Calling free directly may end up freeing a pointer allocated by the
dynamic loader using malloc from libc.so in the base namespace using
the allocator from libc.so in a secondary namespace, which results in
crashes.
This commit redirects the free call through GLRO and the dynamic
linker, to reach the correct namespace. It also cleans up the dlerror
handling along the way, so that pthread_setspecific is no longer
needed (which avoids triggering bug 24774).
Commit 9e78f6f6e7 ("Implement
_dl_catch_error, _dl_signal_error in libc.so [BZ #16628]") has the
side effect that distinct namespaces, as created by dlmopen, now have
separate implementations of the rtld exception mechanism. This means
that the call to _dl_catch_error from libdl in a secondary namespace
does not actually install an exception handler because the
thread-local variable catch_hook in the libc.so copy in the secondary
namespace is distinct from that of the base namepace. As a result, a
dlsym/dlopen/... failure in a secondary namespace terminates the process
with a dynamic linker error because it looks to the exception handler
mechanism as if no handler has been installed.
This commit restores GLRO (dl_catch_error) and uses it to set the
handler in the base namespace.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
On GNU/Hurd we not only need $(common-objpfx) in LD_LIBRARY_PATH when loading
dynamic objects, but also $(common-objpfx)/mach and $(common-objpfx)/hurd. This
adds an ld-library-path variable to be used as LD_LIBRARY_PATH basis in
Makefiles, and a sysdep-ld-library-path variable for sysdeps to add some
more paths, here mach/ and hurd/.
The dls_serpath path field, as an array of length 1, introduces
unexpected array subscript checks with some compilers.
GCC versions before 3.0 treat the nested anonymous union as a
declaration of an unnamed type, and not as a member declaration,
so this construct cannot be used for these compilers.
dlerror.c (__dlerror_main_freeres) will try to free resources which only
have been initialized when init () has been called. That function is
called when resources are needed using __libc_once (once, init) where
once is a __libc_once_define (static, once) in the dlerror.c file.
Trying to free those resources if init () hasn't been called will
produce errors under valgrind memcheck. So guard the freeing of those
resources using __libc_once_get (once) and make sure we have a valid
key. Also add a similar guard to __dlerror ().
* dlfcn/dlerror.c (__dlerror_main_freeres): Guard using
__libc_once_get (once) and static_bug == NULL.
(__dlerror): Check we have a valid key, set result to static_buf
otherwise.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The __libc_freeres framework does not extend to non-libc.so objects.
This causes problems in general for valgrind and mtrace detecting
unfreed objects in both libdl.so and libpthread.so. This change is
a pre-requisite to properly moving the malloc hooks out of malloc
since such a move now requires precise accounting of all allocated
data before destructors are run.
This commit adds a proper hook in libc.so.6 for both libdl.so and
for libpthread.so, this ensures that shm-directory.c which uses
freeit () to free memory is called properly. We also remove the
nptl_freeres hook and fall back to using weak-ref-and-check idiom
for a loaded libpthread.so, thus making this process similar for
all DSOs.
Lastly we follow best practice and use explicit free calls for
both libdl.so and libpthread.so instead of the generic hook process
which has undefined order.
Tested on x86_64 with no regressions.
Signed-off-by: DJ Delorie <dj@redhat.com>
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
GLRO (_rtld_global_ro) is read-only after initialization and can
therefore not be patched at run time, unlike the hook table addresses
and their contents, so this is a desirable hardening feature.
The hooks are only needed if ld.so has not been initialized, and this
happens only after static dlopen (dlmopen uses a single ld.so object
across all namespaces).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Update all sourceware links to https. The website redirects
everything to https anyway so let the web server do a bit less work.
The only reference that remains unchanged is the one in the old
ChangeLog, since it didn't seem worth changing it.
* NEWS: Update sourceware link to https.
* configure.ac: Likewise.
* crypt/md5test-giant.c: Likewise.
* dlfcn/bug-atexit1.c: Likewise.
* dlfcn/bug-atexit2.c: Likewise.
* localedata/README: Likewise.
* malloc/tst-mallocfork.c: Likewise.
* manual/install.texi: Likewise.
* nptl/tst-pthread-getattr.c: Likewise.
* stdio-common/tst-fgets.c: Likewise.
* stdio-common/tst-fwrite.c: Likewise.
* sunrpc/Makefile: Likewise.
* sysdeps/arm/armv7/multiarch/memcpy_impl.S: Likewise.
* wcsmbs/tst-mbrtowc2.c: Likewise.
* configure: Regenerate.
* INSTALL: Regenerate.
These are a grab bag of changes where the testsuite was using internal
symbols of some variety, but this was straightforward to fix, and the
fixed code should work with or without the change to compile the
testsuite under _ISOMAC.
Four of these are just more #include adjustments, but I want to highlight
sysdeps/powerpc/fpu/tst-setcontext-fpscr.c, which appears to have been
written before the advent of sys/auxv.h. I think a big chunk of this file
could be replaced by a simple call to getauxval, but I'll let someone who
actually has a powerpc machine to test on do that.
dlfcn/tst-dladdr.c was including ldsodefs.h just so it could use
DL_LOOKUP_ADDRESS to print an additional diagnostic; as requested by Carlos,
I have removed this.
math/test-misc.c was using #ifndef NO_LONG_DOUBLE, which is an internal
configuration macro, to decide whether to do certain tests involving
'long double'. I changed the test to #if LDBL_MANT_DIG > DBL_MANT_DIG
instead, which uses only public float.h macros and is equivalent on
all supported platforms. (Note that NO_LONG_DOUBLE doesn't mean 'the
compiler doesn't support long double', it means 'long double is the
same as double'.)
tst-writev.c has a configuration macro 'ARTIFICIAL_LIMIT' that the
Makefiles are expected to define, and sysdeps/unix/sysv/linux/Makefile
was using the internal __getpagesize in the definition; changed to
sysconf(_SC_PAGESIZE) which is the POSIX equivalent.
ia64-linux doesn't supply 'clone', only '__clone2', which is not
defined in the public headers(!) All the other clone tests have local
extern declarations of __clone2, but tst-clone.c doesn't; it was
getting away with this because include/sched.h does declare __clone2.
* nss/tst-cancel-getpwuid_r.c: Include nss.h.
* string/strcasestr.c: No need to include config.h.
* sysdeps/powerpc/fpu/tst-setcontext-fpscr.c: Include
sys/auxv.h. Don't include sysdep.h.
* sysdeps/powerpc/tst-set_ppr.c: Don't include dl-procinfo.h.
* dlfcn/tst-dladdr.c: Don't include ldsodefs.h. Don't use
DL_LOOKUP_ADDRESS.
* math/test-misc.c: Instead of testing NO_LONG_DOUBLE, test whether
LDBL_MANT_DIG is greater than DBL_MANT_DIG.
* sysdeps/unix/sysv/linux/Makefile (CFLAGS-tst-writev.c): Use
sysconf (_SC_PAGESIZE) instead of __getpagesize in definition
of ARTIFICIAL_LIMIT.
* sysdeps/unix/sysv/linux/tst-clone.c [__ia64__]: Add extern
declaration of __clone2.
The new test driver in <support/test-driver.c> has feature parity with
the old one. The main difference is that its hooking mechanism is
based on functions and function pointers instead of macros. This
commit also implements a new environment variable, TEST_COREDUMPS,
which disables the code which disables coredumps (that is, it enables
them if the invocation environment has not disabled them).
<test-skeleton.c> defines wrapper functions so that it is possible to
use existing macros with the new-style hook functionality.
This commit changes only a few test cases to the new test driver, to
make sure that it works as expected.
This change moves the main implementation of _dl_catch_error,
_dl_signal_error to libc.so, where TLS variables can be used
directly. This removes a writable function pointer from the
rtld_global variable.
For use during initial relocation, minimal implementations of these
functions are provided in ld.so. These are eventually interposed
by the libc.so implementations. This is implemented by compiling
elf/dl-error-skeleton.c twice, via elf/dl-error.c and
elf/dl-error-minimal.c.
As a side effect of this change, the static version of dl-error.c
no longer includes support for the
_dl_signal_cerror/_dl_receive_error mechanism because it is only
used in ld.so.
The test case dlfcn/bug-atexit3-lib.cc calls write and doesn't check the
result. When building with GCC 6.2, this generates a warning in 'make
check', which is treated as an error. This patch replaces the call to
write with a call to write_message.
Tested for powerpc64le.
on S390, I get a compile error for dlfcn/tst-rec-dlopen.c:
tst-rec-dlopen.c: In function ‘malloc’:
tst-rec-dlopen.c:101:4: error: implicit declaration of function ‘strlen’ [-Werror=implicit-function-declaration]
(void) write (STDOUT_FILENO, message, strlen (message));
^
tst-rec-dlopen.c:101:42: error: incompatible implicit declaration of built-in function ‘strlen’ [-Werror]
(void) write (STDOUT_FILENO, message, strlen (message));
^
tst-rec-dlopen.c:112:42: error: incompatible implicit declaration of built-in function ‘strlen’ [-Werror]
(void) write (STDOUT_FILENO, message, strlen (message));
^
This patch adds the missing "#include <string.h>" for strlen.
ChangeLog:
* dlfcn/tst-rec-dlopen.c: Include string.h.
When building on i686, x86_64, and arm, and with NDEBUG, or --with-cpu
there are various variables and functions which are unused based on
these settings.
This patch marks all such variables with __attribute__((unused)) to
avoid the compiler warnings when building with the aformentioned
options.
The ability to recursively call dlopen is useful for malloc
implementations that wish to load other dynamic modules that
implement reentrant/AS-safe functions to use in their own
implementation.
Given that a user malloc implementation may be called by an
ongoing dlopen to allocate memory the user malloc
implementation interrupts dlopen and if it calls dlopen again
that's a reentrant call.
This patch fixes the issues with the ld.so.cache mapping
and the _r_debug assertion which prevent this from working
as expected.
See:
https://sourceware.org/ml/libc-alpha/2014-12/msg00446.html
This patch fixes a "set but not used" warning from
dlfcn/failtestmod.c. A variable is used only to store the return
value from dlsym. As I understand this test, the point is simply to
do a sequence of load / unload operations in a loop, and all that
matters here is that dlsym gets called and returns without crashing,
not what its return value is. So this patch removes the assignment to
a variable.
Tested for x86_64.
* dlfcn/failtestmod.c (constr): Do not store result of dlsym in a
variable.
Barring libc.so and libdl.so, none of the libraries have any entry
points, so it is pointless to add a .interp section for them. The
libdl.so entry point (in dlfcn/eval.c) is also defunct, so remove that
file as well.
Build tested for x86_64, ppc64 and s390x. I have not moved
CFLAGS-interp.c to CPPFLAGS-interp.c isnce I'll be removing it
completely in a follow-up patch.
Siddhesh
* Makerules (lib%.so): Don't include $(+interp) in
prerequisites.
* elf/Makefile (CFLAGS-interp.c): Don't define NOT_IN_libc.
* dlfcn/eval.c: Remove file.
In <https://sourceware.org/ml/libc-alpha/2014-01/msg00196.html> I
noted it was necessary to add includes of Makeconfig early in various
subdirectory makefiles for the tests-special variable settings added
by that patch to be conditional on configuration information. No-one
commented on the general question there of whether Makeconfig should
always be included immediately after the definition of subdir.
This patch implements that early inclusion of Makeconfig in each
directory (which is a lot easier than consistent placement of includes
of Rules). Includes are added if needed, or moved up if already
present. Subdirectory "all:" targets are removed, since Makeconfig
provides one.
There is potential for further cleanups I haven't done. Rules and
Makerules have code such as
ifneq "$(findstring env,$(origin headers))" ""
headers :=
endif
to override to empty any value of various variables that came from the
environment. I think there is a case for Makeconfig setting all the
subdirectory variables (other than subdir) to empty to ensure no
outside value is going to take effect if a subdirectory fails to
define a variable. (A list of such variables, possibly out of date
and incomplete, is in manual/maint.texi.) Rules and Makerules would
give errors if Makeconfig hadn't already been included, instead of
including it themselves. The special code to override values coming
from the environment would then be obsolete and could be removed.
Tested x86_64, including that installed binaries are identical before
and after the patch.
* argp/Makefile: Include Makeconfig immediately after defining
subdir.
* assert/Makefile: Likewise.
* benchtests/Makefile: Likewise.
* catgets/Makefile: Likewise.
* conform/Makefile: Likewise.
* crypt/Makefile: Likewise.
* csu/Makefile: Likewise.
(all): Remove target.
* ctype/Makefile: Include Makeconfig immediately after defining
subdir.
* debug/Makefile: Likewise.
* dirent/Makefile: Likewise.
* dlfcn/Makefile: Likewise.
* gmon/Makefile: Likewise.
* gnulib/Makefile: Likewise.
* grp/Makefile: Likewise.
* gshadow/Makefile: Likewise.
* hesiod/Makefile: Likewise.
* hurd/Makefile: Likewise.
(all): Remove target.
* iconvdata/Makefile: Include Makeconfig immediately after
defining subdir.
* inet/Makefile: Likewise.
* intl/Makefile: Likewise.
* io/Makefile: Likewise.
* libio/Makefile: Likewise.
(all): Remove target.
* locale/Makefile: Include Makeconfig immediately after defining
subdir.
* login/Makefile: Likewise.
* mach/Makefile: Likewise.
(all): Remove target.
* malloc/Makefile: Include Makeconfig immediately after defining
subdir.
(all): Remove target.
* manual/Makefile: Include Makeconfig immediately after defining
subdir.
* math/Makefile: Likewise.
* misc/Makefile: Likewise.
* nis/Makefile: Likewise.
* nss/Makefile: Likewise.
* po/Makefile: Likewise.
(all): Remove target.
* posix/Makefile: Include Makeconfig immediately after defining
subdir.
* pwd/Makefile: Likewise.
* resolv/Makefile: Likewise.
* resource/Makefile: Likewise.
* rt/Makefile: Likewise.
* setjmp/Makefile: Likewise.
* shadow/Makefile: Likewise.
* signal/Makefile: Likewise.
* socket/Makefile: Likewise.
* soft-fp/Makefile: Likewise.
* stdio-common/Makefile: Likewise.
* stdlib/Makefile: Likewise.
* streams/Makefile: Likewise.
* string/Makefile: Likewise.
* sunrpc/Makefile: Likewise.
(all): Remove target.
* sysvipc/Makefile: Include Makeconfig immediately after defining
subdir.
* termios/Makefile: Likewise.
* time/Makefile: Likewise.
* timezone/Makefile: Likewise.
(all): Remove target.
* wcsmbs/Makefile: Include Makeconfig immediately after defining
subdir.
* wctype/Makefile: Likewise.
libidn/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
localedata/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
(all): Remove target.
nptl/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
nptl_db/ChangeLog:
* Makefile: Include Makeconfig immediately after defining subdir.
Since the dlopen funcs might invoke a constructor that calls a func
that is in the same compilation unit as the caller, we cannot mark
them as leaf funcs.
Similarly, dlclose might invoke a destructor that calls a func that
is in the same compilation unit as the caller.
URL: https://sourceware.org/bugzilla/show_bug.cgi?id=15897
Reportedy-by: Fabrice Bauzac <libnoon@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This change creates a link map in static executables to serve as the
global search list for dlopen. It fixes a problem with the inability
to access the global symbol object and a crash on an attempt to map a
DSO into the global scope. Some code that has become dead after the
addition of this link map is removed too and test cases are provided.