[glibc] elf: Fix TLS modid reuse generation assignment (BZ 29039)

public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed

* [glibc] elf: Fix TLS modid reuse generation assignment (BZ 29039)
@ 2023-11-28 17:29 Szabolcs Nagy
  0 siblings, 0 replies; only message in thread
From: Szabolcs Nagy @ 2023-11-28 17:29 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3921c5b40f293c57cb326f58713c924b0662ef59

commit 3921c5b40f293c57cb326f58713c924b0662ef59
Author: Hector Martin <marcan@marcan.st>
Date:   Tue Nov 28 15:23:07 2023 +0900

    elf: Fix TLS modid reuse generation assignment (BZ 29039)
    
    _dl_assign_tls_modid() assigns a slotinfo entry for a new module, but
    does *not* do anything to the generation counter. The first time this
    happens, the generation is zero and map_generation() returns the current
    generation to be used during relocation processing. However, if
    a slotinfo entry is later reused, it will already have a generation
    assigned. If this generation has fallen behind the current global max
    generation, then this causes an obsolete generation to be assigned
    during relocation processing, as map_generation() returns this
    generation if nonzero. _dl_add_to_slotinfo() eventually resets the
    generation, but by then it is too late. This causes DTV updates to be
    skipped, leading to NULL or broken TLS slot pointers and segfaults.
    
    Fix this by resetting the generation to zero in _dl_assign_tls_modid(),
    so it behaves the same as the first time a slot is assigned.
    _dl_add_to_slotinfo() will still assign the correct static generation
    later during module load, but relocation processing will no longer use
    an obsolete generation.
    
    Note that slotinfo entry (aka modid) reuse typically happens after a
    dlclose and only TLS access via dynamic tlsdesc is affected. Because
    tlsdesc is optimized to use the optional part of static TLS, dynamic
    tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls
    tunable to a large enough value, or by LD_PRELOAD-ing the affected
    modules.
    
    Fixes bug 29039.
    
    Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>

Diff:
---
 elf/dl-tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/elf/dl-tls.c b/elf/dl-tls.c
index c192b5a13a..70446e71a8 100644
--- a/elf/dl-tls.c
+++ b/elf/dl-tls.c
@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l)
 	      {
 		/* Mark the entry as used, so any dependency see it.  */
 		atomic_store_relaxed (&runp->slotinfo[result - disp].map, l);
+		atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0);
 		break;
 	      }

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-11-28 17:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-28 17:29 [glibc] elf: Fix TLS modid reuse generation assignment (BZ 29039) Szabolcs Nagy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).