diff options
author | Steve Ellcey <sellcey@imgtec.com> | 2016-01-28 01:52:05 +0000 |
---|---|---|
committer | Joseph Myers <joseph@codesourcery.com> | 2016-01-28 01:52:05 +0000 |
commit | 8a71d2e27fd067a85059aefb93c9ce83142b03e9 (patch) | |
tree | 6bc2c457a8db4952039386fc489b3e5827424412 | |
parent | 4fb66fac3a7bfe152651610a498c988a75fc316d (diff) | |
download | glibc-8a71d2e27fd067a85059aefb93c9ce83142b03e9.tar.gz glibc-8a71d2e27fd067a85059aefb93c9ce83142b03e9.tar.xz glibc-8a71d2e27fd067a85059aefb93c9ce83142b03e9.zip |
Fix MIPS64 memcpy regression.
The MIPS memcpy optimizations at <https://sourceware.org/ml/libc-alpha/2015-10/msg00597.html> introduced a bug causing many string function tests to fail with segfaults for n32 and n64: FAIL: string/stratcliff FAIL: string/test-bcopy FAIL: string/test-memccpy FAIL: string/test-memcmp FAIL: string/test-memcpy FAIL: string/test-memmove FAIL: string/test-mempcpy FAIL: string/test-stpncpy FAIL: string/test-strncmp FAIL: string/test-strncpy (Some failures in other directories could also be caused by this bug.) The problem is that after the check for whether a word of input is left that can be copied as a word before moving to byte copies, a load can occur in the branch delay slot, resulting in a segfault if we are at the end of a page and the following page is unmapped. I don't see how this would have passed the tests as reported in the original patch posting (different kernel configurations affecting the code setting up unmapped pages, maybe?), since the tests in question don't appear to have changed recently. This patch moves a later instruction into the delay slot, as suggested at <https://sourceware.org/ml/libc-alpha/2016-01/msg00584.html>. Tested for n32 and n64. 2016-01-28 Steve Ellcey <sellcey@imgtec.com> Joseph Myers <joseph@codesourcery.com> * sysdeps/mips/memcpy.S (MEMCPY_NAME) [USE_DOUBLE]: Avoid word load in branch delay slot when less than a word of input left.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sysdeps/mips/memcpy.S | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index e2108a98c7..9cb8df3b88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2016-01-28 Steve Ellcey <sellcey@imgtec.com> + Joseph Myers <joseph@codesourcery.com> + + * sysdeps/mips/memcpy.S (MEMCPY_NAME) [USE_DOUBLE]: Avoid word + load in branch delay slot when less than a word of input left. + 2016-01-27 Andreas Schwab <schwab@suse.de> * sysdeps/ieee754/ldbl-128ibm/s_erfl.c (half): Remove. diff --git a/sysdeps/mips/memcpy.S b/sysdeps/mips/memcpy.S index d79e144731..9b072d7420 100644 --- a/sysdeps/mips/memcpy.S +++ b/sysdeps/mips/memcpy.S @@ -565,11 +565,11 @@ L(lastw): #ifdef USE_DOUBLE andi t8,a2,3 /* a2 is the remainder past 4 byte chunks. */ beq t8,a2,L(lastb) + move a2,t8 lw REG3,0(a1) sw REG3,0(a0) PTR_ADDIU a0,a0,4 PTR_ADDIU a1,a1,4 - move a2,t8 #endif /* Copy the last 8 (or 16) bytes */ |