forked from rpms/glibc
		
	Fix thread local storage corruption (#1974970)
This commit is contained in:
		
							parent
							
								
									063fe63eaf
								
							
						
					
					
						commit
						947a02c4ad
					
				
							
								
								
									
										88
									
								
								glibc-revert-dtv-gap-reuse.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										88
									
								
								glibc-revert-dtv-gap-reuse.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,88 @@ | ||||
| See: https://sourceware.org/pipermail/libc-alpha/2021-June/128024.html | ||||
| 
 | ||||
| Until the gap reuse logic is fixed we need to revert the relevant | ||||
| commit. | ||||
| 
 | ||||
| This commit reverts the following commit: | ||||
| 
 | ||||
| commit 572bd547d57a39b6cf0ea072545dc4048921f4c3 | ||||
| Author: Szabolcs Nagy <szabolcs.nagy@arm.com> | ||||
| Date:   Thu Dec 31 13:59:38 2020 +0000 | ||||
| 
 | ||||
|     elf: Fix DTV gap reuse logic [BZ #27135] | ||||
|      | ||||
|     For some reason only dlopen failure caused dtv gaps to be reused. | ||||
|      | ||||
|     It is possible that the intent was to never reuse modids for a | ||||
|     different module, but after dlopen failure all gaps are reused | ||||
|     not just the ones caused by the unfinished dlopened. | ||||
|      | ||||
|     So the code has to handle reused modids already which seems to | ||||
|     work, however the data races at thread creation and tls access | ||||
|     (see bug 19329 and bug 27111) may be more severe if slots are | ||||
|     reused so this is scheduled after those fixes. I think fixing | ||||
|     the races are not simpler if reuse is disallowed and reuse has | ||||
|     other benefits, so set GL(dl_tls_dtv_gaps) whenever entries are | ||||
|     removed from the middle of the slotinfo list. The value does | ||||
|     not have to be correct: incorrect true value causes the next | ||||
|     modid query to do a slotinfo walk, incorrect false will leave | ||||
|     gaps and new entries are added at the end. | ||||
|      | ||||
|     Fixes bug 27135. | ||||
|      | ||||
|     Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org> | ||||
| 
 | ||||
| diff --git a/elf/dl-close.c b/elf/dl-close.c
 | ||||
| index 9f31532f4145cec5..3720e47dd19bc830 100644
 | ||||
| --- a/elf/dl-close.c
 | ||||
| +++ b/elf/dl-close.c
 | ||||
| @@ -88,11 +88,7 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp,
 | ||||
|        /* If this is not the last currently used entry no need to look | ||||
|  	 further.  */ | ||||
|        if (idx != GL(dl_tls_max_dtv_idx)) | ||||
| -	{
 | ||||
| -	  /* There is an unused dtv entry in the middle.  */
 | ||||
| -	  GL(dl_tls_dtv_gaps) = true;
 | ||||
| -	  return true;
 | ||||
| -	}
 | ||||
| +	return true;
 | ||||
|      } | ||||
|   | ||||
|    while (idx - disp > (disp == 0 ? 1 + GL(dl_tls_static_nelem) : 0)) | ||||
| diff --git a/elf/dl-open.c b/elf/dl-open.c
 | ||||
| index d2240d87474e0b85..a066f39bd09131f1 100644
 | ||||
| --- a/elf/dl-open.c
 | ||||
| +++ b/elf/dl-open.c
 | ||||
| @@ -899,6 +899,16 @@ no more namespaces available for dlmopen()"));
 | ||||
|  	 state if relocation failed, for example.  */ | ||||
|        if (args.map) | ||||
|  	{ | ||||
| +	  /* Maybe some of the modules which were loaded use TLS.
 | ||||
| +	     Since it will be removed in the following _dl_close call
 | ||||
| +	     we have to mark the dtv array as having gaps to fill the
 | ||||
| +	     holes.  This is a pessimistic assumption which won't hurt
 | ||||
| +	     if not true.  There is no need to do this when we are
 | ||||
| +	     loading the auditing DSOs since TLS has not yet been set
 | ||||
| +	     up.  */
 | ||||
| +	  if ((mode & __RTLD_AUDIT) == 0)
 | ||||
| +	    GL(dl_tls_dtv_gaps) = true;
 | ||||
| +
 | ||||
|  	  _dl_close_worker (args.map, true); | ||||
|   | ||||
|  	  /* All l_nodelete_pending objects should have been deleted | ||||
| diff --git a/elf/dl-tls.c b/elf/dl-tls.c
 | ||||
| index e531ec5913d61848..2b5161d10ab1b3d9 100644
 | ||||
| --- a/elf/dl-tls.c
 | ||||
| +++ b/elf/dl-tls.c
 | ||||
| @@ -191,7 +191,10 @@ _dl_next_tls_modid (void)
 | ||||
|  size_t | ||||
|  _dl_count_modids (void) | ||||
|  { | ||||
| -  /* The count is the max unless dlclose or failed dlopen created gaps.  */
 | ||||
| +  /* It is rare that we have gaps; see elf/dl-open.c (_dl_open) where
 | ||||
| +     we fail to load a module and unload it leaving a gap.  If we don't
 | ||||
| +     have gaps then the number of modids is the current maximum so
 | ||||
| +     return that.  */
 | ||||
|    if (__glibc_likely (!GL(dl_tls_dtv_gaps))) | ||||
|      return GL(dl_tls_max_dtv_idx); | ||||
|   | ||||
| @ -97,7 +97,7 @@ | ||||
| Summary: The GNU libc libraries | ||||
| Name: glibc | ||||
| Version: %{glibcversion} | ||||
| Release: 24%{?dist} | ||||
| Release: 25%{?dist} | ||||
| 
 | ||||
| # In general, GPLv2+ is used by programs, LGPLv2+ is used for | ||||
| # libraries. | ||||
| @ -179,6 +179,7 @@ Patch35: glibc-nosymlink-2.patch | ||||
| Patch36: glibc-nosymlink-3.patch | ||||
| Patch37: glibc-nosymlink-4.patch | ||||
| Patch38: glibc-libthread_db-dynsym.patch | ||||
| Patch39: glibc-revert-dtv-gap-reuse.patch | ||||
| 
 | ||||
| ############################################################################## | ||||
| # Continued list of core "glibc" package information: | ||||
| @ -2182,6 +2183,9 @@ fi | ||||
| %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared | ||||
| 
 | ||||
| %changelog | ||||
| * Thu Jun 24 2021 Carlos O'Donell <carlos@redhat.com> - 2.33.9000-25 | ||||
| - Fix thread local storage corruption (#1974970) | ||||
| 
 | ||||
| * Tue Jun 22 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.33.9000-24 | ||||
| - Strengthen dependency on glibc-gconv-extra. | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user