From patchwork Fri Nov 29 08:26:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 102078 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 143C03858CD1 for ; Fri, 29 Nov 2024 08:27:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 143C03858CD1 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ii6eXtEs X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 656373858D20 for ; Fri, 29 Nov 2024 08:26:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 656373858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 656373858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732868782; cv=none; b=tre7fLqPxKeZ6889RZjzvMi391BRWhufdzzrd2pP/uVRUdvs35KJDdKTxwol3ZdxYx4J8O1J07Cqmj/pnWWA+51QPxyK0QA6RrdLe9FmAC9raS484eKc7kh0epjEndQFzgNwRKH42FvtVB1kHSixJrb+kkDG/Nc8fXYOxvww39w= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732868782; c=relaxed/simple; bh=2LQs9PA3HY4ElM3sx17E4msNvsFQSvQn0z6JCcKjR6M=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=m6p6v3DwvTXfzF3K+L4i8hnvfynNUfFXwHyKysMWIp/TF4PsEdaKnVyGdtd3NtBC78eyaQk3PwZ+r+3voWd3fBNbv6EfE5POvJ/52giuPMRoKzsf/ttYyZ/8HEzTwh/4B7ebd0r1EtVQjobdvrCygI/VYkN071SZkWPDE1qP0nU= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 656373858D20 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1732868782; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=t9zC6ZjYoF2GKWri1S/GtlaprUe3YNXpQ4koA3RBX2M=; b=Ii6eXtEsMaJ5vjmKGEvaD+XMD0NwOSMIiVdzAScKtPjl1bmifNrl4E0RBMdz271Oyyzjn7 r6DTOU3iyzaR1PwzA4z+Rlw8Z9U0kPYFOEPstfWJHQfI7gZhNxo60dyo8H5YsAwkTFE8Xh kQga+lJH8PpFCS6jOIIcE73PA2ivUTY= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-94-C5WldCA6OsijixR4aPE3HA-1; Fri, 29 Nov 2024 03:26:20 -0500 X-MC-Unique: C5WldCA6OsijixR4aPE3HA-1 X-Mimecast-MFC-AGG-ID: C5WldCA6OsijixR4aPE3HA Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id EE4D919560A3 for ; Fri, 29 Nov 2024 08:26:19 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.74]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1EC101955F41 for ; Fri, 29 Nov 2024 08:26:18 +0000 (UTC) From: Florian Weimer To: libc-alpha@sourceware.org Subject: [PATCH v2] elf: Test dlopen (NULL, RTLD_LAZY) from an ELF constructor Date: Fri, 29 Nov 2024 09:26:16 +0100 Message-ID: <87y112phsn.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 4SWXPzdQB7sXtO0z4v5Fnzlv3if_BHpxNvG0ZqU5wcI_1732868780 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This call must not complete initialization of all shared objects in the global scope because the ELF constructor which makes the call likely has not finished initialization. Calling more constructors at this point would expose those to a partially constructed dependency. This completes the revert of commit 9897ced8e78db5d813166a7ccccfd5a ("elf: Run constructors on cyclic recursive dlopen (bug 31986)"). --- v2: Rebase. elf/Makefile | 9 ++++++ elf/dl-open.c | 10 +++++++ elf/tst-dlopen-constructor-null-mod1.c | 55 ++++++++++++++++++++++++++++++++++ elf/tst-dlopen-constructor-null-mod2.c | 37 +++++++++++++++++++++++ elf/tst-dlopen-constructor-null.c | 38 +++++++++++++++++++++++ 5 files changed, 149 insertions(+) base-commit: 19a198f05802fcc05441c364ed75311ef3f6d663 diff --git a/elf/Makefile b/elf/Makefile index ba6b022a2f..33e6ec39c0 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -415,6 +415,7 @@ tests += \ tst-dlmopen3 \ tst-dlmopen4 \ tst-dlopen-auditdup \ + tst-dlopen-constructor-null \ tst-dlopen-self \ tst-dlopen-tlsmodid \ tst-dlopen-tlsreinit1 \ @@ -871,6 +872,8 @@ modules-names += \ tst-dlmopen1mod \ tst-dlopen-auditdup-auditmod \ tst-dlopen-auditdupmod \ + tst-dlopen-constructor-null-mod1 \ + tst-dlopen-constructor-null-mod2 \ tst-dlopen-tlsreinitmod1 \ tst-dlopen-tlsreinitmod2 \ tst-dlopen-tlsreinitmod3 \ @@ -3189,3 +3192,9 @@ tst-rtld-no-malloc-audit-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so # Any shared object should do. tst-rtld-no-malloc-preload-ENV = LD_PRELOAD=$(objpfx)tst-auditmod1.so + +$(objpfx)tst-dlopen-constructor-null: \ + $(objpfx)tst-dlopen-constructor-null-mod1.so \ + $(objpfx)tst-dlopen-constructor-null-mod2.so +$(objpfx)tst-dlopen-constructor-null-mod2.so: \ + $(objpfx)tst-dlopen-constructor-null-mod1.so diff --git a/elf/dl-open.c b/elf/dl-open.c index ba3c266e6a..8fdc631a1d 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -594,6 +594,16 @@ dl_open_worker_begin (void *a) if ((mode & RTLD_GLOBAL) && new->l_global == 0) add_to_global_update (new); + /* It is not possible to run the ELF constructor for the new + link map if it has not executed yet: If this dlopen call came + from an ELF constructor that has not put that object into a + consistent state, completing initialization for the entire + scope will expose objects that have this partially + constructed object among its dependencies to this + inconsistent state. This could happen even with a benign + dlopen (NULL, RTLD_LAZY) call from a constructor of an + initially loaded shared object. */ + return; } diff --git a/elf/tst-dlopen-constructor-null-mod1.c b/elf/tst-dlopen-constructor-null-mod1.c new file mode 100644 index 0000000000..70a7a0ad46 --- /dev/null +++ b/elf/tst-dlopen-constructor-null-mod1.c @@ -0,0 +1,55 @@ +/* Module calling dlopen (NULL, RTLD_LAZY) to obtain the global scope. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +int mod1_status; + +static void __attribute__ ((constructor)) +init (void) +{ + puts ("info: tst-dlopen-constructor-null-mod1.so constructor"); + + void *handle = dlopen (NULL, RTLD_LAZY); + if (handle == NULL) + { + printf ("error: %s\n", dlerror ()); + exit (1); + } + puts ("info: dlopen returned"); + if (dlsym (handle, "malloc") != malloc) + { + puts ("error: dlsym did not produce expected result"); + exit (1); + } + dlclose (handle); + + /* Check that the second module's constructor has not executed. */ + if (getenv ("mod2_status") != NULL) + { + printf ("error: mod2_status environment variable set: %s\n", + getenv ("mod2_status")); + exit (1); + } + + /* Communicate to the second module that the constructor executed. */ + mod1_status = 1; +} diff --git a/elf/tst-dlopen-constructor-null-mod2.c b/elf/tst-dlopen-constructor-null-mod2.c new file mode 100644 index 0000000000..d6e945beae --- /dev/null +++ b/elf/tst-dlopen-constructor-null-mod2.c @@ -0,0 +1,37 @@ +/* Module whose constructor should not be invoked by dlopen (NULL, RTLD_LAZY). + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include + +extern int mod1_status; +int mod2_status; + +static void __attribute__ ((constructor)) +init (void) +{ + printf ("info: tst-dlopen-constructor-null-mod2.so constructor" + " (mod1_status=%d)", mod1_status); + if (!(mod1_status == 1 && mod2_status == 0)) + { + puts ("error: mod1_status == 1 && mod2_status == 0 expected"); + exit (1); + } + setenv ("mod2_status", "constructed", 1); + mod2_status = 1; +} diff --git a/elf/tst-dlopen-constructor-null.c b/elf/tst-dlopen-constructor-null.c new file mode 100644 index 0000000000..58c4660c7d --- /dev/null +++ b/elf/tst-dlopen-constructor-null.c @@ -0,0 +1,38 @@ +/* Verify that dlopen (NULL, RTLD_LAZY) does not complete initialization. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test mimics what the glvndSetupPthreads function in libglvnd + does. */ + +#include +#include + +/* Defined an initialized in the shared objects. */ +extern int mod1_status; +extern int mod2_status; + +static int +do_test (void) +{ + TEST_COMPARE (mod1_status, 1); + TEST_COMPARE (mod2_status, 1); + TEST_COMPARE_STRING (getenv ("mod2_status"), "constructed"); + return 0; +} + +#include