public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "fweimer at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/28745] New: _dl_find_object miscompilation on powerpc64le Date: Tue, 04 Jan 2022 12:06:09 +0000 [thread overview] Message-ID: <bug-28745-131@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=28745 Bug ID: 28745 Summary: _dl_find_object miscompilation on powerpc64le Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: dynamic-link Assignee: unassigned at sourceware dot org Reporter: fweimer at redhat dot com Target Milestone: --- This part of elf/dl-find_object.c 420 if (obj != NULL) 421 { 422 /* Found the right mapping. Copy out the data prior to 423 checking if the read transaction was successful. */ 424 struct dl_find_object_internal copy = *obj; 425 if (_dlfo_read_success (start_version)) 426 { 427 _dl_find_object_to_external (©, result); 428 return 0; 429 } 430 else 431 /* Read transaction failure. */ 432 goto retry; 433 } gets compiled into: /root/git/elf/dl-find_object.c:420 494: addic. r8,r9,-32 498: beq 404 <__GI__dl_find_object+0xc4> 49c: ld r7,-32(r9) __atomic_wide_counter_load_acquire(): /root/git/elf/../include/atomic_wide_counter.h:36 4a0: ld r9,16(r12) __GI__dl_find_object(): /root/git/elf/dl-find_object.c:424 4a4: ld r6,16(r8) 4a8: ld r8,24(r8) __atomic_wide_counter_load_acquire(): /root/git/elf/../include/atomic_wide_counter.h:36 4ac: lwsync __GI__dl_find_object(): /root/git/elf/dl-find_object.c:425 4b0: cmpld cr7,r5,r9 4b4: bne cr7,3a0 <__GI__dl_find_object+0x60> _dl_find_object_to_external(): /root/git/elf/./dl-find_object.h:51 4b8: li r9,0 /root/git/elf/./dl-find_object.h:52 4bc: std r7,8(r4) /root/git/elf/./dl-find_object.h:53 4c0: std r10,16(r4) __GI__dl_find_object(): /root/git/elf/dl-find_object.c:428 4c4: li r3,0 _dl_find_object_to_external(): /root/git/elf/./dl-find_object.h:54 4c8: std r6,24(r4) /root/git/elf/./dl-find_object.h:55 4cc: std r8,32(r4) /root/git/elf/./dl-find_object.h:51 4d0: std r9,0(r4) __GI__dl_find_object(): /root/git/elf/dl-find_object.c:428 4d4: blr The critical code is at offsets 4a4 and 4a8: This is the defensive copy *within* the software TM region. The copy happens *after* the load of the TM version at offset 4a0. This means that a concurrent write cannot be detected reliably. -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2022-01-04 12:06 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-01-04 12:06 fweimer at redhat dot com [this message] 2022-01-04 12:07 ` [Bug dynamic-link/28745] " fweimer at redhat dot com 2022-01-04 12:11 ` fweimer at redhat dot com 2022-01-04 14:49 ` fweimer at redhat dot com 2022-01-07 12:23 ` fweimer at redhat dot com 2024-02-14 2:48 ` sam at gentoo dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-28745-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).