Commit Graph

764 Commits

Author SHA1 Message Date
Alexandra Hájková
6c2f050dbe Add valgrind smoke test
Check if whether valgrind is available in the test environment.
If not, skip the test. Run smoke tests with valgrind to verify dynamic loader.
First, check if algrind works with the system ld.so in the test
environment. Then run the actual test inside the test environment,
using the just build ld.so and new libraries.

Co-authored-by: Mark Wielaard <mark@klomp.org>
2022-01-22 17:31:16 +01:00
Florian Weimer
c90363403b elf: Move _dl_setup_hash to its own file
And compile it with the early CFLAGS.  _dl_setup_hash is called
very early for the ld.so link map, so it should be compiled
differently.

Reviewed-by: Stefan Liebler <stli@linux.ibm.com>
Tested-by: Stefan Liebler <stli@linux.ibm.com>
2022-01-18 14:40:21 +01:00
Adhemerval Zanella
3a5aeba87a elf: Reinstate tst-audit17
9926f6e2ee ("elf: Skip tst-auditlogmod-* if the linker doesn't support
--depaudit [BZ #28 151]") dropped the test by mistake.
2022-01-17 17:16:33 -03:00
Florian Weimer
9ba202c78f Add --with-rtld-early-cflags configure option
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2022-01-14 20:17:15 +01:00
Florian Weimer
b693d75f0c elf: Split dl-printf.c from dl-misc.c
This allows to use different compiler flags for the diagnostics
code.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-01-14 20:17:05 +01:00
Florian Weimer
7de01e60c2 elf/Makefile: Reflow and sort most variable assignments
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-01-14 20:16:35 +01:00
H.J. Lu
f4f70c2895 elf: Add a comment after trailing backslashes 2022-01-04 06:58:34 -08:00
H.J. Lu
bfb5ed5df3 elf: Also try DT_RUNPATH for LD_AUDIT dlopen [BZ #28455]
DT_RUNPATH is only used to find the immediate dependencies of the
executable or shared object containing the DT_RUNPATH entry.  Update
LD_AUDIT dlopen call to try the DT_RUNPATH entry of the executable.

Add tst-audit14a, which is copied from tst-audit14, to DT_RUNPATH and
build tst-audit14 with -Wl,--disable-new-dtags to test DT_RPATH.

This partially fixes BZ #28455.
2022-01-04 04:56:08 -08:00
Samuel Thibault
7ac2bee495 elf: Fix tst-linkall-static link when pthread is not in libc
In that case we want to link in libanl.a, thus providing getaddrinfo_a.
2022-01-04 10:34:47 +00:00
H.J. Lu
28713c0612 elf: Sort tests and modules-names
Sort tests and modules-names to reduce future conflicts.
2022-01-03 16:29:02 -08:00
Adhemerval Zanella
8df0def7a4 Remove stale reference to libanl.a
Since dbb949f53d ("resolv: Move libanl into libc (if libpthread is in
libc)") libanl.a is empty, so linking against it no longer necessary.
2022-01-03 13:54:27 -03:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Florian Weimer
5d28a8962d elf: Add _dl_find_object function
It can be used to speed up the libgcc unwinder, and the internal
_dl_find_dso_for_object function (which is used for caller
identification in dlopen and related functions, and in dladdr).

_dl_find_object is in the internal namespace due to bug 28503.
If libgcc switches to _dl_find_object, this namespace issue will
be fixed.  It is located in libc for two reasons: it is necessary
to forward the call to the static libc after static dlopen, and
there is a link ordering issue with -static-libgcc and libgcc_eh.a
because libc.so is not a linker script that includes ld.so in the
glibc build tree (so that GCC's internal -lc after libgcc_eh.a does
not pick up ld.so).

It is necessary to do the i386 customization in the
sysdeps/x86/bits/dl_find_object.h header shared with x86-64 because
otherwise, multilib installations are broken.

The implementation uses software transactional memory, as suggested
by Torvald Riegel.  Two copies of the supporting data structures are
used, also achieving full async-signal-safety.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-12-28 22:52:56 +01:00
Adhemerval Zanella
484e672dda elf: Do not fail for failed dlmopen on audit modules (BZ #28061)
The dl_main sets the LM_ID_BASE to RT_ADD just before starting to
add load new shared objects.  The state is set to RT_CONSISTENT just
after all objects are loaded.

However if a audit modules tries to dlmopen an inexistent module,
the _dl_open will assert that the namespace is in an inconsistent
state.

This is different than dlopen, since first it will not use
LM_ID_BASE and second _dl_map_object_from_fd is the sole responsible
to set and reset the r_state value.

So the assert on _dl_open can not really be seen if the state is
consistent, since _dt_main resets it.  This patch removes the assert.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-12-28 08:40:38 -03:00
Adhemerval Zanella
f0e23d34a7 elf: Issue audit la_objopen for vDSO
The vDSO is is listed in the link_map chain, but is never the subject of
an la_objopen call.  A new internal flag __RTLD_VDSO is added that
acts as __RTLD_OPENEXEC to allocate the required 'struct auditstate'
extra space for the 'struct link_map'.

The return value from the callback is currently ignored, since there
is no PLT call involved by glibc when using the vDSO, neither the vDSO
are exported directly.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-12-28 08:40:38 -03:00
Adhemerval Zanella
d1b38173c9 elf: Add audit tests for modules with TLSDESC
Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-12-28 08:40:38 -03:00
Adhemerval Zanella
063f9ba220 elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)
The rtld-audit interfaces introduces a slowdown due to enabling
profiling instrumentation (as if LD_AUDIT implied LD_PROFILE).
However, instrumenting is only necessary if one of audit libraries
provides PLT callbacks (la_pltenter or la_pltexit symbols).  Otherwise,
the slowdown can be avoided.

The following patch adjusts the logic that enables profiling to iterate
over all audit modules and check if any of those provides a PLT hook.
To keep la_symbind to work even without PLT callbacks, _dl_fixup now
calls the audit callback if the modules implements it.

Co-authored-by: Alexander Monakov <amonakov@ispras.ru>

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-12-28 08:40:38 -03:00
Adhemerval Zanella
aee6e90f93 elf: Add _dl_audit_objopen
It consolidates the code required to call la_objopen audit callback.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-12-28 08:40:38 -03:00
H.J. Lu
fc2334ab32 Add a testcase to check alignment of PT_LOAD segment [BZ #28676] 2021-12-10 11:26:08 -08:00
Florian Weimer
2e75604f83 elf: Install a symbolic link to ld.so as /usr/bin/ld.so
This makes ld.so features such as --preload, --audit,
and --list-diagnostics more accessible to end users because they
do not need to know the ABI name of the dynamic loader.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-12-10 16:06:58 +01:00
Florian Weimer
c1cb2deeca elf: execve statically linked programs instead of crashing [BZ #28648]
Programs without dynamic dependencies and without a program
interpreter are now run via execve.

Previously, the dynamic linker either crashed while attempting to
read a non-existing dynamic segment (looking for DT_AUDIT/DT_DEPAUDIT
data), or the self-relocated in the static PIE executable crashed
because the outer dynamic linker had already applied RELRO protection.

<dl-execve.h> is needed because execve is not available in the
dynamic loader on Hurd.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-12-05 11:28:34 +01:00
Adhemerval Zanella
ed3ce71f5c elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062)
It ensures that the the namespace is guaranteed to not be empty.

Checked on x86_64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-11-18 17:17:58 -03:00
Florian Weimer
f1d333b5bf elf: Introduce GLRO (dl_libc_freeres), called from __libc_freeres
This will be used to deallocate memory allocated using the non-minimal
malloc.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-11-17 12:20:29 +01:00
H.J. Lu
1f67d8286b elf: Use a temporary file to generate Makefile fragments [BZ #28550]
1. Use a temporary file to generate Makefile fragments for DSO sorting
tests and use -include on them.
2. Add Makefile fragments to postclean-generated so that a "make clean"
removes the autogenerated fragments and a subsequent "make" regenerates
them.

This partially fixes BZ #28550.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-11-16 05:18:01 -08:00
Adhemerval Zanella
54816ae98d elf: Move LAV_CURRENT to link_lavcurrent.h
No functional change.
2021-11-15 15:28:17 -03:00
Adhemerval Zanella
b05fae4d8e elf: Use the minimal malloc on tunables_strdup
The rtld_malloc functions are moved to its own file so it can be
used on csu code.  Also, the functiosn are renamed to __minimal_*
(since there are now used not only on loader code).

Using the __minimal_malloc on tunables_strdup() avoids potential
issues with sbrk() calls while processing the tunables (I see
sporadic elf/tst-dso-ordering9 on powerpc64le with different
tests failing due ASLR).

Also, using __minimal_malloc over plain mmap optimizes the memory
allocation on both static and dynamic case (since it will any unused
space in either the last page of data segments, avoiding mmap() call,
or from the previous mmap() call).

Checked on x86_64-linux-gnu, i686-linux-gnu, and powerpc64le-linux-gnu.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-11-09 14:11:25 -03:00
Adhemerval Zanella
d3bf2f5927 elf: Do not run DSO sorting if tunables is not enabled
Since the argorithm selection requires tunables.

Checked on x86_64-linux-gnu with --enable-tunables=no.
2021-11-03 09:25:06 -03:00
Adhemerval Zanella
66a273d16a elf: Disable ifuncmain{1,5,5pic,5pie} when using LLD
These tests takes the address of a protected symbol (foo_protected)
and lld does not support copy relocations on protected data symbols.

Checked on x86_64-linux-gnu.

Reviewed-by: Fangrui Song <maskray@google.com>
2021-10-29 09:21:37 -03:00
H.J. Lu
f9b152c83f elf: Make global.out depend on reldepmod4.so [BZ #28457]
The global test is linked with globalmod1.so which dlopens reldepmod4.so.
Make global.out depend on reldepmod4.so.  This fixes BZ #28457.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-10-25 07:13:54 -07:00
Chung-Lin Tang
e6fd79f379 elf: Testing infrastructure for ld.so DSO sorting (BZ #17645)
This is the first of a 2-part patch set that fixes slow DSO sorting behavior in
the dynamic loader, as reported in BZ #17645. In order to facilitate such a
large modification to the dynamic loader, this first patch implements a testing
framework for validating shared object sorting behavior, to enable comparison
between old/new sorting algorithms, and any later enhancements.

This testing infrastructure consists of a Python script
scripts/dso-ordering-test.py' which takes in a description language, consisting
of strings that describe a set of link dependency relations between DSOs, and
generates testcase programs and Makefile fragments to automatically test the
described situation, for example:

  a->b->c->d          # four objects linked one after another

  a->[bc]->d;b->c     # a depends on b and c, which both depend on d,
                      # b depends on c (b,c linked to object a in fixed order)

  a->b->c;{+a;%a;-a}  # a, b, c serially dependent, main program uses
                      # dlopen/dlsym/dlclose on object a

  a->b->c;{}!->[abc]  # a, b, c serially dependent; multiple tests generated
                      # to test all permutations of a, b, c ordering linked
                      # to main program

 (Above is just a short description of what the script can do, more
  documentation is in the script comments.)

Two files containing several new tests, elf/dso-sort-tests-[12].def are added,
including test scenarios for BZ #15311 and Redhat issue #1162810 [1].

Due to the nature of dynamic loader tests, where the sorting behavior and test
output occurs before/after main(), generating testcases to use
support/test-driver.c does not suffice to control meaningful timeout for ld.so.
Therefore a new utility program 'support/test-run-command', based on
test-driver.c/support_test_main.c has been added. This does the same testcase
control, but for a program specified through a command-line rather than at the
source code level. This utility is used to run the dynamic loader testcases
generated by dso-ordering-test.py.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1162810

Signed-off-by: Chung-Lin Tang  <cltang@codesourcery.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-10-21 11:23:53 -03:00
Stafford Horne
171ab1af56 elf: Update audit tests to not depend on stdout
The tst-audit14, tst-audit15 and tst-audit16 tests all have audit
modules that write to stdout; the test reads from stdout to confirm
what was written.  This assumes the stdout is a file which is not the
case when run over ssh.

This patch updates the tests to use a post run cmp command to compare
the output against and .exp file.  This is similar to how many other
tests work and it fixes the stdout limitation.  Also, this means the
test code can be greatly simplified.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-10-12 13:25:43 -03:00
H.J. Lu
15e6d6785a Avoid warning: overriding recipe for .../tst-ro-dynamic-mod.so
Add tst-ro-dynamic-mod to modules-names-nobuild to avoid

../Makerules:767: warning: ignoring old recipe for target '.../elf/tst-ro-dynamic-mod.so'

This updates BZ #28340 fix.
2021-09-25 09:06:54 -07:00
H.J. Lu
b413280cfb ld.so: Replace DL_RO_DYN_SECTION with dl_relocate_ld [BZ #28340]
We can't relocate entries in dynamic section if it is readonly:

1. Add a l_ld_readonly field to struct link_map to indicate if dynamic
section is readonly and set it based on p_flags of PT_DYNAMIC segment.
2. Replace DL_RO_DYN_SECTION with dl_relocate_ld to decide if dynamic
section should be relocated.
3. Remove DL_RO_DYN_TEMP_CNT.
4. Don't use a static dynamic section to make readonly dynamic section
in vDSO writable.
5. Remove the temp argument from elf_get_dynamic_info.

This fixes BZ #28340.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-09-22 11:12:43 -07:00
H.J. Lu
a93d9e03a3 Extend struct r_debug to support multiple namespaces [BZ #15971]
Glibc does not provide an interface for debugger to access libraries
loaded in multiple namespaces via dlmopen.

The current rtld-debugger interface is described in the file:

elf/rtld-debugger-interface.txt

under the "Standard debugger interface" heading.  This interface only
provides access to the first link-map (LM_ID_BASE).

1. Bump r_version to 2 when multiple namespaces are used.  This triggers
the GDB bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=28236

2. Add struct r_debug_extended to extend struct r_debug into a linked-list,
where each element correlates to an unique namespace.
3. Initialize the r_debug_extended structure.  Bump r_version to 2 for
the new namespace and add the new namespace to the namespace linked list.
4. Add _dl_debug_update to return the address of struct r_debug' of a
namespace.
5. Add a hidden symbol, _r_debug_extended, for struct r_debug_extended.
6. Provide the symbol, _r_debug, with size of struct r_debug, as an alias
of _r_debug_extended, for programs which reference _r_debug.

This fixes BZ #15971.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-09-19 13:51:35 -07:00
Fangrui Song
9926f6e2ee elf: Skip tst-auditlogmod-* if the linker doesn't support --depaudit [BZ #28151]
gold and ld.lld do not support --audit or --depaudit.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-08-24 09:35:32 -07:00
Fangrui Song
33c50ef428 elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205]
elf/tls-macros.h was added for TLS testing when GCC did not support
__thread. __thread and tls_model attributes are mature now and have been
used by many newer tests.

Also delete tst-tls2.c which tests .tls_common (unused by modern GCC and
unsupported by Clang/LLD). .tls_common and .tbss definition are almost
identical after linking, so the runtime test doesn't add additional
coverage.  Assembler and linker tests should be on the binutils side.

When LLD 13.0.0 is allowed in configure.ac
(https://sourceware.org/pipermail/libc-alpha/2021-August/129866.html),
`make check` result is on par with glibc built with GNU ld on aarch64
and x86_64.

As a future clean-up, TLS_GD/TLS_LD/TLS_IE/TLS_IE macros can be removed from
sysdeps/*/tls-macros.h. We can add optional -mtls-dialect={gnu2,trad}
tests to ensure coverage.

Tested on aarch64-linux-gnu, powerpc64le-linux-gnu, and x86_64-linux-gnu.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2021-08-16 09:59:30 -07:00
Adhemerval Zanella
3908fa933a elf: Fix audit regression
Commit 03e187a41d added a regression when an audit module does not have
libc as DT_NEEDED (although unusual it is possible).

Checked on x86_64-linux-gnu.
2021-07-30 16:01:44 -03:00
Siddhesh Poyarekar
2d2d9f2b48 Move malloc hooks into a compat DSO
Remove all malloc hook uses from core malloc functions and move it
into a new library libc_malloc_debug.so.  With this, the hooks now no
longer have any effect on the core library.

libc_malloc_debug.so is a malloc interposer that needs to be preloaded
to get hooks functionality back so that the debugging features that
depend on the hooks, i.e. malloc-check, mcheck and mtrace work again.
Without the preloaded DSO these debugging features will be nops.
These features will be ported away from hooks in subsequent patches.

Similarly, legacy applications that need hooks functionality need to
preload libc_malloc_debug.so.

The symbols exported by libc_malloc_debug.so are maintained at exactly
the same version as libc.so.

Finally, static binaries will no longer be able to use malloc
debugging features since they cannot preload the debugging DSO.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-07-22 18:37:59 +05:30
Adhemerval Zanella
3a0253ac6f elf: Add -Wl,--no-as-needed for tst-tls-manydynamic*mod-dep-bad.so (BZ #28089)
The tests explicit requires the dependencies and it is required for
the case the toolchain defaults to -Wl,--as-needed.

Checked on x86_64-linux-gnu.
2021-07-15 08:18:21 -03:00
Adhemerval Zanella
ba33937be2 elf: Fix DTV gap reuse logic (BZ #27135)
This is updated version of the 572bd547d5 (reverted by 40ebfd016a)
that fixes the _dl_next_tls_modid issues.

This issue with 572bd547d5 patch is the DTV entry will be only
update on dl_open_worker() with the update_tls_slotinfo() call after
all dependencies are being processed by _dl_map_object_deps().  However
_dl_map_object_deps() itself might call _dl_next_tls_modid(), and since
the _dl_tls_dtv_slotinfo_list::map is not yet set the entry will be
wrongly reused.

This patch fixes by renaming the _dl_next_tls_modid() function to
_dl_assign_tls_modid() and by passing the link_map so it can set
the slotinfo value so a subsequente _dl_next_tls_modid() call will
see the entry as allocated.

The intermediary value is cleared up on remove_slotinfo() for the case
a library fails to load with RTLD_NOW.

This patch fixes BZ #27135.

Checked on x86_64-linux-gnu.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2021-07-14 15:10:27 -03:00
Siddhesh Poyarekar
5ceb1630bd elf/tests: Make thrlock and noload depend on libm
Both tests try to dlopen libm.so at runtime, so make them depend on it
so that they're executed if libm.so has been updated.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-07-08 13:39:19 +05:30
Florian Weimer
7a5db2e82f elf: Clean up GLIBC_PRIVATE exports of internal libdl symbols
They are no longer needed after everything has been moved into
libc.  The _dl_vsym test has to be removed because the symbol
cannot be used outside libc anymore.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-07-07 08:41:24 +02:00
Florian Weimer
30639e79d3 Linux: Cleanups after librt move
librt.so is no longer installed for PTHREAD_IN_LIBC, and tests
are not linked against it.  $(librt) is introduced globally for
shared tests that need to be linked for both PTHREAD_IN_LIBC
and !PTHREAD_IN_LIBC.

GLIBC_PRIVATE symbols that were needed during the transition are
removed again.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-06-28 09:51:01 +02:00
Florian Weimer
8208be389b Install shared objects under their ABI names
Previously, the installed objects were named like libc-2.33.so,
and the ABI soname libc.so.6 was just a symbolic link.

The Makefile targets to install these symbolic links are no longer
needed after this, so they are removed with this commit.  The more
general $(make-link) command (which invokes scripts/rellns-sh) is
retained because other symbolic links are still needed.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@rehdat.com>
2021-06-28 08:33:57 +02:00
Florian Weimer
6bf789d69e elf: Generalize name-based DSO recognition in ldconfig
This introduces <dl-is_dso.h> and the _dl_is_dso function.  A
test ensures that the official names of libc.so, ld.so, and their
versioned names are recognized.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2021-06-28 08:33:57 +02:00
Florian Weimer
c2059edce2 elf: Use _dl_catch_error from base namespace in dl-libc.c [BZ #27646]
dlerrror_run in elf/dl-libc.c needs to call GLRO (dl_catch_error)
from the base namespace, just like the exported dlerror
implementation.

Fixes commit b2964eb1d9 ("dlfcn:
Failures after dlmopen should not terminate process [BZ #24772]").

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-06-17 15:06:46 +02:00
Florian Weimer
699361795f Remove stale references to libdl.a
Since commit 0c1c3a771e
("dlfcn: Move dlopen into libc") libdl.a is empty, so linking
against it is no longer necessary.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-09 19:14:02 +02:00
Stefan Liebler
51a3df5e35 Fix elf/tst-tls9-static after libdl cleanups.
The testcase elf/tst-tls9-static sometimes fails with:
cannot open 'tst-tlsmod5.so': tst-tlsmod5.so: cannot open shared object file: No such file or directory
cannot open 'tst-tlsmod6.so': tst-tlsmod6.so: cannot open shared object file: No such file or directory

After recent commit
6f1c701026
"dlfcn: Cleanups after -ldl is no longer required"
the libdl variable is not set anymore and thus the
dependencies were missing.
2021-06-09 13:38:41 +02:00
Florian Weimer
6f1c701026 dlfcn: Cleanups after -ldl is no longer required
This commit removes the ELF constructor and internal variables from
dlfcn/dlfcn.c.  The file now serves the same purpose as
nptl/libpthread-compat.c, so it is renamed to dlfcn/libdl-compat.c.
The use of libdl-shared-only-routines ensures that libdl.a is empty.

This commit adjusts the test suite not to use $(libdl).  The libdl.so
symbolic link is no longer installed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-03 09:11:45 +02:00
Florian Weimer
77f876c0e3 dlfcn: Move dlsym into libc
The symbol was moved using scripts/move-symbol-to-libc.py.

In elf/Makefile, remove the $(libdl) dependency from testobj1.so
because it the unused libdl DSO now causes elf/tst-unused-deps to
fail.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-03 08:26:04 +02:00
Florian Weimer
7862ff8e69 elf: Use custom NODELETE DSO for tst-dlopenfail, tst-dlopenfail-2
Once libpthread is empty and no longer marked NODELETE, it no longer
can be used for testing.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-21 22:35:00 +02:00
Florian Weimer
78b31cc834 elf: Partially initialize ld.so after static dlopen (bug 20802)
After static dlopen, a copy of ld.so is loaded into the inner
namespace, but that copy is not initialized at all.  Some
architectures run into serious problems as result, which is why the
_dl_var_init mechanism was invented.  With libpthread moving into
libc and parts into ld.so, more architectures impacted, so it makes
sense to switch to a generic mechanism which performs the partial
initialization.

As a result, getauxval now works after static dlopen (bug 20802).

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-17 10:06:57 +02:00
Romain GEISSLER
5188a9d026 Remove all usage of @BASH@ or ${BASH} in installed files, and hardcode /bin/bash instead
(FYI, this is a repost of
https://sourceware.org/pipermail/libc-alpha/2019-July/105035.html now
that FSF papers have been signed and confirmed on FSF side).

This trivial patch attemps to fix BZ 24106. Basically the bash locally
used when building glibc on the host shall not leak on the installed
glibc, as the system where it is installed might be different and use
another bash location.

So I have looked for all occurences of @BASH@ or $(BASH) in installed
files, and replaced it by /bin/bash. This was suggested by Florian
Weimer in the bug report.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-05-12 07:47:11 +05:30
Szabolcs Nagy
9d0e30329c elf: Add test case for [BZ #19329]
Test concurrent dlopen and pthread_create when the loaded modules have
TLS.  This triggers dl-tls assertion failures more reliably than the
nptl/tst-stack4 test.

The dlopened module has 100 DT_NEEDED dependencies with TLS, they were
reused from an existing TLS test. The number of created threads during
dlopen depends on filesystem speed and hardware, but at most 3 threads
are alive at a time to limit resource usage.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-11 17:16:37 +01:00
Florian Weimer
d6163dfd38 elf, nptl: Resolve recursive lock implementation early
If libpthread is included in libc, it is not necessary to delay
initialization of the lock/unlock function pointers until libpthread
is loaded.  This eliminates two unprotected function pointers
from _rtld_global and removes some initialization code from
libpthread.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-05-10 10:31:41 +02:00
Florian Weimer
ce0b7961ae nptl: Consolidate async cancel enable/disable implementation in libc
Previously, the source file nptl/cancellation.c was compiled multiple
times, for libc, libpthread, librt.  This commit switches to a single
implementation, with new __pthread_enable_asynccancel@@GLIBC_PRIVATE,
__pthread_disable_asynccancel@@GLIBC_PRIVATE exports.

The almost-unused CANCEL_ASYNC and CANCEL_RESET macros are replaced
by LIBC_CANCEL_ASYNC and LIBC_CANCEL_ASYNC macros.  They call the
__pthread_* functions unconditionally now.  The macros are still
needed because shared code uses them; Hurd has different definitions.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-05 17:19:32 +02:00
Florian Weimer
90d7e7e5bd elf: Introduce __tls_init_tp for second-phase TCB initialization
TLS_INIT_TP is processor-specific, so it is not a good place to
put thread library initialization code (it would have to be repeated
for all CPUs).  Introduce __tls_init_tp as a separate function,
to be called immediately after TLS_INIT_TP.  Move the existing
stack list setup code for NPTL to this function.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:51 +02:00
Florian Weimer
b2964eb1d9 dlfcn: Failures after dlmopen should not terminate process [BZ #24772]
Commit 9e78f6f6e7 ("Implement
_dl_catch_error, _dl_signal_error in libc.so [BZ #16628]") has the
side effect that distinct namespaces, as created by dlmopen, now have
separate implementations of the rtld exception mechanism.  This means
that the call to _dl_catch_error from libdl in a secondary namespace
does not actually install an exception handler because the
thread-local variable catch_hook in the libc.so copy in the secondary
namespace is distinct from that of the base namepace.  As a result, a
dlsym/dlopen/... failure in a secondary namespace terminates the process
with a dynamic linker error because it looks to the exception handler
mechanism as if no handler has been installed.

This commit restores GLRO (dl_catch_error) and uses it to set the
handler in the base namespace.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:51 +02:00
Florian Weimer
1d95b035c7 nptl: Move __pthread_unwind_next into libc
It's necessary to stub out __libc_disable_asynccancel and
__libc_enable_asynccancel via rtld-stubbed-symbols because the new
direct references to the unwinder result in symbol conflicts when the
rtld exception handling from libc is linked in during the construction
of librtld.map.

unwind-forcedunwind.c is merged into unwind-resume.c.  libc now needs
the functions that were previously only used in libpthread.

The GLIBC_PRIVATE exports of __libc_longjmp and __libc_siglongjmp are
no longer needed, so switch them to hidden symbols.

The symbol __pthread_unwind_next has been moved using
scripts/move-symbol-to-libc.py.

Reviewed-by: Adhemerva Zanella  <adhemerval.zanella@linaro.org>
2021-04-21 19:49:50 +02:00
Szabolcs Nagy
8f85075a2e elf: Add a DTV setup test [BZ #27136]
The test dlopens a large number of modules with TLS, they are reused
from an existing test.

The test relies on the reuse of slotinfo entries after dlclose, without
bug 27135 fixed this needs a failing dlopen. With a slotinfo list that
has non-monotone increasing generation counters, bug 27136 can trigger.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-04-15 09:30:43 +01:00
Siddhesh Poyarekar
061fe3f8ad Enhance setuid-tunables test
Instead of passing GLIBC_TUNABLES via the environment, pass the
environment variable from parent to child.  This allows us to test
multiple variables to ensure better coverage.

The test list currently only includes the case that's already being
tested.  More tests will be added later.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-04-12 19:03:19 +05:30
Samuel Thibault
16b597807d elf: Fix not compiling ifunc tests that need gcc ifunc support 2021-03-24 01:52:46 +01:00
Siddhesh Poyarekar
8b8f13b60d Build libc-start with stack protector for SHARED
This does not change the emitted code since __libc_start_main does not
return, but is important for formal flags compliance.

This also cleans up the cosmetic inconsistency in the stack protector
flags in csu, especially the incorrect value of STACK_PROTECTOR_LEVEL.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-03-15 20:25:00 +05:30
Florian Weimer
4e6db99c66 elf: ld.so --help calls _dl_init_paths without a main map [BZ #27577]
In this case, use the link map of the dynamic loader itself as
a replacement.  This is more than just a hack: if we ever support
DT_RUNPATH/DT_RPATH for the dynamic loader, reporting it for
ld.so --help (without further command line arguments) would be the
right thing to do.

Fixes commit 3324213125 ("elf: Always
set l in _dl_init_paths (bug 23462)").
2021-03-15 14:43:13 +01:00
Carlos O'Donell
3324213125 elf: Always set l in _dl_init_paths (bug 23462)
After d1d5471579 ("Remove dead
DL_DST_REQ_STATIC code.") we always setup the link map l to make the
static and shared cases the same.  The bug is that in elf/dl-load.c
(_dl_init_paths) we conditionally set l only in the #ifdef SHARED
case, but unconditionally use it later.  The simple solution is to
remove the #ifdef SHARED conditional, because it's no longer needed,
and unconditionally setup l for both the static and shared cases. A
regression test is added to run a static binary with
LD_LIBRARY_PATH='$ORIGIN' which crashes before the fix and runs after
the fix.

Co-Authored-By: Florian Weimer <fweimer@redhat.com>
2021-03-12 16:44:47 +01:00
Florian Weimer
851f32cf7b ld.so: Implement the --list-diagnostics option 2021-03-02 14:39:24 +01:00
Florian Weimer
e7b2a56192 elf: Build __dl_iterate_phdr with unwinding support [BZ #27498] 2021-03-02 11:56:33 +01:00
Fangrui Song
02d393f248 elf: Replace a --defsym trick with an object file to be compatible with LLD
The existing code specifies -Wl,--defsym=malloc=0 and other malloc.os
definitions before libc_pic.a so that libc_pic.a(malloc.os) is not
fetched. This trick is used to avoid multiple definition errors which
would happen as a chain result:

  dl-allobjs.os has an undefined __libc_scratch_buffer_set_array_size
  __libc_scratch_buffer_set_array_size fetches libc_pic.a(scratch_buffer_set_array_size.os)
  libc_pic.a(scratch_buffer_set_array_size.os) has an undefined free
  free fetches libc_pic.a(malloc.os)
  libc_pic.a(malloc.os) has an undefined __libc_message
  __libc_message fetches libc_pic.a(libc_fatal.os)

  libc_fatal.os will cause a multiple definition error (__GI___libc_fatal)
  >>> defined at dl-fxstatat64.c
  >>>            /tmp/p/glibc/Release/elf/dl-allobjs.os:(__GI___libc_fatal)
  >>> defined at libc_fatal.c
  >>>            libc_fatal.os:(.text+0x240) in archive /tmp/p/glibc/Release/libc_pic.a

LLD processes --defsym after all input files, so this trick does not
suppress multiple definition errors with LLD. Split the step into two
and use an object file to make the intention more obvious and make LLD
work.

This is conceptually more appropriate because --defsym defines a SHN_ABS
symbol while a normal definition is relative to the image base.

See https://sourceware.org/pipermail/libc-alpha/2020-March/111910.html
for discussions about the --defsym semantics.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-02-01 09:44:08 -08:00
Matheus Castanho
01cdcf783a elf: Limit tst-prelink-cmp target archs
elf/tst-prelink-cmp was initially added for x86 (commit fe534fe898) to validate
the fix for Bug 19178, and later applied to all architectures that use GLOB_DAT
relocations (commit 89569c8bb6).  However, that bug only affected targets that
handle GLOB_DAT relocations as ELF_TYPE_CLASS_EXTERN_PROTECTED_DATA, so the test
should only apply to targets defining DL_EXTERN_PROTECTED_DATA, which gates the
usage of the elf type class above.  For all other targets not meeting that
criteria, the test now returns with UNSUPPORTED status.

Fixes the test on POWER10 processors, which started using R_PPC64_GLOB_DAT.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-01-27 11:34:50 -03:00
H.J. Lu
86f65dffc2 ld.so: Add --list-tunables to print tunable values
Pass --list-tunables to ld.so to print tunables with min and max values.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-01-15 05:59:10 -08:00
H.J. Lu
7137d682eb ifuncmain6pie: Remove the circular IFUNC dependency [BZ #20019]
On x86, ifuncmain6pie failed with:

[hjl@gnu-cfl-2 build-i686-linux]$ ./elf/ifuncmain6pie --direct
./elf/ifuncmain6pie: IFUNC symbol 'foo' referenced in '/export/build/gnu/tools-build/glibc-32bit/build-i686-linux/elf/ifuncmod6.so' is defined in the executable and creates an unsatisfiable circular dependency.
[hjl@gnu-cfl-2 build-i686-linux]$ readelf -rW elf/ifuncmod6.so | grep foo
00003ff4  00000706 R_386_GLOB_DAT         0000400c   foo_ptr
00003ff8  00000406 R_386_GLOB_DAT         00000000   foo
0000400c  00000401 R_386_32               00000000   foo
[hjl@gnu-cfl-2 build-i686-linux]$

Remove non-JUMP_SLOT relocations against foo in ifuncmod6.so, which
trigger the circular IFUNC dependency, and build ifuncmain6pie with
-Wl,-z,lazy.
2021-01-13 11:50:08 -08:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Florian Weimer
9ffa50b26b elf: Include libc.so.6 as main program in dependency sort (bug 20972)
_dl_map_object_deps always sorts the initially loaded object first
during dependency sorting.  This means it is relocated last in
dl_open_worker.  This results in crashes in IFUNC resolvers without
lazy bindings if libraries are preloaded that refer to IFUNCs in
libc.so.6: the resolvers are called when libc.so.6 has not been
relocated yet, so references to _rtld_global_ro etc. crash.

The fix is to check against the libc.so.6 link map recorded by the
__libc_early_init framework, and let it participate in the dependency
sort.

This fixes bug 20972.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-12-11 18:31:04 +01:00
Florian Weimer
fdf8fbca45 s390x: Add glibc-hwcaps support
Subdirectories z13, z14, z15 can be selected, mostly based on the
level of support for vector instructions.

Co-Authored-By: Stefan Liebler <stli@linux.ibm.com>
2020-12-10 13:51:18 +01:00
Florian Weimer
1bb8d05b9c elf: Fix run-time dependencies of tst-dlopen-fail-2
The misattributed dependencies can cause failures in parallel testing
if the dependencies have not been built yet.

Fixes commit a332bd1518
("elf: Add elf/tst-dlopenfail-2 [BZ #25396]").
2020-12-10 12:44:25 +01:00
Florian Weimer
4c38c1a229 powerpc64le: Add glibc-hwcaps support
The "power10" and "power9" subdirectories are selected in a way
that matches the -mcpu=power10 and -mcpu=power9 options of GCC.
2020-12-04 14:50:49 +01:00
Florian Weimer
f267e1c9dd x86_64: Add glibc-hwcaps support
The subdirectories match those in the x86-64 psABI:

77566eb03b

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-04 09:36:02 +01:00
Florian Weimer
600d9e0c87 elf: Add glibc-hwcaps subdirectory support to ld.so cache processing
This recognizes the DL_CACHE_HWCAP_EXTENSION flag in cache entries,
and picks the supported cache entry with the highest priority.

The elf/tst-glibc-hwcaps-prepend-cache test documents a non-desired
aspect of the current cache implementation: If the cache selects a DSO
that does not exist on disk, _dl_map_object falls back to open_path,
which may or may not find an alternative implementation.  This is an
existing limitation that also applies to the legacy hwcaps processing
for ld.so.cache.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-04 09:35:43 +01:00
Florian Weimer
73b6e50a22 elf: Implement tail merging of strings in ldconfig
This simplifies the string table construction in elf/cache.c
because there is no more need to keep track of offsets explicitly;
the string table implementation does this internally.

This change slightly reduces the size of the cache on disk.  The
file format does not change as a result.  The strings are
null-terminated, without explicit length, so tail merging is
transparent to readers.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-04 09:16:41 +01:00
Florian Weimer
785969a047 elf: Implement a string table for ldconfig, with tail merging
This will be used in ldconfig to reduce the ld.so.cache size slightly.

Tail merging is an optimization where a pointer points into another
string if the first string is a suffix of the second string.

The hash function FNV-1a was chosen because it is simple and achieves
good dispersion even for short strings (so that the hash table bucket
count can be a power of two).  It is clearly superior to the hsearch
hash and the ELF hash in this regard.

The hash table uses chaining for collision resolution.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-12-04 09:16:41 +01:00
Florian Weimer
dad90d5282 elf: Add glibc-hwcaps support for LD_LIBRARY_PATH
This hacks non-power-set processing into _dl_important_hwcaps.
Once the legacy hwcaps handling goes away, the subdirectory
handling needs to be reworked, but it is premature to do this
while both approaches are still supported.

ld.so supports two new arguments, --glibc-hwcaps-prepend and
--glibc-hwcaps-mask.  Each accepts a colon-separated list of
glibc-hwcaps subdirectory names.  The prepend option adds additional
subdirectories that are searched first, in the specified order.  The
mask option restricts the automatically selected subdirectories to
those listed in the option argument.  For example, on systems where
/usr/lib64 is on the library search path,
--glibc-hwcaps-prepend=valgrind:debug causes the dynamic loader to
search the directories /usr/lib64/glibc-hwcaps/valgrind and
/usr/lib64/glibc-hwcaps/debug just before /usr/lib64 is searched.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-12-04 09:13:43 +01:00
Samuel Thibault
3dbbd2ff92 Add {,sysdep-}ld-library-path make variable
On GNU/Hurd we not only need $(common-objpfx) in LD_LIBRARY_PATH when loading
dynamic objects, but also $(common-objpfx)/mach and $(common-objpfx)/hurd. This
adds an ld-library-path variable to be used as LD_LIBRARY_PATH basis in
Makefiles, and a sysdep-ld-library-path variable for sysdeps to add some
more paths, here mach/ and hurd/.
2020-11-16 21:15:20 +00:00
Florian Weimer
1daccf403b nptl: Move stack list variables into _rtld_global
Now __thread_gscope_wait (the function behind THREAD_GSCOPE_WAIT,
formerly __wait_lookup_done) can be implemented directly in ld.so,
eliminating the unprotected GL (dl_wait_lookup_done) function
pointer.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-11-16 19:33:30 +01:00
Florian Weimer
db03874df9 elf: Print the full name of the dynamic loader in the ld.so help message
This requires defining a macro for the full path, matching the
-Wl,--dynamic-link= arguments used for linking glibc programs,
and ldd script.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 17:12:05 +02:00
Florian Weimer
9590a71adc elf: Move ld.so error/help output to _dl_usage
Also add a comment to elf/Makefile, explaining why we cannot use
config.status for autoconf template processing.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-08 13:38:23 +02:00
Andreas Schwab
8f8052c2aa Revert "Fix missing redirects in testsuite targets"
This reverts commit d5afb38503.  The log files are actually created by the
various shell scripts that drive the tests.
2020-10-08 10:09:30 +02:00
Florian Weimer
b31d4355ae elf: Implement _dl_write
The generic version is parallel to _dl_writev.  It cannot use
_dl_writev directly because the errno value needs to be obtained
under a lock.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-07 16:41:30 +02:00
Florian Weimer
56f8d44294 elf: Do not search HWCAP subdirectories in statically linked binaries
This functionality does not seem to be useful since static dlopen
is mostly used for iconv/character set conversion and NSS support.
gconv modules are loaded with full paths anyway, so that the
HWCAP subdirectory logic does not apply.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2020-10-07 16:40:23 +02:00
Vincent Mihalkovic
c670278934 ld.so: add an --argv0 option [BZ #16124] 2020-09-29 12:34:40 +02:00
Florian Weimer
07ed32f920 elf: Change TLS static surplus default back to 1664
Make the computation in elf/dl-tls.c more transparent, and add
an explicit test for the historic value.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-20 13:30:45 +02:00
Szabolcs Nagy
ffb17e7ba3 rtld: Avoid using up static TLS surplus for optimizations [BZ #25051]
On some targets static TLS surplus area can be used opportunistically
for dynamically loaded modules such that the TLS access then becomes
faster (TLSDESC and powerpc TLS optimization). However we don't want
all surplus TLS to be used for this optimization because dynamically
loaded modules with initial-exec model TLS can only use surplus TLS.

The new contract for surplus static TLS use is:

- libc.so can have up to 192 bytes of IE TLS,
- other system libraries together can have up to 144 bytes of IE TLS.
- Some "optional" static TLS is available for opportunistic use.

The optional TLS is now tunable: rtld.optional_static_tls, so users
can directly affect the allocated static TLS size. (Note that module
unloading with dlclose does not reclaim static TLS. After the optional
TLS runs out, TLS access is no longer optimized to use static TLS.)

The default setting of rtld.optional_static_tls is 512 so the surplus
TLS is 3*192 + 4*144 + 512 = 1664 by default, the same as before.

Fixes BZ #25051.

Tested on aarch64-linux-gnu and x86_64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-08 17:32:56 +01:00
Florian Weimer
706ad1e7af Add the __libc_single_threaded variable
The variable is placed in libc.so, and it can be true only in
an outer libc, not libcs loaded via dlmopen or static dlopen.
Since thread creation from inner namespaces does not work,
pthread_create can update __libc_single_threaded directly.

Using __libc_early_init and its initial flag, implementation of this
variable is very straightforward.  A future version may reset the flag
during fork (but not in an inner namespace), or after joining all
threads except one.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-07-06 11:15:58 +02:00
Florian Weimer
ce12fc7113 Remove NO_CTORS_DTORS_SECTIONS macro
This was originally added to support binutils older than version
2.22:

  <https://sourceware.org/ml/libc-alpha/2010-12/msg00051.html>

Since 2.22 is older than the minimum required binutils version
for building glibc, we no longer need this.  (The changes do
not impact the statically linked startup code.)
2020-05-18 15:39:34 +02:00
Florian Weimer
ec935dea63 elf: Implement __libc_early_init
This function is defined in libc.so, and the dynamic loader calls
right after relocation has been finished, before any ELF constructors
or the preinit function is invoked.  It is also used in the static
build for initializing parts of the static libc.

To locate __libc_early_init, a direct symbol lookup function is used,
_dl_lookup_direct.  It does not search the entire symbol scope and
consults merely a single link map.  This function could also be used
to implement lookups in the vDSO (as an optimization).

A per-namespace variable (libc_map) is added for locating libc.so,
to avoid repeated traversals of the search scope.  It is similar to
GL(dl_initfirst).  An alternative would have been to thread a context
argument from _dl_open down to _dl_map_object_from_fd (where libc.so
is identified).  This could have avoided the global variable, but
the change would be larger as a result.  It would not have been
possible to use this to replace GL(dl_initfirst) because that global
variable is used to pass the function pointer past the stack switch
from dl_main to the main program.  Replacing that requires adding
a new argument to _dl_init, which in turn needs changes to the
architecture-specific libc.so startup code written in assembler.

__libc_early_init should not be used to replace _dl_var_init (as
it exists today on some architectures).  Instead, _dl_lookup_direct
should be used to look up a new variable symbol in libc.so, and
that should then be initialized from the dynamic loader, immediately
after the object has been loaded in _dl_map_object_from_fd (before
relocation is run).  This way, more IFUNC resolvers which depend on
these variables will work.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-24 22:32:09 +02:00
Fangrui Song
eb06601bb4 elf: Support lld-style link map for librtld.map
GNU ld and gold's -Map include a line like:

  path/to/build/libc_pic.a(check_fds.os)

lld -Map does not have the archive member list, but we can still derive the
members from the following output

             VMA              LMA     Size Align Out     In      Symbol
...
           1a1c0            1a1c0       e2    16         path/to/build/libc_pic.a(check_fds.os):(.text)
2020-04-21 15:10:10 -03:00
Florian Weimer
8f7a75d700 elf: Implement DT_AUDIT, DT_DEPAUDIT support [BZ #24943]
binutils ld has supported --audit, --depaudit for a long time,
only support in glibc has been missing.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-03 16:26:10 +02:00
Florian Weimer
0499a353a6 elf: Add elf/check-wx-segment, a test for the presence of WX segments
Writable, executable segments defeat security hardening.  The
existing check for DT_TEXTREL does not catch this.

hppa and SPARC currently keep the PLT in an RWX load segment.
2020-03-02 14:25:20 +01:00
Florian Weimer
3a0ecccb59 ld.so: Do not export free/calloc/malloc/realloc functions [BZ #25486]
Exporting functions and relying on symbol interposition from libc.so
makes the choice of implementation dependent on DT_NEEDED order, which
is not what some compiler drivers expect.

This commit replaces one magic mechanism (symbol interposition) with
another one (preprocessor-/compiler-based redirection).  This makes
the hand-over from the minimal malloc to the full malloc more
explicit.

Removing the ABI symbols is backwards-compatible because libc.so is
always in scope, and the dynamic loader will find the malloc-related
symbols there since commit f0b2132b35
("ld.so: Support moving versioned symbols between sonames
[BZ #24741]").

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-02-15 11:01:23 +01:00
Florian Weimer
abcc039d2e elf: Introduce the rtld-stubbed-symbols makefile variable
This generalizes a mechanism used for stack-protector support, so
that it can be applied to other symbols if required.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-02-15 11:00:27 +01:00
David Kilroy
eb447b7b4b elf: Allow dlopen of filter object to work [BZ #16272]
There are two fixes that are needed to be able to dlopen filter
objects. First _dl_map_object_deps cannot assume that map will be at
the beginning of l_searchlist.r_list[], as filtees are inserted before
map. Secondly dl_open_worker needs to ensure that filtees get
relocated.

In _dl_map_object_deps:

* avoiding removing relocation dependencies of map by setting
  l_reserved to 0 and otherwise processing the rest of the search
  list.

* ensure that map remains at the beginning of l_initfini - the list
  of things that need initialisation (and destruction). Do this by
  splitting the copy up. This may not be required, but matches the
  initialization order without dlopen.

Modify dl_open_worker to relocate the objects in new->l_inifini.
new->l_initfini is constructed in _dl_map_object_deps, and lists the
objects that need initialization and destruction. Originally the list
of objects in new->l_next are relocated. All of these objects should
also be included in new->l_initfini (both lists are populated with
dependencies in _dl_map_object_deps). We can't use new->l_prev to pick
up filtees, as during a recursive dlopen from an interposed malloc
call, l->prev can contain objects that are not ready for relocation.

Add tests to verify that symbols resolve to the filtee implementation
when auxiliary and filter objects are used, both as a normal link and
when dlopen'd.

Tested by running the testsuite on x86_64.
2020-02-12 14:29:48 -03:00
Joseph Myers
d01fd5f0ce Fix elf/tst-rtld-preload cross-testing.
As noted in
<https://sourceware.org/ml/libc-alpha/2019-06/msg00824.html>,
elf/tst-rtld-preload fails when cross-testing because it attempts to
run the test wrapper with itself.  Unfortunately, that thread never
resulted in a complete and correct patch for that test.

This patch addresses the issues with that test more thoroughly.  The
test is changed not to use the wrapper twice, including updating the
message it prints about the command it runs to be more complete and
accurate after the change; the Makefile is changed not to pass the
redundant '$(test-wrapper)' argument.

Tested for Arm that this fixes the failure seen for that test in
cross-testing.
2020-01-24 17:22:13 +00:00
Joseph Myers
00167b531d Fix cross-testing of tst-ifunc-fault-* tests.
The tests elf/tst-ifunc-fault-bindnow and elf/tst-ifunc-fault-lazy
fail in cross-testing because they run the dynamic linker directly
without using the test wrapper.  This patch fixes them to use the test
wrapper instead.

Tested that this fixes the failure of those two tests for powerpc
soft-float.
2020-01-23 14:34:59 +00:00
Florian Weimer
a332bd1518 elf: Add elf/tst-dlopenfail-2 [BZ #25396]
Without CET, a jump into a newly loaded object through an overwritten
link map often does not crash, it just executes some random code.
CET detects this in some cases because the function pointer does not
point to the start of a function in the replacement shared object,
so there is no ENDBR instruction.

The new test uses a small shared object and the existing dangling
link map to trigger the bug.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-16 16:53:58 +01:00
Alexandra Hájková
591236f1a3 elf: Add tst-ldconfig-ld_so_conf-update test
Test ldconfig after /etc/ld.so.conf update and verify a running process
 observes changes to /etc/ld.so.cache.
 The test uses the test-in-container framework.

 Reviewed-by: Arjun Shankar <arjun@redhat.com>
2020-01-09 20:47:19 +01:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Florian Weimer
6a265e577e Fix test isolation for elf/tst-ifunc-fault-lazy, elf/tst-ifunc-fault-bindnow
Previously, ld.so was invoked only with the elf subdirectory on the
library search path.  Since the soname link for libc.so only exists in
the top-level build directory, this leaked the system libc into the
test.
2019-12-19 16:06:50 +01:00
Florian Weimer
365624e2d2 dlopen: Fix issues related to NODELETE handling and relocations
The assumption behind the assert in activate_nodelete was wrong:

Inconsistency detected by ld.so: dl-open.c: 459: activate_nodelete:
Assertion `!imap->l_init_called || imap->l_type != lt_loaded' failed! (edit)

It can happen that an already-loaded object that is in the local
scope is promoted to NODELETE status, via binding to a unique
symbol.

Similarly, it is possible that such NODELETE promotion occurs to
an already-loaded object from the global scope.  This is why the
loop in activate_nodelete has to cover all objects in the namespace
of the new object.

In do_lookup_unique, it could happen that the NODELETE status of
an already-loaded object was overwritten with a pending NODELETE
status.  As a result, if dlopen fails, this could cause a loss of
the NODELETE status of the affected object, eventually resulting
in an incorrect unload.

Fixes commit f63b73814f ("Remove all
loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]").
2019-12-13 10:18:24 +01:00
Florian Weimer
8b196ac4b8 Expand $(as-needed) and $(no-as-needed) throughout the build system
Since commit a3cc4f48e9 ("Remove
--as-needed configure test."), --as-needed support is no longer
optional.

The macros are not much shorter and do not provide documentary
value, either, so this commit removes them.
2019-12-03 21:37:50 +01:00
Florian Weimer
4db71d2f98 elf: Do not run IFUNC resolvers for LD_DEBUG=unused [BZ #24214]
This commit adds missing skip_ifunc checks to aarch64, arm, i386,
sparc, and x86_64.  A new test case ensures that IRELATIVE IFUNC
resolvers do not run in various diagnostic modes of the dynamic
loader.

Reviewed-By: Szabolcs Nagy <szabolcs.nagy@arm.com>
2019-12-02 14:55:22 +01:00
Florian Weimer
61a7c9df71 elf/tst-dlopenfail: Disable --no-as-needed for tst-dlopenfailmod1.so
Otherwise, the shared object dependency which triggers the load
failure is dropped, invalidating the test.
2019-12-02 14:54:38 +01:00
Florian Weimer
f63b73814f Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]
This introduces a “pending NODELETE” state in the link map, which is
flipped to the persistent NODELETE state late in dlopen, via
activate_nodelete.    During initial relocation, symbol binding
records pending NODELETE state only.  dlclose ignores pending NODELETE
state.  Taken together, this results that a partially completed dlopen
is rolled back completely because new NODELETE mappings are unloaded.

Tested on x86_64-linux-gnu and i386-linux-gnu.

Change-Id: Ib2a3d86af6f92d75baca65431d74783ee0dbc292
2019-11-27 20:55:35 +01:00
Florian Weimer
79e0cd7b3c Lazy binding failures during dlopen/dlclose must be fatal [BZ #24304]
If a lazy binding failure happens during the execution of an ELF
constructor or destructor, the dynamic loader catches the error
and reports it using the dlerror mechanism.  This is undesirable
because there could be other constructors and destructors that
need processing (which are skipped), and the process is in an
inconsistent state at this point.  Therefore, we have to issue
a fatal dynamic loader error error and terminate the process.

Note that the _dl_catch_exception in _dl_open is just an inner catch,
to roll back some state locally.  If called from dlopen, there is
still an outer catch, which is why calling _dl_init via call_dl_init
and a no-exception is required and cannot be avoiding by moving the
_dl_init call directly into _dl_open.

_dl_fini does not need changes because it does not install an error
handler, so errors are already fatal there.

Change-Id: I6b1addfe2e30f50a1781595f046f44173db9491a
2019-11-27 20:55:35 +01:00
Sandra Loosemore
c72e5cd87d Compile elf/rtld.c with -fno-tree-loop-distribute-patterns.
In GCC 10, the default at -O2 is now -ftree-loop-distribute-patterns.
This optimization causes GCC to "helpfully" convert the hand-written
loop in _dl_start into a call to memset, which is not available that
early in program startup.  Similar problems in other places in GLIBC
have been addressed by explicitly building with
-fno-tree-loop-distribute-patterns, but this one may have been
overlooked previously because it only affects targets where
HAVE_BUILTIN_MEMSET is not defined.

This patch fixes a bug observed on nios2-linux-gnu target that caused
all programs to segv on startup.
2019-11-26 19:18:23 +01:00
Florian Weimer
c7bf5ceab6 Properly initialize audit cookie for the dynamic loader [BZ #25157]
The l_audit array is indexed by audit module, not audit function.

Change-Id: I180eb3573dc1c57433750f5d8cb18271460ba5f2
2019-11-15 13:03:32 +01:00
Florian Weimer
7d3db434f9 Rename and split elf/tst-dlopen-aout collection of tests
From the beginning, elf/tst-dlopen-aout has exercised two different
bugs: (a) failure to report errors for a dlopen of the executable
itself in some cases (bug 24900) and (b) incorrect rollback of the
TLS modid allocation in case of a dlopen failure (bug 16634).

This commit replaces the test with elf/tst-dlopen-self for (a) and
elf/tst-dlopen-tlsmodid for (b).  The latter tests use the
elf/tst-dlopen-self binaries (or iconv) with dlopen, so they are
no longer self-dlopen tests.

Tested on x86_64-linux-gnu and i686-linux-gnu, with a toolchain that
does not default to PIE.
2019-10-17 08:51:21 +02:00
Florian Weimer
77523d5e43 elf: Assign TLS modid later during dlopen [BZ #24930]
Commit a42faf59d6 ("Fix BZ #16634.")
attempted to fix a TLS modid consistency issue by adding additional
checks to the open_verify function.  However, this is fragile
because open_verify cannot reliably predict whether
_dl_map_object_from_fd will later fail in the more complex cases
(such as memory allocation failures).  Therefore, this commit
assigns the TLS modid as late as possible.  At that point, the link
map pointer will eventually be passed to _dl_close, which will undo
the TLS modid assignment.

Reviewed-by: Gabriel F. T. Gomes <gabrielftg@linux.ibm.com>
2019-10-04 21:23:51 +02:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Florian Weimer
23d2e5faf0 elf: Self-dlopen failure with explict loader invocation [BZ #24900]
In case of an explicit loader invocation, ld.so essentially performs
a dlopen call to load the main executable.  Since the pathname of
the executable is known at this point, it gets stored in the link
map.  In regular mode, the pathname is not known and "" is used
instead.

As a result, if a program calls dlopen on the pathname of the main
program, the dlopen call succeeds and returns a handle for the main
map.  This results in an unnecessary difference between glibc
testing (without --enable-hardcoded-path-in-tests) and production
usage.

This commit discards the names when building the link map in
_dl_new_object for the main executable, but it still determines
the origin at this point in case of an explict loader invocation.
The reason is that the specified pathname has to be used; the kernel
has a different notion of the main executable.
2019-08-15 18:53:32 +02:00
Florian Weimer
9b9670fcd8 elf: Support elf/tst-dlopen-aout in more configurations
dlopen can no longer open PIE binaries, so it is not necessary
to link the executable as non-PIE to trigger a dlopen failure.

If we hard-code the path to the real executable, we can run the test
with and without hard-coded paths because the dlopen path will not
be recognized as the main program in both cases.  (With an explict
loader invocation, the loader currently adds argv[0] to l_libname
for the main map and the dlopen call suceeds as a result; it does
not do that in standard mode.)
2019-08-12 17:59:13 +02:00
Florian Weimer
f0b2132b35 ld.so: Support moving versioned symbols between sonames [BZ #24741]
This change should be fully backwards-compatible because the old
code aborted the load if a soname mismatch was encountered
(instead of searching further for a matching symbol).  This means
that no different symbols are found.

The soname check was explicitly disabled for the skip_map != NULL
case.  However, this only happens with dl(v)sym and RTLD_NEXT,
and those lookups do not come with a verneed entry that could be used
for the check.

The error check was already explicitly disabled for the skip_map !=
NULL case, that is, when dl(v)sym was called with RTLD_NEXT.  But
_dl_vsym always sets filename in the struct r_found_version argument
to NULL, so the check was not active anyway.  This means that
symbol lookup results for the skip_map != NULL case do not change,
either.
2019-06-28 10:15:38 +02:00
Florian Weimer
2c75b545de elf: Refuse to dlopen PIE objects [BZ #24323]
Another executable has already been mapped, so the dynamic linker
cannot perform relocations correctly for the second executable.
2019-06-18 16:42:10 +02:00
Alexandra Hájková
481c30cb95 elf: Add tst-ldconfig-bad-aux-cache test [BZ #18093]
This test corrupts /var/cache/ldconfig/aux-cache and executes ldconfig
to check it will not segfault using the corrupted aux_cache. The test
uses the test-in-container framework. Verified no regressions on
x86_64.
2019-05-23 11:49:44 +02:00
Florian Weimer
c57afec0a9 elf: Link sotruss-lib.so with BIND_NOW for --enable-bind-now
The audit module itself can be linked with BIND_NOW; it does not
affect its functionality.

This should complete the leftovers from commit
2d6ab5df3b ("Document and fix
--enable-bind-now [BZ #21015]").
2019-04-26 07:16:56 +02:00
Adhemerval Zanella
1a4c27355e elf: Fix pldd (BZ#18035)
Since 9182aa6799 (Fix vDSO l_name for GDB's, BZ#387) the initial link_map
for executable itself and loader will have both l_name and l_libname->name
holding the same value due:

 elf/dl-object.c

 95   new->l_name = *realname ? realname : (char *) newname->name + libname_len - 1;

Since newname->name points to new->l_libname->name.

This leads to pldd to an infinite call at:

 elf/pldd-xx.c

203     again:
204       while (1)
205         {
206           ssize_t n = pread64 (memfd, tmpbuf.data, tmpbuf.length, name_offset);

228           /* Try the l_libname element.  */
229           struct E(libname_list) ln;
230           if (pread64 (memfd, &ln, sizeof (ln), m.l_libname) == sizeof (ln))
231             {
232               name_offset = ln.name;
233               goto again;
234             }

Since the value at ln.name (l_libname->name) will be the same as previously
read. The straightforward fix is just avoid the check and read the new list
entry.

I checked also against binaries issues with old loaders with fix for BZ#387,
and pldd could dump the shared objects.

Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, and
powerpc64le-linux-gnu.

	[BZ #18035]
	* elf/Makefile (tests-container): Add tst-pldd.
	* elf/pldd-xx.c: Use _Static_assert in of pldd_assert.
	(E(find_maps)): Avoid use alloca, use default read file operations
	instead of explicit LFS names, and fix infinite	loop.
	* elf/pldd.c: Explicit set _FILE_OFFSET_BITS, cleanup headers.
	(get_process_info): Use _Static_assert instead of assert, use default
	directory operations instead of explicit LFS names, and free some
	leadek pointers.
	* elf/tst-pldd.c: New file.
2019-04-23 18:13:08 -03:00
Florian Weimer
c259196b50 elf/tst-big-note: Improve accuracy of test [BZ #20419]
It is possible that the link editor injects an allocated ABI tag note
before the artificial, allocated large note in the test.  Note parsing
in open_verify stops when the first ABI tag note is encountered, so if
the ABI tag note comes first, the problematic code is not actually
exercised.

Also tweak the artificial note so that it is a syntactically valid
4-byte aligned note, in case the link editor tries to parse notes and
process them.

Improves the testing part of commit 0065aaaaae.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-03-01 18:53:42 +01:00
Florian Weimer
cc3e573ce3 elf: Add tests with a local IFUNC resolver [BZ #23937]
The existing tests all use global symbols (but with different
visibility).  Local symbols could be treated differently by the
compiler and linker (as was the case on POWER ELFv2, causing
bug 23937), and we did not have test coverage for this.

Tested on x86-64 and POWER ELFv2 little-endian, with and without
--disable-multi-arch.  On POWER, the test cases elf/ifuncmain9,
elf/ifuncmain9pic, elf/ifuncmain9pie reproduce bug 23937 with older
binutils.
2019-02-28 11:52:44 +01:00
H.J. Lu
92ad88fe72 elf/Makefile: Run IFUNC tests if binutils supports IFUNC
We should run IFUNC tests with --disable-multi-arch if the toolchain
supports IFUNCs.  For correctness, --disable-multi-arch must not
remove IFUNC support from the loader.

Tested on x86-64, x32 and i686 with and without --disable-multi-arch.

	* configure.ac (have-ifunc): New LIBC_CONFIG_VAR.
	* configure: Regenerated.
	* elf/Makefile: Run IFUNC tests if binutils supports IFUNC.

Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2019-02-27 13:21:55 -08:00
Jim Wilson
85bd1ddbdf
RISC-V: Fix elfutils testsuite unwind failures.
The clone.S patch fixes 2 elfutils testsuite unwind failures, where the
backtrace gets stuck repeating __thread_start until we hit the backtrace
limit.  This was confirmed by building and installing a patched glibc and
then building elfutils and running its testsuite.

Unfortunately, the testcase isn't working as expected and I don't know why.
The testcase passes even when my clone.S patch is not installed.  The testcase
looks logically similarly to the elfutils testcases that are failing.  Maybe
there is a subtle difference in how the glibc unwinding works versus the
elfutils unwinding?  I don't have good gdb pthread support yet, so I haven't
found a way to debug this.  Anyways, I don't know if the testcase is useful or
not.  If the testcase isn't useful then maybe the clone.S patch is OK without
a testcase?

Jim

	[BZ #24040]
	* elf/Makefile (CFLAGS-tst-unwind-main.c): Add -DUSE_PTHREADS=0.
	* elf/tst-unwind-main.c: If USE_PTHEADS, include pthread.h and error.h
	(func): New.
	(main): If USE_PTHREADS, call pthread_create to run func.  Otherwise
	call func directly.
	* nptl/Makefile (tests): Add tst-unwind-thread.
	(CFLAGS-tst-unwind-thread.c): Define.
	* nptl/tst-unwind-thread.c: New file.
	* sysdeps/unix/sysv/linux/riscv/clone.S (__thread_start): Mark ra
	as undefined.
2019-02-13 14:25:00 -08:00
Adhemerval Zanella
b3fbfe8196 elf: Test for LD_AUDIT module returning zero from la_version [BZ #24122]
This includes the original test case from commit
8e889c5da3 ("elf: Fix LD_AUDIT for
modules with invalid version (BZ#24122)).
2019-02-12 13:51:43 +01:00
David Newall
8692ebdb12 elf: Implement --preload option for the dynamic linker 2019-02-04 13:35:12 +01:00
Adhemerval Zanella
83e6b59625 [elf] Revert 8e889c5da3 (BZ#24122)
It triggers an invalid build issue on GCC8+ and does not covers all
corner cases.
2019-01-25 08:10:15 -02:00
Adhemerval Zanella
8e889c5da3 elf: Fix LD_AUDIT for modules with invalid version (BZ#24122)
The error handling patch for invalid audit modules version access
invalid memory:

elf/rtld.c:

1454               unsigned int (*laversion) (unsigned int);
1455               unsigned int lav;
1456               if  (err_str == NULL
1457                    && (laversion = largs.result) != NULL
1458                    && (lav = laversion (LAV_CURRENT)) > 0
1459                    && lav <= LAV_CURRENT)
1460                 {
[...]
1526               else
1527                 {
1528                   /* We cannot use the DSO, it does not have the
1529                      appropriate interfaces or it expects something
1530                      more recent.  */
1531 #ifndef NDEBUG
1532                   Lmid_t ns = dlmargs.map->l_ns;
1533 #endif
1534                   _dl_close (dlmargs.map);
1535
1536                   /* Make sure the namespace has been cleared entirely.  */
1537                   assert (GL(dl_ns)[ns]._ns_loaded == NULL);
1538                   assert (GL(dl_ns)[ns]._ns_nloaded == 0);
1539
1540                   GL(dl_tls_max_dtv_idx) = tls_idx;
1541                   goto not_loaded;
1542                 }

1431           const char *err_str = NULL;
1432           bool malloced;
1433           (void) _dl_catch_error (&objname, &err_str, &malloced, dlmopen_doit,
1434                                   &dlmargs);
1435           if (__glibc_unlikely (err_str != NULL))
1436             {
1437             not_loaded:
1438               _dl_error_printf ("\
1439 ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
1440                                 name, err_str);
1441               if (malloced)
1442                 free ((char *) err_str);
1443             }

On failure the err_str will be NULL and _dl_debug_vdprintf does not handle
it properly:

elf/dl-misc.c:
200             case 's':
201               /* Get the string argument.  */
202               iov[niov].iov_base = va_arg (arg, char *);
203               iov[niov].iov_len = strlen (iov[niov].iov_base);
204               if (prec != -1)
205                 iov[niov].iov_len = MIN ((size_t) prec, iov[niov].iov_len);
206               ++niov;
207               break;

This patch fixes the issues and improves the error message.

Checked on x86_64-linux-gnu and i686-linux-gnu

	[BZ #24122]
	* elf/Makefile (tests): Add tst-audit13.
	(modules-names): Add tst-audit13mod1.
	(tst-audit13.out, LDFLAGS-tst-audit13mod1.so, tst-audit13-ENV): New
	rule.
	* elf/rtld.c (dl_main): Handle invalid audit module version.
	* elf/tst-audit13.c: New file.
	* elf/tst-audit13mod1.c: Likewise.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-01-24 09:38:43 -02:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
H.J. Lu
a5275ba537 _dl_exception_create_format: Support %x/%lx/%zx
Add support for %x, %lx and %zx to _dl_exception_create_format and pad
to the full width with 0.

	* elf/Makefile (tests-internal): Add tst-create_format1.
	* elf/dl-exception.c (_dl_exception_create_format): Support
	%x, %lx and %zx.
	* elf/tst-create_format1.c: New file.
2018-11-29 14:47:27 -08:00
Andreas Schwab
2dd12baa04 RISC-V: properly terminate call chain (bug 23125)
Mark the ra register as undefined in _start, so that unwinding through
main works correctly.  Also, don't use a tail call so that ra points after
the call to __libc_start_main, not after the previous call.
2018-10-30 12:07:25 +01:00
Zong Li
41432ebe15 elf: Fix the ld flags not be applied to tst-execstack-mod.so
The Makefile variable name lacked the file extension (.so).  As a
result, tst-execstack-mod.so was not linked with the -z execstack
flag.
2018-10-25 13:08:24 +02:00
Andreas Schwab
6ca8284e7a Add missing unwind information to ld.so on powerpc32 (bug 23707) 2018-09-26 16:49:30 +02:00
Adhemerval Zanella
b5c45e8375 Fix ifunc support with DT_TEXTREL segments (BZ#20480)
Currently, DT_TEXTREL is incompatible with IFUNC.  When DT_TEXTREL or
DF_TEXTREL is seen, the dynamic linker calls __mprotect on the segments
with PROT_READ|PROT_WRITE before applying dynamic relocations. It leads
to segfault when performing IFUNC resolution (which requires PROT_EXEC
as well for the IFUNC resolver).

This patch makes it call __mprotect with extra PROT_WRITE bit, which
will keep the PROT_EXEC bit if exists, and thus fixes the segfault.
FreeBSD rtld libexec/rtld-elf/rtld.c (reloc_textrel_prot) does the same.

Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
sparc64-linux-gnu, sparcv9-linux-gnu, and armv8-linux-gnueabihf.

	Adam J. Richte  <adam_richter2004@yahoo.com>
	Adhemerval Zanella  <adhemerval.zanella@linaro.org>
	Fangrui Song  <maskray@google.com>

	[BZ #20480]
	* config.h.in (CAN_TEXTREL_IFUNC): New define.
	* configure.ac: Add check if linker supports textrel relocation with
	ifunc.
	* elf/dl-reloc.c (_dl_relocate_object): Use all required flags on
	DT_TEXTREL segments, not only PROT_READ and PROT_WRITE.
	* elf/Makefile (ifunc-pie-tests): Add tst-ifunc-textrel.
	(CFLAGS-tst-ifunc-textrel.c): New rule.
	* elf/tst-ifunc-textrel.c: New file.
2018-09-25 16:27:50 -03:00
Joseph Myers
221e4babca Include most of elf/ modules-names in modules-names-tests.
I'm testing a patch to let the compiler expand calls to floor in libm
as built-in function calls as much as possible, instead of calling
__floor, so that no architecture-specific __floor inlines are needed,
and then to arrange for non-inlined calls to end up calling __floor,
as done with sqrt and __ieee754_sqrt.

This shows up elf/tst-relsort1mod2.c calling floor, which must not be
converted to a call to __floor.  Now, while an IS_IN (libm)
conditional could be added to the existing conditionals on such
redirections in include/math.h, the _ISOMAC conditional ought to
suffice (code in other glibc libraries shouldn't be calling floor or
sqrt anyway, as they aren't provided in libc and the other libraries
don't link with libm).  But while tests are mostly now built with
_ISOMAC defined, test modules in modules-names aren't unless also
listed in modules-names-tests.

As far as I can see, all the modules in modules-names in elf/ are in
fact parts of tests and so listing them in modules-names-tests is
appropriate, so they get built with something closer to the headers
used for user code, except in a few cases that actually rely on
something from internal headers.  This patch duly sets
modules-names-tests there accordingly (filtering out those tests that
fail to build without internal headers).

Tested for x86_64, and with build-many-glibcs.py.

	* elf/Makefile (modules-names-tests): New variable.
2018-09-12 20:31:24 +00:00
Samuel Thibault
2d5c41ded9 check-execstack: Permit sysdeps to xfail some libs
* scripts/check-execstack.awk: Consider `xfail' variable containing a
	list
	of libraries whose stack executability is expected.
	* elf/Makefile ($(objpfx)check-execstack.out): Pass
	$(check-execstack-xfail) to check-execstack.awk through `xfail'
	variable.
	* sysdeps/mach/hurd/i386/Makefile (check-execstack-xfail): Set to ld.so
	libc.so libpthread.so.
2018-07-20 03:28:14 +02:00
H.J. Lu
f753fa7dea x86: Support IBT and SHSTK in Intel CET [BZ #21598]
Intel Control-flow Enforcement Technology (CET) instructions:

https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-en
forcement-technology-preview.pdf

includes Indirect Branch Tracking (IBT) and Shadow Stack (SHSTK).

GNU_PROPERTY_X86_FEATURE_1_IBT is added to GNU program property to
indicate that all executable sections are compatible with IBT when
ENDBR instruction starts each valid target where an indirect branch
instruction can land.  Linker sets GNU_PROPERTY_X86_FEATURE_1_IBT on
output only if it is set on all relocatable inputs.

On an IBT capable processor, the following steps should be taken:

1. When loading an executable without an interpreter, enable IBT and
lock IBT if GNU_PROPERTY_X86_FEATURE_1_IBT is set on the executable.
2. When loading an executable with an interpreter, enable IBT if
GNU_PROPERTY_X86_FEATURE_1_IBT is set on the interpreter.
  a. If GNU_PROPERTY_X86_FEATURE_1_IBT isn't set on the executable,
     disable IBT.
  b. Lock IBT.
3. If IBT is enabled, when loading a shared object without
GNU_PROPERTY_X86_FEATURE_1_IBT:
  a. If legacy interwork is allowed, then mark all pages in executable
     PT_LOAD segments in legacy code page bitmap.  Failure of legacy code
     page bitmap allocation causes an error.
  b. If legacy interwork isn't allowed, it causes an error.

GNU_PROPERTY_X86_FEATURE_1_SHSTK is added to GNU program property to
indicate that all executable sections are compatible with SHSTK where
return address popped from shadow stack always matches return address
popped from normal stack.  Linker sets GNU_PROPERTY_X86_FEATURE_1_SHSTK
on output only if it is set on all relocatable inputs.

On a SHSTK capable processor, the following steps should be taken:

1. When loading an executable without an interpreter, enable SHSTK if
GNU_PROPERTY_X86_FEATURE_1_SHSTK is set on the executable.
2. When loading an executable with an interpreter, enable SHSTK if
GNU_PROPERTY_X86_FEATURE_1_SHSTK is set on interpreter.
  a. If GNU_PROPERTY_X86_FEATURE_1_SHSTK isn't set on the executable
     or any shared objects loaded via the DT_NEEDED tag, disable SHSTK.
  b. Otherwise lock SHSTK.
3. After SHSTK is enabled, it is an error to load a shared object
without GNU_PROPERTY_X86_FEATURE_1_SHSTK.

To enable CET support in glibc, --enable-cet is required to configure
glibc.  When CET is enabled, both compiler and assembler must support
CET.  Otherwise, it is a configure-time error.

To support CET run-time control,

1. _dl_x86_feature_1 is added to the writable ld.so namespace to indicate
if IBT or SHSTK are enabled at run-time.  It should be initialized by
init_cpu_features.
2. For dynamic executables:
   a. A l_cet field is added to struct link_map to indicate if IBT or
      SHSTK is enabled in an ELF module.  _dl_process_pt_note or
      _rtld_process_pt_note is called to process PT_NOTE segment for
      GNU program property and set l_cet.
   b. _dl_open_check is added to check IBT and SHSTK compatibilty when
      dlopening a shared object.
3. Replace i386 _dl_runtime_resolve and _dl_runtime_profile with
_dl_runtime_resolve_shstk and _dl_runtime_profile_shstk, respectively if
SHSTK is enabled.

CET run-time control can be changed via GLIBC_TUNABLES with

$ export GLIBC_TUNABLES=glibc.tune.x86_shstk=[permissive|on|off]
$ export GLIBC_TUNABLES=glibc.tune.x86_ibt=[permissive|on|off]

1. permissive: SHSTK is disabled when dlopening a legacy ELF module.
2. on: IBT or SHSTK are always enabled, regardless if there are IBT or
SHSTK bits in GNU program property.
3. off: IBT or SHSTK are always disabled, regardless if there are IBT or
SHSTK bits in GNU program property.

<cet.h> from CET-enabled GCC is automatically included by assembly codes
to add GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK
to GNU program property.  _CET_ENDBR is added at the entrance of all
assembly functions whose address may be taken.  _CET_NOTRACK is used to
insert NOTRACK prefix with indirect jump table to support IBT.  It is
defined as notrack when _CET_NOTRACK is defined in <cet.h>.

	 [BZ #21598]
	* configure.ac: Add --enable-cet.
	* configure: Regenerated.
	* elf/Makefille (all-built-dso): Add a comment.
	* elf/dl-load.c (filebuf): Moved before "dynamic-link.h".
	Include <dl-prop.h>.
	(_dl_map_object_from_fd): Call _dl_process_pt_note on PT_NOTE
	segment.
	* elf/dl-open.c: Include <dl-prop.h>.
	(dl_open_worker): Call _dl_open_check.
	* elf/rtld.c: Include <dl-prop.h>.
	(dl_main): Call _rtld_process_pt_note on PT_NOTE segment.  Call
	_rtld_main_check.
	* sysdeps/generic/dl-prop.h: New file.
	* sysdeps/i386/dl-cet.c: Likewise.
	* sysdeps/unix/sysv/linux/x86/cpu-features.c: Likewise.
	* sysdeps/unix/sysv/linux/x86/dl-cet.h: Likewise.
	* sysdeps/x86/cet-tunables.h: Likewise.
	* sysdeps/x86/check-cet.awk: Likewise.
	* sysdeps/x86/configure: Likewise.
	* sysdeps/x86/configure.ac: Likewise.
	* sysdeps/x86/dl-cet.c: Likewise.
	* sysdeps/x86/dl-procruntime.c: Likewise.
	* sysdeps/x86/dl-prop.h: Likewise.
	* sysdeps/x86/libc-start.h: Likewise.
	* sysdeps/x86/link_map.h: Likewise.
	* sysdeps/i386/dl-trampoline.S (_dl_runtime_resolve): Add
	_CET_ENDBR.
	(_dl_runtime_profile): Likewise.
	(_dl_runtime_resolve_shstk): New.
	(_dl_runtime_profile_shstk): Likewise.
	* sysdeps/linux/x86/Makefile (sysdep-dl-routines): Add dl-cet
	if CET is enabled.
	(CFLAGS-.o): Add -fcf-protection if CET is enabled.
	(CFLAGS-.os): Likewise.
	(CFLAGS-.op): Likewise.
	(CFLAGS-.oS): Likewise.
	(asm-CPPFLAGS): Add -fcf-protection -include cet.h if CET
	is enabled.
	(tests-special): Add $(objpfx)check-cet.out.
	(cet-built-dso): New.
	(+$(cet-built-dso:=.note)): Likewise.
	(common-generated): Add $(cet-built-dso:$(common-objpfx)%=%.note).
	($(objpfx)check-cet.out): New.
	(generated): Add check-cet.out.
	* sysdeps/x86/cpu-features.c: Include <dl-cet.h> and
	<cet-tunables.h>.
	(TUNABLE_CALLBACK (set_x86_ibt)): New prototype.
	(TUNABLE_CALLBACK (set_x86_shstk)): Likewise.
	(init_cpu_features): Call get_cet_status to check CET status
	and update dl_x86_feature_1 with CET status.  Call
	TUNABLE_CALLBACK (set_x86_ibt) and TUNABLE_CALLBACK
	(set_x86_shstk).  Disable and lock CET in libc.a.
	* sysdeps/x86/cpu-tunables.c: Include <cet-tunables.h>.
	(TUNABLE_CALLBACK (set_x86_ibt)): New function.
	(TUNABLE_CALLBACK (set_x86_shstk)): Likewise.
	* sysdeps/x86/sysdep.h (_CET_NOTRACK): New.
	(_CET_ENDBR): Define if not defined.
	(ENTRY): Add _CET_ENDBR.
	* sysdeps/x86/dl-tunables.list (glibc.tune): Add x86_ibt and
	x86_shstk.
	* sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve): Add
	_CET_ENDBR.
	(_dl_runtime_profile): Likewise.
2018-07-16 14:08:27 -07:00
Maciej W. Rozycki
bac15a72fc elf: Accept absolute (SHN_ABS) symbols whose value is zero [BZ #23307]
We have this condition in `check_match' (in elf/dl-lookup.c):

  if (__glibc_unlikely ((sym->st_value == 0 /* No value.  */
                         && stt != STT_TLS)
                        || ELF_MACHINE_SYM_NO_MATCH (sym)
                        || (type_class & (sym->st_shndx == SHN_UNDEF))))
    return NULL;

which causes all !STT_TLS symbols whose value is zero to be silently
ignored in lookup.  This may make sense for regular symbols, however not
for absolute (SHN_ABS) ones, where zero is like any value, there's no
special meaning attached to it.

Consequently legitimate programs fail, for example taking the
`elf/tst-absolute-sym' test case, substituting 0 for 0x55aa in
`elf/tst-absolute-sym-lib.lds' and then trying to run the resulting
program we get this:

$ .../elf/tst-absolute-sym
.../elf/tst-absolute-sym: symbol lookup error: .../elf/tst-absolute-sym-lib.so: undefined symbol: absolute
$

even though the symbol clearly is there:

$ readelf --dyn-syms .../elf/tst-absolute-sym-lib.so | grep '\babsolute\b'
     7: 00000000     0 NOTYPE  GLOBAL DEFAULT  ABS absolute
$

The check for the zero value has been there since forever or commit
d66e34cd4234/08162fa88891 ("Implemented runtime dynamic linker to
support ELF shared libraries.") dating back to May 2nd 1995, and the
problem triggers regardless of commit e7feec374c ("elf: Correct
absolute (SHN_ABS) symbol run-time calculation [BZ #19818]") being
present or not.

Fix the issue then, by permitting `sym->st_value' to be 0 for SHN_ABS
symbols in lookup.

	[BZ #23307]
	* elf/dl-lookup.c (check_match): Do not reject a symbol whose
	`st_value' is 0 if `st_shndx' is SHN_ABS.
	* elf/tst-absolute-zero.c: New file.
	* elf/tst-absolute-zero-lib.c: New file.
	* elf/tst-absolute-zero-lib.lds: New file.
	* elf/Makefile (tests): Add `tst-absolute-zero'.
	(modules-names): Add `tst-absolute-zero-lib'.
	(LDLIBS-tst-absolute-zero-lib.so): New variable.
	($(objpfx)tst-absolute-zero-lib.so): New dependency.
	($(objpfx)tst-absolute-zero: New dependency.
2018-06-29 17:10:43 +01:00
Zack Weinberg
e69d994a63 New configure option --disable-crypt.
Some Linux distributions are experimenting with a new, separately
maintained and hopefully more agile implementation of the crypt
API.  To facilitate this, add a configure option which disables
glibc's embedded libcrypt.  When this option is given, libcrypt.*
and crypt.h will not be built nor installed.
2018-06-29 16:53:47 +02:00
H.J. Lu
67c0579669 Mark _init and _fini as hidden [BZ #23145]
_init and _fini are special functions provided by glibc for linker to
define DT_INIT and DT_FINI in executable and shared library.  They
should never be put in dynamic symbol table.  This patch marks them as
hidden to remove them from dynamic symbol table.

Tested with build-many-glibcs.py.

	[BZ #23145]
	* elf/Makefile (tests-special): Add $(objpfx)check-initfini.out.
	($(all-built-dso:=.dynsym): New target.
	(common-generated): Add $(all-built-dso:$(common-objpfx)%=%.dynsym).
	($(objpfx)check-initfini.out): New target.
	(generated): Add check-initfini.out.
	* scripts/check-initfini.awk: New file.
	* sysdeps/aarch64/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/alpha/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/arm/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/hppa/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/i386/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/ia64/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/m68k/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/microblaze/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/mips/mips32/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/mips/mips64/n32/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/mips/mips64/n64/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/nios2/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/powerpc/powerpc32/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/powerpc/powerpc64/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/s390/s390-32/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/s390/s390-64/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/sh/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/sparc/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
	* sysdeps/x86_64/crti.S (_init): Mark as hidden.
	(_fini): Likewise.
2018-06-08 10:28:52 -07:00
Paul Pluzhnikov
0065aaaaae Fix BZ 20419. A PT_NOTE in a binary could be arbitratily large, so using
alloca for it may cause stack overflow.  If the note is larger than
__MAX_ALLOCA_CUTOFF, use dynamically allocated memory to read it in.

2018-05-05  Paul Pluzhnikov  <ppluzhnikov@google.com>

	[BZ #20419]
	* elf/dl-load.c (open_verify): Fix stack overflow.
	* elf/Makefile (tst-big-note): New test.
	* elf/tst-big-note-lib.S: New.
	* elf/tst-big-note.c: New.
2018-05-05 18:08:27 -07:00
Maciej W. Rozycki
e7feec374c elf: Correct absolute (SHN_ABS) symbol run-time calculation [BZ #19818]
Do not relocate absolute symbols by the base address.  Such symbols have
SHN_ABS as the section index and their value is not supposed to be
affected by relocation as per the ELF gABI[1]:

"SHN_ABS
    The symbol has an absolute value that will not change because of
    relocation."

The reason for our non-conformance here seems to be an old SysV linker
bug causing symbols like _DYNAMIC to be incorrectly emitted as absolute
symbols[2].  However in a previous discussion it was pointed that this
is seriously flawed by preventing the lone purpose of the existence of
absolute symbols from being used[3]:

"On the contrary, the only interpretation that makes sense to me is that
it will not change because of relocation at link time or at load time.
Absolute symbols, from the days of the earliest linking loaders, have
been used to represent addresses that are outside the address space of
the module (e.g., memory-mapped addresses or kernel gateway pages).
They've even been used to represent true symbolic constants (e.g.,
system entry point numbers, sizes, version numbers).  There's no other
way to represent a true absolute symbol, while the meaning you seek is
easily represented by giving the symbol a non-negative st_shndx value."

and we ought to stop supporting our current broken interpretation.

Update processing for dladdr(3) and dladdr1(3) so that SHN_ABS symbols
are ignored, because under the corrected interpretation they do not
represent addresses within a mapped file and therefore are not supposed
to be considered.

References:

[1] "System V Application Binary Interface - DRAFT - 19 October 2010",
    The SCO Group, Section "Symbol Table",
    <http://www.sco.com/developers/gabi/2012-12-31/ch4.symtab.html>

[2] Alan Modra, "Absolute symbols"
    <https://sourceware.org/ml/binutils/2012-05/msg00019.html>

[3] Cary Coutant, "Re: Absolute symbols"
    <https://sourceware.org/ml/binutils/2012-05/msg00020.html>

	[BZ #19818]
	* sysdeps/generic/ldsodefs.h (SYMBOL_ADDRESS): Handle SHN_ABS
	symbols.
	* elf/dl-addr.c (determine_info): Ignore SHN_ABS symbols.
	* elf/tst-absolute-sym.c: New file.
	* elf/tst-absolute-sym-lib.c: New file.
	* elf/tst-absolute-sym-lib.lds: New file.
	* elf/Makefile (tests): Add `tst-absolute-sym'.
	(modules-names): Add `tst-absolute-sym-lib'.
	(LDLIBS-tst-absolute-sym-lib.so): New variable.
	($(objpfx)tst-absolute-sym-lib.so): New dependency.
	($(objpfx)tst-absolute-sym): New dependency.
2018-04-04 23:09:37 +01:00
H.J. Lu
b8114edd3c Add $(tests-execstack-$(have-z-execstack)) after defined [BZ #22998]
When $(tests-execstack-$(have-z-execstack)) is added to tests before
it is defined, it is empty.  This patch adds it to tests after it is
defined.

	[BZ #22998]
	* elf/Makefile (tests): Add $(tests-execstack-$(have-z-execstack))
	after it is defined.
2018-03-24 08:25:55 -07:00
Florian Weimer
52a01100ad elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]
This looks like a post-exploitation hardening measure: If an attacker is
able to redirect execution flow, they could use that to load a DSO which
contains additional code (or perhaps make the stack executable).

However, the checks are not in the correct place to be effective: If
they are performed before the critical operation, an attacker with
sufficient control over execution flow could simply jump directly to
the code which performs the operation, bypassing the check.  The check
would have to be executed unconditionally after the operation and
terminate the process in case a caller violation was detected.

Furthermore, in _dl_check_caller, there was a fallback reading global
writable data (GL(dl_rtld_map).l_map_start and
GL(dl_rtld_map).l_text_end), which could conceivably be targeted by an
attacker to disable the check, too.

Other critical functions (such as system) remain completely
unprotected, so the value of these additional checks does not appear
that large.  Therefore this commit removes this functionality.
2018-02-21 10:37:22 +01:00
Florian Weimer
82eef55f8f elf: Support dlvsym within libc.so
This commit adds a new _dl_open_hook entry for dlvsym and implements the
function using the existing dl_lookup_symbol_x function supplied by the
dynamic loader.

A new hook variable, _dl_open_hook2, is introduced, which should make
this change suitable for backporting: For old statically linked
binaries, __libc_dlvsym will always return NULL.
2018-01-04 18:46:24 +01:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00