You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.8 KiB
44 lines
1.8 KiB
commit afe42e935b3ee97bac9a7064157587777259c60e
|
|
Author: Florian Weimer <fweimer@redhat.com>
|
|
Date: Mon Jun 3 10:49:40 2024 +0200
|
|
|
|
elf: Avoid some free (NULL) calls in _dl_update_slotinfo
|
|
|
|
This has been confirmed to work around some interposed mallocs. Here
|
|
is a discussion of the impact test ust/libc-wrapper/test_libc-wrapper
|
|
in lttng-tools:
|
|
|
|
New TLS usage in libgcc_s.so.1, compatibility impact
|
|
<https://inbox.sourceware.org/libc-alpha/8734v1ieke.fsf@oldenburg.str.redhat.com/>
|
|
|
|
Reportedly, this patch also papers over a similar issue when tcmalloc
|
|
2.9.1 is not compiled with -ftls-model=initial-exec. Of course the
|
|
goal really should be to compile mallocs with the initial-exec TLS
|
|
model, but this commit appears to be a useful interim workaround.
|
|
|
|
Fixes commit d2123d68275acc0f061e73d5f86ca504e0d5a344 ("elf: Fix slow
|
|
tls access after dlopen [BZ #19924]").
|
|
|
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
diff --git a/elf/dl-tls.c b/elf/dl-tls.c
|
|
index 7b3dd9ab60..670dbc42fc 100644
|
|
--- a/elf/dl-tls.c
|
|
+++ b/elf/dl-tls.c
|
|
@@ -819,7 +819,14 @@ _dl_update_slotinfo (unsigned long int req_modid, size_t new_gen)
|
|
dtv entry free it. Note: this is not AS-safe. */
|
|
/* XXX Ideally we will at some point create a memory
|
|
pool. */
|
|
- free (dtv[modid].pointer.to_free);
|
|
+ /* Avoid calling free on a null pointer. Some mallocs
|
|
+ incorrectly use dynamic TLS, and depending on how the
|
|
+ free function was compiled, it could call
|
|
+ __tls_get_addr before the null pointer check in the
|
|
+ free implementation. Checking here papers over at
|
|
+ least some dynamic TLS usage by interposed mallocs. */
|
|
+ if (dtv[modid].pointer.to_free != NULL)
|
|
+ free (dtv[modid].pointer.to_free);
|
|
dtv[modid].pointer.val = TLS_DTV_UNALLOCATED;
|
|
dtv[modid].pointer.to_free = NULL;
|
|
|