elf: Include libc.so.6 as main program in dependency sort (bug 20972)
Commit Message
_dl_map_object_deps always sorts the initially loaded object first
during dependency sorting. This means it is relocated last in
dl_open_worker. This results in crashes in IFUNC resolvers without
lazy bindings if libraries are preloaded that refer to IFUNCs in
libc.so.6: the resolvers are called when libc.so.6 has not been
relocated yet, so references to _rtld_global_ro etc. crash.
The fix is to check against the libc.so.6 link map recorded by the
__libc_early_init framework, and let it participate in the dependency
sort.
This fixes bug 20972.
---
elf/Makefile | 2 +-
elf/dl-deps.c | 7 ++++++-
elf/tst-preload-pthread-libc.c | 36 ++++++++++++++++++++++++++++++++++++
3 files changed, 43 insertions(+), 2 deletions(-)
Comments
On 12/11/20 11:52 AM, Florian Weimer via Libc-alpha wrote:
> _dl_map_object_deps always sorts the initially loaded object first
> during dependency sorting. This means it is relocated last in
> dl_open_worker. This results in crashes in IFUNC resolvers without
> lazy bindings if libraries are preloaded that refer to IFUNCs in
> libc.so.6: the resolvers are called when libc.so.6 has not been
> relocated yet, so references to _rtld_global_ro etc. crash.
Correct.
> The fix is to check against the libc.so.6 link map recorded by the
> __libc_early_init framework, and let it participate in the dependency
> sort.
Agreed, because it isn't like a normal binary.
> This fixes bug 20972.
LGTM.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> ---
> elf/Makefile | 2 +-
> elf/dl-deps.c | 7 ++++++-
> elf/tst-preload-pthread-libc.c | 36 ++++++++++++++++++++++++++++++++++++
> 3 files changed, 43 insertions(+), 2 deletions(-)
>
> diff --git a/elf/Makefile b/elf/Makefile
> index 66ffbdd8dc..0b4d78c874 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -229,7 +229,7 @@ tests-internal += loadtest unload unload2 circleload1 \
> tst-ptrguard1 tst-stackguard1 tst-libc_dlvsym \
> tst-create_format1 tst-tls-surplus tst-dl-hwcaps_split
> tests-container += tst-pldd tst-dlopen-tlsmodid-container \
> - tst-dlopen-self-container
> + tst-dlopen-self-container tst-preload-pthread-libc
OK. New test.
> test-srcs = tst-pathopt
> selinux-enabled := $(shell cat /selinux/enforce 2> /dev/null)
> ifneq ($(selinux-enabled),1)
> diff --git a/elf/dl-deps.c b/elf/dl-deps.c
> index b5a43232a7..7a8d8ce988 100644
> --- a/elf/dl-deps.c
> +++ b/elf/dl-deps.c
> @@ -611,7 +611,12 @@ Filters not supported with LD_TRACE_PRELINKING"));
> memcpy (l_initfini, map->l_searchlist.r_list,
> nlist * sizeof (struct link_map *));
>
> - _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false);
> + /* If libc.so.6 is the main map, it participates in the sort, so
> + that the relocation order is correct regarding libc.so.6. */
> + if (l_initfini[0] == GL (dl_ns)[l_initfini[0]->l_ns].libc_map)
OK, "If the first map is the same as libc's map then include it in the list"
> + _dl_sort_maps (l_initfini, nlist, NULL, false);
> + else
> + _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false);
OK, "Otherwise don't because executable should override libc."
>
> /* Terminate the list of dependencies. */
> l_initfini[nlist] = NULL;
> diff --git a/elf/tst-preload-pthread-libc.c b/elf/tst-preload-pthread-libc.c
> new file mode 100644
> index 0000000000..48cb512a93
> --- /dev/null
> +++ b/elf/tst-preload-pthread-libc.c
> @@ -0,0 +1,36 @@
> +/* Test relocation ordering if the main executable is libc.so.6 (bug 20972).
> + Copyright (C) 2020 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +#include <gnu/lib-names.h>
> +#include <stdio.h>
> +#include <support/support.h>
> +#include <unistd.h>
> +
> +int
> +main (void)
> +{
> + char *libc = xasprintf ("%s/%s", support_slibdir_prefix, LIBC_SO);
> + char *argv[] = { libc, NULL };
> + char *envp[] = { (char *) "LD_PRELOAD=" LIBPTHREAD_SO,
> + /* Relocation ordering matters most without lazy binding. */
> + (char *) "LD_BIND_NOW=1",
> + NULL };
> + execve (libc, argv, envp);
OK, must be able to run libc.so.6 and exit without error.
> + printf ("execve of %s failed: %m\n", libc);
> + return 1;
> +}
>
@@ -229,7 +229,7 @@ tests-internal += loadtest unload unload2 circleload1 \
tst-ptrguard1 tst-stackguard1 tst-libc_dlvsym \
tst-create_format1 tst-tls-surplus tst-dl-hwcaps_split
tests-container += tst-pldd tst-dlopen-tlsmodid-container \
- tst-dlopen-self-container
+ tst-dlopen-self-container tst-preload-pthread-libc
test-srcs = tst-pathopt
selinux-enabled := $(shell cat /selinux/enforce 2> /dev/null)
ifneq ($(selinux-enabled),1)
@@ -611,7 +611,12 @@ Filters not supported with LD_TRACE_PRELINKING"));
memcpy (l_initfini, map->l_searchlist.r_list,
nlist * sizeof (struct link_map *));
- _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false);
+ /* If libc.so.6 is the main map, it participates in the sort, so
+ that the relocation order is correct regarding libc.so.6. */
+ if (l_initfini[0] == GL (dl_ns)[l_initfini[0]->l_ns].libc_map)
+ _dl_sort_maps (l_initfini, nlist, NULL, false);
+ else
+ _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false);
/* Terminate the list of dependencies. */
l_initfini[nlist] = NULL;
new file mode 100644
@@ -0,0 +1,36 @@
+/* Test relocation ordering if the main executable is libc.so.6 (bug 20972).
+ Copyright (C) 2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <gnu/lib-names.h>
+#include <stdio.h>
+#include <support/support.h>
+#include <unistd.h>
+
+int
+main (void)
+{
+ char *libc = xasprintf ("%s/%s", support_slibdir_prefix, LIBC_SO);
+ char *argv[] = { libc, NULL };
+ char *envp[] = { (char *) "LD_PRELOAD=" LIBPTHREAD_SO,
+ /* Relocation ordering matters most without lazy binding. */
+ (char *) "LD_BIND_NOW=1",
+ NULL };
+ execve (libc, argv, envp);
+ printf ("execve of %s failed: %m\n", libc);
+ return 1;
+}