From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1]) by sourceware.org (Postfix) with ESMTPS id A4F4C3857C50 for ; Mon, 3 Aug 2020 21:33:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A4F4C3857C50 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=aurel32.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=aurelien@aurel32.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aurel32.net ; s=202004.hall; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date: Subject:Cc:To:From:Content-Type:From:Reply-To:Subject:Content-ID: Content-Description:In-Reply-To:References:X-Debbugs-Cc; bh=SZ3tVQj7pgmP3zs4f/d75dW9oe3FqzQZ3xWm7AOf9uE=; b=skVQBm1esXdz/GWKdnQqYSdc4g 4PYXS6+XjsvisW7YW9NOh77cR5WDMMA+xy2CD0IQ1hLupF39HJrRqsh2OQh3UsQqSRC9v3G19EL6F zMRNRk6mDaAOa69C12gDwlrmmd7A0HZRUAHS3d7GXXnO8cpVOem9Hihg5Go+1YoLcJIPKFL78grcx cDKJmVtcQURIgcZKt8IPdV0pqhQvS3WMAvvwf1YS7H/zGNjTAkqYCDA6eLtr4GGKpO0P7oGetjlaF SuROV2UGsuyu5MG21T6fol+80a501iw4bSgWAPTXXZIirfxOQ+vINK7NpPi65OQKQ5ZepaBXs28Gb j3dcsnJw==; Received: from ohm.aurel32.net ([2001:bc8:30d7:111::1000]) by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1k2i59-0004Yk-Md; Mon, 03 Aug 2020 23:33:19 +0200 Received: from aurel32 by ohm.aurel32.net with local (Exim 4.94) (envelope-from ) id 1k2i56-00Fo0s-U1; Mon, 03 Aug 2020 23:33:16 +0200 From: Aurelien Jarno To: libc-stable@sourceware.org Cc: Florian Weimer , Carlos O'Donell Subject: [2.31 COMMITTED] powerpc: Fix incorrect cache line size load in memset (bug 26332) Date: Mon, 3 Aug 2020 23:33:08 +0200 Message-Id: <20200803213308.3767107-1-aurelien@aurel32.net> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-stable@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-stable mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2020 21:33:21 -0000 From: Florian Weimer __GLRO loaded the word after the requested variable on big-endian PowerPC, where LOWORD is 4. This can cause the memset implement go wrong because the masking with the cache line size produces wrong results, particularly if the loaded value happens to be 1. The __GLRO macro is not used in any place where loading the lower 32-bit word of a 64-bit value is desired, so the +4 offset is always wrong. Fixes commit 18363b4f010da9ba459b13310b113ac0647c2fcc ("powerpc: Move cache line size to rtld_global_ro") and bug 26332. Reviewed-by: Carlos O'Donell (cherry picked from commit 7650321ce037302bfc2f026aa19e0213b8d02fe6) --- NEWS | 1 + sysdeps/powerpc/powerpc32/sysdep.h | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 8a857061e11..17cde19e28a 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,7 @@ The following bugs are resolved with this release: [25966] Incorrect access of __x86_shared_non_temporal_threshold for x32 [25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE [26248] Incorrect argument types for INLINE_SETXID_SYSCALL + [26332] Incorrect cache line size load causes memory corruption in memset Security related changes: diff --git a/sysdeps/powerpc/powerpc32/sysdep.h b/sysdeps/powerpc/powerpc32/sysdep.h index 2ba009e919b..829eec266af 100644 --- a/sysdeps/powerpc/powerpc32/sysdep.h +++ b/sysdeps/powerpc/powerpc32/sysdep.h @@ -179,8 +179,8 @@ GOT_LABEL: ; \ #else /* Position-dependent code does not require access to the GOT. */ # define __GLRO(rOUT, rGOT, member, offset) \ - lis rOUT,(member+LOWORD)@ha; \ - lwz rOUT,(member+LOWORD)@l(rOUT) + lis rOUT,(member)@ha; \ + lwz rOUT,(member)@l(rOUT) #endif /* PIC */ #endif /* __ASSEMBLER__ */ -- 2.27.0