dlfcn: Failures after dlmopen should not terminate process [BZ #15271]

Commit 9e78f6f6e7 ("Implement
_dl_catch_error, _dl_signal_error in libc.so [BZ #16628]") has the
side effect that distinct namespaces, as created by dlmopen, now have
separate implementations of the rtld exception mechanism.  This means
that the call to _dl_catch_error from libdl in a secondary namespace
does not actually install an exception handler because the
thread-local variable catch_hook in the libc.so copy in the secondary
namespace is distinct from that of the base namepace.  As a result, a
dlsym/dlopen/... failure in a secondary namespace terminates the process
with a dynamic linker error because it looks to the exception handler
mechanism as if no handler has been installed.

Backport notes: GLRO (dl_catch_error) is replaced with
_dl_catch_error_ptr to preserve _rtld_global_ro layout.

(cherry picked from commit b2964eb1d9)

NEWS

@@ -15,6 +15,7 @@ Major new features:
 
 The following bugs are resolved with this release:
 
+  [15271] dlfcn function failure after dlmopen terminates process
   [18435] pthread_once hangs when init routine throws an exception
   [23462] Static binary with dynamic string tokens ($LIB, $PLATFORM, $ORIGIN)
     crashes

dlfcn/dlerror.c

@@ -167,8 +167,17 @@ _dlerror_run (void (*operate) (void *), void *args)
       result->errstring = NULL;
     }
 
-  result->errcode = _dl_catch_error (&result->objname, &result->errstring,
-				     &result->malloced, operate, args);
+#ifdef SHARED
+  result->errcode = _dl_catch_error_ptr (&result->objname,
+					 &result->errstring,
+					 &result->malloced,
+					 operate, args);
+#else
+  result->errcode = _dl_catch_error (&result->objname,
+				     &result->errstring,
+				     &result->malloced,
+				     operate, args);
+#endif
 
   /* If no error we mark that no error string is available.  */
   result->returned = result->errstring == NULL;

elf/Makefile

@@ -226,7 +226,8 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-audit14 tst-audit15 tst-audit16 \
 	 tst-single_threaded tst-single_threaded-pthread \
 	 tst-tls-ie tst-tls-ie-dlmopen argv0test \
-	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask
+	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
+	 tst-dlmopen-dlerror
 #	 reldep9
 tests-internal += loadtest unload unload2 circleload1 \
 	 neededtest neededtest2 neededtest3 neededtest4 \
@@ -348,6 +349,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		libmarkermod2-1 libmarkermod2-2 \
 		libmarkermod3-1 libmarkermod3-2 libmarkermod3-3 \
 		libmarkermod4-1 libmarkermod4-2 libmarkermod4-3 libmarkermod4-4 \
+		tst-dlmopen-dlerror-mod \
 
 # Most modules build with _ISOMAC defined, but those filtered out
 # depend on internal headers.
@@ -1583,6 +1585,10 @@ $(objpfx)tst-sonamemove-dlopen.out: \
   $(objpfx)tst-sonamemove-runmod1.so \
   $(objpfx)tst-sonamemove-runmod2.so
 
+$(objpfx)tst-dlmopen-dlerror: $(libdl)
+$(objpfx)tst-dlmopen-dlerror-mod.so: $(libdl) $(libsupport)
+$(objpfx)tst-dlmopen-dlerror.out: $(objpfx)tst-dlmopen-dlerror-mod.so
+
 # Override -z defs, so that we can reference an undefined symbol.
 # Force lazy binding for the same reason.
 LDFLAGS-tst-latepthreadmod.so = \

elf/Versions

@@ -72,7 +72,7 @@ ld {
 
     # Internal error handling support.  Interposed by libc.so.
     _dl_signal_exception; _dl_catch_exception;
-    _dl_signal_error; _dl_catch_error;
+    _dl_signal_error; _dl_catch_error; _dl_catch_error_ptr;
 
     # Set value of a tunable.
     __tunable_get_val;

elf/dl-error-skeleton.c

@@ -248,4 +248,19 @@ _dl_receive_error (receiver_fct fct, void (*operate) (void *), void *args)
   catch_hook = old_catch;
   receiver = old_receiver;
 }
+
+/* Forwarder used for initializing _dl_catch_error_ptr.  */
+int
+_rtld_catch_error (const char **objname, const char **errstring,
+		   bool *mallocedp, void (*operate) (void *),
+		   void *args)
+{
+  /* The reference to _dl_catch_error will eventually be relocated to
+     point to the implementation in libc.so.  */
+  return _dl_catch_error (objname, errstring, mallocedp, operate, args);
+}
+
+__typeof (_dl_catch_error) *_dl_catch_error_ptr = _rtld_catch_error;
+rtld_hidden_data_def (_dl_catch_error_ptr);
+
 #endif /* DL_ERROR_BOOTSTRAP */

elf/rtld.c

@@ -380,7 +380,6 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
 extern struct rtld_global_ro _rtld_local_ro
     __attribute__ ((alias ("_rtld_global_ro"), visibility ("hidden")));
 
-
 static void dl_main (const ElfW(Phdr) *phdr, ElfW(Word) phnum,
 		     ElfW(Addr) *user_entry, ElfW(auxv_t) *auxv);
 

elf/tst-dlmopen-dlerror-mod.c

@@ -0,0 +1,41 @@
+/* Check that dlfcn errors are reported properly after dlmopen.  Test module.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <dlfcn.h>
+#include <stddef.h>
+#include <support/check.h>
+
+/* Note: This object is not linked into the main program, so we cannot
+   use delayed test failure reporting via TEST_VERIFY etc., and have
+   to use FAIL_EXIT1 (or something else that calls exit).  */
+
+void
+call_dlsym (void)
+{
+  void *ptr = dlsym (NULL, "does not exist");
+  if (ptr != NULL)
+    FAIL_EXIT1 ("dlsym did not fail as expected");
+}
+
+void
+call_dlopen (void)
+{
+  void *handle = dlopen ("tst-dlmopen-dlerror does not exist", RTLD_NOW);
+  if (handle != NULL)
+    FAIL_EXIT1 ("dlopen did not fail as expected");
+}

elf/tst-dlmopen-dlerror.c

@@ -0,0 +1,37 @@
+/* Check that dlfcn errors are reported properly after dlmopen.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stddef.h>
+#include <support/check.h>
+#include <support/xdlfcn.h>
+
+static int
+do_test (void)
+{
+  void *handle = xdlmopen (LM_ID_NEWLM, "tst-dlmopen-dlerror-mod.so",
+                           RTLD_NOW);
+  void (*call_dlsym) (void) = xdlsym (handle, "call_dlsym");
+  void (*call_dlopen) (void) = xdlsym (handle, "call_dlopen");
+
+  call_dlsym ();
+  call_dlopen ();
+
+  return 0;
+}
+
+#include <support/test-driver.c>

sysdeps/generic/ldsodefs.h

@@ -893,6 +893,17 @@ extern int _dl_catch_error (const char **objname, const char **errstring,
 			    void *args);
 libc_hidden_proto (_dl_catch_error)
 
+
+/* libdl in a secondary namespace (after dlopen) must use
+   _dl_catch_error from the main namespace, so it has to be exported
+   in some way.  Initialized to _rtld_catch_error in rtld.c.  Not in
+   _rtld_global_ro to preserve structure layout.  */
+extern __typeof (_dl_catch_error) *_dl_catch_error_ptr attribute_relro;
+rtld_hidden_proto (_dl_catch_error_ptr)
+
+/* Used for initializing _dl_catch_error_ptr.  */
+extern __typeof__ (_dl_catch_error) _rtld_catch_error attribute_hidden;
+
 /* Call OPERATE (ARGS).  If no error occurs, set *EXCEPTION to zero.
    Otherwise, store a copy of the raised exception in *EXCEPTION,
    which has to be freed by _dl_exception_free.  As a special case, if