From 9ffa50b26b0cb5d3043adf6d3d0b1ea735acc147 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 11 Dec 2020 17:30:03 +0100 Subject: [PATCH] elf: Include libc.so.6 as main program in dependency sort (bug 20972) _dl_map_object_deps always sorts the initially loaded object first during dependency sorting. This means it is relocated last in dl_open_worker. This results in crashes in IFUNC resolvers without lazy bindings if libraries are preloaded that refer to IFUNCs in libc.so.6: the resolvers are called when libc.so.6 has not been relocated yet, so references to _rtld_global_ro etc. crash. The fix is to check against the libc.so.6 link map recorded by the __libc_early_init framework, and let it participate in the dependency sort. This fixes bug 20972. Reviewed-by: Carlos O'Donell --- elf/Makefile | 2 +- elf/dl-deps.c | 7 ++++++- elf/tst-preload-pthread-libc.c | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 elf/tst-preload-pthread-libc.c diff --git a/elf/Makefile b/elf/Makefile index 66ffbdd..0b4d78c 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -229,7 +229,7 @@ tests-internal += loadtest unload unload2 circleload1 \ tst-ptrguard1 tst-stackguard1 tst-libc_dlvsym \ tst-create_format1 tst-tls-surplus tst-dl-hwcaps_split tests-container += tst-pldd tst-dlopen-tlsmodid-container \ - tst-dlopen-self-container + tst-dlopen-self-container tst-preload-pthread-libc test-srcs = tst-pathopt selinux-enabled := $(shell cat /selinux/enforce 2> /dev/null) ifneq ($(selinux-enabled),1) diff --git a/elf/dl-deps.c b/elf/dl-deps.c index b5a4323..7a8d8ce 100644 --- a/elf/dl-deps.c +++ b/elf/dl-deps.c @@ -611,7 +611,12 @@ Filters not supported with LD_TRACE_PRELINKING")); memcpy (l_initfini, map->l_searchlist.r_list, nlist * sizeof (struct link_map *)); - _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false); + /* If libc.so.6 is the main map, it participates in the sort, so + that the relocation order is correct regarding libc.so.6. */ + if (l_initfini[0] == GL (dl_ns)[l_initfini[0]->l_ns].libc_map) + _dl_sort_maps (l_initfini, nlist, NULL, false); + else + _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false); /* Terminate the list of dependencies. */ l_initfini[nlist] = NULL; diff --git a/elf/tst-preload-pthread-libc.c b/elf/tst-preload-pthread-libc.c new file mode 100644 index 0000000..48cb512 --- /dev/null +++ b/elf/tst-preload-pthread-libc.c @@ -0,0 +1,36 @@ +/* Test relocation ordering if the main executable is libc.so.6 (bug 20972). + Copyright (C) 2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +int +main (void) +{ + char *libc = xasprintf ("%s/%s", support_slibdir_prefix, LIBC_SO); + char *argv[] = { libc, NULL }; + char *envp[] = { (char *) "LD_PRELOAD=" LIBPTHREAD_SO, + /* Relocation ordering matters most without lazy binding. */ + (char *) "LD_BIND_NOW=1", + NULL }; + execve (libc, argv, envp); + printf ("execve of %s failed: %m\n", libc); + return 1; +} -- 2.7.4