lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <293749719.7760.1622753873071.JavaMail.zimbra@efficios.com>
Date:   Thu, 3 Jun 2021 16:57:53 -0400 (EDT)
From:   Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To:     linux-kernel@...r.kernel.org, lttng-dev@...ts.lttng.org,
        rp@...s.cs.pdx.edu
Cc:     "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
        Stephen Hemminger <stephen@...workplumber.org>,
        Alan Stern <stern@...land.harvard.edu>,
        Lai Jiangshan <jiangshanlai@...il.com>
Subject: [RELEASE] Userspace RCU 0.13.0

Hi,

The Userspace RCU 0.13 release is mostly a library soname version bump
to address an ABI incompatibility between the 0.10 and { 0.11, 0.12 }
releases.

The observed application vs library compatibility problem occurs as follows:

- An application executable is built with _LGPL_SOURCE defined, includes
  any of the Userspace RCU 0.10 urcu flavor headers, and is built
  without the -fpic compiler option.

- The Userspace RCU 0.10 library shared objects are updated to 0.11
  or 0.12 without rebuilding the application.

- The application will hang, typically when RCU grace period
  (synchronize_rcu) is invoked.

Some possible work-arounds for this are:

- Rebuild the application against Userspace RCU 0.11+,
- Rebuild the application with -fpic.
- Upgrade Userspace RCU to 0.13+ without installing 0.11 nor 0.12.


* Explanation of the issue

In URCU 0.11, we introduced new symbols to clean up the library symbol
namespacing, using the "alias" attribute to keep emitting the old
symbols, expecting to preserve ABI backward compatibility.
Unfortunately, it turns out that even though it works well for function
symbols, it is broken for public global variables due to the way ELF
copy relocation works.

When building a non-PIC executable that uses an extern variable, a .bss
symbol is emitted in the executable. This will take precedence over the
symbol implemented within the library in the Global Symbol Table.
Unfortunately, the alias within the library will not be aware that the
actual GST symbol differs from its alias within the library, and the
addresses for the symbol and its alias will differ at runtime.

Considering that this compatibility issue affects official library
releases, there is little we can do beyond documenting this issue, and
bumping the Userspace RCU major soname for the next (0.13) release.

In summary, do not upgrade from Userspace RCU 0.10 to 0.11 or 0.12 if 
you have applications which:

- define _LGPL_SOURCE
- use Userspace RCU 0.10 headers
- are not compiled with -fpic

We recommend instead to upgrade to Userspace RCU 0.13, which bumps the
library soname major number.

Thanks,

Mathieu

Project website: http://liburcu.org
Git repository: git://git.liburcu.org/urcu.git

-- 
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ