Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Oct 2017 16:49:39 +0000 (UTC)
From:      Brooks Davis <brooks@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r324617 - stable/10/lib/libc/gen
Message-ID:  <201710141649.v9EGnd5R001682@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: brooks
Date: Sat Oct 14 16:49:39 2017
New Revision: 324617
URL: https://svnweb.freebsd.org/changeset/base/324617

Log:
  MFC r324243:
  
  Remove an unneeded and incorrect memset().
  
  On Variant I TLS architectures (aarch64, arm, mips, powerpc, and riscv)
  the __libc_allocate_tls function allocates thread local storage memory
  with calloc(). It then copies initialization data over the portions with
  non-zero initial values. Before this change it would then pointlessly
  zero the already zeroed remainder of the storage. Unfortunately the
  calculation was wrong and it would zero TLS_TCB_SIZE (2*sizeof(void *))
  additional bytes.
  
  In practice, this overflow only matters if the TLS segment is sized such
  that calloc() allocates less than TLS_TCB_SIZE extra memory. Even
  then, the likely result will be zeroing part of the next bucket. This
  coupled with the impact being confined to Tier II platforms means there
  will be no security advisory for this issue.
  
  Reviewed by:	kib, dfr
  Discussed with:	security-officer (delphij)
  Found by:	CHERI
  Sponsored by:	DARPA, AFRL
  Differential Revision:	https://reviews.freebsd.org/D12547

Modified:
  stable/10/lib/libc/gen/tls.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libc/gen/tls.c
==============================================================================
--- stable/10/lib/libc/gen/tls.c	Sat Oct 14 16:23:25 2017	(r324616)
+++ stable/10/lib/libc/gen/tls.c	Sat Oct 14 16:49:39 2017	(r324617)
@@ -161,9 +161,6 @@ __libc_allocate_tls(void *oldtcb, size_t tcbsize, size
 
 		if (tls_init_size > 0)
 			memcpy((void*)dtv[2], tls_init, tls_init_size);
-		if (tls_static_space > tls_init_size)
-			memset((void*)(dtv[2] + tls_init_size), 0,
-			    tls_static_space - tls_init_size);
 	}
 
 	return(tcb); 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710141649.v9EGnd5R001682>