| Message ID | 20231221034212.2608829-1-hjl.tools@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | x86-64: Fix the tcb field load for x32 [BZ #31185] | expand |
On Wed, Dec 20, 2023 at 7:42 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer > via the tcb field in TCB: > > _dl_tlsdesc_undefweak: > _CET_ENDBR > movq 8(%rax), %rax > subq %fs:0, %rax > ret > > _dl_tlsdesc_dynamic: > ... > subq %fs:0, %rax > movq -8(%rsp), %rdi > ret > > Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location, > not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since > _dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic > returns void *, RAX_LP is appropriate here for x32 and x86-64. This > fixes BZ #31185. > --- > sysdeps/x86_64/dl-tlsdesc.S | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S > index c4823547d7..4579424bf7 100644 > --- a/sysdeps/x86_64/dl-tlsdesc.S > +++ b/sysdeps/x86_64/dl-tlsdesc.S > @@ -61,7 +61,7 @@ _dl_tlsdesc_return: > _dl_tlsdesc_undefweak: > _CET_ENDBR > movq 8(%rax), %rax > - subq %fs:0, %rax > + sub %fs:0, %RAX_LP > ret > cfi_endproc > .size _dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak > @@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic: > addq TLSDESC_MODOFF(%rdi), %rax > .Lret: > movq -16(%rsp), %rsi > - subq %fs:0, %rax > + sub %fs:0, %RAX_LP > movq -8(%rsp), %rdi > ret > .Lslow: > -- > 2.43.0 > I will check it in tomorrow and back it to release branches later. Thanks.
diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S index c4823547d7..4579424bf7 100644 --- a/sysdeps/x86_64/dl-tlsdesc.S +++ b/sysdeps/x86_64/dl-tlsdesc.S @@ -61,7 +61,7 @@ _dl_tlsdesc_return: _dl_tlsdesc_undefweak: _CET_ENDBR movq 8(%rax), %rax - subq %fs:0, %rax + sub %fs:0, %RAX_LP ret cfi_endproc .size _dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak @@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic: addq TLSDESC_MODOFF(%rdi), %rax .Lret: movq -16(%rsp), %rsi - subq %fs:0, %rax + sub %fs:0, %RAX_LP movq -8(%rsp), %rdi ret .Lslow:
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer via the tcb field in TCB: _dl_tlsdesc_undefweak: _CET_ENDBR movq 8(%rax), %rax subq %fs:0, %rax ret _dl_tlsdesc_dynamic: ... subq %fs:0, %rax movq -8(%rsp), %rdi ret Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location, not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since _dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic returns void *, RAX_LP is appropriate here for x32 and x86-64. This fixes BZ #31185. --- sysdeps/x86_64/dl-tlsdesc.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)