This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: BZ#13592: Fix x86-64 memset
- From: Andreas Jaeger <aj at suse dot com>
- To: libc-alpha at sourceware dot org
- Date: Tue, 3 Apr 2012 09:24:51 +0200
- Subject: Re: BZ#13592: Fix x86-64 memset
- References: <201203261213.08701.aj@suse.com>
Could somebody review and approve this, please?
Thanks,
Andreas
On Monday, March 26, 2012 12:13:08 Andreas Jaeger wrote:
> From bugzilla:
>
> "This problem seems to exist since the x86_64 variant of memset was
> improved years ago (certainly 2.11 already has the problem, as well as
> current git). There are several signed compares of the size argument,
> whereas it really is unsigned. Depending on situations e.g. a
> "memset(ptr, 0, -1)" segfault (but for the wrong reasons, because
> jumping into nirvana) or succeeds even.
>
> In normal use this is harmless, as a size with signbit set indicates
> more than half the address space which on x86_64 is impossible to
> allocate, but as the size is used to index some jump tables this
> potentially could have other unwanted side effects."
>
> Ok to commit (I'll change the copyrigh header before commit)?
>
> This was tested on x86-64,
> Andreas
>
> 2012-03-26 Andreas Jaeger <aj@suse.de>
>
> * sysdeps/x86_64/memset.S: Fix size paramater comparisions.
> Patch by Michael Matz <matz@suse.de>
>
>
> Index: sysdeps/x86_64/memset.S
> ===================================================================
> --- sysdeps/x86_64/memset.S.orig 2011-11-14 16:28:28.000000000 +0100
> +++ sysdeps/x86_64/memset.S 2012-01-12 14:27:48.000000000 +0100
> @@ -53,7 +53,7 @@ L(ck2):
> imul %r9,%rdx
> L(now_dw_aligned):
> cmp $0x90,%r8
> - jg L(ck_mem_ops_method)
> + ja L(ck_mem_ops_method)
> L(now_dw_aligned_small):
> add %r8,%rdi
> #ifndef PIC
> @@ -605,7 +605,7 @@ L(aligned_now):
> punpcklqdq %xmm0,%xmm0
>
> cmp $0xb0,%r8 # 176
> - jge L(byte32sse2_pre)
> + jae L(byte32sse2_pre)
>
> add %r8,%rdi
> # ifndef PIC
> @@ -865,7 +865,7 @@ L(byte32sse2_pre):
>
> mov __x86_64_shared_cache_size(%rip),%r9d # The largest cache size
> cmp %r9,%r8
> - jg L(sse2_nt_move_pre)
> + ja L(sse2_nt_move_pre)
> #jmp L(byte32sse2)
> .balign 16
> L(byte32sse2):
> @@ -881,7 +881,7 @@ L(byte32sse2):
> movdqa %xmm0,0x70(%rdi)
>
> lea 0x80(%rdi),%rdi
> - jge L(byte32sse2)
> + jae L(byte32sse2)
> add %r8,%rdi
> # ifndef PIC
> lea L(SSExDx)(%rip),%r11
> @@ -915,7 +915,7 @@ L(sse2_nt_move):
> movntdq %xmm0,0x70(%rdi)
>
> lea 0x80(%rdi),%rdi
> - jge L(sse2_nt_move)
> + jae L(sse2_nt_move)
> sfence
> add %r8,%rdi
> # ifndef PIC
--
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126