Bug 20680 - ifunc resolver cannot access the thread pointer with static linking
Summary: ifunc resolver cannot access the thread pointer with static linking
Status: UNCONFIRMED
Alias: None
Product: glibc
Classification: Unclassified
Component: dynamic-link (show other bugs)
Version: 2.24
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-10 17:19 UTC by Szabolcs Nagy
Modified: 2016-10-11 17:06 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Szabolcs Nagy 2016-10-10 17:19:33 UTC
the thread pointer is not yet initialized when ifunc resolvers are
run with static linking.

this means -fstack-protect-all instrumented resolver crashes with
static linking on targets where the canary is in tcb.
(can affect any tcb offset abi the compiler may use, like the
hwcap/platform on powerpc.)

and any tls access crashes the resolver (accessing errno or using
tls with global dynamic model can crash with dynamic linking too
because they are extern calls, see bug 20673).

it is generally not documented what c code may work before
thread-pointer setup.

compile with -static
$ cat main.c
static int foo1(void) { return 1; }
static int foo2(void) { return 2; }

__thread int x; // or try -fstack-protect-all

static int (*foo_resolver())()
{
	return x ? foo1 : foo2;
}

int foo(void) __attribute__((ifunc("foo_resolver")));

int main()
{
	foo();
}