| Message ID | ME3P282MB39685DC6FC209A91F072BA3CD3719@ME3P282MB3968.AUSP282.PROD.OUTLOOK.COM |
|---|---|
| State | Changes Requested |
| Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0800C385843E for <patchwork@sourceware.org>; Mon, 8 May 2023 15:47:35 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0800C385843E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1683560855; bh=kNm+KhekTCIsIFe2H0Eo0h/YOYp413hgarYgmB3xy6E=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=MLg03qPsI71T5TrLI07XJgSeBwpTuB3HGL4aTkx/IwMNrufHxkMQjTLzGlJuvQfUp kKa+V8ZM9CtMHeYnI0tsQ0wu3FHs497/uTk7YfZWladzauDY7tefhtWEcOJzmA3+ya uagUXC28TS6G7KeSz2+AayUevaB7/qq5qzBCt8qw= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01olkn2147.outbound.protection.outlook.com [40.92.63.147]) by sourceware.org (Postfix) with ESMTPS id D296E3857713 for <libc-alpha@sourceware.org>; Mon, 8 May 2023 15:47:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D296E3857713 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fk3JICZKt0iAXO76iwSsG13weV3oMehH/f2SB1ujbGP3yz6wENyXxZd0SVzXq+Q/2IYyP0Nif46hZIDoKPt5OCRv/cd5LFdu8WX+Ixma/CHK7RmTcKYdbGxru/V+GNGWS3oKmPYK+zOwajeW5Nd99cCdOx7oP/3+KcnGIMV8PXhnAqFlnRaptyu74H8rx0/493FMvLIRqMCEeEkJt9Ir3u6fZg6rcX1WZyQ6v50GA3a5oIztPznmZaI+kKKVYsXMmmmkBlR7HtLifcrbfRpopAQH78dOwFxBXLPvPlv4Xt8fnrhpNwoS/JAjoGTLZRPCt5719q33MSh+Lbz+1nW+7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kNm+KhekTCIsIFe2H0Eo0h/YOYp413hgarYgmB3xy6E=; b=NKj1QjrOhgUoulLfjBn2JkgpKgkCacUMXYdByi3277UAbLahHHsk2Vs51fwpFfbjfNrCqb+YbkLA8u2TCB/KsYnsYDxBJoYlyfPG+UCErOvEMETnohLLoPb9Bnbwd0mwjYv3sSwBYg69tTn7TJGe/Dg4RPesQBZn663yeCy2DrtjyIs+mRAl1G9LOvPUqgwXT54Rb4ZU7WNh47/fvSOtQppBu/tADG7blEyQQtikhlKyajBOKZHfi0pWjlT9yVss4VuzNuR9i2mFB0NIP34rGzXxMFQMo50s9LK+mQLm6wKqrBmM8Rl3EXsA1HD4dW+177JQqkGCBq4Qoks/E455SQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from ME3P282MB3968.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:1b0::8) by ME4P282MB0856.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Mon, 8 May 2023 15:47:07 +0000 Received: from ME3P282MB3968.AUSP282.PROD.OUTLOOK.COM ([fe80::d866:e9aa:78d8:ac82]) by ME3P282MB3968.AUSP282.PROD.OUTLOOK.COM ([fe80::d866:e9aa:78d8:ac82%6]) with mapi id 15.20.6363.033; Mon, 8 May 2023 15:47:07 +0000 To: libc-alpha@sourceware.org Cc: Moody Liu <mooodyhunter@outlook.com>, Qixing ksyx Xue <qixingxue@outlook.com> Subject: [PATCH] elf: Fix marking root dir as nonexist in open_path Date: Mon, 8 May 2023 16:45:57 +0100 Message-ID: <ME3P282MB39685DC6FC209A91F072BA3CD3719@ME3P282MB3968.AUSP282.PROD.OUTLOOK.COM> X-Mailer: git-send-email 2.40.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-TMN: [CBId+c2JTtcMsCpVoifmrsh4tRueTCRI] X-ClientProxiedBy: LO4P123CA0330.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18c::11) To ME3P282MB3968.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:1b0::8) X-Microsoft-Original-Message-ID: <20230508154557.40101-1-mooodyhunter@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: ME3P282MB3968:EE_|ME4P282MB0856:EE_ X-MS-Office365-Filtering-Correlation-Id: e3c90bc9-e943-4232-98d4-08db4fdb7a8c X-MS-Exchange-SLBlob-MailProps: 0wLWl8rLpvsWCTx8znU09AXVprV1jBP1tBTMR3362x1QFarURL6ysdk7a6Z91hCfON8Z4CJ8Kau2qqMYdmtsasRDZ/0FcLU9P4ig7W6J2Y4dTSaMZz5G/68bB+KVfrzlCY4wq+RaiezpLcPLGbEZNJgJwhuZ8g609eioHsgq3IO6T3zyQdDN2h0sObYFwqdTbfVcfQ7Sjf3TgWCFFIuW4CAx3sBdSJ2li1fpoymiYXZvsEVaMdQ5qBj5Fz4627UWt5L0SrGZ42/F/8VkGGQ2Uaf9WoG1SDRRZnNb3ipRh9NMAgqWZ5BtodjE+2hFyRcXjD+Kdv71QOMye7VOz+FSgHebbZCFuRRGFkJ1t8ckb7q38ZNfro6mJlKxxX6EaTvBfnVnlMJXSECwl4Z4D0oqqKtm0EYTZSenxS4lF1e/Y2PHLJKEjjhjdxZ9c0bHQx4rR3fn9xwh5/GQvf0yHGSOq6TLX+Y3+uwsJAOZ9if79yFqbqeBSHhoMWI5426+1NBOqoKLv2MKIxt53kWQZgyPefQXpDj73C+xdDmcppRoMVQBvxVnVRsD3JVVLjnOha9CgjvKVxWotd3XSvmqoJ9Cl/BvDtPgJrcv406Ee/ybvrVCmpQ4y6taUEEXbGv0zLdesZo6BBhnIu7LkAN2t78b0i33P+v228u4eFQDsPhdI9AhTRXB1xf3v7SD2mVbQ+uwKEMvYb7NjxDWYyd+yxBqKMqTskIgq4BCDB3uBrOAzFtl5qjKB8+tQTUoGuv60i0xyUQQ2967ETQ= X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DlBB2CbB5wk3YQ0V0/VRDAAgNCwZwQjhuwSxZaTjeq5k4xGjC2B1wuOC17apVXEdLu8vHVmjZ22B5RpLFvbUgF0OAOuHcz/pHjnbE40KtpPO1b0cBuG8Jydyv7gleP+CHjGIAABINRAjwXjHC6/1P/bYAIOYJZig6cfmWOHZM5MEj02Zt7AHL5XCx5p1CEvyOdPcor+IKHCChDKsudNKwTcz8AyeV+IhOTea/n5W4MziY8O1bwiOKOIAW1YVesu0ia0V90qAia2fyCeq5tSIMTWv1oqNjdT1iR2hG0WrwpV6/v85NxAvLs31/an1wGvSTfnhfEvQGxpr7HY6wZFFOV1VjK/TJ5Q/AuSi6xTO3RPiWNE0N5pj0GzaIg003tCUBnO+De6GugmfoV46gkcZNIH6o8GtZJQoiLTxiQUTqtOQcHUZh224Asow179a/TXAVrGtVW3byb3G5MJYhG9FEs/LqmApiQS4D3gV3gHiHoiSsYOUC0HHu1a5hYrSC4wGOzVx+E31fMH1ovR8/w3W4+JbOEhVzQo+J/aiUmjlO4vpXrjxsfV/bRphGL8INGqK77ePF5p/XEz1YmU0m8eibtKoAXJLESHtMuVnTJRb0fegJhkbr42ckyPPm9HAOESl X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: PPg0yT7SpDe2FOZnPegTaj7iVMEOf9g2B/FGiB2Uf9NIXbhgW16oW03Hr57wiQO/X3ZvxWOYvIwP7fqFBqhYXPUCe0rmot5C2n4n/yxP6hRu9tlnMuO52LIFVu3iKToYpeYC7IEf/p5jtQm4ml8IoDCbBE7aYBnLlVX+GzXG3Kd5kJnffxTGGncxJZk2Y8cIAiIiJn+5ST/fu54lbka7AY8IHJ+zp/vfSBOoYR5AsFNEwk/g67nfRmjvcVuM5TRqen/l71Ccc7fBzJhg39sEQfyLg781YPbWlRmZvtoCmzxgKSDht9BEYC+NFifQVH2HIPBb3qpcDaQQ8ce9evjvWt7D+0v2vQI6L0aYqZcsAiB8fKKoHjiYI6xBSbNcm4GEwioQyn9auiTRUfuvPn3UaQFLPcJ7lLsl/QYnFq2ZUfosytKMeGPLQdglp/ynHVju0KNj59aUIgr+9BuFyBtXktpdM8jVWevyVGU9+/BlDlO+lic/hjT4dvpAJIcdblR/6GBwf3Wal9tim90Ft0whSRECXG1+9zLYMSusEmfy78GSyT7eGsgLKmHZEAU0EquOQIr0fRo5euRtNJ36hSaRBFIXrgQi0GJzxnhKMfT8Q00dScYOx4SkvPWrhQODKcaQTtt4reS2Byj1iTgRNCQFhb2Xje8JnWGq5NJ9FnLwtkGTm4ddNDjcGEHnWuaqBOinMvk4YmW4VjHktmaIIeAa69S3jHw/tPU1EncXdfEcx+zOqbG1EWdEq/YT1vowwTdD2D5h/o3aotG8VA1Yqx7EH48tJF/XOohBuukaht8PRWrDfFAnxewc5xqGbGi1g3/BrDm9Jx3qUUHK2BWo2QyEhLTO9tqFpp3MJHiXXdwIPlglvUOH3C6BliifCJSKvWp42Cbdw9jRX8FEd1GUhAOFr0tcFIf9SVSPywmB8uz5QxG0xd6rEH5AhsVxPYWofQTViwcmbspdAxKEzoKv2UiSwC+gOKvvjiEnjrPFbUnOxaR/TVIb6ZvkPQnXvShigB01OuWuCVaVrE11HJU95Y8TT5ilGtw6Fk1eOHitT65XtaTeFrtvSlzBB0YMrzFFqBMO0/87DHwLmVtlKeaYNfMcsnQHUlZC2HS6SkMyvCuVAUyoh4O68eb3+PA7QOYkMOiNnkIjLIdM4F9/mSVtcIvtFx3IHqDQJEL0AlKkbV+F6fXq82+sqVncdBV1YVZjEvWQ2+U24dTg9pKBC/e+EEqzwwjNKGW1HAq0YJOQKmb7mK4= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e3c90bc9-e943-4232-98d4-08db4fdb7a8c X-MS-Exchange-CrossTenant-AuthSource: ME3P282MB3968.AUSP282.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2023 15:47:07.7958 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME4P282MB0856 X-Spam-Status: No, score=-12.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Moody Liu via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Moody Liu <mooodyhunter@outlook.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
| Series |
elf: Fix marking root dir as nonexist in open_path
|
|
Checks
| Context | Check | Description |
|---|---|---|
| dj/TryBot-apply_patch | success | Patch applied to master at the time it was sent |
| dj/TryBot-32bit | success | Build for i686 |
Commit Message
Moody Liu
May 8, 2023, 3:45 p.m. UTC
When dlopen is being called, efforts have been made to improve
future lookup performance. This includes marking a search path
as non-existent using `stat`. However, if the root directory
is given as a search path, there exists a bug which erroneously
marks it as non-existing.
The bug is reproduced under the following sequence:
1. dlopen is called to open a shared library, with at least:
1) a dependency 'A.so' not directly under the '/' directory
(e.g. /lib/A.so), and
2) another dependency 'B.so' resides in '/'.
2. for this bug to reproduce, 'A.so' should be searched *before* 'B.so'.
3. it first tries to find 'A.so' in /, (e.g. /A.so):
- this will (obviously) fail,
- since it's the first time we have seen the '/' directory,
its 'status' is 'unknown'.
4. `buf[buflen - namelen - 1] = '\0'` is executed:
- it intends to remove the leaf and its final slash,
- because of the speciality of '/', its buflen == namelen + 1,
- it erroneously clears the entire buffer.
6. it then calls 'stat' with the empty buffer:
- which will result in an error.
7. so it marks '/' as 'nonexisting', future lookups will not consider
this path.
8. while /B.so *does* exist, failure to look it up in the '/'
directory leads to a 'cannot open shared object file' error.
This patch fixes the bug by preventing 'buflen', an index to put '\0',
from being set to 0, so that the root '/' is always kept.
Relative search paths are always considered as 'existing' so this
wont be affected.
Suggested-by: Qixing ksyx Xue <qixingxue@outlook.com>
---
elf/dl-load.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Comments
On 5/8/23 11:45, Moody Liu via Libc-alpha wrote: > When dlopen is being called, efforts have been made to improve > future lookup performance. This includes marking a search path > as non-existent using `stat`. However, if the root directory > is given as a search path, there exists a bug which erroneously > marks it as non-existing. Thanks for working on the patch. Could you please file a bug in bugzilla for this? > > The bug is reproduced under the following sequence: > > 1. dlopen is called to open a shared library, with at least: > 1) a dependency 'A.so' not directly under the '/' directory > (e.g. /lib/A.so), and > 2) another dependency 'B.so' resides in '/'. Are you able to write a containerized test case for this? We have tests-container testing for just such "/" scenarios with a distinct mount namespace for the tests. > 2. for this bug to reproduce, 'A.so' should be searched *before* 'B.so'. > 3. it first tries to find 'A.so' in /, (e.g. /A.so): > - this will (obviously) fail, > - since it's the first time we have seen the '/' directory, > its 'status' is 'unknown'. > 4. `buf[buflen - namelen - 1] = '\0'` is executed: > - it intends to remove the leaf and its final slash, > - because of the speciality of '/', its buflen == namelen + 1, > - it erroneously clears the entire buffer. > 6. it then calls 'stat' with the empty buffer: > - which will result in an error. > 7. so it marks '/' as 'nonexisting', future lookups will not consider > this path. > 8. while /B.so *does* exist, failure to look it up in the '/' > directory leads to a 'cannot open shared object file' error. > > This patch fixes the bug by preventing 'buflen', an index to put '\0', > from being set to 0, so that the root '/' is always kept. > Relative search paths are always considered as 'existing' so this > wont be affected. > > Suggested-by: Qixing ksyx Xue <qixingxue@outlook.com> > --- > elf/dl-load.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/elf/dl-load.c b/elf/dl-load.c > index fcb39a78d4..10757dd5a5 100644 > --- a/elf/dl-load.c > +++ b/elf/dl-load.c > @@ -1865,7 +1865,11 @@ open_path (const char *name, size_t namelen, int mode, > test whether there is any directory at all. */ > struct __stat64_t64 st; > > - buf[buflen - namelen - 1] = '\0'; > + /* We only have absolute paths go into this branch. > + In the rare case where 'this_dir' is only a '/', we > + must keep it. */ > + buflen = MAX(buflen - namelen - 1, 1); > + buf[buflen] = '\0'; > > if (__stat64_time64 (buf, &st) != 0 > || ! S_ISDIR (st.st_mode))
diff --git a/elf/dl-load.c b/elf/dl-load.c index fcb39a78d4..10757dd5a5 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1865,7 +1865,11 @@ open_path (const char *name, size_t namelen, int mode, test whether there is any directory at all. */ struct __stat64_t64 st; - buf[buflen - namelen - 1] = '\0'; + /* We only have absolute paths go into this branch. + In the rare case where 'this_dir' is only a '/', we + must keep it. */ + buflen = MAX(buflen - namelen - 1, 1); + buf[buflen] = '\0'; if (__stat64_time64 (buf, &st) != 0 || ! S_ISDIR (st.st_mode))