diff options
author | Pgowda <pgowda.cve@gmail.com> | 2021-10-16 19:51:14 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-10-29 11:17:20 +0100 |
commit | f302dd1994e2a93c93b67dd88550383f35a4317e (patch) | |
tree | c9bbda768f0f794ae56a45695aaa280438ce89ff /meta/recipes-core | |
parent | 5af92e6a399ff0543c225551780195fee04db833 (diff) | |
download | poky-f302dd1994e2a93c93b67dd88550383f35a4317e.tar.gz |
glibc: upgrade glibc-2.33 to latest version
glibc-2.33 release version of Feb 2021 is used in Hardknott branch.
There are many bug fixes in the latest glibc-2.33 version. The patch
takes the latest glibc-2.33 version commit.
Regression tested on X86-64 without any new issues.
(From OE-Core rev: 342b757d8fea2c72a6acf7befaa0b9a1f3fdd83f)
Signed-off-by: Pgowda <pgowda.cve@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
13 files changed, 175 insertions, 838 deletions
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 3a95173175..4d69187961 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc | |||
@@ -1,6 +1,6 @@ | |||
1 | SRCBRANCH ?= "release/2.33/master" | 1 | SRCBRANCH ?= "release/2.33/master" |
2 | PV = "2.33" | 2 | PV = "2.33" |
3 | SRCREV_glibc ?= "9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3" | 3 | SRCREV_glibc ?= "6090cf1330faf2deb17285758f327cb23b89ebf1" |
4 | SRCREV_localedef ?= "bd644c9e6f3e20c5504da1488448173c69c56c28" | 4 | SRCREV_localedef ?= "bd644c9e6f3e20c5504da1488448173c69c56c28" |
5 | 5 | ||
6 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" | 6 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" |
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch deleted file mode 100644 index 8a52ac957c..0000000000 --- a/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nikita Popov <npv1310@gmail.com> | ||
3 | Date: Mon, 9 Aug 2021 20:17:34 +0530 | ||
4 | Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213) | ||
5 | |||
6 | Helper thread frees copied attribute on NOTIFY_REMOVED message | ||
7 | received from the OS kernel. Unfortunately, it fails to check whether | ||
8 | copied attribute actually exists (data.attr != NULL). This worked | ||
9 | earlier because free() checks passed pointer before actually | ||
10 | attempting to release corresponding memory. But | ||
11 | __pthread_attr_destroy assumes pointer is not NULL. | ||
12 | |||
13 | So passing NULL pointer to __pthread_attr_destroy will result in | ||
14 | segmentation fault. This scenario is possible if | ||
15 | notification->sigev_notify_attributes == NULL (which means default | ||
16 | thread attributes should be used). | ||
17 | |||
18 | Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8] | ||
19 | CVE: CVE-2021-38604 | ||
20 | |||
21 | Signed-off-by: Nikita Popov <npv1310@gmail.com> | ||
22 | Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
23 | Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> | ||
24 | --- | ||
25 | sysdeps/unix/sysv/linux/mq_notify.c | 2 +- | ||
26 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
27 | |||
28 | diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c | ||
29 | index 6f46d29d1d..1714e1cc5f 100644 | ||
30 | --- a/sysdeps/unix/sysv/linux/mq_notify.c | ||
31 | +++ b/sysdeps/unix/sysv/linux/mq_notify.c | ||
32 | @@ -132,7 +132,7 @@ helper_thread (void *arg) | ||
33 | to wait until it is done with it. */ | ||
34 | (void) __pthread_barrier_wait (¬ify_barrier); | ||
35 | } | ||
36 | - else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) | ||
37 | + else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL) | ||
38 | { | ||
39 | /* The only state we keep is the copy of the thread attributes. */ | ||
40 | pthread_attr_destroy (data.attr); | ||
diff --git a/meta/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch b/meta/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch deleted file mode 100644 index 39fde5b785..0000000000 --- a/meta/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | From c4ad832276f4dadfa40904109b26a521468f66bc Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Weimer <fweimer@redhat.com> | ||
3 | Date: Thu, 4 Feb 2021 15:00:20 +0100 | ||
4 | Subject: [PATCH] nptl: Remove private futex optimization [BZ #27304] | ||
5 | |||
6 | It is effectively used, unexcept for pthread_cond_destroy, where we do | ||
7 | not want it; see bug 27304. The internal locks do not support a | ||
8 | process-shared mode. | ||
9 | |||
10 | This fixes commit dc6cfdc934db9997c33728082d63552b9eee4563 ("nptl: | ||
11 | Move pthread_cond_destroy implementation into libc"). | ||
12 | |||
13 | Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> | ||
14 | |||
15 | Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27304] | ||
16 | Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> | ||
17 | --- | ||
18 | sysdeps/nptl/lowlevellock-futex.h | 14 +------------- | ||
19 | 1 file changed, 1 insertion(+), 13 deletions(-) | ||
20 | |||
21 | diff --git a/sysdeps/nptl/lowlevellock-futex.h b/sysdeps/nptl/lowlevellock-futex.h | ||
22 | index ecb729da6b..ca96397a4a 100644 | ||
23 | --- a/sysdeps/nptl/lowlevellock-futex.h | ||
24 | +++ b/sysdeps/nptl/lowlevellock-futex.h | ||
25 | @@ -50,20 +50,8 @@ | ||
26 | #define LLL_SHARED FUTEX_PRIVATE_FLAG | ||
27 | |||
28 | #ifndef __ASSEMBLER__ | ||
29 | - | ||
30 | -# if IS_IN (libc) || IS_IN (rtld) | ||
31 | -/* In libc.so or ld.so all futexes are private. */ | ||
32 | -# define __lll_private_flag(fl, private) \ | ||
33 | - ({ \ | ||
34 | - /* Prevent warnings in callers of this macro. */ \ | ||
35 | - int __lll_private_flag_priv __attribute__ ((unused)); \ | ||
36 | - __lll_private_flag_priv = (private); \ | ||
37 | - ((fl) | FUTEX_PRIVATE_FLAG); \ | ||
38 | - }) | ||
39 | -# else | ||
40 | -# define __lll_private_flag(fl, private) \ | ||
41 | +# define __lll_private_flag(fl, private) \ | ||
42 | (((fl) | FUTEX_PRIVATE_FLAG) ^ (private)) | ||
43 | -# endif | ||
44 | |||
45 | # define lll_futex_syscall(nargs, futexp, op, ...) \ | ||
46 | ({ \ | ||
47 | -- | ||
48 | 2.27.0 | ||
49 | |||
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch b/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch deleted file mode 100644 index b654cdfecb..0000000000 --- a/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch +++ /dev/null | |||
@@ -1,147 +0,0 @@ | |||
1 | From 4cc79c217744743077bf7a0ec5e0a4318f1e6641 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nikita Popov <npv1310@gmail.com> | ||
3 | Date: Thu, 12 Aug 2021 16:09:50 +0530 | ||
4 | Subject: [PATCH] librt: add test (bug 28213) | ||
5 | |||
6 | This test implements following logic: | ||
7 | 1) Create POSIX message queue. | ||
8 | Register a notification with mq_notify (using NULL attributes). | ||
9 | Then immediately unregister the notification with mq_notify. | ||
10 | Helper thread in a vulnerable version of glibc | ||
11 | should cause NULL pointer dereference after these steps. | ||
12 | 2) Once again, register the same notification. | ||
13 | Try to send a dummy message. | ||
14 | Test is considered successfulif the dummy message | ||
15 | is successfully received by the callback function. | ||
16 | |||
17 | Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641] | ||
18 | CVE: CVE-2021-38604 | ||
19 | |||
20 | Signed-off-by: Nikita Popov <npv1310@gmail.com> | ||
21 | Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
22 | Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> | ||
23 | --- | ||
24 | rt/Makefile | 1 + | ||
25 | rt/tst-bz28213.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++ | ||
26 | 2 files changed, 102 insertions(+) | ||
27 | create mode 100644 rt/tst-bz28213.c | ||
28 | |||
29 | diff --git a/rt/Makefile b/rt/Makefile | ||
30 | index 7b374f2073..c87d95793a 100644 | ||
31 | --- a/rt/Makefile | ||
32 | +++ b/rt/Makefile | ||
33 | @@ -44,6 +44,7 @@ tests := tst-shm tst-timer tst-timer2 \ | ||
34 | tst-aio7 tst-aio8 tst-aio9 tst-aio10 \ | ||
35 | tst-mqueue1 tst-mqueue2 tst-mqueue3 tst-mqueue4 \ | ||
36 | tst-mqueue5 tst-mqueue6 tst-mqueue7 tst-mqueue8 tst-mqueue9 \ | ||
37 | + tst-bz28213 \ | ||
38 | tst-timer3 tst-timer4 tst-timer5 \ | ||
39 | tst-cpuclock2 tst-cputimer1 tst-cputimer2 tst-cputimer3 \ | ||
40 | tst-shm-cancel | ||
41 | diff --git a/rt/tst-bz28213.c b/rt/tst-bz28213.c | ||
42 | new file mode 100644 | ||
43 | index 0000000000..0c096b5a0a | ||
44 | --- /dev/null | ||
45 | +++ b/rt/tst-bz28213.c | ||
46 | @@ -0,0 +1,101 @@ | ||
47 | +/* Bug 28213: test for NULL pointer dereference in mq_notify. | ||
48 | + Copyright (C) The GNU Toolchain Authors. | ||
49 | + This file is part of the GNU C Library. | ||
50 | + | ||
51 | + The GNU C Library is free software; you can redistribute it and/or | ||
52 | + modify it under the terms of the GNU Lesser General Public | ||
53 | + License as published by the Free Software Foundation; either | ||
54 | + version 2.1 of the License, or (at your option) any later version. | ||
55 | + | ||
56 | + The GNU C Library is distributed in the hope that it will be useful, | ||
57 | + but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
58 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
59 | + Lesser General Public License for more details. | ||
60 | + | ||
61 | + You should have received a copy of the GNU Lesser General Public | ||
62 | + License along with the GNU C Library; if not, see | ||
63 | + <https://www.gnu.org/licenses/>. */ | ||
64 | + | ||
65 | +#include <errno.h> | ||
66 | +#include <sys/types.h> | ||
67 | +#include <sys/stat.h> | ||
68 | +#include <fcntl.h> | ||
69 | +#include <unistd.h> | ||
70 | +#include <mqueue.h> | ||
71 | +#include <signal.h> | ||
72 | +#include <stdlib.h> | ||
73 | +#include <string.h> | ||
74 | +#include <support/check.h> | ||
75 | + | ||
76 | +static mqd_t m = -1; | ||
77 | +static const char msg[] = "hello"; | ||
78 | + | ||
79 | +static void | ||
80 | +check_bz28213_cb (union sigval sv) | ||
81 | +{ | ||
82 | + char buf[sizeof (msg)]; | ||
83 | + | ||
84 | + (void) sv; | ||
85 | + | ||
86 | + TEST_VERIFY_EXIT ((size_t) mq_receive (m, buf, sizeof (buf), NULL) | ||
87 | + == sizeof (buf)); | ||
88 | + TEST_VERIFY_EXIT (memcmp (buf, msg, sizeof (buf)) == 0); | ||
89 | + | ||
90 | + exit (0); | ||
91 | +} | ||
92 | + | ||
93 | +static void | ||
94 | +check_bz28213 (void) | ||
95 | +{ | ||
96 | + struct sigevent sev; | ||
97 | + | ||
98 | + memset (&sev, '\0', sizeof (sev)); | ||
99 | + sev.sigev_notify = SIGEV_THREAD; | ||
100 | + sev.sigev_notify_function = check_bz28213_cb; | ||
101 | + | ||
102 | + /* Step 1: Register & unregister notifier. | ||
103 | + Helper thread should receive NOTIFY_REMOVED notification. | ||
104 | + In a vulnerable version of glibc, NULL pointer dereference follows. */ | ||
105 | + TEST_VERIFY_EXIT (mq_notify (m, &sev) == 0); | ||
106 | + TEST_VERIFY_EXIT (mq_notify (m, NULL) == 0); | ||
107 | + | ||
108 | + /* Step 2: Once again, register notification. | ||
109 | + Try to send one message. | ||
110 | + Test is considered successful, if the callback does exit (0). */ | ||
111 | + TEST_VERIFY_EXIT (mq_notify (m, &sev) == 0); | ||
112 | + TEST_VERIFY_EXIT (mq_send (m, msg, sizeof (msg), 1) == 0); | ||
113 | + | ||
114 | + /* Wait... */ | ||
115 | + pause (); | ||
116 | +} | ||
117 | + | ||
118 | +static int | ||
119 | +do_test (void) | ||
120 | +{ | ||
121 | + static const char m_name[] = "/bz28213_queue"; | ||
122 | + struct mq_attr m_attr; | ||
123 | + | ||
124 | + memset (&m_attr, '\0', sizeof (m_attr)); | ||
125 | + m_attr.mq_maxmsg = 1; | ||
126 | + m_attr.mq_msgsize = sizeof (msg); | ||
127 | + | ||
128 | + m = mq_open (m_name, | ||
129 | + O_RDWR | O_CREAT | O_EXCL, | ||
130 | + 0600, | ||
131 | + &m_attr); | ||
132 | + | ||
133 | + if (m < 0) | ||
134 | + { | ||
135 | + if (errno == ENOSYS) | ||
136 | + FAIL_UNSUPPORTED ("POSIX message queues are not implemented\n"); | ||
137 | + FAIL_EXIT1 ("Failed to create POSIX message queue: %m\n"); | ||
138 | + } | ||
139 | + | ||
140 | + TEST_VERIFY_EXIT (mq_unlink (m_name) == 0); | ||
141 | + | ||
142 | + check_bz28213 (); | ||
143 | + | ||
144 | + return 0; | ||
145 | +} | ||
146 | + | ||
147 | +#include <support/test-driver.c> | ||
diff --git a/meta/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch b/meta/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch deleted file mode 100644 index 3cb60b2e55..0000000000 --- a/meta/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch +++ /dev/null | |||
@@ -1,116 +0,0 @@ | |||
1 | From b1971f6f1331d738d1d6b376b4741668a7546125 Mon Sep 17 00:00:00 2001 | ||
2 | From: "H.J. Lu" <hjl.tools@gmail.com> | ||
3 | Date: Tue, 2 Feb 2021 13:45:58 -0800 | ||
4 | Subject: [PATCH] x86: Require full ISA support for x86-64 level marker [BZ #27318] | ||
5 | |||
6 | Since -march=sandybridge enables ISAs in x86-64 ISA level v3, the v3 | ||
7 | marker is set on libc.so. We couldn't set the needed ISA marker to v2 | ||
8 | since this libc won't run on all v2 machines. Technically, the v3 marker | ||
9 | is correct. But the resulting libc.so won't run on Sandy Brigde, which | ||
10 | is a v2 machine, even when libc is compiled with -march=sandybridge: | ||
11 | |||
12 | $ ./elf/ld.so ./libc.so | ||
13 | ./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3 | ||
14 | |||
15 | Instead, we require full ISA support for x86-64 level marker and disable | ||
16 | x86-64 level marker for -march=sandybridge which enables ISAs between v2 | ||
17 | and v3. | ||
18 | |||
19 | Upstream-Status: Submitted [https://sourceware.org/pipermail/libc-alpha/2021-February/122297.html] | ||
20 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
21 | --- | ||
22 | |||
23 | sysdeps/x86/configure | 7 ++++++- | ||
24 | sysdeps/x86/configure.ac | 2 +- | ||
25 | sysdeps/x86/isa-level.c | 21 ++++++++++++++++++++- | ||
26 | 3 files changed, 27 insertions(+), 3 deletions(-) | ||
27 | |||
28 | diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure | ||
29 | index 5e32dc62b3..5b20646843 100644 | ||
30 | --- a/sysdeps/x86/configure | ||
31 | +++ b/sysdeps/x86/configure | ||
32 | @@ -133,7 +133,12 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest c | ||
33 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
34 | test $ac_status = 0; }; }; then | ||
35 | count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` | ||
36 | - if test "$count" = 1; then | ||
37 | + if test "$count" = 1 && { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c' | ||
38 | + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 | ||
39 | + (eval $ac_try) 2>&5 | ||
40 | + ac_status=$? | ||
41 | + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
42 | + test $ac_status = 0; }; }; then | ||
43 | libc_cv_include_x86_isa_level=yes | ||
44 | fi | ||
45 | fi | ||
46 | diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac | ||
47 | index f94088f377..54ecd33d2c 100644 | ||
48 | --- a/sysdeps/x86/configure.ac | ||
49 | +++ b/sysdeps/x86/configure.ac | ||
50 | @@ -100,7 +100,7 @@ EOF | ||
51 | libc_cv_include_x86_isa_level=no | ||
52 | if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then | ||
53 | count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` | ||
54 | - if test "$count" = 1; then | ||
55 | + if test "$count" = 1 && AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c); then | ||
56 | libc_cv_include_x86_isa_level=yes | ||
57 | fi | ||
58 | fi | ||
59 | diff --git a/sysdeps/x86/isa-level.c b/sysdeps/x86/isa-level.c | ||
60 | index aaf524cb56..7f83449061 100644 | ||
61 | --- a/sysdeps/x86/isa-level.c | ||
62 | +++ b/sysdeps/x86/isa-level.c | ||
63 | @@ -25,12 +25,17 @@ | ||
64 | License along with the GNU C Library; if not, see | ||
65 | <https://www.gnu.org/licenses/>. */ | ||
66 | |||
67 | -#include <elf.h> | ||
68 | +#ifdef _LIBC | ||
69 | +# include <elf.h> | ||
70 | +#endif | ||
71 | |||
72 | /* ELF program property for x86 ISA level. */ | ||
73 | #ifdef INCLUDE_X86_ISA_LEVEL | ||
74 | # if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \ | ||
75 | || defined __MMX__ || defined __SSE__ || defined __SSE2__ | ||
76 | +# if !defined __SSE__ || !defined __SSE2__ | ||
77 | +# error "Missing ISAs for x86-64 ISA level baseline" | ||
78 | +# endif | ||
79 | # define ISA_BASELINE GNU_PROPERTY_X86_ISA_1_BASELINE | ||
80 | # else | ||
81 | # define ISA_BASELINE 0 | ||
82 | @@ -40,6 +45,11 @@ | ||
83 | || (defined __x86_64__ && defined __LAHF_SAHF__) \ | ||
84 | || defined __POPCNT__ || defined __SSE3__ \ | ||
85 | || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__ | ||
86 | +# if !defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \ | ||
87 | + || !defined __POPCNT__ || !defined __SSE3__ \ | ||
88 | + || !defined __SSSE3__ || !defined __SSE4_1__ || !defined __SSE4_2__ | ||
89 | +# error "Missing ISAs for x86-64 ISA level v2" | ||
90 | +# endif | ||
91 | # define ISA_V2 GNU_PROPERTY_X86_ISA_1_V2 | ||
92 | # else | ||
93 | # define ISA_V2 0 | ||
94 | @@ -48,6 +58,10 @@ | ||
95 | # if defined __AVX__ || defined __AVX2__ || defined __F16C__ \ | ||
96 | || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \ | ||
97 | || defined __XSAVE__ | ||
98 | +# if !defined __AVX__ || !defined __AVX2__ || !defined __F16C__ \ | ||
99 | + || !defined __FMA__ || !defined __LZCNT__ | ||
100 | +# error "Missing ISAs for x86-64 ISA level v3" | ||
101 | +# endif | ||
102 | # define ISA_V3 GNU_PROPERTY_X86_ISA_1_V3 | ||
103 | # else | ||
104 | # define ISA_V3 0 | ||
105 | @@ -55,6 +69,11 @@ | ||
106 | |||
107 | # if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \ | ||
108 | || defined __AVX512DQ__ || defined __AVX512VL__ | ||
109 | +# if !defined __AVX512F__ || !defined __AVX512BW__ \ | ||
110 | + || !defined __AVX512CD__ || !defined __AVX512DQ__ \ | ||
111 | + || !defined __AVX512VL__ | ||
112 | +# error "Missing ISAs for x86-64 ISA level v4" | ||
113 | +# endif | ||
114 | # define ISA_V4 GNU_PROPERTY_X86_ISA_1_V4 | ||
115 | # else | ||
116 | # define ISA_V4 0 | ||
diff --git a/meta/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch b/meta/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch deleted file mode 100644 index e904b28a05..0000000000 --- a/meta/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch +++ /dev/null | |||
@@ -1,58 +0,0 @@ | |||
1 | From 044e603b698093cf48f6e6229e0b66acf05227e4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Weimer <fweimer@redhat.com> | ||
3 | Date: Fri, 19 Feb 2021 13:29:00 +0100 | ||
4 | Subject: [PATCH] string: Work around GCC PR 98512 in rawmemchr | ||
5 | |||
6 | Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=044e603b698093cf48f6e6229e0b66acf05227e4] | ||
7 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
8 | --- | ||
9 | string/rawmemchr.c | 26 +++++++++++++++----------- | ||
10 | 1 file changed, 15 insertions(+), 11 deletions(-) | ||
11 | |||
12 | diff --git a/string/rawmemchr.c b/string/rawmemchr.c | ||
13 | index 59bbeeaa42..b8523118e5 100644 | ||
14 | --- a/string/rawmemchr.c | ||
15 | +++ b/string/rawmemchr.c | ||
16 | @@ -22,24 +22,28 @@ | ||
17 | # define RAWMEMCHR __rawmemchr | ||
18 | #endif | ||
19 | |||
20 | -/* Find the first occurrence of C in S. */ | ||
21 | -void * | ||
22 | -RAWMEMCHR (const void *s, int c) | ||
23 | -{ | ||
24 | - DIAG_PUSH_NEEDS_COMMENT; | ||
25 | +/* The pragmata should be nested inside RAWMEMCHR below, but that | ||
26 | + triggers GCC PR 98512. */ | ||
27 | +DIAG_PUSH_NEEDS_COMMENT; | ||
28 | #if __GNUC_PREREQ (7, 0) | ||
29 | - /* GCC 8 warns about the size passed to memchr being larger than | ||
30 | - PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */ | ||
31 | - DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow="); | ||
32 | +/* GCC 8 warns about the size passed to memchr being larger than | ||
33 | + PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */ | ||
34 | +DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow="); | ||
35 | #endif | ||
36 | #if __GNUC_PREREQ (11, 0) | ||
37 | - /* Likewise GCC 11, with a different warning option. */ | ||
38 | - DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); | ||
39 | +/* Likewise GCC 11, with a different warning option. */ | ||
40 | +DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); | ||
41 | #endif | ||
42 | + | ||
43 | +/* Find the first occurrence of C in S. */ | ||
44 | +void * | ||
45 | +RAWMEMCHR (const void *s, int c) | ||
46 | +{ | ||
47 | if (c != '\0') | ||
48 | return memchr (s, c, (size_t)-1); | ||
49 | - DIAG_POP_NEEDS_COMMENT; | ||
50 | return (char *)s + strlen (s); | ||
51 | } | ||
52 | libc_hidden_def (__rawmemchr) | ||
53 | weak_alias (__rawmemchr, rawmemchr) | ||
54 | + | ||
55 | +DIAG_POP_NEEDS_COMMENT; | ||
56 | -- | ||
57 | 2.30.1 | ||
58 | |||
diff --git a/meta/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch b/meta/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch deleted file mode 100644 index 3a004e227f..0000000000 --- a/meta/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch +++ /dev/null | |||
@@ -1,185 +0,0 @@ | |||
1 | From 750b00a1ddae220403fd892a6fd4e0791ffd154a Mon Sep 17 00:00:00 2001 | ||
2 | From: "H.J. Lu" <hjl.tools@gmail.com> | ||
3 | Date: Fri, 18 Sep 2020 07:55:14 -0700 | ||
4 | Subject: [PATCH] x86: Handle _SC_LEVEL1_ICACHE_LINESIZE [BZ #27444] | ||
5 | |||
6 | x86: Move x86 processor cache info to cpu_features | ||
7 | |||
8 | missed _SC_LEVEL1_ICACHE_LINESIZE. | ||
9 | |||
10 | 1. Add level1_icache_linesize to struct cpu_features. | ||
11 | 2. Initialize level1_icache_linesize by calling handle_intel, | ||
12 | handle_zhaoxin and handle_amd with _SC_LEVEL1_ICACHE_LINESIZE. | ||
13 | 3. Return level1_icache_linesize for _SC_LEVEL1_ICACHE_LINESIZE. | ||
14 | |||
15 | Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27444] | ||
16 | Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com> | ||
17 | --- | ||
18 | sysdeps/x86/Makefile | 8 +++ | ||
19 | sysdeps/x86/cacheinfo.c | 3 + | ||
20 | sysdeps/x86/dl-cacheinfo.h | 6 ++ | ||
21 | sysdeps/x86/include/cpu-features.h | 2 + | ||
22 | .../x86/tst-sysconf-cache-linesize-static.c | 1 + | ||
23 | sysdeps/x86/tst-sysconf-cache-linesize.c | 57 +++++++++++++++++++ | ||
24 | 6 files changed, 77 insertions(+) | ||
25 | create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize-static.c | ||
26 | create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize.c | ||
27 | |||
28 | diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile | ||
29 | index dd82674342..d231263051 100644 | ||
30 | --- a/sysdeps/x86/Makefile | ||
31 | +++ b/sysdeps/x86/Makefile | ||
32 | @@ -208,3 +208,11 @@ $(objpfx)check-cet.out: $(..)sysdeps/x86/check-cet.awk \ | ||
33 | generated += check-cet.out | ||
34 | endif | ||
35 | endif | ||
36 | + | ||
37 | +ifeq ($(subdir),posix) | ||
38 | +tests += \ | ||
39 | + tst-sysconf-cache-linesize \ | ||
40 | + tst-sysconf-cache-linesize-static | ||
41 | +tests-static += \ | ||
42 | + tst-sysconf-cache-linesize-static | ||
43 | +endif | ||
44 | diff --git a/sysdeps/x86/cacheinfo.c b/sysdeps/x86/cacheinfo.c | ||
45 | index 7b8df45e3b..5ea4723ca6 100644 | ||
46 | --- a/sysdeps/x86/cacheinfo.c | ||
47 | +++ b/sysdeps/x86/cacheinfo.c | ||
48 | @@ -32,6 +32,9 @@ __cache_sysconf (int name) | ||
49 | case _SC_LEVEL1_ICACHE_SIZE: | ||
50 | return cpu_features->level1_icache_size; | ||
51 | |||
52 | + case _SC_LEVEL1_ICACHE_LINESIZE: | ||
53 | + return cpu_features->level1_icache_linesize; | ||
54 | + | ||
55 | case _SC_LEVEL1_DCACHE_SIZE: | ||
56 | return cpu_features->level1_dcache_size; | ||
57 | |||
58 | diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h | ||
59 | index a31fa0783a..7cd00b92f1 100644 | ||
60 | --- a/sysdeps/x86/dl-cacheinfo.h | ||
61 | +++ b/sysdeps/x86/dl-cacheinfo.h | ||
62 | @@ -707,6 +707,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) | ||
63 | long int core; | ||
64 | unsigned int threads = 0; | ||
65 | unsigned long int level1_icache_size = -1; | ||
66 | + unsigned long int level1_icache_linesize = -1; | ||
67 | unsigned long int level1_dcache_size = -1; | ||
68 | unsigned long int level1_dcache_assoc = -1; | ||
69 | unsigned long int level1_dcache_linesize = -1; | ||
70 | @@ -726,6 +727,8 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) | ||
71 | |||
72 | level1_icache_size | ||
73 | = handle_intel (_SC_LEVEL1_ICACHE_SIZE, cpu_features); | ||
74 | + level1_icache_linesize | ||
75 | + = handle_intel (_SC_LEVEL1_ICACHE_LINESIZE, cpu_features); | ||
76 | level1_dcache_size = data; | ||
77 | level1_dcache_assoc | ||
78 | = handle_intel (_SC_LEVEL1_DCACHE_ASSOC, cpu_features); | ||
79 | @@ -753,6 +756,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) | ||
80 | shared = handle_zhaoxin (_SC_LEVEL3_CACHE_SIZE); | ||
81 | |||
82 | level1_icache_size = handle_zhaoxin (_SC_LEVEL1_ICACHE_SIZE); | ||
83 | + level1_icache_linesize = handle_zhaoxin (_SC_LEVEL1_ICACHE_LINESIZE); | ||
84 | level1_dcache_size = data; | ||
85 | level1_dcache_assoc = handle_zhaoxin (_SC_LEVEL1_DCACHE_ASSOC); | ||
86 | level1_dcache_linesize = handle_zhaoxin (_SC_LEVEL1_DCACHE_LINESIZE); | ||
87 | @@ -772,6 +776,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) | ||
88 | shared = handle_amd (_SC_LEVEL3_CACHE_SIZE); | ||
89 | |||
90 | level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE); | ||
91 | + level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE); | ||
92 | level1_dcache_size = data; | ||
93 | level1_dcache_assoc = handle_amd (_SC_LEVEL1_DCACHE_ASSOC); | ||
94 | level1_dcache_linesize = handle_amd (_SC_LEVEL1_DCACHE_LINESIZE); | ||
95 | @@ -833,6 +838,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) | ||
96 | } | ||
97 | |||
98 | cpu_features->level1_icache_size = level1_icache_size; | ||
99 | + cpu_features->level1_icache_linesize = level1_icache_linesize; | ||
100 | cpu_features->level1_dcache_size = level1_dcache_size; | ||
101 | cpu_features->level1_dcache_assoc = level1_dcache_assoc; | ||
102 | cpu_features->level1_dcache_linesize = level1_dcache_linesize; | ||
103 | diff --git a/sysdeps/x86/include/cpu-features.h b/sysdeps/x86/include/cpu-features.h | ||
104 | index 624736b40e..39a3f4f311 100644 | ||
105 | --- a/sysdeps/x86/include/cpu-features.h | ||
106 | +++ b/sysdeps/x86/include/cpu-features.h | ||
107 | @@ -874,6 +874,8 @@ struct cpu_features | ||
108 | unsigned long int rep_stosb_threshold; | ||
109 | /* _SC_LEVEL1_ICACHE_SIZE. */ | ||
110 | unsigned long int level1_icache_size; | ||
111 | + /* _SC_LEVEL1_ICACHE_LINESIZE. */ | ||
112 | + unsigned long int level1_icache_linesize; | ||
113 | /* _SC_LEVEL1_DCACHE_SIZE. */ | ||
114 | unsigned long int level1_dcache_size; | ||
115 | /* _SC_LEVEL1_DCACHE_ASSOC. */ | ||
116 | diff --git a/sysdeps/x86/tst-sysconf-cache-linesize-static.c b/sysdeps/x86/tst-sysconf-cache-linesize-static.c | ||
117 | new file mode 100644 | ||
118 | index 0000000000..152ae68821 | ||
119 | --- /dev/null | ||
120 | +++ b/sysdeps/x86/tst-sysconf-cache-linesize-static.c | ||
121 | @@ -0,0 +1 @@ | ||
122 | +#include "tst-sysconf-cache-linesize.c" | ||
123 | diff --git a/sysdeps/x86/tst-sysconf-cache-linesize.c b/sysdeps/x86/tst-sysconf-cache-linesize.c | ||
124 | new file mode 100644 | ||
125 | index 0000000000..642dbde5d2 | ||
126 | --- /dev/null | ||
127 | +++ b/sysdeps/x86/tst-sysconf-cache-linesize.c | ||
128 | @@ -0,0 +1,57 @@ | ||
129 | +/* Test system cache line sizes. | ||
130 | + Copyright (C) 2021 Free Software Foundation, Inc. | ||
131 | + This file is part of the GNU C Library. | ||
132 | + | ||
133 | + The GNU C Library is free software; you can redistribute it and/or | ||
134 | + modify it under the terms of the GNU Lesser General Public | ||
135 | + License as published by the Free Software Foundation; either | ||
136 | + version 2.1 of the License, or (at your option) any later version. | ||
137 | + | ||
138 | + The GNU C Library is distributed in the hope that it will be useful, | ||
139 | + but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
140 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
141 | + Lesser General Public License for more details. | ||
142 | + | ||
143 | + You should have received a copy of the GNU Lesser General Public | ||
144 | + License along with the GNU C Library; if not, see | ||
145 | + <https://www.gnu.org/licenses/>. */ | ||
146 | + | ||
147 | +#include <stdio.h> | ||
148 | +#include <stdlib.h> | ||
149 | +#include <unistd.h> | ||
150 | +#include <array_length.h> | ||
151 | + | ||
152 | +static struct | ||
153 | +{ | ||
154 | + const char *name; | ||
155 | + int _SC_val; | ||
156 | +} sc_options[] = | ||
157 | + { | ||
158 | +#define N(name) { "_SC_"#name, _SC_##name } | ||
159 | + N (LEVEL1_ICACHE_LINESIZE), | ||
160 | + N (LEVEL1_DCACHE_LINESIZE), | ||
161 | + N (LEVEL2_CACHE_LINESIZE) | ||
162 | + }; | ||
163 | + | ||
164 | +static int | ||
165 | +do_test (void) | ||
166 | +{ | ||
167 | + int result = EXIT_SUCCESS; | ||
168 | + | ||
169 | + for (int i = 0; i < array_length (sc_options); ++i) | ||
170 | + { | ||
171 | + long int scret = sysconf (sc_options[i]._SC_val); | ||
172 | + if (scret < 0) | ||
173 | + { | ||
174 | + printf ("sysconf (%s) returned < 0 (%ld)\n", | ||
175 | + sc_options[i].name, scret); | ||
176 | + result = EXIT_FAILURE; | ||
177 | + } | ||
178 | + else | ||
179 | + printf ("sysconf (%s): %ld\n", sc_options[i].name, scret); | ||
180 | + } | ||
181 | + | ||
182 | + return result; | ||
183 | +} | ||
184 | + | ||
185 | +#include <support/test-driver.c> | ||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch b/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch new file mode 100644 index 0000000000..2f08a90dd0 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch | |||
@@ -0,0 +1,174 @@ | |||
1 | Since the full ISA set used in an ELF binary is unknown to compiler, | ||
2 | an x86-64 ISA level marker indicates the minimum, not maximum, ISA set | ||
3 | required to run such an ELF binary. We never guarantee a library with | ||
4 | an x86-64 ISA level v3 marker doesn't contain other ISAs beyond x86-64 | ||
5 | ISA level v3, like AVX VNNI. We check the x86-64 ISA level marker for | ||
6 | the minimum ISA set. Since -march=sandybridge enables only some ISAs | ||
7 | in x86-64 ISA level v3, we should set the needed ISA marker to v2. | ||
8 | Otherwise, libc is compiled with -march=sandybridge will fail to run on | ||
9 | Sandy Bridge: | ||
10 | |||
11 | $ ./elf/ld.so ./libc.so | ||
12 | ./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3 | ||
13 | |||
14 | Set the minimum, instead of maximum, x86-64 ISA level marker should have | ||
15 | no impact on the b-hwcaps directory assignment logic in ldconfig nor | ||
16 | ld.so. | ||
17 | |||
18 | (cherry picked from commit 339bf918ea4830fb35614632e96f3aab3237adce) | ||
19 | --- | ||
20 | config.h.in | 6 ++++++ | ||
21 | sysdeps/x86/configure | 28 ++++++++++++++++++++++++++++ | ||
22 | sysdeps/x86/configure.ac | 16 ++++++++++++++++ | ||
23 | sysdeps/x86/isa-level.c | 25 ++++++++++++++----------- | ||
24 | 4 files changed, 64 insertions(+), 11 deletions(-) | ||
25 | |||
26 | diff --git a/config.h.in b/config.h.in | ||
27 | --- a/config.h.in 2021-10-16 03:28:49.447573081 -0700 | ||
28 | +++ b/config.h.in 2021-10-16 03:29:38.626741181 -0700 | ||
29 | @@ -275,4 +275,10 @@ | ||
30 | /* Define if x86 ISA level should be included in shared libraries. */ | ||
31 | #undef INCLUDE_X86_ISA_LEVEL | ||
32 | |||
33 | +/* Define if -msahf is enabled by default on x86. */ | ||
34 | +#undef HAVE_X86_LAHF_SAHF | ||
35 | + | ||
36 | +/* Define if -mmovbe is enabled by default on x86. */ | ||
37 | +#undef HAVE_X86_MOVBE | ||
38 | + | ||
39 | #endif | ||
40 | diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure | ||
41 | --- a/sysdeps/x86/configure 2021-10-16 03:28:49.587570713 -0700 | ||
42 | +++ b/sysdeps/x86/configure 2021-10-16 03:29:39.330729277 -0700 | ||
43 | @@ -126,6 +126,8 @@ cat > conftest2.S <<EOF | ||
44 | 4: | ||
45 | EOF | ||
46 | libc_cv_include_x86_isa_level=no | ||
47 | +libc_cv_have_x86_lahf_sahf=no | ||
48 | +libc_cv_have_x86_movbe=no | ||
49 | if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S' | ||
50 | { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 | ||
51 | (eval $ac_try) 2>&5 | ||
52 | @@ -135,6 +137,24 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS | ||
53 | count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` | ||
54 | if test "$count" = 1; then | ||
55 | libc_cv_include_x86_isa_level=yes | ||
56 | + cat > conftest.c <<EOF | ||
57 | +EOF | ||
58 | + if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c' | ||
59 | + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 | ||
60 | + (eval $ac_try) 2>&5 | ||
61 | + ac_status=$? | ||
62 | + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
63 | + test $ac_status = 0; }; } | grep -q "\-msahf"; then | ||
64 | + libc_cv_have_x86_lahf_sahf=yes | ||
65 | + fi | ||
66 | + if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c' | ||
67 | + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 | ||
68 | + (eval $ac_try) 2>&5 | ||
69 | + ac_status=$? | ||
70 | + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
71 | + test $ac_status = 0; }; } | grep -q "\-mmovbe"; then | ||
72 | + libc_cv_have_x86_movbe=yes | ||
73 | + fi | ||
74 | fi | ||
75 | fi | ||
76 | rm -f conftest* | ||
77 | @@ -145,5 +165,13 @@ if test $libc_cv_include_x86_isa_level = | ||
78 | $as_echo "#define INCLUDE_X86_ISA_LEVEL 1" >>confdefs.h | ||
79 | |||
80 | fi | ||
81 | +if test $libc_cv_have_x86_lahf_sahf = yes; then | ||
82 | + $as_echo "#define HAVE_X86_LAHF_SAHF 1" >>confdefs.h | ||
83 | + | ||
84 | +fi | ||
85 | +if test $libc_cv_have_x86_movbe = yes; then | ||
86 | + $as_echo "#define HAVE_X86_MOVBE 1" >>confdefs.h | ||
87 | + | ||
88 | +fi | ||
89 | config_vars="$config_vars | ||
90 | enable-x86-isa-level = $libc_cv_include_x86_isa_level" | ||
91 | diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac | ||
92 | --- a/sysdeps/x86/configure.ac 2021-10-16 03:28:49.587570713 -0700 | ||
93 | +++ b/sysdeps/x86/configure.ac 2021-10-16 03:29:40.038717306 -0700 | ||
94 | @@ -98,14 +98,30 @@ cat > conftest2.S <<EOF | ||
95 | 4: | ||
96 | EOF | ||
97 | libc_cv_include_x86_isa_level=no | ||
98 | +libc_cv_have_x86_lahf_sahf=no | ||
99 | +libc_cv_have_x86_movbe=no | ||
100 | if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then | ||
101 | count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` | ||
102 | if test "$count" = 1; then | ||
103 | libc_cv_include_x86_isa_level=yes | ||
104 | + cat > conftest.c <<EOF | ||
105 | +EOF | ||
106 | + if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-msahf"; then | ||
107 | + libc_cv_have_x86_lahf_sahf=yes | ||
108 | + fi | ||
109 | + if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-mmovbe"; then | ||
110 | + libc_cv_have_x86_movbe=yes | ||
111 | + fi | ||
112 | fi | ||
113 | fi | ||
114 | rm -f conftest*]) | ||
115 | if test $libc_cv_include_x86_isa_level = yes; then | ||
116 | AC_DEFINE(INCLUDE_X86_ISA_LEVEL) | ||
117 | fi | ||
118 | +if test $libc_cv_have_x86_lahf_sahf = yes; then | ||
119 | + AC_DEFINE(HAVE_X86_LAHF_SAHF) | ||
120 | +fi | ||
121 | +if test $libc_cv_have_x86_movbe = yes; then | ||
122 | + AC_DEFINE(HAVE_X86_MOVBE) | ||
123 | +fi | ||
124 | LIBC_CONFIG_VAR([enable-x86-isa-level], [$libc_cv_include_x86_isa_level]) | ||
125 | diff --git a/sysdeps/x86/isa-level.c b/sysdeps/x86/isa-level.c | ||
126 | --- a/sysdeps/x86/isa-level.c 2021-10-16 03:28:49.587570713 -0700 | ||
127 | +++ b/sysdeps/x86/isa-level.c 2021-10-16 03:29:40.766704997 -0700 | ||
128 | @@ -29,32 +29,35 @@ | ||
129 | |||
130 | /* ELF program property for x86 ISA level. */ | ||
131 | #ifdef INCLUDE_X86_ISA_LEVEL | ||
132 | -# if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \ | ||
133 | - || defined __MMX__ || defined __SSE__ || defined __SSE2__ | ||
134 | +# if defined __SSE__ && defined __SSE2__ | ||
135 | +/* NB: ISAs, excluding MMX, in x86-64 ISA level baseline are used. */ | ||
136 | # define ISA_BASELINE GNU_PROPERTY_X86_ISA_1_BASELINE | ||
137 | # else | ||
138 | # define ISA_BASELINE 0 | ||
139 | # endif | ||
140 | |||
141 | -# if defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \ | ||
142 | - || (defined __x86_64__ && defined __LAHF_SAHF__) \ | ||
143 | - || defined __POPCNT__ || defined __SSE3__ \ | ||
144 | - || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__ | ||
145 | +# if ISA_BASELINE && defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \ | ||
146 | + && defined HAVE_X86_LAHF_SAHF && defined __POPCNT__ \ | ||
147 | + && defined __SSE3__ && defined __SSSE3__ && defined __SSE4_1__ \ | ||
148 | + && defined __SSE4_2__ | ||
149 | +/* NB: ISAs in x86-64 ISA level v2 are used. */ | ||
150 | # define ISA_V2 GNU_PROPERTY_X86_ISA_1_V2 | ||
151 | # else | ||
152 | # define ISA_V2 0 | ||
153 | # endif | ||
154 | |||
155 | -# if defined __AVX__ || defined __AVX2__ || defined __F16C__ \ | ||
156 | - || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \ | ||
157 | - || defined __XSAVE__ | ||
158 | +# if ISA_V2 && defined __AVX__ && defined __AVX2__ && defined __F16C__ \ | ||
159 | + && defined __FMA__ && defined __LZCNT__ && defined HAVE_X86_MOVBE | ||
160 | +/* NB: ISAs in x86-64 ISA level v3 are used. */ | ||
161 | # define ISA_V3 GNU_PROPERTY_X86_ISA_1_V3 | ||
162 | # else | ||
163 | # define ISA_V3 0 | ||
164 | # endif | ||
165 | |||
166 | -# if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \ | ||
167 | - || defined __AVX512DQ__ || defined __AVX512VL__ | ||
168 | +# if ISA_V3 && defined __AVX512F__ && defined __AVX512BW__ \ | ||
169 | + && defined __AVX512CD__ && defined __AVX512DQ__ \ | ||
170 | + && defined __AVX512VL__ | ||
171 | +/* NB: ISAs in x86-64 ISA level v4 are used. */ | ||
172 | # define ISA_V4 GNU_PROPERTY_X86_ISA_1_V4 | ||
173 | # else | ||
174 | # define ISA_V4 0 | ||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch b/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch deleted file mode 100644 index 26c5c0d2a9..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch +++ /dev/null | |||
@@ -1,51 +0,0 @@ | |||
1 | From dca565886b5e8bd7966e15f0ca42ee5cff686673 Mon Sep 17 00:00:00 2001 | ||
2 | From: DJ Delorie <dj@redhat.com> | ||
3 | Date: Thu, 25 Feb 2021 16:08:21 -0500 | ||
4 | Subject: [PATCH] nscd: Fix double free in netgroupcache [BZ #27462] | ||
5 | |||
6 | In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free | ||
7 | was fixed, but this led to an occasional double-free. This patch | ||
8 | tracks the "live" allocation better. | ||
9 | |||
10 | Tested manually by a third party. | ||
11 | |||
12 | Related: RHBZ 1927877 | ||
13 | |||
14 | Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
15 | Reviewed-by: Carlos O'Donell <carlos@redhat.com> | ||
16 | |||
17 | Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673] | ||
18 | |||
19 | CVE: CVE-2021-27645 | ||
20 | |||
21 | Reviewed-by: Carlos O'Donell <carlos@redhat.com> | ||
22 | Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> | ||
23 | --- | ||
24 | nscd/netgroupcache.c | 4 ++-- | ||
25 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
26 | |||
27 | diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c | ||
28 | index dba6ceec1b..ad2daddafd 100644 | ||
29 | --- a/nscd/netgroupcache.c | ||
30 | +++ b/nscd/netgroupcache.c | ||
31 | @@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, | ||
32 | : NULL); | ||
33 | ndomain = (ndomain ? newbuf + ndomaindiff | ||
34 | : NULL); | ||
35 | - buffer = newbuf; | ||
36 | + *tofreep = buffer = newbuf; | ||
37 | } | ||
38 | |||
39 | nhost = memcpy (buffer + bufused, | ||
40 | @@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, | ||
41 | else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) | ||
42 | { | ||
43 | buflen *= 2; | ||
44 | - buffer = xrealloc (buffer, buflen); | ||
45 | + *tofreep = buffer = xrealloc (buffer, buflen); | ||
46 | } | ||
47 | else if (status == NSS_STATUS_RETURN | ||
48 | || status == NSS_STATUS_NOTFOUND | ||
49 | -- | ||
50 | 2.27.0 | ||
51 | |||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch b/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch deleted file mode 100644 index 21f07ac303..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch +++ /dev/null | |||
@@ -1,76 +0,0 @@ | |||
1 | From 709674ec86c3c6da4f0995897f6b0205c16d049d Mon Sep 17 00:00:00 2001 | ||
2 | From: Andreas Schwab <schwab@linux-m68k.org> | ||
3 | Date: Thu, 27 May 2021 12:49:47 +0200 | ||
4 | Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896) | ||
5 | |||
6 | Make a deep copy of the pthread attribute object to remove a potential | ||
7 | use-after-free issue. | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | [https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb] | ||
11 | |||
12 | CVE: | ||
13 | CVE-2021-33574 | ||
14 | |||
15 | Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
16 | Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> | ||
17 | --- | ||
18 | NEWS | 4 ++++ | ||
19 | sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++----- | ||
20 | 2 files changed, 14 insertions(+), 5 deletions(-) | ||
21 | |||
22 | diff --git a/NEWS b/NEWS | ||
23 | index 71f5d20324..017d656433 100644 | ||
24 | --- a/NEWS | ||
25 | +++ b/NEWS | ||
26 | @@ -118,6 +118,10 @@ Security related changes: | ||
27 | CVE-2019-25013: A buffer overflow has been fixed in the iconv function when | ||
28 | invoked with EUC-KR input containing invalid multibyte input sequences. | ||
29 | |||
30 | + CVE-2021-33574: The mq_notify function has a potential use-after-free | ||
31 | + issue when using a notification type of SIGEV_THREAD and a thread | ||
32 | + attribute with a non-default affinity mask. | ||
33 | + | ||
34 | The following bugs are resolved with this release: | ||
35 | |||
36 | [10635] libc: realpath portability patches | ||
37 | diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c | ||
38 | index cc575a0cdd..f7ddfe5a6c 100644 | ||
39 | --- a/sysdeps/unix/sysv/linux/mq_notify.c | ||
40 | +++ b/sysdeps/unix/sysv/linux/mq_notify.c | ||
41 | @@ -133,8 +133,11 @@ helper_thread (void *arg) | ||
42 | (void) __pthread_barrier_wait (¬ify_barrier); | ||
43 | } | ||
44 | else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) | ||
45 | - /* The only state we keep is the copy of the thread attributes. */ | ||
46 | - free (data.attr); | ||
47 | + { | ||
48 | + /* The only state we keep is the copy of the thread attributes. */ | ||
49 | + pthread_attr_destroy (data.attr); | ||
50 | + free (data.attr); | ||
51 | + } | ||
52 | } | ||
53 | return NULL; | ||
54 | } | ||
55 | @@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) | ||
56 | if (data.attr == NULL) | ||
57 | return -1; | ||
58 | |||
59 | - memcpy (data.attr, notification->sigev_notify_attributes, | ||
60 | - sizeof (pthread_attr_t)); | ||
61 | + __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); | ||
62 | } | ||
63 | |||
64 | /* Construct the new request. */ | ||
65 | @@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) | ||
66 | |||
67 | /* If it failed, free the allocated memory. */ | ||
68 | if (__glibc_unlikely (retval != 0)) | ||
69 | - free (data.attr); | ||
70 | + { | ||
71 | + pthread_attr_destroy (data.attr); | ||
72 | + free (data.attr); | ||
73 | + } | ||
74 | |||
75 | return retval; | ||
76 | } | ||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch b/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch deleted file mode 100644 index befccd7ac7..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Weimer <fweimer@redhat.com> | ||
3 | Date: Tue, 1 Jun 2021 17:51:41 +0200 | ||
4 | Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896) | ||
5 | |||
6 | __pthread_attr_copy can fail and does not initialize the attribute | ||
7 | structure in that case. | ||
8 | |||
9 | If __pthread_attr_copy is never called and there is no allocated | ||
10 | attribute, pthread_attr_destroy should not be called, otherwise | ||
11 | there is a null pointer dereference in rt/tst-mqueue6. | ||
12 | |||
13 | Fixes commit 42d359350510506b87101cf77202fefcbfc790cb | ||
14 | ("Use __pthread_attr_copy in mq_notify (bug 27896)"). | ||
15 | |||
16 | Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | [https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091] | ||
20 | |||
21 | CVE: | ||
22 | CVE-2021-33574 | ||
23 | |||
24 | Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> | ||
25 | Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> | ||
26 | --- | ||
27 | sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++-- | ||
28 | 1 file changed, 9 insertions(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c | ||
31 | index f7ddfe5a6c..6f46d29d1d 100644 | ||
32 | --- a/sysdeps/unix/sysv/linux/mq_notify.c | ||
33 | +++ b/sysdeps/unix/sysv/linux/mq_notify.c | ||
34 | @@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) | ||
35 | if (data.attr == NULL) | ||
36 | return -1; | ||
37 | |||
38 | - __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); | ||
39 | + int ret = __pthread_attr_copy (data.attr, | ||
40 | + notification->sigev_notify_attributes); | ||
41 | + if (ret != 0) | ||
42 | + { | ||
43 | + free (data.attr); | ||
44 | + __set_errno (ret); | ||
45 | + return -1; | ||
46 | + } | ||
47 | } | ||
48 | |||
49 | /* Construct the new request. */ | ||
50 | @@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) | ||
51 | int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se); | ||
52 | |||
53 | /* If it failed, free the allocated memory. */ | ||
54 | - if (__glibc_unlikely (retval != 0)) | ||
55 | + if (retval != 0 && data.attr != NULL) | ||
56 | { | ||
57 | pthread_attr_destroy (data.attr); | ||
58 | free (data.attr); | ||
59 | -- | ||
60 | 2.27.0 | ||
61 | |||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch deleted file mode 100644 index 5cae1bc91c..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 | ||
2 | From: Andreas Schwab <schwab@linux-m68k.org> | ||
3 | Date: Fri, 25 Jun 2021 15:02:47 +0200 | ||
4 | Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug | ||
5 | 28011) | ||
6 | |||
7 | Use strtoul instead of atoi so that overflow can be detected. | ||
8 | |||
9 | Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] | ||
10 | CVE: CVE-2021-35942 | ||
11 | Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> | ||
12 | --- | ||
13 | posix/wordexp-test.c | 1 + | ||
14 | posix/wordexp.c | 2 +- | ||
15 | 2 files changed, 2 insertions(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c | ||
18 | index f93a546d7e..9df02dbbb3 100644 | ||
19 | --- a/posix/wordexp-test.c | ||
20 | +++ b/posix/wordexp-test.c | ||
21 | @@ -183,6 +183,7 @@ struct test_case_struct | ||
22 | { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, | ||
23 | { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, | ||
24 | { 0, NULL, "", 0, 0, { NULL, }, IFS }, | ||
25 | + { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, | ||
26 | |||
27 | /* Flags not already covered (testit() has special handling for these) */ | ||
28 | { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, | ||
29 | diff --git a/posix/wordexp.c b/posix/wordexp.c | ||
30 | index bcbe96e48d..1f3b09f721 100644 | ||
31 | --- a/posix/wordexp.c | ||
32 | +++ b/posix/wordexp.c | ||
33 | @@ -1399,7 +1399,7 @@ envsubst: | ||
34 | /* Is it a numeric parameter? */ | ||
35 | else if (isdigit (env[0])) | ||
36 | { | ||
37 | - int n = atoi (env); | ||
38 | + unsigned long n = strtoul (env, NULL, 10); | ||
39 | |||
40 | if (n >= __libc_argc) | ||
41 | /* Substitute NULL. */ | ||
42 | -- | ||
43 | 2.17.1 | ||
44 | |||
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb index 57a60cb9d8..ad5e2b8eb1 100644 --- a/meta/recipes-core/glibc/glibc_2.33.bb +++ b/meta/recipes-core/glibc/glibc_2.33.bb | |||
@@ -56,16 +56,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
56 | file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \ | 56 | file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \ |
57 | file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \ | 57 | file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \ |
58 | file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ | 58 | file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ |
59 | file://0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch \ | ||
60 | file://0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch \ | ||
61 | file://0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch \ | ||
62 | file://CVE-2021-27645.patch \ | ||
63 | file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \ | ||
64 | file://CVE-2021-33574_1.patch \ | ||
65 | file://CVE-2021-33574_2.patch \ | ||
66 | file://CVE-2021-35942.patch \ | ||
67 | file://0001-CVE-2021-38604.patch \ | ||
68 | file://0002-CVE-2021-38604.patch \ | ||
69 | " | 59 | " |
70 | S = "${WORKDIR}/git" | 60 | S = "${WORKDIR}/git" |
71 | B = "${WORKDIR}/build-${TARGET_SYS}" | 61 | B = "${WORKDIR}/build-${TARGET_SYS}" |