Re: [PATCH v3] elf: Fix DTV gap reuse logic (BZ #27135)

[Stefan Liebler via Libc-alpha <libc-alpha@sourceware.org>]

On 14/07/2021 20:11, Adhemerval Zanella via Libc-alpha wrote:
> 
> 
> On 14/07/2021 13:57, Carlos O'Donell wrote:
>> On 7/14/21 9:52 AM, Adhemerval Zanella wrote:
>>>
>>>
>>> On 09/07/2021 12:05, Szabolcs Nagy wrote:
>>>> The 07/09/2021 10:50, Adhemerval Zanella wrote:
>>>>> Changes from previous version:
>>>>>
>>>>>   - Fix commit message and add a line about the bug fixes.
>>>>>   - Use atomic operation while setting the slotinfo.
>>>>>   - Use test_verbose on tst-tls20.c.
>>>>>
>>>>> ---
>>>>>
>>>>> This is updated version of the 572bd547d57a (reverted by 40ebfd016ad2)
>>>>> that fixes the _dl_next_tls_modid issues.
>>>>>
>>>>> This issue with 572bd547d57a patch is the DTV entry will be only
>>>>> update on dl_open_worker() with the update_tls_slotinfo() call after
>>>>> all dependencies are being processed by _dl_map_object_deps().  However
>>>>> _dl_map_object_deps() itself might call _dl_next_tls_modid(), and since
>>>>> the _dl_tls_dtv_slotinfo_list::map is not yet set the entry will be
>>>>> wrongly reused.
>>>>>
>>>>> This patch fixes by renaming the _dl_next_tls_modid() function to
>>>>> _dl_assign_tls_modid() and by passing the link_map so it can set
>>>>> the slotinfo value so a so subsequente _dl_next_tls_modid() call will
>>>>> see the entry as allocated.
>>>>
>>>> this paragraph still has 'so a so subsequente'
>>>> and i would add the bug number into the first sentence.
>>>
>>> Fixed.
>>>
>>>>
>>>>>
>>>>> The intermediary value is cleared up on remove_slotinfo() for the case
>>>>> a library fails to load with RTLD_NOW.
>>>>>
>>>>> This patch fixes BZ #27135.
>>>>>
>>>>> Checked on x86_64-linux-gnu.
>>>>
>>>> the patch looks ok to me, with the commit message
>>>> and the comment issue below fixed.
>>>>
>>>> Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
>>>
>>> Carlos, is it for push?
>>
>> It's a non-ABI bug fix, so we can push it. Thanks for asking.
>>
> 
> And it is in, let's hope it does not brake anything again ;)
> 

Hi Adhemerval,

I'm getting a segfault on s390x in elf/tst-tls20. It is at the end of
do_test() when the stack-protector-canary is compared.

I'm also getting such an error on x86_64,
$ <glibc>/configure --prefix=/usr --enable-stack-protector=strong
$ make
$ make subdirs=elf check
$ make t=elf/tst-tls20 test
...
*** stack smashing detected ***: terminated
make[2]: Leaving directory 'glibc/elf'
FAIL: elf/tst-tls20
original exit status 1
Didn't expect signal from child: got `Aborted'


If configuring without --enable-stack-protector=strong, then
elf/tst-tls20 succeeds.

Can you please have a look?

Bye,
Stefan