public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11
@ 2020-12-02 23:06 hjl.tools at gmail dot com
2020-12-02 23:51 ` [Bug dynamic-link/27004] " hjl.tools at gmail dot com
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: hjl.tools at gmail dot com @ 2020-12-02 23:06 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
Bug ID: 27004
Summary: ld.so is miscompiled by GCC 11
Product: glibc
Version: 2.33
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
Target: x86-64
GCC 11 with
commit d5ac0401eb128bf3dadec943741dfde7c499e49a
Author: Haochen Gui <guihaoc@gcc.gnu.org>
Date: Tue Nov 17 13:52:15 2020 -0600
Relocatable read-only section support for absolute jump table
compiles _dl_lookup_symbol_x into
(gdb) r --direct
Starting program:
/export/build/gnu/tools-build/glibc-gitlab/build-x86_64-linux/sunrpc/tst-getmyaddr
--direct
Program received signal SIGSEGV, Segmentation fault.
_dl_lookup_symbol_x (undef_name=0x7ffff7ff416a "__vdso_clock_gettime",
undef_map=0x7ffff7ffe7b0, ref=0x7fffffffda98, symbol_scope=0x7ffff7ffeb48,
version=0x7fffffffdac0, type_class=0, flags=0, skip_map=0x0)
at dl-lookup.c:929
929 && add_dependency (undef_map, current_value.m, flags) < 0)
(gdb) disass
Dump of assembler code for function _dl_lookup_symbol_x:
0x00007ffff7fdb8c0 <+0>: push %r15
0x00007ffff7fdb8c2 <+2>: push %r14
0x00007ffff7fdb8c4 <+4>: push %r13
0x00007ffff7fdb8c6 <+6>: push %r12
0x00007ffff7fdb8c8 <+8>: mov %rdi,%r12
0x00007ffff7fdb8cb <+11>: push %rbp
0x00007ffff7fdb8cc <+12>: mov %rdx,%rbp
0x00007ffff7fdb8cf <+15>: push %rbx
=> 0x00007ffff7fdb8d0 <+16>: mov %fs:0x10,%rax
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ %fs isn't initialized yet.
0x00007ffff7fdb8d9 <+25>: sub $0xa8,%rsp
0x00007ffff7fdb8e0 <+32>: mov %rsi,0x10(%rsp)
0x00007ffff7fdb8e5 <+37>: mov %rcx,0x20(%rsp)
0x00007ffff7fdb8ea <+42>: mov %r8,0x8(%rsp)
0x00007ffff7fdb8ef <+47>: mov %r9d,0x1c(%rsp)
0x00007ffff7fdb8f4 <+52>: mov %rax,0x30(%rsp)
0x00007ffff7fdb8f9 <+57>: movzbl (%r12),%edx
0x00007ffff7fdb8fe <+62>: test %dl,%dl
0x00007ffff7fdb900 <+64>: je 0x7ffff7fdbb40 <_dl_lookup_symbol_x+640>
0x00007ffff7fdb906 <+70>: mov %r12,%rcx
0x00007ffff7fdb909 <+73>: mov $0x1505,%ebx
0x00007ffff7fdb90e <+78>: xchg %ax,%ax
0x00007ffff7fdb910 <+80>: mov %rbx,%rax
--Type <RET> for more, q to quit, c to continue without paging--q
Quit
(gdb) b main
Breakpoint 1 at 0x4022f0: file ../support/test-driver.c, line 110.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program:
/export/build/gnu/tools-build/glibc-gitlab/build-x86_64-linux/sunrpc/tst-getmyaddr
--direct
Program received signal SIGSEGV, Segmentation fault.
_dl_lookup_symbol_x (undef_name=0x7ffff7ff416a "__vdso_clock_gettime",
undef_map=0x7ffff7ffe7b0, ref=0x7fffffffda98, symbol_scope=0x7ffff7ffeb48,
version=0x7fffffffdac0, type_class=0, flags=0, skip_map=0x0)
at dl-lookup.c:929
929 && add_dependency (undef_map, current_value.m, flags) < 0)
(gdb) bt
#0 _dl_lookup_symbol_x (undef_name=0x7ffff7ff416a "__vdso_clock_gettime",
undef_map=0x7ffff7ffe7b0, ref=0x7fffffffda98, symbol_scope=0x7ffff7ffeb48,
version=0x7fffffffdac0, type_class=0, flags=0, skip_map=0x0)
at dl-lookup.c:929
#1 0x00007ffff7fd400f in dl_vdso_vsym (
name=0x7ffff7ff416a "__vdso_clock_gettime")
at ../sysdeps/unix/sysv/linux/dl-vdso.h:52
#2 setup_vdso_pointers () at ../sysdeps/unix/sysv/linux/dl-vdso-setup.h:30
#3 dl_main (phdr=<optimized out>, phnum=13, user_entry=<optimized out>,
auxv=0x7fffffffdfe8) at rtld.c:1620
#4 0x00007ffff7feac47 in _dl_sysdep_start (
start_argptr=start_argptr@entry=0x7fffffffddf0,
dl_main=dl_main@entry=0x7ffff7fd2eb0 <dl_main>) at ../elf/dl-sysdep.c:252
#5 0x00007ffff7ff1fd5 in _dl_start_final (arg=0x7fffffffddf0) at rtld.c:485
#6 _dl_start (arg=0x7fffffffddf0) at rtld.c:578
#7 0x00007ffff7fd2058 in _start () at rtld.c:12
#8 0x0000000000000002 in ?? ()
#9 0x00007fffffffe145 in ?? ()
#10 0x00007fffffffe198 in ?? ()
#11 0x0000000000000000 in ?? ()
(gdb)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
@ 2020-12-02 23:51 ` hjl.tools at gmail dot com
2020-12-03 3:47 ` carlos at redhat dot com
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: hjl.tools at gmail dot com @ 2020-12-02 23:51 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at ucw dot cz
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
commit 520d5ad337eaa15860a5a964daf7ca46cf31c029
Author: Jan Hubicka <jh@suse.cz>
Date: Sat Nov 14 13:52:36 2020 +0100
Detect EAF flags in ipa-modref
A minimal patch for the EAF flags discovery. It works only in local
ipa-modref
and gives up on cyclic SSA graphs. It improves pt_solution_includes
disambiguations twice.
is the first bad commit.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
2020-12-02 23:51 ` [Bug dynamic-link/27004] " hjl.tools at gmail dot com
@ 2020-12-03 3:47 ` carlos at redhat dot com
2020-12-03 10:16 ` fweimer at redhat dot com
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: carlos at redhat dot com @ 2020-12-03 3:47 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlos at redhat dot com
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=98110
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
2020-12-02 23:51 ` [Bug dynamic-link/27004] " hjl.tools at gmail dot com
2020-12-03 3:47 ` carlos at redhat dot com
@ 2020-12-03 10:16 ` fweimer at redhat dot com
2020-12-03 11:24 ` jakub at redhat dot com
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: fweimer at redhat dot com @ 2020-12-03 10:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (2 preceding siblings ...)
2020-12-03 10:16 ` fweimer at redhat dot com
@ 2020-12-03 11:24 ` jakub at redhat dot com
2020-12-03 12:37 ` hjl.tools at gmail dot com
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jakub at redhat dot com @ 2020-12-03 11:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
Jakub Jelinek <jakub at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at redhat dot com
--- Comment #2 from Jakub Jelinek <jakub at redhat dot com> ---
Only lightly tested fix, i?86 will need similar change (with __seg_gs):
diff --git a/sysdeps/x86_64/nptl/tls.h b/sysdeps/x86_64/nptl/tls.h
index a08bf972de..ccb5f24d92 100644
--- a/sysdeps/x86_64/nptl/tls.h
+++ b/sysdeps/x86_64/nptl/tls.h
@@ -180,11 +180,16 @@ _Static_assert (offsetof (tcbhead_t, __glibc_unused2) ==
0x80,
assignments like
pthread_descr self = thread_self();
do not get optimized away. */
-# define THREAD_SELF \
+# if __GNUC_PREREQ (6, 0)
+# define THREAD_SELF \
+ (*(struct pthread *__seg_fs *) offsetof (struct pthread, header.self))
+# else
+# define THREAD_SELF \
({ struct pthread *__self; \
asm ("mov %%fs:%c1,%0" : "=r" (__self) \
: "i" (offsetof (struct pthread, header.self))); \
__self;})
+# endif
/* Magic for libthread_db to know how to do THREAD_SELF. */
# define DB_THREAD_SELF_INCLUDE <sys/reg.h> /* For the FS constant. */
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (3 preceding siblings ...)
2020-12-03 11:24 ` jakub at redhat dot com
@ 2020-12-03 12:37 ` hjl.tools at gmail dot com
2020-12-03 12:43 ` fweimer at redhat dot com
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: hjl.tools at gmail dot com @ 2020-12-03 12:37 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
--- Comment #3 from H.J. Lu <hjl.tools at gmail dot com> ---
How about this
diff --git a/sysdeps/x86_64/nptl/tls.h b/sysdeps/x86_64/nptl/tls.h
index a08bf972de..4eeab0e7a9 100644
--- a/sysdeps/x86_64/nptl/tls.h
+++ b/sysdeps/x86_64/nptl/tls.h
@@ -180,11 +180,19 @@ _Static_assert (offsetof (tcbhead_t, __glibc_unused2) ==
0x80,
assignments like
pthread_descr self = thread_self();
do not get optimized away. */
-# define THREAD_SELF \
+# if __GNUC_PREREQ (11, 0)
+# define THREAD_SELF \
+ ({ struct pthread *__self; \
+ __self = (struct pthread *) (__builtin_thread_pointer () \
+ + offsetof (struct pthread, header.self)); \
+ __self;})
+# else
+# define THREAD_SELF \
({ struct pthread *__self; \
asm ("mov %%fs:%c1,%0" : "=r" (__self) \
: "i" (offsetof (struct pthread, header.self))); \
__self;})
+# endif
/* Magic for libthread_db to know how to do THREAD_SELF. */
# define DB_THREAD_SELF_INCLUDE <sys/reg.h> /* For the FS constant. */
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (4 preceding siblings ...)
2020-12-03 12:37 ` hjl.tools at gmail dot com
@ 2020-12-03 12:43 ` fweimer at redhat dot com
2020-12-03 12:51 ` jakub at redhat dot com
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: fweimer at redhat dot com @ 2020-12-03 12:43 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
__builtin_thread_pointer is potentially trapping (which is the root of the
problem). Does GCC know about that? It also results in a load followed by an
add, instead of a single load, I think. Using the __segfs or __seggs namespaces
looks preferable to me.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (5 preceding siblings ...)
2020-12-03 12:43 ` fweimer at redhat dot com
@ 2020-12-03 12:51 ` jakub at redhat dot com
2020-12-03 12:51 ` hjl.tools at gmail dot com
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: jakub at redhat dot com @ 2020-12-03 12:51 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
--- Comment #5 from Jakub Jelinek <jakub at redhat dot com> ---
(In reply to Florian Weimer from comment #4)
> __builtin_thread_pointer is potentially trapping (which is the root of the
> problem). Does GCC know about that? It also results in a load followed by an
> add, instead of a single load, I think. Using the __segfs or __seggs
> namespaces looks preferable to me.
GCC makes it const __attribute__((nothrow)), and that is I think ok except in
the dynamic linker.
I don't think
+ __self = (struct pthread *) (__builtin_thread_pointer () \
+ + offsetof (struct pthread, header.self)); \
does what the old code did, which was movq %fs:16, __self
but your version is movq %fs:0, %reg; leaq 16(%reg), __self
That would be *(struct pthread **) (__builtin_thread_pointer () + offsetof
(struct pthread, header.self))
if we optimize that back to just movq %fs:16, __self
But, as it is for x86 GCC 11+ only, isn't it better to use __seg_{f,g}s that
should work already since GCC 6?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (6 preceding siblings ...)
2020-12-03 12:51 ` jakub at redhat dot com
@ 2020-12-03 12:51 ` hjl.tools at gmail dot com
2020-12-03 12:52 ` fweimer at redhat dot com
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: hjl.tools at gmail dot com @ 2020-12-03 12:51 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
--- Comment #6 from H.J. Lu <hjl.tools at gmail dot com> ---
(In reply to Florian Weimer from comment #4)
> __builtin_thread_pointer is potentially trapping (which is the root of the
> problem). Does GCC know about that? It also results in a load followed by an
> add, instead of a single load, I think. Using the __segfs or __seggs
> namespaces looks preferable to me.
OK. Shouldn't all %fs references be replaced by __seg_fs?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (7 preceding siblings ...)
2020-12-03 12:51 ` hjl.tools at gmail dot com
@ 2020-12-03 12:52 ` fweimer at redhat dot com
2020-12-03 12:53 ` fweimer at redhat dot com
2020-12-08 0:46 ` hjl.tools at gmail dot com
10 siblings, 0 replies; 12+ messages in thread
From: fweimer at redhat dot com @ 2020-12-03 12:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Target Milestone|--- |2.33
Status|NEW |RESOLVED
--- Comment #7 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.33 by:
commit 1d9cbb96082e646de7515a1667efa041ffb79958
Author: Jakub Jelinek <jakub@redhat.com>
Date: Thu Dec 3 13:33:44 2020 +0100
x86: Fix THREAD_SELF definition to avoid ld.so crash (bug 27004)
The previous definition of THREAD_SELF did not tell the compiler
that %fs (or %gs) usage is invalid for the !DL_LOOKUP_GSCOPE_LOCK
case in _dl_lookup_symbol_x. As a result, ld.so could try to use the
TCB before it was initialized.
As the comment in tls.h explains, asm volatile is undesirable here.
Using the __seg_fs (or __seg_gs) namespace does not interfere with
optimization, and expresses that THREAD_SELF is potentially trapping.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (8 preceding siblings ...)
2020-12-03 12:52 ` fweimer at redhat dot com
@ 2020-12-03 12:53 ` fweimer at redhat dot com
2020-12-08 0:46 ` hjl.tools at gmail dot com
10 siblings, 0 replies; 12+ messages in thread
From: fweimer at redhat dot com @ 2020-12-03 12:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
--- Comment #8 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to H.J. Lu from comment #6)
> OK. Shouldn't all %fs references be replaced by __seg_fs?
Yes, I see we require GCC 6.2 as a minimum. So the __GLIBC_PREREQ is actually
unnecessary.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Bug dynamic-link/27004] ld.so is miscompiled by GCC 11
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
` (9 preceding siblings ...)
2020-12-03 12:53 ` fweimer at redhat dot com
@ 2020-12-08 0:46 ` hjl.tools at gmail dot com
10 siblings, 0 replies; 12+ messages in thread
From: hjl.tools at gmail dot com @ 2020-12-08 0:46 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27004
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |slyfox at inbox dot ru
--- Comment #9 from H.J. Lu <hjl.tools at gmail dot com> ---
*** Bug 27033 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-12-08 0:46 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-02 23:06 [Bug dynamic-link/27004] New: ld.so is miscompiled by GCC 11 hjl.tools at gmail dot com
2020-12-02 23:51 ` [Bug dynamic-link/27004] " hjl.tools at gmail dot com
2020-12-03 3:47 ` carlos at redhat dot com
2020-12-03 10:16 ` fweimer at redhat dot com
2020-12-03 11:24 ` jakub at redhat dot com
2020-12-03 12:37 ` hjl.tools at gmail dot com
2020-12-03 12:43 ` fweimer at redhat dot com
2020-12-03 12:51 ` jakub at redhat dot com
2020-12-03 12:51 ` hjl.tools at gmail dot com
2020-12-03 12:52 ` fweimer at redhat dot com
2020-12-03 12:53 ` fweimer at redhat dot com
2020-12-08 0:46 ` hjl.tools at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).