d5144c30f4
details: - elf: Handle static PIE with non-zero load address - elf: Introduce _dl_relocate_object_no_relro - elf: Switch to main malloc after final ld.so self-relocation
218 lines
6.7 KiB
Diff
218 lines
6.7 KiB
Diff
From c1560f3f75c0e892b5522c16f91b4e303f677094 Mon Sep 17 00:00:00 2001
|
|
From: Florian Weimer <fweimer@redhat.com>
|
|
Date: Wed, 6 Nov 2024 10:33:44 +0100
|
|
Subject: [PATCH] elf: Switch to main malloc after final ld.so self-relocation
|
|
|
|
Before commit ee1ada1bdb8074de6e1bdc956ab19aef7b6a7872
|
|
("elf: Rework exception handling in the dynamic loader
|
|
[BZ #25486]"), the previous order called the main calloc
|
|
to allocate a shadow GOT/PLT array for auditing support.
|
|
This happened before libc.so.6 ELF constructors were run, so
|
|
a user malloc could run without libc.so.6 having been
|
|
initialized fully. One observable effect was that
|
|
environ was NULL at this point.
|
|
|
|
It does not seem to be possible at present to trigger such
|
|
an allocation, but it seems more robust to delay switching
|
|
to main malloc after ld.so self-relocation is complete.
|
|
The elf/tst-rtld-no-malloc-audit test case fails with a
|
|
2.34-era glibc that does not have this fix.
|
|
|
|
Reviewed-by: DJ Delorie <dj@redhat.com>
|
|
---
|
|
elf/Makefile | 9 ++++
|
|
elf/dl-support.c | 3 +-
|
|
elf/rtld.c | 26 +++++------
|
|
elf/tst-rtld-no-malloc-audit.c | 1 +
|
|
elf/tst-rtld-no-malloc-preload.c | 1 +
|
|
elf/tst-rtld-no-malloc.c | 76 ++++++++++++++++++++++++++++++++
|
|
6 files changed, 100 insertions(+), 16 deletions(-)
|
|
create mode 100644 elf/tst-rtld-no-malloc-audit.c
|
|
create mode 100644 elf/tst-rtld-no-malloc-preload.c
|
|
create mode 100644 elf/tst-rtld-no-malloc.c
|
|
|
|
diff --git a/elf/Makefile b/elf/Makefile
|
|
index cebc4a2a..ea98cba8 100644
|
|
--- a/elf/Makefile
|
|
+++ b/elf/Makefile
|
|
@@ -435,6 +435,9 @@ tests += \
|
|
tst-p_align3 \
|
|
tst-relsort1 \
|
|
tst-ro-dynamic \
|
|
+ tst-rtld-no-malloc \
|
|
+ tst-rtld-no-malloc-audit \
|
|
+ tst-rtld-no-malloc-preload \
|
|
tst-rtld-run-static \
|
|
tst-single_threaded \
|
|
tst-single_threaded-pthread \
|
|
@@ -3038,3 +3041,9 @@ CFLAGS-tst-tlsgap-mod0.c += -mtls-dialect=gnu2
|
|
CFLAGS-tst-tlsgap-mod1.c += -mtls-dialect=gnu2
|
|
CFLAGS-tst-tlsgap-mod2.c += -mtls-dialect=gnu2
|
|
endif
|
|
+
|
|
+# Reuse an audit module which provides ample debug logging.
|
|
+tst-rtld-no-malloc-audit-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so
|
|
+
|
|
+# Any shared object should do.
|
|
+tst-rtld-no-malloc-preload-ENV = LD_PRELOAD=$(objpfx)tst-auditmod1.so
|
|
diff --git a/elf/dl-support.c b/elf/dl-support.c
|
|
index 44a54dea..5b7f4af2 100644
|
|
--- a/elf/dl-support.c
|
|
+++ b/elf/dl-support.c
|
|
@@ -345,8 +345,7 @@ _dl_non_dynamic_init (void)
|
|
call_function_static_weak (_dl_find_object_init);
|
|
|
|
/* Setup relro on the binary itself. */
|
|
- if (_dl_main_map.l_relro_size != 0)
|
|
- _dl_protect_relro (&_dl_main_map);
|
|
+ _dl_protect_relro (&_dl_main_map);
|
|
}
|
|
|
|
#ifdef DL_SYSINFO_IMPLEMENTATION
|
|
diff --git a/elf/rtld.c b/elf/rtld.c
|
|
index 87459ca7..558733b8 100644
|
|
--- a/elf/rtld.c
|
|
+++ b/elf/rtld.c
|
|
@@ -2346,30 +2346,28 @@ dl_main (const ElfW(Phdr) *phdr,
|
|
|
|
if (rtld_multiple_ref)
|
|
{
|
|
- /* There was an explicit ref to the dynamic linker as a shared lib.
|
|
- Re-relocate ourselves with user-controlled symbol definitions.
|
|
-
|
|
- We must do this after TLS initialization in case after this
|
|
- re-relocation, we might call a user-supplied function
|
|
- (e.g. calloc from _dl_relocate_object) that uses TLS data. */
|
|
|
|
/* Set up the object lookup structures. */
|
|
_dl_find_object_init ();
|
|
|
|
- /* The malloc implementation has been relocated, so resolving
|
|
- its symbols (and potentially calling IFUNC resolvers) is safe
|
|
- at this point. */
|
|
- __rtld_malloc_init_real (main_map);
|
|
-
|
|
/* Likewise for the locking implementation. */
|
|
__rtld_mutex_init ();
|
|
|
|
+ /* Re-relocate ourselves with user-controlled symbol definitions. */
|
|
+
|
|
RTLD_TIMING_VAR (start);
|
|
rtld_timer_start (&start);
|
|
|
|
- /* Mark the link map as not yet relocated again. */
|
|
- GL(dl_rtld_map).l_relocated = 0;
|
|
- _dl_relocate_object (&GL(dl_rtld_map), main_map->l_scope, 0, 0);
|
|
+ _dl_relocate_object_no_relro (&GL(dl_rtld_map), main_map->l_scope, 0, 0);
|
|
+
|
|
+
|
|
+ /* The malloc implementation has been relocated, so resolving
|
|
+ * its symbols (and potentially calling IFUNC resolvers) is safe
|
|
+ * at this point. */
|
|
+ __rtld_malloc_init_real (main_map);
|
|
+
|
|
+ if (GL(dl_rtld_map).l_relro_size != 0)
|
|
+ _dl_protect_relro (&GL(dl_rtld_map));
|
|
|
|
rtld_timer_accum (&relocate_time, start);
|
|
}
|
|
diff --git a/elf/tst-rtld-no-malloc-audit.c b/elf/tst-rtld-no-malloc-audit.c
|
|
new file mode 100644
|
|
index 00000000..a028377a
|
|
--- /dev/null
|
|
+++ b/elf/tst-rtld-no-malloc-audit.c
|
|
@@ -0,0 +1 @@
|
|
+#include "tst-rtld-no-malloc.c"
|
|
diff --git a/elf/tst-rtld-no-malloc-preload.c b/elf/tst-rtld-no-malloc-preload.c
|
|
new file mode 100644
|
|
index 00000000..a028377a
|
|
--- /dev/null
|
|
+++ b/elf/tst-rtld-no-malloc-preload.c
|
|
@@ -0,0 +1 @@
|
|
+#include "tst-rtld-no-malloc.c"
|
|
diff --git a/elf/tst-rtld-no-malloc.c b/elf/tst-rtld-no-malloc.c
|
|
new file mode 100644
|
|
index 00000000..5f24d4bd
|
|
--- /dev/null
|
|
+++ b/elf/tst-rtld-no-malloc.c
|
|
@@ -0,0 +1,76 @@
|
|
+/* Test that program loading does not call malloc.
|
|
+ Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <https://www.gnu.org/licenses/>. */
|
|
+
|
|
+
|
|
+#include <string.h>
|
|
+#include <unistd.h>
|
|
+
|
|
+static void
|
|
+print (const char *s)
|
|
+{
|
|
+ const char *end = s + strlen (s);
|
|
+ while (s < end)
|
|
+ {
|
|
+ ssize_t ret = write (STDOUT_FILENO, s, end - s);
|
|
+ if (ret <= 0)
|
|
+ _exit (2);
|
|
+ s += ret;
|
|
+ }
|
|
+}
|
|
+
|
|
+static void __attribute__ ((noreturn))
|
|
+unexpected_call (const char *function)
|
|
+{
|
|
+ print ("error: unexpected call to ");
|
|
+ print (function);
|
|
+ print ("\n");
|
|
+ _exit (1);
|
|
+}
|
|
+
|
|
+/* These are the malloc functions implement in elf/dl-minimal.c. */
|
|
+
|
|
+void
|
|
+free (void *ignored)
|
|
+{
|
|
+ unexpected_call ("free");
|
|
+}
|
|
+
|
|
+void *
|
|
+calloc (size_t ignored1, size_t ignored2)
|
|
+{
|
|
+ unexpected_call ("calloc");
|
|
+}
|
|
+
|
|
+void *
|
|
+malloc (size_t ignored)
|
|
+{
|
|
+ unexpected_call ("malloc");
|
|
+}
|
|
+
|
|
+void *
|
|
+realloc (void *ignored1, size_t ignored2)
|
|
+{
|
|
+ unexpected_call ("realloc");
|
|
+}
|
|
+
|
|
+int
|
|
+main (void)
|
|
+{
|
|
+ /* Do not use the test wrapper, to avoid spurious malloc calls from it. */
|
|
+ return 0;
|
|
+}
|
|
--
|
|
2.27.0
|
|
|