From 136bbceed946bc5d3db7f89a718939a75117dd1a Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mar 16 2024 14:38:14 +0000 Subject: Global dynamic TLS access may clobber RBX (#2269799) --- diff --git a/glibc-rh2269799.patch b/glibc-rh2269799.patch new file mode 100644 index 0000000..9deeae2 --- /dev/null +++ b/glibc-rh2269799.patch @@ -0,0 +1,34 @@ +Author: Florian Weimer +Date: Sat Mar 16 15:30:37 2024 +0100 + + x86-64: Stack alignment in _dl_tlsdesc_dynamic and red zone usage (bug 31501) + + In sysdeps/x86_64/dl-tlsdesc-dynamic.h, the stack pointer is + realigned for some variants (notably _dl_tlsdesc_dynamic_xsavec). + This realignment does not take into account that the function has + already used part of the red zone at this point, thus clobbering + the initally saved register values located there if the stack + alignment inherited from the caller is unfortunate. + +diff --git a/sysdeps/x86_64/dl-tlsdesc-dynamic.h b/sysdeps/x86_64/dl-tlsdesc-dynamic.h +index 9f02cfc3eb..8e49e7eece 100644 +--- a/sysdeps/x86_64/dl-tlsdesc-dynamic.h ++++ b/sysdeps/x86_64/dl-tlsdesc-dynamic.h +@@ -83,6 +83,8 @@ _dl_tlsdesc_dynamic: + 2: + #if DL_RUNTIME_RESOLVE_REALIGN_STACK + movq %rbx, -24(%rsp) ++ subq $24, %rsp ++ cfi_adjust_cfa_offset(24) + mov %RSP_LP, %RBX_LP + cfi_def_cfa_register(%rbx) + and $-STATE_SAVE_ALIGNMENT, %RSP_LP +@@ -153,6 +155,8 @@ _dl_tlsdesc_dynamic: + #if DL_RUNTIME_RESOLVE_REALIGN_STACK + mov %RBX_LP, %RSP_LP + cfi_def_cfa_register(%rsp) ++ addq $24, %rsp ++ cfi_adjust_cfa_offset(-24) + movq -24(%rsp), %rbx + cfi_restore(%rbx) + #else diff --git a/glibc.spec b/glibc.spec index 6845ba2..4749aaa 100644 --- a/glibc.spec +++ b/glibc.spec @@ -171,7 +171,7 @@ Version: %{glibcversion} # - It allows using the Release number without the %%dist tag in the dependency # generator to make the generated requires interchangeable between Rawhide # and ELN (.elnYY < .fcXX). -%global baserelease 7 +%global baserelease 8 Release: %{baserelease}%{?dist} # Licenses: @@ -281,6 +281,7 @@ Patch9: glibc-rh827510.patch Patch13: glibc-fedora-localedata-rh61908.patch Patch17: glibc-cs-path.patch Patch23: glibc-python3.patch +Patch24: glibc-rh2269799.patch ############################################################################## # Continued list of core "glibc" package information: @@ -2457,6 +2458,9 @@ update_gconv_modules_cache () %endif %changelog +* Sat Mar 16 2024 Florian Weimer - 2.39.9000-8 +- Global dynamic TLS access may clobber RBX (#2269799) + * Fri Mar 15 2024 Florian Weimer - 2.39.9000-7 - Do not generate ELF dependency information for glibc32