From patchwork Fri Feb 26 17:29:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Navin P X-Patchwork-Id: 42150 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 10E36397300F; Fri, 26 Feb 2021 17:30:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 10E36397300F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1614360602; bh=SWjWQWbOanUG7OB6Q+pxzEY8ADnlXbRpolRy3iHOBNI=; h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=ekYplEolcwAAZbg9HmwlEeQXIEtrU/pvq3c8P4n/AgSTchBfjeTcz4l2Lboenpc1o /2pYZt3IrRnw/4TRVaAnX2UoGkv98ShZ0v51j5p4DVMdUWOf1NqekuFkjN6qULVDzq l7+gmVOoowj6ZPwnmoaIfoXHGGbflG8/maRGzXcU= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by sourceware.org (Postfix) with ESMTPS id BE84A385781D for ; Fri, 26 Feb 2021 17:29:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org BE84A385781D Received: by mail-ej1-x62c.google.com with SMTP id jt13so16188546ejb.0 for ; Fri, 26 Feb 2021 09:29:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=rB9kgRi7Y+30xpTT71DyC4uql6Hbpb0l8e1rtGrMM/s=; b=l90I5PmLW9sltj4PaqcN7PeNH3N7HojauL0lnuv7I5Wdpwe4z0pdzTSlpuZ/6vsvuU sdiitVh0Q8/D69o+j53quue6Ilt/07lDoA9KY7I1seca38bYDEZ3N9486WEtkPVFg5Dl q5GLjk6icvTXn7G0L35BAHufPX2CNQYR/iZzde3x7bwpCmSC22dk9TRXDffGg74Eix6k O8GNxxzK09xp/kMyyoSQSJqWqGXwEGhU5DujhkfrxWoPb9TrYkcvehZxeQmn/Vnl9PW3 pvZjZCJGKnU2bh6kQAvZzmtKdfxJ3es8SOkplrUjbQRNlKPNRI8dGxZyz+jHrDqPQuGw +8bQ== X-Gm-Message-State: AOAM533fEnlnX/iZ63Y6o2BUzk9qULA1a0PfLjYAiWT1blQpzxCZKCy/ 85MnU1iBXVzru7/PPK4+EY9i+t25Mt1nXts95drw8V1n X-Google-Smtp-Source: ABdhPJy97ba6ZHJaaT3EF1SBVinyR/DfAoj/m0OTtXlmfSspmYDtyum4eoPxIjuEJiGYPQsBuWQ/jhelakC3wUy54kU= X-Received: by 2002:a17:906:5495:: with SMTP id r21mr4624154ejo.59.1614360597483; Fri, 26 Feb 2021 09:29:57 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Fri, 26 Feb 2021 22:59:50 +0530 Message-ID: Subject: DT_RUNPATH of executable not found when loader and dl_caller is libasan.so To: libc-alpha@sourceware.org X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, GIT_PATCH_0, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Navin P via Libc-alpha From: Navin P Reply-To: Navin P Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Hi, I sent this to libc-help which seems to the wrong group. My scenario is $HOME/package/ contains ./a.out and dso libplugin.so. Without address sanitizer(asan) libasan.so mode using gcc , if i run ./a.out from $HOME/package i'm able to find libplugin.so and it prints dlopen succeeded. Now if i go to the parent directy and cd .. . If i run ./package/a.out , it is able to find and prints dlopen succeeded . Everything is good until here. libplugin.so is an empty shared object without asan.. #include #include int main(){ void *handle=dlopen("libplugin.so",RTLD_NOW); if(handle!=NULL){ printf("dlopen succeeded\n"); } else { printf("dlopen failed\n"); } return 0; } Now i compile the example and .so with -fsanitize=address. Now in the case of running a.out from $HOME/package , it prints dlopen succeeded. Now if i do cd.. and run ./package/a.out from $HOME it fails and prints dlopen failed. This is because the loader is changed to libasan.so and this time the DT_RUNPATH is checked for RUNPATH of libasan. This works for RPATH because we check for all the list of loaders and we find the base loader whose rpath is $HOME/package. But in case of DT_RUNPATH we don't . I think an additional lookup needs to be performed after the old RUNPATH code in dl-load.c which looks up for GL(dl_ns)[LM_ID_BASE]._ns_loaded when fd==-1. I've tested this patch and it works fine for me. From d2cb9bba3de58af3516eb7099d0452e2ee6365d2 Mon Sep 17 00:00:00 2001 From: Navin P Date: Mon, 22 Feb 2021 15:02:00 +0530 Subject: [PATCH] If executables are compiled with asan, it should perform additional LM_ID_BASE D_RUNPATH also. --- elf/dl-load.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) realname = _dl_sysdep_open_object (name, namelen, &fd); diff --git a/elf/dl-load.c b/elf/dl-load.c index 9e2089cfaa..fe88c8c9ea 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -2161,6 +2161,34 @@ _dl_map_object (struct link_map *loader, const char *name, &loader->l_runpath_dirs, &realname, &fb, loader, LA_SER_RUNPATH, &found_other_class); + /* + * This is not transitive dependency.It it just an additional + * lookup into executable/dso runpath when loader is different + * from LM_ID_BASE loader. + * In usual cases like direct call to executable, then main_map + * is same as loader and no lookup is performed. + * In cases like libasan.so being the parent caller with dl_caller + * set to libasan.so which is called by GL(dls_ns)[LIM_ID_BASE], + * we need to additionally search the executable/dso link_map + * other than loader link_map which is performed above. + */ + struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded; + + /* Look at the RUNPATH information for this binary using main_map. + * This lookup is only done when the binary is in namespace 0. + * For nested namespaces from dlmopen LM_ID_NEWLM, we don't search + * in namespace 0 because it is detached from LM_ID_BASE. + * In that case lookup is done in the callers RUNPATH above. + */ + + if (fd == -1 && (nsid == LM_ID_BASE ) && main_map != NULL + && main_map != loader + && cache_rpath (main_map, &main_map->l_runpath_dirs, + DT_RUNPATH, "RUNPATH")) + fd = open_path (name, namelen, mode, + &main_map->l_runpath_dirs, &realname, &fb, main_map, + LA_SER_RUNPATH, &found_other_class); + if (fd == -1) {