This is an archive of the discontinued LLVM Phabricator instance.

Differential D46638

[sanitizer] Fix runtime crash on 32-bit Linux with glibc 2.27
AbandonedPublic

Authored by Lekensteyn on May 9 2018, 7:49 AM.

Details

Reviewers
kcc
dvyukov
vitalybuka
jakubjelinek
Summary

The calling convention for _dl_get_tls_static_info symbol has changed on
32-bit systems since glibc 2.27. Make sure to support older and newer
32-bit glibc versions with the same runtime library.

Reuse the version check from InitTlsSize. Use gnu_get_libc_version
rather than confstr(_CS_GNU_LIBC_VERSION) because the latter is
intercepted by msan. This symbol existed since February 1998.

This patch does not try to address other issues with glibc 2.25.
Tested with 32/64-bit glibc 2.26/2.27 on Arch Linux.

Fixes https://github.com/google/sanitizers/issues/954

This is an alternative patch to D44623 by Jakub, addressing some review comments from there (reduce ifdef magic, coding style) and using a different approach for version detection. If desired, GetGlibVersion runtime could be guarded under a __GLIBC_PREREQ check, but there is potentially much more code that could be hidden that way so I did not do this.

Test: all check-sanitizers tests pass on Linux with glibc 2.27 except SanitizerCommon-asan-i386-Linux (unrelated) and SanitizerCommon-lsan-x86_64-Linux (not sure, probably also unrelated).

Diff Detail

Event Timeline

Lekensteyn created this revision.May 9 2018, 7:49 AM
Herald added subscribers: Restricted Project, llvm-commits, kubamracek, srhines. · View Herald TranscriptMay 9 2018, 7:49 AM
jakubjelinek added inline comments.May 9 2018, 8:04 AM
lib/sanitizer_common/sanitizer_linux_libcdep.cc
165

So you both call dlsym (instead of the function directly) and then parse the string? That is significantly larger and more expensive than just calling the dlvsym. Furthermore, other code in the sanitizers use confstr for this purpose.

202

Ugh, so you call this unconditionally on all architectures, just because one needs it?

Lekensteyn added inline comments.May 9 2018, 8:28 AM
lib/sanitizer_common/sanitizer_linux_libcdep.cc
165

Detecting glibc 2.27 by lookup up the glob symbol seems a bit indirect, that is why I preferred an approach that directly checks the version.

There is only one confstr(_CS_GNU_LIBC_VERSION) user (which got removed below). String parsing costs should be negligible and there are enough dlsym calls for interceptors such that this additional one should not matter.

I think that the few cycles extra here is worth the lower code maintenance cost that would otherwise be necessary for indirectly retrieving strconf without breaking msan. Correct me if I am wrong :)

202

What about this?

int minor = 0, patch = 0;
if (CHECK_GET_TLS_STATIC_INFO_VERSION) GetGlibcVersion(&minor, &patch);
if (CHECK_GET_TLS_STATIC_INFO && minor && minor < 27) {

Alternative: make GetGlibcVersion return (minor << 8) | patch or a large number if parsing failed for some reason. Then: if (CHECK_GET_TLS_STATIC_INFO && GetGlibcVersion() < 27).

Lekensteyn abandoned this revision.May 9 2018, 10:17 AM

D44623 looks better now, the version check of this patch has some more issues than worth solving.

vitalybuka added inline comments.May 9 2018, 11:17 AM
lib/sanitizer_common/sanitizer_linux_libcdep.cc
160

I'd split this into two patches:

  1. Extract code into GetGlibcVersion
  2. GetTls changes
202

I am not sure that we need these
CHECK_EQ(sizeof(get_tls), sizeof(get_tls_static_info_ptr))
and
internal_memcpy
If not we can go with:

'''
static bool IsGetTlsInternal() {
if (!CHECK_GET_TLS_STATIC_INFO_VERSION)

return false;

int minor;
GetGlibcVersion(&minor, &patch);
return minor && minor < 27;
}

static void GetTlsSize(size_t *tls_size, size_t *tls_align) {

void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info");
CHECK_NE(get_tls_static_info_ptr, 0);
if (IsGetTlsInternal()) {
  typedef void (*get_tls_func)(size_t *, size_t *);
  ((get_tls_func)get_tls_static_info_ptr)(tls_size, tls_align);
} else {
  typedef void (*get_tls_func)(size_t *, size_t *) DL_INTERNAL_FUNCTION;
  ((get_tls_func)get_tls_static_info_ptr)(tls_size, tls_align);
}

}
'''

Lekensteyn mentioned this in D44623: [ASAN] Fix crash on i?86-linux (32-bit) against glibc 2.27 and later.May 9 2018, 12:52 PM

Revision Contents

PathSize
lib/
sanitizer_common/
72 lines

Diff 145915

lib/sanitizer_common/sanitizer_linux_libcdep.cc

Show First 20 LinesShow All 151 Lines▼ Show 20 Linesbool SetEnv(const char *name, const char *value) {
typedef int(*setenv_ft)(const char *name, const char *value, int overwrite); typedef int(*setenv_ft)(const char *name, const char *value, int overwrite);
setenv_ft setenv_f; setenv_ft setenv_f;
CHECK_EQ(sizeof(setenv_f), sizeof(f)); CHECK_EQ(sizeof(setenv_f), sizeof(f));
internal_memcpy(&setenv_f, &f, sizeof(f)); internal_memcpy(&setenv_f, &f, sizeof(f));
return setenv_f(name, value, 1) == 0; return setenv_f(name, value, 1) == 0;
} }
#endif #endif
#if !SANITIZER_ANDROID
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

I'd split this into two patches:

  1. Extract code into GetGlibcVersion
  2. GetTls changes
vitalybuka: I'd split this into two patches: 1. Extract code into GetGlibcVersion 2. GetTls changes
void GetGlibcVersion(int *minor, int *patch) {
*minor = *patch = 0;
typedef const char *(*glibc_version_fn)();
glibc_version_fn get_glibc_version =
(glibc_version_fn)dlsym(RTLD_NEXT, "gnu_get_libc_version");
jakubjelinekUnsubmitted
Not Done
ReplyInline Actions

So you both call dlsym (instead of the function directly) and then parse the string? That is significantly larger and more expensive than just calling the dlvsym. Furthermore, other code in the sanitizers use confstr for this purpose.

jakubjelinek: So you both call dlsym (instead of the function directly) and then parse the string? That is…
LekensteynAuthorUnsubmitted
Not Done
ReplyInline Actions

Detecting glibc 2.27 by lookup up the glob symbol seems a bit indirect, that is why I preferred an approach that directly checks the version.

There is only one confstr(_CS_GNU_LIBC_VERSION) user (which got removed below). String parsing costs should be negligible and there are enough dlsym calls for interceptors such that this additional one should not matter.

I think that the few cycles extra here is worth the lower code maintenance cost that would otherwise be necessary for indirectly retrieving strconf without breaking msan. Correct me if I am wrong :)

Lekensteyn: Detecting glibc 2.27 by lookup up the glob symbol seems a bit indirect, that is why I preferred…
if (!get_glibc_version)
return;
const char *version = get_glibc_version();
if (version[0] == '2' && version[1] == '.') {
char *end;
*minor = internal_simple_strtoll(version + 2, &end, 10);
if (end != version + 2 && (*end == '\0' || *end == '.' || *end == '-')) {
if (*end == '.')
// strtoll will return 0 if no valid conversion could be performed
*patch = internal_simple_strtoll(end + 1, nullptr, 10);
} else {
*minor = 0;
}
}
}
#endif // !SANITIZER_ANDROID
#if !SANITIZER_FREEBSD && !SANITIZER_ANDROID && !SANITIZER_GO && \ #if !SANITIZER_FREEBSD && !SANITIZER_ANDROID && !SANITIZER_GO && \
!SANITIZER_NETBSD && !SANITIZER_OPENBSD && !SANITIZER_SOLARIS !SANITIZER_NETBSD && !SANITIZER_OPENBSD && !SANITIZER_SOLARIS
static uptr g_tls_size; static uptr g_tls_size;
#ifdef __i386__ #ifdef __i386__
# define DL_INTERNAL_FUNCTION __attribute__((regparm(3), stdcall)) # define DL_INTERNAL_FUNCTION __attribute__((regparm(3), stdcall))
# define CHECK_GET_TLS_STATIC_INFO_VERSION 1
#else #else
# define DL_INTERNAL_FUNCTION # define DL_INTERNAL_FUNCTION
# define CHECK_GET_TLS_STATIC_INFO_VERSION 0
#endif #endif
void InitTlsSize() { void InitTlsSize() {
// all current supported platforms have 16 bytes stack alignment // all current supported platforms have 16 bytes stack alignment
const size_t kStackAlign = 16; const size_t kStackAlign = 16;
size_t tls_size = 0;
size_t tls_align = 0;
int minor, patch;
GetGlibcVersion(&minor, &patch);
jakubjelinekUnsubmitted
Not Done
ReplyInline Actions

Ugh, so you call this unconditionally on all architectures, just because one needs it?

jakubjelinek: Ugh, so you call this unconditionally on all architectures, just because one needs it?
LekensteynAuthorUnsubmitted
Not Done
ReplyInline Actions

What about this?

int minor = 0, patch = 0;
if (CHECK_GET_TLS_STATIC_INFO_VERSION) GetGlibcVersion(&minor, &patch);
if (CHECK_GET_TLS_STATIC_INFO && minor && minor < 27) {

Alternative: make GetGlibcVersion return (minor << 8) | patch or a large number if parsing failed for some reason. Then: if (CHECK_GET_TLS_STATIC_INFO && GetGlibcVersion() < 27).

Lekensteyn: What about this? int minor = 0, patch = 0; if (CHECK_GET_TLS_STATIC_INFO_VERSION)…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

I am not sure that we need these
CHECK_EQ(sizeof(get_tls), sizeof(get_tls_static_info_ptr))
and
internal_memcpy
If not we can go with:

'''
static bool IsGetTlsInternal() {
if (!CHECK_GET_TLS_STATIC_INFO_VERSION)

return false;

int minor;
GetGlibcVersion(&minor, &patch);
return minor && minor < 27;
}

static void GetTlsSize(size_t *tls_size, size_t *tls_align) {

void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info");
CHECK_NE(get_tls_static_info_ptr, 0);
if (IsGetTlsInternal()) {
  typedef void (*get_tls_func)(size_t *, size_t *);
  ((get_tls_func)get_tls_static_info_ptr)(tls_size, tls_align);
} else {
  typedef void (*get_tls_func)(size_t *, size_t *) DL_INTERNAL_FUNCTION;
  ((get_tls_func)get_tls_static_info_ptr)(tls_size, tls_align);
}

}
'''

vitalybuka: I am not sure that we need these CHECK_EQ(sizeof(get_tls), sizeof(get_tls_static_info_ptr))…
// Glibc before 2.27 used a different calling convention for
// _dl_get_tls_static_info on __i386__.
if (CHECK_GET_TLS_STATIC_INFO_VERSION && minor && minor < 27) {
typedef void (*get_tls_func)(size_t*, size_t*) DL_INTERNAL_FUNCTION; typedef void (*get_tls_func)(size_t*, size_t*) DL_INTERNAL_FUNCTION;
get_tls_func get_tls; get_tls_func get_tls;
void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info"); void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info");
CHECK_EQ(sizeof(get_tls), sizeof(get_tls_static_info_ptr)); CHECK_EQ(sizeof(get_tls), sizeof(get_tls_static_info_ptr));
internal_memcpy(&get_tls, &get_tls_static_info_ptr, internal_memcpy(&get_tls, &get_tls_static_info_ptr,
sizeof(get_tls_static_info_ptr)); sizeof(get_tls_static_info_ptr));
CHECK_NE(get_tls, 0); CHECK_NE(get_tls, 0);
size_t tls_size = 0;
size_t tls_align = 0;
get_tls(&tls_size, &tls_align); get_tls(&tls_size, &tls_align);
} else {
typedef void (*get_tls_func)(size_t*, size_t*);
get_tls_func get_tls;
void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info");
CHECK_EQ(sizeof(get_tls), sizeof(get_tls_static_info_ptr));
internal_memcpy(&get_tls, &get_tls_static_info_ptr,
sizeof(get_tls_static_info_ptr));
CHECK_NE(get_tls, 0);
get_tls(&tls_size, &tls_align);
}
if (tls_align < kStackAlign) if (tls_align < kStackAlign)
tls_align = kStackAlign; tls_align = kStackAlign;
g_tls_size = RoundUpTo(tls_size, tls_align); g_tls_size = RoundUpTo(tls_size, tls_align);
} }
#else #else
void InitTlsSize() { } void InitTlsSize() { }
#endif // !SANITIZER_FREEBSD && !SANITIZER_ANDROID && !SANITIZER_GO && #endif // !SANITIZER_FREEBSD && !SANITIZER_ANDROID && !SANITIZER_GO &&
// !SANITIZER_NETBSD && !SANITIZER_SOLARIS // !SANITIZER_NETBSD && !SANITIZER_SOLARIS
#if (defined(__x86_64__) || defined(__i386__) || defined(__mips__) || \ #if (defined(__x86_64__) || defined(__i386__) || defined(__mips__) || \
defined(__aarch64__) || defined(__powerpc64__) || defined(__s390__) || \ defined(__aarch64__) || defined(__powerpc64__) || defined(__s390__) || \
defined(__arm__)) && \ defined(__arm__)) && \
SANITIZER_LINUX && !SANITIZER_ANDROID SANITIZER_LINUX && !SANITIZER_ANDROID
// sizeof(struct pthread) from glibc. // sizeof(struct pthread) from glibc.
static atomic_uintptr_t thread_descriptor_size; static atomic_uintptr_t thread_descriptor_size;
uptr ThreadDescriptorSize() { uptr ThreadDescriptorSize() {
uptr val = atomic_load_relaxed(&thread_descriptor_size); uptr val = atomic_load_relaxed(&thread_descriptor_size);
if (val) if (val)
return val; return val;
#if defined(__x86_64__) || defined(__i386__) || defined(__arm__) #if defined(__x86_64__) || defined(__i386__) || defined(__arm__)
#ifdef _CS_GNU_LIBC_VERSION #ifdef _CS_GNU_LIBC_VERSION
char buf[64]; int minor, patch;
uptr len = confstr(_CS_GNU_LIBC_VERSION, buf, sizeof(buf)); GetGlibcVersion(&minor, &patch);
if (len < sizeof(buf) && internal_strncmp(buf, "glibc 2.", 8) == 0) { if (minor) {
char *end;
int minor = internal_simple_strtoll(buf + 8, &end, 10);
if (end != buf + 8 && (*end == '\0' || *end == '.' || *end == '-')) {
int patch = 0;
if (*end == '.')
// strtoll will return 0 if no valid conversion could be performed
patch = internal_simple_strtoll(end + 1, nullptr, 10);
/* sizeof(struct pthread) values from various glibc versions. */ /* sizeof(struct pthread) values from various glibc versions. */
if (SANITIZER_X32) if (SANITIZER_X32)
val = 1728; // Assume only one particular version for x32. val = 1728; // Assume only one particular version for x32.
// For ARM sizeof(struct pthread) changed in Glibc 2.23. // For ARM sizeof(struct pthread) changed in Glibc 2.23.
else if (SANITIZER_ARM) else if (SANITIZER_ARM)
val = minor <= 22 ? 1120 : 1216; val = minor <= 22 ? 1120 : 1216;
else if (minor <= 3) else if (minor <= 3)
val = FIRST_32_SECOND_64(1104, 1696); val = FIRST_32_SECOND_64(1104, 1696);
else if (minor == 4) else if (minor == 4)
val = FIRST_32_SECOND_64(1120, 1728); val = FIRST_32_SECOND_64(1120, 1728);
else if (minor == 5) else if (minor == 5)
val = FIRST_32_SECOND_64(1136, 1728); val = FIRST_32_SECOND_64(1136, 1728);
else if (minor <= 9) else if (minor <= 9)
val = FIRST_32_SECOND_64(1136, 1712); val = FIRST_32_SECOND_64(1136, 1712);
else if (minor == 10) else if (minor == 10)
val = FIRST_32_SECOND_64(1168, 1776); val = FIRST_32_SECOND_64(1168, 1776);
else if (minor == 11 || (minor == 12 && patch == 1)) else if (minor == 11 || (minor == 12 && patch == 1))
val = FIRST_32_SECOND_64(1168, 2288); val = FIRST_32_SECOND_64(1168, 2288);
else if (minor <= 13) else if (minor <= 13)
val = FIRST_32_SECOND_64(1168, 2304); val = FIRST_32_SECOND_64(1168, 2304);
else else
val = FIRST_32_SECOND_64(1216, 2304); val = FIRST_32_SECOND_64(1216, 2304);
} }
}
#endif #endif
#elif defined(__mips__) #elif defined(__mips__)
// TODO(sagarthakur): add more values as per different glibc versions. // TODO(sagarthakur): add more values as per different glibc versions.
val = FIRST_32_SECOND_64(1152, 1776); val = FIRST_32_SECOND_64(1152, 1776);
#elif defined(__aarch64__) #elif defined(__aarch64__)
// The sizeof (struct pthread) is the same from GLIBC 2.17 to 2.22. // The sizeof (struct pthread) is the same from GLIBC 2.17 to 2.22.
val = 1776; val = 1776;
#elif defined(__powerpc64__) #elif defined(__powerpc64__)
▲ Show 20 LinesShow All 505 LinesShow Last 20 Lines