From 75365e0c0ad27e4789b8e3898763c917b3db2ef4 Mon Sep 17 00:00:00 2001 From: liqingqing_1229 Date: Mon, 7 Jun 2021 20:40:02 +0800 Subject: [PATCH] fix glibc bug 27902 and 27939, align stack to 16 bytes. --- ...arch64-align-stack-in-clone-BZ-27939.patch | 32 ++++ ...ign-child-stack-to-16-bytes-BZ-27902.patch | 159 ++++++++++++++++++ glibc.spec | 8 +- 3 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 backport-aarch64-align-stack-in-clone-BZ-27939.patch create mode 100644 backport-x86-64-Align-child-stack-to-16-bytes-BZ-27902.patch diff --git a/backport-aarch64-align-stack-in-clone-BZ-27939.patch b/backport-aarch64-align-stack-in-clone-BZ-27939.patch new file mode 100644 index 0000000..3a82131 --- /dev/null +++ b/backport-aarch64-align-stack-in-clone-BZ-27939.patch @@ -0,0 +1,32 @@ +From 3842ba494963b1d76ad5f68b8d1e5c2279160e31 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy +Date: Tue, 1 Jun 2021 09:23:40 +0100 +Subject: [PATCH] aarch64: align stack in clone [BZ #27939] + +The AArch64 PCS requires 16 byte aligned stack. Previously if the +caller passed an unaligned stack to clone then the child crashed. + +Fixes bug 27939. + +Conflict:NA +Reference:https://sourceware.org/git/?p=glibc.git;a=commit;h=3842ba494963b1d76ad5f68b8d1e5c2279160e31 +--- + sysdeps/unix/sysv/linux/aarch64/clone.S | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sysdeps/unix/sysv/linux/aarch64/clone.S b/sysdeps/unix/sysv/linux/aarch64/clone.S +index c9e63bae48..fe04bce6b6 100644 +--- a/sysdeps/unix/sysv/linux/aarch64/clone.S ++++ b/sysdeps/unix/sysv/linux/aarch64/clone.S +@@ -47,6 +47,8 @@ ENTRY(__clone) + /* Sanity check args. */ + mov x0, #-EINVAL + cbz x10, .Lsyscall_error ++ /* Align sp. */ ++ and x1, x1, -16 + cbz x1, .Lsyscall_error + + /* Do the system call. */ +-- +2.27.0 + diff --git a/backport-x86-64-Align-child-stack-to-16-bytes-BZ-27902.patch b/backport-x86-64-Align-child-stack-to-16-bytes-BZ-27902.patch new file mode 100644 index 0000000..3ef93f3 --- /dev/null +++ b/backport-x86-64-Align-child-stack-to-16-bytes-BZ-27902.patch @@ -0,0 +1,159 @@ +From 92a7d1343991897f77afe01041f3b77712445e47 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sun, 23 May 2021 10:25:10 -0700 +Subject: [PATCH] x86-64: Align child stack to 16 bytes [BZ #27902] + +In the x86-64 clone wrapper, align child stack to 16 bytes per the +x86-64 psABI. + +Reviewed-by: Carlos O'Donell +Conflict:NA +Reference:https://sourceware.org/git/?p=glibc.git;a=commit;h=92a7d1343991897f77afe01041f3b77712445e47 +--- + sysdeps/unix/sysv/linux/Makefile | 2 +- + sysdeps/unix/sysv/linux/tst-misalign-clone.c | 96 ++++++++++++++++++++ + sysdeps/unix/sysv/linux/x86_64/clone.S | 9 +- + 3 files changed, 103 insertions(+), 4 deletions(-) + create mode 100644 sysdeps/unix/sysv/linux/tst-misalign-clone.c + +diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile +index d8cd107d..2ed0c018 100644 +--- a/sysdeps/unix/sysv/linux/Makefile ++++ b/sysdeps/unix/sysv/linux/Makefile +@@ -46,7 +46,7 @@ tests += tst-clone tst-clone2 tst-clone3 tst-fanotify tst-personality \ + tst-quota tst-sync_file_range tst-sysconf-iov_max tst-ttyname \ + test-errno-linux tst-memfd_create tst-mlock2 tst-pkey \ + tst-rlimit-infinity tst-ofdlocks \ +- tst-sysvsem-linux ++ tst-sysvsem-linux tst-misalign-clone + tests-internal += tst-ofdlocks-compat + + +diff --git a/sysdeps/unix/sysv/linux/tst-misalign-clone.c b/sysdeps/unix/sysv/linux/tst-misalign-clone.c +new file mode 100644 +index 00000000..60f0ed08 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/tst-misalign-clone.c +@@ -0,0 +1,96 @@ ++/* Verify that the clone wrapper properly aligns the child stack. ++ Copyright (C) 2021 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int ++check_stack_alignment (void *arg) ++{ ++ bool ok = true; ++ ++ puts ("in f"); ++ ++ if (TEST_STACK_ALIGN ()) ++ ok = false; ++ ++ return ok ? 0 : 1; ++} ++ ++static int ++do_test (void) ++{ ++ puts ("in do_test"); ++ ++ if (TEST_STACK_ALIGN ()) ++ FAIL_EXIT1 ("stack isn't aligned\n"); ++ ++#ifdef __ia64__ ++# define STACK_SIZE (256 * 1024) ++#else ++# define STACK_SIZE (128 * 1024) ++#endif ++ ++ char st[STACK_SIZE + 1]; ++ /* NB: Align child stack to 1 byte. */ ++ char *stack = PTR_ALIGN_UP (&st[0], 2) + 1; ++ ++#ifdef __ia64__ ++ extern int __clone2 (int (*__fn) (void *__arg), void *__child_stack_base, ++ size_t __child_stack_size, int __flags, ++ void *__arg, ...); ++ pid_t p = __clone2 (check_stack_alignment, stack, STACK_SIZE, 0, 0); ++#else ++# if _STACK_GROWS_DOWN ++ pid_t p = clone (check_stack_alignment, stack + STACK_SIZE, 0, 0); ++# elif _STACK_GROWS_UP ++ pid_t p = clone (check_stack_alignment, stack, 0, 0); ++# else ++# error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP" ++# endif ++#endif ++ ++ /* Clone must not fail. */ ++ TEST_VERIFY_EXIT (p != -1); ++ ++ int e; ++ xwaitpid (p, &e, __WCLONE); ++ if (!WIFEXITED (e)) ++ { ++ if (WIFSIGNALED (e)) ++ printf ("died from signal %s\n", strsignal (WTERMSIG (e))); ++ FAIL_EXIT1 ("process did not terminate correctly"); ++ } ++ ++ if (WEXITSTATUS (e) != 0) ++ FAIL_EXIT1 ("exit code %d", WEXITSTATUS (e)); ++ ++ return 0; ++} ++ ++#include +diff --git a/sysdeps/unix/sysv/linux/x86_64/clone.S b/sysdeps/unix/sysv/linux/x86_64/clone.S +index 34bebe0c..4e6ab0a2 100644 +--- a/sysdeps/unix/sysv/linux/x86_64/clone.S ++++ b/sysdeps/unix/sysv/linux/x86_64/clone.S +@@ -52,12 +52,15 @@ ENTRY (__clone) + movq $-EINVAL,%rax + testq %rdi,%rdi /* no NULL function pointers */ + jz SYSCALL_ERROR_LABEL +- testq %rsi,%rsi /* no NULL stack pointers */ +- jz SYSCALL_ERROR_LABEL ++ ++ /* Align stack to 16 bytes per the x86-64 psABI. */ ++ andq $-16, %rsi ++ jz SYSCALL_ERROR_LABEL /* no NULL stack pointers */ + + /* Insert the argument onto the new stack. */ ++ movq %rcx,-8(%rsi) ++ + subq $16,%rsi +- movq %rcx,8(%rsi) + + /* Save the function pointer. It will be popped off in the + child in the ebx frobbing below. */ +-- +2.23.0 + diff --git a/glibc.spec b/glibc.spec index 4712287..e85b8e4 100644 --- a/glibc.spec +++ b/glibc.spec @@ -59,7 +59,7 @@ ############################################################################## Name: glibc Version: 2.28 -Release: 68 +Release: 69 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -1150,6 +1150,12 @@ fi %doc hesiod/README.hesiod %changelog +* Mon Jun 7 2021 Qingqing Li - 2.28-69 +- aarch64: align stack in clone [BZ #27939] + https://sourceware.org/bugzilla/show_bug.cgi?id=27939 + x86-64 Align child stack to 16 bytes [BZ #27902] + https://sourceware.org/bugzilla/show_bug.cgi?id=27902 + * Sat Jun 5 2021 Qingqing Li - 2.28-68 - fix CVE-2021-33574, fix use of __pthread_attr_copy in mq_notify (bug 27896) https://sourceware.org/bugzilla/show_bug.cgi?id=27896 -- Gitee