for the mapping by the object' file with the protection and mode of
the first loadable segment over the whole region. Then, it maps other
segments at the appropriate addresses inside the region.
On amd64, due to default alignment of the segments being 1Gb, the
subsequent segment mappings leave the holes in the region, that usually
contain mapping of the object' file past eof. Such mappings prevent
wiring of the address space, because the pages cannot be faulted in.
Change the way the mapping of the ELF objects is constructed, by first
mapping PROT_NONE anonymous memory over the whole range, and then
mapping the segments of the object over it. Take advantage of this new
order and allocate .bss by changing the protection of the range instead
of remapping.
Note that we cannot simply keep the holes between segments, because
other mappings may be made there. Among other issues, when the dso is
unloaded, rtld unmaps the whole region, deleting unrelated mappings.
The kernel ELF image activator does put the holes between segments, but
this is not critical for now because kernel loads only executable image
and interpreter, both cannot be unloaded. This will be fixed later, if
needed.
Reported and tested by: Hans Ottevanger <fbsdhackers beasties demon nl>
Suggested and reviewed by: kan, alc
dlfunc() called dlsym() to do the work, and dlsym() determines the dso
that originating the call by the return address. Due to this, dlfunc()
operated as if the caller is always the libc.
To fix this, move the dlfunc() to rtld, where it can call the internal
implementation of dlsym, and still correctly fetch return address.
Provide usual weak stub for the symbol from libc for static binaries.
dlfunc is put to FBSD_1.0 symver namespace in the ld.so export to
override dlfunc@FBSD_1.0 weak symbol, exported by libc.
Reported, analyzed and tested by: Tijl Coosemans <tijl ulyssis org>
PR: standards/133339
Reviewed by: kan
the rtld hints file. This environment variable would be unset if the
process is considered as tainted with setuid/setgid. This feature gives
a convenient way of using a custom set of shared library that is not
located in the default location and switch back.
Feature requested by: iXsystems
Original patch by: John Hixson
MFC after: 2 weeks
soneeded pathes. The $ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens
are supported. Enabling the substitution requires DF_ORIGIN flag in
DT_FLAGS or DF_1_ORIGIN if DF_FLAGS_1, that may be set with -z origin
gnu ld flag. Translation is unconditionally disabled for setuid/setgid
processes.
The $ORIGIN translation relies on the AT_EXECPATH auxinfo supplied
by kernel.
Requested by: maho
Tested by: maho, pho
Reviewed by: kan
does not use any external symbols, thus avoiding possible recursion into
rtld to resolve symbols, when called.
Reviewed by: kan, davidxu
Tested by: rink
MFC after: 1 month
Threading library calls _pre before the fork, allowing the rtld to
lock itself to ensure that other threads of the process are out of
dynamic linker. _post releases the locks.
This allows the rtld to have consistent state in the child. Although
child may legitimately call only async-safe functions, the call may
need plt relocation resolution, and this requires working rtld.
Reported and debugging help by: rink
Reviewed by: kan, davidxu
MFC after: 1 month (anyway, not before 7.1 is out)
derivitive of NetBSD's mips_reloc.c, so pull in the copyright notice
from there.
Also, a minor tweak to load/store pointers. Other changes from NetBSD
likely would be useful too...
Obtained from: NetBSD
from working.
From p4 filelog of the upstream file in p4
//depot/projects/mips2-jnpr/src/libexec/rtld-elf/mips/reloc.c
... #6 change 140737 edit on 2008/04/27 by gonzo@gonzo_jeeves (text+ko)
o Looks like handler for R_MIPS_REL32 brought by CS 137942
is broken for tradmips. Code from NetBSD's
libexec/ld.elf_so/arch/mips/mips_reloc.c works just fine.
... #3 change 137942 edit on 2008/03/17 by rrs@rrs-mips2-jnpr (text+ko)
Any relocation symbol lookup if its 0. It looks like
this is the way the compiler indicates you need to
look in another shared library. When we hit these
as we relocate a object we will do the symbol
lookups and setup the relocation table with the
right value.
Submitted by: rrs@, gonzo@
bit flag, otherwise if a thread acquired a lock, another thread
or the current thread itself can no longer acquire another lock
because thread_mask_set() return whole flag word, this results
bit leaking in the word and misbehavior in later locking and
unlocking.
contexts as rtld's malloc is not thread safe and is only supposed to be
called with exclusive bind lock already held.
The originating PR submitted a patch on top of different pre-requisite
workaroud for unsafe dlopen calls, and the patch was midief slighlty to apply
to stock sources for the purpose of this commit. Running rtld malloc from
unlocked contexts is a bug on its own.
PR: 126950
Submited by: Oleg Dolgov
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
programs.
From the PR description:
The gcc runtime's _Unwind_Find_FDE function, invoked during exception
handling's stack unwinding, is not safe to execute from within multiple
threads. FreeBSD' s dl_iterate_phdr() however permits multiple threads
to pass through it though. The result is surprisingly reliable infinite
looping of one or more threads if they just happen to be unwinding at
the same time.
Introduce the new lock that is write locked around the dl_iterate_pdr,
thus providing required exclusion for the stack unwinders.
PR: threads/123062
Submitted by: Andy Newman <an at atrn org>
Reviewed by: kan
MFC after: 2 weeks
This code came from the merged mips2 and Juniper mips repositories.
Warner Losh, Randall Seager, Oleksandr Tymoshenko and Olivier Houchard
worked to merge, debug and integrate this code. This code may also
contain code derived from NetBSD.
sparc64, use ANSI function headers and specifically indicate the lack of
arguments with 'void'. Otherwise, warnings are generated at WARNS=3 for
libkse, leading to a compile failure with -Werror.
in the way we implement handling of relocations.
As for the kernel part this fixes the loading of lots of modules,
which failed to load due to unresolvable symbols when built after
the GCC 4.2.0 import. This wasn't due to a change in GCC itself
though but one of several changes in configuration done along the
import. Specfically, HAVE_AS_REGISTER_PSEUDO_OP, which causes GCC
to denote global registers used for scratch purposes and in turn
GAS uses R_SPARC_OLO10 relocations for, is now defined.
While at it replace some more ELF_R_TYPE which should have been
ELF64_R_TYPE_ID but didn't cause problems so far.
- Sync a sanity check between kernel and rtld(1) and change it to be
maintenance free regarding the type used for the lookup table.
- Sprinkle const on lookup tables.
- Use __FBSDID.
Reported and tested by: yongari
MFC after: 5 days
itself. It needs mmap(2), which now needs getosreldate(3) and
which in turn uses a global variable to cache the result. This
cannot be done before linking is done.
See also: ../sparc64/reloc.c:1.15
Approved by: re (kensmith)
potentially dangerous environment variables all together. It should be
noted that the run-time linker will not honnor these environment variables
if the process is tainted currently. However, once a child of the tainted
process calls setuid(2), it's status as being tainted (as defined by
issetugid(2)) will be removed. This could be problematic because
subsequent activations of the run-time linker could honnor these
dangerous variables.
This is more of an anti foot-shot mechanism, there is nothing I am
aware of in base that does this, however there may be third party
utilities which do, and there is no real negative impact of clearing
these environment variables.
Discussed on: secteam
Reviewed by: cperciva
PR: kern/109836
MFC after: 2 weeks
symbol lookup failures that later result in null-pointer
dereferences. This needs looking into, but since we're
close to release it's possible that it's not resolved before
that time.
Warning, after symbol versioning is enabled, going back is not easy
(use WITHOUT_SYMVER at your own risk).
Change the default thread library to libthr.
There most likely still needs to be a version bump for at least the
thread libraries. If necessary, this will happen later.
to override weak symbols exported by libc, so by definition these two
are using the same symbol version names.
Reflect the reality by referring to libc's Versions.def directly.
main object list, its versioning information needs to be examined
separately.
This hopefully fixes problems that people running with SYMVER_ENABLED
are experiencing.
activate the traces, set the LD_UTRACE (or LD_32_UTRACE) environment
variable. This also includes code in kdump(8) to parse the traces.
Reviewed by: kan, jdp
MFC after: 2 weeks
dso that are actually loading. If dso a.so depends on b.so, then dlsym
with handle from dlopen("b.so") will fail unconditionally.
Correct implementation shall use the Obj_Entry.needed list to walk
dependencies DAG.
Test provided by: jkim
Tested (prev. version) by: jkim, Nicolas Blais <nb_root at videotron ca>, h.blanke at chello nl
Pointy hat to: kib
Approved by: kan (mentor)