From: Stefani Seibold <stefani@seibold.net>
To: Carlos O'Donell <carlos@redhat.com>,
libc-help@sourceware.org, DJ Delorie <dj@redhat.com>
Subject: Re: glibc 2.26 mtrace broken, missing allocations
Date: Thu, 05 Apr 2018 20:33:00 -0000 [thread overview]
Message-ID: <1522960423.11048.1.camel@seibold.net> (raw)
In-Reply-To: <33298b52-27e5-636b-03e2-799be2b9c0f5@redhat.com>
On Thu, 2018-04-05 at 15:21 -0500, Carlos O'Donell wrote:
> On 04/05/2018 03:01 PM, Stefani Seibold wrote:
> > Hi,
> >
> > when using mtrace i get a report of a reallocation which has an
> > address
> > which was not reported.
> >
> > For example:
> >
> > @ /usr/lib64/libgobject-
> > 2.0.so.0:(g_signal_newv+0x23d)[0x7ffff7eb409d] - 0x5555559344c0
> > @ /usr/lib64/libglib-2.0.so.0:(g_malloc+0x19)[0x7ffff7244039] +
> > 0x555555922d40 0x60
> > @ /usr/lib64/libglib-2.0.so.0:(g_realloc+0x20)[0x7ffff72440f0] <
> > 0x5555558f0ea0
> > @ /usr/lib64/libglib-2.0.so.0:(g_realloc+0x20)[0x7ffff72440f0] >
> > 0x5555558f0ea0 0x10
> > @ /usr/lib64/libglib-2.0.so.0:(g_realloc+0x20)[0x7ffff72440f0] <
> > 0x5555558f0e70
> >
> > The ingoing address 0x5555558f0ea0 for the realloc was not reported
> > by
> > an other alloc.
>
> That's odd.
>
> > The process (gvim -f) is single threaded and it is always the same
> > address without address layout randomization.
>
> OK, so as a single-threaded process it should be perfectly safe to
> use mtrace
> (which is not MT-safe).
>
> > How is this possible? Are there allocation functions which are not
> > traced by mtrace?
>
> I don't have any good answer for you.
>
> The allocation functions all have hooks into the hook functions which
> are used
> by mtrace. They are embedded into the libc.so.6 malloc API functions
> directly
>
> e.g.
>
> 3026 void *
> 3027 __libc_malloc (size_t bytes)
> 3028 {
> 3029 mstate ar_ptr;
> 3030 void *victim;
> 3031
> 3032 void *(*hook) (size_t, const void *)
> 3033 = atomic_forced_read (__malloc_hook);
> 3034 if (__builtin_expect (hook != NULL, 0))
> 3035 return (*hook)(bytes, RETURN_ADDRESS (0));
>
> ...
>
> 3136 void *(*hook) (void *, size_t, const void *) =
> 3137 atomic_forced_read (__realloc_hook);
> 3138 if (__builtin_expect (hook != NULL, 0))
> 3139 return (*hook)(oldmem, bytes, RETURN_ADDRESS (0));
>
> And happen right away and record the result.
>
> You should see *almost* all the results.
>
> In theory the early dynamic loader bootstrap uses dl-minimal.c which
> has micro
> allocator there for early bootstrap before libc.so.6's malloc can be
> called,
> but none of those addresses should ever leak into the post-bootstrap
> for a realloc.
> If such a thing did happen it would be a bug.
>
> You can try running mcheck() and associated functions to enable
> additional checking.
> Likewise mprobe().
>
I just tried mcheck() and mcheck_pedantic(). No difference at all.
> DJ, You've been poking at this area, any thoughts?
>
next prev parent reply other threads:[~2018-04-05 20:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-05 20:02 Stefani Seibold
2018-04-05 20:21 ` Carlos O'Donell
2018-04-05 20:33 ` Stefani Seibold [this message]
2018-04-05 20:52 ` Carlos O'Donell
2018-04-05 21:01 ` DJ Delorie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1522960423.11048.1.camel@seibold.net \
--to=stefani@seibold.net \
--cc=carlos@redhat.com \
--cc=dj@redhat.com \
--cc=libc-help@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).