From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 3C97F3857830; Thu, 31 Dec 2020 14:44:54 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3C97F3857830
From: "nsz at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug dynamic-link/27136] New: dtv setup at thread creation may leave
 an entry uninitialized
Date: Thu, 31 Dec 2020 14:44:54 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: dynamic-link
X-Bugzilla-Version: 2.32
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: nsz at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-27136-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: glibc-bugs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-bugs mailing list <glibc-bugs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-bugs/>
List-Help: <mailto:glibc-bugs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2020 14:44:54 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D27136

            Bug ID: 27136
           Summary: dtv setup at thread creation may leave an entry
                    uninitialized
           Product: glibc
           Version: 2.32
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: nsz at gcc dot gnu.org
  Target Milestone: ---

dtv setup is supposed to fill in all dtv entries
up to the generation count stored in dtv[0].
otherwise tls access can segfault with null ptr
dereference.

under rare circumstances the last module in the
list may be left uninitialized because of a logic
error in _dl_allocate_tls_init. the fix is

-      if (total >=3D GL(dl_tls_max_dtv_idx))
+      if (total > GL(dl_tls_max_dtv_idx))
        break;

the max id is a valid index, so it should be
checked and not skipped.

i think the error happens if 64 modules are
loaded with tls and the last one is loaded
as a dependency of the previous module:
mod63 and mod64 have the same tls generation
count but mod64 is on a new slotinfo node.
in that case the generation of the dtv will
be the same as mod64, but dtv[64] will not be
initialized.

if modids are reused (see bug 27135) then
mod64 can have lower generation than mod63
and can be an independently loaded module
so the issue is easier to hit.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=