Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1326903

Summary: "fork" resolves to NULL with -lpthread -l$user_with_DT_BIND_NOW
Product: [Fedora] Fedora Reporter: Miloslav Trmač <mitr>
Component: glibcAssignee: Florian Weimer <fweimer>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: arjun.is, codonell, dj, fweimer, jakub, law, mfabian, pfrankli, siddhesh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glibc-2.23.90-19.fc25, glibc-2.23.1-8.fc24, glibc-2.22-17.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-18 19:15:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
foo.c
none
myso.c none

Description Miloslav Trmač 2016-04-13 17:55:31 UTC 
Created attachment 1146922 [details]
foo.c

Version-Release number of selected component (if applicable):
glibc-2.22-11.fc23.x86_64
gpgme-1.4.3-6.fc23.x86_64

How reproducible:
With the attachment,
> $ gcc -Wall -Wextra -O2 foo.c -lpthread -lgpgme
> $ ./a.out 
>Segmentation fault (core dumped)

> gdb ./a.out; # r; up; disassemble …
>   0x00007ffff79ab760 <+320>:	callq  0x7ffff798e3f0 <fork@plt>
> (gdb) disassemble 0x7ffff798e3f0
>Dump of assembler code for function fork@plt:
>   0x00007ffff798e3f0 <+0>:	jmpq   *0x22fb82(%rip)        # 0x7ffff7bbdf78 <fork>
>   0x00007ffff798e3f6 <+6>:	pushq  $0x8a
>   0x00007ffff798e3fb <+11>:	jmpq   0x7ffff798db40
> (gdb) x/a 0x7ffff7bbdf78
> 0x7ffff7bbdf78 <fork>:	0x0

This depends on -lpthread being before -lgpgme: This does not crash when -lpthread is removed, when the order is switched (-lgpgme -lpthread), or when -pthread is used (which effectively moves -lpthread to the end).

AFAICS this happens because a.out's DT_NEEDED are in the order of [libpthread; libgpgme; libc], and relocation happens in reverse order, i.e. libgpgme is relocated before libpthread, and libgpgme.so has DT_BIND_NOW set.

Therefore, gpgme’s relocation includes relocation of gpgme:fork, which is resolved to libpthread’s fork_resolve ifunc; in turn, this ifunc is immediately called, returning an entry from libpthread’s GOT for __libc_fork ­— but libpthread has not been relocated yet, so libpthread:__libc_fork@got is NULL, so libgpgme:fork is set to NULL as well. (Without DT_BIND_NOW, gpgme:fork would be lazily resolve after libpthread:__libc_fork@got is correctly relocated.)


This does not crash on F22 with
> glibc-2.21-13.fc22.x86_64
> gpgme-1.4.3-5.fc22.x86_64
One reason is that gpgme is not compiled with DT_BIND_NOW in this version, but apparently the primary difference is glibc: with a stub gpgme replacement (attached):
> gcc -shared -Wl,-z,now -Wall -Wextra -fPIC -o libmyso.so myso.c
> gcc -Wall -Wextra -O2 foo.c -lpthread ./libmyso.so 
> ./a.out
crashes on F23, but not on F22.


AFAICS there is no official documentation to suggest that adding -lpthread is unsupported: (info gcc) only documents -pthread; in fact c99(1P) explicitly documents “-l pthread” as the portable way to
Comment 1 Miloslav Trmač 2016-04-13 17:55:57 UTC 
Created attachment 1146923 [details]
myso.c
Comment 2 Florian Weimer 2016-04-13 18:06:45 UTC 
This is a known issue (see the upstream bug).  We can fix fork easily enough, but a fix for vfork may be more difficult.
Comment 3 Fedora Update System 2016-06-02 12:31:07 UTC 
glibc-2.23.1-8.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c5d606035
Comment 4 Fedora Update System 2016-06-03 06:54:24 UTC 
glibc-2.22-17.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b2dfb591cd
Comment 5 Fedora Update System 2016-06-03 09:26:54 UTC 
glibc-2.23.1-8.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c5d606035
Comment 6 Fedora Update System 2016-06-03 16:26:54 UTC 
glibc-2.22-17.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b2dfb591cd
Comment 7 Fedora Update System 2016-06-07 01:23:43 UTC 
glibc-2.22-17.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2016-06-18 18:49:29 UTC 
glibc-2.23.1-8.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.