This is the mail archive of the
libc-ports@sources.redhat.com
mailing list for the libc-ports project.
Re: [RFC][PATCH] MIPS - SEGV at do_lookup_x()
- From: "Carlos O'Donell" <carlos at systemhalted dot org>
- To: viju vincent <vijuvince at gmail dot com>
- Cc: libc-ports at sources dot redhat dot com, "Joseph S. Myers" <joseph at codesourcery dot com>
- Date: Wed, 15 Feb 2012 11:52:27 -0500
- Subject: Re: [RFC][PATCH] MIPS - SEGV at do_lookup_x()
- References: <CAAPxa61G6FtmYQWYZL82bs0kAPaJREPRQ2KDhUXVH_yLH-9Nhw@mail.gmail.com>
On Mon, Feb 13, 2012 at 9:45 AM, viju vincent <vijuvince@gmail.com> wrote:
> I noticed SEGV at do_lookup_x(), in case of lazy binding vs dlopen() on MIPS.
> The test senario is,
> ?* Thread A is handling symbol resolution and context switch is happens.
> ?* Thread B starts running and calls dlopen().
> ? ?* Because of dlopen(), rtld internal management data is
> reallocated or extended, and its address got changed.
> ?* Thread A wakes up and continues handling symbol resolution and
> SEGV happens due to accessing of incorrect memory address.
>
> Tested the same on ARM target and no issue found.
> As per the comment present in glibc-ports-2.7/sysdeps/mips/dl-trampoline.c
> In case of ARM and other architectures, _dl_fixup() is called and it
> has thread locking mechanism.
> and for mips __dl_runtime_resolve() is used.
> {{{
> /* Define mips specific runtime resolver. The function __dl_runtime_resolve
> ? is called from assembler function _dl_runtime_resolve which converts
> ? special argument registers t7 ($15) and t8 ($24):
> ? ? t7 ?address to return to the caller of the function
> ? ? t8 ?index for this function symbol in .dynsym
> ? to usual c arguments.
>
> ? Other architectures call fixup from dl-runtime.c in
> ? _dl_runtime_resolve. ?MIPS instead calls __dl_runtime_resolve. ?We
> ? have to use our own version because of the way the got section is
> ? treated on MIPS (we've also got ELF_MACHINE_PLT defined). ?*/
> }}}
>
> From the glibc source investigation, it is observed that there is lock
> present for ARM and other targets.
> and it is (lock mechanism for _dl_fixup()) is committed as,
> ? * http://repo.or.cz/w/glibc.git/commit/df94b6412e0628cd577da0ce5626358a3967ee44?f=elf/dl-runtime.c
>
> For mips, the __dl_runtime_resolve() doesn't have any locking
> mechanism, this cause SEGV at do_lookup_x().
> Added lock and unlock in __dl_runtime_resolve() by referring the lock
> applied to _dl_fixup() in elf/dl-runtime.c
> Attached the patch which fix the SEGV at do_lookup_x().
> This issue is present in glibc 2.7 and 2.14.
I've reviewed the locking in elf/dl-runtime.c and your proposed
changes to the local MIPS routines.
This patch looks good to me and makes sense.
I also double checked that the local MIPS copy of dl-lookup.c is in
sync with elf/dl-lookup.c and thus honours the lock flag.
Could you please file a bugzilla issue and attach the patch to the issue?
Please tag the issue with keyword glibc_2.15 so I can backport this.
Once you've filed an issue can you have Joseph Myers
<joseph@codesourcery.com> review the patch? Joseph is the MIPS ports
maintainer.
Cheers,
Carlos.