[v3,19/37] dlfcn: Failures after dlmopen should not terminate process [BZ #24772]
Commit Message
Commit 9e78f6f6e7134a5f299cc8de77370218f8019237 ("Implement
_dl_catch_error, _dl_signal_error in libc.so [BZ #16628]") has the
side effect that distinct namespaces, as created by dlmopen, now have
separate implementations of the rtld exception mechanism. This means
that the call to _dl_catch_error from libdl in a secondary namespace
does not actually install an exception handler because the
thread-local variable catch_hook in the libc.so copy in the secondary
namespace is distinct from that of the base namepace. As a result, a
dlsym/dlopen/… failure in a secondary namespace terminates the process
with a dynamic linker error because it looks to the exception handler
mechanism as if no handler has been installed.
This commit restores GLRO (dl_catch_error) and uses it to set the
handler in the base namespace.
---
dlfcn/dlerror.c | 6 +++--
elf/Makefile | 8 ++++++-
elf/dl-error-skeleton.c | 12 ++++++++++
elf/rtld.c | 1 +
elf/tst-dlmopen-dlerror-mod.c | 41 +++++++++++++++++++++++++++++++++++
elf/tst-dlmopen-dlerror.c | 37 +++++++++++++++++++++++++++++++
sysdeps/generic/ldsodefs.h | 9 ++++++++
7 files changed, 111 insertions(+), 3 deletions(-)
create mode 100644 elf/tst-dlmopen-dlerror-mod.c
create mode 100644 elf/tst-dlmopen-dlerror.c
Comments
On 16/03/2021 14:30, Florian Weimer via Libc-alpha wrote:
> Commit 9e78f6f6e7134a5f299cc8de77370218f8019237 ("Implement
> _dl_catch_error, _dl_signal_error in libc.so [BZ #16628]") has the
> side effect that distinct namespaces, as created by dlmopen, now have
> separate implementations of the rtld exception mechanism. This means
> that the call to _dl_catch_error from libdl in a secondary namespace
> does not actually install an exception handler because the
> thread-local variable catch_hook in the libc.so copy in the secondary
> namespace is distinct from that of the base namepace. As a result, a
> dlsym/dlopen/… failure in a secondary namespace terminates the process
> with a dynamic linker error because it looks to the exception handler
> mechanism as if no handler has been installed.
>
> This commit restores GLRO (dl_catch_error) and uses it to set the
> handler in the base namespace.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> dlfcn/dlerror.c | 6 +++--
> elf/Makefile | 8 ++++++-
> elf/dl-error-skeleton.c | 12 ++++++++++
> elf/rtld.c | 1 +
> elf/tst-dlmopen-dlerror-mod.c | 41 +++++++++++++++++++++++++++++++++++
> elf/tst-dlmopen-dlerror.c | 37 +++++++++++++++++++++++++++++++
> sysdeps/generic/ldsodefs.h | 9 ++++++++
> 7 files changed, 111 insertions(+), 3 deletions(-)
> create mode 100644 elf/tst-dlmopen-dlerror-mod.c
> create mode 100644 elf/tst-dlmopen-dlerror.c
>
> diff --git a/dlfcn/dlerror.c b/dlfcn/dlerror.c
> index 48b4c25bea..947b7c10c6 100644
> --- a/dlfcn/dlerror.c
> +++ b/dlfcn/dlerror.c
> @@ -167,8 +167,10 @@ _dlerror_run (void (*operate) (void *), void *args)
> result->errstring = NULL;
> }
>
> - result->errcode = _dl_catch_error (&result->objname, &result->errstring,
> - &result->malloced, operate, args);
> + result->errcode = GLRO (dl_catch_error) (&result->objname,
> + &result->errstring,
> + &result->malloced,
> + operate, args);
>
> /* If no error we mark that no error string is available. */
> result->returned = result->errstring == NULL;
Ok.
> diff --git a/elf/Makefile b/elf/Makefile
> index 936d4cf276..deb76aed99 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -222,7 +222,8 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
> tst-audit14 tst-audit15 tst-audit16 \
> tst-single_threaded tst-single_threaded-pthread \
> tst-tls-ie tst-tls-ie-dlmopen argv0test \
> - tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask
> + tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
> + tst-dlmopen-dlerror
> # reldep9
> tests-internal += loadtest unload unload2 circleload1 \
> neededtest neededtest2 neededtest3 neededtest4 \
> @@ -344,6 +345,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
> libmarkermod2-1 libmarkermod2-2 \
> libmarkermod3-1 libmarkermod3-2 libmarkermod3-3 \
> libmarkermod4-1 libmarkermod4-2 libmarkermod4-3 libmarkermod4-4 \
> + tst-ldconfig-ld-mod tst-dlmopen-dlerror-mod \
>
> # Most modules build with _ISOMAC defined, but those filtered out
> # depend on internal headers.
> @@ -1580,6 +1582,10 @@ $(objpfx)tst-sonamemove-dlopen.out: \
> $(objpfx)tst-sonamemove-runmod1.so \
> $(objpfx)tst-sonamemove-runmod2.so
>
> +$(objpfx)tst-dlmopen-dlerror: $(libdl)
> +$(objpfx)tst-dlmopen-dlerror-mod.so: $(libdl) $(libsupport)
> +$(objpfx)tst-dlmopen-dlerror.out: $(objpfx)tst-dlmopen-dlerror-mod.so
> +
> # Override -z defs, so that we can reference an undefined symbol.
> # Force lazy binding for the same reason.
> LDFLAGS-tst-latepthreadmod.so = \
Ok.
> diff --git a/elf/dl-error-skeleton.c b/elf/dl-error-skeleton.c
> index 2fd62777cf..b699936c6e 100644
> --- a/elf/dl-error-skeleton.c
> +++ b/elf/dl-error-skeleton.c
> @@ -248,4 +248,16 @@ _dl_receive_error (receiver_fct fct, void (*operate) (void *), void *args)
> catch_hook = old_catch;
> receiver = old_receiver;
> }
> +
> +/* Forwarder used for initializing GLRO (_dl_catch_error). */
> +int
> +_rtld_catch_error (const char **objname, const char **errstring,
> + bool *mallocedp, void (*operate) (void *),
> + void *args)
> +{
> + /* The reference to _dl_catch_error will eventually be relocated to
> + point to the implementation in libc.so. */
> + return _dl_catch_error (objname, errstring, mallocedp, operate, args);
> +}
> +
> #endif /* DL_ERROR_BOOTSTRAP */
Ok, but why change the usual prepend string to 'rtld'?
> diff --git a/elf/rtld.c b/elf/rtld.c
> index 94a00e2049..fd02438936 100644
> --- a/elf/rtld.c
> +++ b/elf/rtld.c
> @@ -368,6 +368,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
> ._dl_lookup_symbol_x = _dl_lookup_symbol_x,
> ._dl_open = _dl_open,
> ._dl_close = _dl_close,
> + ._dl_catch_error = _rtld_catch_error,
> ._dl_tls_get_addr_soft = _dl_tls_get_addr_soft,
> #ifdef HAVE_DL_DISCOVER_OSVERSION
> ._dl_discover_osversion = _dl_discover_osversion
Ok.
> diff --git a/elf/tst-dlmopen-dlerror-mod.c b/elf/tst-dlmopen-dlerror-mod.c
> new file mode 100644
> index 0000000000..dcb94320b4
> --- /dev/null
> +++ b/elf/tst-dlmopen-dlerror-mod.c
> @@ -0,0 +1,41 @@
> +/* Check that dlfcn errors are reported properly after dlmopen. Test module.
> + Copyright (C) 2019 Free Software Foundation, Inc.
s/2019/2021.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <http://www.gnu.org/licenses/>. */
> +
> +#include <dlfcn.h>
> +#include <stddef.h>
> +#include <support/check.h>
> +
> +/* Note: This object is not linked into the main program, so we cannot
> + use delayed test failure reporting via TEST_VERIFY etc., and have
> + to use FAIL_EXIT1 (or something else that calls exit). */
> +
> +void
> +call_dlsym (void)
> +{
> + void *ptr = dlsym (NULL, "does not exist");
> + if (ptr != NULL)
> + FAIL_EXIT1 ("dlsym did not fail as expected");
> +}
> +
> +void
> +call_dlopen (void)
> +{
> + void *handle = dlopen ("tst-dlmopen-dlerror does not exist", RTLD_NOW);
> + if (handle != NULL)
> + FAIL_EXIT1 ("dlopen did not fail as expected");
> +}
Ok.
> diff --git a/elf/tst-dlmopen-dlerror.c b/elf/tst-dlmopen-dlerror.c
> new file mode 100644
> index 0000000000..65638f7f38
> --- /dev/null
> +++ b/elf/tst-dlmopen-dlerror.c
> @@ -0,0 +1,37 @@
> +/* Check that dlfcn errors are reported properly after dlmopen.
> + Copyright (C) 2019 Free Software Foundation, Inc.
s/2019/2021.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <http://www.gnu.org/licenses/>. */
> +
> +#include <stddef.h>
> +#include <support/check.h>
> +#include <support/xdlfcn.h>
> +
> +static int
> +do_test (void)
> +{
> + void *handle = xdlmopen (LM_ID_NEWLM, "tst-dlmopen-dlerror-mod.so",
> + RTLD_NOW);
> + void (*call_dlsym) (void) = xdlsym (handle, "call_dlsym");
> + void (*call_dlopen) (void) = xdlsym (handle, "call_dlopen");
> +
> + call_dlsym ();
> + call_dlopen ();
> +
> + return 0;
> +}
> +
> +#include <support/test-driver.c>
Ok.
> diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
> index ea3f7a69d0..b207f229c3 100644
> --- a/sysdeps/generic/ldsodefs.h
> +++ b/sysdeps/generic/ldsodefs.h
> @@ -662,6 +662,12 @@ struct rtld_global_ro
> void *(*_dl_open) (const char *file, int mode, const void *caller_dlopen,
> Lmid_t nsid, int argc, char *argv[], char *env[]);
> void (*_dl_close) (void *map);
> + /* libdl in a secondary namespace (after dlopen) must use
> + _dl_catch_error from the main namespace, so it has to be
> + exported in some way. */
> + int (*_dl_catch_error) (const char **objname, const char **errstring,
> + bool *mallocedp, void (*operate) (void *),
> + void *args);
> void *(*_dl_tls_get_addr_soft) (struct link_map *);
> #ifdef HAVE_DL_DISCOVER_OSVERSION
> int (*_dl_discover_osversion) (void);
> @@ -900,6 +906,9 @@ extern int _dl_catch_error (const char **objname, const char **errstring,
> void *args);
> libc_hidden_proto (_dl_catch_error)
>
> +/* Used for initializing GLRO (_dl_catch_error). */
> +extern __typeof__ (_dl_catch_error) _rtld_catch_error attribute_hidden;
> +
> /* Call OPERATE (ARGS). If no error occurs, set *EXCEPTION to zero.
> Otherwise, store a copy of the raised exception in *EXCEPTION,
> which has to be freed by _dl_exception_free. As a special case, if
>
Ok.
* Adhemerval Zanella:
>> diff --git a/elf/dl-error-skeleton.c b/elf/dl-error-skeleton.c
>> index 2fd62777cf..b699936c6e 100644
>> --- a/elf/dl-error-skeleton.c
>> +++ b/elf/dl-error-skeleton.c
>> @@ -248,4 +248,16 @@ _dl_receive_error (receiver_fct fct, void (*operate) (void *), void *args)
>> catch_hook = old_catch;
>> receiver = old_receiver;
>> }
>> +
>> +/* Forwarder used for initializing GLRO (_dl_catch_error). */
>> +int
>> +_rtld_catch_error (const char **objname, const char **errstring,
>> + bool *mallocedp, void (*operate) (void *),
>> + void *args)
>> +{
>> + /* The reference to _dl_catch_error will eventually be relocated to
>> + point to the implementation in libc.so. */
>> + return _dl_catch_error (objname, errstring, mallocedp, operate, args);
>> +}
>> +
>> #endif /* DL_ERROR_BOOTSTRAP */
>
> Ok, but why change the usual prepend string to 'rtld'?
_dl_catch_error is already taken.
Thanks,
Florian
@@ -167,8 +167,10 @@ _dlerror_run (void (*operate) (void *), void *args)
result->errstring = NULL;
}
- result->errcode = _dl_catch_error (&result->objname, &result->errstring,
- &result->malloced, operate, args);
+ result->errcode = GLRO (dl_catch_error) (&result->objname,
+ &result->errstring,
+ &result->malloced,
+ operate, args);
/* If no error we mark that no error string is available. */
result->returned = result->errstring == NULL;
@@ -222,7 +222,8 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
tst-audit14 tst-audit15 tst-audit16 \
tst-single_threaded tst-single_threaded-pthread \
tst-tls-ie tst-tls-ie-dlmopen argv0test \
- tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask
+ tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
+ tst-dlmopen-dlerror
# reldep9
tests-internal += loadtest unload unload2 circleload1 \
neededtest neededtest2 neededtest3 neededtest4 \
@@ -344,6 +345,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
libmarkermod2-1 libmarkermod2-2 \
libmarkermod3-1 libmarkermod3-2 libmarkermod3-3 \
libmarkermod4-1 libmarkermod4-2 libmarkermod4-3 libmarkermod4-4 \
+ tst-ldconfig-ld-mod tst-dlmopen-dlerror-mod \
# Most modules build with _ISOMAC defined, but those filtered out
# depend on internal headers.
@@ -1580,6 +1582,10 @@ $(objpfx)tst-sonamemove-dlopen.out: \
$(objpfx)tst-sonamemove-runmod1.so \
$(objpfx)tst-sonamemove-runmod2.so
+$(objpfx)tst-dlmopen-dlerror: $(libdl)
+$(objpfx)tst-dlmopen-dlerror-mod.so: $(libdl) $(libsupport)
+$(objpfx)tst-dlmopen-dlerror.out: $(objpfx)tst-dlmopen-dlerror-mod.so
+
# Override -z defs, so that we can reference an undefined symbol.
# Force lazy binding for the same reason.
LDFLAGS-tst-latepthreadmod.so = \
@@ -248,4 +248,16 @@ _dl_receive_error (receiver_fct fct, void (*operate) (void *), void *args)
catch_hook = old_catch;
receiver = old_receiver;
}
+
+/* Forwarder used for initializing GLRO (_dl_catch_error). */
+int
+_rtld_catch_error (const char **objname, const char **errstring,
+ bool *mallocedp, void (*operate) (void *),
+ void *args)
+{
+ /* The reference to _dl_catch_error will eventually be relocated to
+ point to the implementation in libc.so. */
+ return _dl_catch_error (objname, errstring, mallocedp, operate, args);
+}
+
#endif /* DL_ERROR_BOOTSTRAP */
@@ -368,6 +368,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
._dl_lookup_symbol_x = _dl_lookup_symbol_x,
._dl_open = _dl_open,
._dl_close = _dl_close,
+ ._dl_catch_error = _rtld_catch_error,
._dl_tls_get_addr_soft = _dl_tls_get_addr_soft,
#ifdef HAVE_DL_DISCOVER_OSVERSION
._dl_discover_osversion = _dl_discover_osversion
new file mode 100644
@@ -0,0 +1,41 @@
+/* Check that dlfcn errors are reported properly after dlmopen. Test module.
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <dlfcn.h>
+#include <stddef.h>
+#include <support/check.h>
+
+/* Note: This object is not linked into the main program, so we cannot
+ use delayed test failure reporting via TEST_VERIFY etc., and have
+ to use FAIL_EXIT1 (or something else that calls exit). */
+
+void
+call_dlsym (void)
+{
+ void *ptr = dlsym (NULL, "does not exist");
+ if (ptr != NULL)
+ FAIL_EXIT1 ("dlsym did not fail as expected");
+}
+
+void
+call_dlopen (void)
+{
+ void *handle = dlopen ("tst-dlmopen-dlerror does not exist", RTLD_NOW);
+ if (handle != NULL)
+ FAIL_EXIT1 ("dlopen did not fail as expected");
+}
new file mode 100644
@@ -0,0 +1,37 @@
+/* Check that dlfcn errors are reported properly after dlmopen.
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <stddef.h>
+#include <support/check.h>
+#include <support/xdlfcn.h>
+
+static int
+do_test (void)
+{
+ void *handle = xdlmopen (LM_ID_NEWLM, "tst-dlmopen-dlerror-mod.so",
+ RTLD_NOW);
+ void (*call_dlsym) (void) = xdlsym (handle, "call_dlsym");
+ void (*call_dlopen) (void) = xdlsym (handle, "call_dlopen");
+
+ call_dlsym ();
+ call_dlopen ();
+
+ return 0;
+}
+
+#include <support/test-driver.c>
@@ -662,6 +662,12 @@ struct rtld_global_ro
void *(*_dl_open) (const char *file, int mode, const void *caller_dlopen,
Lmid_t nsid, int argc, char *argv[], char *env[]);
void (*_dl_close) (void *map);
+ /* libdl in a secondary namespace (after dlopen) must use
+ _dl_catch_error from the main namespace, so it has to be
+ exported in some way. */
+ int (*_dl_catch_error) (const char **objname, const char **errstring,
+ bool *mallocedp, void (*operate) (void *),
+ void *args);
void *(*_dl_tls_get_addr_soft) (struct link_map *);
#ifdef HAVE_DL_DISCOVER_OSVERSION
int (*_dl_discover_osversion) (void);
@@ -900,6 +906,9 @@ extern int _dl_catch_error (const char **objname, const char **errstring,
void *args);
libc_hidden_proto (_dl_catch_error)
+/* Used for initializing GLRO (_dl_catch_error). */
+extern __typeof__ (_dl_catch_error) _rtld_catch_error attribute_hidden;
+
/* Call OPERATE (ARGS). If no error occurs, set *EXCEPTION to zero.
Otherwise, store a copy of the raised exception in *EXCEPTION,
which has to be freed by _dl_exception_free. As a special case, if