Re: [OpenWrt-Devel] Alsa-lib (libasound) segfaults on TLS variable (musl on mips)

[Szabolcs Nagy <nsz@port70.net>]

[-- Attachment #1: Type: text/plain, Size: 1337 bytes --]

* Ted Hess <thess@kitschensync.net> [2015-06-23 18:04:35 -0400]:
> Segfault in 'snd_lib_error_set_local' (error.c) referencing
> static __thread snd_local_error_handler_t local_error;
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x0041b164 in snd_lib_error_set_local ()
> (gdb) bt
> #0 0x0041b164 in snd_lib_error_set_local ()
> #1 0x0041fb68 in try_config ()
> #2 0x00420d80 in snd_device_name_hint ()
> #3 0x0040a3be in pcm_list ()
> #4 0x0040e92a in main ()
> (gdb) disas
> Dump of assembler code for function snd_lib_error_set_local:
> 0x0041b12c <+0>: lui gp,0x8
> 0x0041b130 <+4>: addiu gp,gp,23668
> 0x0041b134 <+8>: addu gp,gp,t9
> 0x0041b138 <+12>: addiu sp,sp,-16
> 0x0041b13c <+16>: lw t9,-29872(gp)
> 0x0041b140 <+20>: sw ra,12(sp)
> 0x0041b144 <+24>: sw s0,8(sp)
> 0x0041b148 <+28>: sw gp,0(sp)
> 0x0041b14c <+32>: move s0,a0
> 0x0041b150 <+36>: addiu a0,gp,-29376
> 0x0041b154 <+40>: jalr t9
> 0x0041b158 <+44>: nop
> 0x0041b15c <+48>: lui v1,0x0
> 0x0041b160 <+52>: addu v1,v1,v0
> => 0x0041b164 <+56>: lw v0,-32768(v1)
> 0x0041b168 <+60>: sw s0,-32768(v1)

thanks for the report

the bug is that mips tls access uses a hard coded -32768
offset relative to whatever __tls_get_addr returned.

and musl did not account for this offset.

the attached patch fixes the issue for me,
we will fix it in musl soon.

[-- Attachment #2: mips_tls_fix.diff --]
[-- Type: text/x-diff, Size: 1191 bytes --]

diff --git a/arch/mips/pthread_arch.h b/arch/mips/pthread_arch.h
index f8e35ae..626b9bb 100644
--- a/arch/mips/pthread_arch.h
+++ b/arch/mips/pthread_arch.h
@@ -13,4 +13,6 @@ static inline struct pthread *__pthread_self()
 #define TLS_ABOVE_TP
 #define TP_ADJ(p) ((char *)(p) + sizeof(struct pthread) + 0x7000)
 
+#define DTV_OFFSET 0x8000
+
 #define CANCEL_REG_IP (3-(union {int __i; char __b;}){1}.__b)
diff --git a/src/thread/__tls_get_addr.c b/src/thread/__tls_get_addr.c
index 3633396..bcc9be3 100644
--- a/src/thread/__tls_get_addr.c
+++ b/src/thread/__tls_get_addr.c
@@ -1,6 +1,10 @@
 #include <stddef.h>
 #include "pthread_impl.h"
 
+#ifndef DTV_OFFSET
+#define DTV_OFFSET 0
+#endif
+
 void *__tls_get_addr(size_t *v)
 {
 	pthread_t self = __pthread_self();
@@ -8,9 +12,9 @@ void *__tls_get_addr(size_t *v)
 	__attribute__((__visibility__("hidden")))
 	void *__tls_get_new(size_t *);
 	if (v[0]<=(size_t)self->dtv[0])
-		return (char *)self->dtv[v[0]]+v[1];
-	return __tls_get_new(v);
+		return (char *)self->dtv[v[0]]+v[1]+DTV_OFFSET;
+	return (char *)__tls_get_new(v)+DTV_OFFSET;
 #else
-	return (char *)self->dtv[1]+v[1];
+	return (char *)self->dtv[1]+v[1]+DTV_OFFSET;
 #endif
 }