|
|
548bcb |
commit 40ebfd016ad284872f434bdd76dbe9c708db4d6b
|
|
|
548bcb |
Author: Florian Weimer <fweimer@redhat.com>
|
|
|
548bcb |
Date: Fri Jun 25 08:09:08 2021 +0200
|
|
|
548bcb |
|
|
|
548bcb |
elf: Disable most of TLS modid gaps processing [BZ #27135]
|
|
|
548bcb |
|
|
|
548bcb |
Revert "elf: Fix DTV gap reuse logic [BZ #27135]"
|
|
|
548bcb |
|
|
|
548bcb |
This reverts commit 572bd547d57a39b6cf0ea072545dc4048921f4c3.
|
|
|
548bcb |
|
|
|
548bcb |
It turns out that the _dl_next_tls_modid in _dl_map_object_from_fd keeps
|
|
|
548bcb |
returning the same modid over and over again if there is a gap and
|
|
|
548bcb |
more than TLS-using module is loaded in one dlopen call. This corrupts
|
|
|
548bcb |
TLS data structures. The bug is still present after a revert, but
|
|
|
548bcb |
empirically it is much more difficult to trigger (because it involves a
|
|
|
548bcb |
dlopen failure).
|
|
|
548bcb |
|
|
|
548bcb |
diff --git a/elf/dl-close.c b/elf/dl-close.c
|
|
|
548bcb |
index 41cb6c58491c364b..7d2dc2272cd643f5 100644
|
|
|
548bcb |
--- a/elf/dl-close.c
|
|
|
548bcb |
+++ b/elf/dl-close.c
|
|
|
548bcb |
@@ -88,11 +88,7 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp,
|
|
|
548bcb |
/* If this is not the last currently used entry no need to look
|
|
|
548bcb |
further. */
|
|
|
548bcb |
if (idx != GL(dl_tls_max_dtv_idx))
|
|
|
548bcb |
- {
|
|
|
548bcb |
- /* There is an unused dtv entry in the middle. */
|
|
|
548bcb |
- GL(dl_tls_dtv_gaps) = true;
|
|
|
548bcb |
- return true;
|
|
|
548bcb |
- }
|
|
|
548bcb |
+ return true;
|
|
|
548bcb |
}
|
|
|
548bcb |
|
|
|
548bcb |
while (idx - disp > (disp == 0 ? 1 + GL(dl_tls_static_nelem) : 0))
|
|
|
548bcb |
diff --git a/elf/dl-open.c b/elf/dl-open.c
|
|
|
548bcb |
index 54727402750f4c0c..a67fb3aee40860e1 100644
|
|
|
548bcb |
--- a/elf/dl-open.c
|
|
|
548bcb |
+++ b/elf/dl-open.c
|
|
|
548bcb |
@@ -896,6 +896,16 @@ no more namespaces available for dlmopen()"));
|
|
|
548bcb |
state if relocation failed, for example. */
|
|
|
548bcb |
if (args.map)
|
|
|
548bcb |
{
|
|
|
548bcb |
+ /* Maybe some of the modules which were loaded use TLS.
|
|
|
548bcb |
+ Since it will be removed in the following _dl_close call
|
|
|
548bcb |
+ we have to mark the dtv array as having gaps to fill the
|
|
|
548bcb |
+ holes. This is a pessimistic assumption which won't hurt
|
|
|
548bcb |
+ if not true. There is no need to do this when we are
|
|
|
548bcb |
+ loading the auditing DSOs since TLS has not yet been set
|
|
|
548bcb |
+ up. */
|
|
|
548bcb |
+ if ((mode & __RTLD_AUDIT) == 0)
|
|
|
548bcb |
+ GL(dl_tls_dtv_gaps) = true;
|
|
|
548bcb |
+
|
|
|
548bcb |
_dl_close_worker (args.map, true);
|
|
|
548bcb |
|
|
|
548bcb |
/* All l_nodelete_pending objects should have been deleted
|
|
|
548bcb |
diff --git a/elf/dl-tls.c b/elf/dl-tls.c
|
|
|
548bcb |
index bacb4101e2e2c4e5..801eafad3961573c 100644
|
|
|
548bcb |
--- a/elf/dl-tls.c
|
|
|
548bcb |
+++ b/elf/dl-tls.c
|
|
|
548bcb |
@@ -187,7 +187,10 @@ _dl_next_tls_modid (void)
|
|
|
548bcb |
size_t
|
|
|
548bcb |
_dl_count_modids (void)
|
|
|
548bcb |
{
|
|
|
548bcb |
- /* The count is the max unless dlclose or failed dlopen created gaps. */
|
|
|
548bcb |
+ /* It is rare that we have gaps; see elf/dl-open.c (_dl_open) where
|
|
|
548bcb |
+ we fail to load a module and unload it leaving a gap. If we don't
|
|
|
548bcb |
+ have gaps then the number of modids is the current maximum so
|
|
|
548bcb |
+ return that. */
|
|
|
548bcb |
if (__glibc_likely (!GL(dl_tls_dtv_gaps)))
|
|
|
548bcb |
return GL(dl_tls_max_dtv_idx);
|
|
|
548bcb |
|