Commit Graph

188 Commits

Author SHA1 Message Date
Adhemerval Zanella
198660741b elf: Add _dl_audit_objclose
It consolidates the code required to call la_objclose audit
callback.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 311c9ee54e)
2022-04-08 14:18:11 -04:00
Adhemerval Zanella
66e9d27a09 elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid
It consolidates the code required to call la_activity audit
callback.

Also for a new Lmid_t the namespace link_map list are empty, so it
requires to check if before using it.  This can happen for when audit
module is used along with dlmopen.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 3dac3959a5)
2022-04-08 14:18:11 -04:00
Szabolcs Nagy
024a7640ab elf: Avoid deadlock between pthread_create and ctors [BZ #28357]
The fix for bug 19329 caused a regression such that pthread_create can
deadlock when concurrent ctors from dlopen are waiting for it to finish.
Use a new GL(dl_load_tls_lock) in pthread_create that is not taken
around ctors in dlopen.

The new lock is also used in __tls_get_addr instead of GL(dl_load_lock).

The new lock is held in _dl_open_worker and _dl_close_worker around
most of the logic before/after the init/fini routines.  When init/fini
routines are running then TLS is in a consistent, usable state.
In _dl_open_worker the new lock requires catching and reraising dlopen
failures that happen in the critical section.

The new lock is reinitialized in a fork child, to keep the existing
behaviour and it is kept recursive in case malloc interposition or TLS
access from signal handlers can retake it.  It is not obvious if this
is necessary or helps, but avoids changing the preexisting behaviour.

The new lock may be more appropriate for dl_iterate_phdr too than
GL(dl_load_write_lock), since TLS state of an incompletely loaded
module may be accessed.  If the new lock can replace the old one,
that can be a separate change.

Fixes bug 28357.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
(cherry picked from commit 83b5323261)
2021-10-19 14:21:14 +02:00
Adhemerval Zanella
ba33937be2 elf: Fix DTV gap reuse logic (BZ #27135)
This is updated version of the 572bd547d5 (reverted by 40ebfd016a)
that fixes the _dl_next_tls_modid issues.

This issue with 572bd547d5 patch is the DTV entry will be only
update on dl_open_worker() with the update_tls_slotinfo() call after
all dependencies are being processed by _dl_map_object_deps().  However
_dl_map_object_deps() itself might call _dl_next_tls_modid(), and since
the _dl_tls_dtv_slotinfo_list::map is not yet set the entry will be
wrongly reused.

This patch fixes by renaming the _dl_next_tls_modid() function to
_dl_assign_tls_modid() and by passing the link_map so it can set
the slotinfo value so a subsequente _dl_next_tls_modid() call will
see the entry as allocated.

The intermediary value is cleared up on remove_slotinfo() for the case
a library fails to load with RTLD_NOW.

This patch fixes BZ #27135.

Checked on x86_64-linux-gnu.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
2021-07-14 15:10:27 -03:00
Florian Weimer
40ebfd016a elf: Disable most of TLS modid gaps processing [BZ #27135]
Revert "elf: Fix DTV gap reuse logic [BZ #27135]"

This reverts commit 572bd547d5.

It turns out that the _dl_next_tls_modid in _dl_map_object_from_fd keeps
returning the same modid over and over again if there is a gap and
more than TLS-using module is loaded in one dlopen call.  This corrupts
TLS data structures.  The bug is still present after a revert, but
empirically it is much more difficult to trigger (because it involves a
dlopen failure).
2021-06-25 08:09:08 +02:00
Szabolcs Nagy
572bd547d5 elf: Fix DTV gap reuse logic [BZ #27135]
For some reason only dlopen failure caused dtv gaps to be reused.

It is possible that the intent was to never reuse modids for a
different module, but after dlopen failure all gaps are reused
not just the ones caused by the unfinished dlopened.

So the code has to handle reused modids already which seems to
work, however the data races at thread creation and tls access
(see bug 19329 and bug 27111) may be more severe if slots are
reused so this is scheduled after those fixes. I think fixing
the races are not simpler if reuse is disallowed and reuse has
other benefits, so set GL(dl_tls_dtv_gaps) whenever entries are
removed from the middle of the slotinfo list. The value does
not have to be correct: incorrect true value causes the next
modid query to do a slotinfo walk, incorrect false will leave
gaps and new entries are added at the end.

Fixes bug 27135.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-11 17:16:37 +01:00
Szabolcs Nagy
f4f8f4d4e0 elf: Use relaxed atomics for racy accesses [BZ #19329]
This is a follow up patch to the fix for bug 19329.  This adds relaxed
MO atomics to accesses that were previously data races but are now
race conditions, and where relaxed MO is sufficient.

The race conditions all follow the pattern that the write is behind the
dlopen lock, but a read can happen concurrently (e.g. during tls access)
without holding the lock.  For slotinfo entries the read value only
matters if it reads from a synchronized write in dlopen or dlclose,
otherwise the related dtv entry is not valid to access so it is fine
to leave it in an inconsistent state.  The same applies for
GL(dl_tls_max_dtv_idx) and GL(dl_tls_generation), but there the
algorithm relies on the fact that the read of the last synchronized
write is an increasing value.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-05-11 17:16:37 +01:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Florian Weimer
3ad5dab476 elf: Do not signal LA_ACT_CONSISTENT for an empty namespace [BZ #26076]
The auditing interface identifies namespaces by their first loaded
module.  Once the namespace is empty, it is no longer possible to signal
LA_ACT_CONSISTENT for it because the first loaded module is already gone
at that point.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 09:58:45 +02:00
H.J. Lu
5177d85b0c Clear GL(dl_initfirst) when freeing its link_map memory [BZ# 25396]
We should clear GL(dl_initfirst) when freeing its link_map memory.

Tested on Fedora 31/x86-64 with CET.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2020-01-16 07:41:53 -08:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Florian Weimer
f8ed116aa5 dlopen: Rework handling of pending NODELETE status
Commit a2e8aa0d9e ("Block signals during
the initial part of dlopen") was deemed necessary because of
read-modify-write operations like the one in  add_dependency in
elf/dl-lookup.c.  In the old code, we check for any kind of NODELETE
status and bail out:

      /* Redo the NODELETE check, as when dl_load_lock wasn't held
	 yet this could have changed.  */
      if (map->l_nodelete != link_map_nodelete_inactive)
	goto out;

And then set pending status (during relocation):

	  if (flags & DL_LOOKUP_FOR_RELOCATE)
	    map->l_nodelete = link_map_nodelete_pending;
	  else
	    map->l_nodelete = link_map_nodelete_active;

If a signal arrives during relocation and the signal handler, through
lazy binding, adds a global scope dependency on the same map, it will
set map->l_nodelete to link_map_nodelete_active.  This will be
overwritten with link_map_nodelete_pending by the dlopen relocation
code.

To avoid such problems in relation to the l_nodelete member, this
commit introduces two flags for active NODELETE status (irrevocable)
and pending NODELETE status (revocable until activate_nodelete is
invoked).  As a result, NODELETE processing in dlopen does not
introduce further reasons why lazy binding from signal handlers
is unsafe during dlopen, and a subsequent commit can remove signal
blocking from dlopen.

This does not address pre-existing issues (unrelated to the NODELETE
changes) which make lazy binding in a signal handler during dlopen
unsafe, such as the use of malloc in both cases.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-13 10:18:46 +01:00
Florian Weimer
f63b73814f Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]
This introduces a “pending NODELETE” state in the link map, which is
flipped to the persistent NODELETE state late in dlopen, via
activate_nodelete.    During initial relocation, symbol binding
records pending NODELETE state only.  dlclose ignores pending NODELETE
state.  Taken together, this results that a partially completed dlopen
is rolled back completely because new NODELETE mappings are unloaded.

Tested on x86_64-linux-gnu and i386-linux-gnu.

Change-Id: Ib2a3d86af6f92d75baca65431d74783ee0dbc292
2019-11-27 20:55:35 +01:00
Florian Weimer
79e0cd7b3c Lazy binding failures during dlopen/dlclose must be fatal [BZ #24304]
If a lazy binding failure happens during the execution of an ELF
constructor or destructor, the dynamic loader catches the error
and reports it using the dlerror mechanism.  This is undesirable
because there could be other constructors and destructors that
need processing (which are skipped), and the process is in an
inconsistent state at this point.  Therefore, we have to issue
a fatal dynamic loader error error and terminate the process.

Note that the _dl_catch_exception in _dl_open is just an inner catch,
to roll back some state locally.  If called from dlopen, there is
still an outer catch, which is why calling _dl_init via call_dl_init
and a no-exception is required and cannot be avoiding by moving the
_dl_init call directly into _dl_open.

_dl_fini does not need changes because it does not install an error
handler, so errors are already fatal there.

Change-Id: I6b1addfe2e30f50a1781595f046f44173db9491a
2019-11-27 20:55:35 +01:00
Florian Weimer
e1d559f337 Introduce link_map_audit_state accessor function
To improve GCC 10 compatibility, it is necessary to remove the l_audit
zero-length array from the end of struct link_map.  In preparation of
that, this commit introduces an accessor function for the audit state,
so that it is possible to change the representation of the audit state
without adjusting the code that accesses it.

Tested on x86_64-linux-gnu.  Built on i686-gnu.

Change-Id: Id815673c29950fc011ae5301d7cde12624f658df
2019-11-15 13:03:40 +01:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Andreas Schwab
c2c299fd24 Consolidate link map sorting
Combine the four places where link maps are sorted into a single function.
This also moves the logic to skip the first map (representing the main
binary) to the callers.
2017-11-27 11:37:19 +01:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Carlos O'Donell
57707b7fcc Bug 11941: ld.so: Improper assert map->l_init_called in dlclose
There is at least one use case where during exit a library destructor
might call dlclose() on a valid handle and have it fail with an
assertion. We must allow this case, it is a valid handle, and dlclose()
should not fail with an assert. In the future we might be able to return
an error that the dlclose() could not be completed because the opened
library has already been unloaded and destructors have run as part of
exit processing.

For more details see:
https://www.sourceware.org/ml/libc-alpha/2016-12/msg00859.html
2016-12-23 13:30:22 -05:00
Florian Weimer
9e78f6f6e7 Implement _dl_catch_error, _dl_signal_error in libc.so [BZ #16628]
This change moves the main implementation of _dl_catch_error,
_dl_signal_error to libc.so, where TLS variables can be used
directly.  This removes a writable function pointer from the
rtld_global variable.

For use during initial relocation, minimal implementations of these
functions are provided in ld.so.  These are eventually interposed
by the libc.so implementations.  This is implemented by compiling
elf/dl-error-skeleton.c twice, via elf/dl-error.c and
elf/dl-error-minimal.c.

As a side effect of this change, the static version of dl-error.c
no longer includes support for the
_dl_signal_cerror/_dl_receive_error mechanism because it is only
used in ld.so.
2016-11-30 15:59:57 +01:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Joseph Myers
ec999b8e5e Move bits/libc-lock.h and bits/libc-lockP.h out of bits/ (bug 14912).
It was noted in
<https://sourceware.org/ml/libc-alpha/2012-09/msg00305.html> that the
bits/*.h naming scheme should only be used for installed headers.
This patch renames bits/libc-lock.h to plain libc-lock.h and
bits/libc-lockP.h to plain libc-lockP.h to follow that convention.

Note that I don't know where libc-lockP.h comes from for Hurd (the
Hurd libc-lock.h includes libc-lockP.h, but the only libc-lockP.h in
the glibc source tree is for NPTL) - some unmerged patch? - but I
updated the #include in the Hurd libc-lock.h anyway.

Tested for x86_64 (testsuite, and that installed stripped shared
libraries are unchanged by the patch).

	[BZ #14912]
	* bits/libc-lock.h: Move to ...
	* sysdeps/generic/libc-lock.h: ...here.
	(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
	* sysdeps/mach/hurd/bits/libc-lock.h: Move to ...
	* sysdeps/mach/hurd/libc-lock.h: ...here.
	(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
	[_LIBC]: Include <libc-lockP.h> instead of <bits/libc-lockP.h>.
	* sysdeps/mach/bits/libc-lock.h: Move to ...
	* sysdeps/mach/libc-lock.h: ...here.
	(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
	* sysdeps/nptl/bits/libc-lock.h: Move to ...
	* sysdeps/nptl/libc-lock.h: ...here.
	(_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H.
	* sysdeps/nptl/bits/libc-lockP.h: Move to ...
	* sysdeps/nptl/libc-lockP.h: ...here.
	(_BITS_LIBC_LOCKP_H): Rename macro to _LIBC_LOCKP_H.
	* crypt/crypt_util.c: Include <libc-lock.h> instead of
	<bits/libc-lock.h>.
	* dirent/scandir-tail.c: Likewise.
	* dlfcn/dlerror.c: Likewise.
	* elf/dl-close.c: Likewise.
	* elf/dl-iteratephdr.c: Likewise.
	* elf/dl-lookup.c: Likewise.
	* elf/dl-open.c: Likewise.
	* elf/dl-support.c: Likewise.
	* elf/dl-writev.h: Likewise.
	* elf/rtld.c: Likewise.
	* grp/fgetgrent.c: Likewise.
	* gshadow/fgetsgent.c: Likewise.
	* gshadow/sgetsgent.c: Likewise.
	* iconv/gconv_conf.c: Likewise.
	* iconv/gconv_db.c: Likewise.
	* iconv/gconv_dl.c: Likewise.
	* iconv/gconv_int.h: Likewise.
	* iconv/gconv_trans.c: Likewise.
	* include/link.h: Likewise.
	* inet/getnameinfo.c: Likewise.
	* inet/getnetgrent.c: Likewise.
	* inet/getnetgrent_r.c: Likewise.
	* intl/bindtextdom.c: Likewise.
	* intl/dcigettext.c: Likewise.
	* intl/finddomain.c: Likewise.
	* intl/gettextP.h: Likewise.
	* intl/loadmsgcat.c: Likewise.
	* intl/localealias.c: Likewise.
	* intl/textdomain.c: Likewise.
	* libidn/idn-stub.c: Likewise.
	* libio/libioP.h: Likewise.
	* locale/duplocale.c: Likewise.
	* locale/freelocale.c: Likewise.
	* locale/newlocale.c: Likewise.
	* locale/setlocale.c: Likewise.
	* login/getutent_r.c: Likewise.
	* login/getutid_r.c: Likewise.
	* login/getutline_r.c: Likewise.
	* login/utmp-private.h: Likewise.
	* login/utmpname.c: Likewise.
	* malloc/mtrace.c: Likewise.
	* misc/efgcvt.c: Likewise.
	* misc/error.c: Likewise.
	* misc/fstab.c: Likewise.
	* misc/getpass.c: Likewise.
	* misc/mntent.c: Likewise.
	* misc/syslog.c: Likewise.
	* nis/nis_call.c: Likewise.
	* nis/nis_callback.c: Likewise.
	* nis/nss-default.c: Likewise.
	* nis/nss_compat/compat-grp.c: Likewise.
	* nis/nss_compat/compat-initgroups.c: Likewise.
	* nis/nss_compat/compat-pwd.c: Likewise.
	* nis/nss_compat/compat-spwd.c: Likewise.
	* nis/nss_nis/nis-alias.c: Likewise.
	* nis/nss_nis/nis-ethers.c: Likewise.
	* nis/nss_nis/nis-grp.c: Likewise.
	* nis/nss_nis/nis-hosts.c: Likewise.
	* nis/nss_nis/nis-network.c: Likewise.
	* nis/nss_nis/nis-proto.c: Likewise.
	* nis/nss_nis/nis-pwd.c: Likewise.
	* nis/nss_nis/nis-rpc.c: Likewise.
	* nis/nss_nis/nis-service.c: Likewise.
	* nis/nss_nis/nis-spwd.c: Likewise.
	* nis/nss_nisplus/nisplus-alias.c: Likewise.
	* nis/nss_nisplus/nisplus-ethers.c: Likewise.
	* nis/nss_nisplus/nisplus-grp.c: Likewise.
	* nis/nss_nisplus/nisplus-hosts.c: Likewise.
	* nis/nss_nisplus/nisplus-initgroups.c: Likewise.
	* nis/nss_nisplus/nisplus-network.c: Likewise.
	* nis/nss_nisplus/nisplus-proto.c: Likewise.
	* nis/nss_nisplus/nisplus-pwd.c: Likewise.
	* nis/nss_nisplus/nisplus-rpc.c: Likewise.
	* nis/nss_nisplus/nisplus-service.c: Likewise.
	* nis/nss_nisplus/nisplus-spwd.c: Likewise.
	* nis/ypclnt.c: Likewise.
	* nptl/libc_pthread_init.c: Likewise.
	* nss/getXXbyYY.c: Likewise.
	* nss/getXXent.c: Likewise.
	* nss/getXXent_r.c: Likewise.
	* nss/nss_db/db-XXX.c: Likewise.
	* nss/nss_db/db-netgrp.c: Likewise.
	* nss/nss_db/nss_db.h: Likewise.
	* nss/nss_files/files-XXX.c: Likewise.
	* nss/nss_files/files-alias.c: Likewise.
	* nss/nsswitch.c: Likewise.
	* posix/regex_internal.h: Likewise.
	* posix/wordexp.c: Likewise.
	* pwd/fgetpwent.c: Likewise.
	* resolv/res_hconf.c: Likewise.
	* resolv/res_libc.c: Likewise.
	* shadow/fgetspent.c: Likewise.
	* shadow/lckpwdf.c: Likewise.
	* shadow/sgetspent.c: Likewise.
	* socket/opensock.c: Likewise.
	* stdio-common/reg-modifier.c: Likewise.
	* stdio-common/reg-printf.c: Likewise.
	* stdio-common/reg-type.c: Likewise.
	* stdio-common/vfprintf.c: Likewise.
	* stdio-common/vfscanf.c: Likewise.
	* stdlib/abort.c: Likewise.
	* stdlib/cxa_atexit.c: Likewise.
	* stdlib/fmtmsg.c: Likewise.
	* stdlib/random.c: Likewise.
	* stdlib/setenv.c: Likewise.
	* string/strsignal.c: Likewise.
	* sunrpc/auth_none.c: Likewise.
	* sunrpc/bindrsvprt.c: Likewise.
	* sunrpc/create_xid.c: Likewise.
	* sunrpc/key_call.c: Likewise.
	* sunrpc/rpc_thread.c: Likewise.
	* sysdeps/arm/backtrace.c: Likewise.
	* sysdeps/generic/ldsodefs.h: Likewise.
	* sysdeps/generic/stdio-lock.h: Likewise.
	* sysdeps/generic/unwind-dw2-fde.c: Likewise.
	* sysdeps/i386/backtrace.c: Likewise.
	* sysdeps/ieee754/ldbl-opt/nldbl-compat.c: Likewise.
	* sysdeps/m68k/backtrace.c: Likewise.
	* sysdeps/mach/hurd/cthreads.c: Likewise.
	* sysdeps/mach/hurd/dirstream.h: Likewise.
	* sysdeps/mach/hurd/malloc-machine.h: Likewise.
	* sysdeps/nptl/malloc-machine.h: Likewise.
	* sysdeps/nptl/stdio-lock.h: Likewise.
	* sysdeps/posix/dirstream.h: Likewise.
	* sysdeps/posix/getaddrinfo.c: Likewise.
	* sysdeps/posix/system.c: Likewise.
	* sysdeps/pthread/aio_suspend.c: Likewise.
	* sysdeps/s390/s390-32/backtrace.c: Likewise.
	* sysdeps/s390/s390-64/backtrace.c: Likewise.
	* sysdeps/unix/sysv/linux/check_pf.c: Likewise.
	* sysdeps/unix/sysv/linux/if_index.c: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/getutent_r.c: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/getutid_r.c: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/getutline_r.c: Likewise.
	* sysdeps/unix/sysv/linux/shm-directory.c: Likewise.
	* sysdeps/unix/sysv/linux/system.c: Likewise.
	* sysdeps/x86_64/backtrace.c: Likewise.
	* time/alt_digit.c: Likewise.
	* time/era.c: Likewise.
	* time/tzset.c: Likewise.
	* wcsmbs/wcsmbsload.c: Likewise.
	* nptl/tst-initializers1.c (do_test): Refer to <libc-lock.h>
	instead of <bits/libc-lock.h> in comment.
2015-09-08 21:11:03 +00:00
Maxim Ostapenko
f25238ffe0 Clear DF_1_NODELETE flag only for failed to load library.
https://sourceware.org/bugzilla/show_bug.cgi?id=18778

If dlopen fails to load an object that has triggered loading libpthread it
causes ld.so to unload libpthread because its DF_1_NODELETE flags has been
forcefully cleared. The next call to __rtdl_unlock_lock_recursive will crash
since pthread_mutex_unlock no longer exists.

This patch moves l->l_flags_1 &= ~DF_1_NODELETE out of loop through all loaded
libraries and performs the action only on inconsistent one.

	[BZ #18778]
	* elf/Makefile (tests): Add Add tst-nodelete2.
	(modules-names): Add tst-nodelete2mod.
	(tst-nodelete2mod.so-no-z-defs): New.
	($(objpfx)tst-nodelete2): Likewise.
	($(objpfx)tst-nodelete2.out): Likewise.
	(LDFLAGS-tst-nodelete2): Likewise.
	* elf/dl-close.c (_dl_close_worker): Move DF_1_NODELETE clearing
	out of loop through all loaded libraries.
	* elf/tst-nodelete2.c: New file.
	* elf/tst-nodelete2mod.c: Likewise.
2015-08-11 10:13:22 +02:00
Siddhesh Poyarekar
90b37cac8b Also use l_tls_dtor_count to decide on object unload (BZ #18657)
When an TLS destructor is registered, we set the DF_1_NODELETE flag to
signal that the object should not be destroyed.  We then clear the
DF_1_NODELETE flag when all destructors are called, which is wrong -
the flag could have been set by other means too.

This patch replaces this use of the flag by using l_tls_dtor_count
directly to determine whether it is safe to unload the object.  This
change has the added advantage of eliminating the lock taking when
calling the destructors, which could result in a deadlock.  The patch
also fixes the test case tst-tls-atexit - it was making an invalid
dlclose call, which would just return an error silently.

I have also added a detailed note on concurrency which also aims to
justify why I chose the semantics I chose for accesses to
l_tls_dtor_count.  Thanks to Torvald for his help in getting me
started on this and (literally) teaching my how to approach the
problem.

Change verified on x86_64; the test suite does not show any
regressions due to the patch.

ChangeLog:

	[BZ #18657]
	* elf/dl-close.c (_dl_close_worker): Don't unload DSO if there
	are pending TLS destructor calls.
	* include/link.h (struct link_map): Add concurrency note for
	L_TLS_DTOR_COUNT.
	* stdlib/cxa_thread_atexit_impl.c (__cxa_thread_atexit_impl):
	Don't touch the link map flag.  Atomically increment
	l_tls_dtor_count.
	(__call_tls_dtors): Atomically decrement l_tls_dtor_count.
	Avoid taking the load lock and don't touch the link map flag.
	* stdlib/tst-tls-atexit-nodelete.c: New test case.
	* stdlib/Makefile (tests): Use it.
	* stdlib/tst-tls-atexit.c (do_test): dlopen
	tst-tls-atexit-lib.so again before dlclose.  Add conditionals
	to allow tst-tls-atexit-nodelete test case to use it.
2015-07-23 11:16:18 +05:30
Pavel Kopyl
02d5e5d94a Add forced deletion support to _dl_close_worker
https://sourceware.org/bugzilla/show_bug.cgi?id=17833

I've a shared library that contains both undefined and unique symbols.
Then I try to call the following sequence of dlopen:

1. dlopen("./libfoo.so", RTLD_NOW)
2. dlopen("./libfoo.so", RTLD_LAZY | RTLD_GLOBAL)

First dlopen call terminates with error because of undefined symbols,
but STB_GNU_UNIQUE ones set DF_1_NODELETE flag and hence block library
in the memory.

The library goes into inconsistent state as several structures remain
uninitialized. For instance, relocations for GOT table were not performed.

By the time of second dlopen call this library looks like as it would be
fully initialized but this is not true: any call through incorrect GOT
table leads to segmentation fault.  On some systems this inconsistency
triggers assertions in the dynamic linker.

This patch adds a parameter to _dl_close_worker to implement forced object
deletion in case of dlopen() failure:

1. Clears DF_1_NODELETE bit if forced, to allow library to be removed from
memory.
2. For each unique symbol that is defined in this object clears
appropriate entry in _ns_unique_sym_table.

	[BZ #17833]
	* elf/Makefile (tests): Add tst-nodelete.
	(modules-names): Add tst-nodelete-uniquemod.
	(tst-nodelete-uniquemod.so-no-z-defs): New.
	(tst-nodelete-rtldmod.so-no-z-defs): Likewise.
	(tst-nodelete-zmod.so-no-z-defs): Likewise.
	($(objpfx)tst-nodelete): Likewise.
	($(objpfx)tst-nodelete.out): Likewise.
	(LDFLAGS-tst-nodelete): Likewise.
	(LDFLAGS-tst-nodelete-zmod.so): Likewise.
	* elf/dl-close.c (_dl_close_worker): Add a parameter to
	implement forced object deletion.
	(_dl_close): Pass false to _dl_close_worker.
	* elf/dl-open.c (_dl_open): Pass true to _dl_close_worker.
	* elf/tst-nodelete.cc: New file.
	* elf/tst-nodeletelib.cc: Likewise.
	* elf/tst-znodeletelib.cc: Likewise.
	* include/dlfcn.h (_dl_close_worker): Add a new parameter.
2015-07-07 11:06:56 -07:00
Roland McGrath
2bd2cad9e8 Avoid confusing compiler with dynamically impossible statically invalid dereference in _dl_close_worker. 2015-04-17 14:29:40 -07:00
Joseph Myers
b168057aaa Update copyright dates with scripts/update-copyrights. 2015-01-02 16:29:47 +00:00
Roland McGrath
fcccd51286 Factor mmap/munmap of PT_LOAD segments out of _dl_map_object_from_fd et al. 2014-04-03 10:47:14 -07:00
Ondřej Bílka
a1ffb40e32 Use glibc_likely instead __builtin_expect. 2014-02-10 15:07:12 +01:00
Maciej W. Rozycki
0d23a5c1b1 [BZ #16046] Static dlopen correction fallout fixes.
Fixes to address issues from BZ #15022 resolution, as follows:

* TLS updates to csu/libc-tls.c -- we now have a proper main map, so
  there's no longer a need to create a separate fake one to keep TLS
  structures,

* random updates to elf/dl-close.c -- LM_ID_BASE is now a valid name
  space ID for static executables as well, so assert that we don't
  unload the main map.  Similarly dl_nns isn't supposed to be 0 for
  static executables anymore,

* actual BZ #16046 fix to elf/dl-iteratephdr.c -- the dl_iterate_phdr
  special function for static executables isn't needed anymore, provided
  that l_phdr and l_phnum members of the main map have been properly
  initialized (done in _dl_non_dynamic_init in elf/dl-support.c now),

* ld.so.cache loader update to elf/dl-load.c --
  GL(dl_ns)[LM_ID_BASE]._ns_loaded is now always initialized in static
  executables so can become the fallback loader map to check for
  DF_1_NODEFLIB, provided that the l_flags_1 member of the main map has
  been properly initialized (done in elf/dl-support.c now); this also
  ensures previous semantics elsewhere in elf/dl-load.c,

* matching updates to elf/dl-support.c -- to complement the two fixes
  above.
2014-01-31 17:51:31 +00:00
Allan McRae
d4697bc93d Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
Guy Martin
daf75146de Don't use broken DL_AUTO_FUNCTION_ADDRESS()
On hppa and ia64, the macro DL_AUTO_FUNCTION_ADDRESS() uses the
variable fptr[2] in it's own scope.

The content of fptr[] is thus undefined right after the macro exits.
Newer gcc's (>= 4.7) reuse the stack space of this variable triggering
a segmentation fault in dl-init.c:69.

To fix this we rewrite the macros to make the call directly to init
and fini without needing to pass back a constructed function pointer.
2013-11-21 15:52:31 -05:00
Carlos O'Donell
3612972234 Add more comments to dlclose() algorithm.
The algorithm for scanning dependencies upon dlclose is
less than immediately obvious. This patch adds two bits
of comments that explain why you start the dependency
search at l_initfini[1], and why you need to restart
the search.

---

2013-05-09  Carlos O'Donell  <carlos@redhat.com>

	* elf/dl-close.c (_dl_close_worker): Add comments.
2013-05-09 17:37:15 -04:00
Joseph Myers
568035b787 Update copyright notices with scripts/update-copyrights. 2013-01-02 19:05:09 +00:00
Joseph Myers
8b748aed2a Support --with-pkgversion and --with-bugurl. 2012-11-09 22:13:45 +00:00
Roland McGrath
b7c08a66f6 Add a cast to silence a warning. 2012-08-17 09:49:37 -07:00
Gary Benson
d9195db871 Also set r->r_map when unmapping the first object in a namespace.
When unmapping the first object in a namespace, the runtime linker
did not update the externally visible pointer.  This resulted in
debuggers seeing pointers to memory that had been freed.
2012-08-17 11:44:37 +01:00
Gary Benson
815e6fa3e0 Add SystemTap static probes to the runtime linker. [BZ #14298] 2012-07-27 14:03:20 +01:00
Andreas Schwab
0479b305c5 Fix invalid memory access in do_lookup_x.
[BZ #13579] Do not free l_initfini and allow it to be reused
on subsequent dl_open calls for the same library. This fixes
the invalid memory access in do_lookup_x when the previously
free'd l_initfini was accessed through l_searchlist when a
library had been opened for the second time.
2012-06-22 11:10:31 -07:00
Paul Eggert
59ba27a63a Replace FSF snail mail address with URLs. 2012-02-09 23:18:22 +00:00
Andreas Schwab
39dd69dfb9 Fix scope handling during dl_close 2011-08-24 09:32:13 +02:00
Marek Polacek
c8835729b8 _dl_sort_fini: Remove unused argument 2011-07-19 20:27:43 -04:00
Ulrich Drepper
b36b153d5d Revert unwanted patch 2011-06-21 12:40:22 -04:00
Ulrich Drepper
75d39ff212 Add missing DL_CALL_FCT 2011-06-21 11:23:25 -04:00
Alan Modra
66bdbaa452 static tls memory leak on TLS_DTV_AT_TP archs 2011-05-07 21:27:51 -04:00
Andreas Schwab
4bff6e0175 Fix memory leak in dlopen with RTLD_NOLOAD. 2011-02-25 20:49:48 -05:00
Andreas Schwab
56801c50d4 Move freeres function from ld.so to libc.so. 2010-09-21 13:52:12 -07:00
Ulrich Drepper
d85f8ff667 Revert unwanted patch. Again. 2010-06-27 19:52:51 -07:00