diff options
| author | Steve Ellcey <sellcey@imgtec.com> | 2016-01-28 01:52:05 +0000 |
|---|---|---|
| committer | Joseph Myers <joseph@codesourcery.com> | 2016-01-28 01:52:05 +0000 |
| commit | 8a71d2e27fd067a85059aefb93c9ce83142b03e9 (patch) | |
| tree | 6bc2c457a8db4952039386fc489b3e5827424412 | |
| parent | 4fb66fac3a7bfe152651610a498c988a75fc316d (diff) | |
| download | glibc-8a71d2e27fd067a85059aefb93c9ce83142b03e9.tar.gz glibc-8a71d2e27fd067a85059aefb93c9ce83142b03e9.tar.xz glibc-8a71d2e27fd067a85059aefb93c9ce83142b03e9.zip | |
Fix MIPS64 memcpy regression.
The MIPS memcpy optimizations at
<https://sourceware.org/ml/libc-alpha/2015-10/msg00597.html>
introduced a bug causing many string function tests to fail with
segfaults for n32 and n64:
FAIL: string/stratcliff
FAIL: string/test-bcopy
FAIL: string/test-memccpy
FAIL: string/test-memcmp
FAIL: string/test-memcpy
FAIL: string/test-memmove
FAIL: string/test-mempcpy
FAIL: string/test-stpncpy
FAIL: string/test-strncmp
FAIL: string/test-strncpy
(Some failures in other directories could also be caused by this bug.)
The problem is that after the check for whether a word of input is
left that can be copied as a word before moving to byte copies, a load
can occur in the branch delay slot, resulting in a segfault if we are
at the end of a page and the following page is unmapped. I don't see
how this would have passed the tests as reported in the original patch
posting (different kernel configurations affecting the code setting up
unmapped pages, maybe?), since the tests in question don't appear to
have changed recently.
This patch moves a later instruction into the delay slot, as suggested
at <https://sourceware.org/ml/libc-alpha/2016-01/msg00584.html>.
Tested for n32 and n64.
2016-01-28 Steve Ellcey <sellcey@imgtec.com>
Joseph Myers <joseph@codesourcery.com>
* sysdeps/mips/memcpy.S (MEMCPY_NAME) [USE_DOUBLE]: Avoid word
load in branch delay slot when less than a word of input left.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | sysdeps/mips/memcpy.S | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index e2108a98c7..9cb8df3b88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2016-01-28 Steve Ellcey <sellcey@imgtec.com> + Joseph Myers <joseph@codesourcery.com> + + * sysdeps/mips/memcpy.S (MEMCPY_NAME) [USE_DOUBLE]: Avoid word + load in branch delay slot when less than a word of input left. + 2016-01-27 Andreas Schwab <schwab@suse.de> * sysdeps/ieee754/ldbl-128ibm/s_erfl.c (half): Remove. diff --git a/sysdeps/mips/memcpy.S b/sysdeps/mips/memcpy.S index d79e144731..9b072d7420 100644 --- a/sysdeps/mips/memcpy.S +++ b/sysdeps/mips/memcpy.S @@ -565,11 +565,11 @@ L(lastw): #ifdef USE_DOUBLE andi t8,a2,3 /* a2 is the remainder past 4 byte chunks. */ beq t8,a2,L(lastb) + move a2,t8 lw REG3,0(a1) sw REG3,0(a0) PTR_ADDIU a0,a0,4 PTR_ADDIU a1,a1,4 - move a2,t8 #endif /* Copy the last 8 (or 16) bytes */ |