[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15584 [Torsocks]: Linking libtorsocks with libtcmalloc results in SIGSEGV
#15584: Linking libtorsocks with libtcmalloc results in SIGSEGV
-------------------------+-------------------------------------------------
Reporter: post- | Owner: dgoulet
factum | Status: new
Type: defect | Milestone:
Priority: normal | Version:
Component: | Keywords: sigsegv libtcmalloc libtorsocks
Torsocks | torsocks ld_preload
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by yawning):
This is where it crashes:
{{{
tsocks_close (fd=3) at ../../../src/lib/close.c:56
56 return tsocks_libc_close(fd);
(gdb) p tsocks_libc_close
$6 = (int (*)(int)) 0x0
}}}
And this is what the rest of the stack trace looks like:
{{{
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff79863a5 in ReadIntFromFile (
file=file@entry=0x7ffff79942c8
"/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq",
value=value@entry=0x7fffffffe0a4) at ../src/base/sysinfo.cc:270
#2 0x00007ffff7986c4f in InitializeSystemInfo () at
../src/base/sysinfo.cc:321
#3 0x00007ffff7986e49 in NumCPUs () at ../src/base/sysinfo.cc:506
#4 0x00007ffff79693f9 in SpinLock_InitHelper (this=<optimized out>)
at ../src/base/spinlock.cc:63
#5 __static_initialization_and_destruction_0 (__initialize_p=1,
__priority=65535) at ../src/base/spinlock.cc:72
#6 _GLOBAL__sub_I_spinlock.cc(void) () at ../src/base/spinlock.cc:183
#7 0x00007ffff7dea1fa in call_init.part () from /lib64/ld-
linux-x86-64.so.2
#8 0x00007ffff7dea30b in _dl_init () from /lib64/ld-linux-x86-64.so.2
#9 0x00007ffff7ddbdba in _dl_start_user () from /lib64/ld-
linux-x86-64.so.2
#10 0x0000000000000001 in ?? ()
#11 0x00007fffffffe8c1 in ?? ()
#12 0x0000000000000000 in ?? ()
}}}
That pointer is set via `init_libc_symbols()` called from `tsocks_init()`,
which has the GCC `constructor` attribute. Per the GCC documentation:
The priorities for constructor and destructor functions are the same as
those specified for namespace-scope C++ objects (see C++ Attributes).
What is happening is that tcmalloc does file I/O with libc calls that
torsocks usually hijacks when initializing a static namespace scope object
(before libtorsocks is initialized), and SIGSEGVs.
How to fix this:
* Option 1: Fixing `ReadIntFromFile()` and `VDSOSupport::Init()` appear
to make this work on a Linux system, but other platforms probably require
additional changes. See attached patch.
* Option 2: The torsocks code could probably be changed to use
pthread_once instead of relying on the ctor to initialize (or something
similar), but I'm not sure if dgoulet has the time for that.
Attempting to force the tsocks initialization routine to be called before
tcmalloc's static constructors by setting the priority to something really
low didn't appear to work.
I'm not sure which option is better, and it's not really a bug in either
codebase.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15584#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs