When audit modules are loaded, ld.so initialization is not yet
complete, and rtld_active () returns false even though ld.so is
mostly working. Instead, the static dlopen hook is used, but that
does not work at all because this is not a static dlopen situation.
Commit 466c1ea15f ("dlfcn: Rework
static dlopen hooks") moved the hook pointer into _rtld_global_ro,
which means that separate protection is not needed anymore and the
hook pointer can be checked directly.
The guard for disabling libio vtable hardening in _IO_vtable_check
should stay for now.
Fixes commit 8e1472d2c1 ("ld.so:
Examine GLRO to detect inactive loader [BZ #20204]").
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit 8dcb6d0af0)
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
They are no longer needed after everything has been moved into
libc. The _dl_vsym test has to be removed because the symbol
cannot be used outside libc anymore.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Consolidate all hooks structures into a single one. There are
no static dlopen ABI concerns because glibc 2.34 already comes
with substantial ABI-incompatible changes in this area. (Static
dlopen requires the exact same dynamic glibc version that was used
for static linking.)
The new approach uses a pointer to the hooks structure into
_rtld_global_ro and initalizes it in __rtld_static_init. This avoids
a back-and-forth with various callback functions.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The symbol was moved using scripts/move-symbol-to-libc.py.
There is a minor functionality enhancement: dlerror now sets
errno if it was set as part of the exception. (This is the result
of using %m in asprintf, to avoid the strerror PLT call.) The
previous errno value upon function return was unpredictable.
Documenting this as a feature is premature; we need to make sure
that the error codes are meaningful when they are set by the dynamic
loader.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Calling free directly may end up freeing a pointer allocated by the
dynamic loader using malloc from libc.so in the base namespace using
the allocator from libc.so in a secondary namespace, which results in
crashes.
This commit redirects the free call through GLRO and the dynamic
linker, to reach the correct namespace. It also cleans up the dlerror
handling along the way, so that pthread_setspecific is no longer
needed (which avoids triggering bug 24774).
Commit 9e78f6f6e7 ("Implement
_dl_catch_error, _dl_signal_error in libc.so [BZ #16628]") has the
side effect that distinct namespaces, as created by dlmopen, now have
separate implementations of the rtld exception mechanism. This means
that the call to _dl_catch_error from libdl in a secondary namespace
does not actually install an exception handler because the
thread-local variable catch_hook in the libc.so copy in the secondary
namespace is distinct from that of the base namepace. As a result, a
dlsym/dlopen/... failure in a secondary namespace terminates the process
with a dynamic linker error because it looks to the exception handler
mechanism as if no handler has been installed.
This commit restores GLRO (dl_catch_error) and uses it to set the
handler in the base namespace.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
dlerror.c (__dlerror_main_freeres) will try to free resources which only
have been initialized when init () has been called. That function is
called when resources are needed using __libc_once (once, init) where
once is a __libc_once_define (static, once) in the dlerror.c file.
Trying to free those resources if init () hasn't been called will
produce errors under valgrind memcheck. So guard the freeing of those
resources using __libc_once_get (once) and make sure we have a valid
key. Also add a similar guard to __dlerror ().
* dlfcn/dlerror.c (__dlerror_main_freeres): Guard using
__libc_once_get (once) and static_bug == NULL.
(__dlerror): Check we have a valid key, set result to static_buf
otherwise.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The __libc_freeres framework does not extend to non-libc.so objects.
This causes problems in general for valgrind and mtrace detecting
unfreed objects in both libdl.so and libpthread.so. This change is
a pre-requisite to properly moving the malloc hooks out of malloc
since such a move now requires precise accounting of all allocated
data before destructors are run.
This commit adds a proper hook in libc.so.6 for both libdl.so and
for libpthread.so, this ensures that shm-directory.c which uses
freeit () to free memory is called properly. We also remove the
nptl_freeres hook and fall back to using weak-ref-and-check idiom
for a loaded libpthread.so, thus making this process similar for
all DSOs.
Lastly we follow best practice and use explicit free calls for
both libdl.so and libpthread.so instead of the generic hook process
which has undefined order.
Tested on x86_64 with no regressions.
Signed-off-by: DJ Delorie <dj@redhat.com>
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
GLRO (_rtld_global_ro) is read-only after initialization and can
therefore not be patched at run time, unlike the hook table addresses
and their contents, so this is a desirable hardening feature.
The hooks are only needed if ld.so has not been initialized, and this
happens only after static dlopen (dlmopen uses a single ld.so object
across all namespaces).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This change moves the main implementation of _dl_catch_error,
_dl_signal_error to libc.so, where TLS variables can be used
directly. This removes a writable function pointer from the
rtld_global variable.
For use during initial relocation, minimal implementations of these
functions are provided in ld.so. These are eventually interposed
by the libc.so implementations. This is implemented by compiling
elf/dl-error-skeleton.c twice, via elf/dl-error.c and
elf/dl-error-minimal.c.
As a side effect of this change, the static version of dl-error.c
no longer includes support for the
_dl_signal_cerror/_dl_receive_error mechanism because it is only
used in ld.so.
real malloc in the catch object.
(_dl_catch_error): Forward information about malloc use to caller
in new parameter.
(_dl_out_of_memory): Make static.
* elf/dl-deps.c: Adjust callers of _dl_catch_error.
* elf/dl-libc.c: Likewise.
* elf/dl-open.c: Likewise.
* elf/rtld.c: Likewise.
Add new --audit option.
* sysdeps/generic/ldsodefs.h: Remove _dl_out_of_memory declaration.
(rtld_global_ro._dl_signal_error): Add new parameter.
* include/dlfcn.h (_dl_catch_error): Add new parameter.
* dlfcn/dlfcn.c (_dlerror_run): Pass additional parameter to
_dl_catch_error. Only free if the returned newly value says so.
2004-10-18 Jakub Jelinek <jakub@redhat.com>
* elf/dl-libc.c (__libc_dlsym_private, __libc_register_dl_open_hook):
New functions.
(__libc_dlopen_mode): Call __libc_register_dl_open_hook and
__libc_register_dlfcn_hook.
* dlfcn/Makefile (routines, elide-routines.os): Set.
Add rules to build and test tststatic2.
* dlfcn/tststatic2.c: New test.
* dlfcn/modstatic2.c: New test module.
* dlfcn/dladdr.c: Call _dlfcn_hook from libdl.so if not NULL.
Define __ prefixed routine in libc.a and in libdl.a just call it.
* dlfcn/dladdr1.c: Likewise.
* dlfcn/dlclose.c: Likewise.
* dlfcn/dlerror.c: Likewise.
* dlfcn/dlinfo.c: Likewise.
* dlfcn/dlmopen.c: Likewise.
* dlfcn/dlopen.c: Likewise.
* dlfcn/dlopenold.c: Likewise.
* dlfcn/dlsym.c: Likewise.
* dlfcn/dlvsym.c: Likewise.
* dlfcn/sdladdr.c: New file.
* dlfcn/sdladdr1.c: New file.
* dlfcn/sdlclose.c: New file.
* dlfcn/sdlerror.c: New file.
* dlfcn/sdlinfo.c: New file.
* dlfcn/sdlopen.c: New file.
* dlfcn/sdlsym.c: New file.
* dlfcn/sdlvsym.c: New file.
* dlfcn/Versions (libdl): Export _dlfcn_hook@GLIBC_PRIVATE.
* include/dlfcn.h (DL_CALLER_DECL, DL_CALLER RETURN_ADDRESS): Define.
(struct dlfcn_hook): New type.
(_dlfcn_hook): New extern decl.
(__dlopen, __dlclose, __dlsym, __dlerror, __dladdr, __dladdr1,
__dlinfo, __dlmopen, __libc_dlsym_private,
__libc_register_dl_open_hook, __libc_register_dlfcn_hook): New
prototypes.
(__dlvsym): Use DL_CALLER_DECL.
* include/libc-symbols.h: Define libdl_hidden_proto and friends.
* malloc/arena.c (_dl_open_hook): Extern decl.
(ptmalloc_init): Don't call _dl_addr when dlopened from statically
linked programs but don't use brk for them either.
2003-07-31 Jakub Jelinek <jakub@redhat.com>
* dlfcn/dlerror.c (once): New.
(dlerror): Call __libc_once.
(_dlerror_run): Remove once.
2003-07-31 Jakub Jelinek <jakub@redhat.com>
* sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h (struct sigcontext):
Sync with 2.5.7 and 2.5.73 kernel changes.
2003-07-31 Jakub Jelinek <jakub@redhat.com>
* dlfcn/eval.c (funcall): Add noinline attribute to shut up warnings.
* elf/rtld.c (dl_main): Cast ElfW(Addr) arguments with %Zx/%Zd
formats to size_t.
* elf/dl-lookup.c (_dl_debug_bindings): Likewise.
* elf/tst-tls6.c (do_test): Use %zd format for l_tls_modid.
* elf/tst-tls8.c (do_test): Use %zd format for modid1 and modid2.
* gmon/tst-sprofil.c (main): Add parens to shut up warning.
* iconv/tst-iconv3.c (main): Use %td instead of %zd for pointer
difference argument.
* stdio-common/tst-wc-printf.c (main): Cast arguments with %C
format to wint_t.
* stdlib/tst-limits.c (main): For WORD_BIT and LONG_BIT, use
%d format and cast expected value to int.
* sysdeps/generic/libc-start.c (STATIC): Add
__attribute__((always_inline) if LIBC_START_MAIN is already defined.
* sysdeps/powerpc/fpu/w_sqrt.c (a_nan, a_inf): Change from uint32_t
to ieee_float_shape_type.
(__sqrt): Avoid type punning.
* sysdeps/powerpc/fpu/w_sqrtf.c (a_nan, a_inf): Change from uint32_t
to ieee_float_shape_type.
(__sqrtf): Avoid type punning.
* sysdeps/s390/s390-32/dl-machine.h (elf_machine_rela): Don't define
refsym if in dl-conflict.c.
* sysdeps/s390/s390-64/dl-machine.h (elf_machine_rela): Likewise.
* sysdeps/unix/sysv/linux/i386/semctl.c (union semun): Add __old_buf.
(__new_semctl): Shut up warning.
* sysdeps/unix/sysv/linux/semctl.c (union semun): Add __old_buf.
(__new_semctl): Shut up warning.
* sysdeps/unix/sysv/linux/shmctl.c (__new_shmctl): Wrap long lines.
Change old into union of __old_shmid_ds and __old_shminfo structs.
Adjust all users.
* wcsmbs/wcsmbs-tst1.c (main): Cast arguments with %C format to wint_t.
2003-07-31 Jakub Jelinek <jakub@redhat.com>
* sysdeps/unix/sysv/linux/utimes.c (__utimes): Fix actime and
modtime computation.
* sysdeps/unix/sysv/linux/futimes.c (__futimes): Likewise.
* sysdeps/posix/utimes.c (__utimes): Likewise.
* sysdeps/hppa/Makefile (CFLAGS-rtld.c): New variable.
Set -mdisable-fpregs for this file.
2002-11-11 Carlos O'Donell <carlos@baldric.uwo.ca>
* sysdeps/unix/sysv/linux/configure.in:
Make 2.4.19 minimum linux kernel for hppa, and add unwind symbols
from gcc-3.0 era for backwards compatibility.
* sysdeps/unix/sysv/linux/configure: Regenerate.
* sysdeps/unix/sysv/linux/hppa/sys/ucontext.h:
Define mcontext_t as a sigcontext.
* dlfcn/dlerror.c (fini): New function, __attribute__ ((destructor)).
Free memory in `last_result' if it was used.
* resolv/nss_dns/dns-network.c (getanswer_r): In BYNAME case, search
all aliases for one that matches the "<dotted-quad>.IN-ADDR.ARPA" form.
Do the parsing inline instead of copying strings and calling
inet_network, and properly skip all alias names not matching the form.
2001-07-06 Paul Eggert <eggert@twinsun.com>
* manual/argp.texi: Remove ignored LGPL copyright notice; it's
not appropriate for documentation anyway.
* manual/libc-texinfo.sh: "Library General Public License" ->
"Lesser General Public License".
2001-07-06 Andreas Jaeger <aj@suse.de>
* All files under GPL/LGPL version 2: Place under LGPL version
2.1.
* manual/Makefile (TEXI2PDF): Change to texi2dvi --pdf.
Suggested by Minko Markov <mmarkov@home.com>.
2001-01-02 Franz Sirl <Franz.Sirl-kernel@lauterbach.com>
* sysdeps/powerpc/elf/start.S (__data_start): Make it global.
* sysdeps/powerpc/dl-machine.c (dl_reloc_overflow): Print the name of
the failing symbol.
(__process_machine_rela): Pass symbol to dl_reloc_overflow().
2001-01-02 Ben Collins <bcollins@debian.org>
* time/tzset.c (tzset_internal): Make sure we fall back to UTC
if TZ is not set and TZDEFAULT is not present.
2001-01-01 Ben Collins <bcollins@debian.org>
* string/strings.h: Make sure we declare our functions even if
string.h is already included, based on whether or not __USE_BSD is
defined.
2001-01-02 Ulrich Drepper <drepper@redhat.com>
* dlfcn/dlerror.c (dlerror): Handle call of dlerror() before any
other dlopen() and dlsym().
Based on a patch by Ben Collins <bcollins@debian.org>.
2001-01-02 Andreas Jaeger <aj@suse.de>
* dlfcn/errmsg1.c (main): Call dlerror initially.
Reported by Ben Collins <bcollins@debian.org>.
2001-01-02 Ulrich Drepper <drepper@redhat.com>
* elf/Versions (ld): Export _dl_out_of_memory for GLIBC_2.2.
* dlfcn/dlerror.c (dlerror): Don't free the error string if it is the
report that we are out of memory.
* elf/dl-deps.c (_dl_map_object_deps): Likewise.
* elf/dl-libc.c (dlerror_run): Likewise.
* elf/dl-open.c (_dl_open): Likewise.
* elf/rtld.c (dl_main): Likewise.
* elf/dl-error.c: Define _dl_out_of_memory.
(_dl_signal_error): Return _dl_signal_error if we cannot duplicate
the error string.
* sysdeps/generic/ldsodefs.h: Declare _dl_out_of_memory.
* dlfcn/dlerror.c (free_key_mem): Also free error string.
* iconv/loop.c: Fix comment.
2000-06-09 H.J. Lu <hjl@gnu.org>
* dlfcn/dlerror.c (_dlerror_run): Set result->errstring to NULL
after freeing it.
* dlfcn/Makefile (distribute): Add failtestmod.c.
(tests): Add failtest.
Add rules to build and run failtest.
* dlfcn/failtest.c: New file.
* dlfcn/failtestmod.c: New file.
1999-08-01 Ulrich Drepper <drepper@cygnus.com>
* elf/dl-sym.c (_dl_sym): Always determine module of the caller to
pass it to _dl_lookup_symbol.
* elf/dl-error.c (_dl_signal_error): Optimize string generation a
bit. Reword message.
* dlfcn/dlerror.c: Make code thread-safe.
* sysdeps/gnu/Makefile (libdl-routines): Add eval.
1999-07-06 Zack Weinberg <zack@rabi.columbia.edu>
* dlfcn: New directory. Move the following files from elf:
dladdr.c, dlclose.c, dlerror.c, dlfcn.h, dlopen.c,
dlopenold.c, dlsym.c, dlvsym.c.
* dlfcn/Makefile: New file.
* dlfcn/Versions: New file.
* dlfcn/dlsym.c: All ELF-specific code split out to new
function _dl_sym.
* dlfcn/dlvsym.c: All ELF-specific code split out to new
function _dl_vsym.
* elf/dl-sym.c: New file. _dl_sym and _dl_vsym are
implemented here.
* dlfcn/dladdr.c: Remove all references to ELF data structures
or headers.
* dlfcn/dlclose.c: Likewise.
* dlfcn/dlerror.c: Likewise.
* dlfcn/dlopen.c: Likewise.
* dlfcn/dlopenold.c: Likewise.
* Makeconfig (dlfcn): New variable - set to `dlfcn' if elf is
yes, empty otherwise.
(libdl): Set to dlfcn/libdl.so or libdl.a if elf is yes,
depending on build-shared.
(subdirs): Add $(dlfcn).
(rpath-dirs): Add dlfcn.
* elf/Makefile: Remove all references to libdl or its
components, except the ones relating to the test cases.
(routines): Add dl-sym.
* elf/Versions (libc): Add _dl_sym and _dl_vsym for GLIBC_2.2.
(libdl): Delete.
* elf/dl-close.c (_dl_close): Change argument to void *.
* elf/dl-open.c (_dl_open): Change return type to void *.
* elf/eval.c: Removed.
* elf/ldsodefs.h: Move prototypes of _dl_catch_error,
_dlerror_run, _dl_open, _dl_close, _dl_addr, and
_dl_mcount_wrapper_check to include/dlfcn.h. Delete
_CALL_DL_FCT macro.
* include/dlfcn.h: Also prototype _dl_sym and _dl_vsym here.
Include real header from dlfcn directory.
* include/ldsodefs.h: Removed.
* grp/initgroups.c: Use DL_CALL_FCT not _CALL_DL_FCT.
* nss/getXXbyYY_r.c: Likewise.
* nss/getXXent_r.c: Likewise.
* iconv/gconv.c: Likewise. Don't include ldsodefs.h.
* iconv/gconv_db.c: Likewise. Don't include ldsodefs.h.
* iconv/skeleton.c: Don't include ldsodefs.h.
* nss/nsswitch.h: Don't include ldsodefs.h. Include dlfcn.h.
1999-07-07 Ulrich Drepper <drepper@cygnus.com>