Date: Mon, 16 Jan 2006 00:22:50 GMT From: Marcel Moolenaar <marcel@xcllnt.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ia64/91846: TLS: malloc(3) exposes DTLS bug in non-threaded applications Message-ID: <200601160022.k0G0MosU079467@www.freebsd.org> Resent-Message-ID: <200601160030.k0G0U8TL040985@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91846 >Category: ia64 >Synopsis: TLS: malloc(3) exposes DTLS bug in non-threaded applications >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ia64 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 16 00:30:07 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Marcel Moolenaar >Release: 7-CURRENT >Organization: >Environment: FreeBSD bigsur.pn.xcllnt.net 7.0-CURRENT FreeBSD 7.0-CURRENT #1: Fri Jan 13 16:26:27 PST 2006 marcel@bigsur.pn.xcllnt.net:/usr/obj/nfs/freebsd/7.x/src/sys/BIGSUR ia64 >Description: When NO_TLS is *not* defined in src/lib/libc/stdlib/malloc.c on ia64, then a SIGSEGV will result due to arenas_map being thread-local and it being referenced in choose_arena(). That reference causes a thread-local relocation to end up in tls_get_addr_common() in src/libexec/rtld-elf/rtld.c for which the dtvp argument is NULL. This pretty much means that __tls_get_addr() on ia64 does the wrong thing. In this case it assumes that r13 (aka TP) is non-NULL in all cases, which is false for non-threaded applications. >How-To-Repeat: n/a >Fix: tbd >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601160022.k0G0MosU079467>