public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS Date: Fri, 22 Dec 2023 17:00:11 +0000 [thread overview] Message-ID: <bug-29039-131-YH4tC3PBBi@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-29039-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=29039 --- Comment #11 from Sourceware Commits <cvs-commit at gcc dot gnu.org> --- The release/2.35/master branch has been updated by Szabolcs Nagy <nsz@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5f08ec08d03930050befec16fcc6264fa00c66fe commit 5f08ec08d03930050befec16fcc6264fa00c66fe Author: Hector Martin <marcan@marcan.st> Date: Tue Nov 28 15:23:07 2023 +0900 elf: Fix TLS modid reuse generation assignment (BZ 29039) _dl_assign_tls_modid() assigns a slotinfo entry for a new module, but does *not* do anything to the generation counter. The first time this happens, the generation is zero and map_generation() returns the current generation to be used during relocation processing. However, if a slotinfo entry is later reused, it will already have a generation assigned. If this generation has fallen behind the current global max generation, then this causes an obsolete generation to be assigned during relocation processing, as map_generation() returns this generation if nonzero. _dl_add_to_slotinfo() eventually resets the generation, but by then it is too late. This causes DTV updates to be skipped, leading to NULL or broken TLS slot pointers and segfaults. Fix this by resetting the generation to zero in _dl_assign_tls_modid(), so it behaves the same as the first time a slot is assigned. _dl_add_to_slotinfo() will still assign the correct static generation later during module load, but relocation processing will no longer use an obsolete generation. Note that slotinfo entry (aka modid) reuse typically happens after a dlclose and only TLS access via dynamic tlsdesc is affected. Because tlsdesc is optimized to use the optional part of static TLS, dynamic tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls tunable to a large enough value, or by LD_PRELOAD-ing the affected modules. Fixes bug 29039. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com> (cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59) -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2023-12-22 17:00 UTC|newest] Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-04-10 5:36 [Bug dynamic-link/29039] New: _dl_tlsdesc_dynamic (sometimes) returns garbage offsets alex_y_xu at yahoo dot ca 2022-04-10 9:46 ` [Bug dynamic-link/29039] " evangelos at foutrelis dot com 2022-04-10 14:34 ` alex_y_xu at yahoo dot ca 2022-04-12 11:27 ` fweimer at redhat dot com 2022-04-12 15:18 ` alex_y_xu at yahoo dot ca 2022-05-17 20:20 ` j at bitron dot ch 2023-11-26 14:16 ` sam at gentoo dot org 2023-11-26 14:17 ` sam at gentoo dot org 2023-11-28 10:12 ` [Bug dynamic-link/29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS fweimer at redhat dot com 2023-11-28 17:29 ` cvs-commit at gcc dot gnu.org 2023-12-20 8:46 ` cvs-commit at gcc dot gnu.org 2023-12-22 14:43 ` sam at gentoo dot org 2023-12-22 14:57 ` dilfridge at gentoo dot org 2023-12-22 16:58 ` cvs-commit at gcc dot gnu.org 2023-12-22 16:58 ` cvs-commit at gcc dot gnu.org 2023-12-22 16:59 ` cvs-commit at gcc dot gnu.org 2023-12-22 16:59 ` cvs-commit at gcc dot gnu.org 2023-12-22 17:00 ` cvs-commit at gcc dot gnu.org [this message] 2023-12-22 17:00 ` cvs-commit at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-29039-131-YH4tC3PBBi@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).