From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 176F21F8C6 for ; Thu, 15 Jul 2021 15:04:07 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 05863385B836 for ; Thu, 15 Jul 2021 15:04:06 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 05863385B836 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1626361446; bh=IF7KIjn26j2ya72uXGJrJDF6PF1uPUwgTXx1IOUeAwY=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=KwrRvOVJZvPOql+U1AUOUM8rQ8N/6TFfpHUu92sjz4gSmMtRBwMvIS60+zEfoh2tm ajhaYzlPDM3fSxPoQ3Js35R30wGS8vV1t1FMmqc4MZlRftBbZpQQii9pOSWpfd8715 /+VzWgTNWuDh5fojIz+qYVz0MhJlz/6KrelboDN0= Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by sourceware.org (Postfix) with ESMTPS id 0A2F03858C39 for ; Thu, 15 Jul 2021 15:03:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0A2F03858C39 Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16FEYQsY090726 for ; Thu, 15 Jul 2021 11:03:44 -0400 Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com with ESMTP id 39sc307r2j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 15 Jul 2021 11:03:44 -0400 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 16FEwAoc024038 for ; Thu, 15 Jul 2021 15:03:41 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma02fra.de.ibm.com with ESMTP id 39s3p78ngd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 15 Jul 2021 15:03:41 +0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 16FF3dIg22085908 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 15 Jul 2021 15:03:39 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 68F035204F for ; Thu, 15 Jul 2021 15:03:39 +0000 (GMT) Received: from li-ab9d22cc-354d-11b2-a85c-e984af76f811.ibm.com (unknown [9.145.170.13]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 44C7352051 for ; Thu, 15 Jul 2021 15:03:39 +0000 (GMT) Subject: Re: [PATCH v3] elf: Fix DTV gap reuse logic (BZ #27135) To: libc-alpha@sourceware.org References: <20210709135001.505521-1-adhemerval.zanella@linaro.org> <20210709150512.GT14854@arm.com> <0c977f4a-248d-c035-a615-852adee670a1@linaro.org> <76323d51-f54d-29c1-1a72-3b439c521f44@redhat.com> <2ad90aa2-bae0-803e-8099-c91fd6641236@linux.ibm.com> Message-ID: Date: Thu, 15 Jul 2021 17:03:39 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: GUpG-XecGiUGojBGB7YgDjV5bD1c9w-4 X-Proofpoint-ORIG-GUID: GUpG-XecGiUGojBGB7YgDjV5bD1c9w-4 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-15_10:2021-07-14, 2021-07-15 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 malwarescore=0 spamscore=0 bulkscore=0 priorityscore=1501 lowpriorityscore=0 phishscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 suspectscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107150102 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Stefan Liebler via Libc-alpha Reply-To: Stefan Liebler Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" On 15/07/2021 15:51, Adhemerval Zanella via Libc-alpha wrote: > > > On 15/07/2021 10:36, Stefan Liebler via Libc-alpha wrote: >> On 14/07/2021 20:11, Adhemerval Zanella via Libc-alpha wrote: >>> >>> >>> On 14/07/2021 13:57, Carlos O'Donell wrote: >>>> On 7/14/21 9:52 AM, Adhemerval Zanella wrote: >>>>> >>>>> >>>>> On 09/07/2021 12:05, Szabolcs Nagy wrote: >>>>>> The 07/09/2021 10:50, Adhemerval Zanella wrote: >>>>>>> Changes from previous version: >>>>>>> >>>>>>> - Fix commit message and add a line about the bug fixes. >>>>>>> - Use atomic operation while setting the slotinfo. >>>>>>> - Use test_verbose on tst-tls20.c. >>>>>>> >>>>>>> --- >>>>>>> >>>>>>> This is updated version of the 572bd547d57a (reverted by 40ebfd016ad2) >>>>>>> that fixes the _dl_next_tls_modid issues. >>>>>>> >>>>>>> This issue with 572bd547d57a patch is the DTV entry will be only >>>>>>> update on dl_open_worker() with the update_tls_slotinfo() call after >>>>>>> all dependencies are being processed by _dl_map_object_deps(). However >>>>>>> _dl_map_object_deps() itself might call _dl_next_tls_modid(), and since >>>>>>> the _dl_tls_dtv_slotinfo_list::map is not yet set the entry will be >>>>>>> wrongly reused. >>>>>>> >>>>>>> This patch fixes by renaming the _dl_next_tls_modid() function to >>>>>>> _dl_assign_tls_modid() and by passing the link_map so it can set >>>>>>> the slotinfo value so a so subsequente _dl_next_tls_modid() call will >>>>>>> see the entry as allocated. >>>>>> >>>>>> this paragraph still has 'so a so subsequente' >>>>>> and i would add the bug number into the first sentence. >>>>> >>>>> Fixed. >>>>> >>>>>> >>>>>>> >>>>>>> The intermediary value is cleared up on remove_slotinfo() for the case >>>>>>> a library fails to load with RTLD_NOW. >>>>>>> >>>>>>> This patch fixes BZ #27135. >>>>>>> >>>>>>> Checked on x86_64-linux-gnu. >>>>>> >>>>>> the patch looks ok to me, with the commit message >>>>>> and the comment issue below fixed. >>>>>> >>>>>> Reviewed-by: Szabolcs Nagy >>>>> >>>>> Carlos, is it for push? >>>> >>>> It's a non-ABI bug fix, so we can push it. Thanks for asking. >>>> >>> >>> And it is in, let's hope it does not brake anything again ;) >>> >> >> Hi Adhemerval, >> >> I'm getting a segfault on s390x in elf/tst-tls20. It is at the end of >> do_test() when the stack-protector-canary is compared. >> >> I'm also getting such an error on x86_64, >> $ /configure --prefix=/usr --enable-stack-protector=strong >> $ make >> $ make subdirs=elf check >> $ make t=elf/tst-tls20 test >> ... >> *** stack smashing detected ***: terminated >> make[2]: Leaving directory 'glibc/elf' >> FAIL: elf/tst-tls20 >> original exit status 1 >> Didn't expect signal from child: got `Aborted' >> >> >> If configuring without --enable-stack-protector=strong, then >> elf/tst-tls20 succeeds. >> >> Can you please have a look? > > Sigh, it is overlook in array access. I reproduced it on x86_64 as well, > this should fix it: > > diff --git a/elf/tst-tls20.c b/elf/tst-tls20.c > index d8d04fe574..831c3336c9 100644 > --- a/elf/tst-tls20.c > +++ b/elf/tst-tls20.c > @@ -226,12 +226,12 @@ do_test_dependency (void) > int mods[nmods]; > /* We use '0' as indication for a gap, to avoid the dlclose on iteration > cleanup. */ > - for (int n = 1; n <= nmods; n++) > + for (int n = 1; n < nmods; n++) > { > load_mod (n); > mods[n] = n; > } > - for (int n = 1; n <= nmods; n++) > + for (int n = 1; n < nmods; n++) > { > if (!is_mod_set (g, n)) > { > @@ -304,12 +304,12 @@ do_test_invalid_dependency (bool bind_now) > int mods[nmods]; > /* We use '0' as indication for a gap, to avoid the dlclose on iteration > cleanup. */ > - for (int n = 1; n <= nmods; n++) > + for (int n = 1; n < nmods; n++) > { > load_mod (n); > mods[n] = n; > } > - for (int n = 1; n <= nmods; n++) > + for (int n = 1; n < nmods; n++) > { > if (!is_mod_set (g, n)) > { > Tested on s390x/s390 with and without --enable-stack-protector=strong. The test elf/tst-tls20 is now passing. Thanks, Stefan