The current implementation of dlclose (and process exit) re-sorts the
link maps before calling ELF destructors. Destructor order is not the
reverse of the constructor order as a result: The second sort takes
relocation dependencies into account, and other differences can result
from ambiguous inputs, such as cycles. (The force_first handling in
_dl_sort_maps is not effective for dlclose.) After the changes in
this commit, there is still a required difference due to
dlopen/dlclose ordering by the application, but the previous
discrepancies went beyond that.
A new global (namespace-spanning) list of link maps,
_dl_init_called_list, is updated right before ELF constructors are
called from _dl_init.
In dl_close_worker, the maps variable, an on-stack variable length
array, is eliminated. (VLAs are problematic, and dlclose should not
call malloc because it cannot readily deal with malloc failure.)
Marking still-used objects uses the namespace list directly, with
next and next_idx replacing the done_index variable.
After marking, _dl_init_called_list is used to call the destructors
of now-unused maps in reverse destructor order. These destructors
can call dlopen. Previously, new objects do not have l_map_used set.
This had to change: There is no copy of the link map list anymore,
so processing would cover newly opened (and unmarked) mappings,
unloading them. Now, _dl_init (indirectly) sets l_map_used, too.
(dlclose is handled by the existing reentrancy guard.)
After _dl_init_called_list traversal, two more loops follow. The
processing order changes to the original link map order in the
namespace. Previously, dependency order was used. The difference
should not matter because relocation dependencies could already
reorder link maps in the old code.
The changes to _dl_fini remove the sorting step and replace it with
a traversal of _dl_init_called_list. The l_direct_opencount
decrement outside the loader lock is removed because it appears
incorrect: the counter manipulation could race with other dynamic
loader operations.
tst-audit23 needs adjustments to the changes in LA_ACT_DELETE
notifications. The new approach for checking la_activity should
make it clearer that la_activty calls come in pairs around namespace
updates.
The dependency sorting test cases need updates because the destructor
order is always the opposite order of constructor order, even with
relocation dependencies or cycles present.
There is a future cleanup opportunity to remove the now-constant
force_first and for_fini arguments from the _dl_sort_maps function.
Fixes commit 1df71d32fe ("elf: Implement
force_first handling in _dl_sort_maps_dfs (bug 28937)").
Reviewed-by: DJ Delorie <dj@redhat.com>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
It turns out the startup code in csu/elf-init.c has a perfect pair of
ROP gadgets (see Marco-Gisbert and Ripoll-Ripoll, "return-to-csu: A
New Method to Bypass 64-bit Linux ASLR"). These functions are not
needed in dynamically-linked binaries because DT_INIT/DT_INIT_ARRAY
are already processed by the dynamic linker. However, the dynamic
linker skipped the main program for some reason. For maximum
backwards compatibility, this is not changed, and instead, the main
map is consulted from __libc_start_main if the init function argument
is a NULL pointer.
For statically linked binaries, the old approach based on linker
symbols is still used because there is nothing else available.
A new symbol version __libc_start_main@@GLIBC_2.34 is introduced because
new binaries running on an old libc would not run their ELF
constructors, leading to difficult-to-debug issues.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
If we try to run constructors before relocation, this is always
a dynamic linker bug. An assert is easier to notice than a call
via an invalid function pointer (which may not even produce a valid
call stack).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
This supersedes the init_array sysdeps directory. It allows us to
check for ELF_INITFINI in both C and assembler code, and skip DT_INIT
and DT_FINI processing completely on newer architectures.
A new header file is needed because <dl-machine.h> is incompatible
with assembler code. <sysdep.h> is compatible with assembler code,
but it cannot be included in all assembler files because on some
architectures, it redefines register names, and some assembler files
conflict with that.
<elf-initfini.h> is replicated for legacy architectures which need
DT_INIT/DT_FINI support. New architectures follow the generic default
and disable it.
Completing the removal of the obsolete INTDEF / INTUSE mechanism, this
patch removes the final use - that for _dl_starting_up - replacing it
by rtld_hidden_def / rtld_hidden_proto. Having removed the last use,
the mechanism itself is also removed.
Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch. (This is not much of a test since this
variable is only defined and used in the !HAVE_INLINED_SYSCALLS case.)
[BZ #14132]
* include/libc-symbols.h (INTUSE): Remove macro.
(INTDEF): Likewise.
(INTVARDEF): Likewise.
(_INTVARDEF): Likewise.
(INTDEF2): Likewise.
(INTVARDEF2): Likewise.
* elf/rtld.c [!HAVE_INLINED_SYSCALLS] (_dl_starting_up): Use
rtld_hidden_def instead of INTVARDEF.
* sysdeps/generic/ldsodefs.h [IS_IN_rtld]
(_dl_starting_up_internal): Remove declaration.
(_dl_starting_up): Use rtld_hidden_proto.
* elf/dl-init.c [!HAVE_INLINED_SYSCALLS] (_dl_starting_up): Remove
declaration.
[!HAVE_INLINED_SYSCALLS] (_dl_starting_up_internal): Likewise.
(_dl_init) [!HAVE_INLINED_SYSCALLS]: Don't use INTUSE with
_dl_starting_up.
* elf/dl-writev.h (_dl_writev): Likewise.
* sysdeps/powerpc/powerpc64/dl-machine.h [!HAVE_INLINED_SYSCALLS]
(DL_STARTING_UP_DEF): Use __GI__dl_starting_up instead of
_dl_starting_up_internal.
Continuing the removal of the obsolete INTDEF / INTUSE mechanism, this
patch eliminates its use for _dl_init. Since _dl_init was already
declared with hidden visibility, creating a second hidden alias for it
was completely pointless, so this patch replaces all uses of
_dl_init_internal with plain _dl_init instead of using hidden_proto /
hidden_def (which are only needed when you want a hidden alias for a
non-hidden symbol; it's quite possible there are cases where they are
used but don't need to be because the symbol in question is not part
of the public ABI and is only used within a single library, so using
attributes_hidden instead would suffice).
Tested for x86_64 that installed stripped shared libraries are
unchanged by the patch.
[BZ #14132]
* elf/dl-init.c (_dl_init): Don't use INTDEF.
* sysdeps/aarch64/dl-machine.h (RTLD_START): Use _dl_init instead
of _dl_init_internal.
* sysdeps/alpha/dl-machine.h (RTLD_START): Likewise.
* sysdeps/arm/dl-machine.h (RTLD_START): Likewise.
* sysdeps/hppa/dl-machine.h (RTLD_START): Likewise.
* sysdeps/i386/dl-machine.h (RTLD_START): Likewise.
* sysdeps/ia64/dl-machine.h (RTLD_START): Likewise.
* sysdeps/m68k/dl-machine.h (RTLD_START): Likewise.
* sysdeps/microblaze/dl-machine.h (RTLD_START): Likewise.
* sysdeps/mips/dl-machine.h (RTLD_START): Likewise.
* sysdeps/powerpc/powerpc32/dl-start.S (_start): Likewise.
* sysdeps/s390/s390-32/dl-machine.h (RTLD_START): Likewise.
* sysdeps/s390/s390-64/dl-machine.h (RTLD_START): Likewise.
* sysdeps/sh/dl-machine.h (RTLD_START): Likewise.
* sysdeps/sparc/sparc32/dl-machine.h (RTLD_START): Likewise.
* sysdeps/sparc/sparc64/dl-machine.h (RTLD_START): Likewise.
* sysdeps/tile/dl-start.S (_start): Likewise.
* sysdeps/x86_64/dl-machine.h (RTLD_START): Likewise.
* sysdeps/x86_64/x32/dl-machine.h (RTLD_START): Likewise.
On hppa and ia64, the macro DL_AUTO_FUNCTION_ADDRESS() uses the
variable fptr[2] in it's own scope.
The content of fptr[] is thus undefined right after the macro exits.
Newer gcc's (>= 4.7) reuse the stack space of this variable triggering
a segmentation fault in dl-init.c:69.
To fix this we rewrite the macros to make the call directly to init
and fini without needing to pass back a constructed function pointer.
Resolves: #15465
The program name may be unavailable if the user application tampers
with argc and argv[]. Some parts of the dynamic linker caters for
this while others don't, so this patch consolidates the check and
fallback into a single macro and updates all users.
2004-07-05 Ulrich Drepper <drepper@redhat.com>
* elf/dl-init.c: Don't define and use _dl_starting_up if
HAVE_INLINED_SYSCALLS is defined and the variable is not used.
* elf/dl-support.c: Likewise.
* elf/rtld.c: Likewise.
* elf/dl-misc.c (_dl_debug_vdprintf): Use writev syscall directly
if HAVE_INLINED_SYSCALLS is defined.
* sysdeps/powerpc/powerpc64/dl-machine.h: Don't rest _dl_starting_up
here.
* sysdeps/powerpc/powerpc32/dl-start.S: Likewise.
* sysdeps/unix/sysv/linux/configure.in: Define HAVE_INLINED_SYSCALLS.
* config.h.in: Add entry for HAVE_INLINED_SYSCALLS.
* sysdeps/posix/profil.c: If compiled for ld.so, omit code which
is needed to stop profiling.
* elf/dl-open.c (dl_open_worker): If a newly opened object is to be
profile make sure it cannot be unloaded.
* sysdeps/unix/sysv/linux/dl-origin.c: Inline readlink syscall.
* sysdeps/unix/sysv/linux/fcntl.c: If compiled without cancellation
support, make sure the helper function is inlined.
* sysdeps/unix/sysv/linux/pread.c: Likewise.
* sysdeps/unix/sysv/linux/pwrite.c: Likewise.
* sysdeps/unix/sysv/linux/i386/fcntl.c: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/fcntl.c: Likewise.
2001-07-06 Paul Eggert <eggert@twinsun.com>
* manual/argp.texi: Remove ignored LGPL copyright notice; it's
not appropriate for documentation anyway.
* manual/libc-texinfo.sh: "Library General Public License" ->
"Lesser General Public License".
2001-07-06 Andreas Jaeger <aj@suse.de>
* All files under GPL/LGPL version 2: Place under LGPL version
2.1.
2001-02-01 Ulrich Drepper <drepper@redhat.com>
* Makerules (build-shlib): Add $(extra-B-$(@F:lib%.so=%).so).
* configure.in: Test for -z initfirst linker option.
* config.make.in: Add have-z-initfirst.
* elf/dl-init.c (_dl_init): Split out actual initialization code in
new function call_init. If _dl_initfirst is non-NULL initialize first.
* elf/dl-load.c (_dl_map_from_fd): If DF_1_INITFIRST flag is set
remember object in _dl_initfirst.
* elf/soinit.c: Remove special support for calling
__pthread_initialize_minimal.
* conform/conformtest.pl: Add missing $prepend in type test.
* elf/elf.h (SHT_CHECKSUM): New definition.
* posix/tst-fnmatch.input: Add tests for [. .] in locales.
2000-11-15 H.J. Lu <hjl@gnu.org>
* sysdeps/generic/ldsodefs.h (DL_DT_INIT_ADDRESS): Defined if
ELF_FUNCTION_PTR_IS_SPECIAL is not defined.
(DL_DT_FINI_ADDRESS): Likewise.
* sysdeps/ia64/dl-lookupcfg.h (_dl_lookup_address): Set the
return type to ElfW(Addr).
(_dl_function_address): New prototype.
(DL_FUNCTION_ADDRESS): Defined.
(DL_DT_INIT_ADDRESS): Defined as DL_FUNCTION_ADDRESS.
(DL_DT_FINI_ADDRESS): Likewise.
* sysdeps/ia64/Versions (GLIBC_2.2): Add _dl_function_address.
* sysdeps/ia64/dl-machine.h (_dl_start_address): Removed.
(ELF_MACHINE_START_ADDRESS): Changed to DL_FUNCTION_ADDRESS.
* sysdeps/ia64/dl-symaddr.c (_dl_start_address): Renamed to ...
(_dl_function_address): This.
* elf/dl-fini.c (_dl_fini): Use DL_DT_FINI_ADDRESS to get the
function pointer for DT_FINI.
* elf/dl-close.c (_dl_close): Likewise.
* elf/dl-init.c (_dl_init): Use DL_DT_INIT_ADDRESS to get the
function pointer for DT_INIT.
2000-11-16 Jakub Jelinek <jakub@redhat.com>
* sysdeps/generic/printf_fphex.c (__printf_fphex): Compute correctly
end of wexpbuf buffer.
* wcsmbs/wcrtomb.c (__wcrtomb): Set end of buffer correctly if s
== NULL. Little optimization.
* elf/dl-init.c (_dl_init): Correct typo (DT_PREINIT_ARRAY not
DT_PREINIT_ARRAYSZ).
Reported by Jes Sorensen <Jes.Sorensen@cern.ch>.
2000-03-31 Ulrich Drepper <drepper@redhat.com>
* elf/Makefile (distribute): Add dep1.c, dep2.c, dep3.c, and dep4.c.
(tests): Add order.
(module-names): Add dep1, dep2, dep3, and dep4.
Add dependencies for dep* modules and order.
Define rule for order.out which checks the result.
* elf/dep1.c: New file.
* elf/dep2.c: New file.
* elf/dep3.c: New file.
* elf/dep4.c: New file.
* elf/order.c: New file.
* elf/dl-init.c: Fix type in comment.
* elf/dl-init.c (_dl_init): Clear _dl_starting_up at end of
with size of dynamic sectionfunction.
* sysdeps/i386/dl-machine.h: Remove code to clear _dl_starting_up.
* misc/sys/cdefs.h: Don't allow gcc in traditional mode to be
with size of dynamic sectionused.
2000-03-30 Ulrich Drepper <drepper@redhat.com>
Implement dynamic determination of constructor/destructor order in
the dynamic linker.
* elf/Versions [ld.so] (GLIBC_2.0): Remove _dl_init_next.
(GLIBC_2.2): Add _dl_init.
* elf/dl-close.c: Also call all destructors in FINI_ARRAY.
r_duplist is not anymore allocated separately. l_initfini is and
therefore free it if necessary.
* elf/dl-deps.c: If a searchlist has to be allocated, put all in one
malloc block. Otherwise allocate l_initfini list only.
Put dependencies for the object in l_initfini list.
Sort dependencies for the object to be loaded topologically.
* elf/dl-fini.c: Before running the destructors sort the topologically.
* elf/dl-init.c (_dl_init): Renamed from _dl_init_next. Rewrite to
call constructors instead of iterating over the pointers. Get list of
objects for which to run constructors from l_initfini element. Accept
argc, argv, and env as parameters and pass them to the constructors.
* elf/ld-load.c (_dl_map_object_from_fd): Initialize l_ldnum member
with size of dynamic section.
* elf/dl-open.c (dl_open_worker): Only call _dl_init instead of
_dl_init_next and calling constructors ourself.
* elf/dl-preinit.c (_dl_preinit): Renamed from _dl_preinit_next.
Take argc, argv, and env as parameters and pass them to the
constructors. Rewrite to call all constructors and not iterate over
the pointers.
* elf/dynamic-link.h: Don't relocate DT_FINI_ARRAY entry. Don't
precompute l_initcount and l_preinitcount.
* elf/link.h (struct link_map): Add l_ldnum member.
Make l_phdr_allocated part of the bitfield. Remove l_runcount,
l_initcount, and l_preinitcount. Add l_initfini.
* sysdeps/generic/ldsodefs.h: Replace _dl_init_next prototype with
one for _dl_init.
* sysdeps/i386/dl-machine (RTLD_START): Rewrite to match new init
function interface.
* sysdeps/unix/sysv/linux/init-first.h: Removed.
* sysdeps/unix/sysv/linux/Dist: Delete file here as well.
* sysdeps/unix/sysv/linux/init-first.c [PIC]: Don't use
SYSDEP_CALL_INIT. Make _init a strong alias of init. The calling
conventions now match.
* sysdeps/generic/libc-start.c: Calling __libc_init_first has no
effect for shared objects. Don't emit message and call only for
static library.