public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "adhemerval.zanella at linaro dot org" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/28366] Calling name() on a locale object (std::locale) with LD_AUDIT library loaded results in SIGSEGV on aarch64 platforms Date: Thu, 07 Oct 2021 19:03:54 +0000 [thread overview] Message-ID: <bug-28366-131-pChJ7L4eVG@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-28366-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=28366 --- Comment #6 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> --- (In reply to Nathan Nye from comment #5) > I'm sharing the progress I've made so far on this issue. > > It's most likely the same issue Ben Woordard linked > (https://www.sourceware.org/bugzilla/show_bug.cgi?id=26643), but the patch > doesn't cover this case. As Adhemerval Zanella found, when name() gets > called, it tries to read the address at $x8 which was previously overwritten > by the dynamic linker as 0x7f7f7f7f7f7f7f7f in strcmp.S and never restored: > > #0 strcmp () at ../sysdeps/aarch64/strcmp.S:174 > #1 0x0000fffff7fd6140 in check_match > (undef_name=undef_name@entry=0xaaaaaaaa04bd "_ZNKSt6locale4nameB5cxx11Ev", > ref=ref@entry=0xaaaaaaaa03c0, version=version@entry=0xfffff7ff40d0, > flags=flags@entry=1, > type_class=type_class@entry=1, sym=0xfffff7c5ab48, symidx=315, > strtab=strtab@entry=0xfffff7c7c460 "", map=map@entry=0xfffff7ff69c0, > versioned_sym=versioned_sym@entry=0xffffffffeae8, > num_versions=num_versions@entry=0xffffffffeae4) at dl-lookup.c:94 > #2 0x0000fffff7fd65c8 in do_lookup_x > (undef_name=undef_name@entry=0xaaaaaaaa04bd "_ZNKSt6locale4nameB5cxx11Ev", > new_hash=new_hash@entry=718167616, old_hash=old_hash@entry=0xffffffffebb8, > ref=0xaaaaaaaa03c0, result=result@entry=0xffffffffebc8, scope=<optimized > out>, i=1, version=version@entry=0xfffff7ff40d0, flags=flags@entry=1, > skip=<optimized out>, skip@entry=0x0, > type_class=<optimized out>, type_class@entry=1, > undef_map=undef_map@entry=0xfffff7fff200) at dl-lookup.c:436 > #3 0x0000fffff7fd6e10 in _dl_lookup_symbol_x (undef_name=0xaaaaaaaa04bd > "_ZNKSt6locale4nameB5cxx11Ev", undef_map=undef_map@entry=0xfffff7fff200, > ref=ref@entry=0xffffffffecb0, > symbol_scope=0xfffff7fff598, version=0xfffff7ff40d0, > type_class=type_class@entry=1, flags=1, skip_map=skip_map@entry=0x0) at > dl-lookup.c:861 > #4 0x0000fffff7fdb1e0 in _dl_profile_fixup (l=0xfffff7fff200, > reloc_arg=<optimized out>, retaddr=187649984433000, regs=0xffffffffedc0, > framesizep=0xffffffffecf8) at dl-runtime.c:257 > #5 0x0000fffff7fe0fa0 in _dl_runtime_profile () at > ../sysdeps/aarch64/dl-trampoline.S:221 > #6 0x0000aaaaaaaa0b68 in main () > > I'm still searching for what is responsible for restoring $x8 in this > instance. At the same time, I'm exploring a couple fixes for existing > LD_AUDIT libraries that wouldn't require the linker itself to be patched: If you check the patch [1], it extends the La_aarch64_regs to include 'x8', which is saved and restored at _dl_profile_fixup. > > 1. Turning profiling off: la_objsearch gets called, but the rest of the > RTLD_AUDIT interfaces such as la_symbind{32,64} don't get called. (Fail) > > 2. Setting the framesizep (stack frame size) to 0 in > la_aarch64_gnu_pltenter: Neither the test case of this issue nor the simple > one in the linked issue crashes, but this leads to some problems later on. > (Fail) > > It may be resolved through some combination of la_aarch64_gnu_pltenter and > la_aarch64_gnu_pltexit restoring the $x8 register. Could you check if the patchset I posted fixed the issue you are seeing? There is another issue that might interfere with locales usage within audit modules [2] that the patchset also fixed. [1] https://patchwork.sourceware.org/project/glibc/patch/20210730194715.881900-21-adhemerval.zanella@linaro.org/ [2] https://patchwork.sourceware.org/project/glibc/patch/20210730194715.881900-6-adhemerval.zanella@linaro.org/ -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2021-10-07 19:03 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-09-21 21:51 [Bug dynamic-link/28366] New: Calling name() on a locale object (std::locale) with LD_AUDIT library loaded results in SIGSEGV nnye at whitebeamsec dot com 2021-09-22 10:12 ` [Bug dynamic-link/28366] " fweimer at redhat dot com 2021-09-22 20:10 ` nnye at whitebeamsec dot com 2021-09-22 20:13 ` [Bug dynamic-link/28366] Calling name() on a locale object (std::locale) with LD_AUDIT library loaded results in SIGSEGV on aarch64 platforms nnye at whitebeamsec dot com 2021-09-22 20:16 ` nnye at whitebeamsec dot com 2021-10-05 21:24 ` woodard at redhat dot com 2021-10-06 18:29 ` adhemerval.zanella at linaro dot org 2021-10-07 15:40 ` nnye at whitebeamsec dot com 2021-10-07 19:03 ` adhemerval.zanella at linaro dot org [this message] 2021-10-08 1:09 ` nnye at whitebeamsec dot com 2021-10-08 1:11 ` nnye at whitebeamsec dot com 2022-03-25 16:33 ` nsz at gcc dot gnu.org 2022-03-25 16:40 ` nsz at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-28366-131-pChJ7L4eVG@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).