malloc: Do not use MAP_NORESERVE to allocate heap segments (RHEL-21884)

Resolves: RHEL-20172

Note: there are follow up patches which fix Hurd wrt this change,
but those lead to a rabbit hole of other required fixes that
become more and more invasive... One relevant change was to move
the tests specific to this change, but there has been no further
work upstream on those tests, so leaving that out should not
affect future merges.

.glibc.metadata

@@ -0,0 +1 @@
+7c3b8890a6346793b6334cc5f2fea5d437d307b8 glibc-2.34.tar.xz

glibc-RHEL-20172-1.patch

@@ -0,0 +1,369 @@
+From 317f1c0a8a71a862b1e600ff5386b08e02cf4b95 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Thu, 26 Jan 2023 08:26:18 -0800
+Subject: [PATCH] x86-64: Add glibc.cpu.prefer_map_32bit_exec [BZ #28656]
+Content-type: text/plain; charset=UTF-8
+
+Crossing 2GB boundaries with indirect calls and jumps can use more
+branch prediction resources on Intel Golden Cove CPU (see the
+"Misprediction for Branches >2GB" section in Intel 64 and IA-32
+Architectures Optimization Reference Manual.)  There is visible
+performance improvement on workloads with many PLT calls when executable
+and shared libraries are mmapped below 2GB.  Add the Prefer_MAP_32BIT_EXEC
+bit so that mmap will try to map executable or denywrite pages in shared
+libraries with MAP_32BIT first.
+
+NB: Prefer_MAP_32BIT_EXEC reduces bits available for address space
+layout randomization (ASLR), which is always disabled for SUID programs
+and can only be enabled by the tunable, glibc.cpu.prefer_map_32bit_exec,
+or the environment variable, LD_PREFER_MAP_32BIT_EXEC.  This works only
+between shared libraries or between shared libraries and executables with
+addresses below 2GB.  PIEs are usually loaded at a random address above
+4GB by the kernel.
+
+Conflicts:
+	manual/tunables.texi
+	(line numbers)
+	sysdeps/unix/sysv/linux/x86_64/64/dl-tunables.list
+	(merged local @order list)
+	sysdeps/x86/cpu-features.c
+	(line numbers)
+
+---
+ manual/tunables.texi                          | 33 ++++++++++----
+ sysdeps/unix/sysv/linux/x86_64/64/Makefile    | 25 +++++++++++
+ .../sysv/linux/x86_64/64/dl-tunables.list     | 29 +++++++++++++
+ .../unix/sysv/linux/x86_64/64/mmap_internal.h | 43 +++++++++++++++++++
+ .../sysv/linux/x86_64/64/tst-map-32bit-1a.c   | 34 +++++++++++++++
+ .../sysv/linux/x86_64/64/tst-map-32bit-1b.c   |  1 +
+ .../sysv/linux/x86_64/64/tst-map-32bit-mod.c  | 33 ++++++++++++++
+ sysdeps/x86/cpu-features.c                    | 15 +++++++
+ ...cpu-features-preferred_feature_index_1.def |  1 +
+ 9 files changed, 205 insertions(+), 9 deletions(-)
+ create mode 100644 sysdeps/unix/sysv/linux/x86_64/64/dl-tunables.list
+ create mode 100644 sysdeps/unix/sysv/linux/x86_64/64/mmap_internal.h
+ create mode 100644 sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1a.c
+ create mode 100644 sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1b.c
+ create mode 100644 sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-mod.c
+
+diff --git a/manual/tunables.texi b/manual/tunables.texi
+index 0be7231e36..c76c5c53cd 100644
+--- a/manual/tunables.texi
++++ b/manual/tunables.texi
+@@ -35,27 +35,32 @@ tunables with minimum and maximum values:
+ @example
+ $ /lib64/ld-linux-x86-64.so.2 --list-tunables
+ glibc.rtld.nns: 0x4 (min: 0x1, max: 0x10)
+-glibc.elision.skip_lock_after_retries: 3 (min: -2147483648, max: 2147483647)
++glibc.elision.skip_lock_after_retries: 3 (min: 0, max: 2147483647)
+ glibc.malloc.trim_threshold: 0x0 (min: 0x0, max: 0xffffffffffffffff)
+ glibc.malloc.perturb: 0 (min: 0, max: 255)
+ glibc.cpu.x86_shared_cache_size: 0x100000 (min: 0x0, max: 0xffffffffffffffff)
++glibc.pthread.rseq: 1 (min: 0, max: 1)
++glibc.cpu.prefer_map_32bit_exec: 0 (min: 0, max: 1)
+ glibc.mem.tagging: 0 (min: 0, max: 255)
+-glibc.elision.tries: 3 (min: -2147483648, max: 2147483647)
++glibc.elision.tries: 3 (min: 0, max: 2147483647)
+ glibc.elision.enable: 0 (min: 0, max: 1)
+-glibc.cpu.x86_rep_movsb_threshold: 0x1000 (min: 0x100, max: 0xffffffffffffffff)
++glibc.malloc.hugetlb: 0x0 (min: 0x0, max: 0xffffffffffffffff)
++glibc.cpu.x86_rep_movsb_threshold: 0x2000 (min: 0x100, max: 0xffffffffffffffff)
+ glibc.malloc.mxfast: 0x0 (min: 0x0, max: 0xffffffffffffffff)
+-glibc.elision.skip_lock_busy: 3 (min: -2147483648, max: 2147483647)
+-glibc.malloc.top_pad: 0x0 (min: 0x0, max: 0xffffffffffffffff)
++glibc.rtld.dynamic_sort: 2 (min: 1, max: 2)
++glibc.elision.skip_lock_busy: 3 (min: 0, max: 2147483647)
++glibc.malloc.top_pad: 0x20000 (min: 0x0, max: 0xffffffffffffffff)
+ glibc.cpu.x86_rep_stosb_threshold: 0x800 (min: 0x1, max: 0xffffffffffffffff)
+-glibc.cpu.x86_non_temporal_threshold: 0xc0000 (min: 0x4040, max: 0x0fffffffffffffff)
++glibc.cpu.x86_non_temporal_threshold: 0xc0000 (min: 0x4040, max: 0xfffffffffffffff)
+ glibc.cpu.x86_shstk:
++glibc.pthread.stack_cache_size: 0x2800000 (min: 0x0, max: 0xffffffffffffffff)
+ glibc.cpu.hwcap_mask: 0x6 (min: 0x0, max: 0xffffffffffffffff)
+-glibc.malloc.mmap_max: 0 (min: -2147483648, max: 2147483647)
+-glibc.elision.skip_trylock_internal_abort: 3 (min: -2147483648, max: 2147483647)
++glibc.malloc.mmap_max: 0 (min: 0, max: 2147483647)
++glibc.elision.skip_trylock_internal_abort: 3 (min: 0, max: 2147483647)
+ glibc.malloc.tcache_unsorted_limit: 0x0 (min: 0x0, max: 0xffffffffffffffff)
+ glibc.cpu.x86_ibt:
+ glibc.cpu.hwcaps:
+-glibc.elision.skip_lock_internal_abort: 3 (min: -2147483648, max: 2147483647)
++glibc.elision.skip_lock_internal_abort: 3 (min: 0, max: 2147483647)
+ glibc.malloc.arena_max: 0x0 (min: 0x1, max: 0xffffffffffffffff)
+ glibc.malloc.mmap_threshold: 0x0 (min: 0x0, max: 0xffffffffffffffff)
+ glibc.cpu.x86_data_cache_size: 0x8000 (min: 0x0, max: 0xffffffffffffffff)
+@@ -569,6 +574,16 @@ instead.
+ This tunable is specific to i386 and x86-64.
+ @end deftp
+ 
++@deftp Tunable glibc.cpu.prefer_map_32bit_exec
++When this tunable is set to \code{1}, shared libraries of non-setuid
++programs will be loaded below 2GB with MAP_32BIT.
++
++Note that the @env{LD_PREFER_MAP_32BIT_EXEC} environment is an alias of
++this tunable.
++
++This tunable is specific to 64-bit x86-64.
++@end deftp
++
+ @node Memory Related Tunables
+ @section Memory Related Tunables
+ @cindex memory related tunables
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/Makefile b/sysdeps/unix/sysv/linux/x86_64/64/Makefile
+index a7b6dc5a53..8ff4f27786 100644
+--- a/sysdeps/unix/sysv/linux/x86_64/64/Makefile
++++ b/sysdeps/unix/sysv/linux/x86_64/64/Makefile
+@@ -1,2 +1,27 @@
+ # The default ABI is 64.
+ default-abi := 64
++
++ifeq ($(subdir),elf)
++ifneq ($(have-tunables),no)
++
++tests-map-32bit = \
++  tst-map-32bit-1a \
++  tst-map-32bit-1b \
++# tests-map-32bit
++tst-map-32bit-1a-no-pie = yes
++tst-map-32bit-1b-no-pie = yes
++tests += $(tests-map-32bit)
++
++modules-map-32bit = \
++  tst-map-32bit-mod \
++# modules-map-32bit
++modules-names += $(modules-map-32bit)
++
++$(objpfx)tst-map-32bit-mod.so: $(libsupport)
++tst-map-32bit-1a-ENV = LD_PREFER_MAP_32BIT_EXEC=1
++$(objpfx)tst-map-32bit-1a: $(objpfx)tst-map-32bit-mod.so
++tst-map-32bit-1b-ENV = GLIBC_TUNABLES=glibc.cpu.prefer_map_32bit_exec=1
++$(objpfx)tst-map-32bit-1b: $(objpfx)tst-map-32bit-mod.so
++
++endif
++endif
+diff -rup a/sysdeps/unix/sysv/linux/x86_64/64/dl-tunables.list b/sysdeps/unix/sysv/linux/x86_64/64/dl-tunables.list
+--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-tunables.list	2024-03-06 17:52:50.968514369 -0500
++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-tunables.list	2024-03-06 17:55:48.778264896 -0500
+@@ -1,3 +1,33 @@
++# x86-64 specific tunables.
++# Copyright (C) 2023 Free Software Foundation, Inc.
++# This file is part of the GNU C Library.
++
++# The GNU C Library is free software; you can redistribute it and/or
++# modify it under the terms of the GNU Lesser General Public
++# License as published by the Free Software Foundation; either
++# version 2.1 of the License, or (at your option) any later version.
++
++# The GNU C Library is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++# Lesser General Public License for more details.
++
++# You should have received a copy of the GNU Lesser General Public
++# License along with the GNU C Library; if not, see
++# <https://www.gnu.org/licenses/>.
++
++glibc {
++  cpu {
++    prefer_map_32bit_exec {
++      type: INT_32
++      minval: 0
++      maxval: 1
++      env_alias: LD_PREFER_MAP_32BIT_EXEC
++      security_level: SXID_IGNORE
++    }
++  }
++}
++
+ # Order of tunables in RHEL 9.1.z.
+ @order glibc.rtld.nns
+ @order glibc.elision.skip_lock_after_retries
+@@ -35,3 +65,5 @@
+ @order glibc.malloc.check
+ @order glibc.gmon.minarcs
+ @order glibc.gmon.maxarcs
++# Order of tunables in RHEL 9.5.z
++@order glibc.cpu.prefer_map_32bit_exec
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/mmap_internal.h b/sysdeps/unix/sysv/linux/x86_64/64/mmap_internal.h
+new file mode 100644
+index 0000000000..33dec3f805
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/x86_64/64/mmap_internal.h
+@@ -0,0 +1,43 @@
++/* Linux mmap system call.  x86-64 version.
++   Copyright (C) 2015-2023 Free Software Foundation, Inc.
++
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public License as
++   published by the Free Software Foundation; either version 2.1 of the
++   License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#ifndef MMAP_X86_64_INTERNAL_H
++#define MMAP_X86_64_INTERNAL_H
++
++#include <ldsodefs.h>
++
++/* If the Prefer_MAP_32BIT_EXEC bit is set, try to map executable or
++    denywrite pages with MAP_32BIT first.  */
++#define MMAP_PREPARE(addr, len, prot, flags, fd, offset)		\
++  if ((addr) == NULL							\
++      && (((prot) & PROT_EXEC) != 0					\
++	  || ((flags) & MAP_DENYWRITE) != 0)				\
++      && HAS_ARCH_FEATURE (Prefer_MAP_32BIT_EXEC))			\
++    {									\
++      void *ret = (void*) INLINE_SYSCALL_CALL (mmap, (addr), (len),	\
++					      (prot),			\
++					      (flags) | MAP_32BIT,	\
++					      (fd), (offset));		\
++      if (ret != MAP_FAILED)						\
++	return ret;							\
++    }
++
++#include_next <mmap_internal.h>
++
++#endif
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1a.c b/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1a.c
+new file mode 100644
+index 0000000000..abc396589e
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1a.c
+@@ -0,0 +1,34 @@
++/* Check that LD_PREFER_MAP_32BIT_EXEC works in PDE and shared library.
++   Copyright (C) 2023 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <stdio.h>
++#include <stdint.h>
++#include <support/check.h>
++
++extern void dso_check_map_32bit (void);
++
++static int
++do_test (void)
++{
++  printf ("do_test: %p\n", do_test);
++  TEST_VERIFY ((uintptr_t) do_test < 0xffffffffUL);
++  dso_check_map_32bit ();
++  return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1b.c b/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1b.c
+new file mode 100644
+index 0000000000..34ab01c773
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-1b.c
+@@ -0,0 +1 @@
++#include "tst-map-32bit-1a.c"
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-mod.c b/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-mod.c
+new file mode 100644
+index 0000000000..78d4b6133c
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/x86_64/64/tst-map-32bit-mod.c
+@@ -0,0 +1,33 @@
++/* Check that LD_PREFER_MAP_32BIT_EXEC works in shared library.
++   Copyright (C) 2023 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <stdio.h>
++#include <stdint.h>
++#include <support/check.h>
++
++static void
++dso_do_test (void)
++{
++}
++
++void
++dso_check_map_32bit (void)
++{
++  printf ("dso_do_test: %p\n", dso_do_test);
++  TEST_VERIFY ((uintptr_t) dso_do_test < 0xffffffffUL);
++}
+diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
+index a2197ed211..822688e21f 100644
+--- a/sysdeps/x86/cpu-features.c
++++ b/sysdeps/x86/cpu-features.c
+@@ -27,6 +27,16 @@
+ extern void TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *)
+   attribute_hidden;
+ 
++# ifdef __LP64__
++static void
++TUNABLE_CALLBACK (set_prefer_map_32bit_exec) (tunable_val_t *valp)
++{
++  if (valp->numval)
++    GLRO(dl_x86_cpu_features).preferred[index_arch_Prefer_MAP_32BIT_EXEC]
++      |= bit_arch_Prefer_MAP_32BIT_EXEC;
++}
++# endif
++
+ # if CET_ENABLED
+ extern void TUNABLE_CALLBACK (set_x86_ibt) (tunable_val_t *)
+   attribute_hidden;
+@@ -949,6 +959,11 @@ no_cpuid:
+ #if HAVE_TUNABLES
+   TUNABLE_GET (hwcaps, tunable_val_t *, TUNABLE_CALLBACK (set_hwcaps));
+ 
++# ifdef __LP64__
++  TUNABLE_GET (prefer_map_32bit_exec, tunable_val_t *,
++	       TUNABLE_CALLBACK (set_prefer_map_32bit_exec));
++# endif
++
+   bool disable_xsave_features = false;
+ 
+   if (!CPU_FEATURE_USABLE_P (cpu_features, OSXSAVE))
+diff --git a/sysdeps/x86/include/cpu-features-preferred_feature_index_1.def b/sysdeps/x86/include/cpu-features-preferred_feature_index_1.def
+index e45f9cb159..d20c5b3196 100644
+--- a/sysdeps/x86/include/cpu-features-preferred_feature_index_1.def
++++ b/sysdeps/x86/include/cpu-features-preferred_feature_index_1.def
+@@ -26,6 +26,7 @@ BIT (I586)
+ BIT (I686)
+ BIT (Slow_SSE4_2)
+ BIT (AVX_Fast_Unaligned_Load)
++BIT (Prefer_MAP_32BIT_EXEC)
+ BIT (Prefer_No_VZEROUPPER)
+ BIT (Prefer_ERMS)
+ BIT (Prefer_No_AVX512)
+-- 
+2.39.3
+

glibc-RHEL-20172-2.patch

@@ -0,0 +1,29 @@
+From 188ecdb7774145050a6e167a277f45f03dac5fe8 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 22 Feb 2023 20:04:26 -0800
+Subject: [PATCH] tunables.texi: Change \code{1} to @code{1}
+Content-type: text/plain; charset=UTF-8
+
+Update
+
+317f1c0a8a x86-64: Add glibc.cpu.prefer_map_32bit_exec [BZ #28656]
+---
+ manual/tunables.texi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/manual/tunables.texi b/manual/tunables.texi
+index c76c5c53cd..70dd2264c5 100644
+--- a/manual/tunables.texi
++++ b/manual/tunables.texi
+@@ -589,7 +589,7 @@ This tunable is specific to i386 and x86-64.
+ @end deftp
+ 
+ @deftp Tunable glibc.cpu.prefer_map_32bit_exec
+-When this tunable is set to \code{1}, shared libraries of non-setuid
++When this tunable is set to @code{1}, shared libraries of non-setuid
+ programs will be loaded below 2GB with MAP_32BIT.
+ 
+ Note that the @env{LD_PREFER_MAP_32BIT_EXEC} environment is an alias of
+-- 
+2.39.3
+

glibc-RHEL-21884.patch

@@ -0,0 +1,73 @@
+commit 85860ad6eaf4c9739318f6b2a1ff7c2fa6b12ab5
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Mon Aug 15 16:45:40 2022 +0200
+
+    malloc: Do not use MAP_NORESERVE to allocate heap segments
+    
+    Address space for heap segments is reserved in a mmap call with
+    MAP_ANONYMOUS | MAP_PRIVATE and protection flags PROT_NONE.  This
+    reservation does not count against the RSS limit of the process or
+    system.  Backing memory is allocated using mprotect in alloc_new_heap
+    and grow_heap, and at this point, the allocator expects the kernel
+    to provide memory (subject to memory overcommit).
+    
+    The SIGSEGV that might generate due to MAP_NORESERVE (according to
+    the mmap manual page) does not seem to occur in practice, it's always
+    SIGKILL from the OOM killer.  Even if there is a way that SIGSEGV
+    could be generated, it is confusing to applications that this only
+    happens for secondary heaps, not for large mmap-based allocations,
+    and not for the main arena.
+    
+    Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+Conflicts:
+	malloc/arena.c
+	(huge page support was added upstream)
+
+diff --git a/malloc/arena.c b/malloc/arena.c
+index 667484630ed0afa5..2852783355d3d869 100644
+--- a/malloc/arena.c
++++ b/malloc/arena.c
+@@ -466,8 +466,7 @@ new_heap (size_t size, size_t top_pad)
+   p2 = MAP_FAILED;
+   if (aligned_heap_area)
+     {
+-      p2 = (char *) MMAP (aligned_heap_area, HEAP_MAX_SIZE, PROT_NONE,
+-                          MAP_NORESERVE);
++      p2 = (char *) MMAP (aligned_heap_area, HEAP_MAX_SIZE, PROT_NONE, 0);
+       aligned_heap_area = NULL;
+       if (p2 != MAP_FAILED && ((unsigned long) p2 & (HEAP_MAX_SIZE - 1)))
+         {
+@@ -477,7 +476,7 @@ new_heap (size_t size, size_t top_pad)
+     }
+   if (p2 == MAP_FAILED)
+     {
+-      p1 = (char *) MMAP (0, HEAP_MAX_SIZE << 1, PROT_NONE, MAP_NORESERVE);
++      p1 = (char *) MMAP (0, HEAP_MAX_SIZE << 1, PROT_NONE, 0);
+       if (p1 != MAP_FAILED)
+         {
+           p2 = (char *) (((unsigned long) p1 + (HEAP_MAX_SIZE - 1))
+@@ -493,7 +492,7 @@ new_heap (size_t size, size_t top_pad)
+         {
+           /* Try to take the chance that an allocation of only HEAP_MAX_SIZE
+              is already aligned. */
+-          p2 = (char *) MMAP (0, HEAP_MAX_SIZE, PROT_NONE, MAP_NORESERVE);
++          p2 = (char *) MMAP (0, HEAP_MAX_SIZE, PROT_NONE, 0);
+           if (p2 == MAP_FAILED)
+             return 0;
+ 
+diff --git a/malloc/malloc.c b/malloc/malloc.c
+index 375f50f5db13e234..fe80b8239756a7c9 100644
+--- a/malloc/malloc.c
++++ b/malloc/malloc.c
+@@ -1112,10 +1112,6 @@ static mchunkptr mremap_chunk(mchunkptr p, size_t new_size);
+ # define MAP_ANONYMOUS MAP_ANON
+ #endif
+ 
+-#ifndef MAP_NORESERVE
+-# define MAP_NORESERVE 0
+-#endif
+-
+ #define MMAP(addr, size, prot, flags) \
+  __mmap((addr), (size), (prot), (flags)|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0)
+ 

glibc-RHEL-23472.patch

@@ -0,0 +1,140 @@
+commit 6a04404521ac4119ae36827eeb288ea84eee7cf6 
+Author: Florian Weimer <fweimer@redhat.com> 
+Date:   Sat Feb 17 09:17:04 2024 +0100 
+ 
+    Linux: Switch back to assembly syscall wrapper for prctl (bug 29770) 
+     
+    Commit ff026950e280bc3e9487b41b460fb31bc5b57721 ("Add a C wrapper for 
+    prctl [BZ #25896]") replaced the assembler wrapper with a C function. 
+    However, on powerpc64le-linux-gnu, the C variadic function 
+    implementation requires extra work in the caller to set up the 
+    parameter save area.  Calling a function that needs a parameter save 
+    area without one (because the prototype used indicates the function is 
+    not variadic) corrupts the caller's stack.   The Linux manual pages 
+    project documents prctl as a non-variadic function.  This has resulted 
+    in various projects over the years using non-variadic prototypes, 
+    including the sanitizer libraries in LLVm and GCC (GCC PR 113728). 
+     
+    This commit switches back to the assembler implementation on most 
+    targets and only keeps the C implementation for x86-64 x32. 
+     
+    Also add the __prctl_time64 alias from commit 
+    b39ffab860cd743a82c91946619f1b8158b0b65e ("Linux: Add time64 alias for 
+    prctl") to sysdeps/unix/sysv/linux/syscalls.list; it was not yet 
+    present in commit ff026950e280bc3e9487b41b460fb31bc5b57721. 
+     
+    This restores the old ABI on powerpc64le-linux-gnu, thus fixing 
+    bug 29770. 
+     
+    Reviewed-By: Simon Chopin <simon.chopin@canonical.com> 
+
+    Resolved conflicts:
+	sysdeps/unix/sysv/linux/syscalls.list
+	sysdeps/unix/sysv/linux/x86_64/x32/prctl.c
+
+diff -Nrup a/sysdeps/unix/sysv/linux/prctl.c b/sysdeps/unix/sysv/linux/prctl.c
+--- a/sysdeps/unix/sysv/linux/prctl.c	2021-08-01 21:33:43.000000000 -0400
++++ b/sysdeps/unix/sysv/linux/prctl.c	1969-12-31 19:00:00.000000000 -0500
+@@ -1,45 +0,0 @@
+-/* prctl - Linux specific syscall.
+-   Copyright (C) 2020-2021 Free Software Foundation, Inc.
+-   This file is part of the GNU C Library.
+-
+-   The GNU C Library is free software; you can redistribute it and/or
+-   modify it under the terms of the GNU Lesser General Public
+-   License as published by the Free Software Foundation; either
+-   version 2.1 of the License, or (at your option) any later version.
+-
+-   The GNU C Library is distributed in the hope that it will be useful,
+-   but WITHOUT ANY WARRANTY; without even the implied warranty of
+-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+-   Lesser General Public License for more details.
+-
+-   You should have received a copy of the GNU Lesser General Public
+-   License along with the GNU C Library; if not, see
+-   <https://www.gnu.org/licenses/>.  */
+-
+-#include <sysdep.h>
+-#include <stdarg.h>
+-#include <sys/prctl.h>
+-
+-/* Unconditionally read all potential arguments.  This may pass
+-   garbage values to the kernel, but avoids the need for teaching
+-   glibc the argument counts of individual options (including ones
+-   that are added to the kernel in the future).  */
+-
+-int
+-__prctl (int option, ...)
+-{
+-  va_list arg;
+-  va_start (arg, option);
+-  unsigned long int arg2 = va_arg (arg, unsigned long int);
+-  unsigned long int arg3 = va_arg (arg, unsigned long int);
+-  unsigned long int arg4 = va_arg (arg, unsigned long int);
+-  unsigned long int arg5 = va_arg (arg, unsigned long int);
+-  va_end (arg);
+-  return INLINE_SYSCALL_CALL (prctl, option, arg2, arg3, arg4, arg5);
+-}
+-
+-libc_hidden_def (__prctl)
+-weak_alias (__prctl, prctl)
+-#if __TIMESIZE != 64
+-weak_alias (__prctl, __prctl_time64)
+-#endif
+diff -Nrup a/sysdeps/unix/sysv/linux/syscalls.list b/sysdeps/unix/sysv/linux/syscalls.list
+--- a/sysdeps/unix/sysv/linux/syscalls.list	2021-08-01 21:33:43.000000000 -0400
++++ b/sysdeps/unix/sysv/linux/syscalls.list	2024-02-27 14:33:01.594782897 -0500
+@@ -41,6 +41,7 @@ munlockall	-	munlockall	i:	munlockall
+ nfsservctl	EXTRA	nfsservctl	i:ipp	__compat_nfsservctl	nfsservctl@GLIBC_2.0:GLIBC_2.28
+ pipe		-	pipe		i:f	__pipe		pipe
+ pipe2		-	pipe2		i:fi	__pipe2		pipe2
++prctl		EXTRA   prctl           i:iiiii __prctl         prctl __prctl_time64
+ pivot_root	EXTRA	pivot_root	i:ss	pivot_root
+ query_module	EXTRA	query_module	i:sipip	__compat_query_module	query_module@GLIBC_2.0:GLIBC_2.23
+ quotactl	EXTRA	quotactl	i:isip	quotactl
+diff -Nrup a/sysdeps/unix/sysv/linux/x86_64/x32/prctl.c b/sysdeps/unix/sysv/linux/x86_64/x32/prctl.c
+--- a/sysdeps/unix/sysv/linux/x86_64/x32/prctl.c	1969-12-31 19:00:00.000000000 -0500
++++ b/sysdeps/unix/sysv/linux/x86_64/x32/prctl.c	2024-02-27 14:35:03.388602623 -0500
+@@ -0,0 +1,42 @@
++/* prctl - Linux specific syscall.  x86-64 x32 version.
++   Copyright (C) 2020-2021 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <sysdep.h>
++#include <stdarg.h>
++#include <sys/prctl.h>
++
++/* Unconditionally read all potential arguments.  This may pass
++   garbage values to the kernel, but avoids the need for teaching
++   glibc the argument counts of individual options (including ones
++   that are added to the kernel in the future).  */
++
++int
++__prctl (int option, ...)
++{
++  va_list arg;
++  va_start (arg, option);
++  unsigned long int arg2 = va_arg (arg, unsigned long int);
++  unsigned long int arg3 = va_arg (arg, unsigned long int);
++  unsigned long int arg4 = va_arg (arg, unsigned long int);
++  unsigned long int arg5 = va_arg (arg, unsigned long int);
++  va_end (arg);
++  return INLINE_SYSCALL_CALL (prctl, option, arg2, arg3, arg4, arg5);
++}
++
++libc_hidden_def (__prctl)
++weak_alias (__prctl, prctl)

glibc.spec

@@ -155,7 +155,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 100%{?dist}
+Release: 103%{?dist}
 
 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@@ -808,6 +808,10 @@ Patch571: glibc-RHEL-16643-5.patch
 Patch572: glibc-RHEL-16643-6.patch
 Patch573: glibc-RHEL-19444.patch
 Patch574: glibc-RHEL-21556.patch
+Patch575: glibc-RHEL-23472.patch
+Patch576: glibc-RHEL-20172-1.patch
+Patch577: glibc-RHEL-20172-2.patch
+Patch578: glibc-RHEL-21884.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -2966,6 +2970,15 @@ update_gconv_modules_cache ()
 %endif
 
 %changelog
+* Tue Mar 12 2024 Arjun Shankar <arjun@redhat.com> - 2.34-103
+- malloc: Do not use MAP_NORESERVE to allocate heap segments (RHEL-21884)
+
+* Fri Mar  8 2024 DJ Delorie <dj@redhat.com> - 2.34-102
+- Add glibc.cpu.prefer_map_32bit_exec tunable (RHEL-20172)
+
+* Tue Feb 27 2024 Patsy Griffin <patsy@redhat.com> - 2.34-101
+- Switch back to assembly syscall wrapper for prctl (RHEL-23472)
+
 * Wed Jan 24 2024 Patsy Griffin <patsy@redhat.com> - 2.34-100
 - manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556)