[Bug nptl/17621] New: DTV update for Static TLS dlopened modules is racy

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "aoliva at sourceware dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug nptl/17621] New: DTV update for Static TLS dlopened modules is racy
Date: Tue, 18 Nov 2014 19:36:00 -0000	[thread overview]
Message-ID: <bug-17621-131@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=17621

            Bug ID: 17621
           Summary: DTV update for Static TLS dlopened modules is racy
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: nptl
          Assignee: aoliva at sourceware dot org
          Reporter: aoliva at sourceware dot org
                CC: drepper.fsp at gmail dot com

When we dlopen a module whose TLS segment is assigned to Static TLS, we not
only initialize every thread's Static TLS area, but also (with nptl) the
corresponding DTV entry.

While nobody could possibly be using the Static TLS range concurrently, it
doesn't ever move, and some synchronization between the dlopened thread and
other threads that use the initialized TLS area is required for the TLS uses to
be well-defined, the DTV entry might be updated concurrently, if its owner
thread finds it was out of date and it held non-Static TLS in earlier
generations, and it might even be resized and moved during update, causing the
initialization performed by the dlopen-running thread to write to memory that
may have already been already copied, losing the update or, worse, that may
have been repurposed, causing memory corruption.

Fortunately, we don't resize DTVs very often, and even if the update is lost,
dlopened modules referenced with IE don't depend on the DTV at all, and
variables accessed with IE tend to be accessed with IE by all their users (most
often, the only user is the defining module itself).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next             reply	other threads:[~2014-11-18 19:36 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-18 19:36 aoliva at sourceware dot org [this message]
2014-11-18 22:35 ` [Bug nptl/17621] " aoliva at sourceware dot org
2014-11-27 22:59 ` david.abdurachmanov at gmail dot com
2015-03-17  4:23 ` cvs-commit at gcc dot gnu.org
2015-03-17  4:36 ` aoliva at sourceware dot org
2015-05-27 14:26 ` schwab@linux-m68k.org
2015-07-24 13:46 ` siddhesh at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-17621-131@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=glibc-bugs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).