Re: [PATCH v3 2/7] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]

public inbox for libc-stable@sourceware.org
 help / color / mirror / Atom feed

* Re: [PATCH v3 2/7] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]
       [not found]     ` <CAMe9rOqXMUQj_EUcisf_xr+cN2VVUJEY2p1DibS9tjkDS5vmSA@mail.gmail.com>
@ 2022-01-26 22:04       ` H.J. Lu
  2022-04-29 22:05         ` Sunil Pandey
  0 siblings, 1 reply; 6+ messages in thread
From: H.J. Lu @ 2022-01-26 22:04 UTC (permalink / raw)
  To: Noah Goldstein, GNU C Library; +Cc: Libc-stable Mailing List

On Mon, Jan 10, 2022 at 6:15 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Mon, Jan 10, 2022 at 1:36 PM Noah Goldstein via Libc-alpha
> <libc-alpha@sourceware.org> wrote:
> >
> > Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
> > __wcscmp_evex. For x86_64 this covers the entire address range so any
> > length larger could not possibly be used to bound `s1` or `s2`.
> >
> > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
> >
> > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
> > ---
> >  sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++
> >  1 file changed, 10 insertions(+)
> >
> > diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
> > index 1d971f3889..0cd939d5af 100644
> > --- a/sysdeps/x86_64/multiarch/strcmp-evex.S
> > +++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
> > @@ -104,6 +104,16 @@ ENTRY (STRCMP)
> >         je      L(char0)
> >         jb      L(zero)
> >  #  ifdef USE_AS_WCSCMP
> > +#  ifndef __ILP32__
> > +       movq    %rdx, %rcx
> > +       /* Check if length could overflow when multiplied by
> > +          sizeof(wchar_t). Checking top 8 bits will cover all potential
> > +          overflow cases as well as redirect cases where its impossible to
> > +          length to bound a valid memory region. In these cases just use
> > +          'wcscmp'.  */
> > +       shrq    $56, %rcx
> > +       jnz     __wcscmp_evex
> > +#  endif
> >         /* Convert units: from wide to byte char.  */
> >         shl     $2, %RDX_LP
> >  #  endif
> > --
> > 2.25.1
> >
>
> LGTM.
>
> Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
>
> Thanks.
>
> --
> H.J.

I am backporting this to 2.34 branch.

-- 
H.J.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
       [not found]   ` <CAMe9rOoSyQpp=u=B2+OXXfxqJvdCOyd0GKj-sx=tv4iQW_dNug@mail.gmail.com>
@ 2022-01-26 22:05     ` H.J. Lu
  2022-01-27  4:29       ` H.J. Lu
  0 siblings, 1 reply; 6+ messages in thread
From: H.J. Lu @ 2022-01-26 22:05 UTC (permalink / raw)
  To: Noah Goldstein; +Cc: GNU C Library, Libc-stable Mailing List

On Mon, Jan 10, 2022 at 6:15 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Mon, Jan 10, 2022 at 1:36 PM Noah Goldstein via Libc-alpha
> <libc-alpha@sourceware.org> wrote:
> >
> > Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
> > __wcscmp_avx2. For x86_64 this covers the entire address range so any
> > length larger could not possibly be used to bound `s1` or `s2`.
> >
> > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
> >
> > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
> > ---
> >  sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++
> >  1 file changed, 10 insertions(+)
> >
> > diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > index a45f9d2749..9c73b5899d 100644
> > --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > @@ -87,6 +87,16 @@ ENTRY (STRCMP)
> >         je      L(char0)
> >         jb      L(zero)
> >  #  ifdef USE_AS_WCSCMP
> > +#  ifndef __ILP32__
> > +       movq    %rdx, %rcx
> > +       /* Check if length could overflow when multiplied by
> > +          sizeof(wchar_t). Checking top 8 bits will cover all potential
> > +          overflow cases as well as redirect cases where its impossible to
> > +          length to bound a valid memory region. In these cases just use
> > +          'wcscmp'.  */
> > +       shrq    $56, %rcx
> > +       jnz     __wcscmp_avx2
> > +#  endif
> >         /* Convert units: from wide to byte char.  */
> >         shl     $2, %RDX_LP
> >  #  endif
> > --
> > 2.25.1
> >
>
> LGTM.
>
> Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
>
> Thanks.
>
> --
> H.J.

I am backporting this to 2.34 branch.


-- 
H.J.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
  2022-01-26 22:05     ` [PATCH v3 1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S " H.J. Lu
@ 2022-01-27  4:29       ` H.J. Lu
  2022-01-27  5:10         ` H.J. Lu
  0 siblings, 1 reply; 6+ messages in thread
From: H.J. Lu @ 2022-01-27  4:29 UTC (permalink / raw)
  To: Noah Goldstein; +Cc: GNU C Library, Libc-stable Mailing List

On Wed, Jan 26, 2022 at 2:05 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Mon, Jan 10, 2022 at 6:15 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Mon, Jan 10, 2022 at 1:36 PM Noah Goldstein via Libc-alpha
> > <libc-alpha@sourceware.org> wrote:
> > >
> > > Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
> > > __wcscmp_avx2. For x86_64 this covers the entire address range so any
> > > length larger could not possibly be used to bound `s1` or `s2`.
> > >
> > > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
> > >
> > > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
> > > ---
> > >  sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++
> > >  1 file changed, 10 insertions(+)
> > >
> > > diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > index a45f9d2749..9c73b5899d 100644
> > > --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > @@ -87,6 +87,16 @@ ENTRY (STRCMP)
> > >         je      L(char0)
> > >         jb      L(zero)
> > >  #  ifdef USE_AS_WCSCMP
> > > +#  ifndef __ILP32__
> > > +       movq    %rdx, %rcx
> > > +       /* Check if length could overflow when multiplied by
> > > +          sizeof(wchar_t). Checking top 8 bits will cover all potential
> > > +          overflow cases as well as redirect cases where its impossible to
> > > +          length to bound a valid memory region. In these cases just use
> > > +          'wcscmp'.  */
> > > +       shrq    $56, %rcx
> > > +       jnz     __wcscmp_avx2
> > > +#  endif
> > >         /* Convert units: from wide to byte char.  */
> > >         shl     $2, %RDX_LP
> > >  #  endif
> > > --
> > > 2.25.1
> > >
> >
> > LGTM.
> >
> > Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
> >
> > Thanks.
> >
> > --
> > H.J.
>
> I am backporting this to 2.34 branch.
>

I am backporting this to 2.33 branch.

-- 
H.J.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
  2022-01-27  4:29       ` H.J. Lu
@ 2022-01-27  5:10         ` H.J. Lu
  2022-01-27  5:52           ` Noah Goldstein
  0 siblings, 1 reply; 6+ messages in thread
From: H.J. Lu @ 2022-01-27  5:10 UTC (permalink / raw)
  To: Noah Goldstein; +Cc: GNU C Library, Libc-stable Mailing List

On Wed, Jan 26, 2022 at 8:29 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Wed, Jan 26, 2022 at 2:05 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Mon, Jan 10, 2022 at 6:15 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > On Mon, Jan 10, 2022 at 1:36 PM Noah Goldstein via Libc-alpha
> > > <libc-alpha@sourceware.org> wrote:
> > > >
> > > > Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
> > > > __wcscmp_avx2. For x86_64 this covers the entire address range so any
> > > > length larger could not possibly be used to bound `s1` or `s2`.
> > > >
> > > > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
> > > >
> > > > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
> > > > ---
> > > >  sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++
> > > >  1 file changed, 10 insertions(+)
> > > >
> > > > diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > > index a45f9d2749..9c73b5899d 100644
> > > > --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > > +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > > @@ -87,6 +87,16 @@ ENTRY (STRCMP)
> > > >         je      L(char0)
> > > >         jb      L(zero)
> > > >  #  ifdef USE_AS_WCSCMP
> > > > +#  ifndef __ILP32__
> > > > +       movq    %rdx, %rcx
> > > > +       /* Check if length could overflow when multiplied by
> > > > +          sizeof(wchar_t). Checking top 8 bits will cover all potential
> > > > +          overflow cases as well as redirect cases where its impossible to
> > > > +          length to bound a valid memory region. In these cases just use
> > > > +          'wcscmp'.  */
> > > > +       shrq    $56, %rcx
> > > > +       jnz     __wcscmp_avx2
> > > > +#  endif
> > > >         /* Convert units: from wide to byte char.  */
> > > >         shl     $2, %RDX_LP
> > > >  #  endif
> > > > --
> > > > 2.25.1
> > > >
> > >
> > > LGTM.
> > >
> > > Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
> > >
> > > Thanks.
> > >
> > > --
> > > H.J.
> >
> > I am backporting this to 2.34 branch.
> >
>
> I am backporting this to 2.33 branch.
>

I am backporting this to all affected release branches.

-- 
H.J.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
  2022-01-27  5:10         ` H.J. Lu
@ 2022-01-27  5:52           ` Noah Goldstein
  0 siblings, 0 replies; 6+ messages in thread
From: Noah Goldstein @ 2022-01-27  5:52 UTC (permalink / raw)
  To: H.J. Lu; +Cc: GNU C Library, Libc-stable Mailing List

On Wed, Jan 26, 2022 at 11:11 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Wed, Jan 26, 2022 at 8:29 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Wed, Jan 26, 2022 at 2:05 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > >
> > > On Mon, Jan 10, 2022 at 6:15 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> > > >
> > > > On Mon, Jan 10, 2022 at 1:36 PM Noah Goldstein via Libc-alpha
> > > > <libc-alpha@sourceware.org> wrote:
> > > > >
> > > > > Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
> > > > > __wcscmp_avx2. For x86_64 this covers the entire address range so any
> > > > > length larger could not possibly be used to bound `s1` or `s2`.
> > > > >
> > > > > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
> > > > >
> > > > > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
> > > > > ---
> > > > >  sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++
> > > > >  1 file changed, 10 insertions(+)
> > > > >
> > > > > diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > > > index a45f9d2749..9c73b5899d 100644
> > > > > --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > > > +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S
> > > > > @@ -87,6 +87,16 @@ ENTRY (STRCMP)
> > > > >         je      L(char0)
> > > > >         jb      L(zero)
> > > > >  #  ifdef USE_AS_WCSCMP
> > > > > +#  ifndef __ILP32__
> > > > > +       movq    %rdx, %rcx
> > > > > +       /* Check if length could overflow when multiplied by
> > > > > +          sizeof(wchar_t). Checking top 8 bits will cover all potential
> > > > > +          overflow cases as well as redirect cases where its impossible to
> > > > > +          length to bound a valid memory region. In these cases just use
> > > > > +          'wcscmp'.  */
> > > > > +       shrq    $56, %rcx
> > > > > +       jnz     __wcscmp_avx2
> > > > > +#  endif
> > > > >         /* Convert units: from wide to byte char.  */
> > > > >         shl     $2, %RDX_LP
> > > > >  #  endif
> > > > > --
> > > > > 2.25.1
> > > > >
> > > >
> > > > LGTM.
> > > >
> > > > Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
> > > >
> > > > Thanks.
> > > >
> > > > --
> > > > H.J.
> > >
> > > I am backporting this to 2.34 branch.
> > >
> >
> > I am backporting this to 2.33 branch.
> >
>
> I am backporting this to all affected release branches.

Should we also backport the stuff for [BZ #27974]?
It was essentially the same bug.

The two commits that fixed the issues where:

commit a775a7a3eb1e85b54af0b4ee5ff4dcf66772a1fb
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Wed Jun 23 01:56:29 2021 -0400

    x86: Fix overflow bug in wcsnlen-sse4_1 and wcsnlen-avx2 [BZ #27974]

and

commit 645a158978f9520e74074e8c14047503be4db0f0
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Wed Jun 9 16:25:32 2021 -0400

    x86: Fix overflow bug with wmemchr-sse2 and wmemchr-avx2 [BZ #27974]


The only thing is the avx2 fixes are based onsome other changes to the file.

>
> --
> H.J.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 2/7] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]
  2022-01-26 22:04       ` [PATCH v3 2/7] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] H.J. Lu
@ 2022-04-29 22:05         ` Sunil Pandey
  0 siblings, 0 replies; 6+ messages in thread
From: Sunil Pandey @ 2022-04-29 22:05 UTC (permalink / raw)
  To: H.J. Lu; +Cc: Noah Goldstein, GNU C Library, Libc-stable Mailing List

On Wed, Jan 26, 2022 at 2:06 PM H.J. Lu via Libc-alpha
<libc-alpha@sourceware.org> wrote:
>
> On Mon, Jan 10, 2022 at 6:15 PM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > On Mon, Jan 10, 2022 at 1:36 PM Noah Goldstein via Libc-alpha
> > <libc-alpha@sourceware.org> wrote:
> > >
> > > Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
> > > __wcscmp_evex. For x86_64 this covers the entire address range so any
> > > length larger could not possibly be used to bound `s1` or `s2`.
> > >
> > > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
> > >
> > > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
> > > ---
> > >  sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++
> > >  1 file changed, 10 insertions(+)
> > >
> > > diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
> > > index 1d971f3889..0cd939d5af 100644
> > > --- a/sysdeps/x86_64/multiarch/strcmp-evex.S
> > > +++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
> > > @@ -104,6 +104,16 @@ ENTRY (STRCMP)
> > >         je      L(char0)
> > >         jb      L(zero)
> > >  #  ifdef USE_AS_WCSCMP
> > > +#  ifndef __ILP32__
> > > +       movq    %rdx, %rcx
> > > +       /* Check if length could overflow when multiplied by
> > > +          sizeof(wchar_t). Checking top 8 bits will cover all potential
> > > +          overflow cases as well as redirect cases where its impossible to
> > > +          length to bound a valid memory region. In these cases just use
> > > +          'wcscmp'.  */
> > > +       shrq    $56, %rcx
> > > +       jnz     __wcscmp_evex
> > > +#  endif
> > >         /* Convert units: from wide to byte char.  */
> > >         shl     $2, %RDX_LP
> > >  #  endif
> > > --
> > > 2.25.1
> > >
> >
> > LGTM.
> >
> > Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
> >
> > Thanks.
> >
> > --
> > H.J.
>
> I am backporting this to 2.34 branch.
>
> --
> H.J.

I would like to backport this patch to release branches.
Any comments or objections?

--Sunil

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-04-29 22:06 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20220109122946.2754917-1-goldstein.w.n@gmail.com>
     [not found] ` <20220110213540.1258344-1-goldstein.w.n@gmail.com>
     [not found]   ` <20220110213540.1258344-2-goldstein.w.n@gmail.com>
     [not found]     ` <CAMe9rOqXMUQj_EUcisf_xr+cN2VVUJEY2p1DibS9tjkDS5vmSA@mail.gmail.com>
2022-01-26 22:04       ` [PATCH v3 2/7] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] H.J. Lu
2022-04-29 22:05         ` Sunil Pandey
     [not found]   ` <CAMe9rOoSyQpp=u=B2+OXXfxqJvdCOyd0GKj-sx=tv4iQW_dNug@mail.gmail.com>
2022-01-26 22:05     ` [PATCH v3 1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S " H.J. Lu
2022-01-27  4:29       ` H.J. Lu
2022-01-27  5:10         ` H.J. Lu
2022-01-27  5:52           ` Noah Goldstein

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).