[Bug dynamic-link/28366] Calling name() on a locale object (std::locale) with LD_AUDIT library loaded results in SIGSEGV on aarch64 platforms

["adhemerval.zanella at linaro dot org" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=28366

--- Comment #6 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
(In reply to Nathan Nye from comment #5)
> I'm sharing the progress I've made so far on this issue.
> 
> It's most likely the same issue Ben Woordard linked
> (https://www.sourceware.org/bugzilla/show_bug.cgi?id=26643), but the patch
> doesn't cover this case. As Adhemerval Zanella found, when name() gets
> called, it tries to read the address at $x8 which was previously overwritten
> by the dynamic linker as 0x7f7f7f7f7f7f7f7f in strcmp.S and never restored:
> 
> #0  strcmp () at ../sysdeps/aarch64/strcmp.S:174
> #1  0x0000fffff7fd6140 in check_match
> (undef_name=undef_name@entry=0xaaaaaaaa04bd "_ZNKSt6locale4nameB5cxx11Ev",
> ref=ref@entry=0xaaaaaaaa03c0, version=version@entry=0xfffff7ff40d0,
> flags=flags@entry=1, 
>     type_class=type_class@entry=1, sym=0xfffff7c5ab48, symidx=315,
> strtab=strtab@entry=0xfffff7c7c460 "", map=map@entry=0xfffff7ff69c0,
> versioned_sym=versioned_sym@entry=0xffffffffeae8, 
>     num_versions=num_versions@entry=0xffffffffeae4) at dl-lookup.c:94
> #2  0x0000fffff7fd65c8 in do_lookup_x
> (undef_name=undef_name@entry=0xaaaaaaaa04bd "_ZNKSt6locale4nameB5cxx11Ev",
> new_hash=new_hash@entry=718167616, old_hash=old_hash@entry=0xffffffffebb8, 
>     ref=0xaaaaaaaa03c0, result=result@entry=0xffffffffebc8, scope=<optimized
> out>, i=1, version=version@entry=0xfffff7ff40d0, flags=flags@entry=1,
> skip=<optimized out>, skip@entry=0x0, 
>     type_class=<optimized out>, type_class@entry=1,
> undef_map=undef_map@entry=0xfffff7fff200) at dl-lookup.c:436
> #3  0x0000fffff7fd6e10 in _dl_lookup_symbol_x (undef_name=0xaaaaaaaa04bd
> "_ZNKSt6locale4nameB5cxx11Ev", undef_map=undef_map@entry=0xfffff7fff200,
> ref=ref@entry=0xffffffffecb0, 
>     symbol_scope=0xfffff7fff598, version=0xfffff7ff40d0,
> type_class=type_class@entry=1, flags=1, skip_map=skip_map@entry=0x0) at
> dl-lookup.c:861
> #4  0x0000fffff7fdb1e0 in _dl_profile_fixup (l=0xfffff7fff200,
> reloc_arg=<optimized out>, retaddr=187649984433000, regs=0xffffffffedc0,
> framesizep=0xffffffffecf8) at dl-runtime.c:257
> #5  0x0000fffff7fe0fa0 in _dl_runtime_profile () at
> ../sysdeps/aarch64/dl-trampoline.S:221
> #6  0x0000aaaaaaaa0b68 in main ()
> 
> I'm still searching for what is responsible for restoring $x8 in this
> instance. At the same time, I'm exploring a couple fixes for existing
> LD_AUDIT libraries that wouldn't require the linker itself to be patched:

If you check the patch [1], it extends the La_aarch64_regs to include 'x8',
which is saved and restored at _dl_profile_fixup.
> 
> 1. Turning profiling off: la_objsearch gets called, but the rest of the
> RTLD_AUDIT interfaces such as la_symbind{32,64} don't get called. (Fail)
> 
> 2. Setting the framesizep (stack frame size) to 0 in
> la_aarch64_gnu_pltenter: Neither the test case of this issue nor the simple
> one in the linked issue crashes, but this leads to some problems later on.
> (Fail)
> 
> It may be resolved through some combination of la_aarch64_gnu_pltenter and
> la_aarch64_gnu_pltexit restoring the $x8 register.

Could you check if the patchset I posted fixed the issue you are seeing? There
is another issue that might interfere with locales usage within audit
modules [2] that the patchset also fixed.


[1]
https://patchwork.sourceware.org/project/glibc/patch/20210730194715.881900-21-adhemerval.zanella@linaro.org/
[2]
https://patchwork.sourceware.org/project/glibc/patch/20210730194715.881900-6-adhemerval.zanella@linaro.org/

-- 
You are receiving this mail because:
You are on the CC list for the bug.