On Mon, 20 May 2019 15:43:53 +0000 Szabolcs Nagy wrote: > you can verify that 0x152000 + 3608 == 0x152e18 is > indeed a GOT entry (falls into .got) and there is a > > 0000000000152e18 R_AARCH64_TLS_TPREL64 *ABS*+0x0000000000000010
There are a couple of other TLS variables in malloc, and I suspect this is one of them, where it is actually looking at tcache_shutting_down (verified with debug info and disassembly), it is simply using the tpidr_el0 value still laying around in the register from the 1st TLS reference and loading tcache_shutting_down from an offset which appears for all the world to simply be hard coded, no GOT reference involved. I suppose at some point I'll be forced to understand how to build glibc from the ubuntu source package so I can see exactly what options and ifdefs are used and check the relocations in the malloc.o file from before it is incorporated with libc.so