From patchwork Tue Nov 28 06:23:07 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hector Martin <marcan@marcan.st>
X-Patchwork-Id: 80866
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 1DF733858033
	for <patchwork@sourceware.org>; Tue, 28 Nov 2023 06:23:30 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail.marcansoft.com (marcansoft.com [212.63.210.85])
 by sourceware.org (Postfix) with ESMTPS id 1EB623858C39
 for <libc-alpha@sourceware.org>; Tue, 28 Nov 2023 06:23:16 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1EB623858C39
Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none)
 header.from=marcan.st
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=marcan.st
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 1EB623858C39
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=212.63.210.85
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701152598; cv=none;
 b=o8ZcaM0naRIjpp7uwEFJCQRXWdCtBSH1zsUMMZg79OrXg2j+hetT6/Y8LnIvPbLWPxigVVeJQB41m2aS81kuUxXI4+0EzY0vVncmoc2jDkl73f++YSYC7j26dR8yDvcORdPrE9bPi/F2jwY9R8GSjf7yzn9ck0kguTbAykzQ0d0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1701152598; c=relaxed/simple;
 bh=5D6b456xHdOlym7g1LI0psybx3K/SjHNgVvxQhxAvJg=;
 h=DKIM-Signature:From:Date:Subject:MIME-Version:Message-Id:To;
 b=Gi10Amzwmg6t0x6M9hL4nFNWcK/x6bxrVct6JNnJM73EiLhgJdgs8Lq9sgHRPz2tKSAxEm2m2eno1CUOU0jNY7+nSMcTPA/1g8ytbQv3GDdo38oOgbm8jIUwHYFrRlyE6j7XJIKULnizgVbIUHJXdB1QuQW6QXfaM/v1ccQBHAk=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 (Authenticated sender: sendonly@marcansoft.com)
 by mail.marcansoft.com (Postfix) with ESMTPSA id 3E25E42527
 for <libc-alpha@sourceware.org>; Tue, 28 Nov 2023 06:23:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=marcan.st; s=default;
 t=1701152593; bh=5D6b456xHdOlym7g1LI0psybx3K/SjHNgVvxQhxAvJg=;
 h=From:Date:Subject:To;
 b=co/DEWTv+IgCjcxYadHp+Pm2mihm+sC7GFtX3Tct8/FNp9L0fxrckdaL6qIT5Qki3
 4afaj+YbUEg0Hq2ork//tRy3gYBDW7IqFTFYEbLgL9TQ98E1A8wcbKc2CQJO9ZG9rB
 Pg/Ug2EQ3ssWDWq+OdQV90wT2S5N2XIBvM4Ms0JhHQbqlKI41lDS3g/JAf5E9+AWXu
 WjhhPpgvTO3gfJ9p/UBGQdMMCl+msc6fvko5SpbgpbpqlLhjc1b4p8xpSMNtyQdvuE
 cP3gPfwx9rsipR9GgvDMRQWxhEZEynKz3d+ICWVITjR6bDQGQKAB0FoJ8rmoBae7j2
 3ZMkFWleYfmjw==
From: Hector Martin <marcan@marcan.st>
Date: Tue, 28 Nov 2023 15:23:07 +0900
Subject: [PATCH] elf: Fix TLS modid reuse generation assignment
MIME-Version: 1.0
Message-Id: <20231128-tls-modid-reuse-v1-1-431c73f37fc7@marcan.st>
X-B4-Tracking: v=1; b=H4sIAEqHZWUC/x3MSQqAMAxA0auUrA10WDhcRVwUm2rAiUZFKN7d4
 vIt/s8glJgEOpUh0c3C+1ZgKgXj7LeJkEMxWG2dMbbBcxFc98ABE11CqH3tW+28iTVBqY5EkZ/
 /2A/v+wH+8tKEYQAAAA==
To: libc-alpha@sourceware.org
X-Mailer: b4 0.12.3
X-Developer-Signature: v=1; a=openpgp-sha256; l=1772; i=marcan@marcan.st;
 h=from:subject:message-id; bh=5D6b456xHdOlym7g1LI0psybx3K/SjHNgVvxQhxAvJg=;
 b=owGbwMvMwCUm+yP4NEe/cRLjabUkhtTU9oAD+n9knn4T61I5IWa8UOz/u+2VS27IzrS55DZ/9
 wuXwB3cHaUsDGJcDLJiiiyNJ3pPdXtOP6eumjIdZg4rE8gQBi5OAZgInyzDfxffhfvOfuPqiYtK
 k26J3RW2ZnbT7HVs01JjV9x20xO69o3hf7qMfVQFs71iTbX5Bq6jG5xfPnrE3XZam/n/xOVbLvb
 tZQAA
X-Developer-Key: i=marcan@marcan.st; a=openpgp;
 fpr=FC18F00317968B7BE86201CBE22A629A4C515DD5
X-Spam-Status: No, score=-11.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE,
 SPF_PASS,
 TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org

_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but does
*not* do anything to the generation counter. The first time this
happens, the generation is zero and map_generation() returns the current
generation to be used during relocation processing. However, if a
slotinfo entry is later reused, it will already have a generation
assigned. If this generation has fallen behind the current global max
generation, then this causes an obsolete generation to be assigned
during relocation processing, as map_generation() returns this
generation if nonzero. _dl_add_to_slotinfo() eventually resets the
generation, but by then it is too late. This causes DTV updates to be
skipped, leading to NULL or broken TLS slot pointers and segfaults.

Fix this by resetting the generation to zero in _dl_assign_tls_modid(),
so it behaves the same as the first time a slot is assigned.
_dl_add_to_slotinfo() will still assign the correct static generation
later during module load, but relocation processing will no longer use
an obsolete generation.

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29039
Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
---
 elf/dl-tls.c | 1 +
 1 file changed, 1 insertion(+)


---
base-commit: 78ca44da0160a0b442f0ca1f253e3360f044b2ec
change-id: 20231128-tls-modid-reuse-0a7a903a1f7e

Best regards,

diff --git a/elf/dl-tls.c b/elf/dl-tls.c
index c192b5a13a94..70446e71a8c4 100644
--- a/elf/dl-tls.c
+++ b/elf/dl-tls.c
@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l)
 	      {
 		/* Mark the entry as used, so any dependency see it.  */
 		atomic_store_relaxed (&runp->slotinfo[result - disp].map, l);
+		atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0);
 		break;
 	      }