summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzabolcs Nagy <nsz@port70.net>2019-05-16 17:15:33 +0000
committerRich Felker <dalias@aerifal.cx>2019-05-16 20:12:56 -0400
commit6104dae9088da7ffd9346671be867a43a4b03295 (patch)
tree410a27383126be084e4b92a6ec3d9621d8663d99
parent9fd98a6354105dd67b648b48dba238f4c3e3d564 (diff)
downloadmusl-6104dae9088da7ffd9346671be867a43a4b03295.tar.gz
fix static tls offsets of shared libs on TLS_ABOVE_TP targets
tls_offset should always point to the end of the allocated static tls area, but this was not handled correctly on "tls variant 1" targets in the dynamic linker: after application tls was allocated, tls_offset was aligned up, potentially wasting tls space. (alignment may be needed at the begining of the tls area, not at the end, but that will be fixed separately as it is unlikely to affect real binaries.) when static tls was allocated for a shared library, tls_offset was only updated with the size of the tls segment which does not include alignment gaps, which can easily happen if the tls size update for one library leaves tls_offset misaligned for the next one. this can cause oob access in __copy_tls or arbitrary breakage at tls access. (the issue was observed on aarch64 with rust binaries)
-rw-r--r--ldso/dynlink.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index ad0cdba2..967f1fd9 100644
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -1127,7 +1127,7 @@ static struct dso *load_library(const char *name, struct dso *needed_by)
#ifdef TLS_ABOVE_TP
p->tls.offset = tls_offset + ( (tls_align-1) &
-(tls_offset + (uintptr_t)p->tls.image) );
- tls_offset += p->tls.size;
+ tls_offset = p->tls.offset + p->tls.size;
#else
tls_offset += p->tls.size + p->tls.align - 1;
tls_offset -= (tls_offset + (uintptr_t)p->tls.image)
@@ -1797,9 +1797,7 @@ _Noreturn void __dls3(size_t *sp)
#ifdef TLS_ABOVE_TP
app.tls.offset = GAP_ABOVE_TP;
app.tls.offset += -GAP_ABOVE_TP & (app.tls.align-1);
- tls_offset = app.tls.offset + app.tls.size
- + ( -((uintptr_t)app.tls.image + app.tls.size)
- & (app.tls.align-1) );
+ tls_offset = app.tls.offset + app.tls.size;
#else
tls_offset = app.tls.offset = app.tls.size
+ ( -((uintptr_t)app.tls.image + app.tls.size)