diff options
| author | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2019-10-14 12:59:09 +0200 |
|---|---|---|
| committer | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2019-10-15 16:11:28 +0200 |
| commit | 4d5b62263c6367dae888c6833b013dffda155c16 (patch) | |
| tree | 8173e1d698d8a9d665a33511ada58677b6075d01 /toolchain/musl/patches/030-fix-x87-stack-imbalance-in-corner-cases-of-i386-math.patch | |
| parent | 57b834281b586839b5e2cb00d7907de50c68ebcc (diff) | |
| download | upstream-4d5b62263c6367dae888c6833b013dffda155c16.tar.gz upstream-4d5b62263c6367dae888c6833b013dffda155c16.tar.bz2 upstream-4d5b62263c6367dae888c6833b013dffda155c16.zip | |
toolchain/musl: bump to version 1.1.24
1.1.24 release notes
new features:
- GLOB_TILDE extension to glob
- non-stub catgets localization API, using netbsd binary catalog format
- posix_spawn file actions for [f]chdir (extension, pending future standard)
- secure_getenv function (extension)
- copy_file_range syscall wrapper (Linux extension)
- header-level support for new linux features in 5.2
performance:
- new fast path for lrint (generic C version) on 32-bit archs
major internal changes:
- functions involving time are overhauled to be time64-ready in 32-bit archs
- x32 uses the new time64 code paths to replace nasty hacks in syscall glue
compatibility & conformance:
- support for powerpc[64] unaligned relocation types
- powerpc[64] and sh sys/user.h no longer clash with kernel asm/ptrace.h
- select no longer modifies timeout on failure (or at all)
- mips64 stat results are no longer limited to 32-bit time range
- optreset (BSD extension) now has a public declaration
- support for clang inconsistencies in wchar_t type vs some 32-bit archs
- mips r6 syscall asm no longer has invalid lo/hi register clobbers
- vestigial asm declarations of __tls_get_new are removed (broke some tooling)
- riscv64 mcontext_t mismatch glibc's member naming is corrected
bugs fixed:
- glob failed to match broken symlinks consistently
- invalid use of interposed calloc to allocate initial TLS
- various dlsym symbol resolution logic errors
- semctl with SEM_STAT_ANY didn't work
- pthread_create with explicit scheduling was subject to priority inversion
- pthread_create failure path had data race for thread count
- timer_create with SIGEV_THREAD notification had data race getting timer id
- wide printf family failed to support l modifier for float formats
arch-specific bugs fixed:
- x87 floating point stack imbalance in math asm (i386-only CVE-2019-14697)
- x32 clock_adjtime, getrusage, wait3, wait4 produced junk (struct mismatches)
- lseek broken on x32 and mipsn32 with large file offsets
- riscv64 atomics weren't compiler barriers
- riscv64 atomics had broken asm constraints (missing earlyclobber flag)
- arm clone() was broken when compiled as thumb if start function returned
- mipsr6 setjmp/longjmp did not preserve fpu register state correctly
Refreshed all patches.
Removed upstreamed.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Diffstat (limited to 'toolchain/musl/patches/030-fix-x87-stack-imbalance-in-corner-cases-of-i386-math.patch')
| -rw-r--r-- | toolchain/musl/patches/030-fix-x87-stack-imbalance-in-corner-cases-of-i386-math.patch | 179 |
1 files changed, 0 insertions, 179 deletions
diff --git a/toolchain/musl/patches/030-fix-x87-stack-imbalance-in-corner-cases-of-i386-math.patch b/toolchain/musl/patches/030-fix-x87-stack-imbalance-in-corner-cases-of-i386-math.patch deleted file mode 100644 index a709330079..0000000000 --- a/toolchain/musl/patches/030-fix-x87-stack-imbalance-in-corner-cases-of-i386-math.patch +++ /dev/null @@ -1,179 +0,0 @@ -From f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441 Mon Sep 17 00:00:00 2001 -From: Rich Felker <dalias@aerifal.cx> -Date: Mon, 5 Aug 2019 18:41:47 -0400 -Subject: fix x87 stack imbalance in corner cases of i386 math asm - -commit 31c5fb80b9eae86f801be4f46025bc6532a554c5 introduced underflow -code paths for the i386 math asm, along with checks on the fpu status -word to skip the underflow-generation instructions if the underflow -flag was already raised. unfortunately, at least one such path, in -log1p, returned with 2 items on the x87 stack rather than just 1 item -for the return value. this is a violation of the ABI's calling -convention, and could cause subsequent floating point code to produce -NANs due to x87 stack overflow. if floating point results are used in -flow control, this can lead to runaway wrong code execution. - -rather than reviewing each "underflow already raised" code path for -correctness, remove them all. they're likely slower than just -performing the underflow code unconditionally, and significantly more -complex. - -all of this code should be ripped out and replaced by C source files -with inline asm. doing so would preclude this kind of error by having -the compiler perform all x87 stack register allocation and stack -manipulation, and would produce comparable or better code. however -such a change is a much larger project. ---- - src/math/i386/asin.s | 10 ++-------- - src/math/i386/atan.s | 7 ++----- - src/math/i386/atan2.s | 5 +---- - src/math/i386/atan2f.s | 5 +---- - src/math/i386/atanf.s | 7 ++----- - src/math/i386/exp.s | 10 ++-------- - src/math/i386/log1p.s | 7 ++----- - src/math/i386/log1pf.s | 7 ++----- - 8 files changed, 14 insertions(+), 44 deletions(-) - ---- a/src/math/i386/asin.s -+++ b/src/math/i386/asin.s -@@ -7,13 +7,10 @@ asinf: - cmp $0x01000000,%eax - jae 1f - # subnormal x, return x with underflow -- fnstsw %ax -- and $16,%ax -- jnz 2f - fld %st(0) - fmul %st(1) - fstps 4(%esp) --2: ret -+ ret - - .global asinl - .type asinl,@function -@@ -30,11 +27,8 @@ asin: - cmp $0x00200000,%eax - jae 1f - # subnormal x, return x with underflow -- fnstsw %ax -- and $16,%ax -- jnz 2f - fsts 4(%esp) --2: ret -+ ret - 1: fld %st(0) - fld1 - fsub %st(0),%st(1) ---- a/src/math/i386/atan.s -+++ b/src/math/i386/atan.s -@@ -10,8 +10,5 @@ atan: - fpatan - ret - # subnormal x, return x with underflow --1: fnstsw %ax -- and $16,%ax -- jnz 2f -- fsts 4(%esp) --2: ret -+1: fsts 4(%esp) -+ ret ---- a/src/math/i386/atan2.s -+++ b/src/math/i386/atan2.s -@@ -10,8 +10,5 @@ atan2: - cmp $0x00200000,%eax - jae 1f - # subnormal x, return x with underflow -- fnstsw %ax -- and $16,%ax -- jnz 1f - fsts 4(%esp) --1: ret -+ ret ---- a/src/math/i386/atan2f.s -+++ b/src/math/i386/atan2f.s -@@ -10,10 +10,7 @@ atan2f: - cmp $0x01000000,%eax - jae 1f - # subnormal x, return x with underflow -- fnstsw %ax -- and $16,%ax -- jnz 1f - fld %st(0) - fmul %st(1) - fstps 4(%esp) --1: ret -+ ret ---- a/src/math/i386/atanf.s -+++ b/src/math/i386/atanf.s -@@ -10,10 +10,7 @@ atanf: - fpatan - ret - # subnormal x, return x with underflow --1: fnstsw %ax -- and $16,%ax -- jnz 2f -- fld %st(0) -+1: fld %st(0) - fmul %st(1) - fstps 4(%esp) --2: ret -+ ret ---- a/src/math/i386/exp.s -+++ b/src/math/i386/exp.s -@@ -7,13 +7,10 @@ expm1f: - cmp $0x01000000,%eax - jae 1f - # subnormal x, return x with underflow -- fnstsw %ax -- and $16,%ax -- jnz 2f - fld %st(0) - fmul %st(1) - fstps 4(%esp) --2: ret -+ ret - - .global expm1l - .type expm1l,@function -@@ -30,11 +27,8 @@ expm1: - cmp $0x00200000,%eax - jae 1f - # subnormal x, return x with underflow -- fnstsw %ax -- and $16,%ax -- jnz 2f - fsts 4(%esp) --2: ret -+ ret - 1: fldl2e - fmulp - mov $0xc2820000,%eax ---- a/src/math/i386/log1p.s -+++ b/src/math/i386/log1p.s -@@ -16,9 +16,6 @@ log1p: - fyl2x - ret - # subnormal x, return x with underflow --2: fnstsw %ax -- and $16,%ax -- jnz 1f -- fsts 4(%esp) -+2: fsts 4(%esp) - fstp %st(1) --1: ret -+ ret ---- a/src/math/i386/log1pf.s -+++ b/src/math/i386/log1pf.s -@@ -16,10 +16,7 @@ log1pf: - fyl2x - ret - # subnormal x, return x with underflow --2: fnstsw %ax -- and $16,%ax -- jnz 1f -- fxch -+2: fxch - fmul %st(1) - fstps 4(%esp) --1: ret -+ ret |