public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "macro@linux-mips.org" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/17075] New: Incorrect calculation for dynamic R_ARM_TLS_DESC relocations Date: Thu, 19 Jun 2014 22:05:00 -0000 [thread overview] Message-ID: <bug-17075-131@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=17075 Bug ID: 17075 Summary: Incorrect calculation for dynamic R_ARM_TLS_DESC relocations Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: dynamic-link Assignee: unassigned at sourceware dot org Reporter: macro@linux-mips.org CC: macro@linux-mips.org Target: arm-linux-gnueabi Created attachment 7649 --> https://sourceware.org/bugzilla/attachment.cgi?id=7649&action=edit Thread-Local Storage Descriptors for the ARM platform, Revision 0.3 - 2010-09-28 I've noticed external symbol value calculation made in the dynamic linker while processing the R_ARM_TLS_DESC reloc in the immediately-bound case is broken. To figure out the final value of the symbol the calculation makes use of the descriptor's argument that in this case is set to the symbol's table index in the symbol table ORed with 0x80000000 and adds it to the actual value of the symbol resolved by the linker. Such calculated value is then used if the static specialisation is selected and the typical result is a segfault. This is easily reproduced by trying any program that has (or whose link-time dependency has) R_ARM_TLS_DESC relocs against external symbols and running it with $LD_BIND_NOW set to 1 in the environment. Such calculation is plain wrong and in the case of an external symbol the value of the descriptor's argument provided by the static linker can be simply discarded as it's only needed by the lazy specialisation to resolve the symbol (that in this case already has been). For example this code: int __thread foo; int getfoo (void) { return foo; } if built as a shared library: $ arm-linux-gnueabi -mtls-dialect=gnu2 -fPIC -o libgetfoo.so libgetfoo.c and then linked against an executable, e.g.: int getfoo (void); int main (void) { return getfoo (); } $ arm-linux-gnueabi -mtls-dialect=gnu2 -o getfoo -L. -lgetfoo getfoo.c will cause the dynamic linker to crash if the executable is run with $LD_BIND_NOW set to 1. It is important to note the value of the `-mtls-dialect' GCC option whose default setting, either of `gnu' or `gnu2', may not necessarily be the right one to produce a TLS descriptor. As a reference I've attached the most recent version (0.3) of the ARM TLS descriptor specification, since its original publication site at codesourcery.com has gone and only an older version (0.2.2) seems publicly available now. -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2014-06-19 22:05 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2014-06-19 22:05 macro@linux-mips.org [this message] 2014-06-20 19:26 ` [Bug dynamic-link/17075] " cvs-commit at gcc dot gnu.org 2014-06-20 19:31 ` macro@linux-mips.org 2014-06-24 7:39 ` fweimer at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-17075-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).