Merging upstream version 1.22.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

14 files changed, 146 insertions, 23 deletions

diff --git a/VERSION b/VERSION
index 90486b0..e2a3741 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-go1.22.2
-time 2024-03-29T15:27:02Z
+go1.22.3
+time 2024-05-01T19:49:47Z
diff --git a/src/cmd/asm/internal/asm/testdata/ppc64.s b/src/cmd/asm/internal/asm/testdata/ppc64.s
index 01052b4..f84bc14 100644
--- a/src/cmd/asm/internal/asm/testdata/ppc64.s
+++ b/src/cmd/asm/internal/asm/testdata/ppc64.s
@@ -52,6 +52,9 @@ TEXT asmtest(SB),DUPOK|NOSPLIT,$0
 	// Hex constant 0xFFFFFFFE00000001
 	MOVD $-8589934591, R5           // 38a0ffff or 0602000038a00001
 
+	// For #66955. Verify this opcode turns into a load and assembles.
+	MOVD $-6795364578871345152, R5  // 3ca00000e8a50000 or 04100000e4a00000
+
 	MOVD 8(R3), R4                  // e8830008
 	MOVD (R3)(R4), R5               // 7ca4182a
 	MOVD (R3)(R0), R5               // 7ca0182a
@@ -90,6 +93,7 @@ TEXT asmtest(SB),DUPOK|NOSPLIT,$0
 	MOVHBR (R3)(R4), R5             // 7ca41e2c
 	MOVHBR (R3)(R0), R5             // 7ca01e2c
 	MOVHBR (R3), R5                 // 7ca01e2c
+	OR $0, R0, R0
 	MOVD $foo+4009806848(FP), R5    // 3ca1ef0138a5cc40 or 0600ef0038a1cc40
 	MOVD $foo(SB), R5               // 3ca0000038a50000 or 0610000038a00000
 
diff --git a/src/cmd/compile/internal/noder/unified.go b/src/cmd/compile/internal/noder/unified.go
index 492b00d..562b2e6 100644
--- a/src/cmd/compile/internal/noder/unified.go
+++ b/src/cmd/compile/internal/noder/unified.go
@@ -120,6 +120,9 @@ func lookupMethod(pkg *types.Pkg, symName string) (*ir.Func, error) {
 	if name.Alias() {
 		return nil, fmt.Errorf("type sym %v refers to alias", typ)
 	}
+	if name.Type().IsInterface() {
+		return nil, fmt.Errorf("type sym %v refers to interface type", typ)
+	}
 
 	for _, m := range name.Type().Methods() {
 		if m.Sym == meth {
diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go
index 88504be..568eecd 100644
--- a/src/cmd/go/internal/work/security.go
+++ b/src/cmd/go/internal/work/security.go
@@ -145,6 +145,12 @@ var validCompilerFlagsWithNextArg = []string{
 	"-x",
 }
 
+var invalidLinkerFlags = []*lazyregexp.Regexp{
+	// On macOS this means the linker loads and executes the next argument.
+	// Have to exclude separately because -lfoo is allowed in general.
+	re(`-lto_library`),
+}
+
 var validLinkerFlags = []*lazyregexp.Regexp{
 	re(`-F([^@\-].*)`),
 	re(`-l([^@\-].*)`),
@@ -235,12 +241,12 @@ var validLinkerFlagsWithNextArg = []string{
 
 func checkCompilerFlags(name, source string, list []string) error {
 	checkOverrides := true
-	return checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides)
+	return checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides)
 }
 
 func checkLinkerFlags(name, source string, list []string) error {
 	checkOverrides := true
-	return checkFlags(name, source, list, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides)
+	return checkFlags(name, source, list, invalidLinkerFlags, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides)
 }
 
 // checkCompilerFlagsForInternalLink returns an error if 'list'
@@ -249,7 +255,7 @@ func checkLinkerFlags(name, source string, list []string) error {
 // external linker).
 func checkCompilerFlagsForInternalLink(name, source string, list []string) error {
 	checkOverrides := false
-	if err := checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil {
+	if err := checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil {
 		return err
 	}
 	// Currently the only flag on the allow list that causes problems
@@ -262,7 +268,7 @@ func checkCompilerFlagsForInternalLink(name, source string, list []string) error
 	return nil
 }
 
-func checkFlags(name, source string, list []string, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error {
+func checkFlags(name, source string, list []string, invalid, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error {
 	// Let users override rules with $CGO_CFLAGS_ALLOW, $CGO_CFLAGS_DISALLOW, etc.
 	var (
 		allow    *regexp.Regexp
@@ -294,6 +300,11 @@ Args:
 		if allow != nil && allow.FindString(arg) == arg {
 			continue Args
 		}
+		for _, re := range invalid {
+			if re.FindString(arg) == arg { // must be complete match
+				goto Bad
+			}
+		}
 		for _, re := range valid {
 			if re.FindString(arg) == arg { // must be complete match
 				continue Args
diff --git a/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
new file mode 100644
index 0000000..d7acefd
--- /dev/null
+++ b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
@@ -0,0 +1,17 @@
+[!GOOS:darwin] skip
+[!cgo] skip
+
+! go build
+stderr 'invalid flag in #cgo LDFLAGS: -lto_library'
+
+-- go.mod --
+module ldflag
+
+-- main.go --
+package main
+
+// #cgo CFLAGS: -flto
+// #cgo LDFLAGS: -lto_library bad.dylib
+import "C"
+
+func main() {}
\ No newline at end of file
diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go
index 8adc653..3d4c99e 100644
--- a/src/cmd/internal/moddeps/moddeps_test.go
+++ b/src/cmd/internal/moddeps/moddeps_test.go
@@ -33,8 +33,6 @@ import (
 // See issues 36852, 41409, and 43687.
 // (Also see golang.org/issue/27348.)
 func TestAllDependencies(t *testing.T) {
-	t.Skip("TODO(#65051): 1.22.2 contains unreleased changes from vendored modules")
-
 	goBin := testenv.GoToolPath(t)
 
 	// Ensure that all packages imported within GOROOT
diff --git a/src/cmd/internal/obj/ppc64/obj9.go b/src/cmd/internal/obj/ppc64/obj9.go
index 7e26118..6fa0f84 100644
--- a/src/cmd/internal/obj/ppc64/obj9.go
+++ b/src/cmd/internal/obj/ppc64/obj9.go
@@ -175,8 +175,8 @@ func progedit(ctxt *obj.Link, p *obj.Prog, newprog obj.ProgAlloc) {
 			// Is this a shifted 16b constant? If so, rewrite it to avoid a creating and loading a constant.
 			val := p.From.Offset
 			shift := bits.TrailingZeros64(uint64(val))
-			mask := 0xFFFF << shift
-			if val&int64(mask) == val || (val>>(shift+16) == -1 && (val>>shift)<<shift == val) {
+			mask := int64(0xFFFF) << shift
+			if val&mask == val || (val>>(shift+16) == -1 && (val>>shift)<<shift == val) {
 				// Rewrite this value into MOVD $const>>shift, Rto; SLD $shift, Rto
 				q := obj.Appendp(p, c.newprog)
 				q.As = ASLD
diff --git a/src/go.mod b/src/go.mod
index 04bb1b3..737d78d 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -4,7 +4,7 @@ go 1.22
 
 require (
 	golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb
-	golang.org/x/net v0.19.1-0.20240327214321-ae3c50b55fdf
+	golang.org/x/net v0.19.1-0.20240412193750-db050b07227e
 )
 
 require (
diff --git a/src/go.sum b/src/go.sum
index 28d7841..86d173c 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -1,7 +1,7 @@
 golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb h1:1ceSY7sk6sJuiDREHpfyrqDnDljsLfEP2GuTClhBBfI=
 golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/net v0.19.1-0.20240327214321-ae3c50b55fdf h1:zcMReZfxLPmppTre5oSNPSOgoTRtOplx+QV25LkyAto=
-golang.org/x/net v0.19.1-0.20240327214321-ae3c50b55fdf/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.19.1-0.20240412193750-db050b07227e h1:oDnvqaqHo3ho8OChMtkQbQAyp9eqnm3J7JRtt0+Cabc=
+golang.org/x/net v0.19.1-0.20240412193750-db050b07227e/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
diff --git a/src/net/dnsclient_unix.go b/src/net/dnsclient_unix.go
index c291d5e..8b3dd53 100644
--- a/src/net/dnsclient_unix.go
+++ b/src/net/dnsclient_unix.go
@@ -267,7 +267,9 @@ func extractExtendedRCode(p dnsmessage.Parser, hdr dnsmessage.Header) dnsmessage
 		if ahdr.Type == dnsmessage.TypeOPT {
 			return ahdr.ExtendedRCode(hdr.RCode)
 		}
-		p.SkipAdditional()
+		if err := p.SkipAdditional(); err != nil {
+			return hdr.RCode
+		}
 	}
 }
 
diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 75454db..c1a2e76 100644
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -1894,6 +1894,9 @@ func http2terminalReadFrameError(err error) bool {
 // returned error is ErrFrameTooLarge. Other errors may be of type
 // ConnectionError, StreamError, or anything else from the underlying
 // reader.
+//
+// If ReadFrame returns an error and a non-nil Frame, the Frame's StreamID
+// indicates the stream responsible for the error.
 func (fr *http2Framer) ReadFrame() (http2Frame, error) {
 	fr.errDetail = nil
 	if fr.lastFrame != nil {
@@ -2926,7 +2929,7 @@ func (fr *http2Framer) maxHeaderStringLen() int {
 // readMetaFrame returns 0 or more CONTINUATION frames from fr and
 // merge them into the provided hf and returns a MetaHeadersFrame
 // with the decoded hpack values.
-func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) {
+func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (http2Frame, error) {
 	if fr.AllowIllegalReads {
 		return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders")
 	}
@@ -2996,8 +2999,8 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr
 				log.Printf("http2: header list too large")
 			}
 			// It would be nice to send a RST_STREAM before sending the GOAWAY,
-			// but the struture of the server's frame writer makes this difficult.
-			return nil, http2ConnectionError(http2ErrCodeProtocol)
+			// but the structure of the server's frame writer makes this difficult.
+			return mh, http2ConnectionError(http2ErrCodeProtocol)
 		}
 
 		// Also close the connection after any CONTINUATION frame following an
@@ -3008,12 +3011,12 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr
 				log.Printf("http2: invalid header: %v", invalid)
 			}
 			// It would be nice to send a RST_STREAM before sending the GOAWAY,
-			// but the struture of the server's frame writer makes this difficult.
-			return nil, http2ConnectionError(http2ErrCodeProtocol)
+			// but the structure of the server's frame writer makes this difficult.
+			return mh, http2ConnectionError(http2ErrCodeProtocol)
 		}
 
 		if _, err := hdec.Write(frag); err != nil {
-			return nil, http2ConnectionError(http2ErrCodeCompression)
+			return mh, http2ConnectionError(http2ErrCodeCompression)
 		}
 
 		if hc.HeadersEnded() {
@@ -3030,7 +3033,7 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr
 	mh.http2HeadersFrame.invalidate()
 
 	if err := hdec.Close(); err != nil {
-		return nil, http2ConnectionError(http2ErrCodeCompression)
+		return mh, http2ConnectionError(http2ErrCodeCompression)
 	}
 	if invalid != nil {
 		fr.errDetail = invalid
@@ -5297,6 +5300,11 @@ func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool
 		sc.goAway(http2ErrCodeFlowControl)
 		return true
 	case http2ConnectionError:
+		if res.f != nil {
+			if id := res.f.Header().StreamID; id > sc.maxClientStreamID {
+				sc.maxClientStreamID = id
+			}
+		}
 		sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev)
 		sc.goAway(http2ErrCode(ev))
 		return true // goAway will handle shutdown
diff --git a/src/runtime/alg.go b/src/runtime/alg.go
index eaf9c91..ef4f859 100644
--- a/src/runtime/alg.go
+++ b/src/runtime/alg.go
@@ -391,7 +391,7 @@ func alginit() {
 		return
 	}
 	for i := range hashkey {
-		hashkey[i] = uintptr(rand()) | 1 // make sure these numbers are odd
+		hashkey[i] = uintptr(bootstrapRand()) | 1 // make sure these numbers are odd
 	}
 }
 
diff --git a/src/runtime/map_test.go b/src/runtime/map_test.go
index 2c51236..c29fb93 100644
--- a/src/runtime/map_test.go
+++ b/src/runtime/map_test.go
@@ -8,7 +8,9 @@ import (
 	"fmt"
 	"internal/abi"
 	"internal/goarch"
+	"internal/testenv"
 	"math"
+	"os"
 	"reflect"
 	"runtime"
 	"sort"
@@ -1464,3 +1466,81 @@ func TestMapValues(t *testing.T) {
 		}
 	}
 }
+
+func computeHash() uintptr {
+	var v struct{}
+	return runtime.MemHash(unsafe.Pointer(&v), 0, unsafe.Sizeof(v))
+}
+
+func subprocessHash(t *testing.T, env string) uintptr {
+	t.Helper()
+
+	cmd := testenv.CleanCmdEnv(testenv.Command(t, os.Args[0], "-test.run=^TestMemHashGlobalSeed$"))
+	cmd.Env = append(cmd.Env, "GO_TEST_SUBPROCESS_HASH=1")
+	if env != "" {
+		cmd.Env = append(cmd.Env, env)
+	}
+
+	out, err := cmd.Output()
+	if err != nil {
+		t.Fatalf("cmd.Output got err %v want nil", err)
+	}
+
+	s := strings.TrimSpace(string(out))
+	h, err := strconv.ParseUint(s, 10, 64)
+	if err != nil {
+		t.Fatalf("Parse output %q got err %v want nil", s, err)
+	}
+	return uintptr(h)
+}
+
+// memhash has unique per-process seeds, so hashes should differ across
+// processes.
+//
+// Regression test for https://go.dev/issue/66885.
+func TestMemHashGlobalSeed(t *testing.T) {
+	if os.Getenv("GO_TEST_SUBPROCESS_HASH") != "" {
+		fmt.Println(computeHash())
+		os.Exit(0)
+		return
+	}
+
+	testenv.MustHaveExec(t)
+
+	// aeshash and memhashFallback use separate per-process seeds, so test
+	// both.
+	t.Run("aes", func(t *testing.T) {
+		if !*runtime.UseAeshash {
+			t.Skip("No AES")
+		}
+
+		h1 := subprocessHash(t, "")
+		t.Logf("%d", h1)
+		h2 := subprocessHash(t, "")
+		t.Logf("%d", h2)
+		h3 := subprocessHash(t, "")
+		t.Logf("%d", h3)
+
+		if h1 == h2 && h2 == h3 {
+			t.Errorf("got duplicate hash %d want unique", h1)
+		}
+	})
+
+	t.Run("noaes", func(t *testing.T) {
+		env := ""
+		if *runtime.UseAeshash {
+			env = "GODEBUG=cpu.aes=off"
+		}
+
+		h1 := subprocessHash(t, env)
+		t.Logf("%d", h1)
+		h2 := subprocessHash(t, env)
+		t.Logf("%d", h2)
+		h3 := subprocessHash(t, env)
+		t.Logf("%d", h3)
+
+		if h1 == h2 && h2 == h3 {
+			t.Errorf("got duplicate hash %d want unique", h1)
+		}
+	})
+}
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
index 8c555d2..9a234e5 100644
--- a/src/vendor/modules.txt
+++ b/src/vendor/modules.txt
@@ -7,7 +7,7 @@ golang.org/x/crypto/cryptobyte/asn1
 golang.org/x/crypto/hkdf
 golang.org/x/crypto/internal/alias
 golang.org/x/crypto/internal/poly1305
-# golang.org/x/net v0.19.1-0.20240327214321-ae3c50b55fdf
+# golang.org/x/net v0.19.1-0.20240412193750-db050b07227e
 ## explicit; go 1.18
 golang.org/x/net/dns/dnsmessage
 golang.org/x/net/http/httpguts