c18n: Set curthread->tcb to real tcb upon thread start #2110
Conversation
|
If rtld is screwing with curthread, why doesn’t it fix it up itself? |
It certainly can. But right now RTLD is not aware of the internal structure of |
|
Then how does it store the fake value there in the first place? |
In |
There was a problem hiding this comment.
I would suggest rewording the commit message a bit which I think would be less confusing (I think it led to Jess's question), maybe something like:
c18n: Set curthread->tcb to real tcb upon entry
When a pthread is created, the TCB is allocated in _tcb_ctor by calling _rtld_allocate_tls(). In the case of c18n, RTLD allocates both a real TCB
and a fake tcb-like structure that contains a pointer to the real TCB and
a pointer to the new thread's stack lookup table. This is done so that when
the thread is entered, it does not need to create a stack lookup table, which
involves a memory allocation that cannot be performed without a stack
lookup table in the first place.
This commit fixes a mistake where the TCB field was still pointing to the fake
tcb-like structure instead of the real TCB after thread entry.
A few points: 1) A restore operation is usually paired with some sort of prior save, so using restore here is confusing since the field was never previously set to the real TCB. Using "Set" is clearer. 2) This message still doesn't really explain to me why the TCB has to be wrong initially. The comment in the commit seems to suggest that we are not allocating the real TCB during _tcb_ctor() (as my proposed log above suggests) but perhaps instead the real TCB is allocated later when the new thread starts running? In particular, I don't understand why you have to have the fake TCB to allocate the stack table. Why can't you just allocate the stack table and real TCB using _rtld_allocate_tls() and still return a pointer to the real TCB from that function?
The reason is that if I allocate the stack table in |
That would be a useful detail in the commit log then. :) Also, there should be a comment to that effect in |
dpgao
changed the title
When a pthread is created, the TCB is allocated in _tcb_ctor by calling _rtld_allocate_tls(). In the case of c18n, RTLD allocates a real TCB and the new thread's stack lookup table and returns a fake wrapper TCB containing both. This is done so that when the thread is entered, it can readily install the stack lookup table contained in the fake TCB instead of having to allocate it---an action that cannot be performed without a stack lookup table in the first place. This commit fixes a mistake where the TCB field of curthread was still pointing to the fake wrapper TCB structure instead of the real TCB after thread start.
Security fixes: CTSRD-CHERI#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) CTSRD-CHERI#2145 zip: Fix out of boundary access Important bugfixes: CTSRD-CHERI#2131 7zip: Limit amount of properties CTSRD-CHERI#2110 bsdtar: Fix error handling around strtol() usages CTSRD-CHERI#2116 passphrase: Never allow empty passwords CTSRD-CHERI#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives CTSRD-CHERI#2123 xar: Avoid infinite link loop CTSRD-CHERI#2108 zip: Update AppleDouble support for directories CTSRD-CHERI#2071 zstd: Implement core detection Obained from: libarchive Libarchive commit: 313aa1fa10b657de791e3202c168a6c833bc3543
Libarchive 3.7.4 + three fixes from master Security fixes: CTSRD-CHERI#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) CTSRD-CHERI#2145 zip: Fix out of boundary access CTSRD-CHERI#2148 rar: Fix OOB in rar delta filter CTSRD-CHERI#2149 rar: Fix OOB in rar audio filter Important bugfixes: CTSRD-CHERI#2131 7zip: Limit amount of properties CTSRD-CHERI#2110 bsdtar: Fix error handling around strtol() usages CTSRD-CHERI#2116 passphrase: Never allow empty passwords CTSRD-CHERI#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives CTSRD-CHERI#2123 xar: Avoid infinite link loop CTSRD-CHERI#2150 xar: Fix another infinite loop and expat error handling CTSRD-CHERI#2108 zip: Update AppleDouble support for directories CTSRD-CHERI#2071 zstd: Implement core detectiongit PR: 278588 (exp-run) MFC after: 1 day
Libarchive 3.7.4 + three fixes from master Security fixes: CTSRD-CHERI#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) CTSRD-CHERI#2145 zip: Fix out of boundary access CTSRD-CHERI#2148 rar: Fix OOB in rar delta filter CTSRD-CHERI#2149 rar: Fix OOB in rar audio filter Important bugfixes: CTSRD-CHERI#2131 7zip: Limit amount of properties CTSRD-CHERI#2110 bsdtar: Fix error handling around strtol() usages CTSRD-CHERI#2116 passphrase: Never allow empty passwords CTSRD-CHERI#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives CTSRD-CHERI#2123 xar: Avoid infinite link loop CTSRD-CHERI#2150 xar: Fix another infinite loop and expat error handling CTSRD-CHERI#2108 zip: Update AppleDouble support for directories CTSRD-CHERI#2071 zstd: Implement core detectiongit PR: 278588 (exp-run) MFC after: 1 day
When a pthread is created, RTLD stores in its tcb field a fake tcb-like structure that contains a capability to the actual tcb and a capability to the thread's stack lookup table. This is done so that when the thread is entered, it does not need to create a stack lookup table, which involves a memory allocation that cannot be performed without a stack lookup table in the first place.
This commit fixes a mistake where the tcb field is not restored to the real tcb upon thread entry.