From ba33937be210da5d07f7f01709323743f66011ce Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Fri, 25 Jun 2021 10:54:12 -0300 Subject: elf: Fix DTV gap reuse logic (BZ #27135) This is updated version of the 572bd547d57a (reverted by 40ebfd016ad2) that fixes the _dl_next_tls_modid issues. This issue with 572bd547d57a patch is the DTV entry will be only update on dl_open_worker() with the update_tls_slotinfo() call after all dependencies are being processed by _dl_map_object_deps(). However _dl_map_object_deps() itself might call _dl_next_tls_modid(), and since the _dl_tls_dtv_slotinfo_list::map is not yet set the entry will be wrongly reused. This patch fixes by renaming the _dl_next_tls_modid() function to _dl_assign_tls_modid() and by passing the link_map so it can set the slotinfo value so a subsequente _dl_next_tls_modid() call will see the entry as allocated. The intermediary value is cleared up on remove_slotinfo() for the case a library fails to load with RTLD_NOW. This patch fixes BZ #27135. Checked on x86_64-linux-gnu. Reviewed-by: Szabolcs Nagy --- elf/dl-close.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'elf/dl-close.c') diff --git a/elf/dl-close.c b/elf/dl-close.c index 3720e47dd1..f39001cab9 100644 --- a/elf/dl-close.c +++ b/elf/dl-close.c @@ -77,8 +77,6 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp, object that wasn't fully set up. */ if (__glibc_likely (old_map != NULL)) { - assert (old_map->l_tls_modid == idx); - /* Mark the entry as unused. These can be read concurrently. */ atomic_store_relaxed (&listp->slotinfo[idx - disp].gen, GL(dl_tls_generation) + 1); @@ -88,7 +86,11 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp, /* If this is not the last currently used entry no need to look further. */ if (idx != GL(dl_tls_max_dtv_idx)) - return true; + { + /* There is an unused dtv entry in the middle. */ + GL(dl_tls_dtv_gaps) = true; + return true; + } } while (idx - disp > (disp == 0 ? 1 + GL(dl_tls_static_nelem) : 0)) -- cgit 1.4.1