glibc issues with --enable-kernel=2.6.22.5

Bryan Kadzban bryan at kadzban.is-a-geek.net
Sun Jan 23 15:02:42 PST 2011


Bryan Kadzban wrote:
> But from looking at the test code, it doesn't appear to be directly
> dealing with any of these __ASSUME_BLAH symbols.  It appears to be using
> standard pthread_blahblah() functions, so if the test is segfaulting, or
> getting the wrong result back, I'd expect that user programs calling the
> various pthread APIs would do the same.  So I *think* the cause of the
> failure is in the implementation of these functions.

Yep, confirmed.  (Also, it appears this had been submitted to glibc
bugzilla already, but was closed as basically "we won't help you debug
our stuff, and we think it's working":
http://sources.redhat.com/bugzilla/show_bug.cgi?id=12403 -- I've added
lots more info there, and the patch I'm attaching here as well.)

The core problem here is a stack imbalance.  This was actually broken
way back in July of 2009, when this code was added, in both of these
changes:

http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d979611eb9f18ead1b8da3e956b941545f682565
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=32c6c342b6bc10396785a4542c22f6f95deca684

The second isn't as big of a problem, since the only thing broken is CFI
directives to the assembler (which will break debugging info, but I
don't *think* they'll break the code at runtime).  But the first, if
__ASSUME_PRIVATE_FUTEX is on but __ASSUME_FUTEX_CLOCK_REALTIME is off
(which is the state we're seeing), will push a new register onto the
stack, and add some local-variable space, at function entry, and will
*not* clean these two up at function exit.  So the "retq" instruction at
the end will jump off into never-never land, to either an address coming
from garbage on the stack, or to an address coming from a random other
register.

I've verified that this patch fixes the problem.  This might be possible
with sed, but I'm not sure how -- but one or the other of these should
be done, I think.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: glibc-2.12.2-fix-x86_64-rwlock-stack-imbalance-1.patch
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20110123/2a7b54fe/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20110123/2a7b54fe/attachment.sig>


More information about the lfs-dev mailing list