memory contents can concurrently change Thread-Index: AQHZD9EBA6XnPTzvZkeTyGcVz4oSjK5tnocogABPRk0= Date: Wed, 14 Dec 2022 21:56:28 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; x-ms-traffictypediagnostic: PAWPR08MB8982:EE_|DB5PR08MB10094:EE_|DBAEUR03FT048:EE_|PAVPR08MB9627:EE_ X-MS-Office365-Filtering-Correlation-Id: 9e5053c0-8071-42be-f3ea-08dade1e13fa x-checkrecipientrouted: true nodisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: B592cqK7ooVz/IBBvOiczZxMIui75WxVmM5pT18ahOV3qSYIji+ET2TLhMEFGwwa9RzCqtSj0jK0Uxdf44zYVV+EbGfn2P2jF9tYZW9/03qG1YTXnCaSS8gp5hLf3NdfdN0oo5UEGCS5EmEK4gR+RacU1cvRHiCuLooeSJb6PaRPO/r4mJyldVLJaxfJGWqGHpEAiU3Zg7VKbc0fLqmnDmjBRLh538xnIsBxOHyHiRrRTV7DxGks0NYxOVZHew5Xc+7nSY08yiqiTCt4NDANzYM8TxNJkfOJtB+zRVmTWiEpX56OyTy9sXn2k6VBk3jPkm8VjhZCqFxFgvurrE4kroKAzX8mwOZ3BfibM9aAVMfUZnn+X+WcaVV6C4ckGsgqed10qw5TBB/1FC4jQzntk0Q09cWI11zTrRxV8iTR7cyjzAOD93fJpTHG7ZnDHevvoDwrXEiSWQcLtRKX/eyYmtMvQWXsM3fcref9AuMeUg0McCwLoBeKgrAfTdS4WzgW6Waj/BIF0lfZ1+Vafxn1BI8MjDIdZaYhxsXsfTXeXi8cIU++GLLfwtvm+BEPEDjFpWDjuhH/zhW9SiYHcn61N1GPf3T0FkYKuqWNiRZd8JK4KXFfbZar7PAvwNEvLTN6mGT8sTjy/GDu7V00Gl64EPPYSG/XAFfrfQ08sbFA69H9B+T4aIEZPwaAsNxiboXN8qbcdmbsxcOTVRConvxF+A== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAWPR08MB8982.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(346002)(376002)(396003)(136003)(366004)(39860400002)(451199015)(52536014)(91956017)(41300700001)(8936002)(66899015)(110136005)(66476007)(38070700005)(76116006)(64756008)(66446008)(66946007)(4326008)(66556008)(86362001)(316002)(8676002)(33656002)(478600001)(2906002)(55016003)(38100700002)(83380400001)(71200400001)(7696005)(5660300002)(122000001)(6506007)(9686003)(186003)(26005)(2940100002);DIR:OUT;SFP:1101; Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB10094 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT048.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 50e93787-5b30-46ea-71a0-08dade1e0d57 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UqL8x6Ft0COE8k8md4I8gDugq+eVAComIQ2Cfk6EgGBKJXvxC/Ke06MLGAf9LlCILUo20k8pTW/oRBNoYSX0iIFkuPbMLOBp4sL5HmwA1ebku/pJwFken0ufnLwDbwwgj7/x9W81oJ3ZAr+1ApVcYdjgkz1AM4j8hENOfLwE1Rh7hBMnEA7sSJagcC/CninoSntwYDPzzvXXm1ZRhZNaKgdf7wIdqsMvYr9eq939MW97pHXakDMrMDL/tn9j8Nr0YnyBML1BK+NzkJslf1RapVc2zC2FVvgF70tvIhXV9bMWanX2h23TGLIqZVf4yTD2aOiDq7t8WQ32VSfz9y0k/9Vaaaxq/kmJDufxtUj3U4fMS4xJrmp42XNbub+3Ybf7hBkg1D+fUIpKrC3YCEbL71bM6z8ti+pv3qc52AM0zFK8SLjS+6l9PYCYwg+LsP9Igg2rhGr679qv8mhFPJ6kL0wHcHljqwlbrV7gOdTmUeXF/A0+5guzCUQ2xQC2dpXj/9RscqspnoIwEySrDheVrNNeXXChPNgJ448DP4z6qEceQmwxKXA5JQcoV2PsrHqOtEAY2asvHpzR9a6maI+H++iL4wsnstf28VmtJ7jiZ9GEUn999sgRQS/s1yd2yWux3rdg1LVt2eT+YKZgswxhfaHujSvRi9NFSLpjgWf/z9/cRdwIT1gKMXqu8cAxVvH78l9jAyru8DlJX7ZnaN2RIQ== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(376002)(136003)(396003)(346002)(451199015)(36840700001)(40470700004)(46966006)(82310400005)(66899015)(8676002)(186003)(70206006)(9686003)(4326008)(2940100002)(70586007)(316002)(40460700003)(478600001)(110136005)(26005)(33656002)(40480700001)(336012)(356005)(41300700001)(81166007)(47076005)(55016003)(5660300002)(2906002)(83380400001)(82740400003)(86362001)(7696005)(6506007)(52536014)(36860700001)(8936002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Dec 2022 21:56:39.1788 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9e5053c0-8071-42be-f3ea-08dade1e13fa X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT048.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR08MB9627 X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi,=0A= =0A= >On Tue, Dec 13, 2022, at 11:16 PM, Carlos O'Donell wrote:=0A= >>=A0The standards are in no way prescriptive in saying that memcmp shall n= ot read or=0A= >>=A0write to memory outside of the input domain.=0A= >=0A= > ... is (as I read it) contradicted by 7.1.4p5 (N1570) "A library function= shall not directly or=0A= > indirectly access objects accessible by threads other than the current th= read unless the=0A= > objects are accessed directly or indirectly via the function's arguments.= " =A0There is more=0A= > wiggle room in this wording than I'd ideally like, but since memcmp has n= o way of knowing=0A= > whether any particular piece of data outside the ranges supplied as argum= ents is "accessible=0A= > by threads other than the current thread", it needs to be conservative an= d not touch any of it.=0A= =0A= I'd expect that mem* functions will never read outside their bounds since t= he bounds are=0A= explicitly defined by the arguments, not by the data. So that should be eas= y to guarantee.=0A= =0A= For the str* functions it may be harder since the data itself defines when = to stop reading.=0A= So if an implementation uses multiple accesses to the same address, you cou= ld potentially=0A= mistake the end of a string (eg. first one detects a special case, while th= e 2nd then verifies it).=0A= =0A= Still, I wouldn't expect totally random memory accesses even in this case -= you would read=0A= beyond the end of a string if the string end is changed concurrently.=0A= =0A= Note there is also a security risk here - an attacker could cause an out of= bounds access=0A= to extract secret data that otherwise wouldn't be accessible. Eg. functions= in the Linux=0A= kernel accessing user data should be resilient to concurrent modifications = of the data.=0A= =0A= Finally it's worth mentioning that nscd does the exact same thing: it uses = memcmp and=0A= non-atomic accesses on shared data that is being modified by other threads.= It looks=0A= totally broken, especially with weaker memory ordering, however this kind o= f insanity=0A= may actually be a common design pattern...=0A= =0A= Cheers,=0A= Wilco=