public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "danglin at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/29165] New: [Regression] broken argv adjustment
Date: Sat, 21 May 2022 16:00:46 +0000 [thread overview]
Message-ID: <bug-29165-131@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=29165
Bug ID: 29165
Summary: [Regression] broken argv adjustment
Product: glibc
Version: 2.36
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: danglin at gcc dot gnu.org
CC: adhemerval.zanella at linaro dot org, drepper.fsp at gmail dot com
Target Milestone: ---
Host: hppa*-*-linux*
Target: hppa*-*-linux*
Build: hppa*-*-linux*
Make check fails with many segmentation faults. For example,
dave@atlas:~/gnu/glibc/objdir$ make test t=csu/test-as-const-rtld-sizes
make -r PARALLELMFLAGS="" -C ../glibc objdir=`pwd` test
make[1]: Entering directory '/home/dave/gnu/glibc/glibc'
make subdir=csu -C csu/ ..=../
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.out
make[2]: Entering directory '/home/dave/gnu/glibc/glibc/csu'
(gawk '{ sub(/^/, "asconst_", $2); print; }'
/home/dave/gnu/glibc/objdir/rtld-sizes.h; \
python3 -B ../scripts/gen-as-const.py --test rtld-sizes.sym) >
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.cT
mv -f /home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.cT
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.c
gcc /home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.c -c -std=gnu11
-fgnu89-inline -g -O2 -Wall -Wwrite-strings -Wundef -Werror
-fmerge-all-constants -frounding-math -fno-stack-protector -fno-common
-Wstrict-prototypes -Wold-style-definition -fmath-errno -fno-pie
-I../include -I/home/dave/gnu/glibc/objdir/csu -I/home/dave/gnu/glibc/objdir
-I../sysdeps/unix/sysv/linux/hppa -I../sysdeps/hppa/nptl
-I../sysdeps/unix/sysv/linux/include -I../sysdeps/unix/sysv/linux
-I../sysdeps/nptl -I../sysdeps/pthread -I../sysdeps/gnu
-I../sysdeps/unix/inet -I../sysdeps/unix/sysv -I../sysdeps/unix
-I../sysdeps/posix -I../sysdeps/hppa/hppa1.1 -I../sysdeps/wordsize-32
-I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/hppa/fpu
-I../sysdeps/hppa -I../sysdeps/ieee754 -I../sysdeps/generic -I.. -I../libio
-I. -nostdinc -isystem /usr/lib/gcc/hppa-linux-gnu/11/include -isystem
/usr/include -D_LIBC_REENTRANT -include
/home/dave/gnu/glibc/objdir/libc-modules.h -DMODULE_NAME=testsuite_internal
-include ../include/libc-symbols.h -DTOP_NAMESPACE=glibc -o
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.o -MD -MP -MF
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.o.dt -MT
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.o
gcc -o /home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes -nostdlib
-nostartfiles -Wl,-z,relro /home/dave/gnu/glibc/objdir/csu/crt1.o
/home/dave/gnu/glibc/objdir/csu/crti.o `gcc --print-file-name=crtbegin.o`
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.o
/home/dave/gnu/glibc/objdir/support/libsupport_nonshared.a
-Wl,-dynamic-linker=/lib/ld.so.1
-Wl,-rpath-link=/home/dave/gnu/glibc/objdir:/home/dave/gnu/glibc/objdir/math:/home/dave/gnu/glibc/objdir/elf:/home/dave/gnu/glibc/objdir/dlfcn:/home/dave/gnu/glibc/objdir/nss:/home/dave/gnu/glibc/objdir/nis:/home/dave/gnu/glibc/objdir/rt:/home/dave/gnu/glibc/objdir/resolv:/home/dave/gnu/glibc/objdir/mathvec:/home/dave/gnu/glibc/objdir/support:/home/dave/gnu/glibc/objdir/crypt:/home/dave/gnu/glibc/objdir/nptl
-lgcc -Wl,--as-needed -lgcc_s -Wl,--no-as-needed
/home/dave/gnu/glibc/objdir/libc.so.6
/home/dave/gnu/glibc/objdir/libc_nonshared.a -Wl,--as-needed
/home/dave/gnu/glibc/objdir/elf/ld.so -Wl,--no-as-needed -lgcc -Wl,--as-needed
-lgcc_s -Wl,--no-as-needed `gcc --print-file-name=crtend.o`
/home/dave/gnu/glibc/objdir/csu/crtn.o
env GCONV_PATH=/home/dave/gnu/glibc/objdir/iconvdata
LOCPATH=/home/dave/gnu/glibc/objdir/localedata LC_ALL=C
/home/dave/gnu/glibc/objdir/elf/ld.so.1 --library-path
/home/dave/gnu/glibc/objdir:/home/dave/gnu/glibc/objdir/math:/home/dave/gnu/glibc/objdir/elf:/home/dave/gnu/glibc/objdir/dlfcn:/home/dave/gnu/glibc/objdir/nss:/home/dave/gnu/glibc/objdir/nis:/home/dave/gnu/glibc/objdir/rt:/home/dave/gnu/glibc/objdir/resolv:/home/dave/gnu/glibc/objdir/mathvec:/home/dave/gnu/glibc/objdir/support:/home/dave/gnu/glibc/objdir/crypt:/home/dave/gnu/glibc/objdir/nptl
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes >
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.out; \
../scripts/evaluate-test.sh csu/test-as-const-rtld-sizes $? false false >
/home/dave/gnu/glibc/objdir/csu/test-as-const-rtld-sizes.test-result
Segmentation fault (core dumped)
make[2]: Leaving directory '/home/dave/gnu/glibc/glibc/csu'
FAIL: csu/test-as-const-rtld-sizes
original exit status 139
make[1]: Leaving directory '/home/dave/gnu/glibc/glibc'
Core was generated by `/home/dave/gnu/glibc/objdir/elf/ld.so.1 --library-path
/home/dave/gnu/glibc/obj'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0xf7478b6c in _getopt_internal_r (argc=4, argv=0xf8616024,
optstring=0x14ae9 "", longopts=0x16ec8, longind=<optimized out>,
long_only=<optimized out>, d=<optimized out>,
--Type <RET> for more, q to quit, c to continue without paging--
posixly_correct=<optimized out>) at getopt.c:527
527 if (d->optind != argc && !strcmp (argv[d->optind], "--"))
(gdb) disass $pc-16,$pc+16
Dump of assembler code from 0xf7478b5c to 0xf7478b7c:
0xf7478b5c <_getopt_internal_r+300>: cmpiclr,<> 1,r15,r0
0xf7478b60 <_getopt_internal_r+304>: b,l,n 0xf7478cb4
<_getopt_internal_r+644>,r0
0xf7478b64 <_getopt_internal_r+308>: cmpb,=,n r3,r6,0xf7478d28
<_getopt_internal_r+760>
0xf7478b68 <_getopt_internal_r+312>: ldw,s r3(r7),r11
=> 0xf7478b6c <_getopt_internal_r+316>: ldb 0(r11),ret0
0xf7478b70 <_getopt_internal_r+320>: ldo -2d(ret0),ret0
0xf7478b74 <_getopt_internal_r+324>: cmpib,<>,n 0,ret0,0xf7478d40
<_getopt_internal_r+784>
0xf7478b78 <_getopt_internal_r+328>: ldb 1(r11),ret0
End of assembler dump.
(gdb) p/x $r11
$1 = 0x0
(gdb) p/x $r3
$2 = 0x1
(gdb) p/x $r7
$3 = 0xf8616024
This was introduced by the following change:
dave@atlas:~/gnu/glibc/glibc$ git bisect bad
ad43cac44a6860eaefcadadfb2acb349921e96bf is the first bad commit
commit ad43cac44a6860eaefcadadfb2acb349921e96bf
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Fri Jun 15 16:14:58 2018 +0100
rtld: Use generic argv adjustment in ld.so [BZ #23293]
When an executable is invoked as
./ld.so [ld.so-args] ./exe [exe-args]
then the argv is adujusted in ld.so before calling the entry point of
the executable so ld.so args are not visible to it. On most targets
this requires moving argv, env and auxv on the stack to ensure correct
stack alignment at the entry point. This had several issues:
- The code for this adjustment on the stack is written in asm as part
of the target specific ld.so _start code which is hard to maintain.
- The adjustment is done after _dl_start returns, where it's too late
to update GLRO(dl_auxv), as it is already readonly, so it points to
memory that was clobbered by the adjustment. This is bug 23293.
- _environ is also wrong in ld.so after the adjustment, but it is
likely not used after _dl_start returns so this is not user visible.
- _dl_argv was updated, but for this it was moved out of relro, which
changes security properties across targets unnecessarily.
This patch introduces a generic _dl_start_args_adjust function that
handles the argument adjustments after ld.so processed its own args
and before relro protection is applied.
The same algorithm is used on all targets, _dl_skip_args is now 0, so
existing target specific adjustment code is no longer used. The bug
affects aarch64, alpha, arc, arm, csky, ia64, nios2, s390-32 and sparc,
other targets don't need the change in principle, only for consistency.
The GNU Hurd start code relied on _dl_skip_args after dl_main returned,
now it checks directly if args were adjusted and fixes the Hurd startup
data accordingly.
Follow up patches can remove _dl_skip_args and DL_ARGV_NOT_RELRO.
Tested on aarch64-linux-gnu and cross tested on i686-gnu.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
elf/rtld.c | 73 +++++++++++++++++++++++++++++++++++--------
sysdeps/mach/hurd/dl-sysdep.c | 30 ++++++++----------
2 files changed, 73 insertions(+), 30 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2022-05-21 16:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-21 16:00 danglin at gcc dot gnu.org [this message]
2022-05-24 20:26 ` [Bug libc/29165] " adhemerval.zanella at linaro dot org
2022-05-24 21:01 ` dave.anglin at bell dot net
2022-05-25 11:57 ` adhemerval.zanella at linaro dot org
2022-05-25 12:27 ` dave.anglin at bell dot net
2022-05-25 12:41 ` adhemerval.zanella at linaro dot org
2022-05-25 13:02 ` dave.anglin at bell dot net
2022-05-25 13:27 ` adhemerval.zanella at linaro dot org
2022-05-25 13:59 ` adhemerval.zanella at linaro dot org
2022-05-30 20:50 ` adhemerval.zanella at linaro dot org
2022-06-10 2:52 ` sam at gentoo dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-29165-131@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).