From 11e72654dce7417518ad20a0007bd7fd813c361a Mon Sep 17 00:00:00 2001 From: Qingqing Li Date: Sat, 4 Jan 2025 15:19:12 +0800 Subject: [PATCH] x86: Avoid integer truncation with large cache sizes (bug 32470) --- glibc.spec | 6 ++- ...r-truncation-with-large-cache-sizes-.patch | 49 +++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 x86-Avoid-integer-truncation-with-large-cache-sizes-.patch diff --git a/glibc.spec b/glibc.spec index 825d903..5ac338b 100644 --- a/glibc.spec +++ b/glibc.spec @@ -67,7 +67,7 @@ ############################################################################## Name: glibc Version: 2.38 -Release: 48 +Release: 49 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -250,6 +250,7 @@ Patch160: backport-elf-Introduce-_dl_relocate_object_no_relro.patch Patch161: backport-elf-Switch-to-main-malloc-after-final-ld.so-self-rel.patch Patch162: nptl-initialize-rseq-area-prior-to-registration.patch Patch163: nptl-initialize-cpu_id_start-prior-to-rseq-registrat.patch +Patch164: x86-Avoid-integer-truncation-with-large-cache-sizes-.patch #openEuler patch list Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch @@ -1465,6 +1466,9 @@ fi %endif %changelog +* Sat Jan 4 2025 Qingqing Li - 2.38-49 +- x86: Avoid integer truncation with large cache sizes (bug 32470) + * Mon Dec 16 2024 swcompiler - 2.38-48 - Add Sw64 ISA support diff --git a/x86-Avoid-integer-truncation-with-large-cache-sizes-.patch b/x86-Avoid-integer-truncation-with-large-cache-sizes-.patch new file mode 100644 index 0000000..5728bb7 --- /dev/null +++ b/x86-Avoid-integer-truncation-with-large-cache-sizes-.patch @@ -0,0 +1,49 @@ +From cf06772360017094b6b8de7cac29bb029df8a974 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Tue, 17 Dec 2024 18:12:03 +0100 +Subject: [PATCH] x86: Avoid integer truncation with large cache sizes (bug + 32470) + +Some hypervisors report 1 TiB L3 cache size. This results +in some variables incorrectly getting zeroed, causing crashes +in memcpy/memmove because invariants are violated. + +(cherry picked from commit 61c3450db96dce96ad2b24b4f0b548e6a46d68e5) +--- + NEWS | 1 + + sysdeps/x86/dl-cacheinfo.h | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/NEWS b/NEWS +index 8feb39f1ba..d0815514e0 100644 +--- a/NEWS ++++ b/NEWS +@@ -60,6 +60,7 @@ The following bugs are resolved with this release: + [32052] Name space violation in fortify wrappers + [32137] libio: Attempt wide backup free only for non-legacy code + [32231] elf: Change ldconfig auxcache magic number ++ [32470] x86: Avoid integer truncation with large cache sizes + + Version 2.38 + +diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h +index 5ddb35c9d9..6c7740422a 100644 +--- a/sysdeps/x86/dl-cacheinfo.h ++++ b/sysdeps/x86/dl-cacheinfo.h +@@ -965,11 +965,11 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) + non_temporal_threshold = maximum_non_temporal_threshold; + + /* NB: The REP MOVSB threshold must be greater than VEC_SIZE * 8. */ +- unsigned int minimum_rep_movsb_threshold; ++ unsigned long int minimum_rep_movsb_threshold; + /* NB: The default REP MOVSB threshold is 4096 * (VEC_SIZE / 16) for + VEC_SIZE == 64 or 32. For VEC_SIZE == 16, the default REP MOVSB + threshold is 2048 * (VEC_SIZE / 16). */ +- unsigned int rep_movsb_threshold; ++ unsigned long int rep_movsb_threshold; + if (CPU_FEATURE_USABLE_P (cpu_features, AVX512F) + && !CPU_FEATURE_PREFERRED_P (cpu_features, Prefer_No_AVX512)) + { +-- +2.27.0 + -- Gitee