go, branch go1.17.9

[release-branch.go1.17] go1.17.9

2022-04-12T15:40:31Z

Change-Id: Id2437003673e7eb1c514f15e6266b93308b7d5e8 Reviewed-on: https://go-review.googlesource.com/c/go/+/399819 Run-TryBot: Dmitri Shuralyov Reviewed-by: Cherry Mui TryBot-Result: Gopher Robot Reviewed-by: Dmitri Shuralyov

[release-branch.go1.17] encoding/pem: fix stack overflow in Decode

2022-04-12T14:42:58Z

Previously, Decode called decodeError, a recursive function that was prone to stack overflows when given a large PEM file containing errors. Credit to Juho Nurminen of Mattermost who reported the error. Fixes CVE-2022-24675 Updates #51853 Fixes #52036 Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157 Reviewed-by: Damien Neil Reviewed-by: Filippo Valsorda (cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02) Reviewed-on: https://go-review.googlesource.com/c/go/+/399816 Run-TryBot: Dmitri Shuralyov Reviewed-by: Dmitri Shuralyov Reviewed-by: Cherry Mui TryBot-Result: Gopher Robot

[release-branch.go1.17] crypto/elliptic: tolerate zero-padded scalars in generic P-256

2022-04-06T16:36:21Z

Updates #52075 Fixes #52076 Fixes CVE-2022-28327 Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27 Reviewed-on: https://go-review.googlesource.com/c/go/+/397136 Trust: Filippo Valsorda Reviewed-by: Julie Qiu

[release-branch.go1.17] cmd/link: mark unexported methods for plugins

2022-04-04T18:02:38Z

When plugin is used, we already mark all exported methods reachable. However, when the plugin and the host program share a common package, an unexported method could also be reachable from both the plugin and the host via interfaces. We need to mark them as well. Fixes #51736. Updates #51621. Change-Id: I1a70d3f96b66b803f2d0ab14d00ed0df276ea500 Reviewed-on: https://go-review.googlesource.com/c/go/+/393365 Trust: Cherry Mui Run-TryBot: Cherry Mui TryBot-Result: Gopher Robot Reviewed-by: Than McIntosh (cherry picked from commit 91631bc7e0131367eb051b581cf34573399ac592) Reviewed-on: https://go-review.googlesource.com/c/go/+/397484

[release-branch.go1.17] runtime: fix net poll races

2022-03-28T16:55:47Z

The netpoll code was written long ago, when the only multiprocessors that Go ran on were x86. It assumed that an atomic store would trigger a full memory barrier and then used that barrier to order otherwise racy access to a handful of fields, including pollDesc.closing. On ARM64, this code has finally failed, because the atomic store is on a value completely unrelated to any of the racily-accessed fields, and the ARMv8 hardware, unlike x86, is clever enough not to do a full memory barrier for a simple atomic store. We are seeing a constant background rate of trybot failures where the net/http tests deadlock - a netpollblock has clearly happened after the pollDesc has begun to close. The code that does the racy reads is netpollcheckerr, which needs to be able to run without acquiring a lock. This CL fixes the race, without introducing unnecessary inefficiency or deadlock, by arranging for every updater of the relevant fields to publish a summary as a single atomic uint32, and then having netpollcheckerr use a single atomic load to fetch the relevant bits and then proceed as before. For #45211 Fixes #50611 Change-Id: Ib6788c8da4d00b7bda84d55ca3fdffb5a64c1a0a Reviewed-on: https://go-review.googlesource.com/c/go/+/378234 Trust: Russ Cox Run-TryBot: Russ Cox Trust: Bryan Mills Reviewed-by: Ian Lance Taylor (cherry picked from commit 17b2fb1b656a275906b5071c562439d50a27f167) Reviewed-on: https://go-review.googlesource.com/c/go/+/392714 Trust: Ian Lance Taylor Run-TryBot: Ian Lance Taylor TryBot-Result: Gopher Robot Reviewed-by: Emmanuel Odeke

[release-branch.go1.17] runtime: call testenv.MustHaveCGO in a couple of tests

2022-03-28T16:55:15Z

For #51695 Fixes #51696 Change-Id: Icfe9d26ecc28a7db9040d50d4661cf9e8245471e Reviewed-on: https://go-review.googlesource.com/c/go/+/392916 Trust: Ian Lance Taylor Run-TryBot: Ian Lance Taylor TryBot-Result: Gopher Robot Reviewed-by: Bryan Mills (cherry picked from commit 2d32594396b231b39d09ec21d34b22b0270268b5) Reviewed-on: https://go-review.googlesource.com/c/go/+/393698 Reviewed-by: Emmanuel Odeke

[release-branch.go1.17] runtime: count spill slot for frame size at finalizer call

2022-03-14T17:45:32Z

The finalizer is called using reflectcall. When register ABI is used, the finalizer's argument is passed in register(s). But the frame size calculation does not include the spill slot. When the argument actually spills, it may clobber the caller's stack frame. This CL fixes it. Updates #51457. Fixes #51458. Change-Id: Ibcc7507c518ba65c1c5a7759e5cab0ae3fc7efce Reviewed-on: https://go-review.googlesource.com/c/go/+/389574 Trust: Cherry Mui Run-TryBot: Cherry Mui TryBot-Result: Gopher Robot Reviewed-by: Michael Knyszek (cherry picked from commit 58804ea67a28c1d8e37ed548b685bc0c09638886) Reviewed-on: https://go-review.googlesource.com/c/go/+/389794

[release-branch.go1.17] go1.17.8

2022-03-03T16:55:45Z

Change-Id: I14f4da429cf8562c6cab99cd0cd4edfbc03f68e9 Reviewed-on: https://go-review.googlesource.com/c/go/+/389736 Trust: Carlos Amedee Run-TryBot: Carlos Amedee TryBot-Result: Gopher Robot Reviewed-by: Alex Rakoczy

[release-branch.go1.17] cmd/go: avoid +incompatible major versions if a go.mod file exists in a subdirectory for that version

2022-03-03T14:29:59Z

Previous versions of the 'go' command would reject a pseudo-version passed to 'go get' if that pseudo-version had a mismatched major version and lacked a "+incompatible" suffix. However, they would erroneously accept a version *with* a "+incompatible" suffix even if the repo contained a vN/go.mod file for the same major version, and would generate a "+incompatible" pseudo-version or version if the user requested a tag, branch, or commit hash. This change uniformly rejects "vN.…" without "+incompatible", and also avoids resolving to "vN.…+incompatible", when vN/go.mod exists. To maintain compatibility with existing go.mod files, it still accepts "vN.…+incompatible" if the version is requested explicitly as such and the repo root lacks a go.mod file. Fixes #51332 Updates #51324 Updates #36438 Change-Id: I2b16150c73fc2abe4d0a1cd34cb1600635db7139 Reviewed-on: https://go-review.googlesource.com/c/go/+/387675 Trust: Bryan Mills Reviewed-by: Michael Matloob (cherry picked from commit 5a9fc946b42cc987db41eabcfcbaffd2fb310d94) Reviewed-on: https://go-review.googlesource.com/c/go/+/387922 Run-TryBot: Bryan Mills TryBot-Result: Gopher Robot Reviewed-by: Dmitri Shuralyov

[release-branch.go1.17] cmd/compile: correct type of pointer difference on RISCV64

2022-02-18T00:51:21Z

Pointer comparison is lowered to the following on RISCV64 (EqPtr x y) => (SEQZ (SUB x y)) The difference of two pointers (the SUB) should not be pointer type. Otherwise it can cause the GC to find a bad pointer. Updates #51101. Fixes #51199. Change-Id: I7e73c2155c36ff403c032981a9aa9cccbfdf0f64 Reviewed-on: https://go-review.googlesource.com/c/go/+/385655 Trust: Cherry Mui Run-TryBot: Cherry Mui Reviewed-by: Keith Randall TryBot-Result: Gopher Robot (cherry picked from commit 1ed30ca537a05b887f8479027b6363a03f957610) Reviewed-on: https://go-review.googlesource.com/c/go/+/386474