https://sourceware.org/bugzilla/show_bug.cgi?id=17833
I've a shared library that contains both undefined and unique symbols.
Then I try to call the following sequence of dlopen:
1. dlopen("./libfoo.so", RTLD_NOW)
2. dlopen("./libfoo.so", RTLD_LAZY | RTLD_GLOBAL)
First dlopen call terminates with error because of undefined symbols,
but STB_GNU_UNIQUE ones set DF_1_NODELETE flag and hence block library
in the memory.
The library goes into inconsistent state as several structures remain
uninitialized. For instance, relocations for GOT table were not performed.
By the time of second dlopen call this library looks like as it would be
fully initialized but this is not true: any call through incorrect GOT
table leads to segmentation fault. On some systems this inconsistency
triggers assertions in the dynamic linker.
This patch adds a parameter to _dl_close_worker to implement forced object
deletion in case of dlopen() failure:
1. Clears DF_1_NODELETE bit if forced, to allow library to be removed from
memory.
2. For each unique symbol that is defined in this object clears
appropriate entry in _ns_unique_sym_table.
[BZ #17833]
* elf/Makefile (tests): Add tst-nodelete.
(modules-names): Add tst-nodelete-uniquemod.
(tst-nodelete-uniquemod.so-no-z-defs): New.
(tst-nodelete-rtldmod.so-no-z-defs): Likewise.
(tst-nodelete-zmod.so-no-z-defs): Likewise.
($(objpfx)tst-nodelete): Likewise.
($(objpfx)tst-nodelete.out): Likewise.
(LDFLAGS-tst-nodelete): Likewise.
(LDFLAGS-tst-nodelete-zmod.so): Likewise.
* elf/dl-close.c (_dl_close_worker): Add a parameter to
implement forced object deletion.
(_dl_close): Pass false to _dl_close_worker.
* elf/dl-open.c (_dl_open): Pass true to _dl_close_worker.
* elf/tst-nodelete.cc: New file.
* elf/tst-nodeletelib.cc: Likewise.
* elf/tst-znodeletelib.cc: Likewise.
* include/dlfcn.h (_dl_close_worker): Add a new parameter.
This tag allows debugging of MIPS position independent executables
and provides access to shared library information.
* elf/elf.h (DT_MIPS_RLD_MAP_REL): New macro.
(DT_MIPS_NUM): Update.
* sysdeps/mips/dl-machine.h (ELF_MACHINE_DEBUG_SETUP): Handle
DT_MIPS_RLD_MAP_REL.
To support building glibc with GCC 6 configured with --enable-default-pie,
which generates PIE by default, we need to build programs as PIE. But
elf/tst-dlopen-aout must not be built as PIE since it tests dlopen on
ET_EXEC file and PIE is ET_DYN.
[BZ #17841]
* Makeconfig (no-pie-ldflag): New.
(+link): Set to $(+link-pie) if default to PIE.
(+link-tests): Set to $(+link-pie-tests) if default to PIE.
* config.make.in (build-pie-default): New.
* configure.ac (libc_cv_pie_default): New. Set to yes if -fPIE
is default. AC_SUBST.
* configure: Regenerated.
* elf/Makefile (LDFLAGS-tst-dlopen-aout): New.
We need to align TCB offset to the maximum alignment for TLS_TCB_AT_TP
targets, as _dl_allocate_tls_storage (in elf/dl-tls.c) does using
__libc_memalign and dl_tls_static_align.
[BZ #18383]
* csu/libc-tls.c (__libc_setup_tls) [TLS_TCB_AT_TP]: Align
TCB_OFFSET to MAX_ALIGN, not just TCBALIGN. Add comment.
* elf/Makefile (test-xfail-tst-tlsalign{,-static}): Remove
comment for i386/x86-64.
(test-xfail-tst-tlsalign-extern-static): Removed.
Many packages, including GCC, install Python files for GDB in library
diretory. ldconfig reads them and issue errors since they aren't ELF
files:
ldconfig: /usr/gcc-5.1.1/lib/libstdc++.so.6.0.21-gdb.py is not an ELF file - it has the wrong magic bytes at the start.
ldconfig: /usr/gcc-5.1.1/libx32/libstdc++.so.6.0.21-gdb.py is not an ELF file - it has the wrong magic bytes at the start.
ldconfig: /usr/gcc-5.1.1/lib64/libstdc++.so.6.0.21-gdb.py is not an ELF file - it has the wrong magic bytes at the start.
This patch silences ldconfig on GDB Python files by checking filenames
with -gdb.py suffix.
[BZ #18585]
* elf/readlib.c (is_gdb_python_file): New.
(process_file): Don't issue errors on filenames with -gdb.py
suffix.
Lazy TLSDESC initialization needs to be synchronized with concurrent TLS
accesses. The TLS descriptor contains a function pointer (entry) and an
argument that is accessed from the entry function. With lazy initialization
the first call to the entry function updates the entry and the argument to
their final value. A final entry function must make sure that it accesses an
initialized argument, this needs synchronization on systems with weak memory
ordering otherwise the writes of the first call can be observed out of order.
There are at least two issues with the current code:
tlsdesc.c (i386, x86_64, arm, aarch64) uses volatile memory accesses on the
write side (in the initial entry function) instead of C11 atomics.
And on systems with weak memory ordering (arm, aarch64) the read side
synchronization is missing from the final entry functions (dl-tlsdesc.S).
This patch only deals with aarch64.
* Write side:
Volatile accesses were replaced with C11 relaxed atomics, and a release
store was used for the initialization of entry so the read side can
synchronize with it.
* Read side:
TLS access generated by the compiler and an entry function code is roughly
ldr x1, [x0] // load the entry
blr x1 // call it
entryfunc:
ldr x0, [x0,#8] // load the arg
ret
Various alternatives were considered to force the ordering in the entry
function between the two loads:
(1) barrier
entryfunc:
dmb ishld
ldr x0, [x0,#8]
(2) address dependency (if the address of the second load depends on the
result of the first one the ordering is guaranteed):
entryfunc:
ldr x1,[x0]
and x1,x1,#8
orr x1,x1,#8
ldr x0,[x0,x1]
(3) load-acquire (ARMv8 instruction that is ordered before subsequent
loads and stores)
entryfunc:
ldar xzr,[x0]
ldr x0,[x0,#8]
Option (1) is the simplest but slowest (note: this runs at every TLS
access), options (2) and (3) do one extra load from [x0] (same address
loads are ordered so it happens-after the load on the call site),
option (2) clobbers x1 which is problematic because existing gcc does
not expect that, so approach (3) was chosen.
A new _dl_tlsdesc_return_lazy entry function was introduced for lazily
relocated static TLS, so non-lazy static TLS can avoid the synchronization
cost.
[BZ #18034]
* sysdeps/aarch64/dl-tlsdesc.h (_dl_tlsdesc_return_lazy): Declare.
* sysdeps/aarch64/dl-tlsdesc.S (_dl_tlsdesc_return_lazy): Define.
(_dl_tlsdesc_undefweak): Guarantee TLSDESC entry and argument load-load
ordering using ldar.
(_dl_tlsdesc_dynamic): Likewise.
(_dl_tlsdesc_return_lazy): Likewise.
* sysdeps/aarch64/tlsdesc.c (_dl_tlsdesc_resolve_rela_fixup): Use
relaxed atomics instead of volatile and synchronize with release store.
(_dl_tlsdesc_resolve_hold_fixup): Use relaxed atomics instead of
volatile.
* elf/tlsdeschtab.h (_dl_tlsdesc_resolve_early_return_p): Likewise.
Make runtime-linker.h available outside $(elf-objpfx) by moving
the file to $(common-objpfx) and the rules for it to Makerules.
Tested for x86_64 and x86 (testsuite, and that no compiled code
changed by the patch).
* Makeconfig (+interp): Remove unused variable.
* elf/Makefile ($(objpfx)interp.os): Define for [$(build-shared) = yes]
only. Depend on $(common-objpfx)runtime-linker.h instead of
$(elf-objpfx)runtime-linker.h.
($(elf-objpfx)runtime-linker.h): Rename to
$(common-objpfx)runtime-linker.h and move ...
* Makerules [$(build-shared) = yes]: ... here.
* elf/interp.c: Include <runtime-linker.h> instead of
<elf/runtime-linker.h>.
PLT relocations aren't required when -z now used. Linker on master with:
commit 25070364b0ce33eed46aa5d78ebebbec6accec7e
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Sat May 16 07:00:21 2015 -0700
Don't generate PLT relocations for now binding
There is no need for PLT relocations with -z now. We can use GOT
relocations, which take less space, instead and replace 16-byte .plt
entres with 8-byte .plt.got entries.
bfd/
* elf32-i386.c (elf_i386_check_relocs): Create .plt.got section
for now binding.
(elf_i386_allocate_dynrelocs): Use .plt.got section for now
binding.
* elf64-x86-64.c (elf_x86_64_check_relocs): Create .plt.got
section for now binding.
(elf_x86_64_allocate_dynrelocs): Use .plt.got section for now
binding.
won't generate PLT relocations with -z now. elf/tst-audit2.c expect
certain order of execution in ld.so. With PLT relocations, the GOTPLT
entry of calloc is update to calloc defined in tst-audit2:
(gdb) bt
skip_ifunc=<optimized out>, reloc_addr_arg=<optimized out>,
version=<optimized out>, sym=<optimized out>, map=<optimized out>)
at ../sysdeps/i386/dl-machine.h:329
out>,
nrelative=<optimized out>, relsize=<optimized out>,
reladdr=<optimized out>, map=<optimized out>) at do-rel.h:137
reloc_mode=reloc_mode@entry=0,
consider_profiling=1, consider_profiling@entry=0) at dl-reloc.c:258
user_entry=0xffffcf1c, auxv=0xffffd0a8) at rtld.c:2133
start_argptr=start_argptr@entry=0xffffcfb0,
dl_main=dl_main@entry=0xf7fda6f0 <dl_main>) at
../elf/dl-sysdep.c:249
from /export/build/gnu/glibc-32bit/build-i686-linux/elf/ld.so
(gdb)
and then calloc is called:
(gdb) c
Continuing.
Breakpoint 4, calloc (n=n@entry=20, m=4) at tst-audit2.c:18
18 {
(gdb) bt
reloc_mode=reloc_mode@entry=0, consider_profiling=1,
consider_profiling@entry=0) at dl-reloc.c:272
user_entry=0xffffcf1c, auxv=0xffffd0a8) at rtld.c:2133
start_argptr=start_argptr@entry=0xffffcfb0,
dl_main=dl_main@entry=0xf7fda6f0 <dl_main>) at
../elf/dl-sysdep.c:249
from /export/build/gnu/glibc-32bit/build-i686-linux/elf/ld.so
(gdb)
With GOT relocation, calloc in ld.so is called first:
(gdb) bt
consider_profiling=1) at dl-reloc.c:272
user_entry=0xffffcf0c, auxv=0xffffd098) at rtld.c:2074
start_argptr=start_argptr@entry=0xffffcfa0,
dl_main=dl_main@entry=0xf7fda6c0 <dl_main>) at
../elf/dl-sysdep.c:249
from /export/build/gnu/glibc-32bit-test/build-i686-linux/elf/ld.so
(gdb)
and then the GOT entry of calloc is updated:
(gdb) bt
skip_ifunc=<optimized out>, reloc_addr_arg=<optimized out>,
version=<optimized out>, sym=<optimized out>, map=<optimized out>)
at ../sysdeps/i386/dl-machine.h:329
out>,
nrelative=<optimized out>, relsize=<optimized out>,
reladdr=<optimized out>, map=<optimized out>) at do-rel.h:137
reloc_mode=reloc_mode@entry=0,
consider_profiling=1, consider_profiling@entry=0) at dl-reloc.c:258
user_entry=0xffffcf0c, auxv=0xffffd098) at rtld.c:2133
start_argptr=start_argptr@entry=0xffffcfa0,
dl_main=dl_main@entry=0xf7fda6c0 <dl_main>) at
../elf/dl-sysdep.c:249
from /export/build/gnu/glibc-32bit-test/build-i686-linux/elf/ld.so
(gdb)
After that, since calloc isn't called from ld.so nor any other modules,
magic in tst-audit2 isn't updated. Both orders are correct. This patch
makes sure that calloc in tst-audit2.c is called at least once from ld.so.
[BZ #18422]
* Makefile ($(objpfx)tst-audit2): Depend on $(libdl).
($(objpfx)tst-audit2.out): Also depend on
$(objpfx)tst-auditmod9b.so.
* elf/tst-audit2.c: Include <dlfcn.h>.
(calloc_called): New.
(calloc): Allow to be called more than once.
(do_test): dllopen/dlclose $ORIGIN/tst-auditmod9b.so.
A shared object doesn't need PLT if there are no PLT relocations. It
shouldn't be an error if DT_PLTRELSZ is missing.
[BZ #18410]
* elf/dl-reloc.c (_dl_relocate_object): Don't issue an error
for missing DT_PLTRELSZ.
Any use of SHF_EXCLUDE in code that tries to check it against sh_flags
will trigger undefined behaviour because it is defined as a 31 bit shift
against an signed integer. Fix by explicitly using an unsigned int.
Linkers in some versions of binutils 2.25 and 2.26 don't support protected
data symbol with error messsage like:
/usr/bin/ld: copy reloc against protected `bar' is invalid
/usr/bin/ld: failed to set dynamic section sizes: Bad value
We check if linker supports copy reloc against protected data symbol to
avoid running the test if linker is broken.
[BZ #17711]
* config.make.in (have-protected-data): New.
* configure.ac: Check linker support for protected data symbol.
* configure: Regenerated.
* elf/Makefile (modules-names): Add tst-protected1moda and
tst-protected1modb if $(have-protected-data) is yes.
(tests): Add tst-protected1a and tst-protected1b if
$(have-protected-data) is yes.
($(objpfx)tst-protected1a): New.
($(objpfx)tst-protected1b): Likewise.
(tst-protected1modb.so-no-z-defs): Likewise.
* elf/tst-protected1a.c: New file.
* elf/tst-protected1b.c: Likewise.
* elf/tst-protected1mod.h: Likewise.
* elf/tst-protected1moda.c: Likewise.
* elf/tst-protected1modb.c: Likewise.
With copy relocation, address of protected data defined in the shared
library may be external. When there is a relocation against the
protected data symbol within the shared library, we need to check if we
should skip the definition in the executable copied from the protected
data. This patch adds ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA and defines
it for x86. If ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA isn't 0, do_lookup_x
will skip the data definition in the executable from copy reloc.
[BZ #17711]
* elf/dl-lookup.c (do_lookup_x): When UNDEF_MAP is NULL, which
indicates it is called from do_lookup_x on relocation against
protected data, skip the data definion in the executable from
copy reloc.
(_dl_lookup_symbol_x): Pass ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA,
instead of ELF_RTYPE_CLASS_PLT, to do_lookup_x for
EXTERN_PROTECTED_DATA relocation against STT_OBJECT symbol.
* sysdeps/generic/ldsodefs.h * (ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA):
New. Defined to 4 if DL_EXTERN_PROTECTED_DATA is defined,
otherwise to 0.
* sysdeps/i386/dl-lookupcfg.h (DL_EXTERN_PROTECTED_DATA): New.
* sysdeps/i386/dl-machine.h (elf_machine_type_class): Set class
to ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA for R_386_GLOB_DAT.
* sysdeps/x86_64/dl-lookupcfg.h (DL_EXTERN_PROTECTED_DATA): New.
* sysdeps/x86_64/dl-machine.h (elf_machine_type_class): Set class
to ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA for R_X86_64_GLOB_DAT.
This patch is glibc support for a PowerPC TLS optimization, inspired
by Alexandre Oliva's TLS optimization for other processors,
http://www.lsd.ic.unicamp.br/~oliva/writeups/TLS/RFC-TLSDESC-x86.txt
In essence, this optimization uses a zero module id in the tls_index
GOT entry to indicate that a TLS variable is allocated space in the
static TLS area. A special plt call linker stub for __tls_get_addr
checks for such a tls_index and if found, returns the offset
immediately. The linker communicates the fact that the special
__tls_get_addr stub is used by setting a bit in the dynamic tag
DT_PPC64_OPT/DT_PPC_OPT. glibc communicates to the linker that this
optimization is available by the presence of __tls_get_addr_opt.
tst-tlsmod2.so is built with -Wl,--no-tls-get-addr-optimize for
tst-tls-dlinfo, which otherwise would fail since it tests that no
static tls is allocated. The ld option --no-tls-get-addr-optimize has
been available since binutils-2.20 so doesn't need a configure test.
* NEWS: Advertise TLS optimization.
* elf/elf.h (R_PPC_TLSGD, R_PPC_TLSLD, DT_PPC_OPT, PPC_OPT_TLS): Define.
(DT_PPC_NUM): Increment.
* elf/dynamic-link.h (HAVE_STATIC_TLS): Define.
(CHECK_STATIC_TLS): Use here.
* sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela): Optimize
TLS descriptors.
* sysdeps/powerpc/powerpc64/dl-machine.h (elf_machine_rela): Likewise.
* sysdeps/powerpc/dl-tls.c: New file.
* sysdeps/powerpc/Versions: Add __tls_get_addr_opt.
* sysdeps/powerpc/tst-tlsopt-powerpc.c: New tls test.
* sysdeps/unix/sysv/linux/powerpc/Makefile: Add new test.
Build tst-tlsmod2.so with --no-tls-get-addr-optimize.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/ld.abilist: Update.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/ld.abilist: Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc64/ld-le.abilist: Likewise.
for ChangeLog
[BZ #17090]
[BZ #17620]
[BZ #17621]
[BZ #17628]
* NEWS: Update.
* elf/dl-tls.c (_dl_update_slotinfo): Clean up outdated DTV
entries with Static TLS too. Skip entries past the end of the
allocated DTV, from Alan Modra.
(tls_get_addr_tail): Update to glibc_likely/unlikely. Move
Static TLS DTV entry set up from...
(_dl_allocate_tls_init): ... here (fix modid assertion), ...
* elf/dl-reloc.c (_dl_nothread_init_static_tls): ... here...
* nptl/allocatestack.c (init_one_static_tls): ... and here...
* elf/dlopen.c (dl_open_worker): Drop l_tls_modid upper bound
for Static TLS.
* elf/tlsdeschtab.h (map_generation): Return size_t. Check
that the slot we find is associated with the given map before
using its generation count.
* nptl_db/db_info.c: Include ldsodefs.h.
(rtld_global, dtv_slotinfo_list, dtv_slotinfo): New typedefs.
* nptl_db/structs.def (DB_RTLD_VARIABLE): New macro.
(DB_MAIN_VARIABLE, DB_RTLD_GLOBAL_FIELD): Likewise.
(link_map::l_tls_offset): New struct field.
(dtv_t::counter): Likewise.
(rtld_global): New struct.
(_rtld_global): New rtld variable.
(dl_tls_dtv_slotinfo_list): New rtld global field.
(dtv_slotinfo_list): New struct.
(dtv_slotinfo): Likewise.
* nptl_db/td_symbol_list.c: Drop gnu/lib-names.h include.
(td_lookup): Rename to...
(td_mod_lookup): ... this. Use new mod parameter instead of
LIBPTHREAD_SO.
* nptl_db/td_thr_tlsbase.c: Include link.h.
(dtv_slotinfo_list, dtv_slotinfo): New functions.
(td_thr_tlsbase): Check DTV generation. Compute Static TLS
addresses even if the DTV is out of date or missing them.
* nptl_db/fetch-value.c (_td_locate_field): Do not refuse to
index zero-length arrays.
* nptl_db/thread_dbP.h: Include gnu/lib-names.h.
(td_lookup): Make it a macro implemented in terms of...
(td_mod_lookup): ... this declaration.
* nptl_db/db-symbols.awk (DB_RTLD_VARIABLE): Override.
(DB_MAIN_VARIABLE): Likewise.
ldconfig is using an aux-cache to speed up the ld.so.cache update. It
is read by mmaping the file to a structure which contains data offsets
used as pointers. As they are not checked, it is not hard to get
ldconfig to segfault with a corrupted file. This happens for instance if
the file is truncated, which is common following a filesystem check
following a system crash.
This can be reproduced for example by truncating the file to roughly
half of it's size.
There is already some code in elf/cache.c (load_aux_cache) to check
for a corrupted aux cache, but it happens to be broken and not enough.
The test (aux_cache->nlibs >= aux_cache_size) compares the number of
libs entry with the cache size. It's a non sense, as it basically
assumes that each library entry is a 1 byte... Instead this commit
computes the theoretical cache size using the headers and compares it
to the real size.
With copy relocation, address of protected data defined in the shared
library may be external. Compiler shouldn't asssume protected data will
be local. But due to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65248
__attribute__((visibility("protected"))) doesn't work correctly, we need
to use asm (".protected xxx") instead.
* elf/ifuncdep2.c (global): Replace
__attribute__((visibility("protected"))) with
asm (".protected global").
* elf/ifuncmod1.c (global): Likewise.
* elf/ifuncmod5.c (global): Likewise.
Protocted symbol in shared library can only be accessed from PIE
or shared library. Linker in binutils 2.26 enforces it. We must
compile vismain with -fPIE and link it with -pie.
[BZ #17711]
* elf/Makefile (tests): Add vismain only if PIE is enabled.
(tests-pie): Add vismain.
(CFLAGS-vismain.c): New.
* elf/vismain.c: Add comments for PIE requirement.
We are replacing all of the bespoke alignment code with
ALIGN_UP, ALIGN_DOWN, PTR_ALIGN_UP, and PTR_ALIGN_DOWN.
This cleans up malloc/malloc.c, malloc/arena.c, and
elf/dl-reloc.c. It also makes all the code consistently
use pagesize, and powerof2 as required.
Code size is reduced with the removal of precomputed
pagemask, and use of pagesize instead. No measurable
difference in performance.
No regressions on x86_64.
The ability to recursively call dlopen is useful for malloc
implementations that wish to load other dynamic modules that
implement reentrant/AS-safe functions to use in their own
implementation.
Given that a user malloc implementation may be called by an
ongoing dlopen to allocate memory the user malloc
implementation interrupts dlopen and if it calls dlopen again
that's a reentrant call.
This patch fixes the issues with the ld.so.cache mapping
and the _r_debug assertion which prevent this from working
as expected.
See:
https://sourceware.org/ml/libc-alpha/2014-12/msg00446.html
__tls_get_addr/___tls_get_addr is always defined in ld.so. There is
no need to call them via PLT inside ld.so. This patch adds the hidden
__tls_get_addr/___tls_get_addr aliases and calls them directly from
_dl_tlsdesc_dynamic. There is no need to set up the EBX register in
i386 _dl_tlsdesc_dynamic when calling the hidden ___tls_get_addr.
* elf/dl-tls.c (__tls_get_addr): Provide the hidden definition
if not defined.
* sysdeps/i386/dl-tls.h (___tls_get_addr): Provide the hidden
definition.
* sysdeps/i386/dl-tlsdesc.S (_dl_tlsdesc_dynamic): Call the
hidden ___tls_get_addr.
* sysdeps/x86_64/dl-tlsdesc.S (_dl_tlsdesc_dynamic): Call the
hidden __tls_get_addr.
* sysdeps/generic/localplt.data (__tls_get_addr): Removed.
* sysdeps/unix/sysv/linux/i386/localplt.data (___tls_get_addr):
Likewise.
This patch fixes a warning "tst-unique4lib.cc:17:12: warning: 'b'
defined but not used [-Wunused-variable]". I'm not sure exactly what
aspects of the test are or are not significant for the issue it is
testing for; the patch makes the minimal change of marking the
variable with __attribute__ ((used)).
Tested for x86_64.
* elf/tst-unique4lib.cc (b): Mark with __attribute__ ((used)).
Developers creating development packages must take care
to have their static linker DSO link point to the actual
SONAME file. This allows ldconfig to correctly create
the required links for the SONAME. The behaviour is now
more clearly documented in a code comment added by this
patch.
