1468807 – glibc: Support broken applications which call __tls_get_addr with an unaligned stack (GCC bug workaround)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1468807 - glibc: Support broken applications which call __tls_get_addr with an unaligned stack (GCC bug workaround)

Summary: glibc: Support broken applications which call __tls_get_addr with an unaligne...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	7.4
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Florian Weimer
QA Contact:	Sergey Kolosov
Docs Contact:
URL:
Whiteboard:
Depends On:	1440287
Blocks:	1473718
TreeView+	depends on / blocked

Reported:	2017-07-08 08:10 UTC by Florian Weimer
Modified:	2018-04-10 14:01 UTC (History)
CC List:	6 users (show)
Fixed In Version:	glibc-2.17-210.el7
Doc Type:	Enhancement
Doc Text:	Feature: In the slow path of the implementation of __tls_get_addr function in glibc, the stack is automatically aligned as needed. Reason: A bug in the GCC compiler for the x86-64 architecture could sometimes result in a call to the __tls_get_addr function with a misaligned stack, violating ABI requirements. This could result in crashes during TLS access, particularly if an interposed custom malloc is used. Result: Binaries compiled with GCC which suffer from this ABI compliance issue work as expected, even with an interposed custom malloc.
Clone Of:	1440287
Environment:
Last Closed:	2018-04-10 14:00:52 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
GNU Compiler Collection	58066	None	None	None	2017-07-08 08:10:41 UTC
Red Hat Bugzilla	1468808	unspecified	CLOSED	gcc: Call __tls_get_addr with a properly aligned stack on x86-64	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2018:0805	None	None	None	2018-04-10 14:01:54 UTC
Sourceware	21609	None	None	None	2017-07-08 08:10:41 UTC

Internal Links: 1468808

Description Florian Weimer 2017-07-08 08:10:42 UTC

We should consider fixing this in Red Hat Enterprise Linux as well because it is visible with an interposed malloc (which could use vector instructions; the main malloc code in glibc does not when compiled with the system compiler).

+++ This bug was initially created as a clone of Bug #1440287 +++

Description of problem:
Every 64bit game that uses Unity (the game engine) won't start on Fedora 26 (deadlocks on a black screen). 32bit games work fine.

[…]

--- Additional comment from Nicholas Miell on 2017-06-17 20:42:52 CEST ---

I'm seeing similar Unity hangs, except the sequence of events is:

1. Thread attempts to lazy init a TLS variable.
2. There is a SIGSEGV in _int_malloc() on a movaps %xmm0,(%rsp) instruction because RSP is misaligned due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58066
3. The Mono SIGSEGV handler gets called.
4. The SIGSEGV handler attempts to lazy init a TLS variable.
5. malloc deadlocks.

LD_PRELOADing the following simple stub fixes the affected Unity games:

#include <dlfcn.h>

__attribute__((force_align_arg_pointer)) void *__tls_get_addr (void *ti)
{
	void *(*tga)(void*) = dlsym(RTLD_NEXT, "__tls_get_addr");

	return tga(ti);
}

Why doesn't glibc's __tls_get_addr() have this attribute to deal with this gcc bug?

--- Additional comment from Nicholas Miell on 2017-06-17 20:46:21 CEST ---

Actually, the stack traces I'm seeing are literally identical to comment #0, except the signal is definitely SIGSEGV (from a MOVAPS instruction), not SIGPWR (from Mono's garbage collector).

--- Additional comment from Nicholas Miell on 2017-06-17 21:05 CEST ---

unzip align-tls-get-addr.zip
cd align-tls-get-addr
meson BUILD
ninja -C BUILD
LD_PRELOAD=$(pwd)/BUILD/tls_get_addr.so /path/to/bug1440287/repro.x86_64

For Steam, Set Launch Options to LD_PRELOAD=/full/path/to/align-tls-get-addr/BUILD/tls_get_addr.so %command%

--- Additional comment from Nicholas Miell on 2017-06-18 06:44 CEST ---

A proposed patch for glibc.

--- Additional comment from Florian Weimer on 2017-06-18 11:14:28 CEST ---

Thanks for tracking this down.  We will likely use a different approach upstream, involving a compatibility symbol for future glibc versions, and use a sysdeps override for backports.

--- Additional comment from Florian Weimer on 2017-06-29 15:55:49 CEST ---

Upstream patch posted for review: https://sourceware.org/ml/libc-alpha/2017-06/msg00922.html

[…]

Comment 1 Florian Weimer 2017-07-08 08:11:55 UTC

Final upstream commit:

commit 031e519c95c069abe4e4c7c59e2b4b67efccdee5
Author: H.J. Lu <hjl.tools>
Date:   Thu Jul 6 04:43:06 2017 -0700

    x86-64: Align the stack in __tls_get_addr [BZ #21609]

Comment 8 errata-xmlrpc 2018-04-10 14:00:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0805

Note You need to log in before you can comment on or make changes to this bug.