lib/59107: libc constructors on arm use malloc

[martin%NetBSD.org@localhost]

>Number:         59107
>Category:       lib
>Synopsis:       libc constructors on arm use malloc
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 26 13:55:00 +0000 2025
>Originator:     Martin Husemann
>Release:        NetBSD 10.99.12
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD unpluged.duskware.de 10.99.12 NetBSD 10.99.12 (UNPLUGED) #627: Mon Feb 24 11:21:12 CET 2025 martin%seven-days-to-the-wolves.aprisoft.de@localhost:/work/src/sys/arch/evbarm/compile/UNPLUGED evbarm
Architecture: earmv5
Machine: evbarm
>Description:

libc on arm uses a constructor to query hardware options (like FPU present).
This is bad, as malloc() internals may not be fully initialized at this time.

#0  0xbbe30544 in __aeabi_read_tp () from /lib/libc.so.12
#1  0xbbd9295c in te_malloc_fastpath_ctx (threshold=<optimized out>, 
    allocated=<optimized out>, tsd=<optimized out>)
    at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/sz.h:191
#2  imalloc_fastpath (fallback_alloc=0xbbd91e58 <malloc_default>, size=768)
    at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/jemalloc_internal_inlines_c.h:291
#3  malloc (size=768)
    at /work/src/external/bsd/jemalloc/lib/../dist/src/jemalloc.c:2773
#4  0xbbe1bc88 in ___learn_tree (name=0xbfffe4ec, name@entry=0x0, 
    namelen=namelen@entry=0, pnode=pnode@entry=0xbbe831e8 <sysctl_mibroot>)
    at /work/src/lib/libc/gen/sysctlgetmibinfo.c:290
#5  0xbbe1c52c in sysctlgetmibinfo_unlocked (gname=<optimized out>, 
    gname@entry=0xbbe35d14 "machdep.fpu_present", iname=0xbfffe734, 
    iname@entry=0xbfffe738, namelenp=0xbfffe4ec, namelenp@entry=0xbfffe734, 
    cname=cname@entry=0x0, csz=0x0, csz@entry=0xbbefe5a0 <auxinfo>, rnode=0x0, 
    rnode@entry=0xbbd41d74 <_sysctlbyname+52>, v=16777216, v@entry=0)
    at /work/src/lib/libc/gen/sysctlgetmibinfo.c:533
#6  0xbbe1c914 in _sysctlgetmibinfo (gname=0xbbe35d14 "machdep.fpu_present", 
    iname=iname@entry=0xbfffe738, namelenp=0xbfffe734, 
    namelenp@entry=0xbfffe72c, cname=cname@entry=0x0, csz=csz@entry=0x0, 
    rnode=rnode@entry=0x0, v=v@entry=16777216)
    at /work/src/lib/libc/gen/sysctlgetmibinfo.c:398
#7  0xbbd41d74 in _sysctlbyname (gname=<optimized out>, 
    oldp=oldp@entry=0xbbe881b4 <_libc_arm_fpu_present>, 
    oldlenp=oldlenp@entry=0xbfffe78c, newp=newp@entry=0x0, 
    newlen=newlen@entry=0) at /work/src/lib/libc/gen/sysctlbyname.c:62
#8  0xbbe2f304 in _libc_aapcs_init ()
    at /work/src/lib/libc/arch/arm/misc/arm_initfini.c:63
#9  0xbbef2d34 in _rtld_call_initfini_function (mask=<optimized out>, 
    func=0xbbe2f2b0 <_libc_aapcs_init>)
    at /work/src/libexec/ld.elf_so/rtld.c:152
#10 _rtld_call_init_function (cur_objgen=<optimized out>, 
    mask=<optimized out>, obj=<optimized out>)
    at /work/src/libexec/ld.elf_so/rtld.c:267
#11 _rtld_call_init_function (obj=0xbbee9c00, mask=0xbfffe818, cur_objgen=1)
    at /work/src/libexec/ld.elf_so/rtld.c:241
#12 0xbbef3040 in _rtld_call_init_functions (mask=mask@entry=0xbfffe818)
    at /work/src/libexec/ld.elf_so/rtld.c:325
#13 0xbbef3b48 in _rtld (sp=<optimized out>, relocbase=<optimized out>)
    at /work/src/libexec/ld.elf_so/rtld.c:802
#14 0xbbeec63c in _rtld_start () from /libexec/ld.elf_so



>How-To-Repeat:
see above

>Fix:
Various workarounds are possible:

 - pass info form the kernel in the ELF auxvector at exec time
   like AT_HWCAP*
 - provide a special (internal) variant of _sysctlbyname() that uses
   pre-allocated (static) rnode storage for the resolution of the MIB
   numbers
 - use a special internal malloc() variant for this early call