14955 – __get_cpu_features isn't always usable

Bug 14955 - __get_cpu_features isn't always usable

Summary: __get_cpu_features isn't always usable

Status:	NEW

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	2.17

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-12-13 17:18 UTC by H.J. Lu
Modified:	2014-06-14 05:36 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description H.J. Lu 2012-12-13 17:18:24 UTC

When we tried to use __get_cpu_features in libpthread.so, we
got a crash like this:

[hjl@gnu-hsw-1 ifunc-cpu]$ cat foo.c
enum
  {
    COMMON_CPUID_INDEX_1 = 0,
    COMMON_CPUID_INDEX_80000001,	/* for AMD */
    /* Keep the following line at the end.  */
    COMMON_CPUID_INDEX_MAX
  };

enum
  {
    FEATURE_INDEX_1 = 0,
    /* Keep the following line at the end.  */
    FEATURE_INDEX_MAX
  };

struct cpu_features
{
  enum cpu_features_kind
    {
      arch_kind_unknown = 0,
      arch_kind_intel,
      arch_kind_amd,
      arch_kind_other
    } kind;
  int max_cpuid;
  struct cpuid_registers
  {
    unsigned int eax;
    unsigned int ebx;
    unsigned int ecx;
    unsigned int edx;
  } cpuid[COMMON_CPUID_INDEX_MAX];
  unsigned int family;
  unsigned int model;
  unsigned int feature[FEATURE_INDEX_MAX];
};

extern const struct cpu_features *__get_cpu_features (void);

static int
one (void)
{
  return -30;
}

static int
two (void)
{
  return -40;
}

void * foo_ifunc (void) __asm__ ("foo") __attribute__ ((visibility ("hidden")));
__asm__(".type foo, %gnu_indirect_function");

void * 
foo_ifunc (void)
{
  const struct cpu_features * cpu = __get_cpu_features ();
  return cpu->max_cpuid  > 1 ? two : one;
}

extern int foo (void) __attribute__ ((visibility ("hidden")));
int (*foo_ptr) (void) = foo;
[hjl@gnu-hsw-1 ifunc-cpu]$ cat main.c
#include <stdio.h>

extern int (*foo_ptr) (void);

int main()
{
  foo_ptr ();

  printf ("main: %p\n", foo_ptr);

  return 0;
}
[hjl@gnu-hsw-1 ifunc-cpu]$ make
gcc -g   -c -o main.o main.c
gcc --shared -o libfoo.so foo.c -fPIC -g
gcc -o main main.o libfoo.so -Wl,-rpath,.
./main
make: *** [all] Segmentation fault
[hjl@gnu-hsw-1 ifunc-cpu]$ gdb main
GNU gdb (GDB) 7.5.50.20121203-cvs
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /export/home/hjl/bugs/libc/ifunc-cpu/main...done.
(gdb) r
Starting program: /export/home/hjl/bugs/libc/ifunc-cpu/main 

Program received signal SIGSEGV, Segmentation fault.
0x00000000000005a6 in ?? ()
(gdb) bt
#0  0x00000000000005a6 in ?? ()
#1  0x00007ffff7dfc6f3 in ?? ()
#2  0x00007ffff7dfc2a0 in ?? ()
#3  0x0000000000000006 in ?? ()
#4  0x00007fffffffe070 in ?? ()
#5  0x000000373b80c6d8 in _dl_relocate_object ()
   from /lib64/ld-linux-x86-64.so.2
Backtrace stopped: frame did not save the PC
(gdb)