* [musl] arm32 tlsdesc bug
@ 2023-10-06 4:08 Rui Ueyama
2023-10-06 4:20 ` Rich Felker
0 siblings, 1 reply; 2+ messages in thread
From: Rui Ueyama @ 2023-10-06 4:08 UTC (permalink / raw)
To: musl
[-- Attachment #1: Type: text/plain, Size: 1715 bytes --]
Hi,
I think there's a bug in musl's TLSDESC implementation for ARM32.
TLSDESC uses two consecutive GOT slots to store a function pointer and its
argument. Usually, the function pointer is stored in the first slot and the
argument in the second. However, on ARM32, the order is reversed; the
argument is stored in the first slot.
If a TLSDESC relocation has a non-zero addend, it's applied to the function
argument and not to the function pointer. That means, for an ABI that uses
the REL-type relocations (as opposed to RELA-type), the addend should be
stored to the location where the function argument is stored, and that's
the first slot on ARM32.
So, I believe we need something like this.
diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index ceca3c98..254fa5b8 100644
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -513,11 +513,17 @@ static void do_relocs(struct dso *dso, size_t *rel,
size_t rel_size, size_t stri
case REL_TPOFF_NEG:
*reloc_addr = def.dso->tls.offset - tls_val +
addend;
break;
#endif
case REL_TLSDESC:
- if (stride<3) addend = reloc_addr[1];
+ if (stride<3) {
+#ifdef TLSDESC_BACKWARDS
+ addend = reloc_addr[0];
+#else
+ addend = reloc_addr[1];
+#endif
+ }
if (def.dso->tls_id > static_tls_cnt) {
struct td_index *new = malloc(sizeof *new);
if (!new) {
error(
"Error relocating %s: cannot
allocate TLSDESC for %s",
[-- Attachment #2: Type: text/html, Size: 2156 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [musl] arm32 tlsdesc bug
2023-10-06 4:08 [musl] arm32 tlsdesc bug Rui Ueyama
@ 2023-10-06 4:20 ` Rich Felker
0 siblings, 0 replies; 2+ messages in thread
From: Rich Felker @ 2023-10-06 4:20 UTC (permalink / raw)
To: Rui Ueyama; +Cc: musl
On Fri, Oct 06, 2023 at 01:08:18PM +0900, Rui Ueyama wrote:
> Hi,
>
> I think there's a bug in musl's TLSDESC implementation for ARM32.
>
> TLSDESC uses two consecutive GOT slots to store a function pointer and its
> argument. Usually, the function pointer is stored in the first slot and the
> argument in the second. However, on ARM32, the order is reversed; the
> argument is stored in the first slot.
>
> If a TLSDESC relocation has a non-zero addend, it's applied to the function
> argument and not to the function pointer. That means, for an ABI that uses
> the REL-type relocations (as opposed to RELA-type), the addend should be
> stored to the location where the function argument is stored, and that's
> the first slot on ARM32.
>
> So, I believe we need something like this.
>
> diff --git a/ldso/dynlink.c b/ldso/dynlink.c
> index ceca3c98..254fa5b8 100644
> --- a/ldso/dynlink.c
> +++ b/ldso/dynlink.c
> @@ -513,11 +513,17 @@ static void do_relocs(struct dso *dso, size_t *rel,
> size_t rel_size, size_t stri
> case REL_TPOFF_NEG:
> *reloc_addr = def.dso->tls.offset - tls_val +
> addend;
> break;
> #endif
> case REL_TLSDESC:
> - if (stride<3) addend = reloc_addr[1];
> + if (stride<3) {
> +#ifdef TLSDESC_BACKWARDS
> + addend = reloc_addr[0];
> +#else
> + addend = reloc_addr[1];
> +#endif
> + }
> if (def.dso->tls_id > static_tls_cnt) {
> struct td_index *new = malloc(sizeof *new);
> if (!new) {
> error(
> "Error relocating %s: cannot
> allocate TLSDESC for %s",
Thank you!! This almost surely explains the TLSDESC problems we've
encountered on arm (32-bit) that prevented enabling it by default.
Rich
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-06 4:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-06 4:08 [musl] arm32 tlsdesc bug Rui Ueyama
2023-10-06 4:20 ` Rich Felker
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).