From patchwork Thu Mar 5 23:38:35 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandre Oliva X-Patchwork-Id: 446958 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FC8B1400DD for ; Fri, 6 Mar 2015 10:39:15 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass reason="1024-bit key; unprotected key" header.d=sourceware.org header.i=@sourceware.org header.b=av460eUG; dkim-adsp=none (unprotected policy); dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=YuhaG 5Q5yM3uEYsa2IUCBO3BD2cWevRE0+OmvHB2i19fVQnzOZgSFHSkPm2h8Ik3ZRu3I JvWq8ByL1p6PEUEcYwhPt+PDe22f0njGw4ca3/36fuBHGt2qy8R6BGLf8xodZu/f NkzOodlgoJUtI00x6PKFpZTM5K2rd4R/CVthPc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=EMcvGwV3H29 xUf+EX5CiZrLWoVg=; b=av460eUGSoGNWhF4tbY/7/mIRtEpXSsJBNHoSEBa7eY KbJUThTf0AEf470vUNS0vTxUfFSEWkULyVX0EVWjz5p6L9uCYsRLbGQhLvGds92I POO4Ui82QA7FMC1Iwi8RUnifxbVJ+Gg5CGjcJKMiMWSQTnVhKdP+C99PzIz4Tnx0 = Received: (qmail 56786 invoked by alias); 5 Mar 2015 23:39:09 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 56774 invoked by uid 89); 5 Mar 2015 23:39:09 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.9 required=5.0 tests=AWL, BAYES_00, SPF_HELO_PASS, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com From: Alexandre Oliva To: Alan Modra Cc: Roland McGrath , codonell@redhat.com, libc-alpha@sourceware.org Subject: Re: [BZ#17090/17620/17621]: fix DTV race, assert, and DTV_SURPLUS Static TLS limit References: <20141118224048.600312C3B23@topped-with-meat.com> <20141120021703.86F032C3B18@topped-with-meat.com> <20150304050529.GD26435@bubble.grove.modra.org> <20150304110430.GE26435@bubble.grove.modra.org> Date: Thu, 05 Mar 2015 20:38:35 -0300 In-Reply-To: <20150304110430.GE26435@bubble.grove.modra.org> (Alan Modra's message of "Wed, 4 Mar 2015 21:34:30 +1030") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 On Mar 4, 2015, Alan Modra wrote: > On Wed, Mar 04, 2015 at 03:35:29PM +1030, Alan Modra wrote: >> As does nptl/tst-stack4 on x86_64 if tst-stack4mod.so is built with >> -mtls-dialect=gnu2. > This on top of your patch gets me past the segfault in free(). > I now hit another segfault, tst-stack4mod.c:function somehow has > var == NULL. Thanks, here's an incremental patch that fixes the attempt to release the pointer from an entry past the end of the dtv (that you fixed above); that ensures we don't use, in a TLS Descriptor, the generation count of an earlier map that used the same dtv slot (this ensures we update the DTV instead of happily using a NULL pointer in there); and that silences a -Wundef warning in nptl_db, that I had missed when I updated the #ifs for the last-posted version of the patch. I'm now running a full build and test cycle with the combined patch, that I will post once it (hopefully ;-) completes successfully. diff --git a/elf/dl-tls.c b/elf/dl-tls.c index 311cc6d..20c7e33 100644 --- a/elf/dl-tls.c +++ b/elf/dl-tls.c @@ -674,13 +674,17 @@ _dl_update_slotinfo (unsigned long int req_modid) struct link_map *map = listp->slotinfo[cnt].map; if (map == NULL) { - /* If this modid was used at some point the memory - might still be allocated. */ - if (! dtv[total + cnt].pointer.is_static - && dtv[total + cnt].pointer.val != TLS_DTV_UNALLOCATED) - free (dtv[total + cnt].pointer.val); - dtv[total + cnt].pointer.val = TLS_DTV_UNALLOCATED; - dtv[total + cnt].pointer.is_static = false; + if (dtv[-1].counter >= total + cnt) + { + /* If this modid was used at some point the memory + might still be allocated. */ + if (! dtv[total + cnt].pointer.is_static + && (dtv[total + cnt].pointer.val + != TLS_DTV_UNALLOCATED)) + free (dtv[total + cnt].pointer.val); + dtv[total + cnt].pointer.val = TLS_DTV_UNALLOCATED; + dtv[total + cnt].pointer.is_static = false; + } continue; } diff --git a/elf/tlsdeschtab.h b/elf/tlsdeschtab.h index d7e7955..d13b4e5 100644 --- a/elf/tlsdeschtab.h +++ b/elf/tlsdeschtab.h @@ -42,7 +42,7 @@ eq_tlsdesc (void *p, void *q) return tdp->tlsinfo.ti_offset == tdq->tlsinfo.ti_offset; } -inline static int +inline static size_t map_generation (struct link_map *map) { size_t idx = map->l_tls_modid; @@ -58,7 +58,7 @@ map_generation (struct link_map *map) we can assume that, if the generation count is zero, we still haven't determined the generation count for this module. */ - if (listp->slotinfo[idx].gen) + if (listp->slotinfo[idx].map == map && listp->slotinfo[idx].gen) return listp->slotinfo[idx].gen; else break; diff --git a/nptl_db/structs.def b/nptl_db/structs.def index e7b3c6a..0d49a0a 100644 --- a/nptl_db/structs.def +++ b/nptl_db/structs.def @@ -35,7 +35,7 @@ # define DB_RTLD_GLOBAL_FIELD(field) \ DB_STRUCT_FIELD (rtld_global, _##field) \ DB_MAIN_VARIABLE (_##field) -# elif SHARED +# elif defined SHARED # define DB_RTLD_GLOBAL_FIELD(field) \ DB_STRUCT_FIELD (rtld_global, _##field) # else