1777241 – glibc: z15 (s390x) strstr implementation can return incorrect result if search string cross page boundary

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1777241 - glibc: z15 (s390x) strstr implementation can return incorrect result if search string cross page boundary

Summary: glibc: z15 (s390x) strstr implementation can return incorrect result if searc...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	8.1
Hardware:	s390x
OS:	Linux
Priority:	high
Severity:	urgent
Target Milestone:	beta
Target Release:	8.2
Assignee:	Florian Weimer
QA Contact:	qe-baseos-tools-bugs
Docs Contact:	Zuzana Zoubkova
URL:
Whiteboard:
Depends On:	1659438
Blocks:	1711971 1776957 1777797
TreeView+	depends on / blocked

Reported:	2019-11-27 09:26 UTC by Florian Weimer
Modified:	2023-07-18 14:30 UTC (History)
CC List:	10 users (show)
Fixed In Version:	glibc-2.28-99.el8
Doc Type:	Bug Fix
Doc Text:	.`strstr` no longer returns incorrect matches for a truncated pattern On certain IBM Z platforms (z15, previously known as arch13), the `strstr` function did not correctly update a CPU register when handling search patterns that cross a page boundary. As a consequence, `strstr` returned incorrect matches. This update fixes the problem, and as a result, `strstr` works as expected in the mentioned scenario.
Clone Of:
Clones:	1777797 (view as bug list)
Environment:
Last Closed:	2020-04-28 16:50:25 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
IBM Linux Technology Center	182598	0	None	None	None	2019-11-27 10:48:56 UTC
Red Hat Bugzilla	1659438	1	None	None	None	2023-07-18 14:30:35 UTC
Red Hat Product Errata	RHSA-2020:1828	0	None	None	None	2020-04-28 16:50:36 UTC
Sourceware	25226	0	P2	RESOLVED	strstr: Invalid result if needle crosses page on s390-z15 ifunc variant.	2021-01-18 00:13:34 UTC

Internal Links: 1659438

Description Florian Weimer 2019-11-27 09:26:54 UTC

Quoting the upstream bug:

“
If the specified needle crosses a page-boundary, the s390-z15 ifunc variant of
strstr truncates the needle which results in invalid results.

Example:
needle = "Hello" <page-boundary> "World"
really used needle = "Hello"
haystack = "abc HelloBug def"
result = "HelloBug def"

This only happens if the needle before page-boundary contains 9 or less characters.
The s390-z15 ifunc variant of strstr was introduces in glibc 2.30.
”

This was introduced into Red Hat Enterprise Linux 8.1 via bug 1659438.

Comment 1 Florian Weimer 2019-11-27 09:30:49 UTC

We will need QA assistance for testing the change on z15 hardware.  Cc:ing IBM.

Comment 3 Hanns-Joachim Uhl 2019-11-27 10:48:56 UTC

(In reply to Florian Weimer from comment #1)
> We will need QA assistance for testing the change on z15 hardware.  Cc:ing
> IBM.
.
... yes, IBM will do fix verification ... setting OtherQA ...

Comment 4 IBM Bug Proxy 2019-11-27 11:50:22 UTC

------- Comment From STLI.com 2019-11-27 06:49 EDT-------
Please backport the glibc-commit "S390: Fix handling of needles crossing a page in strstr z15 ifunc-variant. [BZ #25226]" to RHEL 8.1 (AND RHEL 8.2) as it is already released there:

-upstream-glibc/master: https://sourceware.org/git/?p=glibc.git;a=commit;h=bfdb731438206b0f70fe7afa890681155c30b419

-upstream-bugzilla: "Bug 25226 - strstr: Invalid result if needle crosses page on s390-z15 ifunc variant." (https://sourceware.org/bugzilla/show_bug.cgi?id=25226)

Yes, I can test an updated rpm on z15 hardware.

Comment 8 IBM Bug Proxy 2019-12-17 11:40:23 UTC

------- Comment From STLI.com 2019-12-17 06:37 EDT-------
I've installed RHEL 8.2is2 with glibc 2.28-99.el8 package and verified that the patch is applied.
Thanks.

Comment 9 Sergey Kolosov 2020-01-07 08:26:39 UTC

Set as verified based on https://bugzilla.redhat.com/show_bug.cgi?id=1777241#c8 and after sanity check

Comment 10 Florian Weimer 2020-01-17 12:20:18 UTC

Upstream commit:

commit bfdb731438206b0f70fe7afa890681155c30b419
Author: Stefan Liebler <stli.com>
Date:   Wed Nov 27 12:35:40 2019 +0100

    S390: Fix handling of needles crossing a page in strstr z15 ifunc-variant. [BZ #25226]
    
    If the specified needle crosses a page-boundary, the s390-z15 ifunc variant of
    strstr truncates the needle which results in invalid results.
    
    This is fixed by loading the needle beyond the page boundary to v18 instead of v16.
    The bug is sometimes observable in test-strstr.c in check1 and check2 as the
    haystack and needle is stored on stack. Thus the needle can be on a page boundary.
    
    check2 is now extended to test haystack / needles located on stack, at end of page
    and on two pages.
    
    This bug was introduced with commit 6f47401bd5fc71209219779a0426170a9a7395b0
    ("S390: Add arch13 strstr ifunc variant.") and is already released in glibc 2.30.

Comment 15 errata-xmlrpc 2020-04-28 16:50:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1828

Note You need to log in before you can comment on or make changes to this bug.