This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/23690] Segfault in _dl_profile_fixup with a high number of threads
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 07 Dec 2018 14:35:13 +0000
- Subject: [Bug dynamic-link/23690] Segfault in _dl_profile_fixup with a high number of threads
- Auto-submitted: auto-generated
- References: <bug-23690-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=23690
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.28/master has been updated
via 8c89e6b02d95cb4c0155eb3efc18fbd9c0f4582f (commit)
from b8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8c89e6b02d95cb4c0155eb3efc18fbd9c0f4582f
commit 8c89e6b02d95cb4c0155eb3efc18fbd9c0f4582f
Author: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Date: Fri Nov 30 18:05:32 2018 -0200
Fix _dl_profile_fixup data-dependency issue (Bug 23690)
There is a data-dependency between the fields of struct l_reloc_result
and the field used as the initialization guard. Users of the guard
expect writes to the structure to be observable when they also observe
the guard initialized. The solution for this problem is to use an acquire
and release load and store to ensure previous writes to the structure are
observable if the guard is initialized.
The previous implementation used DL_FIXUP_VALUE_ADDR (l_reloc_result->addr)
as the initialization guard, making it impossible for some architectures
to load and store it atomically, i.e. hppa and ia64, due to its larger
size.
This commit adds an unsigned int to l_reloc_result to be used as the new
initialization guard of the struct, making it possible to load and store
it atomically in all architectures. The fix ensures that the values
observed in l_reloc_result are consistent and do not lead to crashes.
The algorithm is documented in the code in elf/dl-runtime.c
(_dl_profile_fixup). Not all data races have been eliminated.
Tested with build-many-glibcs and on powerpc, powerpc64, and powerpc64le.
[BZ #23690]
* elf/dl-runtime.c (_dl_profile_fixup): Guarantee memory
modification order when accessing reloc_result->addr.
* include/link.h (reloc_result): Add field init.
* nptl/Makefile (tests): Add tst-audit-threads.
(modules-names): Add tst-audit-threads-mod1 and
tst-audit-threads-mod2.
Add rules to build tst-audit-threads.
* nptl/tst-audit-threads-mod1.c: New file.
* nptl/tst-audit-threads-mod2.c: Likewise.
* nptl/tst-audit-threads.c: Likewise.
* nptl/tst-audit-threads.h: Likewise.
Signed-off-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit e5d262effe3a87164308a3f37e61b32d0348692a)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 15 ++++++
elf/dl-runtime.c | 48 ++++++++++++++++++--
include/link.h | 4 ++
nptl/Makefile | 14 +++++-
nptl/tst-audit-threads-mod1.c | 74 +++++++++++++++++++++++++++++++
nptl/tst-audit-threads-mod2.c | 22 +++++++++
nptl/tst-audit-threads.c | 97 +++++++++++++++++++++++++++++++++++++++++
nptl/tst-audit-threads.h | 92 ++++++++++++++++++++++++++++++++++++++
8 files changed, 359 insertions(+), 7 deletions(-)
create mode 100644 nptl/tst-audit-threads-mod1.c
create mode 100644 nptl/tst-audit-threads-mod2.c
create mode 100644 nptl/tst-audit-threads.c
create mode 100644 nptl/tst-audit-threads.h
--
You are receiving this mail because:
You are on the CC list for the bug.