From patchwork Thu Aug 8 11:40:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 95510 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8254A385842D for ; Thu, 8 Aug 2024 11:43:44 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 062E13858C56 for ; Thu, 8 Aug 2024 11:43:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 062E13858C56 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 062E13858C56 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723117394; cv=none; b=biZuJTUTns20mSXE9jv1dCBLonC0Dacz6IaWBmqQQg3obGdg82z5cUtrI2o3TYvQ4QLtPLdbSy59Wuk5Rtq39Sa69mGV5YdzeJ0kTwRLnSolJBgLUB3X2G5m+iIYNJSq4H/X2vk6chf1qalOZfWno520Q7l6NlC6JAfZBX+Ap5E= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723117394; c=relaxed/simple; bh=8ji9maPoaK5YIZjaarLHmD6ts5ZuLs/CHoLnVIippWw=; h=DKIM-Signature:From:To:Subject:Message-ID:Date:MIME-Version; b=weINWfmqIcQYydMIkKvwOISCrxUq1854WGpWQ1VLQSXBaihaUUNfPspObFDiOWVQBcprrJrkCxA7ZVEJENLsGlJ3rXv8n+J3FrThU5KKxXjgCgtS4/rVW87yow94heQI8UoYU2KdVd/SYnCgudC5yJNEs3oEy5P8oVsjEXgn/Ek= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1723117391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=4l3tn28KLLCb9PwjEpuzOSKiqjHDnNE8m38tzmWPHyY=; b=EDVmdqsBL2wViY+0DBnAJzVg06iTMcNbx5k8oBkQxHcqhTuC68n8p5KEyllMDAOq/S90yc gvw8US15kdlu+1Eh68lVVMcsPSHz3VMGGpGFBDy7F5I+/nEpg/FH7FXk2DL5e0VHjYRqyY OJCLlw2xODuszMUi86Xz7n2HD+vX76k= Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-556-l8hod5hRNgeeRN2QOKiFRA-1; Thu, 08 Aug 2024 07:43:09 -0400 X-MC-Unique: l8hod5hRNgeeRN2QOKiFRA-1 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 95E6C197730E for ; Thu, 8 Aug 2024 11:40:05 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.45.224.76]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9C15F3000197 for ; Thu, 8 Aug 2024 11:40:04 +0000 (UTC) From: Florian Weimer To: libc-alpha@sourceware.org Subject: [PATCH v2 1/3] elf: Run constructors on cyclic recursive dlopen (bug 31986) In-Reply-To: Message-ID: <3f27d400f91fbf02eabd188f002c3003dd6f994d.1723116962.git.fweimer@redhat.com> References: X-From-Line: 3f27d400f91fbf02eabd188f002c3003dd6f994d Mon Sep 17 00:00:00 2001 Date: Thu, 08 Aug 2024 13:40:01 +0200 User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This is conceptually similar to the reported bug, but does not depend on auditing. The fix is simple: just complete execution of the constructors. This exposed the fact that the link map for statically linked executables does not have l_init_called set, even though constructors have run. Reviewed-by: Adhemerval Zanella --- elf/Makefile | 6 ++++ elf/dl-open.c | 8 +++++ elf/dl-support.c | 1 + elf/tst-dlopen-recurse.c | 34 +++++++++++++++++++ elf/tst-dlopen-recursemod1.c | 50 +++++++++++++++++++++++++++ elf/tst-dlopen-recursemod2.c | 66 ++++++++++++++++++++++++++++++++++++ 6 files changed, 165 insertions(+) create mode 100644 elf/tst-dlopen-recurse.c create mode 100644 elf/tst-dlopen-recursemod1.c create mode 100644 elf/tst-dlopen-recursemod2.c diff --git a/elf/Makefile b/elf/Makefile index 0792b57678..cc3685550d 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -414,6 +414,7 @@ tests += \ tst-dlmopen1 \ tst-dlmopen3 \ tst-dlmopen4 \ + tst-dlopen-recurse \ tst-dlopen-self \ tst-dlopen-tlsmodid \ tst-dlopen-tlsreinit1 \ @@ -864,6 +865,8 @@ modules-names += \ tst-dlmopen-twice-mod1 \ tst-dlmopen-twice-mod2 \ tst-dlmopen1mod \ + tst-dlopen-recursemod1 \ + tst-dlopen-recursemod2 \ tst-dlopen-tlsreinitmod1 \ tst-dlopen-tlsreinitmod2 \ tst-dlopen-tlsreinitmod3 \ @@ -3155,3 +3158,6 @@ $(objpfx)tst-dlopen-tlsreinit3.out: $(objpfx)tst-auditmod1.so tst-dlopen-tlsreinit3-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so $(objpfx)tst-dlopen-tlsreinit4.out: $(objpfx)tst-auditmod1.so tst-dlopen-tlsreinit4-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so + +$(objpfx)tst-dlopen-recurse.out: $(objpfx)tst-dlopen-recursemod1.so +$(objpfx)tst-dlopen-recursemod1.so: $(objpfx)tst-dlopen-recursemod2.so diff --git a/elf/dl-open.c b/elf/dl-open.c index 8b4704c09d..2c20aa1df9 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -590,6 +590,14 @@ dl_open_worker_begin (void *a) = _dl_debug_update (args->nsid)->r_state; assert (r_state == RT_CONSISTENT); + /* Do not return without calling the (supposedly new) map's + constructor. This case occurs if a dependency of a directly + opened map has a constructor that calls dlopen again on the + initially opened map. The new map is initialized last, so + checking only it is enough. */ + if (!new->l_init_called) + _dl_catch_exception (NULL, call_dl_init, args); + return; } diff --git a/elf/dl-support.c b/elf/dl-support.c index 451932dd03..94e8197c63 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -99,6 +99,7 @@ static struct link_map _dl_main_map = .l_used = 1, .l_tls_offset = NO_TLS_OFFSET, .l_serial = 1, + .l_init_called = 1, }; /* Namespace information. */ diff --git a/elf/tst-dlopen-recurse.c b/elf/tst-dlopen-recurse.c new file mode 100644 index 0000000000..c7fb379d37 --- /dev/null +++ b/elf/tst-dlopen-recurse.c @@ -0,0 +1,34 @@ +/* Test that recursive dlopen runs constructors before return (bug 31986). + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +static int +do_test (void) +{ + void *handle = xdlopen ("tst-dlopen-recursemod1.so", RTLD_NOW); + int *status = dlsym (handle, "recursemod1_status"); + printf ("info: recursemod1_status == %d (from main)\n", *status); + TEST_COMPARE (*status, 2); + xdlclose (handle); + return 0; +} + +#include diff --git a/elf/tst-dlopen-recursemod1.c b/elf/tst-dlopen-recursemod1.c new file mode 100644 index 0000000000..5e0cc0eb8c --- /dev/null +++ b/elf/tst-dlopen-recursemod1.c @@ -0,0 +1,50 @@ +/* Directly opened test module that gets recursively opened again. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +int recursemod1_status; + +/* Force linking against st-dlopen-recursemod2.so. Also allows + checking for relocation. */ +extern int recursemod2_status; +int *force_recursemod2_reference = &recursemod2_status; + +static void __attribute__ ((constructor)) +init (void) +{ + ++recursemod1_status; + printf ("info: tst-dlopen-recursemod1.so constructor called (status %d)\n", + recursemod1_status); +} + +static void __attribute__ ((destructor)) +fini (void) +{ + /* The recursemod1_status variable was incremented in the + tst-dlopen-recursemod2.so constructor. */ + printf ("info: tst-dlopen-recursemod1.so destructor called (status %d)\n", + recursemod1_status); + if (recursemod1_status != 2) + { + puts ("error: recursemod1_status == 2 expected"); + exit (1); + } +} diff --git a/elf/tst-dlopen-recursemod2.c b/elf/tst-dlopen-recursemod2.c new file mode 100644 index 0000000000..edd2f2526b --- /dev/null +++ b/elf/tst-dlopen-recursemod2.c @@ -0,0 +1,66 @@ +/* Indirectly opened module that recursively opens the directly opened module. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +int recursemod2_status; + +static void __attribute__ ((constructor)) +init (void) +{ + ++recursemod2_status; + printf ("info: tst-dlopen-recursemod2.so constructor called (status %d)\n", + recursemod2_status); + void *handle = dlopen ("tst-dlopen-recursemod1.so", RTLD_NOW); + if (handle == NULL) + { + printf ("error: dlopen: %s\n", dlerror ()); + exit (1); + } + int *status = dlsym (handle, "recursemod1_status"); + if (status == NULL) + { + printf ("error: dlsym: %s\n", dlerror ()); + exit (1); + } + printf ("info: recursemod1_status == %d\n", *status); + if (*status != 1) + { + puts ("error: recursemod1_status == 1 expected"); + exit (1); + } + ++*status; + printf ("info: recursemod1_status == %d\n", *status); + + int **mod2_status = dlsym (handle, "force_recursemod2_reference"); + if (mod2_status == NULL || *mod2_status != &recursemod2_status) + { + puts ("error: invalid recursemod2_status address in" + " tst-dlopen-recursemod1.so"); + exit (1); + } +} + +static void __attribute__ ((destructor)) +fini (void) +{ + printf ("info: tst-dlopen-recursemod2.so destructor called (status %d)\n", + recursemod2_status); +} From patchwork Thu Aug 8 11:40:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 95508 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DB43A385841E for ; Thu, 8 Aug 2024 11:40:43 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id AF0BC3858D28 for ; Thu, 8 Aug 2024 11:40:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AF0BC3858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AF0BC3858D28 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723117221; cv=none; b=umoeWK5Fsj0UzuRS/y7uD07T74gOJezbhNoufYbrqLZVyCTBFUC9cCf2gUVzERR/PTiu4LJsHEClNkyPChb5IzXdkoCOY9ExHRC2WECHSUmT9W7Cv5MkYwr0j6bnOW9FUJaUjpEcrOp5p/lZsw5HiMfRhg7DEkozqzFhjILtKGg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723117221; c=relaxed/simple; bh=8ufK7m0CU9ve8fySktV7HVUkv98OY5KBwpzwoQd4Sys=; h=DKIM-Signature:From:To:Subject:Message-ID:Date:MIME-Version; b=xGPiGup9+TxunAKRhDIXgA6Lucsh6YpTWgS5bDGcfq/aJqTpBeQLmQGvKZLW51+wTTkOrkKnQugNxbX5iltUxcrLtidLTjhKjSaGIK1GrPcoGerK/yLeIx5Y7ZnFrQmWOokZ8AvWKE8asVXApra/JSNP3j3Ot6PRjNe/I4rPJ4w= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1723117219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=G5v7untkRDMJ8UNg+9j+CW0p88LfQg22LU2i2DQn1B0=; b=KmMzPZvBbOTH1v78MLI1UBhhrByRSzE8mGDwUbQiLLj6dYZs5xpM6R6UXJyO8KostzAUrW e2zUIXxuGthQpWfTEavpuYIK53RbgDRNmN3/dVnBg9WnpfP/JVpyjCMWMAkHfdPPqY5RyB wUkTCFY3HzWPWetBn1e/N7p2+ABicd4= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-688-8N3mn8KdOlSj6P3fkvlxIw-1; Thu, 08 Aug 2024 07:40:18 -0400 X-MC-Unique: 8N3mn8KdOlSj6P3fkvlxIw-1 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 23F2D1920C16 for ; Thu, 8 Aug 2024 11:40:15 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.45.224.76]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2A0EA1953976 for ; Thu, 8 Aug 2024 11:40:13 +0000 (UTC) From: Florian Weimer To: libc-alpha@sourceware.org Subject: [PATCH v2 2/3] elf: Signal LA_ACT_CONSISTENT to auditors after RT_CONSISTENT switch In-Reply-To: Message-ID: <3238d4cc26934a86acd8b8f3e01a6dcc33ab798e.1723116962.git.fweimer@redhat.com> References: X-From-Line: 3238d4cc26934a86acd8b8f3e01a6dcc33ab798e Mon Sep 17 00:00:00 2001 Date: Thu, 08 Aug 2024 13:40:10 +0200 User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Auditors can call into the dynamic loader again if LA_ACT_CONSISTENT, and those recursive calls could observe r_state != RT_CONSISTENT. We should consider failing dlopen/dlmopen/dlclose if r_state != RT_CONSISTENT. The dynamic linker is probably not in a state in which it can handle reentrant calls. This needs further investigation. Reviewed-by: Adhemerval Zanella --- elf/dl-close.c | 10 +++++----- elf/dl-open.c | 10 +++++----- elf/rtld.c | 6 +++--- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/elf/dl-close.c b/elf/dl-close.c index 88226245eb..b6f4daac79 100644 --- a/elf/dl-close.c +++ b/elf/dl-close.c @@ -723,6 +723,11 @@ _dl_close_worker (struct link_map *map, bool force) /* TLS is cleaned up for the unloaded modules. */ __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); + /* Notify the debugger those objects are finalized and gone. */ + r->r_state = RT_CONSISTENT; + _dl_debug_state (); + LIBC_PROBE (unmap_complete, 2, nsid, r); + #ifdef SHARED /* Auditing checkpoint: we have deleted all objects. Also, do not notify auditors of the cleanup of a failed audit module loading attempt. */ @@ -735,11 +740,6 @@ _dl_close_worker (struct link_map *map, bool force) --GL(dl_nns); while (GL(dl_ns)[GL(dl_nns) - 1]._ns_loaded == NULL); - /* Notify the debugger those objects are finalized and gone. */ - r->r_state = RT_CONSISTENT; - _dl_debug_state (); - LIBC_PROBE (unmap_complete, 2, nsid, r); - /* Recheck if we need to retry, release the lock. */ out: if (dl_close_state == rerun) diff --git a/elf/dl-open.c b/elf/dl-open.c index 2c20aa1df9..5e74807d23 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -628,17 +628,17 @@ dl_open_worker_begin (void *a) #endif } -#ifdef SHARED - /* Auditing checkpoint: we have added all objects. */ - _dl_audit_activity_nsid (new->l_ns, LA_ACT_CONSISTENT); -#endif - /* Notify the debugger all new objects are now ready to go. */ struct r_debug *r = _dl_debug_update (args->nsid); r->r_state = RT_CONSISTENT; _dl_debug_state (); LIBC_PROBE (map_complete, 3, args->nsid, r, new); +#ifdef SHARED + /* Auditing checkpoint: we have added all objects. */ + _dl_audit_activity_nsid (new->l_ns, LA_ACT_CONSISTENT); +#endif + _dl_open_check (new); /* Print scope information. */ diff --git a/elf/rtld.c b/elf/rtld.c index 1e2e9ad5a8..0dd64de13a 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2393,9 +2393,6 @@ dl_main (const ElfW(Phdr) *phdr, _dl_relocate_object might need to call `mprotect' for DT_TEXTREL. */ _dl_sysdep_start_cleanup (); - /* Auditing checkpoint: we have added all objects. */ - _dl_audit_activity_nsid (LM_ID_BASE, LA_ACT_CONSISTENT); - /* Notify the debugger all new objects are now ready to go. We must re-get the address since by now the variable might be in another object. */ r = _dl_debug_update (LM_ID_BASE); @@ -2403,6 +2400,9 @@ dl_main (const ElfW(Phdr) *phdr, _dl_debug_state (); LIBC_PROBE (init_complete, 2, LM_ID_BASE, r); + /* Auditing checkpoint: we have added all objects. */ + _dl_audit_activity_nsid (LM_ID_BASE, LA_ACT_CONSISTENT); + #if defined USE_LDCONFIG && !defined MAP_COPY /* We must munmap() the cache file. */ _dl_unload_cache (); From patchwork Thu Aug 8 11:40:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 95511 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 23D953858433 for ; Thu, 8 Aug 2024 11:44:07 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTP id 027023858D28 for ; Thu, 8 Aug 2024 11:43:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 027023858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 027023858D28 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723117400; cv=none; b=JjymqHW2nDKr1u+6LGOajpkbVa6EYmHFxhJaqD1ZivitnBg4FDsSF42FxWWMy5rwvKpSWiSefy4BU0Eqjp+qClVCQqLuOUCLx5qsLWMChzBXjIJKk4QUfKIPSYZasdb+nd83D4RnsqD4kd2EmvqZ+4ocPzvnnTjgTPFwcWxCvBY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723117400; c=relaxed/simple; bh=I90HAHHdQ2eijIiQi0HXnGFsipG8b+7ptwkrWzguarA=; h=DKIM-Signature:From:To:Subject:Message-ID:Date:MIME-Version; b=nUBKbwkK+ajjjssVejucEIIhhHvSHrAh88WJ72NpGuwwhgLs8SE13lnQgJLMHSWLhyJzMxSSksmw+GC4Vd1pfMdNuZ39hNx4TQgW3fLFHcMKhXSWo04K//vbuNChEq+sxfXQDSxanesB0LCDcJDeFp+EnSK56Ie5EqGQOUEXUOc= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1723117395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yR+HsSeRQrtjsBl5SV/J830r7gCHjJlzMtWgcaN/k64=; b=Hbr4JIk6o2M83MqtRfUpPHwv3GhrAOFsUuQFxyTLUElpiB67gALLUg3qsQwSxdWzlFxBQS podjy0wX4z9zNrRycSYiarU9qUtbpx3smn6zcCT/j4XVEjkGC574EgfkxRibXTlziXuPY1 9Lc1pxm49gsZPXOK+HIQCSM/6D0m0RM= Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-645-sdnTeoRANt-AlYmwtWPeiw-1; Thu, 08 Aug 2024 07:43:13 -0400 X-MC-Unique: sdnTeoRANt-AlYmwtWPeiw-1 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9A27018EB22D for ; Thu, 8 Aug 2024 11:40:25 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.45.224.76]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C546719560AA for ; Thu, 8 Aug 2024 11:40:24 +0000 (UTC) From: Florian Weimer To: libc-alpha@sourceware.org Subject: [PATCH v2 3/3] elf: Signal RT_CONSISTENT after relocation processing in dlopen (bug 31986) In-Reply-To: Message-ID: <3f67c06b3421fd6a45181f3d46060bc8bda96d5c.1723116962.git.fweimer@redhat.com> References: X-From-Line: 3f67c06b3421fd6a45181f3d46060bc8bda96d5c Mon Sep 17 00:00:00 2001 Date: Thu, 08 Aug 2024 13:40:21 +0200 User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Previously, a la_activity audit event was generated before relocation processing completed. This does did not match what happened during initial startup in elf/rtld.c (towards the end of dl_main). It also caused various problems if an auditor tried to open the same shared object again using dlmopen: If it was the directly loaded object, it had a search scope associated with it, so the early exit in dl_open_worker_begin was taken even though the object was unrelocated. This caused the r_state == RT_CONSISTENT assert to fail. Avoidance of the assert also depends on reversing the order of r_state update and auditor event (already implemented in a previous commit). At the later point, args->map can be NULL due to failure, so use the assigned namespace ID instead if that is available. Reviewed-by: Adhemerval Zanella --- elf/Makefile | 6 ++ elf/dl-open.c | 44 ++++++++----- elf/tst-dlopen-auditdup-auditmod.c | 100 +++++++++++++++++++++++++++++ elf/tst-dlopen-auditdup.c | 36 +++++++++++ elf/tst-dlopen-auditdupmod.c | 48 ++++++++++++++ 5 files changed, 219 insertions(+), 15 deletions(-) create mode 100644 elf/tst-dlopen-auditdup-auditmod.c create mode 100644 elf/tst-dlopen-auditdup.c create mode 100644 elf/tst-dlopen-auditdupmod.c diff --git a/elf/Makefile b/elf/Makefile index cc3685550d..aaa17b5708 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -414,6 +414,7 @@ tests += \ tst-dlmopen1 \ tst-dlmopen3 \ tst-dlmopen4 \ + tst-dlopen-auditdup \ tst-dlopen-recurse \ tst-dlopen-self \ tst-dlopen-tlsmodid \ @@ -865,6 +866,8 @@ modules-names += \ tst-dlmopen-twice-mod1 \ tst-dlmopen-twice-mod2 \ tst-dlmopen1mod \ + tst-dlopen-auditdup-auditmod \ + tst-dlopen-auditdupmod \ tst-dlopen-recursemod1 \ tst-dlopen-recursemod2 \ tst-dlopen-tlsreinitmod1 \ @@ -3161,3 +3164,6 @@ tst-dlopen-tlsreinit4-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so $(objpfx)tst-dlopen-recurse.out: $(objpfx)tst-dlopen-recursemod1.so $(objpfx)tst-dlopen-recursemod1.so: $(objpfx)tst-dlopen-recursemod2.so +tst-dlopen-auditdup-ENV = LD_AUDIT=$(objpfx)tst-dlopen-auditdup-auditmod.so +$(objpfx)tst-dlopen-auditdup.out: \ + $(objpfx)tst-dlopen-auditdupmod.so $(objpfx)tst-dlopen-auditdup-auditmod.so diff --git a/elf/dl-open.c b/elf/dl-open.c index 5e74807d23..ec0145879e 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -565,6 +565,14 @@ dl_open_worker_begin (void *a) _dl_debug_printf ("opening file=%s [%lu]; direct_opencount=%u\n\n", new->l_name, new->l_ns, new->l_direct_opencount); +#ifdef SHARED + /* No relocation processing on this execution path. But + relocation has not been performed for static + position-dependent executables, so disable the assert for + static linking. */ + assert (new->l_relocated); +#endif + /* If the user requested the object to be in the global namespace but it is not so far, prepare to add it now. This can raise an exception to do a malloc failure. */ @@ -586,10 +594,6 @@ dl_open_worker_begin (void *a) if ((mode & RTLD_GLOBAL) && new->l_global == 0) add_to_global_update (new); - const int r_state __attribute__ ((unused)) - = _dl_debug_update (args->nsid)->r_state; - assert (r_state == RT_CONSISTENT); - /* Do not return without calling the (supposedly new) map's constructor. This case occurs if a dependency of a directly opened map has a constructor that calls dlopen again on the @@ -628,17 +632,6 @@ dl_open_worker_begin (void *a) #endif } - /* Notify the debugger all new objects are now ready to go. */ - struct r_debug *r = _dl_debug_update (args->nsid); - r->r_state = RT_CONSISTENT; - _dl_debug_state (); - LIBC_PROBE (map_complete, 3, args->nsid, r, new); - -#ifdef SHARED - /* Auditing checkpoint: we have added all objects. */ - _dl_audit_activity_nsid (new->l_ns, LA_ACT_CONSISTENT); -#endif - _dl_open_check (new); /* Print scope information. */ @@ -685,6 +678,7 @@ dl_open_worker_begin (void *a) created dlmopen namespaces. Do not do this for static dlopen because libc has relocations against ld.so, which may not have been relocated at this point. */ + struct r_debug *r = _dl_debug_update (args->nsid); #ifdef SHARED if (GL(dl_ns)[args->nsid].libc_map != NULL) _dl_open_relocate_one_object (args, r, GL(dl_ns)[args->nsid].libc_map, @@ -776,6 +770,26 @@ dl_open_worker (void *a) __rtld_lock_unlock_recursive (GL(dl_load_tls_lock)); + /* Auditing checkpoint and debugger signalling. Do this even on + error, so that dlopen exists with consistent state. */ + if (args->nsid >= 0 || args->map != NULL) + { + Lmid_t nsid = args->map != NULL ? args->map->l_ns : args->nsid; + struct r_debug *r = _dl_debug_update (nsid); +#ifdef SHARED + bool was_not_consistent = r->r_state != RT_CONSISTENT; +#endif + r->r_state = RT_CONSISTENT; + _dl_debug_state (); + LIBC_PROBE (map_complete, 3, nsid, r, new); + +#ifdef SHARED + if (was_not_consistent) + /* Avoid redudant/recursive signalling. */ + _dl_audit_activity_nsid (nsid, LA_ACT_CONSISTENT); +#endif + } + if (__glibc_unlikely (ex.errstring != NULL)) /* Reraise the error. */ _dl_signal_exception (err, &ex, NULL); diff --git a/elf/tst-dlopen-auditdup-auditmod.c b/elf/tst-dlopen-auditdup-auditmod.c new file mode 100644 index 0000000000..9b67295e94 --- /dev/null +++ b/elf/tst-dlopen-auditdup-auditmod.c @@ -0,0 +1,100 @@ +/* Auditor that opens again an object that just has been opened. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +unsigned int +la_version (unsigned int v) +{ + return LAV_CURRENT; +} + +static bool trigger_on_la_activity; + +unsigned int +la_objopen (struct link_map *map, Lmid_t lmid, uintptr_t *cookie) +{ + printf ("info: la_objopen: \"%s\"\n", map->l_name); + if (strstr (map->l_name, "/tst-dlopen-auditdupmod.so") != NULL) + trigger_on_la_activity = true; + return 0; +} + +void +la_activity (uintptr_t *cookie, unsigned int flag) +{ + static unsigned int calls; + ++calls; + printf ("info: la_activity: call %u (flag %u)\n", calls, flag); + fflush (stdout); + if (trigger_on_la_activity) + { + /* Avoid triggering on the dlmopen call below. */ + static bool recursion; + if (recursion) + return; + recursion = true; + + puts ("info: about to dlmopen tst-dlopen-auditdupmod.so"); + fflush (stdout); + void *handle = dlmopen (LM_ID_BASE, "tst-dlopen-auditdupmod.so", + RTLD_NOW); + if (handle == NULL) + { + printf ("error: dlmopen: %s\n", dlerror ()); + fflush (stdout); + _exit (1); + } + + /* Check that the constructor has run. */ + int *status = dlsym (handle, "auditdupmod_status"); + if (status == NULL) + { + printf ("error: dlsym: %s\n", dlerror ()); + fflush (stdout); + _exit (1); + } + printf ("info: auditdupmod_status == %d\n", *status); + if (*status != 1) + { + puts ("error: auditdupmod_status == 1 expected"); + fflush (stdout); + _exit (1); + } + /* Checked in the destructor and the main program. */ + ++*status; + printf ("info: auditdupmod_status == %d\n", *status); + + /* Check that the module has been relocated. */ + int **status_address = dlsym (handle, "auditdupmod_status_address"); + if (status_address == NULL || *status_address != status) + { + puts ("error: invalid auditdupmod_status address in" + " tst-dlopen-auditdupmod.so"); + fflush (stdout); + _exit (1); + } + + fflush (stdout); + } +} diff --git a/elf/tst-dlopen-auditdup.c b/elf/tst-dlopen-auditdup.c new file mode 100644 index 0000000000..a88b581c3f --- /dev/null +++ b/elf/tst-dlopen-auditdup.c @@ -0,0 +1,36 @@ +/* Test that recursive dlopen from auditor works (bug 31986). + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +static int +do_test (void) +{ + puts ("info: about to dlopen tst-dlopen-auditdupmod.so"); + fflush (stdout); + void *handle = xdlopen ("tst-dlopen-auditdupmod.so", RTLD_NOW); + int *status = dlsym (handle, "auditdupmod_status"); + printf ("info: auditdupmod_status == %d (from main)\n", *status); + TEST_COMPARE (*status, 2); + xdlclose (handle); + return 0; +} + +#include diff --git a/elf/tst-dlopen-auditdupmod.c b/elf/tst-dlopen-auditdupmod.c new file mode 100644 index 0000000000..59b7e21daa --- /dev/null +++ b/elf/tst-dlopen-auditdupmod.c @@ -0,0 +1,48 @@ +/* Directly opened test module that gets reopened from the auditor. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +int auditdupmod_status; + +/* Used to check for successful relocation processing. */ +int *auditdupmod_status_address = &auditdupmod_status; + +static void __attribute__ ((constructor)) +init (void) +{ + ++auditdupmod_status; + printf ("info: tst-dlopen-auditdupmod.so constructor called (status %d)\n", + auditdupmod_status); +} + +static void __attribute__ ((destructor)) +fini (void) +{ + /* The tst-dlopen-auditdup-auditmod.so auditor incremented + auditdupmod_status. */ + printf ("info: tst-dlopen-auditdupmod.so destructor called (status %d)\n", + auditdupmod_status); + if (auditdupmod_status != 2) + { + puts ("error: auditdupmod_status == 2 expected"); + exit (1); + } +}