This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/17630] endless loop in getaddr_r (CVE-2014-9402)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 12 Feb 2015 13:05:09 +0000
- Subject: [Bug network/17630] endless loop in getaddr_r (CVE-2014-9402)
- Auto-submitted: auto-generated
- References: <bug-17630-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17630
--- Comment #22 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, ibm/2.20/master has been created
at d3b0c8db9a4080c4f8a71cbf6912c05422094594 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d3b0c8db9a4080c4f8a71cbf6912c05422094594
commit d3b0c8db9a4080c4f8a71cbf6912c05422094594
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Thu Feb 12 05:34:16 2015 -0600
powerpc: Fix TABORT encoding for little endian
This patch fix the TABORT encoding for toolchains with no support for
HTM builtins.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1d19c9bc0dabb1d10c07cf4eec063f9da8406c2f
commit 1d19c9bc0dabb1d10c07cf4eec063f9da8406c2f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Fri Nov 7 12:34:52 2014 -0500
powerpc: abort transaction in syscalls
Linux kernel powerpc documentation states issuing a syscall inside a
transaction is not recommended and may lead to undefined behavior. It
also states syscalls does not abort transactoin neither they run in
transactional state.
To avoid side-effects being visible outside transactions, GLIBC with
lock elision enabled will issue a transaction abort instruction just
before all syscalls if hardware supports hardware transactions.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f7cecb9cf4b370c3d72f67e048bb07e238cf110
commit 0f7cecb9cf4b370c3d72f67e048bb07e238cf110
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Fri Nov 7 12:30:56 2014 -0500
powerpc: Add adaptive elision to rwlocks
This patch adds support for lock elision using ISA 2.07 hardware
transactional memory for rwlocks. The logic is similar to the
one presented in pthread_mutex lock elision.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1d45200a803939be3316b7ddf442906d544e9d43
commit 1d45200a803939be3316b7ddf442906d544e9d43
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Fri Nov 7 12:25:32 2014 -0500
powerpc: Add the lock elision using HTM
This patch adds support for lock elision using ISA 2.07 hardware
transactional memory instructions for pthread_mutex primitives.
Similar to s390 version, the for elision logic defined in
'force-elision.h' is only enabled if ENABLE_LOCK_ELISION is defined.
Also, the lock elision code should be able to be built even with
a compiler that does not provide HTM support with builtins.
However I have noted the performance is sub-optimal due scheduling
pressures.
Conflicts:
ChangeLog
NEWS
sysdeps/unix/sysv/linux/powerpc/lowlevellock.h
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6831ddb38379c1924bd19b3203d161a4c3ed1e2e
commit 6831ddb38379c1924bd19b3203d161a4c3ed1e2e
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Sun Jan 11 19:33:17 2015 -0600
powerpc: Fix POWER7/PPC64 performance regression on LE
This patch fixes a performance regression on the POWER7/PPC64 memcmp
porting for Little Endian. The LE code uses 'ldbrx' instruction to read
the memory on byte reversed form, however ISA 2.06 just provide the indexed
form which uses a register value as additional index, instead of a fixed
value
enconded in the instruction.
And the port strategy for LE uses r0 index value and update the address
value on each compare loop interation. For large compare size values,
it adds 8 more instructions plus some more depending of trailing
size. This patch fixes it by adding pre-calculate indexes to remove the
address update on loops and tailing sizes.
For large sizes it shows a considerable gain, with double performance
pairing with BE.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=473b6083820fd156985bf7b2cb60db9d4031b536
commit 473b6083820fd156985bf7b2cb60db9d4031b536
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Fri Jan 9 16:04:26 2015 -0500
powerpc: Optimized strncmp for POWER8/PPC64
This patch adds an optimized POWER8 strncmp. The implementation focus
on speeding up unaligned cases follwing the ideas of power8 strcmp.
The algorithm first check the initial 16 bytes, then align the first
function source and uses unaligned loads on second argument only.
Aditional checks for page boundaries are done for unaligned cases
(where sources alignment are different).
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=299b9464d9a1a48bbcfbc1c7a99604091ec5248f
commit 299b9464d9a1a48bbcfbc1c7a99604091ec5248f
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date: Fri Jan 9 11:56:35 2015 -0500
powerpc: Optimize POWER7 strcmp trailing checks
This patch optimized the POWER7 trailing check by avoiding using byte
read operations and instead use the doubleword already readed with
bitwise operations.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f0685edc6676c7266fdc30fd0769fb88d058f04
commit 6f0685edc6676c7266fdc30fd0769fb88d058f04
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Jan 7 07:18:30 2015 -0500
powerpc: Optimized strcmp for POWER8/PPC64
This patch adds an optimized POWER8 strcmp using unaligned accesses.
The algorithm first check the initial 16 bytes, then align the first
function source and uses unaligned loads on second argument only.
Aditional checks for page boundaries are done for unaligned cases
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a38f68f12fd03374d599eeb0b6943e50b0ff7348
commit a38f68f12fd03374d599eeb0b6943e50b0ff7348
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Dec 31 11:47:41 2014 -0500
powerpc: Optimized st{r,p}ncpy for POWER8/PPC64
This patch adds an optimized POWER8 st{r,p}ncpy using unaligned accesses.
It shows 10%-80% improvement over the optimized POWER7 one that uses
only aligned accesses, specially on unaligned inputs.
The algorithm first read and check 16 bytes (if inputs do not cross a 4K
page size). The it realign source to 16-bytes and issue a 16 bytes read
and compare loop to speedup null byte checks for large strings. Also,
different from POWER7 optimization, the null pad is done inline in the
implementation using possible unaligned accesses, instead of realying on
a memset call. Special case is added for page cross reads.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4242356131256e54ca3e96b0c6f2af773b7a69c8
commit 4242356131256e54ca3e96b0c6f2af773b7a69c8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Dec 23 13:39:23 2014 -0500
powerpc: Optimized strncat for POWER7/PPC64
With 3eb38795dbbbd816 (Simplify strncat) the generic algorithms uses
strlen, strnlen, and memcpy. This is faster than POWER7 current
implementation, especially for unaligned strings (where POWER7 code
uses byte-byte operations).
This patch removes the assembly implementation and uses a multiarch
specialization based on default algorithm calling optimized POWER7
symbols.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=11ce06e589429143595a6c4b60ac7ab6372201b1
commit 11ce06e589429143595a6c4b60ac7ab6372201b1
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Dec 23 13:36:34 2014 -0500
powerpc: Optimized strcat for POWER8/PPC64
With new optimized strcpy for POWER8, this patch adds an optimized
strcat which uses it along with default implementation at strings/.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a9728856f02f74b60a546499c5bd8492d1726f98
commit a9728856f02f74b60a546499c5bd8492d1726f98
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Dec 23 05:59:44 2014 -0600
powerpc: Optimized st{r,p}cpy for POWER8/PPC64
This patch adds an optimized POWER8 strcpy using unaligned accesses.
For strings up to 16 bytes the implementation first calculate the
string size, like strlen, and issues a memcpy. For larger strings,
source is first aligned to 16 bytes and then tested over a loop that
reads 16 bytes am combine the cmpb results for speedup. Special case is
added for page cross reads.
It shows 30%-60% improvement over the optimized POWER7 one that uses
only aligned accesses.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b53db929e654aaf97a2a239e17a87b04c768b854
commit b53db929e654aaf97a2a239e17a87b04c768b854
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date: Wed Dec 31 14:05:00 2014 -0500
powerpc: POWER7 strcpy optimization for unaligned strings
This patch optimizes strcpy for ppc64/power7 for unaligned source or
destination address. The source or destination address is aligned
to doubleword and data is shifted based on the alignment and
added with the previous loaded data to be written as a doubleword.
For each load, cmpb instruction is used for faster null check.
The word aligned optimization is also removed, since the new unaligned
code path shows better results handling word-aligned strings.
More combination of unaligned inputs is also added in benchtest
to measure the improvement.The new optimization shows 2 to 80% of
performance improvement for longer string though it does not show
big difference on string size less than 16 due to additional checks.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f4f9fb08d49740d9f18918bcf9d45ca594f416ee
commit f4f9fb08d49740d9f18918bcf9d45ca594f416ee
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Dec 15 17:41:13 2014 +0100
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b
commit 5985c6ea868db23380977a35a2167549f9a3653b
Author: Jeff Law <law@redhat.com>
Date: Mon Dec 15 10:09:32 2014 +0100
CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
A larger number of format specifiers coudld cause a stack overflow,
potentially allowing to bypass _FORTIFY_SOURCE format string
protection.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8647419a62d1d5641488ca6430bb679cf1e766e0
commit 8647419a62d1d5641488ca6430bb679cf1e766e0
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 19 16:27:56 2014 -0500
powerpc: Add powerpc64 strpbrk optimization
This patch makes the POWER7 optimized strpbrk generic by using
default doubleword stores to zero the hash, instead of VSX
instructions. Performance on POWER7/POWER8 does not change.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9f30622819b4d3685c0d448f3a3d49032472b07
commit f9f30622819b4d3685c0d448f3a3d49032472b07
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 19 15:24:55 2014 -0500
powerpc: Add powerpc64 strcspn optimization
This patch makes the POWER7 optimized strcspn generic by using
default doubleword stores to zero the hash, instead of VSX
instructions. Performance on POWER7/POWER8 does not change.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97104a4e2b866aae6a6593286b6c584339ef29d3
commit 97104a4e2b866aae6a6593286b6c584339ef29d3
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 19 14:24:18 2014 -0500
powerpc: Add powerpc64 strspn optimization
This patch makes the POWER7 optimized strspn generic by using
default doubleword stores to zero the hash, instead of VSX
instructions. Performance on POWER7/POWER8 machines does not changed.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d3e53c8246952898cd1fd23dfa0657b03db0e36b
commit d3e53c8246952898cd1fd23dfa0657b03db0e36b
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date: Mon Dec 1 09:03:58 2014 -0500
powerpc: strtok{_r} optimization for powerpc64
This patch optimizes strtok and strtok_r for POWERPC64.
A table of 256 characters is created and marked based on
the 'accept' argument and used to check for any occurance on
the input string.Loop unrolling is also used to gain improvements.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8b063985c1a750a1947fcf60e4606a3b0d7d0f37
commit 8b063985c1a750a1947fcf60e4606a3b0d7d0f37
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Nov 25 14:32:54 2014 -0500
powerpc: Fix missing barriers in atomic_exchange_and_add_{acq,rel}
On powerpc, atomic_exchange_and_add is implemented without any
barriers. This patchs adds the missing instruction and memory barrier
for acquire and release semanthics.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=364c58517bdcc91c5bf1fcb57b4befff8951a51b
commit 364c58517bdcc91c5bf1fcb57b4befff8951a51b
Author: Anton Blanchard <anton@samba.org>
Date: Tue Nov 25 07:26:12 2014 -0500
powerpc: Fix __arch_compare_and_exchange_bool_64_rel
Fix a typo in the inline assembly.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=133a24ba079abf1e762bd4d85670e0bd8df660c4
commit 133a24ba079abf1e762bd4d85670e0bd8df660c4
Author: Carlos O'Donell <carlos@redhat.com>
Date: Wed Nov 19 11:44:12 2014 -0500
CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
The function wordexp() fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of "$((... ``))"
where "..." can be anything valid. The backticks in the arithmetic
epxression are evaluated by in a shell even if WRDE_NOCMD forbade
command substitution. This allows an attacker to attempt to pass
dangerous commands via constructs of the above form, and bypass
the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
in exec_comm(), the only place that can execute a shell. All other
checks for WRDE_NOCMD are superfluous and removed.
We expand the testsuite and add 3 new regression tests of roughly
the same form but with a couple of nested levels.
On top of the 3 new tests we add fork validation to the WRDE_NOCMD
testing. If any forks are detected during the execution of a wordexp()
call with WRDE_NOCMD, the test is marked as failed. This is slightly
heuristic since vfork might be used in the future, but it provides a
higher level of assurance that no shells were executed as part of
command substitution with WRDE_NOCMD in effect. In addition it doesn't
require libpthread or libdl, instead we use the public implementation
namespace function __register_atfork (already part of the public ABI
for libpthread).
Tested on x86_64 with no regressions.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f8fbd413672816a429adc6b6c191ec8ea73421e8
commit f8fbd413672816a429adc6b6c191ec8ea73421e8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 5 08:01:09 2014 -0500
powerpc: Simplify encoding of POWER8 instruction
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e154589132de915ef165a1e26f89ba6997170c2b
commit e154589132de915ef165a1e26f89ba6997170c2b
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Mon Nov 3 07:26:33 2014 -0500
powerpc: Fix encoding of POWER8 instruction
This patch adds a binary encoding for 'mtvsrd' instruction to avoid
build failures when assembler does not support POWER8.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46f58099960f7a2603c37c540d2644e392f0fdc7
commit 46f58099960f7a2603c37c540d2644e392f0fdc7
Author: Torvald Riegel <triegel@redhat.com>
Date: Sat Oct 18 01:01:58 2014 +0200
powerpc: Change atomic_write_barrier to have release semantics.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5f892cacbdf50322bc3ee2e131c105c71b495086
commit 5f892cacbdf50322bc3ee2e131c105c71b495086
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Jul 15 12:19:09 2014 -0400
PowerPC: memset optimization for POWER8/PPC64
This patch adds an optimized memset implementation for POWER8. For
sizes from 0 to 255 bytes, a word/doubleword algorithm similar to
POWER7 optimized one is used.
For size higher than 255 two strategies are used:
1. If the constant is different than 0, the memory is written with
altivec vector instruction;
2. If constant is 0, dbcz instructions are used. The loop is unrolled
to clear 512 byte at time.
Using vector instructions increases throughput considerable, with a
double performance for sizes larger than 1024. The dcbz loops unrolls
also shows performance improvement, by doubling throughput for sizes
larger than 8192 bytes.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6bb56b6914e6435e251814a3a0ccd7fb65a7e36
commit e6bb56b6914e6435e251814a3a0ccd7fb65a7e36
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Jul 15 16:54:46 2014 -0400
PowerPC: multiarch bzero cleanup for PPC64
This patch cleanups the multiarch bzero for powerpc64 by remove
the multiarch objects and use instead the the memset embedded
implementation presented in each multiarch optimization. The
code generate is essentially the same, but the TB_TOCLESS (which
is not essential).
Conflicts:
ChangeLog
This is backport of 3b473fecdf4c52989cd915b649bb6d26c042d048.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10f5f4c8edc35b4c3912456ffee820975e20a50b
commit 10f5f4c8edc35b4c3912456ffee820975e20a50b
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date: Fri Nov 15 07:44:20 2013 -0600
Partially revert commit 2663b74f8103a2a8a46b4896439b7a452480fc7c
This change is necessary in order to avoid the issue documented at
http://sourceware.org/ml/libc-alpha/2013-05/msg00350.html.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6f905009b29769bd27077389ce4379d5de80df2
commit e6f905009b29769bd27077389ce4379d5de80df2
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date: Fri Nov 15 07:42:33 2013 -0600
Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so.
-----------------------------------------------------------------------
--
You are receiving this mail because:
You are on the CC list for the bug.