about summary refs log tree commit diff
path: root/elf
Commit message (Collapse)AuthorAgeFilesLines
* Fix SXID_ERASE behavior in setuid programs (BZ #27471)Siddhesh Poyarekar2021-04-142-30/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | When parse_tunables tries to erase a tunable marked as SXID_ERASE for setuid programs, it ends up setting the envvar string iterator incorrectly, because of which it may parse the next tunable incorrectly. Given that currently the implementation allows malformed and unrecognized tunables pass through, it may even allow SXID_ERASE tunables to go through. This change revamps the SXID_ERASE implementation so that: - Only valid tunables are written back to the tunestr string, because of which children of SXID programs will only inherit a clean list of identified tunables that are not SXID_ERASE. - Unrecognized tunables get scrubbed off from the environment and subsequently from the child environment. - This has the side-effect that a tunable that is not identified by the setxid binary, will not be passed on to a non-setxid child even if the child could have identified that tunable. This may break applications that expect this behaviour but expecting such tunables to cross the SXID boundary is wrong. Reviewed-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 2ed18c5b534d9e92fc006202a5af0df6b72e7aca)
* Enhance setuid-tunables testSiddhesh Poyarekar2021-04-142-23/+69
| | | | | | | | | | | | Instead of passing GLIBC_TUNABLES via the environment, pass the environment variable from parent to child. This allows us to test multiple variables to ensure better coverage. The test list currently only includes the case that's already being tested. More tests will be added later. Reviewed-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 061fe3f8add46a89b7453e87eabb9c4695005ced)
* tst-env-setuid: Use support_capture_subprogram_self_sgidSiddhesh Poyarekar2021-04-141-183/+14
| | | | | | | Use the support_capture_subprogram_self_sgid to spawn an sgid child. Reviewed-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit ca335281068a1ed549a75ee64f90a8310755956f)
* x86: Check IFUNC definition in unrelocated executable [BZ #20019]H.J. Lu2021-01-133-15/+9
| | | | | | | | | | | | | | | | | | | | | | | Calling an IFUNC function defined in unrelocated executable also leads to segfault. Issue a fatal error message when calling IFUNC function defined in the unrelocated executable from a shared library. On x86, ifuncmain6pie failed with: [hjl@gnu-cfl-2 build-i686-linux]$ ./elf/ifuncmain6pie --direct ./elf/ifuncmain6pie: IFUNC symbol 'foo' referenced in '/export/build/gnu/tools-build/glibc-32bit/build-i686-linux/elf/ifuncmod6.so' is defined in the executable and creates an unsatisfiable circular dependency. [hjl@gnu-cfl-2 build-i686-linux]$ readelf -rW elf/ifuncmod6.so | grep foo 00003ff4 00000706 R_386_GLOB_DAT 0000400c foo_ptr 00003ff8 00000406 R_386_GLOB_DAT 00000000 foo 0000400c 00000401 R_386_32 00000000 foo [hjl@gnu-cfl-2 build-i686-linux]$ Remove non-JUMP_SLOT relocations against foo in ifuncmod6.so, which trigger the circular IFUNC dependency, and build ifuncmain6pie with -Wl,-z,lazy. (cherry picked from commits 6ea5b57afa5cdc9ce367d2b69a2cebfb273e4617 and 7137d682ebfcb6db5dfc5f39724718699922f06c)
* Fix elf/tst-rtld-preload cross-testing.Joseph Myers2020-01-242-9/+8
| | | | | | | | | | | | | | | | | As noted in <https://sourceware.org/ml/libc-alpha/2019-06/msg00824.html>, elf/tst-rtld-preload fails when cross-testing because it attempts to run the test wrapper with itself. Unfortunately, that thread never resulted in a complete and correct patch for that test. This patch addresses the issues with that test more thoroughly. The test is changed not to use the wrapper twice, including updating the message it prints about the command it runs to be more complete and accurate after the change; the Makefile is changed not to pass the redundant '$(test-wrapper)' argument. Tested for Arm that this fixes the failure seen for that test in cross-testing.
* Fix cross-testing of tst-ifunc-fault-* tests.Joseph Myers2020-01-231-3/+4
| | | | | | | | | | The tests elf/tst-ifunc-fault-bindnow and elf/tst-ifunc-fault-lazy fail in cross-testing because they run the dynamic linker directly without using the test wrapper. This patch fixes them to use the test wrapper instead. Tested that this fixes the failure of those two tests for powerpc soft-float.
* powerpc: Move cache line size to rtld_global_roTulio Magno Quites Machado Filho2020-01-172-4/+2
| | | | | | | | | | | | | | GCC 10.0 enabled -fno-common by default and this started to point that __cache_line_size had been implemented in 2 different places: loader and libc. In order to avoid this duplication, the libc variable has been removed and the loader variable is moved to rtld_global_ro. File sysdeps/unix/sysv/linux/powerpc/dl-auxv.h has been added in order to reuse code for both static and dynamic linking scenarios. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* elf: Add elf/tst-dlopenfail-2 [BZ #25396]Florian Weimer2020-01-163-2/+83
| | | | | | | | | | | | | Without CET, a jump into a newly loaded object through an overwritten link map often does not crash, it just executes some random code. CET detects this in some cases because the function pointer does not point to the start of a function in the replacement shared object, so there is no ENDBR instruction. The new test uses a small shared object and the existing dangling link map to trigger the bug. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Clear GL(dl_initfirst) when freeing its link_map memory [BZ# 25396]H.J. Lu2020-01-161-0/+4
| | | | | | | | We should clear GL(dl_initfirst) when freeing its link_map memory. Tested on Fedora 31/x86-64 with CET. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Fix "elf: Add tst-ldconfig-ld_so_conf-update test" on 32bit.Stefan Liebler2020-01-131-2/+4
| | | | | | | | | | This new test was introduced with recent commit 591236f1a33f11cc65ccf009d997071ba853e186. If run on 32bit, it fails while renaming tst-ldconfig-ld-mod.so as there is no /usr/lib64 directory. This patch is constructing the file name with help of support_libdir_prefix. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* elf: Add tst-ldconfig-ld_so_conf-update testAlexandra Hájková2020-01-095-3/+132
| | | | | | | | Test ldconfig after /etc/ld.so.conf update and verify a running process observes changes to /etc/ld.so.cache. The test uses the test-in-container framework. Reviewed-by: Arjun Shankar <arjun@redhat.com>
* elf: Move vDSO setup to rtld (BZ#24967)Adhemerval Zanella2020-01-032-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | This patch moves the vDSO setup from libc to loader code, just after the vDSO link_map setup. For static case the initialization is moved to _dl_non_dynamic_init instead. Instead of using the mangled pointer, the vDSO data is set as attribute_relro (on _rtld_global_ro for shared or _dl_vdso_* for static). It is read-only even with partial relro. It fixes BZ#24967 now that the vDSO pointer is setup earlier than malloc interposition is called. Also, vDSO calls should not be a problem for static dlopen as indicated by BZ#20802. The vDSO pointer would be zero-initialized and the syscall will be issued instead. Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, arm-linux-gnueabihf, powerpc64le-linux-gnu, powerpc64-linux-gnu, powerpc-linux-gnu, s390x-linux-gnu, sparc64-linux-gnu, and sparcv9-linux-gnu. I also run some tests on mips. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* elf: Enable relro for static buildAdhemerval Zanella2020-01-031-4/+14
| | | | | | | | | | | | | | | | | | | | | The code is similar to the one at elf/dl-reloc.c, where it checks for the l_relro_size from the link_map (obtained from PT_GNU_RELRO header from program headers) and calls_dl_protected_relro. For testing I will use the ones proposed by Florian's patch 'elf: Add tests for working RELRO protection' [1]. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, aarch64-linux-gnu, s390x-linux-gnu, and sparc64-linux-gnu. I also check with --enable-static pie on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu which seems the only architectures where static PIE is actually working (as per 9d7a3741c9e, on arm-linux-gnueabihf, powerpc64{le}-linux-gnu, and s390x-linux-gnu I am seeing runtime issues not related to my patch). [1] https://sourceware.org/ml/libc-alpha/2019-10/msg00059.html Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Update copyright dates not handled by scripts/update-copyrights.Joseph Myers2020-01-015-5/+5
| | | | | | | | | | | | | | | I've updated copyright dates in glibc for 2020. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus libc.texinfo which previously had to be handled manually but is now successfully updated by update-copyrights), there is a fix to sysdeps/unix/sysv/linux/powerpc/bits/termios-c_lflag.h where a typo in the copyright notice meant it failed to be updated automatically. Please remember to include 2020 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-01212-212/+212
|
* Fix test isolation for elf/tst-ifunc-fault-lazy, elf/tst-ifunc-fault-bindnowFlorian Weimer2019-12-191-4/+3
| | | | | | | Previously, ld.so was invoked only with the elf subdirectory on the library search path. Since the soname link for libc.so only exists in the top-level build directory, this leaked the system libc into the test.
* tunables: report sbrk() failureDJ Delorie2019-12-161-5/+4
| | | | Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* dlopen: Do not block signalsFlorian Weimer2019-12-131-26/+11
| | | | | | | | | | | | | | | | | | Blocking signals causes issues with certain anti-malware solutions which rely on an unblocked SIGSYS signal for system calls they intercept. This reverts commit a2e8aa0d9ea648068d8be52dd7b15f1b6a008e23 ("Block signals during the initial part of dlopen") and adds comments related to async signal safety to active_nodelete and its caller. Note that this does not make lazy binding async-signal-safe with regards to dlopen. It merely avoids introducing new async-signal-safety hazards as part of the NODELETE changes. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* dlopen: Rework handling of pending NODELETE statusFlorian Weimer2019-12-134-38/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit a2e8aa0d9ea648068d8be52dd7b15f1b6a008e23 ("Block signals during the initial part of dlopen") was deemed necessary because of read-modify-write operations like the one in add_dependency in elf/dl-lookup.c. In the old code, we check for any kind of NODELETE status and bail out: /* Redo the NODELETE check, as when dl_load_lock wasn't held yet this could have changed. */ if (map->l_nodelete != link_map_nodelete_inactive) goto out; And then set pending status (during relocation): if (flags & DL_LOOKUP_FOR_RELOCATE) map->l_nodelete = link_map_nodelete_pending; else map->l_nodelete = link_map_nodelete_active; If a signal arrives during relocation and the signal handler, through lazy binding, adds a global scope dependency on the same map, it will set map->l_nodelete to link_map_nodelete_active. This will be overwritten with link_map_nodelete_pending by the dlopen relocation code. To avoid such problems in relation to the l_nodelete member, this commit introduces two flags for active NODELETE status (irrevocable) and pending NODELETE status (revocable until activate_nodelete is invoked). As a result, NODELETE processing in dlopen does not introduce further reasons why lazy binding from signal handlers is unsafe during dlopen, and a subsequent commit can remove signal blocking from dlopen. This does not address pre-existing issues (unrelated to the NODELETE changes) which make lazy binding in a signal handler during dlopen unsafe, such as the use of malloc in both cases. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* dlopen: Fix issues related to NODELETE handling and relocationsFlorian Weimer2019-12-1323-32/+992
| | | | | | | | | | | | | | | | | | | | | | | | | The assumption behind the assert in activate_nodelete was wrong: Inconsistency detected by ld.so: dl-open.c: 459: activate_nodelete: Assertion `!imap->l_init_called || imap->l_type != lt_loaded' failed! (edit) It can happen that an already-loaded object that is in the local scope is promoted to NODELETE status, via binding to a unique symbol. Similarly, it is possible that such NODELETE promotion occurs to an already-loaded object from the global scope. This is why the loop in activate_nodelete has to cover all objects in the namespace of the new object. In do_lookup_unique, it could happen that the NODELETE status of an already-loaded object was overwritten with a pending NODELETE status. As a result, if dlopen fails, this could cause a loss of the NODELETE status of the affected object, eventually resulting in an incorrect unload. Fixes commit f63b73814f74032c0e5d0a83300e3d864ef905e5 ("Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]").
* ldconfig: Do not print a warning for a missing ld.so.conf fileFlorian Weimer2019-12-111-2/+3
| | | | | | | The configuration file is not needed for working system, so printing a warning is not helpful. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Expand $(as-needed) and $(no-as-needed) throughout the build systemFlorian Weimer2019-12-031-24/+24
| | | | | | | | | Since commit a3cc4f48e94f32c9532ee36982ac00eb1e5719b0 ("Remove --as-needed configure test."), --as-needed support is no longer optional. The macros are not much shorter and do not provide documentary value, either, so this commit removes them.
* elf: Do not run IFUNC resolvers for LD_DEBUG=unused [BZ #24214]Florian Weimer2019-12-023-0/+94
| | | | | | | | | This commit adds missing skip_ifunc checks to aarch64, arm, i386, sparc, and x86_64. A new test case ensures that IRELATIVE IFUNC resolvers do not run in various diagnostic modes of the dynamic loader. Reviewed-By: Szabolcs Nagy <szabolcs.nagy@arm.com>
* elf/tst-dlopenfail: Disable --no-as-needed for tst-dlopenfailmod1.soFlorian Weimer2019-12-021-2/+5
| | | | | Otherwise, the shared object dependency which triggers the load failure is dropped, invalidating the test.
* Move _dl_open_check to its original place in dl_open_workerFlorian Weimer2019-11-271-6/+2
| | | | | | | | | | | | This reverts the non-test change from commit d0093c5cefb7f7a4143f ("Call _dl_open_check after relocation [BZ #24259]"), given that the underlying bug has been fixed properly in commit 61b74477fa7f63 ("Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]"). Tested on x86-64-linux-gnu, with and without --enable-cet. Change-Id: I995a6cfb89f25d2b0cf5e606428c2a93eb48fc33
* Block signals during the initial part of dlopenFlorian Weimer2019-11-271-2/+26
| | | | | | | | | | | Lazy binding in a signal handler that interrupts a dlopen sees intermediate dynamic linker state. This has likely been always unsafe, but with the new pending NODELETE state, this is clearly incorrect. Other threads are excluded via the loader lock, but the current thread is not. Blocking signals until right before ELF constructors run is the safe thing to do. Change-Id: Iad079080ebe7442c13313ba11dc2797953faef35
* Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]Florian Weimer2019-11-279-38/+308
| | | | | | | | | | | | | This introduces a “pending NODELETE” state in the link map, which is flipped to the persistent NODELETE state late in dlopen, via activate_nodelete. During initial relocation, symbol binding records pending NODELETE state only. dlclose ignores pending NODELETE state. Taken together, this results that a partially completed dlopen is rolled back completely because new NODELETE mappings are unloaded. Tested on x86_64-linux-gnu and i386-linux-gnu. Change-Id: Ib2a3d86af6f92d75baca65431d74783ee0dbc292
* Avoid late dlopen failure due to scope, TLS slotinfo updates [BZ #25112]Florian Weimer2019-11-273-129/+249
| | | | | | | | | | | | | | | | | | | | | | | | This change splits the scope and TLS slotinfo updates in dlopen into two parts: one to resize the data structures, and one to actually apply the update. The call to add_to_global_resize in dl_open_worker is moved before the demarcation point at which no further memory allocations are allowed. _dl_add_to_slotinfo is adjusted to make the list update optional. There is some optimization possibility here because we could grow the slotinfo list of arrays in a single call, one the largest TLS modid is known. This commit does not fix the fatal meory allocation failure in _dl_update_slotinfo. Ideally, this error during dlopen should be recoverable. The update order of scopes and TLS data structures is retained, although it appears to be more correct to fully initialize TLS first, and then expose symbols in the newly loaded objects via the scope update. Tested on x86_64-linux-gnu. Change-Id: I240c58387dabda3ca1bcab48b02115175fa83d6c
* Avoid late failure in dlopen in global scope update [BZ #25112]Florian Weimer2019-11-271-48/+106
| | | | | | | | | | | | | | | | | | | | | | | | | | | The call to add_to_global in dl_open_worker happens after running ELF constructors for new objects. At this point, proper recovery from malloc failure would be quite complicated: We would have to run the ELF destructors and close all opened objects, something that we currently do not do. Instead, this change splits add_to_global into two phases, add_to_global_resize (which can raise an exception, called before ELF constructors run), and add_to_global_update (which cannot, called after ELF constructors). A complication arises due to recursive dlopen: After the inner dlopen consumes some space, the pre-allocation in the outer dlopen may no longer be sufficient. A new member in the namespace structure, _ns_global_scope_pending_adds keeps track of the maximum number of objects that need to be added to the global scope. This enables the inner add_to_global_resize call to take into account the needs of an outer dlopen. Most code in the dynamic linker assumes that the number of global scope entries fits into an unsigned int (matching the r_nlist member of struct r_scop_elem). Therefore, change the type of _ns_global_scope_alloc to unsigned int (from size_t), and add overflow checks. Change-Id: Ie08e2f318510d5a6a4bcb1c315f46791b5b77524
* Lazy binding failures during dlopen/dlclose must be fatal [BZ #24304]Florian Weimer2019-11-276-21/+210
| | | | | | | | | | | | | | | | | | | | | If a lazy binding failure happens during the execution of an ELF constructor or destructor, the dynamic loader catches the error and reports it using the dlerror mechanism. This is undesirable because there could be other constructors and destructors that need processing (which are skipped), and the process is in an inconsistent state at this point. Therefore, we have to issue a fatal dynamic loader error error and terminate the process. Note that the _dl_catch_exception in _dl_open is just an inner catch, to roll back some state locally. If called from dlopen, there is still an outer catch, which is why calling _dl_init via call_dl_init and a no-exception is required and cannot be avoiding by moving the _dl_init call directly into _dl_open. _dl_fini does not need changes because it does not install an error handler, so errors are already fatal there. Change-Id: I6b1addfe2e30f50a1781595f046f44173db9491a
* dlsym: Do not determine caller link map if not neededFlorian Weimer2019-11-271-4/+21
| | | | | | | | | | | | | | | | Obtaining the link map is potentially very slow because it requires iterating over all loaded objects in the current implementation. If the caller supplied an explicit handle (i.e., not one of the RTLD_* constants), the dlsym implementation does not need the identity of the caller (except in the special case of auditing), so this change avoids computing it in that case. Even in the minimal case (dlsym called from a main program linked with -dl), this shows a small speedup, perhaps around five percent. The performance improvement can be arbitrarily large in principle (if _dl_find_dso_for_object has to iterate over many link maps). Change-Id: Ide5d9e2cc7ac25a0ffae8fb4c26def0c898efa29
* Compile elf/rtld.c with -fno-tree-loop-distribute-patterns.Sandra Loosemore2019-11-261-0/+6
| | | | | | | | | | | | | | In GCC 10, the default at -O2 is now -ftree-loop-distribute-patterns. This optimization causes GCC to "helpfully" convert the hand-written loop in _dl_start into a call to memset, which is not available that early in program startup. Similar problems in other places in GLIBC have been addressed by explicitly building with -fno-tree-loop-distribute-patterns, but this one may have been overlooked previously because it only affects targets where HAVE_BUILTIN_MEMSET is not defined. This patch fixes a bug observed on nios2-linux-gnu target that caused all programs to segv on startup.
* Introduce DL_LOOKUP_FOR_RELOCATE flag for _dl_lookup_symbol_xFlorian Weimer2019-11-211-1/+2
| | | | | | | | | | This will allow changes in dependency processing during non-lazy binding, for more precise processing of NODELETE objects: During initial relocation in dlopen, the fate of NODELETE objects is still unclear, so objects which are depended upon by NODELETE objects cannot immediately be marked as NODELETE. Change-Id: Ic7b94a3f7c4719a00ca8e6018088567824da0658
* Enhance _dl_catch_exception to allow disabling exception handlingFlorian Weimer2019-11-161-0/+12
| | | | | | | | | | | | In some cases, it is necessary to introduce noexcept regions where raised dynamic loader exceptions (e.g., from lazy binding) are fatal, despite being nested in a code region with an active exception handler. This change enhances _dl_catch_exception with to provide such a capability. The existing function is reused, so that it is not necessary to introduce yet another function with a similar purpose. Change-Id: Iec1bf642ff95a349fdde8040e9baf851ac7b8904
* Introduce link_map_audit_state accessor functionFlorian Weimer2019-11-158-43/+70
| | | | | | | | | | | | To improve GCC 10 compatibility, it is necessary to remove the l_audit zero-length array from the end of struct link_map. In preparation of that, this commit introduces an accessor function for the audit state, so that it is possible to change the representation of the audit state without adjusting the code that accesses it. Tested on x86_64-linux-gnu. Built on i686-gnu. Change-Id: Id815673c29950fc011ae5301d7cde12624f658df
* Properly initialize audit cookie for the dynamic loader [BZ #25157]Florian Weimer2019-11-1513-9/+290
| | | | | | The l_audit array is indexed by audit module, not audit function. Change-Id: I180eb3573dc1c57433750f5d8cb18271460ba5f2
* Clarify purpose of assert in _dl_lookup_symbol_xFlorian Weimer2019-11-121-5/+3
| | | | | | | | | | Only one of the currently defined flags is incompatible with versioned symbol lookups, so it makes sense to check for that flag and not its complement. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Gabriel F. T. Gomes <gabrielftg@linux.ibm.com> Change-Id: I3384349cef90cfd91862ebc34a4053f0c0a99404
* elf: Use nocancel pread64() instead of lseek()+read()Leandro Pereira2019-10-181-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | Transforms this, when linking in a shared object: openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3"..., 832) = 832 lseek(3, 792, SEEK_SET) = 792 read(3, "\4\0\0\0\24\0\0\0"..., 68) = 68 fstat(3, {st_mode=S_IFREG|0755, st_size=6699224, ...}) = 0 lseek(3, 792, SEEK_SET) = 792 read(3, "\4\0\0\0\24\0\0\0"..., 68) = 68 lseek(3, 864, SEEK_SET) = 864 read(3, "\4\0\0\0\20\0\0\0"..., 32) = 32 Into this: openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3"..., 832) = 832 pread(3, "\4\0\0\0\24\0\0\0"..., 68, 792) = 68 fstat(3, {st_mode=S_IFREG|0755, st_size=6699224, ...}) = 0 pread(3, "\4\0\0\0\24\0\0\0"..., 68, 792) = 68 pread(3, "\4\0\0\0\20\0\0\0"..., 32, 864) = 32 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Rename and split elf/tst-dlopen-aout collection of testsFlorian Weimer2019-10-178-24/+177
| | | | | | | | | | | | | | | From the beginning, elf/tst-dlopen-aout has exercised two different bugs: (a) failure to report errors for a dlopen of the executable itself in some cases (bug 24900) and (b) incorrect rollback of the TLS modid allocation in case of a dlopen failure (bug 16634). This commit replaces the test with elf/tst-dlopen-self for (a) and elf/tst-dlopen-tlsmodid for (b). The latter tests use the elf/tst-dlopen-self binaries (or iconv) with dlopen, so they are no longer self-dlopen tests. Tested on x86_64-linux-gnu and i686-linux-gnu, with a toolchain that does not default to PIE.
* ldconfig: handle .dynstr located in separate segment (bug 25087)Andreas Schwab2019-10-161-13/+23
| | | | | | To determine the load offset of the DT_STRTAB section search for the segment containing it, instead of using the load offset of the first segment.
* ldd: Print "not a dynamic executable" on standard error [BZ #24150]Florian Weimer2019-10-151-1/+1
| | | | | | Tested with the testsuite on x86_64-linux-gnu, and manually. Reviewed-By: Richard W.M. Jones <rjones@redhat.com>
* Simplify note processingAndreas Schwab2019-10-101-14/+3
| | | | This removes dead code during note processing.
* elf: Assign TLS modid later during dlopen [BZ #24930]Florian Weimer2019-10-043-30/+48
| | | | | | | | | | | | | | Commit a42faf59d6d9f82e5293a9ebcc26d9c9e562b12b ("Fix BZ #16634.") attempted to fix a TLS modid consistency issue by adding additional checks to the open_verify function. However, this is fragile because open_verify cannot reliably predict whether _dl_map_object_from_fd will later fail in the more complex cases (such as memory allocation failures). Therefore, this commit assigns the TLS modid as late as possible. At that point, the link map pointer will eventually be passed to _dl_close, which will undo the TLS modid assignment. Reviewed-by: Gabriel F. T. Gomes <gabrielftg@linux.ibm.com>
* elf: Never use the file ID of the main executable [BZ #24900]Florian Weimer2019-10-041-21/+31
| | | | | | | | | | | | | | If the loader is invoked explicitly and loads the main executable, it stores the file ID of the main executable in l_file_id. This information is not available if the main excutable is loaded by the kernel, so this is another case where the two cases differ. This enhances commit 23d2e5faf0bca6d9b31bef4aa162b95ee64cbfc6 ("elf: Self-dlopen failure with explict loader invocation [BZ #24900]"). Reviewed-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Gabriel F. T. Gomes <gabrielftg@linux.ibm.com>
* Add UNSUPPORTED check in elf/tst-pldd.Stefan Liebler2019-09-181-19/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | The testcase forks a child process and runs pldd with PID of this child. On systems where /proc/sys/kernel/yama/ptrace_scope differs from zero, pldd will fail with /usr/bin/pldd: cannot attach to process 3: Operation not permitted This patch checks if ptrace_scope exists, is zero "classic ptrace permissions" or one "restricted ptrace". If ptrace_scope exists and has a higher restriction, then the test is marked as UNSUPPORTED. The case "restricted ptrace" is handled by rearranging the processes involved during the test. Now we have the following process tree: -parent: do_test (performs output checks) --subprocess 1: pldd_process (becomes pldd via execve) ---subprocess 2: target_process (ptraced via pldd) ChangeLog: * elf/tst-pldd.c (do_test): Add UNSUPPORTED check. Rearrange subprocesses. (pldd_process): New function. * support/Makefile (libsupport-routines): Add support_ptrace. * support/xptrace.h: New file. * support/support_ptrace.c: Likewise.
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-07167-168/+168
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* MIPS support for GNU hashMihailo Stojanovic2019-08-293-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a reimplementation of [1], which was submitted back in 2015. Copyright issue has been sorted [2] last year. It proposed a new section (.gnu.xhash) and related dynamic tag (GT_GNU_XHASH). The new section would be virtually identical to the existing .gnu.hash except for the translation table (xlat) which would contain correct MIPS .dynsym indexes corresponding to the hashvals in chains. This is because MIPS ABI imposes a different ordering of the dynsyms than the one expected by the .gnu.hash section. Another addition would be a leading word at the beggining of the section, which would contain the number of entries in the translation table. In this patch, the new section name and dynamic tag are changed to reflect the fact that the section should be treated as MIPS specific (.MIPS.xhash and DT_MIPS_XHASH). This patch addresses the alignment issue reported in [3] which is caused by the leading word of the .MIPS.xhash section. Leading word is now removed in the corresponding binutils patch, and the number of entries in the translation table is computed using DT_MIPS_SYMTABNO dynamic tag. Since the MIPS specific dl-lookup.c file was removed following the initial patch submission, I opted for the definition of three new macros in the generic ldsodefs.h. ELF_MACHINE_GNU_HASH_ADDRIDX defines the index of the dynamic tag in the l_info array. ELF_MACHINE_HASH_SYMIDX is used to calculate the index of a symbol in GNU hash. On MIPS, it is defined to look up the symbol index in the translation table. ELF_MACHINE_XHASH_SETUP is defined for MIPS only. It initializes the .MIPS.xhash pointer in the link_map_machine struct. The other major change is bumping the highest EI_ABIVERSION value for MIPS to suggest that the dynamic linker now supports GNU hash. The patch was tested by running the glibc testsuite for the three MIPS ABIs (o32, n32 and n64) and for x86_64-linux-gnu. [1] https://sourceware.org/ml/binutils/2015-10/msg00057.html [2] https://sourceware.org/ml/binutils/2018-03/msg00025.html [3] https://sourceware.org/ml/binutils/2016-01/msg00006.html * elf/dl-addr.c (determine_info): Calculate the symbol index using the newly defined ELF_MACHINE_HASH_SYMIDX macro. * elf/dl-lookup.c (do_lookup_x): Ditto. (_dl_setup_hash): Initialize MIPS xhash translation table. * elf/elf.h (SHT_MIPS_XHASH): New define. (DT_MIPS_XHASH): New define. * sysdeps/generic/ldsodefs.h (ELF_MACHINE_GNU_HASH_ADDRIDX): New define. (ELF_MACHINE_HASH_SYMIDX): Ditto. (ELF_MACHINE_XHASH_SETUP): Ditto. * sysdeps/mips/ldsodefs.h (ELF_MACHINE_GNU_HASH_ADDRIDX): New define. (ELF_MACHINE_HASH_SYMIDX): Ditto. (ELF_MACHINE_XHASH_SETUP): Ditto. * sysdeps/mips/linkmap.h (struct link_map_machine): New member. * sysdeps/unix/sysv/linux/mips/ldsodefs.h: Increment valid ABI version. * sysdeps/unix/sysv/linux/mips/libc-abis: New ABI version.
* elf: Self-dlopen failure with explict loader invocation [BZ #24900]Florian Weimer2019-08-154-25/+94
| | | | | | | | | | | | | | | | | | | | In case of an explicit loader invocation, ld.so essentially performs a dlopen call to load the main executable. Since the pathname of the executable is known at this point, it gets stored in the link map. In regular mode, the pathname is not known and "" is used instead. As a result, if a program calls dlopen on the pathname of the main program, the dlopen call succeeds and returns a handle for the main map. This results in an unnecessary difference between glibc testing (without --enable-hardcoded-path-in-tests) and production usage. This commit discards the names when building the link map in _dl_new_object for the main executable, but it still determines the origin at this point in case of an explict loader invocation. The reason is that the specified pathname has to be used; the kernel has a different notion of the main executable.
* elf: Support elf/tst-dlopen-aout in more configurationsFlorian Weimer2019-08-122-13/+14
| | | | | | | | | | | | dlopen can no longer open PIE binaries, so it is not necessary to link the executable as non-PIE to trigger a dlopen failure. If we hard-code the path to the real executable, we can run the test with and without hard-coded paths because the dlopen path will not be recognized as the main program in both cases. (With an explict loader invocation, the loader currently adds argv[0] to l_libname for the main map and the dlopen call suceeds as a result; it does not do that in standard mode.)
* Add glibc.malloc.mxfast tunableDJ Delorie2019-08-091-0/+5
| | | | | | | | | | | | * elf/dl-tunables.list: Add glibc.malloc.mxfast. * manual/tunables.texi: Document it. * malloc/malloc.c (do_set_mxfast): New. (__libc_mallopt): Call it. * malloc/arena.c: Add mxfast tunable. * malloc/tst-mxfast.c: New. * malloc/Makefile: Add it. Reviewed-by: Carlos O'Donell <carlos@redhat.com>