Accepting request 1136423 from home:Andreas_Schwab:Factory

- sem-open-o-creat.patch: sem_open: Clear O_CREAT when semaphore file is
  expected to exist (BZ #30789)
- ldconfig-process-elf-file.patch: elf: Fix wrong break removal from
  8ee878592c
- tls-modid-reuse.patch: elf: Fix TLS modid reuse generation assignment
  (BZ #29039)
- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
  EAI_MEMORY (bsc#1217589, BZ #31163)
- libio-wdo-write.patch: libio: Check remaining buffer size in
  _IO_wdo_write (BZ #31183)

OBS-URL: https://build.opensuse.org/request/show/1136423
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=688
This commit is contained in:
Andreas Schwab 2024-01-03 09:37:21 +00:00 committed by Git OBS Bridge
parent ed6ce3ee60
commit 7d11a51c51
7 changed files with 273 additions and 1 deletions

View File

@ -0,0 +1,36 @@
From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Wed, 6 Dec 2023 14:48:22 +0100
Subject: [PATCH] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163)
When __resolv_context_get returns NULL due to out of memory, translate it
to a return value of EAI_MEMORY.
(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f)
---
sysdeps/posix/getaddrinfo.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 13082305d3..da573bea24 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
function variant. */
res_ctx = __resolv_context_get ();
if (res_ctx == NULL)
- no_more = 1;
+ {
+ if (errno == ENOMEM)
+ {
+ result = -EAI_MEMORY;
+ goto out;
+ }
+ no_more = 1;
+ }
while (!no_more)
{
--
2.43.0

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Tue Jan 2 11:30:46 UTC 2024 - Andreas Schwab <schwab@suse.de>
- sem-open-o-creat.patch: sem_open: Clear O_CREAT when semaphore file is
expected to exist (BZ #30789)
- ldconfig-process-elf-file.patch: elf: Fix wrong break removal from
8ee878592c
- tls-modid-reuse.patch: elf: Fix TLS modid reuse generation assignment
(BZ #29039)
- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
EAI_MEMORY (bsc#1217589, BZ #31163)
- libio-wdo-write.patch: libio: Check remaining buffer size in
_IO_wdo_write (BZ #31183)
-------------------------------------------------------------------
Tue Dec 5 11:52:03 UTC 2023 - Andreas Schwab <schwab@suse.de>

View File

@ -1,7 +1,7 @@
#
# spec file
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -333,6 +333,16 @@ Patch1013: tunables-string-parsing.patch
Patch1014: gb18030-2022.patch
# PATCH-FIX-UPSTREAM aarch64: correct CFI in rawmemchr (BZ #31113)
Patch1015: aarch64-rawmemchr-unwind.patch
# PATCH-FIX-UPSTREAM sysdeps: sem_open: Clear O_CREAT when semaphore file is expected to exist (BZ #30789)
Patch1016: sem-open-o-creat.patch
# PATCH-FIX-UPSTREAM elf: Fix wrong break removal from 8ee878592c
Patch1017: ldconfig-process-elf-file.patch
# PATCH-FIX-UPSTREAM elf: Fix TLS modid reuse generation assignment (BZ #29039)
Patch1018: tls-modid-reuse.patch
# PATCH-FIX-UPSTREAM getaddrinfo: translate ENOMEM to EAI_MEMORY (BZ #31163)
Patch1019: getaddrinfo-eai-memory.patch
# PATCH-FIX-UPSTREAM libio: Check remaining buffer size in _IO_wdo_write (BZ #31183)
Patch1020: libio-wdo-write.patch
###
# Patches awaiting upstream approval
@ -571,6 +581,11 @@ library in a cross compilation setting.
%patch1013 -p1
%patch1014 -p1
%patch1015 -p1
%patch1016 -p1
%patch1017 -p1
%patch1018 -p1
%patch1019 -p1
%patch1020 -p1
%endif
%patch2000 -p1

View File

@ -0,0 +1,26 @@
From bf5aa419cbf545d2cd09dc097e518033d6e4df5e Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu, 7 Dec 2023 11:17:35 -0300
Subject: [PATCH] elf: Fix wrong break removal from 8ee878592c
Reported-by: Alexander Monakov <amonakov@ispras.ru>
(cherry picked from commit 546a1ba664626603660b595662249d524e429013)
---
elf/readelflib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/elf/readelflib.c b/elf/readelflib.c
index f5b8c80e38..64f1d662a9 100644
--- a/elf/readelflib.c
+++ b/elf/readelflib.c
@@ -107,6 +107,7 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
case PT_INTERP:
program_interpreter = (char *) (file_contents + segment->p_offset);
check_ptr (program_interpreter);
+ break;
case PT_GNU_PROPERTY:
/* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes
--
2.43.0

36
libio-wdo-write.patch Normal file
View File

@ -0,0 +1,36 @@
From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 2 Jan 2024 14:36:17 +0100
Subject: [PATCH] libio: Check remaining buffer size in _IO_wdo_write (bug
31183)
The multibyte character needs to fit into the remaining buffer space,
not the already-written buffer space. Without the fix, we were never
moving the write pointer from the start of the buffer, always using
the single-character fallback buffer.
Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing
a multibyte character to an unbuffered stream (bug 17522)").
(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60)
---
NEWS | 1 +
libio/wfileops.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/libio/wfileops.c b/libio/wfileops.c
index f16f6db1c3..9ab8f2e7f3 100644
--- a/libio/wfileops.c
+++ b/libio/wfileops.c
@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do)
char mb_buf[MB_LEN_MAX];
char *write_base, *write_ptr, *buf_end;
- if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf))
+ if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf))
{
/* Make sure we have room for at least one multibyte
character. */
--
2.43.0

92
sem-open-o-creat.patch Normal file
View File

@ -0,0 +1,92 @@
From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001
From: Sergio Durigan Junior <sergiodj@sergiodj.net>
Date: Wed, 1 Nov 2023 18:15:23 -0400
Subject: [PATCH] sysdeps: sem_open: Clear O_CREAT when semaphore file is
expected to exist [BZ #30789]
When invoking sem_open with O_CREAT as one of its flags, we'll end up
in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag
& O_EXCL) == 0)", which means that we don't expect the semaphore file
to exist.
In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL
| O_CLOEXEC" and there's an attempt to open(2) the file, which will
likely fail because it won't exist. After that first (expected)
failure, some cleanup is done and we go back to the label "try_again",
which lives in the first part of the aforementioned "if".
The problem is that, in that part of the code, we expect the semaphore
file to exist, and as such O_CREAT (this time the flag we pass to
open(2)) needs to be cleaned from open_flags, otherwise we'll see
another failure (this time unexpected) when trying to open the file,
which will lead the call to sem_open to fail as well.
This can cause very strange bugs, especially with OpenMPI, which makes
extensive use of semaphores.
Fix the bug by simplifying the logic when choosing open(2) flags and
making sure O_CREAT is not set when the semaphore file is expected to
exist.
A regression test for this issue would require a complex and cpu time
consuming logic, since to trigger the wrong code path is not
straightforward due the racy condition. There is a somewhat reliable
reproducer in the bug, but it requires using OpenMPI.
This resolves BZ #30789.
See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912
Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
Co-Authored-By: Simon Chopin <simon.chopin@canonical.com>
Co-Authored-By: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)")
(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147)
---
NEWS | 2 ++
sysdeps/pthread/sem_open.c | 10 ++++------
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c
index e5db929d20..0e331a7445 100644
--- a/sysdeps/pthread/sem_open.c
+++ b/sysdeps/pthread/sem_open.c
@@ -32,11 +32,12 @@
# define __unlink unlink
#endif
+#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC)
+
sem_t *
__sem_open (const char *name, int oflag, ...)
{
int fd;
- int open_flags;
sem_t *result;
/* Check that shared futexes are supported. */
@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...)
/* If the semaphore object has to exist simply open it. */
if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0)
{
- open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC;
- open_flags |= (oflag & ~(O_CREAT|O_ACCMODE));
try_again:
- fd = __open (dirname.name, open_flags);
+ fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS);
if (fd == -1)
{
@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...)
}
/* Open the file. Make sure we do not overwrite anything. */
- open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC;
- fd = __open (tmpfname, open_flags, mode);
+ fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode);
if (fd == -1)
{
if (errno == EEXIST)
--
2.43.0

53
tls-modid-reuse.patch Normal file
View File

@ -0,0 +1,53 @@
From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Tue, 28 Nov 2023 15:23:07 +0900
Subject: [PATCH] elf: Fix TLS modid reuse generation assignment (BZ 29039)
_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but
does *not* do anything to the generation counter. The first time this
happens, the generation is zero and map_generation() returns the current
generation to be used during relocation processing. However, if
a slotinfo entry is later reused, it will already have a generation
assigned. If this generation has fallen behind the current global max
generation, then this causes an obsolete generation to be assigned
during relocation processing, as map_generation() returns this
generation if nonzero. _dl_add_to_slotinfo() eventually resets the
generation, but by then it is too late. This causes DTV updates to be
skipped, leading to NULL or broken TLS slot pointers and segfaults.
Fix this by resetting the generation to zero in _dl_assign_tls_modid(),
so it behaves the same as the first time a slot is assigned.
_dl_add_to_slotinfo() will still assign the correct static generation
later during module load, but relocation processing will no longer use
an obsolete generation.
Note that slotinfo entry (aka modid) reuse typically happens after a
dlclose and only TLS access via dynamic tlsdesc is affected. Because
tlsdesc is optimized to use the optional part of static TLS, dynamic
tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls
tunable to a large enough value, or by LD_PRELOAD-ing the affected
modules.
Fixes bug 29039.
Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59)
---
elf/dl-tls.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/elf/dl-tls.c b/elf/dl-tls.c
index 99b83ca696..1f6f820819 100644
--- a/elf/dl-tls.c
+++ b/elf/dl-tls.c
@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l)
{
/* Mark the entry as used, so any dependency see it. */
atomic_store_relaxed (&runp->slotinfo[result - disp].map, l);
+ atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0);
break;
}
--
2.43.0