Intel Control-flow Enforcement Technology (CET) instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-en
forcement-technology-preview.pdf
includes Indirect Branch Tracking (IBT) and Shadow Stack (SHSTK).
GNU_PROPERTY_X86_FEATURE_1_IBT is added to GNU program property to
indicate that all executable sections are compatible with IBT when
ENDBR instruction starts each valid target where an indirect branch
instruction can land. Linker sets GNU_PROPERTY_X86_FEATURE_1_IBT on
output only if it is set on all relocatable inputs.
On an IBT capable processor, the following steps should be taken:
1. When loading an executable without an interpreter, enable IBT and
lock IBT if GNU_PROPERTY_X86_FEATURE_1_IBT is set on the executable.
2. When loading an executable with an interpreter, enable IBT if
GNU_PROPERTY_X86_FEATURE_1_IBT is set on the interpreter.
a. If GNU_PROPERTY_X86_FEATURE_1_IBT isn't set on the executable,
disable IBT.
b. Lock IBT.
3. If IBT is enabled, when loading a shared object without
GNU_PROPERTY_X86_FEATURE_1_IBT:
a. If legacy interwork is allowed, then mark all pages in executable
PT_LOAD segments in legacy code page bitmap. Failure of legacy code
page bitmap allocation causes an error.
b. If legacy interwork isn't allowed, it causes an error.
GNU_PROPERTY_X86_FEATURE_1_SHSTK is added to GNU program property to
indicate that all executable sections are compatible with SHSTK where
return address popped from shadow stack always matches return address
popped from normal stack. Linker sets GNU_PROPERTY_X86_FEATURE_1_SHSTK
on output only if it is set on all relocatable inputs.
On a SHSTK capable processor, the following steps should be taken:
1. When loading an executable without an interpreter, enable SHSTK if
GNU_PROPERTY_X86_FEATURE_1_SHSTK is set on the executable.
2. When loading an executable with an interpreter, enable SHSTK if
GNU_PROPERTY_X86_FEATURE_1_SHSTK is set on interpreter.
a. If GNU_PROPERTY_X86_FEATURE_1_SHSTK isn't set on the executable
or any shared objects loaded via the DT_NEEDED tag, disable SHSTK.
b. Otherwise lock SHSTK.
3. After SHSTK is enabled, it is an error to load a shared object
without GNU_PROPERTY_X86_FEATURE_1_SHSTK.
To enable CET support in glibc, --enable-cet is required to configure
glibc. When CET is enabled, both compiler and assembler must support
CET. Otherwise, it is a configure-time error.
To support CET run-time control,
1. _dl_x86_feature_1 is added to the writable ld.so namespace to indicate
if IBT or SHSTK are enabled at run-time. It should be initialized by
init_cpu_features.
2. For dynamic executables:
a. A l_cet field is added to struct link_map to indicate if IBT or
SHSTK is enabled in an ELF module. _dl_process_pt_note or
_rtld_process_pt_note is called to process PT_NOTE segment for
GNU program property and set l_cet.
b. _dl_open_check is added to check IBT and SHSTK compatibilty when
dlopening a shared object.
3. Replace i386 _dl_runtime_resolve and _dl_runtime_profile with
_dl_runtime_resolve_shstk and _dl_runtime_profile_shstk, respectively if
SHSTK is enabled.
CET run-time control can be changed via GLIBC_TUNABLES with
$ export GLIBC_TUNABLES=glibc.tune.x86_shstk=[permissive|on|off]
$ export GLIBC_TUNABLES=glibc.tune.x86_ibt=[permissive|on|off]
1. permissive: SHSTK is disabled when dlopening a legacy ELF module.
2. on: IBT or SHSTK are always enabled, regardless if there are IBT or
SHSTK bits in GNU program property.
3. off: IBT or SHSTK are always disabled, regardless if there are IBT or
SHSTK bits in GNU program property.
<cet.h> from CET-enabled GCC is automatically included by assembly codes
to add GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK
to GNU program property. _CET_ENDBR is added at the entrance of all
assembly functions whose address may be taken. _CET_NOTRACK is used to
insert NOTRACK prefix with indirect jump table to support IBT. It is
defined as notrack when _CET_NOTRACK is defined in <cet.h>.
[BZ #21598]
* configure.ac: Add --enable-cet.
* configure: Regenerated.
* elf/Makefille (all-built-dso): Add a comment.
* elf/dl-load.c (filebuf): Moved before "dynamic-link.h".
Include <dl-prop.h>.
(_dl_map_object_from_fd): Call _dl_process_pt_note on PT_NOTE
segment.
* elf/dl-open.c: Include <dl-prop.h>.
(dl_open_worker): Call _dl_open_check.
* elf/rtld.c: Include <dl-prop.h>.
(dl_main): Call _rtld_process_pt_note on PT_NOTE segment. Call
_rtld_main_check.
* sysdeps/generic/dl-prop.h: New file.
* sysdeps/i386/dl-cet.c: Likewise.
* sysdeps/unix/sysv/linux/x86/cpu-features.c: Likewise.
* sysdeps/unix/sysv/linux/x86/dl-cet.h: Likewise.
* sysdeps/x86/cet-tunables.h: Likewise.
* sysdeps/x86/check-cet.awk: Likewise.
* sysdeps/x86/configure: Likewise.
* sysdeps/x86/configure.ac: Likewise.
* sysdeps/x86/dl-cet.c: Likewise.
* sysdeps/x86/dl-procruntime.c: Likewise.
* sysdeps/x86/dl-prop.h: Likewise.
* sysdeps/x86/libc-start.h: Likewise.
* sysdeps/x86/link_map.h: Likewise.
* sysdeps/i386/dl-trampoline.S (_dl_runtime_resolve): Add
_CET_ENDBR.
(_dl_runtime_profile): Likewise.
(_dl_runtime_resolve_shstk): New.
(_dl_runtime_profile_shstk): Likewise.
* sysdeps/linux/x86/Makefile (sysdep-dl-routines): Add dl-cet
if CET is enabled.
(CFLAGS-.o): Add -fcf-protection if CET is enabled.
(CFLAGS-.os): Likewise.
(CFLAGS-.op): Likewise.
(CFLAGS-.oS): Likewise.
(asm-CPPFLAGS): Add -fcf-protection -include cet.h if CET
is enabled.
(tests-special): Add $(objpfx)check-cet.out.
(cet-built-dso): New.
(+$(cet-built-dso:=.note)): Likewise.
(common-generated): Add $(cet-built-dso:$(common-objpfx)%=%.note).
($(objpfx)check-cet.out): New.
(generated): Add check-cet.out.
* sysdeps/x86/cpu-features.c: Include <dl-cet.h> and
<cet-tunables.h>.
(TUNABLE_CALLBACK (set_x86_ibt)): New prototype.
(TUNABLE_CALLBACK (set_x86_shstk)): Likewise.
(init_cpu_features): Call get_cet_status to check CET status
and update dl_x86_feature_1 with CET status. Call
TUNABLE_CALLBACK (set_x86_ibt) and TUNABLE_CALLBACK
(set_x86_shstk). Disable and lock CET in libc.a.
* sysdeps/x86/cpu-tunables.c: Include <cet-tunables.h>.
(TUNABLE_CALLBACK (set_x86_ibt)): New function.
(TUNABLE_CALLBACK (set_x86_shstk)): Likewise.
* sysdeps/x86/sysdep.h (_CET_NOTRACK): New.
(_CET_ENDBR): Define if not defined.
(ENTRY): Add _CET_ENDBR.
* sysdeps/x86/dl-tunables.list (glibc.tune): Add x86_ibt and
x86_shstk.
* sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve): Add
_CET_ENDBR.
(_dl_runtime_profile): Likewise.
This looks like a post-exploitation hardening measure: If an attacker is
able to redirect execution flow, they could use that to load a DSO which
contains additional code (or perhaps make the stack executable).
However, the checks are not in the correct place to be effective: If
they are performed before the critical operation, an attacker with
sufficient control over execution flow could simply jump directly to
the code which performs the operation, bypassing the check. The check
would have to be executed unconditionally after the operation and
terminate the process in case a caller violation was detected.
Furthermore, in _dl_check_caller, there was a fallback reading global
writable data (GL(dl_rtld_map).l_map_start and
GL(dl_rtld_map).l_text_end), which could conceivably be targeted by an
attacker to disable the check, too.
Other critical functions (such as system) remain completely
unprotected, so the value of these additional checks does not appear
that large. Therefore this commit removes this functionality.
Combine the four places where link maps are sorted into a single function.
This also moves the logic to skip the first map (representing the main
binary) to the callers.
Since __libc_multiple_libcs is defined as hidden symbol in init-first.c,
it should be always marked with attribute_hidden.
[BZ #18822]
* csu/libc-start.c (__libc_multiple_libcs): Removed.
* elf/dl-open.c: Include <libc-internal.h>.
(__libc_multiple_libcs): Removed.
* elf/dl-sysdep.c: Include <libc-internal.h> instead of
<hp-timing.h>.
* include/libc-internal.h (__libc_multiple_libcs): New.
* misc/sbrk.c: Include <libc-internal.h>.
(__libc_multiple_libcs): Removed.
This commit separates allocating and raising exceptions. This
simplifies catching and re-raising them because it is no longer
necessary to make a temporary, on-stack copy of the exception message.
The function _dl_addr_inside_object is simplified by removing
the conditional 'reladdr - l->l_phdr[n].p_vaddr >= 0' which is
always true. The function is refactored into it's own object file
and a unit test added to verify the correct behaviour of the
function.
The commit b632bdd3 moved the setting of the DF_1_NODELETE flag earlier
in the dl_open_worker function. However when calling dlopen with both
RTLD_NODELETE and RTLD_NOLOAD, the pointer returned by _dl_map_object is
NULL. This condition is checked just after setting the flag, while it
should be done before. Fix that.
Changelog:
[BZ #19810]
* elf/dl-open.c (dl_open_worker): Set DF_1_NODELETE flag later.
* elf/tst-noload.c: New test case.
* elf/Makefile (tests): Add tst-noload.
The DF_1_NODELETE flag is set too late when opening a DSO, due to
which, if a DSO is already open, subsequently opening it with
RTLD_NODELETE fails to set the DF_1_NODELETE flag. This patch fixes
this by setting the flag immediately after bumping the opencount.
Verified on x86_64.
[BZ #18676]
* elf/tst-nodelete-opened.c: New test case.
* elf/tst-nodelete-opened-lib.c: New test case module.
* elf/Makefile (tests, modules-names): Use them.
* elf/dl-open.c (dl_open_worker): Set DF_1_NODELETE flag
early.
https://sourceware.org/bugzilla/show_bug.cgi?id=17833
I've a shared library that contains both undefined and unique symbols.
Then I try to call the following sequence of dlopen:
1. dlopen("./libfoo.so", RTLD_NOW)
2. dlopen("./libfoo.so", RTLD_LAZY | RTLD_GLOBAL)
First dlopen call terminates with error because of undefined symbols,
but STB_GNU_UNIQUE ones set DF_1_NODELETE flag and hence block library
in the memory.
The library goes into inconsistent state as several structures remain
uninitialized. For instance, relocations for GOT table were not performed.
By the time of second dlopen call this library looks like as it would be
fully initialized but this is not true: any call through incorrect GOT
table leads to segmentation fault. On some systems this inconsistency
triggers assertions in the dynamic linker.
This patch adds a parameter to _dl_close_worker to implement forced object
deletion in case of dlopen() failure:
1. Clears DF_1_NODELETE bit if forced, to allow library to be removed from
memory.
2. For each unique symbol that is defined in this object clears
appropriate entry in _ns_unique_sym_table.
[BZ #17833]
* elf/Makefile (tests): Add tst-nodelete.
(modules-names): Add tst-nodelete-uniquemod.
(tst-nodelete-uniquemod.so-no-z-defs): New.
(tst-nodelete-rtldmod.so-no-z-defs): Likewise.
(tst-nodelete-zmod.so-no-z-defs): Likewise.
($(objpfx)tst-nodelete): Likewise.
($(objpfx)tst-nodelete.out): Likewise.
(LDFLAGS-tst-nodelete): Likewise.
(LDFLAGS-tst-nodelete-zmod.so): Likewise.
* elf/dl-close.c (_dl_close_worker): Add a parameter to
implement forced object deletion.
(_dl_close): Pass false to _dl_close_worker.
* elf/dl-open.c (_dl_open): Pass true to _dl_close_worker.
* elf/tst-nodelete.cc: New file.
* elf/tst-nodeletelib.cc: Likewise.
* elf/tst-znodeletelib.cc: Likewise.
* include/dlfcn.h (_dl_close_worker): Add a new parameter.
for ChangeLog
[BZ #17090]
[BZ #17620]
[BZ #17621]
[BZ #17628]
* NEWS: Update.
* elf/dl-tls.c (_dl_update_slotinfo): Clean up outdated DTV
entries with Static TLS too. Skip entries past the end of the
allocated DTV, from Alan Modra.
(tls_get_addr_tail): Update to glibc_likely/unlikely. Move
Static TLS DTV entry set up from...
(_dl_allocate_tls_init): ... here (fix modid assertion), ...
* elf/dl-reloc.c (_dl_nothread_init_static_tls): ... here...
* nptl/allocatestack.c (init_one_static_tls): ... and here...
* elf/dlopen.c (dl_open_worker): Drop l_tls_modid upper bound
for Static TLS.
* elf/tlsdeschtab.h (map_generation): Return size_t. Check
that the slot we find is associated with the given map before
using its generation count.
* nptl_db/db_info.c: Include ldsodefs.h.
(rtld_global, dtv_slotinfo_list, dtv_slotinfo): New typedefs.
* nptl_db/structs.def (DB_RTLD_VARIABLE): New macro.
(DB_MAIN_VARIABLE, DB_RTLD_GLOBAL_FIELD): Likewise.
(link_map::l_tls_offset): New struct field.
(dtv_t::counter): Likewise.
(rtld_global): New struct.
(_rtld_global): New rtld variable.
(dl_tls_dtv_slotinfo_list): New rtld global field.
(dtv_slotinfo_list): New struct.
(dtv_slotinfo): Likewise.
* nptl_db/td_symbol_list.c: Drop gnu/lib-names.h include.
(td_lookup): Rename to...
(td_mod_lookup): ... this. Use new mod parameter instead of
LIBPTHREAD_SO.
* nptl_db/td_thr_tlsbase.c: Include link.h.
(dtv_slotinfo_list, dtv_slotinfo): New functions.
(td_thr_tlsbase): Check DTV generation. Compute Static TLS
addresses even if the DTV is out of date or missing them.
* nptl_db/fetch-value.c (_td_locate_field): Do not refuse to
index zero-length arrays.
* nptl_db/thread_dbP.h: Include gnu/lib-names.h.
(td_lookup): Make it a macro implemented in terms of...
(td_mod_lookup): ... this declaration.
* nptl_db/db-symbols.awk (DB_RTLD_VARIABLE): Override.
(DB_MAIN_VARIABLE): Likewise.
The ability to recursively call dlopen is useful for malloc
implementations that wish to load other dynamic modules that
implement reentrant/AS-safe functions to use in their own
implementation.
Given that a user malloc implementation may be called by an
ongoing dlopen to allocate memory the user malloc
implementation interrupts dlopen and if it calls dlopen again
that's a reentrant call.
This patch fixes the issues with the ld.so.cache mapping
and the _r_debug assertion which prevent this from working
as expected.
See:
https://sourceware.org/ml/libc-alpha/2014-12/msg00446.html
This change creates a link map in static executables to serve as the
global search list for dlopen. It fixes a problem with the inability
to access the global symbol object and a crash on an attempt to map a
DSO into the global scope. Some code that has become dead after the
addition of this link map is removed too and test cases are provided.
Resolves: #15465
The program name may be unavailable if the user application tampers
with argc and argv[]. Some parts of the dynamic linker caters for
this while others don't, so this patch consolidates the check and
fallback into a single macro and updates all users.
The seen array was doubled in size recently, but the memset to clear
the array was not adjusted. We adjust the memset to always be correct
regardless of the size of seen.
---
2013-04-06 Carlos O'Donell <carlos@redhat.com>
[BZ #15309]
* elf/dl-open.c (dl_open_worker): memset all of seen array.
[BZ #13882]
* elf/dl-deps.c (_dl_map_object_deps): Fix cycle detection. Use
uint16_t for elements in the "seen" array to avoid char overflows.
* elf/dl-fini.c (_dl_sort_fini): Likewise.
* elf/dl-open.c (dl_open_worker): Likewise.
When dynamically loading a library along with several dependencies, calls to
_dl_add_to_slotinfo and _dl_update_slotinfo can become intermixed. As a
consequence, _dl_update_slotinfo will update the generation counter of the dtv
although not all of the slots belonging to that generation have been added.
Subsequent calls to _dl_add_to_slotinfo will add more slots to the same
generation, for which no storage will be allocated, as the dtv generation
checks will claim no work is necessary. This will lead to uninitialized dtv
entries and will likely cause a SIGSEGV when thread local variables are
accessed.
If a binary gets invoked by passing it as argument to ld.so the stack
still holds the auxiliary vector of ld.so when entering the _start
routine of the executable. So the invocation via ld.so is not fully
transparent to the executable. This causes problems if the executable
wants to scan the auxv itself.
Some symbols have to be identified process-wide by their name. This is
particularly important for some C++ features (e.g., class local static data
and static variables in inline functions). This cannot completely be
implemented with ELF functionality so far. The STB_GNU_UNIQUE binding
helps by ensuring the dynamic linker will always use the same definition for
all symbols with the same name and this binding.
2009-04-19 Ulrich Drepper <drepper@redhat.com>
[BZ #10069]
* elf/dl-open.c (dl_open_worker): We cannot guarantee that we can load
an object that uses static TLS if the TLS modid is higher than the
reserve we always allocate. At least for multi-threaded code.
are dlopened in statically linked program even for __LM_ID_CALLER.
2009-04-16 Jakub Jelinek <jakub@redhat.com>
* elf/dl-open.c (_dl_open): Bump GL(dl_nns) to 1 if no libraries
are dlopened in statically linked program even for __LM_ID_CALLER.
* elf/dl-load.c (_dl_map_object_from_fd): Only call audit hooks
if we are not loading a new audit library.
* elf/dl-reloc (_dl_relocate_object): Third parameter is now a bitmask.
Only use profiling trampoline for auditing if we are not relocating
an audit library.
* elf/dl-open.c (dl_open_worker): Adjust _dl_relocate_object call.
* elf/rtld.c: Likewise.
* sysdeps/generic/ldsodefs.h: Adjust _dl_relocate_object prototype.
void * pointers instead of struct link_map **.
(_dl_scope_free): Change argument type to void *.
* include/link.h (struct link_map): Change type of l_reldeps
to struct link_map_reldeps, move l_reldepsact into that
struct too.
* elf/dl-deps.c: Include atomic.h.
(_dl_map_object_deps): Only change l->l_initfini when it is
fully populated, use _dl_scope_free for freeing it. Optimize
removal of libs from reldeps by using l_reserved flag, when
some removal is needed, allocate a new list instead of
reallocating and free the old with _dl_scope_free. Adjust
for l_reldeps and l_reldepsact changes.
* elf/dl-lookup.c (add_dependency): Likewise. Reorganize to allow
searching in l_initfini and l_reldeps without holding dl_load_lock.
* elf/dl-fini.c (_dl_sort_fini): Adjust for l_reldeps and
l_reldepsact changes.
* elf/dl-close.c (_dl_close_worker): Likewise.
* elf/dl-open.c (_dl_scope_free): Change argument type to void *.
2007-06-13 Jakub Jelinek <jakub@redhat.com>
* include/link.h: Don't include rtld-lowlevel.h.
(struct link_map): Remove l_scope_lock.
* sysdeps/generic/ldsodefs.h: Don't include rtld-lowlevel.h.
(_dl_scope_free_list): New field (variable) in _rtld_global.
(DL_LOOKUP_SCOPE_LOCK): Remove.
(_dl_scope_free): New prototype.
* elf/dl-runtime.c (_dl_fixup): Don't use __rtld_mrlock_*lock.
Don't pass DL_LOOKUP_SCOPE_LOCK to _dl_lookup_symbol_x.
(_dl_profile_fixup): Likewise.
* elf/dl-sym.c (do_sym): Likewise. Use wrapped _dl_lookup_symbol_x
whenever !RTLD_SINGLE_THREAD_P, use THREAD_GSCOPE_SET_FLAG and
THREAD_GSCOPE_RESET_FLAG around it.
* elf/dl-close.c (_dl_close_worker): Don't use
__rtld_mrlock_{change,done}. Call _dl_scope_free on the old
scope. Make sure THREAD_GSCOPE_WAIT () happens if any old
scopes were queued or if l_scope_mem has been abandoned.
* elf/dl-open.c (_dl_scope_free): New function.
(dl_open_worker): Use it. Don't use __rtld_mrlock_{change,done}.
* elf/dl-support.c (_dl_scope_free_list): New variable.
* elf/dl-lookup.c (add_dependency): Remove flags argument.
Remove DL_LOOKUP_SCOPE_LOCK handling.
(_dl_lookup_symbol_x): Adjust caller. Remove DL_LOOKUP_SCOPE_LOCK
handling.
* elf/dl-object.c (_dl_new_object): Don't use
__rtld_mrlock_initialize.
2007-06-19 Ulrich Drepper <drepper@redhat.com>
to fill in holes
(rtld_global_ro): Likewise.
2007-06-18 Jakub Jelinek <jakub@redhat.com>
* elf/dl-addr.c (_dl_addr): Skip PT_LOAD checking if l_contiguous.
Move PT_LOAD checking to...
(_dl_addr_inside_object): ... here, new function.
* elf/dl-sym.c (do_sym): If not l_contiguous,
call _dl_addr_inside_object.
* elf/dl-iteratephdr.c (__dl_iterate_phdr): Likewise.
* dlfcn/dlinfo.c (dlinfo_doit): Likewise.
* elf/dl-open.c (dl_open_worker): Likewise.
(_dl_addr_inside_object): New function if IS_IN_rtld.
* elf/dl-load.c (_dl_map_object_from_fd): Set l_contiguous if no
holes are present or are PROT_NONE protected.
* include/link.h (struct link_map): Add l_contiguous field.
* sysdeps/generic/ldsodefs.h (_dl_addr_inside_object): New prototype.
global scope, wait for all lookups to finish afterwards.
* elf/dl-open.c (add_to_global): When global scope array must
grow, allocate a new one and free old array only after all
lookups finish.
* elf/dl-runtime.c (_dl_fixup): Protect using global scope.
(_dl_lookup_symbol_x): Likewise.
* elf/dl-support.c: Define _dl_wait_lookup_done.
* sysdeps/generic/ldsodefs.h (struct rtld_global): Add
_dl_wait_lookup_done.
smaller scopes.
* elf/dl-dst.h (DL_DST_REQ_STATIC): Add l as macro argument.
(DL_DST_REQUIRED): Adjust user.
* include/dlfcn.h (struct link_map): New forward decl.
* inet/getnameinfo.c: Include stddef.h.
(getnameinfo): Use offsetof.
* time/tst-mktime2.c (do_test): Don't rely on signed wrap.
* stdio-common/vfprintf.c (_itoa): Undef before redefining.
* string/strerror_l.c: Include stdlib.h.
split out locking and parameter checking.
(_dl_close): Call _dl_close_worker after locking and checking.
* elf/dl-open.c (_dl_open): Call _dl_close_worker instead of
_dl_close.
we are sure we do not need it anymore for _dl_close. Also move
* elf/dl-lookup.c (_dl_debug_bindings): Remove unused symbol_scope
2006-10-27 Ulrich Drepper <drepper@redhat.com>
[BZ #3429]
* elf/dl-open.c (dl_open_worker): Keep holding dl_load_lock until
we are sure we do not need it anymore for _dl_close. ALso move
the asserts inside the lock region.
Patch mostly by Suzuki <suzuki@in.ibm.com>.
argument.
(_dl_lookup_symbol_x): Adjust caller.
* sysdeps/generic/ldsodefs.h (struct link_namespaces): Remove
_ns_global_scope.
* elf/rtld.c (dl_main): Don't initialize _ns_global_scope.
* elf/dl-libc.c: Revert l_scope name changes.
* elf/dl-load.c: Likewise.
* elf/dl-object.c: Likewise.
* elf/rtld.c: Likewise.
* elf/dl-close.c (_dl_close): Likewise.
* elf/dl-open.c (dl_open_worker): Likewise. If not SINGLE_THREAD_P,
always use __rtld_mrlock_{change,done}. Always free old scope list
here if not l_scope_mem.
* elf/dl-runtime.c (_dl_fixup, _dl_profile_fixup): Revert l_scope name
change. Never free scope list here. Just __rtld_mrlock_lock before
the lookup and __rtld_mrlock_unlock it after the lookup.
* elf/dl-sym.c: Likewise.
* include/link.h (struct r_scoperec): Remove.
(struct link_map): Replace l_scoperec with l_scope, l_scoperec_mem
with l_scope_mem and l_scoperec_lock with l_scope_lock.
2006-10-17 Jakub Jelinek <jakub@redhat.com>
* sunrpc/xdr_mem.c (xdrmem_setpos): Don't compare addresses
as signed longs, check for x_base + pos overflow.
* sunrpc/Makefile (tests): Add tst-xdrmem2.
* sunrpc/tst-xdrmem2.c: New test.
2006-10-18 Ulrich Drepper <drepper@redhat.com>
* elf/dl-lookup.c (_dl_lookup_symbol_x): Add warning to
_dl_lookup_symbol_x code.
2006-10-17 Jakub Jelinek <jakub@redhat.com>
* elf/dl-runtime.c: Include sysdep-cancel.h.
(_dl_fixup, _dl_profile_fixup): Use __rtld_mrlock_* and
scoperec->nusers only if !SINGLE_THREAD_P. Use atomic_*
instead of catomic_* macros.
* elf/dl-sym.c: Include sysdep-cancel.h.
(do_sym): Use __rtld_mrlock_* and scoperec->nusers only
if !SINGLE_THREAD_P. Use atomic_* instead of catomic_* macros.
* elf/dl-close.c: Include sysdep-cancel.h.
(_dl_close): Use __rtld_mrlock_* and scoperec->nusers only
if !SINGLE_THREAD_P. Use atomic_* instead of catomic_* macros.
* elf/dl-open.c: Include sysdep-cancel.h.
(dl_open_worker): Use __rtld_mrlock_* and scoperec->nusers only
if !SINGLE_THREAD_P. Use atomic_* instead of catomic_* macros.
2006-10-17 Jakub Jelinek <jakub@redhat.com>
[BZ #3313]
* malloc/malloc.c (malloc_consolidate): Set maxfb to address of last
fastbin rather than end of fastbin array.
2006-10-18 Ulrich Drepper <drepper@redhat.com>
* sysdeps/i386/i486/bits/atomic.h (catomic_decrement): Use correct
body macro.
* sysdeps/x86_64/bits/atomic.h
(__arch_c_compare_and_exchange_val_64_acq): Add missing casts.
(catomic_decrement): Use correct body macro.
2006-10-17 Jakub Jelinek <jakub@redhat.com>
* include/atomic.h: Add a unique prefix to all local variables
in macros.
* csu/tst-atomic.c (do_test): Test also catomic_* macros.
* include/link.h: Include <rtld-lowlevel.h>. Define struct
Implement reference counting of scope records.
* elf/dl-close.c (_dl_close): Remove all scopes from removed objects
from the list in objects which remain. Always allocate new scope
record.
* elf/dl-open.c (dl_open_worker): When growing array for scopes,
don't resize, allocate a new one.
* elf/dl-runtime.c: Update reference counters before using a scope
array.
* elf/dl-sym.c: Likewise.
* elf/dl-libc.c: Adjust for l_scope name change.
* elf/dl-load.c: Likewise.
* elf/dl-object.c: Likewise.
* elf/rtld.c: Likewise.
* include/link.h: Inlcude <rtld-lowlevel.h>. Define struct
r_scoperec. Replace r_scope with pointer to r_scoperec structure.
Add l_scoperec_lock.
* sysdeps/generic/ldsodefs.h: Include <rtld-lowlevel.h>.
* sysdeps/generic/rtld-lowlevel.h: New file.
* include/atomic.h: Rename atomic_and to atomic_and_val and
atomic_or to atomic_or_val. Define new macros atomic_and and
atomic_or which do not return values.
* sysdeps/x86_64/bits/atomic.h: Define atomic_and and atomic_or.
Various cleanups.
* sysdeps/i386/i486/bits/atomic.h: Likewise.
real malloc in the catch object.
(_dl_catch_error): Forward information about malloc use to caller
in new parameter.
(_dl_out_of_memory): Make static.
* elf/dl-deps.c: Adjust callers of _dl_catch_error.
* elf/dl-libc.c: Likewise.
* elf/dl-open.c: Likewise.
* elf/rtld.c: Likewise.
Add new --audit option.
* sysdeps/generic/ldsodefs.h: Remove _dl_out_of_memory declaration.
(rtld_global_ro._dl_signal_error): Add new parameter.
* include/dlfcn.h (_dl_catch_error): Add new parameter.
* dlfcn/dlfcn.c (_dlerror_run): Pass additional parameter to
_dl_catch_error. Only free if the returned newly value says so.
Change type of l_idx to int.
* elf/dl-close.c: Basically rewrite. Do not use l_opencount to
determine whether a DSO has to be unloaded. Instead compute this
in this function.
* elf/dl-deps.c: No need to manipulate l_opencount anymore.
* elf/dl-lookup.c: Likewise.
* elf/rtld.c: Likewise
* elf/dl-open.c: Likewise. Use l_init_called to determine whether
object was just loaded.
* elf/dl-fini.c: Bump l_direct_opencount instead of l_opencount.
* elf/dl-load.c (_dl_map_object_from_fd): Do not recognize DSO which
is about to be unloaded as a match.
(_dl_map_object): Likewise.
* elf/do-lookup.h (do_lookup_x): Do not look into DSO which is about
to be unloaded.
* elf/circleload1.c: Don't use l_opencount anymore.
* elf/neededtest.c: Likewise.
* elf/neededtest2.c: Likewise.
* elf/neededtest3.c: Likewise.
* elf/neededtest4.c: Likewise.
* elf/unload.c: Likewise.
* elf/unload2.c: Likewise.
* elf/loadtest.c: Likewise.
* elf/rtld.c: Preloading errors are now never fatal.
2005-03-08 Jakub Jelinek <jakub@redhat.com>
* elf/Makefile: Add rules to build and run unload5 test.
* elf/unload5.c: New file.
2005-03-08 Jakub Jelinek <jakub@redhat.com>
* elf/Makefile: Add rules to build and run unload4 test.
* elf/unload4.c: New file.
* elf/unload4mod1.c: New file.
* elf/unload4mod2.c: New file.
* elf/unload4mod3.c: New file.
* elf/unload4mod4.c: New file.
(_dl_out_of_memory): Use rtld_hidden_proto.
* elf/dl-error.c (_dl_out_of_memory): Use rtld_hidden_data_def.
(_dl_signal_error): Don't use INTUSE on _dl_out_of_memory.
* elf/dl-open.c (_dl_open): Likewise.
* elf/dl-deps.c (_dl_map_object_deps): Likewise.
* sunrpc/des_impl.c (des_set_key): Make first argument unsigned char *.
* elf/dl-addr.c (_dl_addr): Add a cast.
* elf/unload3mod4.c: Declare foo.
* elf/testobj2.c: Include <stdio.h>.
* sysdeps/gnu/errlist.awk: Emit NERR macro for _sys_nerr_internal
value constant, and use it in the defn.
* sysdeps/gnu/errlist-compat.awk: Use NERR in array decl.
Use actual size for compat array decls.
* config.make.in (cc-mtune): New substituted variable.
* configure.in (libc_cv_cc_mtune): New test for -mtune= switch,
done only if libc_mtune_example is defined.
* configure: Regenerated.
* sysdeps/i386/configure.in (libc_mtune_example): Set it.
* sysdeps/i386/configure: Regenerated.
* sysdeps/i386/Makefile (CFLAGS-initfini.s): Use $(cc-mtune).
2005-01-09 Ulrich Drepper <drepper@redhat.com>
* elf/dl-debug.c (_dl_debug_initialize): Take extra parameter and
use it to select the r_debug structure for that namespace.
* elf/dl-close.c (_dl_close): Adjust call to _dl_debug_initialize.
* elf/dl-load.c (_dl_map_object_from_fd): Likewise.
* elf/dl-open.c (_dl_open): Likewise.
* elf/rtld.c (dl_main): Likewise.
* sysdeps/generic/ldsodefs.h (struct link_namespaces): Add _ns_debug
member.
(_dl_debug_initialize): Add new parameter in declaration.
* elf/dl-close.c (_dl_close): Make sure auditing callbacks are not
called for the auditing objects themselves.
* elf/dl-load.c (_dl_map_object_from_fd): Likewise.
Update.
Add support for namespaces in the dynamic linker.
* dlfcn/Makefile (libdl-routines): Add dlmopen.
* dlfcn/Versions [libdl, GLIBC_2.3.4]: Add dlmopen.
* dlfcn/dlfcn.h: Define Lmid_t, LM_ID_BASE, and LM_ID_NEWLM.
Declare dlmopen. Document RTLD_DI_LMID.
* dlfcn/dlinfo.c: Handle RTLD_DI_LMID.
* dlfcn/dlmopen.c: New file.
* dlfcn/dlopen.c: Pass new parameter to _dl_open.
* dlfcn/dlopenold.c: Likewise.
* elf/dl-addr.c: Adjust for removal of GL(dl_loaded).
* elf/dl-caller.c: Likewise.
* elf/dl-close.c: Likewise.
* elf/dl-conflict.c: Likewise.
* elf/dl-debug.c: Likewise.
* elf/dl-lookup.c: Likewise.
* elf/dl-sym.c: Likewise.
* elf/dl-version.c: Likewise.
* elf/do-lookup.h: Likewise.
* elf/rtld.c: Likewise.
* sysdeps/unix/sysv/linux/i386/dl-librecon.h: Likewise.
* elf/dl-depsc: Likewise. Add new parameter to _dl_map_object.
* elf/dl-fini.c: Call destructors in all namespaces.
* elf/dl-iteratephdr.c: Compute total nloaded. Adjust for removal of
GL(dl_loaded).
* elf/dl-libc.c: Pass new parameter to _dl_open. Adjust for removal
of GL(dl_loaded).
* elf/dl-load.c (_dl_map_object_from_fd): Don't load ld.so a second
time. Reuse the one from the main namespace in all others.
Pass new parameter to _dl_new_object.
Adjust for removal of GL(dl_loaded).
* elf/dl-object.c: Take new parameter. Use it to initialize l_ns.
Adjust for removal of GL(dl_loaded).
* elf/dl-open.c (_dl_open): Take new parameter.
Adjust for removal of GL(dl_loaded).
* elf/dl-support.c: Replace global _dl_loaded etc variables with
_dl_ns variable.
* include/dlfcn.h: Adjust prototype of _dl_open.
Define __LM_ID_CALLER.
* include/link.h: Add l_real, l_ns, and l_direct_opencount elements.
* sysdeps/generic/dl-tls.c: Bump TLS_STATIC_SURPLUS. Since libc is
using TLS we need memory appropriate to the number of namespaces.
* sysdeps/generic/ldsodefs.h (struct rtld_global): Replace _dl_loaded,
_dl_nloaded, _dl_global_scope, _dl_main_searchlist, and
_dl_global_scope_alloc with _dl_ns element. Define DL_NNS.
Adjust prototypes of _dl_map_object and member in rtld_global_ro.
* malloc/malloc.c: Include <dlfcn.h>.
* malloc/arena.c (ptmalloc_init): If libc is not in primary namespace,
never use brk.
* elf/Makefile: Add rules to build and run tst-dlmopen1 and
tst-dlmopen2.
* elf/tst-dlmopen1.c: New file.
* elf/tst-dlmopen1mod.c: New file.
* elf/tst-dlmopen2.c: New file.
* elf/dl-close.c: Improve reference counting by tracking direct loads.
* elf/dl-lookup.c (add_dependency): Likewise.
* elf/dl-open.c (dl_open_worker): Likewise.
* elf/rtld.c (dl_main): Likewise.
2004-09-09 GOTO Masanori <gotom@debian.or.jp>
[BZ #77]
* elf/dl-close.c: Count down l_opencount to check not only for
l_reldeps, but also l_initfini.
2004-10-13 Ulrich Drepper <drepper@redhat.com>
2004-09-23 Ulrich Drepper <drepper@redhat.com>
* sysdeps/generic/bits/dlfcn.h: Add RTLD_DEEPBIND.
* elf/dl-object.c (_dl_new_object): Add new parameter mode. If mode
has RTLD_DEEPBIND set add local searchlist before global scope.
* sysdeps/generic/ldsodefs.h (_dl_new_object): Adjust prototype.
* elf/rtld.c: Adjust callers of _dl_new_object.
* elf/dl-load.c: Likewise.
(_dl_map_object_from_fd): If RTLD_DEEPBIND is used, don't do anything
for DF_SYMBOLIC.
* elf/dl-open.c (dl_open_writer): Pass RTLD_DEEPBIND flag on to
_dl_map_object_deps.
* elf/tst-deep1.c: New file.
* elf/tst-deep1mod1.c: New file.
* elf/tst-deep1mod2.c: New file.
* elf/tst-deep1mod3.c: New file.
* elf/Makefile: Add rules to build and run new tests.
* elf/dl-deps.c: Pretty printing.
Update.
* elf/dl-load.c (_dl_map_object): If __RTLD_CALLMAP flag is set,
reset loader before the actual loading.
* elf/dl-open.c (dl_open_worker): If file name contains no path
element determine map of caller. Pass caller map in this case to
_dl_map_object. Set __RTLD_CALLMAP in mode.
* include/dlfcn.h (__RTLD_CALLMAP): Define. [BZ #116]
Patch by Greg Wolodkin <greg@mathworks.com>.
2004-07-05 Ulrich Drepper <drepper@redhat.com>
* elf/dl-init.c: Don't define and use _dl_starting_up if
HAVE_INLINED_SYSCALLS is defined and the variable is not used.
* elf/dl-support.c: Likewise.
* elf/rtld.c: Likewise.
* elf/dl-misc.c (_dl_debug_vdprintf): Use writev syscall directly
if HAVE_INLINED_SYSCALLS is defined.
* sysdeps/powerpc/powerpc64/dl-machine.h: Don't rest _dl_starting_up
here.
* sysdeps/powerpc/powerpc32/dl-start.S: Likewise.
* sysdeps/unix/sysv/linux/configure.in: Define HAVE_INLINED_SYSCALLS.
* config.h.in: Add entry for HAVE_INLINED_SYSCALLS.
* sysdeps/posix/profil.c: If compiled for ld.so, omit code which
is needed to stop profiling.
* elf/dl-open.c (dl_open_worker): If a newly opened object is to be
profile make sure it cannot be unloaded.
* sysdeps/unix/sysv/linux/dl-origin.c: Inline readlink syscall.
* sysdeps/unix/sysv/linux/fcntl.c: If compiled without cancellation
support, make sure the helper function is inlined.
* sysdeps/unix/sysv/linux/pread.c: Likewise.
* sysdeps/unix/sysv/linux/pwrite.c: Likewise.
* sysdeps/unix/sysv/linux/i386/fcntl.c: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/fcntl.c: Likewise.
