Bug#292673: marked as done (NPTL vs. LinuxThread sizeof(struct pthread) conflict causes memory corruption)
Your message dated Sat, 16 Apr 2005 09:17:24 -0400
with message-id <E1DMnAq-0002VK-00@newraff.debian.org>
and subject line Bug#292673: fixed in glibc 2.3.2.ds1-21
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Jan 2005 18:12:43 +0000
>From dannf@hp.com Fri Jan 28 10:12:43 2005
Return-path: <dannf@hp.com>
Received: from atlrel7.hp.com [156.153.255.213]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cuabr-0007Rn-00; Fri, 28 Jan 2005 10:12:43 -0800
Received: from smtp2.fc.hp.com (smtp.fc.hp.com [15.15.136.253])
by atlrel7.hp.com (Postfix) with ESMTP id 8D5F25A5D
for <submit@bugs.debian.org>; Fri, 28 Jan 2005 13:12:42 -0500 (EST)
Received: from ldl.fc.hp.com (ldl.fc.hp.com [15.11.146.30])
by smtp2.fc.hp.com (Postfix) with ESMTP
id 0957D41EA96; Fri, 28 Jan 2005 11:12:37 -0700 (MST)
Received: from localhost (localhost [127.0.0.1])
by ldl.fc.hp.com (Postfix) with ESMTP id DD9D01341F2;
Fri, 28 Jan 2005 11:12:36 -0700 (MST)
Received: from ldl.fc.hp.com ([127.0.0.1])
by localhost (ldl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 16696-03; Fri, 28 Jan 2005 11:12:36 -0700 (MST)
Received: from krebs.dannf (lart.fc.hp.com [15.11.146.31])
by ldl.fc.hp.com (Postfix) with ESMTP id 152061341EB;
Fri, 28 Jan 2005 11:12:36 -0700 (MST)
Subject: NPTL vs. LinuxThread sizeof(struct pthread) conflict causes memory
corruption
From: dann frazier <dannf@hp.com>
To: submit@bugs.debian.org, davidm@hpl.hp.com
Cc: ahs3@fc.hp.com
In-Reply-To: <200501281748.j0SHmbuf005192@napali.hpl.hp.com>
References: <200501281748.j0SHmbuf005192@napali.hpl.hp.com>
Content-Type: text/plain
Date: Fri, 28 Jan 2005 11:14:11 -0700
Message-Id: <1106936051.28727.20.camel@krebs.dannf>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at ldl.fc.hp.com
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: glibc
Severity: grave
Tags: sarge
On Fri, 2005-01-28 at 09:48 -0800, David Mosberger wrote:
> Hi Dann,
>
> I don't seem to be getting much traction in getting the NPTL ld.so bug
> resolved. I posted a glibc bug-report:
>
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=685
<Including report inline here>
Several of us noticed that evolution on Debian/unstable sometimes
crashes early
during program startup. It turns out that the crash is due to memory
corruption. In one particular case, the memory that got corrupted was in the
address range:
0x2000000002daff10-0x2000000002daff1f
which happened to hold the function descriptors for shared library linkage stubs
("jump slots"). Of relevance was that the thread-pointer (r13) had the value:
0x2000000002db0500
The corruption was caused by any NPTL routine trying to access the
thread-descriptor, since NPTL uses a "struct pthread" of size 1680 bytes (0x690).
I believe the problem is due to the fact that /lib/ld-linux-ia64.so.2 was built
for Linux Threads, which uses a thread descriptor size of 0x500. Note that
sysdeps/generic/dl-tls.c has several references to TLS_PRE_TCB_SIZE for the case
where TLS_DTV_AT_TP is defined. In other words, ld.so ends up having a
dependency on the size of the thread-descriptor. Sure enough, if I invoke
evolution like this:
/lib/tls/ld-linux-ia64.so.2 evolution
it works just fine.
My understanding is that /lib/ld-linux-ia64.so.2 should work for both NPTL and
LinuxThreads libraries and the dependency on the size of the thread-descriptor
is accidental.
I believe this same bug may affect Alpha, PowerPC, and SH.
For Alpha, I found this bug report, which sounds potentially related:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=299
>
> and sent a mail to libc-hacker:
>
> http://sources.redhat.com/ml/libc-hacker/2005-01/msg00071.html
>
> and there has been no response whatsoever so far. I'm not sure what
> the original authors had in mind here, so I'm not sure what the proper
> way is to fix this problem.
>
> A stop-gap solution might be to just do:
>
> # mv /lib/tls/ld-2.3.2.so /lib/
>
> I did this on my Debian/unstable system and it seems to work just
> fine. I did verify beforehand that the two versions of ld-2.3.2 do
> export the exact same set of symbols, so this ought to be fairly safe.
> It works around the bug since the NPTL value of TLS_PRE_TCB_SIZE is
> bigger than that for LinuxThreads.
>
> Perhaps this should be the recommended workaround for Debian for the
> time being?
I'm CC'ing Al Stone - maybe he has a suggestion with how to interact w/
glibc upstream, or what the proper fix may be. I'm filing this bug as
release critical, given it causes memory corruption on potentially 4
architectures. If the glibc maintainers disagree, I'm sure they'll
downgrade.
---------------------------------------
Received: (at 292673-close) by bugs.debian.org; 16 Apr 2005 13:24:17 +0000
>From katie@ftp-master.debian.org Sat Apr 16 06:24:17 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DMnHV-0003IC-00; Sat, 16 Apr 2005 06:24:17 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DMnAq-0002VK-00; Sat, 16 Apr 2005 09:17:24 -0400
From: GOTO Masanori <gotom@debian.org>
To: 292673-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#292673: fixed in glibc 2.3.2.ds1-21
Message-Id: <E1DMnAq-0002VK-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Sat, 16 Apr 2005 09:17:24 -0400
Delivered-To: 292673-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: glibc
Source-Version: 2.3.2.ds1-21
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:
glibc-doc_2.3.2.ds1-21_all.deb
to pool/main/g/glibc/glibc-doc_2.3.2.ds1-21_all.deb
glibc_2.3.2.ds1-21.diff.gz
to pool/main/g/glibc/glibc_2.3.2.ds1-21.diff.gz
glibc_2.3.2.ds1-21.dsc
to pool/main/g/glibc/glibc_2.3.2.ds1-21.dsc
libc6-dbg_2.3.2.ds1-21_i386.deb
to pool/main/g/glibc/libc6-dbg_2.3.2.ds1-21_i386.deb
libc6-dev_2.3.2.ds1-21_i386.deb
to pool/main/g/glibc/libc6-dev_2.3.2.ds1-21_i386.deb
libc6-i686_2.3.2.ds1-21_i386.deb
to pool/main/g/glibc/libc6-i686_2.3.2.ds1-21_i386.deb
libc6-pic_2.3.2.ds1-21_i386.deb
to pool/main/g/glibc/libc6-pic_2.3.2.ds1-21_i386.deb
libc6-prof_2.3.2.ds1-21_i386.deb
to pool/main/g/glibc/libc6-prof_2.3.2.ds1-21_i386.deb
libc6-udeb_2.3.2.ds1-21_i386.udeb
to pool/main/g/glibc/libc6-udeb_2.3.2.ds1-21_i386.udeb
libc6_2.3.2.ds1-21_i386.deb
to pool/main/g/glibc/libc6_2.3.2.ds1-21_i386.deb
libnss-dns-udeb_2.3.2.ds1-21_i386.udeb
to pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-21_i386.udeb
libnss-files-udeb_2.3.2.ds1-21_i386.udeb
to pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-21_i386.udeb
locales_2.3.2.ds1-21_all.deb
to pool/main/g/glibc/locales_2.3.2.ds1-21_all.deb
nscd_2.3.2.ds1-21_i386.deb
to pool/main/g/glibc/nscd_2.3.2.ds1-21_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 292673@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
GOTO Masanori <gotom@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 14 Feb 2005 09:26:26 +0900
Source: glibc
Binary: libc6-i686 libc0.3-pic glibc-doc libc1-udeb libc0.3 libc6.1-dev libc1-pic libc6-s390x libnss-files-udeb libc1-dbg libc6-dev-sparc64 libc0.3-dev libc6-udeb libc6-dbg libc6.1-pic libc6-dev libc0.3-prof libc6-sparcv9 libc6.1-prof libc1 locales libc6-pic libc0.3-udeb libc1-prof libc0.3-dbg libc6-prof libc6 libc6-sparcv9b libc6.1-udeb libc6.1-dbg nscd libc6-sparc64 libnss-dns-udeb libc6.1 libc1-dev libc6-dev-s390x
Architecture: source i386 all
Version: 2.3.2.ds1-21
Distribution: unstable
Urgency: high
Maintainer: GOTO Masanori <gotom@debian.org>
Changed-By: GOTO Masanori <gotom@debian.org>
Description:
glibc-doc - GNU C Library: Documentation
libc6 - GNU C Library: Shared libraries and Timezone data
libc6-dbg - GNU C Library: Libraries with debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files
libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
libc6-pic - GNU C Library: PIC archive library
libc6-prof - GNU C Library: Profiling Libraries
libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
locales - GNU C Library: National Language (locale) data [support]
nscd - GNU C Library: Name Service Cache Daemon
Closes: 182981 219352 264920 265678 292013 292673 294444 294816 295118 295457 297769 300943 303478 303816 304257 304668
Changes:
glibc (2.3.2.ds1-21) unstable; urgency=high
.
* GOTO Masanori <gotom@debian.org>
.
- debian/patches/linuxthreads-sizefix.dpatch: Fix ia64 TLS_PRE_TCB_SIZE
alignment where TLS_DTV_AT_TP is defined between linuxthreads and nptl.
It breaks evolution on ia64 linuxthreads ld.so + nptl environment.
(Closes: #292673)
- debian/patches/glibc232-sigsetjmp.dpatch: Fix gcc-4.0 compilation
breakage on amd64. (Closes: #295457)
- debian/debhelper.in/libc.manpages: Add tzconfig.8. Reported by Matthijs
Mohlmann <matthijs@cacholong.nl>. (Closes: #182981)
- debian/patches/90_glibc232-timezones.dpatch: Update to tzdata2005h.
- debian/patches/hurd-weak-aliases.dpatch: Add to fix undefined references
to build putty on Hurd, patched by Michael Banck <mbanck@debian.org>.
(Closes: #295118)
- debian/debhelper.in/libc.preinst: Fix typo, proofreading.
(Closes: #294816, #303478)
- debian/rules: Bump up shlib_dep_ver 2.3.2.ds1-21. It's required by
adding GLIBC_2.3.4 symbol.
.
- Bastian Blank <waldi@debian.org>:
- debian/patches/sched-update.dpatch: Update sched_[gs]et_affinity to
new interface and library version. Add GLIBC_2.3.4 versioned symbol
for new interface. (Closes: #297769)
- Jeff Bailey <jbailey@raspberryginger.com>:
- debian/patches/glibc232-tls-crashfix.dpatch: Fix tls assertion that
crashes xmms/nvidia. (Closes: #219352)
- debian/patches/glibc232-pthread-cancellation.dpatch: Fix pthread
cancellation bug that causes JVM lockups. (Closes: #300943)
- Denis Barbier <barbier@debian.org>:
- debian/debhelper.in/libc.preinst: Add export LC_ALL=C like
libc.postinst, it corrects some locale dependent behavior,
especially for `tr'. (Closes: #304257)
- Lars Wirzenius <liw@iki.fi>:
- debian/local/manpages/iconv.1: Escape hyphens for Unicode
environments. (Closes: #292013)
- Emilian Nowak <emil5@go2.pl>:
- debian/po/pl.po: Add Polish debconf translation. (Closes: #294444)
- Matti Polla <mpo@iki.fi>:
- debian/po/fi.po: Add Finnish debconf translation. (Closes: #303816)
- Khalid Aziz <khalid_aziz@hp.com>:
- debian/patches/glibc232-clock_settime.dpatch: Fix clock_settime
always fails with EINVAL. (Closes: #304668)
- Thiemo Seufer <ths@debian.org>:
- debian/patches/glibc23-mips-lazy-eval.dpatch: Workaround fix for
broken symbol resolving of lazy evaluation stubs on mips/mipsel,
that causes fakeroot breakage. (Closes: #265678, #264920)
Files:
c68cd4ae91be6b9b6a087cd691726d42 1725 libs required glibc_2.3.2.ds1-21.dsc
d3e90d31845cb5df45c07fed6d85fc3d 1783892 libs required glibc_2.3.2.ds1-21.diff.gz
066cc175adbb429b371a55abb4c5c551 3166896 doc optional glibc-doc_2.3.2.ds1-21_all.deb
6f4197d090f8daa7db57a305a1666553 3984332 base standard locales_2.3.2.ds1-21_all.deb
f85258f6f37716e0243659f74d5e6af9 4901150 base required libc6_2.3.2.ds1-21_i386.deb
aa70d271dd92cab4038826505b0dd060 2533234 libdevel standard libc6-dev_2.3.2.ds1-21_i386.deb
2536c0ab2b58cb09474aad229fd8bba9 2014912 libdevel extra libc6-prof_2.3.2.ds1-21_i386.deb
d8b9ef9a65416d1215c68593226e40b5 1036998 libdevel optional libc6-pic_2.3.2.ds1-21_i386.deb
39c51f15126543236f5700390db1681f 959450 libs extra libc6-i686_2.3.2.ds1-21_i386.deb
572479d750a808ec729cdd475c6f48c3 92676 admin optional nscd_2.3.2.ds1-21_i386.deb
7faf60c947d73331a7e8753188b14a16 10234092 libdevel extra libc6-dbg_2.3.2.ds1-21_i386.deb
3e0e01f0e801c3b15231ba80042191d7 719300 debian-installer extra libc6-udeb_2.3.2.ds1-21_i386.udeb
9b953fe85a74aec52e05c7f0ea22ca11 7724 debian-installer extra libnss-dns-udeb_2.3.2.ds1-21_i386.udeb
0e6efc90404ac8026eca354e011bb3d0 13740 debian-installer extra libnss-files-udeb_2.3.2.ds1-21_i386.udeb
package-type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCYQXbqIqasIZIJsMRAi//AJ9lXH39wkkqkgLNcsGOtOXz2ICugwCfaKYl
6QOMUYp4EWP2+YIZwPOqjWY=
=pXdx
-----END PGP SIGNATURE-----
Reply to: