This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/17075] New: Incorrect calculation for dynamic R_ARM_TLS_DESC relocations
- From: "macro at linux-mips dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 19 Jun 2014 22:05:01 +0000
- Subject: [Bug dynamic-link/17075] New: Incorrect calculation for dynamic R_ARM_TLS_DESC relocations
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=17075
Bug ID: 17075
Summary: Incorrect calculation for dynamic R_ARM_TLS_DESC
relocations
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: macro@linux-mips.org
CC: macro@linux-mips.org
Target: arm-linux-gnueabi
Created attachment 7649
--> https://sourceware.org/bugzilla/attachment.cgi?id=7649&action=edit
Thread-Local Storage Descriptors for the ARM platform, Revision 0.3 -
2010-09-28
I've noticed external symbol value calculation made in the dynamic
linker while processing the R_ARM_TLS_DESC reloc in the immediately-bound
case is broken. To figure out the final value of the symbol the
calculation makes use of the descriptor's argument that in this case is
set to the symbol's table index in the symbol table ORed with 0x80000000
and adds it to the actual value of the symbol resolved by the linker.
Such calculated value is then used if the static specialisation is
selected and the typical result is a segfault. This is easily reproduced
by trying any program that has (or whose link-time dependency has)
R_ARM_TLS_DESC relocs against external symbols and running it with
$LD_BIND_NOW set to 1 in the environment.
Such calculation is plain wrong and in the case of an external symbol
the value of the descriptor's argument provided by the static linker can
be simply discarded as it's only needed by the lazy specialisation to
resolve the symbol (that in this case already has been).
For example this code:
int __thread foo;
int
getfoo (void)
{
return foo;
}
if built as a shared library:
$ arm-linux-gnueabi -mtls-dialect=gnu2 -fPIC -o libgetfoo.so libgetfoo.c
and then linked against an executable, e.g.:
int getfoo (void);
int
main (void)
{
return getfoo ();
}
$ arm-linux-gnueabi -mtls-dialect=gnu2 -o getfoo -L. -lgetfoo getfoo.c
will cause the dynamic linker to crash if the executable is run with
$LD_BIND_NOW set to 1. It is important to note the value of the
`-mtls-dialect' GCC option whose default setting, either of `gnu' or
`gnu2', may not necessarily be the right one to produce a TLS descriptor.
As a reference I've attached the most recent version (0.3) of the ARM
TLS descriptor specification, since its original publication site at
codesourcery.com has gone and only an older version (0.2.2) seems
publicly available now.
--
You are receiving this mail because:
You are on the CC list for the bug.