aboutsummaryrefslogtreecommitdiff
path: root/elf
AgeCommit message (Collapse)Author
2020-05-28elf: Remove extra hwcap mechanism from ldconfigFlorian Weimer
Historically, this mechanism was used to process "nosegneg" subdirectories, and it is still used to include the "tls" subdirectories. With nosegneg support gone from ld.so, this is part no longer useful. The entire mechanism is not well-designed because it causes the meaning of hwcap bits in ld.so.cache to depend on the kernel version that was used to generate the cache, which makes it difficult to use this mechanism for anything else in the future. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-05-28elf: Do not read hwcaps from the vDSO in ld.soFlorian Weimer
This was only ever used for the "nosegneg" flag. This approach for passing hardware capability information creates a subtle dependency between the kernel and userspace, and ld.so.cache contents. It seems inappropriate for toady, where people expect to be able to run system images which very different kernel versions. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-05-25elf: Turn _dl_printf, _dl_error_printf, _dl_fatal_printf into functionsFlorian Weimer
This change makes it easier to set a breakpoint on these calls. This also addresses the issue that including <ldsodefs.h> without <unistd.h> does not result usable _dl_*printf macros because of the use of the STD*_FILENO macros there. (The private symbol for _dl_fatal_printf will go away again once the exception handling implementation is unified between libc and ld.so.) Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-05-21elf.h: add aarch64 property definitionsSzabolcs Nagy
These property values are specified by the AArch64 ELF ABI and binutils can create binaries marked with them. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-05-21elf.h: Add PT_GNU_PROPERTYSzabolcs Nagy
This program header type is already used in binaries on x86 and aarch64 targets. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2020-05-19ldconfig: Default to the new format for ld.so.cacheJosh Triplett
glibc has supported this format for close to 20 years.
2020-05-18Remove NO_CTORS_DTORS_SECTIONS macroFlorian Weimer
This was originally added to support binutils older than version 2.22: <https://sourceware.org/ml/libc-alpha/2010-12/msg00051.html> Since 2.22 is older than the minimum required binutils version for building glibc, we no longer need this. (The changes do not impact the statically linked startup code.)
2020-05-18elf: Assert that objects are relocated before their constructors runFlorian Weimer
If we try to run constructors before relocation, this is always a dynamic linker bug. An assert is easier to notice than a call via an invalid function pointer (which may not even produce a valid call stack). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-05-18x86: Move CET control to _dl_x86_feature_control [BZ #25887]H.J. Lu
1. Include <dl-procruntime.c> to get architecture specific initializer in rtld_global. 2. Change _dl_x86_feature_1[2] to _dl_x86_feature_1. 3. Add _dl_x86_feature_control after _dl_x86_feature_1, which is a struct of 2 bitfields for IBT and SHSTK control This fixes [BZ #25887].
2020-05-12elf: Remove redundant add_to_global_resize_failure call from dl_open_argsFlorian Weimer
The second call does not do anything because the data structures have already been resized by the call that comes before the demarcation point. Fixes commit a509eb117fac1d764b15eba64993f4bdb63d7f3c ("Avoid late dlopen failure due to scope, TLS slotinfo updates [BZ #25112]"). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-30Rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABIPaul E. Murphy
Improve the commentary to aid future developers who will stumble upon this novel, yet not always perfect, mechanism to support alternative formats for long double. Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work has settled down. The command used was git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \ xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g' Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-04-29elf: Add initial flag argument to __libc_early_initFlorian Weimer
The rseq initialization should happen only for the libc in the base namespace (in the dynamic case) or the statically linked libc. The __libc_multiple_libcs flag does not quite cover this case at present, so this commit introduces a flag argument to __libc_early_init, indicating whether the libc being libc is the primary one (of the main program). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-24elf: Implement __libc_early_initFlorian Weimer
This function is defined in libc.so, and the dynamic loader calls right after relocation has been finished, before any ELF constructors or the preinit function is invoked. It is also used in the static build for initializing parts of the static libc. To locate __libc_early_init, a direct symbol lookup function is used, _dl_lookup_direct. It does not search the entire symbol scope and consults merely a single link map. This function could also be used to implement lookups in the vDSO (as an optimization). A per-namespace variable (libc_map) is added for locating libc.so, to avoid repeated traversals of the search scope. It is similar to GL(dl_initfirst). An alternative would have been to thread a context argument from _dl_open down to _dl_map_object_from_fd (where libc.so is identified). This could have avoided the global variable, but the change would be larger as a result. It would not have been possible to use this to replace GL(dl_initfirst) because that global variable is used to pass the function pointer past the stack switch from dl_main to the main program. Replacing that requires adding a new argument to _dl_init, which in turn needs changes to the architecture-specific libc.so startup code written in assembler. __libc_early_init should not be used to replace _dl_var_init (as it exists today on some architectures). Instead, _dl_lookup_direct should be used to look up a new variable symbol in libc.so, and that should then be initialized from the dynamic loader, immediately after the object has been loaded in _dl_map_object_from_fd (before relocation is run). This way, more IFUNC resolvers which depend on these variables will work. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-24elf: Introduce <elf_machine_sym_no_match.h>Florian Weimer
MIPS needs to ignore certain existing symbols during symbol lookup. The old scheme uses the ELF_MACHINE_SYM_NO_MATCH macro, with an inline function, within its own header, with a sysdeps override for MIPS. This allows re-use of the function from another file (without having to include <dl-machine.h> or providing the default definition for ELF_MACHINE_SYM_NO_MATCH). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-21elf: Support lld-style link map for librtld.mapFangrui Song
GNU ld and gold's -Map include a line like: path/to/build/libc_pic.a(check_fds.os) lld -Map does not have the archive member list, but we can still derive the members from the following output VMA LMA Size Align Out In Symbol ... 1a1c0 1a1c0 e2 16 path/to/build/libc_pic.a(check_fds.os):(.text)
2020-04-03elf: Implement DT_AUDIT, DT_DEPAUDIT support [BZ #24943]Florian Weimer
binutils ld has supported --audit, --depaudit for a long time, only support in glibc has been missing. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-04-03elf: Simplify handling of lists of audit stringsFlorian Weimer
All list elements are colon-separated strings, and there is a hard upper limit for the number of audit modules, so it is possible to pre-allocate a fixed-size array of strings to which the LD_AUDIT environment variable and --audit arguments are added. Also eliminate the global variables for the audit list because the list is only needed briefly during startup. There is a slight behavior change: All duplicate LD_AUDIT environment variables are now processed, not just the last one as before. However, such environment vectors are invalid anyway. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-03-25ARC: add definitions to elf/elf.hVineet Gupta
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2020-03-25Fix tests which expose ldbl -> _Float128 redirectsPaul E. Murphy
The ldbl redirects for ieee128 have some jagged edges when inspecting and manipulating symbols directly. e.g asprintf is unconditionally redirected to __asprintfieee128 thus any tests relying on GCC's redirect behavior will encounter problems if they inspect the symbol names too closely. I've mitigated tests which expose the limitations of the ldbl -> f128 redirects by giving them knowledge about the redirected symbol names. Hopefully there isn't much user code which depends on this implementation specific behavior. Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
2020-03-13parse_tunables: Fix typo in commentJonathan Wakely
2020-03-11ldconfig: trace origin paths with -vDJ Delorie
With this patch, -v turns on a "from" trace for each directory searched, that tells you WHY that directory is being searched - is it a builtin, from the command line, or from some config file?
2020-03-10elf: Fix wrong indentation from commit eb447b7b4bAdhemerval Zanella
2020-03-02elf: Add elf/check-wx-segment, a test for the presence of WX segmentsFlorian Weimer
Writable, executable segments defeat security hardening. The existing check for DT_TEXTREL does not catch this. hppa and SPARC currently keep the PLT in an RWX load segment.
2020-02-26elf: Apply attribute_relro to pointers in elf/dl-minimal.cFlorian Weimer
The present code leaves the function pointers unprotected, but moves some of the static functions into .data.rel.ro instead. This causes the linker to produce an allocatable, executable, writable section and eventually an RWX load segment. Not only do we really do not want that, it also breaks valgrind because valgrind does not load debuginfo from the mmap interceptor if all it sees are RX and RWX mappings. Fixes commit 3a0ecccb599a6b1ad4b149dc569c0080e92d057b ("ld.so: Do not export free/calloc/malloc/realloc functions [BZ #25486]").
2020-02-25csu: Use ELF constructor instead of _init in libc.soFlorian Weimer
On !ELF_INITFINI architectures, _init is no longer called by the dynamic linker. We can use an ELF constructor instead because the constructor order does not matter. (The other constructors are used to set up libio vtable bypasses and do not depend on this initialization routine.)
2020-02-18Introduce <elf-initfini.h> and ELF_INITFINI for all architecturesFlorian Weimer
This supersedes the init_array sysdeps directory. It allows us to check for ELF_INITFINI in both C and assembler code, and skip DT_INIT and DT_FINI processing completely on newer architectures. A new header file is needed because <dl-machine.h> is incompatible with assembler code. <sysdep.h> is compatible with assembler code, but it cannot be included in all assembler files because on some architectures, it redefines register names, and some assembler files conflict with that. <elf-initfini.h> is replicated for legacy architectures which need DT_INIT/DT_FINI support. New architectures follow the generic default and disable it.
2020-02-15ld.so: Do not export free/calloc/malloc/realloc functions [BZ #25486]Florian Weimer
Exporting functions and relying on symbol interposition from libc.so makes the choice of implementation dependent on DT_NEEDED order, which is not what some compiler drivers expect. This commit replaces one magic mechanism (symbol interposition) with another one (preprocessor-/compiler-based redirection). This makes the hand-over from the minimal malloc to the full malloc more explicit. Removing the ABI symbols is backwards-compatible because libc.so is always in scope, and the dynamic loader will find the malloc-related symbols there since commit f0b2132b35248c1f4a80f62a2c38cddcc802aa8c ("ld.so: Support moving versioned symbols between sonames [BZ #24741]"). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-02-15elf: Extract _dl_sym_post, _dl_sym_find_caller_map from elf/dl-sym.cFlorian Weimer
The definitions are moved into a new file, elf/dl-sym-post.h, so that this code can be used by the dynamic loader as well. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-02-15elf: Introduce the rtld-stubbed-symbols makefile variableFlorian Weimer
This generalizes a mechanism used for stack-protector support, so that it can be applied to other symbols if required. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-02-12elf: avoid stack allocation in dl_open_workerDavid Kilroy
As the sort was removed, there's no need to keep a separate map of links. Instead, when relocating objects iterate over l_initfini directly. This allows us to remove the loop copying l_initfini elements into map. We still need a loop to identify the first and last elements that need relocation. Tested by running the testsuite on x86_64.
2020-02-12elf: avoid redundant sort in dlopenDavid Kilroy
l_initfini is already sorted by dependency in _dl_map_object_deps(), so avoid sorting again in dl_open_worker(). Tested by running the testsuite on x86_64.
2020-02-12elf: Allow dlopen of filter object to work [BZ #16272]David Kilroy
There are two fixes that are needed to be able to dlopen filter objects. First _dl_map_object_deps cannot assume that map will be at the beginning of l_searchlist.r_list[], as filtees are inserted before map. Secondly dl_open_worker needs to ensure that filtees get relocated. In _dl_map_object_deps: * avoiding removing relocation dependencies of map by setting l_reserved to 0 and otherwise processing the rest of the search list. * ensure that map remains at the beginning of l_initfini - the list of things that need initialisation (and destruction). Do this by splitting the copy up. This may not be required, but matches the initialization order without dlopen. Modify dl_open_worker to relocate the objects in new->l_inifini. new->l_initfini is constructed in _dl_map_object_deps, and lists the objects that need initialization and destruction. Originally the list of objects in new->l_next are relocated. All of these objects should also be included in new->l_initfini (both lists are populated with dependencies in _dl_map_object_deps). We can't use new->l_prev to pick up filtees, as during a recursive dlopen from an interposed malloc call, l->prev can contain objects that are not ready for relocation. Add tests to verify that symbols resolve to the filtee implementation when auxiliary and filter objects are used, both as a normal link and when dlopen'd. Tested by running the testsuite on x86_64.
2020-02-12elf.h: Add R_RISCV_IRELATIVEFangrui Song
The number has been officially assigned by https://github.com/riscv/riscv-elf-psabi-doc/pull/131 https://github.com/riscv/riscv-elf-psabi-doc/commit/d21ca40a7f56812a15e97450b7bc1599c0d35b82
2020-01-24Fix elf/tst-rtld-preload cross-testing.Joseph Myers
As noted in <https://sourceware.org/ml/libc-alpha/2019-06/msg00824.html>, elf/tst-rtld-preload fails when cross-testing because it attempts to run the test wrapper with itself. Unfortunately, that thread never resulted in a complete and correct patch for that test. This patch addresses the issues with that test more thoroughly. The test is changed not to use the wrapper twice, including updating the message it prints about the command it runs to be more complete and accurate after the change; the Makefile is changed not to pass the redundant '$(test-wrapper)' argument. Tested for Arm that this fixes the failure seen for that test in cross-testing.
2020-01-23Fix cross-testing of tst-ifunc-fault-* tests.Joseph Myers
The tests elf/tst-ifunc-fault-bindnow and elf/tst-ifunc-fault-lazy fail in cross-testing because they run the dynamic linker directly without using the test wrapper. This patch fixes them to use the test wrapper instead. Tested that this fixes the failure of those two tests for powerpc soft-float.
2020-01-17powerpc: Move cache line size to rtld_global_roTulio Magno Quites Machado Filho
GCC 10.0 enabled -fno-common by default and this started to point that __cache_line_size had been implemented in 2 different places: loader and libc. In order to avoid this duplication, the libc variable has been removed and the loader variable is moved to rtld_global_ro. File sysdeps/unix/sysv/linux/powerpc/dl-auxv.h has been added in order to reuse code for both static and dynamic linking scenarios. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-01-16elf: Add elf/tst-dlopenfail-2 [BZ #25396]Florian Weimer
Without CET, a jump into a newly loaded object through an overwritten link map often does not crash, it just executes some random code. CET detects this in some cases because the function pointer does not point to the start of a function in the replacement shared object, so there is no ENDBR instruction. The new test uses a small shared object and the existing dangling link map to trigger the bug. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-16Clear GL(dl_initfirst) when freeing its link_map memory [BZ# 25396]H.J. Lu
We should clear GL(dl_initfirst) when freeing its link_map memory. Tested on Fedora 31/x86-64 with CET. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2020-01-13Fix "elf: Add tst-ldconfig-ld_so_conf-update test" on 32bit.Stefan Liebler
This new test was introduced with recent commit 591236f1a33f11cc65ccf009d997071ba853e186. If run on 32bit, it fails while renaming tst-ldconfig-ld-mod.so as there is no /usr/lib64 directory. This patch is constructing the file name with help of support_libdir_prefix. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-09 elf: Add tst-ldconfig-ld_so_conf-update testAlexandra Hájková
Test ldconfig after /etc/ld.so.conf update and verify a running process observes changes to /etc/ld.so.cache. The test uses the test-in-container framework. Reviewed-by: Arjun Shankar <arjun@redhat.com>
2020-01-03elf: Move vDSO setup to rtld (BZ#24967)Adhemerval Zanella
This patch moves the vDSO setup from libc to loader code, just after the vDSO link_map setup. For static case the initialization is moved to _dl_non_dynamic_init instead. Instead of using the mangled pointer, the vDSO data is set as attribute_relro (on _rtld_global_ro for shared or _dl_vdso_* for static). It is read-only even with partial relro. It fixes BZ#24967 now that the vDSO pointer is setup earlier than malloc interposition is called. Also, vDSO calls should not be a problem for static dlopen as indicated by BZ#20802. The vDSO pointer would be zero-initialized and the syscall will be issued instead. Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, arm-linux-gnueabihf, powerpc64le-linux-gnu, powerpc64-linux-gnu, powerpc-linux-gnu, s390x-linux-gnu, sparc64-linux-gnu, and sparcv9-linux-gnu. I also run some tests on mips. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-03elf: Enable relro for static buildAdhemerval Zanella
The code is similar to the one at elf/dl-reloc.c, where it checks for the l_relro_size from the link_map (obtained from PT_GNU_RELRO header from program headers) and calls_dl_protected_relro. For testing I will use the ones proposed by Florian's patch 'elf: Add tests for working RELRO protection' [1]. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, aarch64-linux-gnu, s390x-linux-gnu, and sparc64-linux-gnu. I also check with --enable-static pie on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu which seems the only architectures where static PIE is actually working (as per 9d7a3741c9e, on arm-linux-gnueabihf, powerpc64{le}-linux-gnu, and s390x-linux-gnu I am seeing runtime issues not related to my patch). [1] https://sourceware.org/ml/libc-alpha/2019-10/msg00059.html Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-01-01Update copyright dates not handled by scripts/update-copyrights.Joseph Myers
I've updated copyright dates in glibc for 2020. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus libc.texinfo which previously had to be handled manually but is now successfully updated by update-copyrights), there is a fix to sysdeps/unix/sysv/linux/powerpc/bits/termios-c_lflag.h where a typo in the copyright notice meant it failed to be updated automatically. Please remember to include 2020 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
2020-01-01Update copyright dates with scripts/update-copyrights.Joseph Myers
2019-12-19Fix test isolation for elf/tst-ifunc-fault-lazy, elf/tst-ifunc-fault-bindnowFlorian Weimer
Previously, ld.so was invoked only with the elf subdirectory on the library search path. Since the soname link for libc.so only exists in the top-level build directory, this leaked the system libc into the test.
2019-12-16tunables: report sbrk() failureDJ Delorie
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-13dlopen: Do not block signalsFlorian Weimer
Blocking signals causes issues with certain anti-malware solutions which rely on an unblocked SIGSYS signal for system calls they intercept. This reverts commit a2e8aa0d9ea648068d8be52dd7b15f1b6a008e23 ("Block signals during the initial part of dlopen") and adds comments related to async signal safety to active_nodelete and its caller. Note that this does not make lazy binding async-signal-safe with regards to dlopen. It merely avoids introducing new async-signal-safety hazards as part of the NODELETE changes. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-13dlopen: Rework handling of pending NODELETE statusFlorian Weimer
Commit a2e8aa0d9ea648068d8be52dd7b15f1b6a008e23 ("Block signals during the initial part of dlopen") was deemed necessary because of read-modify-write operations like the one in add_dependency in elf/dl-lookup.c. In the old code, we check for any kind of NODELETE status and bail out: /* Redo the NODELETE check, as when dl_load_lock wasn't held yet this could have changed. */ if (map->l_nodelete != link_map_nodelete_inactive) goto out; And then set pending status (during relocation): if (flags & DL_LOOKUP_FOR_RELOCATE) map->l_nodelete = link_map_nodelete_pending; else map->l_nodelete = link_map_nodelete_active; If a signal arrives during relocation and the signal handler, through lazy binding, adds a global scope dependency on the same map, it will set map->l_nodelete to link_map_nodelete_active. This will be overwritten with link_map_nodelete_pending by the dlopen relocation code. To avoid such problems in relation to the l_nodelete member, this commit introduces two flags for active NODELETE status (irrevocable) and pending NODELETE status (revocable until activate_nodelete is invoked). As a result, NODELETE processing in dlopen does not introduce further reasons why lazy binding from signal handlers is unsafe during dlopen, and a subsequent commit can remove signal blocking from dlopen. This does not address pre-existing issues (unrelated to the NODELETE changes) which make lazy binding in a signal handler during dlopen unsafe, such as the use of malloc in both cases. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2019-12-13dlopen: Fix issues related to NODELETE handling and relocationsFlorian Weimer
The assumption behind the assert in activate_nodelete was wrong: Inconsistency detected by ld.so: dl-open.c: 459: activate_nodelete: Assertion `!imap->l_init_called || imap->l_type != lt_loaded' failed! (edit) It can happen that an already-loaded object that is in the local scope is promoted to NODELETE status, via binding to a unique symbol. Similarly, it is possible that such NODELETE promotion occurs to an already-loaded object from the global scope. This is why the loop in activate_nodelete has to cover all objects in the namespace of the new object. In do_lookup_unique, it could happen that the NODELETE status of an already-loaded object was overwritten with a pending NODELETE status. As a result, if dlopen fails, this could cause a loss of the NODELETE status of the affected object, eventually resulting in an incorrect unload. Fixes commit f63b73814f74032c0e5d0a83300e3d864ef905e5 ("Remove all loaded objects if dlopen fails, ignoring NODELETE [BZ #20839]").
2019-12-11ldconfig: Do not print a warning for a missing ld.so.conf fileFlorian Weimer
The configuration file is not needed for working system, so printing a warning is not helpful. Reviewed-by: Carlos O'Donell <carlos@redhat.com>