Bug 31371 - x86-64: APX and Tile registers aren't preserved in ld.so trampoline
Summary: x86-64: APX and Tile registers aren't preserved in ld.so trampoline
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: dynamic-link (show other bugs)
Version: 2.40
: P2 normal
Target Milestone: 2.40
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-11 18:21 UTC by H.J. Lu
Modified: 2024-06-19 21:50 UTC (History)
4 users (show)

See Also:
Host:
Target: x86-64
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description H.J. Lu 2024-02-11 18:21:32 UTC 
Because of:

/* Save SSE, AVX, AVX512, mask and bound registers.  */
#define STATE_SAVE_MASK \
  ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 5) | (1 << 6) | (1 << 7))

APX registers aren't preserved.
Comment 1 Florian Weimer 2024-02-11 19:38:55 UTC 
This only matters if BIND_NOW is used with a non-psABI calling convention, right?
Comment 2 H.J. Lu 2024-02-11 19:44:06 UTC 
(In reply to Florian Weimer from comment #1)
> This only matters if BIND_NOW is used with a non-psABI calling convention,
> right?

Did you mean "BIND_NOW isn't used"?
Comment 3 Florian Weimer 2024-02-11 20:56:36 UTC 
(In reply to H.J. Lu from comment #2)
> (In reply to Florian Weimer from comment #1)
> > This only matters if BIND_NOW is used with a non-psABI calling convention,
> > right?
> 
> Did you mean "BIND_NOW isn't used"?

Yes, indeed.
Comment 4 H.J. Lu 2024-02-11 22:21:48 UTC 
(In reply to Florian Weimer from comment #3)
> (In reply to H.J. Lu from comment #2)
> > (In reply to Florian Weimer from comment #1)
> > > This only matters if BIND_NOW is used with a non-psABI calling convention,
> > > right?
> > 
> > Did you mean "BIND_NOW isn't used"?
> 
> Yes, indeed.

Then it is correct.  I am testing a simple fix.
Comment 5 Sourceware Commits 2024-02-25 17:22:58 UTC 
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfb05f8e704edac70db38c4c8ee700769d91a413

commit dfb05f8e704edac70db38c4c8ee700769d91a413
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Feb 16 07:17:10 2024 -0800

    x86-64: Save APX registers in ld.so trampoline
    
    Add APX registers to STATE_SAVE_MASK so that APX registers are saved in
    ld.so trampoline.  This fixes BZ #31371.
    
    Also update STATE_SAVE_OFFSET and STATE_SAVE_MASK for i386 which will
    be used by i386 _dl_tlsdesc_dynamic.
    Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
Comment 6 Carlos O'Donell 2024-03-08 19:58:27 UTC 
(In reply to Sourceware Commits from comment #5)
> The master branch has been updated by H.J. Lu <hjl@sourceware.org>:
> 
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;
> h=dfb05f8e704edac70db38c4c8ee700769d91a413
> 
> commit dfb05f8e704edac70db38c4c8ee700769d91a413
> Author: H.J. Lu <hjl.tools@gmail.com>
> Date:   Fri Feb 16 07:17:10 2024 -0800
> 
>     x86-64: Save APX registers in ld.so trampoline
>     
>     Add APX registers to STATE_SAVE_MASK so that APX registers are saved in
>     ld.so trampoline.  This fixes BZ #31371.
>     
>     Also update STATE_SAVE_OFFSET and STATE_SAVE_MASK for i386 which will
>     be used by i386 _dl_tlsdesc_dynamic.
>     Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>

Is this bug considered fixed now?
Comment 7 H.J. Lu 2024-03-08 19:59:56 UTC 
(In reply to Carlos O'Donell from comment #6)
> (In reply to Sourceware Commits from comment #5)
> > The master branch has been updated by H.J. Lu <hjl@sourceware.org>:
> > 
> > https://sourceware.org/git/gitweb.cgi?p=glibc.git;
> > h=dfb05f8e704edac70db38c4c8ee700769d91a413
> > 
> > commit dfb05f8e704edac70db38c4c8ee700769d91a413
> > Author: H.J. Lu <hjl.tools@gmail.com>
> > Date:   Fri Feb 16 07:17:10 2024 -0800
> > 
> >     x86-64: Save APX registers in ld.so trampoline
> >     
> >     Add APX registers to STATE_SAVE_MASK so that APX registers are saved in
> >     ld.so trampoline.  This fixes BZ #31371.
> >     
> >     Also update STATE_SAVE_OFFSET and STATE_SAVE_MASK for i386 which will
> >     be used by i386 _dl_tlsdesc_dynamic.
> >     Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
> 
> Is this bug considered fixed now?

Do we need to backport the fixes to release branches?
Comment 8 Florian Weimer 2024-03-08 20:02:31 UTC 
(In reply to H.J. Lu from comment #7)
> Do we need to backport the fixes to release branches?

I think it's a necessary correctness fix, but it's not risk-free due to increased stack size requirement. But it's the same as with lazy binding, so hopefully it should be okay.
Comment 9 Sourceware Commits 2024-04-01 17:39:23 UTC 
The release/2.39/master branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7fc8242bf87828c935ac5df5cafb9dc7ab635fd9

commit 7fc8242bf87828c935ac5df5cafb9dc7ab635fd9
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Feb 16 07:17:10 2024 -0800

    x86-64: Save APX registers in ld.so trampoline
    
    Add APX registers to STATE_SAVE_MASK so that APX registers are saved in
    ld.so trampoline.  This fixes BZ #31371.
    
    Also update STATE_SAVE_OFFSET and STATE_SAVE_MASK for i386 which will
    be used by i386 _dl_tlsdesc_dynamic.
    Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
    
    (cherry picked from commit dfb05f8e704edac70db38c4c8ee700769d91a413)
Comment 10 Andreas K. Huettel 2024-06-19 21:50:23 UTC 
Understanding that this is indeed fixed now for master / 2.40.