This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

preallocated static tls block too small for a dlopened file

From: Mathieu Lacage <mathieu dot lacage at gmail dot com>
To: libc-help at sourceware dot org
Date: Thu, 23 Jul 2009 12:57:58 +0200
Subject: preallocated static tls block too small for a dlopened file

hi,

configuration:

[mathieu@mathieu-laptop test]$ gcc -dumpmachine
x86_64-redhat-linux
[mathieu@mathieu-laptop test]$ gcc --version
gcc (GCC) 4.4.0 20090506 (Red Hat 4.4.0-4)
[mathieu@mathieu-laptop test]$ uname -a
Linux mathieu-laptop 2.6.29.5-191.fc11.x86_64 #1 SMP Tue Jun 16
23:23:21 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
[mathieu@mathieu-laptop test]$ rpm -qa |grep glibc
glibc-2.10.1-2.x86_64

testcase:

cat > dlopen.c
#include <dlfcn.h>
#include <stdio.h>

__thread int g_main_exec = -1;

int main (int argc, char *argv[])
{
  void *handle = dlopen (argv[1], RTLD_LAZY);
  if (handle == 0)
    {
      printf ("error=\"%s\"", dlerror ());
    }
  void *symbol = dlsym (handle, "main");
  int (*main_fn) (int,char **) = (int (*) (int,char **))symbol;
  main_fn (argc, argv);
  return 0;
}

cat > test.c
#include <stdio.h>

__attribute__((tls_model("initial-exec"))) __thread char g_a[1665];

int main (int argc, char *argv[])
{
  printf ("g_a=%d\n", (int)g_a[0]);
  return 0;
}

gcc -fpie -pie -o test test.c
gcc -ldl -o dlopen dlopen.c
./dlopen ./test

The test binary is correctly generated with the DF_STATIC_TLS flag:
[mathieu@mathieu-laptop test]$ readelf -d ./test|grep STATIC
 0x000000000000001e (FLAGS)              STATIC_TLS

But the dynamic linker/loader appears unable to detect that the size
of the TLS block requested by this dlopened file is way too big to fit
in the preallocated static tls block area. Hence, at some point, if
you make the __thread byte array big enough, you are going to attempt
to read a memory location which does not belong to the preallocated
tls block area (the 1665 above is the minimum value I found which
could segfault this code. I guess other systems will need different
values).

To summarize, this appears to be a bug in the dynamic loader which
does not properly detect during dlopen that the tls static area of the
new module is too big to fit in the spare space of the preallocated
tls block area and does not return an early error and instead
segfaults later. Am I wrong ? If not, should I report this bug
somewhere ?

Mathieu
-- 
Mathieu Lacage <mathieu.lacage@gmail.com>

Follow-Ups:
- Re: preallocated static tls block too small for a dlopened file
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]