[Bug nptl/17621] New: DTV update for Static TLS dlopened modules is racy

[Bug nptl/17621] New: DTV update for Static TLS dlopened modules is racy

[aoliva at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17621

            Bug ID: 17621
           Summary: DTV update for Static TLS dlopened modules is racy
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: nptl
          Assignee: aoliva at sourceware dot org
          Reporter: aoliva at sourceware dot org
                CC: drepper.fsp at gmail dot com

When we dlopen a module whose TLS segment is assigned to Static TLS, we not
only initialize every thread's Static TLS area, but also (with nptl) the
corresponding DTV entry.

While nobody could possibly be using the Static TLS range concurrently, it
doesn't ever move, and some synchronization between the dlopened thread and
other threads that use the initialized TLS area is required for the TLS uses to
be well-defined, the DTV entry might be updated concurrently, if its owner
thread finds it was out of date and it held non-Static TLS in earlier
generations, and it might even be resized and moved during update, causing the
initialization performed by the dlopen-running thread to write to memory that
may have already been already copied, losing the update or, worse, that may
have been repurposed, causing memory corruption.

Fortunately, we don't resize DTVs very often, and even if the update is lost,
dlopened modules referenced with IE don't depend on the DTV at all, and
variables accessed with IE tend to be accessed with IE by all their users (most
often, the only user is the defining module itself).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug nptl/17621] DTV update for Static TLS dlopened modules is racy

[aoliva at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17621

Alexandre Oliva <aoliva at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Alexandre Oliva <aoliva at sourceware dot org> ---
Mine.  Patch posted to glibc-alpha.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug nptl/17621] DTV update for Static TLS dlopened modules is racy

[david.abdurachmanov at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17621

David Abdurachmanov <david.abdurachmanov at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |david.abdurachmanov at gmail dot c
                   |                            |om

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug nptl/17621] DTV update for Static TLS dlopened modules is racy

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17621

--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  f8aeae347377f3dfa8cbadde057adf1827fb1d44 (commit)
      from  b97eb2bdb1ed72982a7821c3078be591051cef59 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f8aeae347377f3dfa8cbadde057adf1827fb1d44

commit f8aeae347377f3dfa8cbadde057adf1827fb1d44
Author: Alexandre Oliva <aoliva@redhat.com>
Date:   Tue Mar 17 01:14:11 2015 -0300

    Fix DTV race, assert, DTV_SURPLUS Static TLS limit, and nptl_db garbage

    for  ChangeLog

        [BZ #17090]
        [BZ #17620]
        [BZ #17621]
        [BZ #17628]
        * NEWS: Update.
        * elf/dl-tls.c (_dl_update_slotinfo): Clean up outdated DTV
        entries with Static TLS too.  Skip entries past the end of the
        allocated DTV, from Alan Modra.
        (tls_get_addr_tail): Update to glibc_likely/unlikely.  Move
        Static TLS DTV entry set up from...
         (_dl_allocate_tls_init): ... here (fix modid assertion), ...
        * elf/dl-reloc.c (_dl_nothread_init_static_tls): ... here...
        * nptl/allocatestack.c (init_one_static_tls): ... and here...
        * elf/dlopen.c (dl_open_worker): Drop l_tls_modid upper bound
        for Static TLS.
        * elf/tlsdeschtab.h (map_generation): Return size_t.  Check
        that the slot we find is associated with the given map before
        using its generation count.
        * nptl_db/db_info.c: Include ldsodefs.h.
        (rtld_global, dtv_slotinfo_list, dtv_slotinfo): New typedefs.
        * nptl_db/structs.def (DB_RTLD_VARIABLE): New macro.
        (DB_MAIN_VARIABLE, DB_RTLD_GLOBAL_FIELD): Likewise.
        (link_map::l_tls_offset): New struct field.
        (dtv_t::counter): Likewise.
        (rtld_global): New struct.
        (_rtld_global): New rtld variable.
        (dl_tls_dtv_slotinfo_list): New rtld global field.
        (dtv_slotinfo_list): New struct.
        (dtv_slotinfo): Likewise.
        * nptl_db/td_symbol_list.c: Drop gnu/lib-names.h include.
        (td_lookup): Rename to...
        (td_mod_lookup): ... this.  Use new mod parameter instead of
        LIBPTHREAD_SO.
        * nptl_db/td_thr_tlsbase.c: Include link.h.
        (dtv_slotinfo_list, dtv_slotinfo): New functions.
        (td_thr_tlsbase): Check DTV generation.  Compute Static TLS
        addresses even if the DTV is out of date or missing them.
        * nptl_db/fetch-value.c (_td_locate_field): Do not refuse to
        index zero-length arrays.
        * nptl_db/thread_dbP.h: Include gnu/lib-names.h.
        (td_lookup): Make it a macro implemented in terms of...
        (td_mod_lookup): ... this declaration.
        * nptl_db/db-symbols.awk (DB_RTLD_VARIABLE): Override.
        (DB_MAIN_VARIABLE): Likewise.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |   47 +++++++++++++
 NEWS                     |   11 ++--
 elf/dl-open.c            |   12 +---
 elf/dl-reloc.c           |    6 --
 elf/dl-tls.c             |   63 +++++++++--------
 elf/tlsdeschtab.h        |    4 +-
 nptl/allocatestack.c     |    9 +--
 nptl_db/db-symbols.awk   |    2 +
 nptl_db/db_info.c        |    4 +
 nptl_db/fetch-value.c    |    3 +-
 nptl_db/structs.def      |   39 +++++++++++
 nptl_db/td_symbol_list.c |    7 +-
 nptl_db/td_thr_tlsbase.c |  172 +++++++++++++++++++++++++++++++++++++++++++++-
 nptl_db/thread_dbP.h     |   11 ++--
 14 files changed, 317 insertions(+), 73 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug nptl/17621] DTV update for Static TLS dlopened modules is racy

[aoliva at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17621

Alexandre Oliva <aoliva at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Alexandre Oliva <aoliva at sourceware dot org> ---
Fixed

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug nptl/17621] DTV update for Static TLS dlopened modules is racy

[schwab@linux-m68k.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17621

Andreas Schwab <schwab@linux-m68k.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|                            |18457


Referenced Bugs:

https://sourceware.org/bugzilla/show_bug.cgi?id=18457
[Bug 18457] pthread_join deadlock in library destructor
-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug nptl/17621] DTV update for Static TLS dlopened modules is racy

[siddhesh at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17621
Bug 17621 depends on bug 18457, which changed state.

Bug 18457 Summary: pthread_join deadlock in library destructor
https://sourceware.org/bugzilla/show_bug.cgi?id=18457

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

-- 
You are receiving this mail because:
You are on the CC list for the bug.