This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/17630] endless loop in getaddr_r (CVE-2014-9402)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 14 Jan 2015 12:19:39 +0000
- Subject: [Bug network/17630] endless loop in getaddr_r (CVE-2014-9402)
- Auto-submitted: auto-generated
- References: <bug-17630-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17630
--- Comment #14 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, ibm/2.20/master has been created
at 4286dfe63ed09a16328cfd7d7f6c08d8db5297b5 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4286dfe63ed09a16328cfd7d7f6c08d8db5297b5
commit 4286dfe63ed09a16328cfd7d7f6c08d8db5297b5
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Sun Jan 11 19:33:17 2015 -0600
powerpc: Fix POWER7/PPC64 performance regression on LE
This patch fixes a performance regression on the POWER7/PPC64 memcmp
porting for Little Endian. The LE code uses 'ldbrx' instruction to read
the memory on byte reversed form, however ISA 2.06 just provide the indexed
form which uses a register value as additional index, instead of a fixed
value
enconded in the instruction.
And the port strategy for LE uses r0 index value and update the address
value on each compare loop interation. For large compare size values,
it adds 8 more instructions plus some more depending of trailing
size. This patch fixes it by adding pre-calculate indexes to remove the
address update on loops and tailing sizes.
For large sizes it shows a considerable gain, with double performance
pairing with BE.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=118c286f3e1020482e6cbafc3707efcc70114aa8
commit 118c286f3e1020482e6cbafc3707efcc70114aa8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Fri Jan 9 16:04:26 2015 -0500
powerpc: Optimized strncmp for POWER8/PPC64
This patch adds an optimized POWER8 strncmp. The implementation focus
on speeding up unaligned cases follwing the ideas of power8 strcmp.
The algorithm first check the initial 16 bytes, then align the first
function source and uses unaligned loads on second argument only.
Aditional checks for page boundaries are done for unaligned cases
(where sources alignment are different).
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ce698f2ab31cd4aa23673ae75af48a345044a883
commit ce698f2ab31cd4aa23673ae75af48a345044a883
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date: Fri Jan 9 11:56:35 2015 -0500
powerpc: Optimize POWER7 strcmp trailing checks
This patch optimized the POWER7 trailing check by avoiding using byte
read operations and instead use the doubleword already readed with
bitwise operations.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5c3ef9d5b29a74d959a020ab9b0ef3a8aa2b31e2
commit 5c3ef9d5b29a74d959a020ab9b0ef3a8aa2b31e2
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Jan 7 07:18:30 2015 -0500
powerpc: Optimized strcmp for POWER8/PPC64
This patch adds an optimized POWER8 strcmp using unaligned accesses.
The algorithm first check the initial 16 bytes, then align the first
function source and uses unaligned loads on second argument only.
Aditional checks for page boundaries are done for unaligned cases
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=167ab637b959cfe5f7c6354bb48e871d4bd22f7f
commit 167ab637b959cfe5f7c6354bb48e871d4bd22f7f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Dec 31 11:47:41 2014 -0500
powerpc: Optimized st{r,p}ncpy for POWER8/PPC64
This patch adds an optimized POWER8 st{r,p}ncpy using unaligned accesses.
It shows 10%-80% improvement over the optimized POWER7 one that uses
only aligned accesses, specially on unaligned inputs.
The algorithm first read and check 16 bytes (if inputs do not cross a 4K
page size). The it realign source to 16-bytes and issue a 16 bytes read
and compare loop to speedup null byte checks for large strings. Also,
different from POWER7 optimization, the null pad is done inline in the
implementation using possible unaligned accesses, instead of realying on
a memset call. Special case is added for page cross reads.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2d9a4f5291f7d94a6b713a121e10a272176d6150
commit 2d9a4f5291f7d94a6b713a121e10a272176d6150
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Dec 23 13:39:23 2014 -0500
powerpc: Optimized strncat for POWER7/PPC64
With 3eb38795dbbbd816 (Simplify strncat) the generic algorithms uses
strlen, strnlen, and memcpy. This is faster than POWER7 current
implementation, especially for unaligned strings (where POWER7 code
uses byte-byte operations).
This patch removes the assembly implementation and uses a multiarch
specialization based on default algorithm calling optimized POWER7
symbols.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9bbee93b47dd16f5c9786621634feacf2e450bb3
commit 9bbee93b47dd16f5c9786621634feacf2e450bb3
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Dec 23 13:36:34 2014 -0500
powerpc: Optimized strcat for POWER8/PPC64
With new optimized strcpy for POWER8, this patch adds an optimized
strcat which uses it along with default implementation at strings/.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e28541972ba35488f0a94dd55f635f70ce459816
commit e28541972ba35488f0a94dd55f635f70ce459816
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Dec 23 05:59:44 2014 -0600
powerpc: Optimized st{r,p}cpy for POWER8/PPC64
This patch adds an optimized POWER8 strcpy using unaligned accesses.
For strings up to 16 bytes the implementation first calculate the
string size, like strlen, and issues a memcpy. For larger strings,
source is first aligned to 16 bytes and then tested over a loop that
reads 16 bytes am combine the cmpb results for speedup. Special case is
added for page cross reads.
It shows 30%-60% improvement over the optimized POWER7 one that uses
only aligned accesses.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e231e34bbff6e4a3ba137bb8610234ebd83496c3
commit e231e34bbff6e4a3ba137bb8610234ebd83496c3
Author: Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
Date: Wed Dec 31 14:05:00 2014 -0500
powerpc: POWER7 strcpy optimization for unaligned strings
This patch optimizes strcpy for ppc64/power7 for unaligned source or
destination address. The source or destination address is aligned
to doubleword and data is shifted based on the alignment and
added with the previous loaded data to be written as a doubleword.
For each load, cmpb instruction is used for faster null check.
The word aligned optimization is also removed, since the new unaligned
code path shows better results handling word-aligned strings.
More combination of unaligned inputs is also added in benchtest
to measure the improvement.The new optimization shows 2 to 80% of
performance improvement for longer string though it does not show
big difference on string size less than 16 due to additional checks.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8db5b2abee8383d90abbc40a52f8492c003fbfaa
commit 8db5b2abee8383d90abbc40a52f8492c003fbfaa
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Dec 15 17:41:13 2014 +0100
Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7fadf519dbbb5e22e6a5d80928ed6956d8875229
commit 7fadf519dbbb5e22e6a5d80928ed6956d8875229
Author: Jeff Law <law@redhat.com>
Date: Mon Dec 15 10:09:32 2014 +0100
CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
A larger number of format specifiers coudld cause a stack overflow,
potentially allowing to bypass _FORTIFY_SOURCE format string
protection.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4539e3dd986c5c4b60890349dec6c28e18c93365
commit 4539e3dd986c5c4b60890349dec6c28e18c93365
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 19 16:27:56 2014 -0500
powerpc: Add powerpc64 strpbrk optimization
This patch makes the POWER7 optimized strpbrk generic by using
default doubleword stores to zero the hash, instead of VSX
instructions. Performance on POWER7/POWER8 does not change.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b6891a48131015cbe2d88ba5796c94ba13f88e8f
commit b6891a48131015cbe2d88ba5796c94ba13f88e8f
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 19 15:24:55 2014 -0500
powerpc: Add powerpc64 strcspn optimization
This patch makes the POWER7 optimized strcspn generic by using
default doubleword stores to zero the hash, instead of VSX
instructions. Performance on POWER7/POWER8 does not change.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bbab2dadf543ab9e012b7573ccb0ef80c11962c
commit 5bbab2dadf543ab9e012b7573ccb0ef80c11962c
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 19 14:24:18 2014 -0500
powerpc: Add powerpc64 strspn optimization
This patch makes the POWER7 optimized strspn generic by using
default doubleword stores to zero the hash, instead of VSX
instructions. Performance on POWER7/POWER8 machines does not changed.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8b063985c1a750a1947fcf60e4606a3b0d7d0f37
commit 8b063985c1a750a1947fcf60e4606a3b0d7d0f37
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Nov 25 14:32:54 2014 -0500
powerpc: Fix missing barriers in atomic_exchange_and_add_{acq,rel}
On powerpc, atomic_exchange_and_add is implemented without any
barriers. This patchs adds the missing instruction and memory barrier
for acquire and release semanthics.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=364c58517bdcc91c5bf1fcb57b4befff8951a51b
commit 364c58517bdcc91c5bf1fcb57b4befff8951a51b
Author: Anton Blanchard <anton@samba.org>
Date: Tue Nov 25 07:26:12 2014 -0500
powerpc: Fix __arch_compare_and_exchange_bool_64_rel
Fix a typo in the inline assembly.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=133a24ba079abf1e762bd4d85670e0bd8df660c4
commit 133a24ba079abf1e762bd4d85670e0bd8df660c4
Author: Carlos O'Donell <carlos@redhat.com>
Date: Wed Nov 19 11:44:12 2014 -0500
CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
The function wordexp() fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of "$((... ``))"
where "..." can be anything valid. The backticks in the arithmetic
epxression are evaluated by in a shell even if WRDE_NOCMD forbade
command substitution. This allows an attacker to attempt to pass
dangerous commands via constructs of the above form, and bypass
the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
in exec_comm(), the only place that can execute a shell. All other
checks for WRDE_NOCMD are superfluous and removed.
We expand the testsuite and add 3 new regression tests of roughly
the same form but with a couple of nested levels.
On top of the 3 new tests we add fork validation to the WRDE_NOCMD
testing. If any forks are detected during the execution of a wordexp()
call with WRDE_NOCMD, the test is marked as failed. This is slightly
heuristic since vfork might be used in the future, but it provides a
higher level of assurance that no shells were executed as part of
command substitution with WRDE_NOCMD in effect. In addition it doesn't
require libpthread or libdl, instead we use the public implementation
namespace function __register_atfork (already part of the public ABI
for libpthread).
Tested on x86_64 with no regressions.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f8fbd413672816a429adc6b6c191ec8ea73421e8
commit f8fbd413672816a429adc6b6c191ec8ea73421e8
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Nov 5 08:01:09 2014 -0500
powerpc: Simplify encoding of POWER8 instruction
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e154589132de915ef165a1e26f89ba6997170c2b
commit e154589132de915ef165a1e26f89ba6997170c2b
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Mon Nov 3 07:26:33 2014 -0500
powerpc: Fix encoding of POWER8 instruction
This patch adds a binary encoding for 'mtvsrd' instruction to avoid
build failures when assembler does not support POWER8.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46f58099960f7a2603c37c540d2644e392f0fdc7
commit 46f58099960f7a2603c37c540d2644e392f0fdc7
Author: Torvald Riegel <triegel@redhat.com>
Date: Sat Oct 18 01:01:58 2014 +0200
powerpc: Change atomic_write_barrier to have release semantics.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5f892cacbdf50322bc3ee2e131c105c71b495086
commit 5f892cacbdf50322bc3ee2e131c105c71b495086
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Jul 15 12:19:09 2014 -0400
PowerPC: memset optimization for POWER8/PPC64
This patch adds an optimized memset implementation for POWER8. For
sizes from 0 to 255 bytes, a word/doubleword algorithm similar to
POWER7 optimized one is used.
For size higher than 255 two strategies are used:
1. If the constant is different than 0, the memory is written with
altivec vector instruction;
2. If constant is 0, dbcz instructions are used. The loop is unrolled
to clear 512 byte at time.
Using vector instructions increases throughput considerable, with a
double performance for sizes larger than 1024. The dcbz loops unrolls
also shows performance improvement, by doubling throughput for sizes
larger than 8192 bytes.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6bb56b6914e6435e251814a3a0ccd7fb65a7e36
commit e6bb56b6914e6435e251814a3a0ccd7fb65a7e36
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Tue Jul 15 16:54:46 2014 -0400
PowerPC: multiarch bzero cleanup for PPC64
This patch cleanups the multiarch bzero for powerpc64 by remove
the multiarch objects and use instead the the memset embedded
implementation presented in each multiarch optimization. The
code generate is essentially the same, but the TB_TOCLESS (which
is not essential).
Conflicts:
ChangeLog
This is backport of 3b473fecdf4c52989cd915b649bb6d26c042d048.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10f5f4c8edc35b4c3912456ffee820975e20a50b
commit 10f5f4c8edc35b4c3912456ffee820975e20a50b
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date: Fri Nov 15 07:44:20 2013 -0600
Partially revert commit 2663b74f8103a2a8a46b4896439b7a452480fc7c
This change is necessary in order to avoid the issue documented at
http://sourceware.org/ml/libc-alpha/2013-05/msg00350.html.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6f905009b29769bd27077389ce4379d5de80df2
commit e6f905009b29769bd27077389ce4379d5de80df2
Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com>
Date: Fri Nov 15 07:42:33 2013 -0600
Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so.
-----------------------------------------------------------------------
--
You are receiving this mail because:
You are on the CC list for the bug.