aboutsummaryrefslogtreecommitdiff
path: root/elf
AgeCommit message (Collapse)AuthorFilesLines
2023-10-20elf: ldconfig should skip temporary files created by package managersFlorian Weimer1-12/+27
This avoids crashes due to partially written files, after a package update is interrupted. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-10-19Add NT_PPC_DEXCR and NT_PPC_HASHKEYR from Linux 6.5 to elf.hJoseph Myers1-0/+2
Linux 6.5 adds constants NT_PPC_DEXCR and NT_PPC_HASHKEYR. Add these to glibc's elf.h. Tested for x86_64.
2023-10-18elf: Do not print the cache entry if --inhibit-cache is usedAdhemerval Zanella1-1/+2
So --help informs the correct shared library search path. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-10-18Revert "elf: Always call destructors in reverse constructor order (bug 30785)"Florian Weimer5-171/+173
This reverts commit 6985865bc3ad5b23147ee73466583dd7fdf65892. Reason for revert: The commit changes the order of ELF destructor calls too much relative to what applications expect or can handle. In particular, during process exit and _dl_fini, after the revert commit, we no longer call the destructors of the main program first; that only happens after some dlopen'ed objects have been destructed. This robs applications of an opportunity to influence destructor order by calling dlclose explicitly from the main program's ELF destructors. A couple of different approaches involving reverse constructor order were tried, and none of them worked really well. It seems we need to keep the dependency sorting in _dl_fini. There is also an ambiguity regarding nested dlopen calls from ELF constructors: Should those destructors run before or after the object that called dlopen? Commit 6985865bc3ad5b2314 used reverse order of the start of ELF constructor calls for destructors, but arguably using completion of constructors is more correct. However, that alone is not sufficient to address application compatibility issues (it does not change _dl_fini ordering at all).
2023-10-18Revert "elf: Fix compile error with -DNDEBUG [BZ #18755]"Florian Weimer1-1/+1
This reverts commit 964d15a007d7fb1258f2ad7c8cf4afcfb9a65719. Reason for revert: Conflicts with revert of commit 6985865bc3ad5b23147.
2023-10-02tunables: Terminate if end of input is reached (CVE-2023-4911)Siddhesh Poyarekar2-15/+39
The string parsing routine may end up writing beyond bounds of tunestr if the input tunable string is malformed, of the form name=name=val. This gets processed twice, first as name=name=val and next as name=val, resulting in tunestr being name=name=val:name=val, thus overflowing tunestr. Terminate the parsing loop at the first instance itself so that tunestr does not overflow. This also fixes up tst-env-setuid-tunables to actually handle failures correct and add new tests to validate the fix for this CVE. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-09-27elf: Fix compile error with -DNDEBUG [BZ #18755]Qingqing Li1-1/+1
Compilation fails when building with -DNDEBUG after commit a3189f66a5f2fe86568286fa025fa153be04c6c0. Here is the error: dl-close.c: In function ‘_dl_close_worker’: dl-close.c:140:22: error: unused variable ‘nloaded’ [-Werror=unused-variable] 140 | const unsigned int nloaded = ns->_ns_nloaded; Add __attribute_maybe_unused__ for‘nloaded’to fix it. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-09-27MIPS: Add relocation typesYing Huang1-1/+59
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-09-27MIPS: Add new section type SHT_MIPS_ABIFLAGSYing Huang1-0/+1
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-09-27MIPS: Add ELF file header flagsYing Huang1-1/+47
Now binutils use some E_MIPS_* macros and EF_MIPS_* macros, it is difficult to decide which style macro we should use when we want to add new ELF file header flags. IRIX used to use EF_MIPS_* macros and in elf/elf.h there also has comments "The following are unofficial names and should not be used". So we should use EF_MIPS_* to keep same style with the beginning. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-09-21elf: dl-lookup: Remove unused alloca.h includeJoe Simmons-Talbott1-1/+0
2023-09-08elf: Remove unused l_text_end field from struct link_mapFlorian Weimer4-16/+3
It is a left-over from commit 52a01100ad011293197637e42b5be1a479a2 ("elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]"). When backporting commmit 6985865bc3ad5b23147ee73466583dd7fdf65892 ("elf: Always call destructors in reverse constructor order (bug 30785)"), we can move the l_init_called_next field to this place, so that the internal GLIBC_PRIVATE ABI does not change. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2023-09-08elf: Always call destructors in reverse constructor order (bug 30785)Florian Weimer5-173/+171
The current implementation of dlclose (and process exit) re-sorts the link maps before calling ELF destructors. Destructor order is not the reverse of the constructor order as a result: The second sort takes relocation dependencies into account, and other differences can result from ambiguous inputs, such as cycles. (The force_first handling in _dl_sort_maps is not effective for dlclose.) After the changes in this commit, there is still a required difference due to dlopen/dlclose ordering by the application, but the previous discrepancies went beyond that. A new global (namespace-spanning) list of link maps, _dl_init_called_list, is updated right before ELF constructors are called from _dl_init. In dl_close_worker, the maps variable, an on-stack variable length array, is eliminated. (VLAs are problematic, and dlclose should not call malloc because it cannot readily deal with malloc failure.) Marking still-used objects uses the namespace list directly, with next and next_idx replacing the done_index variable. After marking, _dl_init_called_list is used to call the destructors of now-unused maps in reverse destructor order. These destructors can call dlopen. Previously, new objects do not have l_map_used set. This had to change: There is no copy of the link map list anymore, so processing would cover newly opened (and unmarked) mappings, unloading them. Now, _dl_init (indirectly) sets l_map_used, too. (dlclose is handled by the existing reentrancy guard.) After _dl_init_called_list traversal, two more loops follow. The processing order changes to the original link map order in the namespace. Previously, dependency order was used. The difference should not matter because relocation dependencies could already reorder link maps in the old code. The changes to _dl_fini remove the sorting step and replace it with a traversal of _dl_init_called_list. The l_direct_opencount decrement outside the loader lock is removed because it appears incorrect: the counter manipulation could race with other dynamic loader operations. tst-audit23 needs adjustments to the changes in LA_ACT_DELETE notifications. The new approach for checking la_activity should make it clearer that la_activty calls come in pairs around namespace updates. The dependency sorting test cases need updates because the destructor order is always the opposite order of constructor order, even with relocation dependencies or cycles present. There is a future cleanup opportunity to remove the now-constant force_first and for_fini arguments from the _dl_sort_maps function. Fixes commit 1df71d32fe5f5905ffd5d100e5e9ca8ad62 ("elf: Implement force_first handling in _dl_sort_maps_dfs (bug 28937)"). Reviewed-by: DJ Delorie <dj@redhat.com>
2023-09-01elf: Fix slow tls access after dlopen [BZ #19924]Szabolcs Nagy4-63/+70
In short: __tls_get_addr checks the global generation counter and if the current dtv is older then _dl_update_slotinfo updates dtv up to the generation of the accessed module. So if the global generation is newer than generation of the module then __tls_get_addr keeps hitting the slow dtv update path. The dtv update path includes a number of checks to see if any update is needed and this already causes measurable tls access slow down after dlopen. It may be possible to detect up-to-date dtv faster. But if there are many modules loaded (> TLS_SLOTINFO_SURPLUS) then this requires at least walking the slotinfo list. This patch tries to update the dtv to the global generation instead, so after a dlopen the tls access slow path is only hit once. The modules with larger generation than the accessed one were not necessarily synchronized before, so additional synchronization is needed. This patch uses acquire/release synchronization when accessing the generation counter. Note: in the x86_64 version of dl-tls.c the generation is only loaded once, since relaxed mo is not faster than acquire mo load. I have not benchmarked this. Tested by Adhemerval Zanella on aarch64, powerpc, sparc, x86 who reported that it fixes the performance issue of bug 19924. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-08-25elf: Check that --list-diagnostics output has the expected syntaxFlorian Weimer2-0/+312
Parts of elf/tst-rtld-list-diagnostics.py have been copied from scripts/tst-ld-trace.py. The abnf module is entirely optional and used to verify the ABNF grammar as included in the manual. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-08-22elf: Do not run constructors for proxy objectsFlorian Weimer1-2/+6
Otherwise, the ld.so constructor runs for each audit namespace and each dlmopen namespace.
2023-08-14LoongArch: elf: Add new LoongArch reloc types 109 into elf.hcaiyinyu1-0/+1
These reloc types are generated by GNU assembler >= 2.41 for relaxation support.
2023-08-14elf: Add new LoongArch reloc types (101 to 108) into elf.hXi Ruoyao1-0/+8
These reloc types are generated by GNU assembler >= 2.41 for relaxation support. Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=57a930e3 Signed-off-by: Xi Ruoyao <xry111@xry111.site>
2023-07-22Revert "MIPS: Sync elf.h from binutils"Andreas K. Hüttel1-137/+3
Leads to build failures (preprocessor redefinitions), and there is not enough time to address this properly. Deferred until after 2.38 release. This reverts commit 59dc07637fa1a693bd7599a98b0735697544077b. Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2023-07-22MIPS: Sync elf.h from binutilsYing Huang1-3/+137
Add new definitions for the MIPS target, specifically: relocation types, machine flags, section type names, and object attribute tags and values. On MIPS64, up to three relocations may be specified within r_info, by the r_type, r_type2, and r_type3 fields, so add new macros to get the respective reloc types for MIPS64.
2023-07-19Fix getting return address in elf/tst-audit28.c.Stefan Liebler1-6/+13
Starting with commit 1bcfe0f732066ae5336b252295591ebe7e51c301, the test was enhanced and the object for __builtin_return_address (0) is searched with _dl_find_object. Unfortunately on e.g. s390 (31bit), a postprocessing step is needed as the highest bit has to be masked out. This can be done with __builtin_extract_return_addr. Without this postprocessing, _dl_find_object returns with -1 and the content of dlfo is invalid, which may lead to segfaults in basename. Therefore those checks are now only done on success. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-07-12sparc: Fix la_symbind for bind-now (BZ 23734)Adhemerval Zanella3-7/+10
The sparc ABI has multiple cases on how to handle JMP_SLOT relocations, (sparc_fixup_plt/sparc64_fixup_plt). For BINDNOW, _dl_audit_symbind will be responsible to setup the final relocation value; while for lazy binding _dl_fixup/_dl_profile_fixup will call the audit callback and tail cail elf_machine_fixup_plt (which will call sparc64_fixup_plt). This patch fixes by issuing the SPARC specific routine on bindnow and forwarding the audit value to elf_machine_fixup_plt for lazy resolution. It fixes the la_symbind for bind-now tests on sparc64 and sparcv9: elf/tst-audit24a elf/tst-audit24b elf/tst-audit24c elf/tst-audit24d Checked on sparc64-linux-gnu and sparcv9-linux-gnu. Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
2023-07-07elf: _dl_find_object may return 1 during early startup (bug 30515)Florian Weimer2-1/+12
Success is reported with a 0 return value, and failure is -1. Enhance the kitchen sink test elf/tst-audit28 to cover _dl_find_object as well. Fixes commit 5d28a8962dcb ("elf: Add _dl_find_object function") and bug 30515. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
2023-07-05Allow glibc to be built with _FORTIFY_SOURCEFrédéric Bérat1-1/+1
Add --enable-fortify-source option. It is now possible to enable fortification through a configure option. The level may be given as parameter, if none is provided, the configure script will determine what is the highest level possible that can be set considering GCC built-ins availability and set it. If level is explicitly set to 3, configure checks if the compiler supports the built-in function necessary for it or raise an error if it isn't. If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is forcibly undefined (and therefore disabled). The result of the configure checks are new variables, ${fortify_source} and ${no_fortify_source} that can be used to appropriately populate CFLAGS. A dedicated patch will follow to make use of this variable in Makefiles when necessary. Updated NEWS and INSTALL. Adding dedicated x86_64 variant that enables the configuration. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-30ld.so: Always use MAP_COPY to map the first segment [BZ #30452]H.J. Lu1-1/+1
The first segment in a shared library may be read-only, not executable. To support LD_PREFER_MAP_32BIT_EXEC on such shared libraries, we also check MAP_DENYWRITE to decide if MAP_32BIT should be passed to mmap. Normally the first segment is mapped with MAP_COPY, which is defined as (MAP_PRIVATE | MAP_DENYWRITE). But if the segment alignment is greater than the page size, MAP_COPY isn't used to allocate enough space to ensure that the segment can be properly aligned. Map the first segment with MAP_COPY in this case to fix BZ #30452.
2023-06-26elf: Update list of RISC-V relocationsAndreas Schwab1-1/+4
2023-06-26elf: Port ldconfig away from stack-allocated pathsSergey Bugaev1-37/+22
ldconfig was allocating PATH_MAX bytes on the stack for the library file name. The issues with PATH_MAX usage are well documented [0][1]; even if a program does not rely on paths being limited to PATH_MAX bytes, allocating 4096 bytes on the stack for paths that are typically rather short (strlen ("/lib64/libc.so.6") is 16) is wasteful and dangerous. [0]: https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html [1]: https://eklitzke.org/path-max-is-tricky Instead, make use of asprintf to dynamically allocate memory of just the right size on the heap. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Florian Weimer <fweimer@redhat.com> Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-06-19tests: replace system by xsystemFrédéric Bérat1-1/+4
With fortification enabled, system calls return result needs to be checked, has it gets the __wur macro enabled. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-06-02elf: Sort Makefile variables.Carlos O'Donell1-1/+1
Sort Makefile variables using scrips/sort-makefile-lines.py. No code generation changes observed in non-test binary artifacts. No regressions on x86_64 and i686. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-06-02Fix a few more typos I missed in previous round -- BZ 25337Paul Pluzhnikov1-1/+1
2023-05-31elf: Remove spurios SHARED conditional from elf/rtld.cFlorian Weimer1-2/+0
elf/rtld.c is only ever built in SHARED mode.
2023-05-30elf: Make more functions available for binding during dlclose (bug 30425)Florian Weimer5-2/+159
Previously, after destructors for a DSO have been invoked, ld.so refused to bind against that DSO in all cases. Relax this restriction somewhat if the referencing object is itself a DSO that is being unloaded. This assumes that the symbol reference is not going to be stored anywhere. The situation in the test case can arise fairly easily with C++ and objects that are built with different optimization levels and therefore define different functions with vague linkage. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-05-29Fix misspellings in elf/ -- BZ 25337Paul Pluzhnikov31-52/+52
Applying this commit results in bit-identical libc.so.6. The elf/ld-linux-x86-64.so.2 does change, but only in .note.gnu.build-id Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-05-26Add AT_RSEQ_* from Linux 6.3 to elf.hJoseph Myers1-0/+3
Linux 6.3 adds constants AT_RSEQ_FEATURE_SIZE and AT_RSEQ_ALIGN; add them to glibc's elf.h. (Recall that, although elf.h is a system-independent header, so far we've put AT_* constants there even if Linux-specific, as discussed in bug 15794. So rather than making any attempt to fix that issue, the new constants are just added there alongside the existing ones.) Tested for x86_64.
2023-05-25elf: add test for dl-printfRoy Eldar2-0/+79
This patch checks _dl_debug_vdprintf, by passing various inputs to _dl_dprintf and comparing the output with invocations of snprintf. Signed-off-by: Roy Eldar <royeldar0@gmail.com> Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-05-25elf: fix handling of negative numbers in dl-printfRoy Eldar1-3/+10
_dl_debug_vdprintf is a bare-bones printf implementation; currently printing a signed integer (using "%d" format specifier) behaves incorrectly when the number is negative, as it just prints the corresponding unsigned integer, preceeded by a minus sign. For example, _dl_printf("%d", -1) would print '-4294967295'. Signed-off-by: Roy Eldar <royeldar0@gmail.com> Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-05-25elf: Update comment in open_pathSiddhesh Poyarekar1-6/+5
f55727ca53308a206cf00d0442f8c57c73761899 updated open_path to use the r_search_path_struct struct but failed to update the comment. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-05-25elf: Add test for locating libraries in root dir (bug 30435)Qixing ksyx Xue5-0/+64
When dlopen is being called, efforts have been made to improve future lookup performance. This includes marking a search path as non-existent using `stat`. However, if the root directory is given as a search path, there exists a bug which erroneously marks it as non-existing. The bug is reproduced under the following sequence: 1. dlopen is called to open a shared library, with at least: 1) a dependency 'A.so' not directly under the '/' directory (e.g. /lib/A.so), and 2) another dependency 'B.so' resides in '/'. 2. for this bug to reproduce, 'A.so' should be searched *before* 'B.so'. 3. it first tries to find 'A.so' in /, (e.g. /A.so): - this will (obviously) fail, - since it's the first time we have seen the '/' directory, its 'status' is 'unknown'. 4. `buf[buflen - namelen - 1] = '\0'` is executed: - it intends to remove the leaf and its final slash, - because of the speciality of '/', its buflen == namelen + 1, - it erroneously clears the entire buffer. 6. it then calls 'stat' with the empty buffer: - which will result in an error. 7. so it marks '/' as 'nonexisting', future lookups will not consider this path. 8. while /B.so *does* exist, failure to look it up in the '/' directory leads to a 'cannot open shared object file' error. This patch fixes the bug by preventing 'buflen', an index to put '\0', from being set to 0, so that the root '/' is always kept. Relative search paths are always considered as 'existing' so this wont be affected. Writeup by Moody Liu <mooodyhunter@outlook.com> Suggested-by: Carlos O'Donell <carlos@redhat.com> Signed-off-by: Qixing ksyx Xue <qixingxue@outlook.com> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-05-25rtld: properly handle root directory in load path (bug 30435)Andreas Schwab1-1/+1
Don't strip the trailing slash when checking for existence of a load path element to handle the special case of the root directory.
2023-05-18elf: Adjust tests in Makefile.Carlos O'Donell1-10/+10
Sort tests against updated scripts/sort-makefile-lines.py. No changes in generated code. No regressions on x86_64 and i686. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-05-16elf: Reformat Makefile.Carlos O'Donell1-35/+35
Fix list terminator whitspace. Sort using scripts/sort-makefile-lines.py. No code generation changes observed in binary artifacts. No regressions on x86_64 and i686.
2023-05-09dlopen: skip debugger notification for DSO loaded from sprof (bug 30258)Andreas Schwab5-0/+105
Avoid inconsistent state in the debugger interface.
2023-05-07Revert "riscv: Resolve symbols directly for symbols with STO_RISCV_VARIANT_CC."Florian Weimer1-7/+0
This reverts commit 117e8b341c5c0ace8d65feeef136fececb3fdc9c. Reason for revert: Causes elf/tst-glibcelf and elf/tst-relro-* to fail on all architectures.
2023-04-28riscv: Resolve symbols directly for symbols with STO_RISCV_VARIANT_CC.Hsiangkai Wang1-0/+7
In some cases, we do not want to go through the resolver for function calls. For example, functions with vector arguments will use vector registers to pass arguments. In the resolver, we do not save/restore the vector argument registers for lazy binding efficiency. To avoid ruining the vector arguments, functions with vector arguments will not go through the resolver. To achieve the goal, we will annotate the function symbols with STO_RISCV_VARIANT_CC flag and add DT_RISCV_VARIANT_CC tag in the dynamic section. In the first pass on PLT relocations, we do not set up to call _dl_runtime_resolve. Instead, we resolve the functions directly. Signed-off-by: Hsiangkai Wang <kai.wang@sifive.com> Signed-off-by: Vincent Chen <vincent.chen@sifive.com> Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com> Acked-by: Palmer Dabbelt <palmer@rivosinc.com> Link: https://inbox.sourceware.org/libc-alpha/20230314162512.35802-1-kito.cheng@sifive.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2023-04-28elf.h: add PT_GNU_SFRAMEIndu Bhagat1-0/+1
Support for SFrame format is available in Binutils 2.40. The GNU ld merges the input .sframe sections and creates an output .sframe section in a segment PT_GNU_SFRAME.
2023-04-22Use O_CLOEXEC in more places (BZ #15722)Sergey Bugaev1-1/+2
When opening a temporary file without O_CLOEXEC we risk leaking the file descriptor if another thread calls (fork and then) exec while we have the fd open. Fix this by consistently passing O_CLOEXEC everywhere where we open a file for internal use (and not to return it to the user, in which case the API defines whether or not the close-on-exec flag shall be set on the returned fd). Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230419160207.65988-4-bugaevc@gmail.com>
2023-03-29Remove --enable-tunables configure optionAdhemerval Zanella Netto11-122/+17
And make always supported. The configure option was added on glibc 2.25 and some features require it (such as hwcap mask, huge pages support, and lock elisition tuning). It also simplifies the build permutations. Changes from v1: * Remove glibc.rtld.dynamic_sort changes, it is orthogonal and needs more discussion. * Cleanup more code. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2023-03-27elf: Take into account ${sysconfdir} in elf/tst-ldconfig-p.shRomain Geissler2-6/+7
Take into account ${sysconfdir} in elf/tst-ldconfig-p.sh. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-03-27Fix tst-glibc-hwcaps-prepend-cache with custom configure prefix valueRomain Geissler1-3/+7
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2023-03-27Fix tst-ldconfig-ld_so_conf-update with custom configure prefix valueRomain Geissler1-5/+8
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>