From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) by sourceware.org (Postfix) with ESMTPS id CC0F03857C6F; Wed, 4 May 2022 06:03:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org CC0F03857C6F Received: by mail-vs1-xe2f.google.com with SMTP id u205so286369vsu.6; Tue, 03 May 2022 23:03:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AxDylrmVL7Bw5AGmx7uGXjiMK7C8TN1IKtcjUBvr+XU=; b=A1Fmw2o5nOgvVpPd2Lardo5ZYIpTm0NhXyU95cP9LvCQLIWHPmWsTu5ZICaTLfG00i TgOvtlt8xm/fNUQSW2+qFY9wpP+RJ7l74lVL2pjatR+c/97ITjwMMcGZjZLpkQWy/78s jVaU4wWVOfgAl87iXEvfrVVPTI64s3ouuiVxBDqRhyAUBCTOoa55DzGU5eq+TxNx0TpV CLDRc265DnoVziYteIv2J4y356Kf+iD+6/KbQkwqdhJcV0w7N7d2JYKcmgT6M3zr7tTg aL4gskbjGSo/pvTbICuyM2235KhtubCe13k9Vkny1JICZbj+V3b8wB30KVJGujRHwEB0 mSFg== X-Gm-Message-State: AOAM531aIKnW8eoyy6NYlN2T+w9JCG395usghMMdThIrZufSdk549287 eIaGOSdCCHd49ZTQoaW8ZndLutYBw43fiX2njWxhzr+QJiI= X-Google-Smtp-Source: ABdhPJwPffEi+ogRwXkwEJdCy6IslNeaoEBWf5Ni9gKl91Bt0PMJOccDT7Ka4cslkyYlKwsrp71F71TddPtj5zm3wDk= X-Received: by 2002:a67:ee4f:0:b0:32c:ee75:6e98 with SMTP id g15-20020a67ee4f000000b0032cee756e98mr5664971vsp.79.1651644215186; Tue, 03 May 2022 23:03:35 -0700 (PDT) MIME-Version: 1.0 References: <20220215162829.282223-1-goldstein.w.n@gmail.com> <20220216022721.3267920-1-goldstein.w.n@gmail.com> In-Reply-To: From: Sunil Pandey Date: Tue, 3 May 2022 23:02:58 -0700 Message-ID: Subject: Re: [PATCH v4] x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895] To: "H.J. Lu" , Libc-stable Mailing List Cc: Noah Goldstein , GNU C Library Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, GIT_PATCH_0, HK_RANDOM_ENVFROM, HK_RANDOM_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-stable@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-stable mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2022 06:03:41 -0000 On Tue, Feb 15, 2022 at 6:29 PM H.J. Lu via Libc-alpha wrote: > > On Tue, Feb 15, 2022 at 6:27 PM Noah Goldstein wrote: > > > > Logic can read before the start of `s1` / `s2` if both `s1` and `s2` > > are near the start of a page. To avoid having the result contimated by > > these comparisons the `strcmp` variants would mask off these > > comparisons. This was missing in the `strncmp` variants causing > > the bug. This commit adds the masking to `strncmp` so that out of > > range comparisons don't affect the result. > > > > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass as > > well a full xcheck on x86_64 linux. > > --- > > string/test-strncmp.c | 23 +++++++++++++++++++++++ > > sysdeps/x86_64/multiarch/strcmp-avx2.S | 1 + > > sysdeps/x86_64/multiarch/strcmp-evex.S | 1 + > > 3 files changed, 25 insertions(+) > > > > diff --git a/string/test-strncmp.c b/string/test-strncmp.c > > index 831cb77893..df7cea4068 100644 > > --- a/string/test-strncmp.c > > +++ b/string/test-strncmp.c > > @@ -423,6 +423,28 @@ check3 (void) > > } > > } > > > > +static void > > +check4 (void) > > +{ > > + /* To trigger bug 28895; We need 1) both s1 and s2 to be within 32 bytes of > > + the end of the page. 2) For there to be no mismatch/null byte before the > > + first page cross. 3) For length (`n`) to be large enough for one string to > > + cross the page. And 4) for there to be either mismatch/null bytes before > > + the start of the strings. */ > > + > > + size_t size = 10; > > + size_t addr_mask = (getpagesize () - 1) ^ (sizeof (CHAR) - 1); > > + CHAR *s1 = (CHAR *)(buf1 + (addr_mask & 0xffa)); > > + CHAR *s2 = (CHAR *)(buf2 + (addr_mask & 0xfed)); > > + int exp_result; > > + > > + STRCPY (s1, L ("tst-tlsmod%")); > > + STRCPY (s2, L ("tst-tls-manydynamic73mod")); > > + exp_result = SIMPLE_STRNCMP (s1, s2, size); > > + FOR_EACH_IMPL (impl, 0) > > + check_result (impl, s1, s2, size, exp_result); > > +} > > + > > static void > > check_overflow (void) > > { > > @@ -546,6 +568,7 @@ test_main (void) > > check1 (); > > check2 (); > > check3 (); > > + check4 (); > > > > printf ("%23s", ""); > > FOR_EACH_IMPL (impl, 0) > > diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S > > index 99e5349be8..07a5a2c889 100644 > > --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S > > +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S > > @@ -661,6 +661,7 @@ L(ret8): > > # ifdef USE_AS_STRNCMP > > .p2align 4,, 10 > > L(return_page_cross_end_check): > > + andl %r10d, %ecx > > tzcntl %ecx, %ecx > > leal -VEC_SIZE(%rax, %rcx), %ecx > > cmpl %ecx, %edx > > diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S > > index 6f42e3155a..56d8c118e4 100644 > > --- a/sysdeps/x86_64/multiarch/strcmp-evex.S > > +++ b/sysdeps/x86_64/multiarch/strcmp-evex.S > > @@ -689,6 +689,7 @@ L(ret8): > > # ifdef USE_AS_STRNCMP > > .p2align 4,, 10 > > L(return_page_cross_end_check): > > + andl %r10d, %ecx > > tzcntl %ecx, %ecx > > leal -VEC_SIZE(%rax, %rcx, SIZE_OF_CHAR), %ecx > > # ifdef USE_AS_WCSCMP > > -- > > 2.25.1 > > > > LGTM. > > Reviewed-by: H.J. Lu > > Thanks. > > -- > H.J. I would like to backport this patch to release branches. Any comments or objections? --Sunil