diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch')
| -rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch b/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch new file mode 100644 index 0000000000..2f08a90dd0 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch @@ -0,0 +1,174 @@ +Since the full ISA set used in an ELF binary is unknown to compiler, +an x86-64 ISA level marker indicates the minimum, not maximum, ISA set +required to run such an ELF binary. We never guarantee a library with +an x86-64 ISA level v3 marker doesn't contain other ISAs beyond x86-64 +ISA level v3, like AVX VNNI. We check the x86-64 ISA level marker for +the minimum ISA set. Since -march=sandybridge enables only some ISAs +in x86-64 ISA level v3, we should set the needed ISA marker to v2. +Otherwise, libc is compiled with -march=sandybridge will fail to run on +Sandy Bridge: + +$ ./elf/ld.so ./libc.so +./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3 + +Set the minimum, instead of maximum, x86-64 ISA level marker should have +no impact on the b-hwcaps directory assignment logic in ldconfig nor +ld.so. + +(cherry picked from commit 339bf918ea4830fb35614632e96f3aab3237adce) +--- + config.h.in | 6 ++++++ + sysdeps/x86/configure | 28 ++++++++++++++++++++++++++++ + sysdeps/x86/configure.ac | 16 ++++++++++++++++ + sysdeps/x86/isa-level.c | 25 ++++++++++++++----------- + 4 files changed, 64 insertions(+), 11 deletions(-) + +diff --git a/config.h.in b/config.h.in +--- a/config.h.in 2021-10-16 03:28:49.447573081 -0700 ++++ b/config.h.in 2021-10-16 03:29:38.626741181 -0700 +@@ -275,4 +275,10 @@ + /* Define if x86 ISA level should be included in shared libraries. */ + #undef INCLUDE_X86_ISA_LEVEL + ++/* Define if -msahf is enabled by default on x86. */ ++#undef HAVE_X86_LAHF_SAHF ++ ++/* Define if -mmovbe is enabled by default on x86. */ ++#undef HAVE_X86_MOVBE ++ + #endif +diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure +--- a/sysdeps/x86/configure 2021-10-16 03:28:49.587570713 -0700 ++++ b/sysdeps/x86/configure 2021-10-16 03:29:39.330729277 -0700 +@@ -126,6 +126,8 @@ cat > conftest2.S <<EOF + 4: + EOF + libc_cv_include_x86_isa_level=no ++libc_cv_have_x86_lahf_sahf=no ++libc_cv_have_x86_movbe=no + if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 +@@ -135,6 +137,24 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS + count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` + if test "$count" = 1; then + libc_cv_include_x86_isa_level=yes ++ cat > conftest.c <<EOF ++EOF ++ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c' ++ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; }; } | grep -q "\-msahf"; then ++ libc_cv_have_x86_lahf_sahf=yes ++ fi ++ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c' ++ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; }; } | grep -q "\-mmovbe"; then ++ libc_cv_have_x86_movbe=yes ++ fi + fi + fi + rm -f conftest* +@@ -145,5 +165,13 @@ if test $libc_cv_include_x86_isa_level = + $as_echo "#define INCLUDE_X86_ISA_LEVEL 1" >>confdefs.h + + fi ++if test $libc_cv_have_x86_lahf_sahf = yes; then ++ $as_echo "#define HAVE_X86_LAHF_SAHF 1" >>confdefs.h ++ ++fi ++if test $libc_cv_have_x86_movbe = yes; then ++ $as_echo "#define HAVE_X86_MOVBE 1" >>confdefs.h ++ ++fi + config_vars="$config_vars + enable-x86-isa-level = $libc_cv_include_x86_isa_level" +diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac +--- a/sysdeps/x86/configure.ac 2021-10-16 03:28:49.587570713 -0700 ++++ b/sysdeps/x86/configure.ac 2021-10-16 03:29:40.038717306 -0700 +@@ -98,14 +98,30 @@ cat > conftest2.S <<EOF + 4: + EOF + libc_cv_include_x86_isa_level=no ++libc_cv_have_x86_lahf_sahf=no ++libc_cv_have_x86_movbe=no + if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then + count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` + if test "$count" = 1; then + libc_cv_include_x86_isa_level=yes ++ cat > conftest.c <<EOF ++EOF ++ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-msahf"; then ++ libc_cv_have_x86_lahf_sahf=yes ++ fi ++ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-mmovbe"; then ++ libc_cv_have_x86_movbe=yes ++ fi + fi + fi + rm -f conftest*]) + if test $libc_cv_include_x86_isa_level = yes; then + AC_DEFINE(INCLUDE_X86_ISA_LEVEL) + fi ++if test $libc_cv_have_x86_lahf_sahf = yes; then ++ AC_DEFINE(HAVE_X86_LAHF_SAHF) ++fi ++if test $libc_cv_have_x86_movbe = yes; then ++ AC_DEFINE(HAVE_X86_MOVBE) ++fi + LIBC_CONFIG_VAR([enable-x86-isa-level], [$libc_cv_include_x86_isa_level]) +diff --git a/sysdeps/x86/isa-level.c b/sysdeps/x86/isa-level.c +--- a/sysdeps/x86/isa-level.c 2021-10-16 03:28:49.587570713 -0700 ++++ b/sysdeps/x86/isa-level.c 2021-10-16 03:29:40.766704997 -0700 +@@ -29,32 +29,35 @@ + + /* ELF program property for x86 ISA level. */ + #ifdef INCLUDE_X86_ISA_LEVEL +-# if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \ +- || defined __MMX__ || defined __SSE__ || defined __SSE2__ ++# if defined __SSE__ && defined __SSE2__ ++/* NB: ISAs, excluding MMX, in x86-64 ISA level baseline are used. */ + # define ISA_BASELINE GNU_PROPERTY_X86_ISA_1_BASELINE + # else + # define ISA_BASELINE 0 + # endif + +-# if defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \ +- || (defined __x86_64__ && defined __LAHF_SAHF__) \ +- || defined __POPCNT__ || defined __SSE3__ \ +- || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__ ++# if ISA_BASELINE && defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \ ++ && defined HAVE_X86_LAHF_SAHF && defined __POPCNT__ \ ++ && defined __SSE3__ && defined __SSSE3__ && defined __SSE4_1__ \ ++ && defined __SSE4_2__ ++/* NB: ISAs in x86-64 ISA level v2 are used. */ + # define ISA_V2 GNU_PROPERTY_X86_ISA_1_V2 + # else + # define ISA_V2 0 + # endif + +-# if defined __AVX__ || defined __AVX2__ || defined __F16C__ \ +- || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \ +- || defined __XSAVE__ ++# if ISA_V2 && defined __AVX__ && defined __AVX2__ && defined __F16C__ \ ++ && defined __FMA__ && defined __LZCNT__ && defined HAVE_X86_MOVBE ++/* NB: ISAs in x86-64 ISA level v3 are used. */ + # define ISA_V3 GNU_PROPERTY_X86_ISA_1_V3 + # else + # define ISA_V3 0 + # endif + +-# if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \ +- || defined __AVX512DQ__ || defined __AVX512VL__ ++# if ISA_V3 && defined __AVX512F__ && defined __AVX512BW__ \ ++ && defined __AVX512CD__ && defined __AVX512DQ__ \ ++ && defined __AVX512VL__ ++/* NB: ISAs in x86-64 ISA level v4 are used. */ + # define ISA_V4 GNU_PROPERTY_X86_ISA_1_V4 + # else + # define ISA_V4 0 |