From patchwork Fri Mar 21 22:39:13 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Pluzhnikov X-Patchwork-Id: 220 X-Patchwork-Delegate: siddhesh@gotplt.org Return-Path: X-Original-To: siddhesh@wilcox.dreamhost.com Delivered-To: siddhesh@wilcox.dreamhost.com Received: from homiemail-mx21.g.dreamhost.com (caibbdcaaahb.dreamhost.com [208.113.200.71]) by wilcox.dreamhost.com (Postfix) with ESMTP id 1AF48360169 for ; Fri, 21 Mar 2014 15:39:51 -0700 (PDT) Received: by homiemail-mx21.g.dreamhost.com (Postfix, from userid 14307373) id C6A45CA612F; Fri, 21 Mar 2014 15:39:50 -0700 (PDT) X-Original-To: glibc@patchwork.siddhesh.in Delivered-To: x14307373@homiemail-mx21.g.dreamhost.com Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by homiemail-mx21.g.dreamhost.com (Postfix) with ESMTPS id 8A93BCA612F for ; Fri, 21 Mar 2014 15:39:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; q=dns; s=default; b=FVZj w2p/GNB5yy3KH4ESScV15YYvIpKOnu3gjOveQvsOjT8z1iXUjieDgzPvKhSO13VI dctEhAQR4dDpALEyZJXpFhzRUdXMn1IZWH+ohNIT4N57m0czqzIoBdLLBYBNjyFj x65eBDvc9em8OKJePpp8jObJy5yrA5Nq3Vm8yrw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; s=default; bh=n4fPDAp7gT Gi2GTxhrrqUYn4CsA=; b=tdBCf3sVxLRTvEuwQIRM97DtCWs4mtXe91TxJj31Pl uB2eRxSg3666bprZ4wZQ9I6o42dkv6m51i3p9Cmkh5yi31qT+dK/evaNigF93A0n 4iK1QuZZSO+BM0RIIE7LvVwqHLPkRjNLjrYFkzsY403chYkWsv/WvdBAN6/kIVIG E= Received: (qmail 1888 invoked by alias); 21 Mar 2014 22:39:48 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 1872 invoked by uid 89); 21 Mar 2014 22:39:47 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_LOW, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mail-ob0-f180.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=+IsnAH6k1cOPnAHSxE2cGjCJyP/l6emnYEjaio1+crs=; b=ZIQAg8sOpe47KfuS+uoGQKddMqaCzhW4YkFZf2805XjbXqNspiSnmzGYY4z7awdWhp uKHDcT0k1VSw22MonbzPNoxd0SZgezrAIpkOV+6TW4vgDM6Ia//Gs/RCUZE4gX02QfDu nv2IaWr93g/niIJ0pKeXg8eyv982lcBSsbZTsOiYWnx5eCEqu1CgDPdmhdu7oz2hDxlr LH72sftkVkKtQuKpBD2huDMBQQaY1JQACh6HbXF+yr56YL47AH1LmePpDxv5nWG2MhMw 8ZODtwgez6Dcsq6Q0Kt/pQ0IReACQ9iM8w67uSuS9b07TjiGNgGsTh0OTLuTHd1Zv2ju CF5g== X-Gm-Message-State: ALoCoQmfoRxcmqDDCX6KrrwnbYzsKFEoa4quQuZbXXt+Eqz81SreGhJ3BJ0k8/XqH+lqijSf8MwEhetL56enBKwjPB/z/TEhLbSBT9u+ljToVKJLXU5ihHCwsR2ujupWBSpoycZQKVTTWzYYhnMBqFc8+AHPVyhP/eZSe9bPMEDI7W6Cc0XBlyciYKdrCVAfa1DQqRiVu5BWIe4FA7ltvZBFfmprYPh/OA== X-Received: by 10.60.102.37 with SMTP id fl5mr13593054oeb.65.1395441583989; Fri, 21 Mar 2014 15:39:43 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20140316105130.GJ1850@spoyarek.pnq.redhat.com> References: <20140316105130.GJ1850@spoyarek.pnq.redhat.com> From: Paul Pluzhnikov Date: Fri, 21 Mar 2014 15:39:13 -0700 Message-ID: Subject: Re: [patch] Fix BZ #16634 -- assert in ld.so when dlopen("a.out"...) is called repeatedly. To: Siddhesh Poyarekar Cc: libc-alpha@sourceware.org X-DH-Original-To: glibc@patchwork.siddhesh.in On Sun, Mar 16, 2014 at 3:51 AM, Siddhesh Poyarekar wrote: > On Fri, Mar 14, 2014 at 02:54:05PM -0700, Paul Pluzhnikov wrote: >> Greetings, >> >> Attached patch fixes BZ #16634 by moving sanity check for dlopen()ing >> a.out before we call _dl_next_tls_modid() for it. >> >> Tested on Linux/x86_64; no new failures. > > A more detailed description please, assuming that it's going to be > used for the commit log. I usually just use ChangeLog as commit log. Should I be using more verbose patch description instead? An application that erroneously tries to repeatedly dlopen("a.out", ...) hits assertion failure: Inconsistency detected by ld.so: dl-tls.c: 474: _dl_allocate_tls_init: Assertion `listp != ((void *)0)' failed! dlopen() actually fails with "./a.out: cannot dynamically load executable", but it does so after incrementing dl_tls_max_dtv_idx. Once we run out of TLS_SLOTINFO_SURPLUS (62), we crash. >> BZ #16634 > > In square brackets. Done. >> + /* For BZ #16634, return early. */ > > Likewise, please explain the condition instead of just quoting the bz > number. Done. >> - if (fd != -1 && __builtin_expect (secure, 0) >> + if (fd != -1 && __builtin_expect (mode & __RTLD_SECURE, 0) > > Use __glibc_unlikely. There are a lot of __builtin_expect()s in this file. I would prefer to convert them to __glibc_{un}likely in a separate pass. Thanks, diff --git a/elf/dl-load.c b/elf/dl-load.c index 8ebc128..9455df2 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1667,7 +1667,7 @@ print_search_path (struct r_search_path_elem **list, user might want to know about this. */ static int open_verify (const char *name, struct filebuf *fbp, struct link_map *loader, - int whatcode, bool *found_other_class, bool free_name) + int whatcode, int mode, bool *found_other_class, bool free_name) { /* This is the expected ELF header. */ #define ELF32_CLASS ELFCLASS32 @@ -1843,6 +1843,17 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader, errstring = N_("only ET_DYN and ET_EXEC can be loaded"); goto call_lose; } + else if (__glibc_unlikely (ehdr->e_type == ET_EXEC + && (mode & __RTLD_OPENEXEC) == 0)) + { + /* BZ #16634. It is an error to dlopen ET_EXEC (unless + __RTLD_OPENEXEC is explicitly set). We return error here + so that code in _dl_map_object_from_fd does not try to set + l_tls_modid for this module. */ + + errstring = N_("cannot dynamically load executable"); + goto call_lose; + } else if (__builtin_expect (ehdr->e_phentsize, sizeof (ElfW(Phdr))) != sizeof (ElfW(Phdr))) { @@ -1928,7 +1939,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader, if MAY_FREE_DIRS is true. */ static int -open_path (const char *name, size_t namelen, int secure, +open_path (const char *name, size_t namelen, int mode, struct r_search_path_struct *sps, char **realname, struct filebuf *fbp, struct link_map *loader, int whatcode, bool *found_other_class) @@ -1980,8 +1991,8 @@ open_path (const char *name, size_t namelen, int secure, if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) _dl_debug_printf (" trying file=%s\n", buf); - fd = open_verify (buf, fbp, loader, whatcode, found_other_class, - false); + fd = open_verify (buf, fbp, loader, whatcode, mode, + found_other_class, false); if (this_dir->status[cnt] == unknown) { if (fd != -1) @@ -2010,7 +2021,7 @@ open_path (const char *name, size_t namelen, int secure, /* Remember whether we found any existing directory. */ here_any |= this_dir->status[cnt] != nonexisting; - if (fd != -1 && __builtin_expect (secure, 0) + if (fd != -1 && __builtin_expect (mode & __RTLD_SECURE, 0) && INTUSE(__libc_enable_secure)) { /* This is an extra security effort to make sure nobody can @@ -2184,7 +2195,7 @@ _dl_map_object (struct link_map *loader, const char *name, for (l = loader; l; l = l->l_loader) if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH")) { - fd = open_path (name, namelen, mode & __RTLD_SECURE, + fd = open_path (name, namelen, mode, &l->l_rpath_dirs, &realname, &fb, loader, LA_SER_RUNPATH, &found_other_class); @@ -2200,7 +2211,7 @@ _dl_map_object (struct link_map *loader, const char *name, && main_map != NULL && main_map->l_type != lt_loaded && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH, "RPATH")) - fd = open_path (name, namelen, mode & __RTLD_SECURE, + fd = open_path (name, namelen, mode, &main_map->l_rpath_dirs, &realname, &fb, loader ?: main_map, LA_SER_RUNPATH, &found_other_class); @@ -2208,7 +2219,7 @@ _dl_map_object (struct link_map *loader, const char *name, /* Try the LD_LIBRARY_PATH environment variable. */ if (fd == -1 && env_path_list.dirs != (void *) -1) - fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list, + fd = open_path (name, namelen, mode, &env_path_list, &realname, &fb, loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded, LA_SER_LIBPATH, &found_other_class); @@ -2217,7 +2228,7 @@ _dl_map_object (struct link_map *loader, const char *name, if (fd == -1 && loader != NULL && cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH")) - fd = open_path (name, namelen, mode & __RTLD_SECURE, + fd = open_path (name, namelen, mode, &loader->l_runpath_dirs, &realname, &fb, loader, LA_SER_RUNPATH, &found_other_class); @@ -2267,7 +2278,8 @@ _dl_map_object (struct link_map *loader, const char *name, { fd = open_verify (cached, &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded, - LA_SER_CONFIG, &found_other_class, false); + LA_SER_CONFIG, mode, &found_other_class, + false); if (__glibc_likely (fd != -1)) { realname = local_strdup (cached); @@ -2287,7 +2299,7 @@ _dl_map_object (struct link_map *loader, const char *name, && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1)) && rtld_search_dirs.dirs != (void *) -1) - fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs, + fd = open_path (name, namelen, mode, &rtld_search_dirs, &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); /* Add another newline when we are tracing the library loading. */ @@ -2305,7 +2317,7 @@ _dl_map_object (struct link_map *loader, const char *name, else { fd = open_verify (realname, &fb, - loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, + loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode, &found_other_class, true); if (__builtin_expect (fd, 0) == -1) free (realname);