This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug dynamic-link/17075] New: Incorrect calculation for dynamic R_ARM_TLS_DESC relocations

From: "macro at linux-mips dot org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Thu, 19 Jun 2014 22:05:01 +0000
Subject: [Bug dynamic-link/17075] New: Incorrect calculation for dynamic R_ARM_TLS_DESC relocations
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=17075

            Bug ID: 17075
           Summary: Incorrect calculation for dynamic R_ARM_TLS_DESC
                    relocations
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: macro@linux-mips.org
                CC: macro@linux-mips.org
            Target: arm-linux-gnueabi

Created attachment 7649
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7649&action=edit
Thread-Local Storage Descriptors for the ARM platform, Revision 0.3 -
2010-09-28

I've noticed external symbol value calculation made in the dynamic
linker while processing the R_ARM_TLS_DESC reloc in the immediately-bound
case is broken.  To figure out the final value of the symbol the
calculation makes use of the descriptor's argument that in this case is
set to the symbol's table index in the symbol table ORed with 0x80000000
and adds it to the actual value of the symbol resolved by the linker.

 Such calculated value is then used if the static specialisation is
selected and the typical result is a segfault.  This is easily reproduced
by trying any program that has (or whose link-time dependency has)
R_ARM_TLS_DESC relocs against external symbols and running it with
$LD_BIND_NOW set to 1 in the environment.

 Such calculation is plain wrong and in the case of an external symbol
the value of the descriptor's argument provided by the static linker can
be simply discarded as it's only needed by the lazy specialisation to
resolve the symbol (that in this case already has been).

 For example this code:

int __thread foo;

int
getfoo (void)
{
  return foo;
}

if built as a shared library:

$ arm-linux-gnueabi -mtls-dialect=gnu2 -fPIC -o libgetfoo.so libgetfoo.c

and then linked against an executable, e.g.:

int getfoo (void);

int
main (void)
{
  return getfoo ();
}

$ arm-linux-gnueabi -mtls-dialect=gnu2 -o getfoo -L. -lgetfoo getfoo.c

will cause the dynamic linker to crash if the executable is run with
$LD_BIND_NOW set to 1.  It is important to note the value of the
`-mtls-dialect' GCC option whose default setting, either of `gnu' or
`gnu2', may not necessarily be the right one to produce a TLS descriptor.

 As a reference I've attached the most recent version (0.3) of the ARM
TLS descriptor specification, since its original publication site at
codesourcery.com has gone and only an older version (0.2.2) seems
publicly available now.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug dynamic-link/17075] Incorrect calculation for dynamic R_ARM_TLS_DESC relocations
  - From: cvs-commit at gcc dot gnu.org
- [Bug dynamic-link/17075] Incorrect calculation for dynamic R_ARM_TLS_DESC relocations
  - From: macro at linux-mips dot org
- [Bug dynamic-link/17075] Incorrect calculation for dynamic R_ARM_TLS_DESC relocations
  - From: fweimer at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]