Fix by Francisco Blas Izquierdo Riera for crash on hardened in early TLS init code #528558 by Toralf Förster.

Package-Manager: portage-2.2.14/cvs/Linux x86_64
Manifest-Sign-Key: 0xD2E96200

5 files changed, 334 insertions, 21 deletions

diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index b971e28d4fac..159c3e34ee4a 100644
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-libs/glibc
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.1030 2014/11/11 02:06:55 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.1031 2014/11/11 02:08:50 vapier Exp $
+
+  11 Nov 2014; Mike Frysinger <vapier@gentoo.org>
+  +files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch, glibc-2.20.ebuild,
+  glibc-9999.ebuild:
+  Fix by Francisco Blas Izquierdo Riera for crash on hardened in early TLS init
+  code #528558 by Toralf Förster.
 
   11 Nov 2014; Mike Frysinger <vapier@gentoo.org> glibc-2.20.ebuild,
   glibc-9999.ebuild:
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
index 5d93ab0e3041..d7c5faa0b284 100644
--- a/sys-libs/glibc/Manifest
+++ b/sys-libs/glibc/Manifest
@@ -15,6 +15,7 @@ AUX 2.18/glibc-2.18-hardened-inittls-nosysenter.patch 8981 SHA256 3fcdef34164b7f
 AUX 2.19/glibc-2.19-hardened-configure-picdefault.patch 865 SHA256 feeb2ddc276e90f55d2fd358837e8d4922d3b2875cb8080b1d8e27e5da83a2d9 SHA512 d8e6fea72e240f1fde8a487958463140a84e8bd6bb5b176f8ce84a34df3137943db9016300884f3efdd4da130e342448e57ed0c0dc6eb2956d647286ce1d00ce WHIRLPOOL 3a5d2882b5fc1bea78c45409c848c94a260659e3ea1e28a5dc8818de8825e55453aa1cc97b86eef99c91b17bde9f2a6db1fd8ae03839f7029d93a71feaa4d4d0
 AUX 2.20/glibc-2.20-gentoo-chk_fail.c 8978 SHA256 f9cc426b0fb21de1dc11bb36e43bca8e1b3114fe78f8b343f672a951a82c742e SHA512 5cb529ac9d18a315f25fd48a3a80a529924bee0588074c97e6df7dbe8568a67f786363c41da6300ea55818369e3609ed4315b2e2104f8a8b4f1266ba43076eda WHIRLPOOL 2d38c19a20226fc4687037b8bb19025065f039ddaa62466879ca98765c8899e64b147dd148565304419ed1a98fbe1f8403710b22c930b08a19bddba7e79b0f1d
 AUX 2.20/glibc-2.20-gentoo-stack_chk_fail.c 55 SHA256 ec73e74297b5eade591bfb3a2999989e2a7aa80752140048ffa67349635f05e7 SHA512 4dfec1bd17007b826110dcb73d09331a58b7a892c87de55b94480b14c28686442c567725b610082813411cf9911e180835a400a54ea704fe80f81cfba966a989 WHIRLPOOL b2b338a50f7895c530a71a19e4582bd0116a0b9d13b2e1505f0566924557493849f93cefb2c0ad1719ef684321e145129e0f72cfc9aa85a44ea7ebf910e7304c
+AUX 2.20/glibc-2.20-hardened-inittls-nosysenter.patch 9951 SHA256 992fb70b9b62674d94ef8938297a3f2591b3121495987d927f5a44c1d8788658 SHA512 a8302ee2963bd791be859233223b17cd154afbf04c13c046956bb1140d748272d7bcb3a6167ce8b61573ebcffe906dff064308374d2910656b8fad18480fe422 WHIRLPOOL b8753d6f1301650b91b5cf4f342de22010d819deb2bf4da27aac33d7540e15a140b8a7a4c5e111faba320873ed5784b22f6add29181fbaef14c3e9504b1b838f
 AUX 2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch 2329 SHA256 b5cf51d1ff5479d09fbc82992f126ca4969006c90c3a2ae94ad586d4902d791b SHA512 939ec7da977837ef46aa8894f99ac06b3fccfc36dd672889b85ae8cbbfc9a963c5d0c031d776aa2feee29ddf8341b4cc7a50ea19b7c6f7e80df74eef5f1fd977 WHIRLPOOL 47d248ddba815a517aed9b7dbfa247bdedf293cb5adad8079be803ea4a682136f01b47fd3817a1696b3758c4631d1a25376bf58ef039998ace4a6b65807fe75e
 AUX 2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df SHA512 2d404bec1e009d111b775fde620102b3d0ea7614d07ba31350940f2693e937e825acc43d1ab94bad2eecac61d47c696098327096dff8f08b4b7312d0873d71a6 WHIRLPOOL bb27ef90afb256d3822787b93574d4f4f5632995663e08b7201db17a4f38f6e2a8fd6368aaf699a808cd8f7acc346625b5607dcbf1e88f8b28dcc6d3dba92399
 AUX 2.5/glibc-2.5-hardened-configure-picdefault.patch 794 SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91 SHA512 99caace6c3528db400f8039c3f5aa65a2d5088d9758894c8a49df2b5045226a4056972de2d162411617162edd9023b6c6f80d85509638b5d68a8d0cda40adafe WHIRLPOOL 1271cea2155149e789f1242759e516443c5cf152ae9612d91d2a25a727952684eb043fbcfb38186a31fc6a1568201de5ef40af45436b137453e0582f2f6facde
@@ -98,26 +99,26 @@ EBUILD glibc-2.17.ebuild 6958 SHA256 3cb1baca3b8469757ee4c5cdb6b6aef07e19a6041ff
 EBUILD glibc-2.18-r1.ebuild 7021 SHA256 308a57802e31f6ec4a2ab6be491bcf679707a6a7c479b07dc754ec5eb448ab2b SHA512 8aaf3908bb7db5d315efdb01fa90eb4c783ef91e3efbb6ea006308aa4fb21669be76320d5428130816ada222fca5bea3e16882eb231a16640c55456834a53b97 WHIRLPOOL d00f4bb51366cee03c9007b8072c1dbeb5a7002158f43517a8242b07cd82058c053a3061a0affc1fb4c129f457c90e81af78b2ceb87fc8942e7d67bc264e140a
 EBUILD glibc-2.19-r1.ebuild 6903 SHA256 95acb9caf384d01a5c89af7242c72f40c5c2a8c219683c4096f65dd59e34668f SHA512 14a33b61b20acb6993b07b4842c76f3602e9d0ae2f07a44e0501831080c3730373aa5f02c96f328c47fde89e60839ec85f4dd98c4f6b515eacf03d1ab0795df8 WHIRLPOOL 1b3883b5a2641687fd46df89e140e0e332da0933fc60426906c6afaa9d825d6fdc2fea0de1a95c7a74736e96adb346c660aaf5ef0597e2c5324e716cf86873b0
 EBUILD glibc-2.19.ebuild 6912 SHA256 3a11e60bed77cc2dad678ad97ed7a959a59a91a94ca28fd4d7d8776a6217a00f SHA512 70c9b91f224c276783b96ae60f57ac48886861fda71be6e6e292840b4c8cc0fea798005c26c6c33f198c63fb2c38bf78e994821dfa010086ba7ece443257b851 WHIRLPOOL 98be39cc52c7d8431e46f24f9552db63980f4a38c8e12aaffd4b08c7c66f8931a16fd7deb99e43a5bb330a42e6c1e722a9a8f74d1fe97523d7b4bfe75c9accf5
-EBUILD glibc-2.20.ebuild 6233 SHA256 3f2c383bf8e2728ce6a91464a3ed37f4f5f277eeac18fdf2982b77d5af03e64b SHA512 e94aa9e88a08c3985f2a979fac05c957161bad027be34f13155acfe3af0d80338a10d88033ec80dc1a02cc69f443afd8fec441e9f91c82f4de5ee864d1536730 WHIRLPOOL acff71077e35e5d8fc244eed57174d0d88e182341b54562d74b8c982237e5a3f8e985fe39674d9e06d48594db0b2b02acb2fb88ce6c6f0872dba45118ea71446
+EBUILD glibc-2.20.ebuild 6159 SHA256 60cd13aa057dedf49026f440b2d0f46ae36374689d2085a7209dfb991939e0e5 SHA512 f9f64226f1d42c7db42b0c221e53e58cf22df6768f3a4e64367d8537ed232cf3566848c6210dd77a287edca05e2d952a5953ec750dc97a3c878847f06c5c0f56 WHIRLPOOL dadc71db6048b4ba75bf63e1e825f5f8ebc45f64947d9463e2a867ec5323a6c8e6d34d269c4632aa54d31cf743e63ecd6484eaa00271128c44da19dc1b809310
 EBUILD glibc-2.9_p20081201-r3.ebuild 6787 SHA256 3d9ff2b86df088b8e8cc082c5ddef164b48cffcccfa2ea001306e79a6d52a52c SHA512 7070020105a777bbf6d846fab291b238d7861472c737031e8c52b6d5c2a0524e228b724751325448ce94a42ee39112088b91d0597cd2cdbcc68c51248d2d5a11 WHIRLPOOL aa0e2d11377c3a30478afbef0fa3daa12aa9711d68dc92ab08fca999e599c613648644da2e6f81c38dc98192ed26934c4a35418a97d3146650cd4c82e39a7fed
-EBUILD glibc-9999.ebuild 6839 SHA256 3d51b4a03932748b6716fdb1c63f6c083651f3d1bae585c989adf0c106c86d58 SHA512 14339b49e597d744e488ccecb17eef69ee22f2a49cf69a280377816cde522e56abf690c487a9cdcb396ef8084b165dd716956c02ee16bea45f39a0875ef2ffcd WHIRLPOOL f52e905e4f29d7d3e9da861028eae695160d1aff250060748e5ee5da2eb4b39a895ddf0a5fa3995f844631cc89f114e58ff9ac603b4c76f6bc36ed6855f037cd
-MISC ChangeLog 72110 SHA256 084b86cf1bcafad730d0750e4ca83426de69f09c6aba34d9448f8a57bd9a0fa8 SHA512 a2c81b61b9cfb4736258b649b54fa0e943e58762bbe1b65b232a8bba3d491d8e3771b7ce4f96d7b926b878ceda135fc0b6648100afaffc7b242207ad05f4929e WHIRLPOOL f10aef3068700ac7839207e79707b417d6196f6842b1c953c6dea3e0bf81788874f036fc65a595b290c29f616794cdd459ed900f51ccc4b9b3d96a82c79b294e
+EBUILD glibc-9999.ebuild 6161 SHA256 edd7f2121c825107d5c73b434fddd13191b49f383b7ddc1341a7be43309458f9 SHA512 49298fd32c4198b0b29287c4c533d40a1f006b225a0e3c7d354616fadf111a432a6af43e54e52fbf4f78e853dddff53055675c1917d9ae003e1a9eedd54dfbba WHIRLPOOL 965a39295ece50567d45d5114d9ac37f7774160c51cabdb2acfdf391f47657bd8947e24520fe55e9d2c760dda7764044a32e0122a3af81fe14630d114008248e
+MISC ChangeLog 72496 SHA256 a7eb1f7f0b0e3fb2e3ca83da3af4bf056332883182e1fadecc0b8817581da34b SHA512 7842ec0542493b535f19f5e4c35b0cfca33141b4d0701dba449e44b8752192a14f69915e36050729c1226c6c4e1a4e941a5d7fd37499c25b9e63862424aaf484 WHIRLPOOL 0e7de83f638a0796eb0f6e7cafaf90e1d580c9cdc0f68dff4876c8d56d297d9bd6f60173aa12205c9ef8fcd13706356c0ae9a55155dcc9576ab545508d8b4260
 MISC ChangeLog-2007 108548 SHA256 d622be202eb0d61a363b0ae4065012cd1d494fefaa0c03d4aa7986177cdde6d0 SHA512 fdb3f311a3be4b97a6acfceb1763af5ea69e74d8195522c5d03307f75e15a9382991e9e29dbfdec79e74f1c36328f82648768749bc929e5050ff64b628c7ca98 WHIRLPOOL e550f354394569069e000a7e70ec69c94388a0f415c19b427203f0dcbcbeeec0f5e379ee2af7886cd2d68559e749fab8122e7e077985729d7e0e728ae9096d7a
 MISC metadata.xml 724 SHA256 b9d8df62b36ae314b29a3177c534495036ef97a819c152247383e907004fe4dc SHA512 8c215338bbf47de95f40f9f24c50d107ec0bbe4a47282d3cbc253d4003db85a88c542aee33756dd9d2d2ec4c70992009261d821a8c145c24c24d2ad448595b77 WHIRLPOOL 954f5d080c7219ffe85e128eddd05c74a32a457219d423441bb58d54a7de1786da6a2efb541861b3bfc93a9acf2ae6f79168d1ccc37385f84af0eb439fff2954
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJUXCqSAAoJEPGu1DbS6WIAwn8P/1FNdmypmA0Jqvp1wMClh1Ih
-iVGQp5SLVUB/yP64B5nHJuUZWbzBtXpuXoITlg7AWG4kFwGJ+ty4Y2I8Zccq3Dz3
-gCOmXiWm2t0qxX8WCfpgrllnYzg9JO2Nbw6UqUQvorKXE9c6AzYS/QGgQBIVv8vI
-nu2vjYgA4FQHpJy3Yw4GY7kftWZ21Fxq0Yy0TSEDjgMWZno2iiFrON83s8bJuX48
-/iw6K9scvs2hY6EnZzL0hvYACWbKFMYtq6OGSa3fJEZb2/maRs5rOvQeafL62E+K
-4FtHrU4tb4v1a/YrX5nvcwFpmZO4DcLxUiLg0rMBqYWA6c41ZXOI8lNBC4xsvDnG
-BH7NZwJkxuSyj774L9CwJmJxZzRrh3xiQH/2rvEkcCArx2ZOb8qDqoBEBdMEWuOb
-3Lf8iAhhL4guF8hTajxVPcaVQ3dXHLGJcL/66J+PFsLTZSRkoW5qPCLoo3LkZ1AT
-RInsdkntWqH3z/x3RsU+lRO/5c2fmcdmqWcnyYuULtL9BU9n75rEk6YXeCx+GtPj
-3iP21c7CWnSbZPRu3pLqxBSRCCFFfygAKaQCjQ2aw9byS8ARREzRMdreXv5CkJ+b
-XTnoXBlggsCL8DLyRapjruv3wp3MmlfFAWYEkGZOEoAtzWl9fYAr2VS1oiqobcOD
-6OiblkC8gYWEDZLb2bmk
-=DQTj
+iQIcBAEBCAAGBQJUYW+0AAoJEPGu1DbS6WIAJ+8P/3nKGpe3LFf7D7XE+AUi9Eer
+Q4rPSc0PRf04iyHhXCOq7RfVMd91KDDTmWGMb5Se/xrts/jW15QrEyC7OGwRlUEn
+j54UIy/5CPXXfhSEcpNOcbva6GZbhDZi62ce442ZhUSazfzlXr6NBjtwc5xohvIG
+cw6h3FFXl2OuluIaSleB7NY4xk4WfriUBWGP66vwx1qUFMMUHgKEKfJUVO8T1ToC
+n6dYWZ2XjyHh3VS6Jy1++//dBBvIOQcf1HnQyxzsz503cVdKxejIFtSHMVqxiw3B
+uZ0Nc+BJE9Ix1SdMD4AHNEr0EBMHAj8MyeJ8wPEgRdC9KdO8VmDinWwxXxu9akfD
+uGvQPLztjM7cfvjnhTxSYq5ee9p24DIdNW+00lDBptVphEdziTdmgQkYkz3XPbx3
+Ej9qjrrEvYhj/0sWwGs09Xx/Z18VZEC1wfPe5lxqDENOpc5Yher4pqOw7WnJx/es
+3YiSLuHvFp4BR8nVKCWZD/Gf/1TAfqe1BS+rwpmWiScqywBgyqlNMN6HT5IzL2SY
+fBW3wlJC6+IW0V9VdaaCeXwYnIkV2mKaJbk7zZ9bESd+iDHO8ZXtj3tFWAVv2yfz
+K2rI7tf2VzZ6M2jf6pqSMT2BJKpI/U29o0TEL8DpO0hMGwFVv8s+kU6dCQ6H2dVZ
+DtIvMyOZ1tmy0lcctYA1
+=64f5
 -----END PGP SIGNATURE-----
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
new file mode 100644
index 000000000000..35eabe94014a
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
@@ -0,0 +1,306 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue.  Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation.  This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation.  Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_PRE_TLS is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_PRE_TLS is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
+Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
+Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org>
+
+--- a/csu/libc-start.c
++++ b/csu/libc-start.c
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+ 
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void);
+@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
+         }
+     }
+ 
++# ifdef INTERNAL_SYSCALL_PRE_TLS
++  /* Do the initial TLS initialization before _dl_osversion,
++     since the latter uses the uname syscall.  */
++  __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+   if (!__libc_multiple_libcs)
+     {
+@@ -138,10 +144,12 @@
+     }
+ # endif
+ 
++# ifndef INTERNAL_SYSCALL_PRE_TLS
+   /* Initialize the thread library at least a bit since the libgcc
+      functions are using thread functions if these are available and
+      we need to setup errno.  */
+   __pthread_initialize_minimal ();
++# endif
+ 
+   /* Set up the stack checker's canary.  */
+   uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+--- a/csu/libc-tls.c
++++ b/csu/libc-tls.c
+@@ -22,12 +22,17 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+ 
+ 
+ #ifdef SHARED
+  #error makefile bug, this file is for static only
+ #endif
+ 
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++extern void *__sbrk_nosysenter (intptr_t __delta);
++#endif
++
+ dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
+ 
+ 
+@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
+ 
+      The initialized value of _dl_tls_static_size is provided by dl-open.c
+      to request some surplus that permits dynamic loading of modules with
+-     IE-model TLS.  */
++     IE-model TLS.
++
++     Where the normal sbrk would use a syscall that needs the TLS (i386)
++     use the special non-sysenter version instead.  */
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++# define __sbrk __sbrk_nosysenter
++#endif
+ #if TLS_TCB_AT_TP
+   tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
+   tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+ #elif TLS_DTV_AT_TP
+   tcb_offset = roundup (tcbsize, align ?: 1);
+   tlsblock = __sbrk (tcb_offset + memsz + max_align
+ 		     + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+   tlsblock += TLS_PRE_TCB_SIZE;
+ #else
+   /* In case a model with a different layout for the TCB and DTV
+      is defined add another #elif here and in the following #ifs.  */
+ # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
+ #endif
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++# undef __sbrk
++#endif
+ 
+   /* Align the TLS block.  */
+   tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
+--- a/misc/sbrk.c
++++ b/misc/sbrk.c
+@@ -18,6 +18,7 @@
+ #include <errno.h>
+ #include <stdint.h>
+ #include <unistd.h>
++#include <sysdep.h>
+ 
+ /* Defined in brk.c.  */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+    If INCREMENT is negative, shrink data space by - INCREMENT.
+    Return start of new space allocated, or -1 for errors.  */
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++   if the SYSENTER version requires the TLS (which it does on i386).
++   Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++  void *oldbrk;
++
++  /* If this is not part of the dynamic library or the library is used via
++     dynamic loading in a statically linked program update __curbrk from the
++     kernel's brk value.  That way two separate instances of __brk and __sbrk
++     can share the heap, returning interleaved pieces of it.  */
++  if (__curbrk == NULL || __libc_multiple_libcs)
++    if (__brk_nosysenter (0) < 0)		/* Initialize the break.  */
++      return (void *) -1;
++
++  if (increment == 0)
++    return __curbrk;
++
++  oldbrk = __curbrk;
++  if (__brk_nosysenter (oldbrk + increment) < 0)
++    return (void *) -1;
++
++  return oldbrk;
++}
++#endif
++
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- a/sysdeps/unix/sysv/linux/i386/brk.c
++++ b/sysdeps/unix/sysv/linux/i386/brk.c
+@@ -31,6 +31,30 @@
+    linker.  */
+ weak_alias (__curbrk, ___brk_addr)
+ 
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++   if the SYSENTER version requires the TLS (which it does on i386).
++   Obviously using the TLS before it is initialised is broken.  */
++int
++__brk_nosysenter (void *addr)
++{
++  void *newbrk;
++
++  INTERNAL_SYSCALL_DECL (err);
++  newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
++
++  __curbrk = newbrk;
++
++  if (newbrk < addr)
++    {
++      __set_errno (ENOMEM);
++      return -1;
++    }
++
++  return 0;
++}
++#endif
++
+ int
+ __brk (void *addr)
+ {
+--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+    to use int $0x80.  */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# ifdef __PIC__
+ #  define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ #  define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+    possible to use more than four parameters.  */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# ifdef __PIC__
+ #  define INTERNAL_SYSCALL(name, err, nr, args...) \
+   ({									      \
+     register unsigned int resultvar;					      \
+@@ -384,6 +384,18 @@
+     : "0" (name), "i" (offsetof (tcbhead_t, sysinfo))			      \
+       ASMFMT_##nr(args) : "memory", "cc");				      \
+     (int) resultvar; })
++#  define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
++  ({									      \
++    register unsigned int resultvar;					      \
++    EXTRAVAR_##nr							      \
++    asm volatile (							      \
++    LOADARGS_NOSYSENTER_##nr						      \
++    "movl %1, %%eax\n\t"						      \
++    "int $0x80\n\t"							      \
++    RESTOREARGS_NOSYSENTER_##nr						      \
++    : "=a" (resultvar)							      \
++    : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc");		      \
++    (int) resultvar; })
+ # else
+ #  define INTERNAL_SYSCALL(name, err, nr, args...) \
+   ({									      \
+@@ -447,12 +459,20 @@
+ 
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && defined __PIC__
+ #  define LOADARGS_1 \
+     "bpushl .L__X'%k3, %k3\n\t"
+ #  define LOADARGS_5 \
+     "movl %%ebx, %4\n\t"						      \
+     "movl %3, %%ebx\n\t"
++#  define LOADARGS_NOSYSENTER_1 \
++    "bpushl .L__X'%k2, %k2\n\t"
++#  define LOADARGS_NOSYSENTER_2	LOADARGS_NOSYSENTER_1
++#  define LOADARGS_NOSYSENTER_3	LOADARGS_3
++#  define LOADARGS_NOSYSENTER_4	LOADARGS_3
++#  define LOADARGS_NOSYSENTER_5 \
++    "movl %%ebx, %3\n\t"						      \
++    "movl %2, %%ebx\n\t"
+ # else
+ #  define LOADARGS_1 \
+     "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +494,18 @@
+ 
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && defined __PIC__
+ #  define RESTOREARGS_1 \
+     "bpopl .L__X'%k3, %k3\n\t"
+ #  define RESTOREARGS_5 \
+     "movl %4, %%ebx"
++#  define RESTOREARGS_NOSYSENTER_1 \
++    "bpopl .L__X'%k2, %k2\n\t"
++#  define RESTOREARGS_NOSYSENTER_2	RESTOREARGS_NOSYSENTER_1
++#  define RESTOREARGS_NOSYSENTER_3	RESTOREARGS_3
++#  define RESTOREARGS_NOSYSENTER_4	RESTOREARGS_3
++#  define RESTOREARGS_NOSYSENTER_5 \
++    "movl %3, %%ebx"
+ # else
+ #  define RESTOREARGS_1 \
+     "bpopl .L__X'%k2, %k2\n\t"
+--- a/sysdeps/i386/nptl/tls.h
++++ b/sysdeps/i386/nptl/tls.h
+@@ -189,6 +189,15 @@
+   desc->vals[3] = 0x51;
+ }
+ 
++/* We have no sysenter until the tls is initialized which is a
++   problem for PIC. Thus we need to do the right call depending
++   on the situation.  */
++#ifndef INTERNAL_SYSCALL_PRE_TLS
++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
++#else
++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
++#endif
++
+ /* Code to initially initialize the thread pointer.  This might need
+    special attention since 'errno' is not yet available and if the
+    operation can cause a failure 'errno' must not be touched.  */
+@@ -209,7 +218,7 @@
+ 									      \
+      /* Install the TLS.  */						      \
+      INTERNAL_SYSCALL_DECL (err);					      \
+-     _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc);   \
++     _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc);   \
+ 									      \
+      if (_result == 0)							      \
+        /* We know the index in the GDT, now load the segment register.	      \
diff --git a/sys-libs/glibc/glibc-2.20.ebuild b/sys-libs/glibc/glibc-2.20.ebuild
index 83c85e5214d5..ad923e59e335 100644
--- a/sys-libs/glibc/glibc-2.20.ebuild
+++ b/sys-libs/glibc/glibc-2.20.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.20.ebuild,v 1.5 2014/11/11 02:06:55 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.20.ebuild,v 1.6 2014/11/11 02:08:50 vapier Exp $
 
 EAPI="4"
 
@@ -162,7 +162,7 @@ eblit-src_prepare-post() {
 	if use hardened ; then
 		einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
 		gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
-		epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
+		epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
 
 		# We don't enable these for non-hardened as the output is very terse --
 		# it only states that a crash happened.  The default upstream behavior
diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index 996112304a7a..8bf4a9a245f4 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-9999.ebuild,v 1.26 2014/11/11 02:06:55 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-9999.ebuild,v 1.27 2014/11/11 02:08:50 vapier Exp $
 
 EAPI="4"
 
@@ -162,7 +162,7 @@ eblit-src_prepare-post() {
 	if use hardened ; then
 		einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
 		gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
-		epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
+		epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
 
 		# We don't enable these for non-hardened as the output is very terse --
 		# it only states that a crash happened.  The default upstream behavior