* [patch] glibc/ia64 memccpy segfault
@ 2003-09-09 14:23 Jes Sorensen
2003-09-09 20:17 ` Ulrich Drepper
0 siblings, 1 reply; 4+ messages in thread
From: Jes Sorensen @ 2003-09-09 14:23 UTC (permalink / raw)
To: libc-hacker
Hi,
Please find attached a patch which I have been sitting on for way too
long. It should apply cleanly to both glibc-2.2 and glibc-2.3.
It basically solve a bug in the ia64 memccpy implementation where the
readahead will cause a segfault if you try to memccpy from across a page
boundary, with the second page not being mapped and the end-of-stream
character is found in the original page.
This is a segfault bugfix and I recommend distributions to include it in
their next updates.
Cheers,
Jes
2003-04-11 Jes Sorensen <jes@wildopensource.com>
* sysdeps/ia64/memccpy.S: When recovering for src_aligned and the
character is found during recovery, use correct register when
determining the position of the found character.
2003-04-01 Jes Sorensen <jes@wildopensource.com>
* sysdeps/ia64/memccpy.S: Use speculatively loads for readahead to
avoid segfaults when reading from unmapped pages. For aligned
reload and continue, for misaligned, roll back and use byte copy.
Save ar.ec on entry and restore on exit.
Index: sysdeps/ia64/memccpy.S
===================================================================
RCS file: /cvs/glibc/libc/sysdeps/ia64/memccpy.S,v
retrieving revision 1.5
diff -u -r1.5 memccpy.S
--- sysdeps/ia64/memccpy.S 6 Jul 2001 04:55:54 -0000 1.5
+++ sysdeps/ia64/memccpy.S 9 Sep 2003 14:15:32 -0000
@@ -1,6 +1,6 @@
/* Optimized version of the memccpy() function.
This file is part of the GNU C Library.
- Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+ Copyright (C) 2000, 2001, 2003 Free Software Foundation, Inc.
Contributed by Dan Pop <Dan.Pop@cern.ch>.
The GNU C Library is free software; you can redistribute it and/or
@@ -46,6 +46,7 @@
#define tmp r23
#define char r24
#define charx8 r25
+#define saved_ec r26
#define sh2 r28
#define sh1 r29
#define loopcnt r30
@@ -56,25 +57,27 @@
alloc r2 = ar.pfs, 4, 40 - 4, 0, 40
#include "softpipe.h"
- .rotr r[MEMLAT + 3], tmp1[4], tmp2[4], val[4], tmp3[2], pos0[2]
+ .rotr r[MEMLAT + 7], tmp1[4], tmp2[4], val[4], tmp3[2], pos0[2]
.rotp p[MEMLAT + 6 + 1]
mov ret0 = r0 // return NULL if no match
.save pr, saved_pr
mov saved_pr = pr // save the predicate registers
+ mov dest = in0 // dest
.save ar.lc, saved_lc
mov saved_lc = ar.lc // save the loop counter
+ mov saved_ec = ar.ec // save the loop counter
.body
- mov dest = in0 // dest
mov src = in1 // src
extr.u char = in2, 0, 8 // char
mov len = in3 // len
sub tmp = r0, in0 // tmp = -dest
cmp.ne p7, p0 = r0, r0 // clear p7
;;
- and loopcnt = 7, tmp // loopcnt = -dest % 8
+ and loopcnt = 7, tmp // loopcnt = -dest % 8
cmp.ge p6, p0 = OP_T_THRES, len // is len <= OP_T_THRES
-(p6) br.cond.spnt .cpyfew // copy byte by byte
+ mov ar.ec = 0 // ec not guaranteed zero on entry
+(p6) br.cond.spnt .cpyfew // copy byte by byte
;;
cmp.eq p6, p0 = loopcnt, r0
mux1 charx8 = char, @brcst
@@ -109,26 +112,31 @@
cmp.ne p6, p0 = r0, r0 ;; // clear p6
.align 32
.l2:
-(p[0]) ld8 r[0] = [asrc], 8 // r[0] = w1
+(p[0]) ld8.s r[0] = [asrc], 8 // r[0] = w1
(p[MEMLAT]) shr.u tmp1[0] = r[1 + MEMLAT], sh1 // tmp1 = w0 >> sh1
(p[MEMLAT]) shl tmp2[0] = r[0 + MEMLAT], sh2 // tmp2 = w1 << sh2
(p[MEMLAT+4]) xor tmp3[0] = val[1], charx8
(p[MEMLAT+5]) czx1.r pos0[0] = tmp3[1]
+(p[MEMLAT+6]) chk.s r[6 + MEMLAT], .recovery1 // our data isn't
+ // valid - rollback!
(p[MEMLAT+6]) cmp.ne p6, p0 = 8, pos0[1]
(p6) br.cond.spnt .gotit
(p[MEMLAT+6]) st8 [dest] = val[3], 8 // store val to dest
(p[MEMLAT+3]) or val[0] = tmp1[3], tmp2[3] // val = tmp1 | tmp2
br.ctop.sptk .l2
br.cond.sptk .cpyfew
+
.src_aligned:
cmp.ne p6, p0 = r0, r0 // clear p6
mov ar.ec = MEMLAT + 2 + 1 ;; // set EC
.l3:
-(p[0]) ld8 r[0] = [src], 8
+(p[0]) ld8.s r[0] = [src], 8
(p[MEMLAT]) xor tmp3[0] = r[MEMLAT], charx8
(p[MEMLAT+1]) czx1.r pos0[0] = tmp3[1]
(p[MEMLAT+2]) cmp.ne p7, p0 = 8, pos0[1]
+(p[MEMLAT+2]) chk.s r[MEMLAT+2], .recovery2
(p7) br.cond.spnt .gotit
+.back2:
(p[MEMLAT+2]) st8 [dest] = r[MEMLAT+2], 8
br.ctop.dptk .l3
.cpyfew:
@@ -148,6 +156,7 @@
.restore_and_exit:
mov pr = saved_pr, -1 // restore the predicate registers
mov ar.lc = saved_lc // restore the loop counter
+ mov ar.ec = saved_ec ;; // restore the epilog counter
br.ret.sptk.many b0
.gotit:
.pred.rel "mutex" p6, p7
@@ -163,4 +172,33 @@
mov pr = saved_pr, -1
mov ar.lc = saved_lc
br.ret.sptk.many b0
+
+.recovery1:
+ adds src = -(MEMLAT + 6 + 1) * 8, asrc
+ mov loopcnt = ar.lc
+ mov tmp = ar.ec ;;
+ sub sh1 = (MEMLAT + 6 + 1), tmp
+ shr.u sh2 = sh2, 3
+ ;;
+ shl loopcnt = loopcnt, 3
+ sub src = src, sh2
+ shl sh1 = sh1, 3
+ shl tmp = tmp, 3
+ ;;
+ add len = len, loopcnt
+ add src = sh1, src ;;
+ add len = tmp, len
+.back1:
+ br.cond.sptk .cpyfew
+
+.recovery2:
+ add tmp = -(MEMLAT + 3) * 8, src
+(p7) br.cond.spnt .gotit
+ ;;
+ ld8 r[MEMLAT+2] = [tmp] ;;
+ xor pos0[1] = r[MEMLAT+2], charx8 ;;
+ czx1.r pos0[1] = pos0[1] ;;
+ cmp.ne p7, p6 = 8, pos0[1]
+(p7) br.cond.spnt .gotit
+ br.cond.sptk .back2
END(memccpy)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] glibc/ia64 memccpy segfault
2003-09-09 14:23 [patch] glibc/ia64 memccpy segfault Jes Sorensen
@ 2003-09-09 20:17 ` Ulrich Drepper
2003-09-09 22:38 ` Jes Sorensen
0 siblings, 1 reply; 4+ messages in thread
From: Ulrich Drepper @ 2003-09-09 20:17 UTC (permalink / raw)
To: Jes Sorensen; +Cc: libc-hacker
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jes Sorensen wrote:
> It basically solve a bug in the ia64 memccpy implementation where the
> readahead will cause a segfault if you try to memccpy from across a page
> boundary,
I checked the patch in after writing a test case. Thanks,
- --
- --------------. ,-. 444 Castro Street
Ulrich Drepper \ ,-----------------' \ Mountain View, CA 94041 USA
Red Hat `--' drepper at redhat.com `---------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/XjVQ2ijCOnn/RHQRAjqVAJ4zzdZlFzTJwamhbLjtDji+5MlvhgCgqydv
yGvTbmgQnzSm4vw5HGfSTTM=
=1+AP
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] glibc/ia64 memccpy segfault
2003-09-09 20:17 ` Ulrich Drepper
@ 2003-09-09 22:38 ` Jes Sorensen
2003-09-09 22:56 ` Ulrich Drepper
0 siblings, 1 reply; 4+ messages in thread
From: Jes Sorensen @ 2003-09-09 22:38 UTC (permalink / raw)
To: Ulrich Drepper; +Cc: libc-hacker
>>>>> "Ulrich" == Ulrich Drepper <drepper@redhat.com> writes:
Ulrich> Jes Sorensen wrote:
>> It basically solve a bug in the ia64 memccpy implementation where
>> the readahead will cause a segfault if you try to memccpy from
>> across a page boundary,
Ulrich> I checked the patch in after writing a test case. Thanks,
Hi Uli,
Thanks for checking it in. How do you feel of pushing this one for 2.2
as well? It contains the same bug.
Cheers,
Jes
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] glibc/ia64 memccpy segfault
2003-09-09 22:38 ` Jes Sorensen
@ 2003-09-09 22:56 ` Ulrich Drepper
0 siblings, 0 replies; 4+ messages in thread
From: Ulrich Drepper @ 2003-09-09 22:56 UTC (permalink / raw)
To: Jes Sorensen; +Cc: libc-hacker
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jes Sorensen wrote:
> Thanks for checking it in. How do you feel of pushing this one for 2.2
> as well? It contains the same bug.
That branch is in deep freeze and won't be changed again ever.
- --
- --------------. ,-. 444 Castro Street
Ulrich Drepper \ ,-----------------' \ Mountain View, CA 94041 USA
Red Hat `--' drepper at redhat.com `---------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/XlqH2ijCOnn/RHQRAipkAKDA0zE5+oHcn4RWkuSGDd4T35h3cACcCzOy
LpRUsau8l+8RwQMmwrnXnOk=
=fMkp
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-09-09 22:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-09-09 14:23 [patch] glibc/ia64 memccpy segfault Jes Sorensen
2003-09-09 20:17 ` Ulrich Drepper
2003-09-09 22:38 ` Jes Sorensen
2003-09-09 22:56 ` Ulrich Drepper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).