time ago, but for some reason it was not. Basically, without this change
dlopen(3)'ing an empty .so file would just cause application to dump core
with SIGSEGV.
Make sure the file has enough data for at least the ELF header before
mmap'ing it.
Add a test case to check that dlopen an empty file return an error.
There were a separate discussion as to whether it should be SIGBUS
instead when you try to access region mapped from an empty file,
but it's definitely SIGSEGV now, so if anyone want to check that please
be my guest.
Reviewed by: mjg, cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D5112
The dl_iterate_phdr consumer code in libgcc does not expect multiple
callbacks running concurrently. This was fixed once already in r178807,
but accidentally got reverted in r294373.
phdr locks locked. This allows to call rtld services from the
callback, which is only reasonable for dlopen(path, RTLD_NOLOAD) to
test existence of the library in the image, and for dlsym(). The
later might still be not quite safe, due to the lazy resolution of
filters.
To allow dropping the locks around iteration in dl_iterate_phdr(3), we
insert markers to track current position between relocks. The global
objects list is converted to tailq and all iterators skip markers,
globallist_next() and globallist_curr() helpers are added.
Reported and tested by: davide
Reviewed by: kan
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
transition mechanism, if we don't have /usr/libsoft, assume that soft
float ABI binaries are the default, so treat them as default binaries.
When we've fully transitioned, it will make no sense to do this stat,
and it will be removed.
stackpointer. Userland expects the kernel to pass it an aligned sp and
pass a pointer to the arguments in x0. The kernel side was updated in
r289502, 3 months ago.
Sponsored by: ABT Systems Ltd
MIPS has/had a read-only DYNAMIC segment, and uses an extra level of
indirection (through MIPS_RLD_MAP) to locate the debugger rendezvous
data.
Some linkers (e.g. LLVM's lld) may produce MIPS binaries with a writable
DYNAMIC segment, which would allow us to eventually drop a special case.
Therefore, instead of hardcoding knowledge that DYNAMIC is not writable
on MIPS just check the permissions on the segment.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D4791
for the environment variables we look up at runtime. Otherwise,
there's no way they will change, optimize it at compile time.
Differential Review: https://reviews.freebsd.org/D2718
allow later substitution at run time instead of compile time of the
environment variable name prefix.
Differential Review: https://reviews.freebsd.org/D2718
the malloc() + memset() in the local implementation of calloc() into a call
to calloc(), helpfully turning it into an infinite loop. Clean up some
unneeded flags on PPC64 while here.
MFC after: 1 month
"don't know how to make /Versions.def. Stop"
This was trying to define a target in bsd.symver.mk based on LIBCDIR which was
not yet defined. Switching the order of inclusion of bsd.prog.mk and
bsd.symver.mk fixes it and seems fine.
Pointyhat to: bdrewery
Sponsored by: EMC / Isilon Storage Division
image.
The dynamic linker still requires that program headers of the
executable or dso are mapped by a PT_LOAD segment.
Reviewed by: emaste, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D3871
netbsd-tests.test.mk (r289151)
- Eliminate explicit OBJTOP/SRCTOP setting
- Convert all ad hoc NetBSD test integration over to netbsd-tests.test.mk
- Remove unnecessary TESTSDIR setting
- Use SRCTOP where possible for clarity
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Divison
The exists(${DESTDIR}...) check runs with DESTDIR being blank. When the
target runs it does have DESTDIR=${STAGE_OBJTOP} via bsd.sys.mk. This
results in the first execution warning that the symlink is missing. The
second run does run fine. However, this chflags is not needed at all
for META_MODE/STAGING since we never had this path being a schg file
while using META_MODE.
Sponsored by: EMC / Isilon Storage Division
on the Variant II code, however arm64 uses Variant I. The former placed the
thread pointer after the data, pointing at the thread control block, while
the latter places these before said data.
Because of this we need to use the size of the previous entry to calculate
where to place the current entry. We also need to reserve 16 bytes at the
start for the thread control block.
This also fixes the value of TLS_TCB_SIZE to be correct. This is the size
of two unsigned longs, i.e. 2 * 8 bytes.
While here remove the bogus adjustment of the pointer in the
R_AARCH64_TLS_TPREL64 case. It should be the offset of the data relative
to the thread pointer, including the thread control block.
Sponsored by: ABT Systems Ltd
have TLS program header. This is needed on architectures with Variant I
tls, that is arm, arm64, mips, and powerpc. These place the thread control
block at the start of the buffer and, without this, this data may be
trashed.
This appears to not be an issue on mips or powerpc as they include a second
adjustment to move the thread local data, however this is on arm64 (with a
future change to fix placing this data), and should be on arm. I am unable
to trigger this on arm, even after changing the code to move the data
around to make it more likely to be hit. This is most likely because my
tests didn't use the variable in offset 0.
Reviewed by: kib
MFC after: 1 week
Sponsored by: ABT Systems Ltd
Clang emits SSE instructions on amd64 in the common path of
pthread_mutex_unlock. If the thread does not otherwise use SSE,
this usage incurs a context-switch of the FPU/SSE state, which
reduces the performance of multiple real-world applications by a
non-trivial amount (3-5% in one application).
Instead of this change, I experimented with eagerly switching the
FPU state at context-switch time. This did not help. Most of the
cost seems to be in the read/write of memory--as kib@ stated--and
not in the #NM handling. I tested on machines with and without
XSAVEOPT.
One counter-argument to this change is that most applications already
use SIMD, and the number of applications and amount of SIMD usage
are only increasing. This is absolutely true. I agree that--in
general and in principle--this change is in the wrong direction.
However, there are applications that do not use enough SSE to offset
the extra context-switch cost. SSE does not provide a clear benefit
in the current libthr code with the current compiler, but it does
provide a clear loss in some cases. Therefore, disabling SSE in
libthr is a non-loss for most, and a gain for some.
I refrained from disabling SSE in libc--as was suggested--because
I can't make the above argument for libc. It provides a wide variety
of code; each case should be analyzed separately.
https://lists.freebsd.org/pipermail/freebsd-current/2015-March/055193.html
Suggestions from: dim, jmg, rpaulo
Approved by: kib (mentor)
MFC after: 2 weeks
Sponsored by: Dell Inc.
_rtld_bind. The compiler may generate code using these registers and not
save them. Unfortunately, as we make use of libc, we are unable to disallow
rtld from using floating-point register without also doing the same for the
parts of libc we use, or by limiting what _rtld_bind is able to call.
Obtained from: ABT Systems Ltd
Sponsored by: The FReeBSD Foundation
location pointer when the return value doesn't fit in a register, e.g. when
returning a struct.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
When enough time has passed for users to update their userland the kernel
fix will be applied. This will change the ABI to have x0 point to the args
and sp be correctly aligned.
It is expected this compatibility code can be removed when the kernel and
qemu usermode emulation have both been updated for the new ABI.
This fixes clang failures, and most likely other crashes.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
The requirement is for a GCC-compatible compiler and not necessarily
GCC itself. However, we currently expect any compiler used for building
the whole of FreeBSD to be GCC-compatible and many things will break if
not; there's no longer a need to have an explicit test for this in rtld.
Reviewed by: imp, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D2422
According to standard, the presence of the flags only means that the
object path must be resolved at the time object loading, instead of my
reading that the flag is required to enable token substitution at all.
The consequence is that -z origin linker flag is no longer required
for the token substitution in the run/rpath or the needed library
soname. It is only recommended if token substition is needed at
dlopen(3) time, since namecache might drop the required entries at the
time of resolution.
Found, reviewed and tested by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
* Add VCREAT flag to indicate when a new file is being created
* Add VVERIFY to indicate verification is required
* Both VCREAT and VVERIFY are only passed on the MAC method vnode_check_open
and are removed from the accmode after
* Add O_VERIFY flag to rtld open of objects
* Add 'v' flag to __sflags to set O_VERIFY flag.
Submitted by: Steve Kiernan <stevek@juniper.net>
Obtained from: Juniper Networks, Inc.
GitHub Pull Request: https://github.com/freebsd/freebsd/pull/27
Relnotes: yes
as always participating in the global symbols namespace, regardless of
the way the object was brought into the process address space.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
This is only an interim fix; MIPS should be using the MI code instead,
which does not have this issue.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D661
ABI specifies that, for R_AARCH64_TLSDESC relocations, we use the symbol
value, addend, and object tls offset to calculate the offset from the tls
base. We then cache this value for future reference.
Differential Revision: https://reviews.freebsd.org/D2183
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
still need libc_pic for a few things, but this is expected to be ready
soon.
Differential Revision: https://reviews.freebsd.org/D2136
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
rtld on x86 to be hidden. This is a micro-optimization, which allows
intrinsic references inside rtld to be handled without indirection
through PLT. The visibility of rtld symbols for other objects in the
symbol namespace is controlled by a version script.
Reviewed by: kan, jilles
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
without any translation. If the file is a symbolic link, $ORIGIN may not be
expanded to the actual origin. Use realpath(3) to properly expand $ORIGIN
to its absolute path.
Reviewed by: kib
MFC after: 1 week
Avoid use of register variables, which some compilers (e.g. clang)
don't like. It makes the code a little clearer as well.
This allows a clang 3.5 built powerpc world to run (tested in a jail).
MFC after: 1 week
The symbol leaked after r276630 since lib/libc/sys/openat.c defines
versions for openat using .symver (version script cannot assign two
versions to one symbol), and rtld uses openat. Instead, directly use
__sys_openat().
Reported and tested by: antoine
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
rtld-elf for powerpc 32 bit:
libexec/rtld-elf/powerpc/reloc.c:486:6: error: taking the absolute value of unsigned type 'Elf_Addr' (aka 'unsigned int') has no effect [-Werror,-Wabsolute-value]
if (abs(offset) < 32*1024*1024) { /* inside 32MB? */
^
libexec/rtld-elf/powerpc/reloc.c:486:6: note: remove the call to 'abs' since unsigned values cannot be negative
if (abs(offset) < 32*1024*1024) { /* inside 32MB? */
^~~
1 error generated.
Cast 'offset' to int, since that was intended, and should be safe to do
on architectures with 32-bit two's complement ints.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D1387
it exports to the debugger. It currently has two choices: it can use
a compiled-in path (/libexec/ld-elf.so.1) or it can use the path stored
in the interpreter path in the binary being executed. The runtime linker
currently prefers the second. However, this is usually wrong for compat32
binaries since the binary specifies the path of rtld on a 32-bit system
(/libexec/ld-elf.so.1) instead of the actual path (/libexec/ld-elf32.so.1).
For now, always assume the compiled in path (/libexec/ld-elf32.so.1) as
the rtld path and ignore the path in the binary for the 32-bit runtime
linker.
Differential Revision: https://reviews.freebsd.org/D1236
Reviewed by: kib
It is automatically set when -fPIC is passed to the compiler.
Reviewed by: dim, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D1179
Linux LD_ITERATE_PHDR(3):
The dlpi_name field is a null-terminated string giving the
pathname from which the shared object was loaded.
That functionality is much more useful than returning just the short
name.
Approved by: kan
Sponsored by: The FreeBSD Foundation
the oabi is still in the tree, but it is expected this will be removed
as developers work on surrounding code.
With this commit the ARM EABI is the only supported supported ABI by
FreeBSD on ARMa 32-bit processors.
X-MFC after: never
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D876
e.g. when a global variable is initialized with a pointer to ifunc.
Add symbol type check and call resolver for STT_GNU_IFUNC symbol types
when processing non-PLT relocations, but only after non-IFUNC
relocations are done. The two-phase proceessing is required since
resolvers may reference other symbols, which must be ready to use when
resolver calls are done.
Restructure reloc_non_plt() on x86 to call find_symdef() and handle
IFUNC in single place.
For non-x86 reloc_non_plt(), check for call for IFUNC relocation and
do nothing, to avoid processing relocs twice.
PR: 193048
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
All of the sources for the tests are contained in the
current working directory and the subdirectories
Phabric: D537
Reviewed by: jmmv
Approved by: jmmv (mentor)
Sponsored by: EMC / Isilon Storage Division
build time by using atf_tc_get_config_var(tc, "srcdir"))
This will allow end-users to move the binaries to different locations
after they've been built without having to rebuild the binaries with
the new paths
Phabric: D525 (part of a larger patch)
Reviewed by: jmmv
Approved by: jmmv (co-mentor)
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
correct stack alignment, however when we have a leaf function that uses
thread local storage it calls __aeabi_read_tp to get the thread pointer.
Neither GCC or clang see this as a function call so will align the stack
to a 4-byte boundary. This may be a problem as _rtld_bind expects to be
on an 8-byte boundary.
The solution is to store a copy of the stack pointer and force the
alignment before calling _rtld_bind.
This fixes a problem with armeb where applications would crash in odd ways.
It should also remove the need for a local patch to clang to force the
stack alignment to an 8-byte boundary, even for leaf functions. Further
testing will be needed before reverting this local change to clang as we
may rely on it in other places.
Reviewed by: jmg@
descriptors in order to relocate RTLD itself. To allocate memory,
we need the pagesizes array initialized, but that happens after
RTLD is relocated. This ordering is important for amd64, but it's
opposite of what ia64 needs. Handle this conflict with the define
called RTLD_INIT_PAGESIZES_EARLY. When defined, obtain the page
sizes before relocating rtld, otherwise do it after.
Test LD_LIBRARY_PATH_FDS by linking a binary that requires a shared
library that isn't in any of the usual search paths. Ensure this fails
when we don't supply LD_LIBRARY_PATH_FDS or we pass invalid information
in it. Ensure it works when we pass the correct directory in various
places in the variable.
Approved by: rwatson (mentor)
MFC after: 3 weeks
Sponsored by: DARPA/AFRL
This variable allows the loading of shared libraries via directory descriptors
rather than via library paths. If LD_LIBRARY_PATH_FDS=3:4:12, the directories
represented by file descriptors 3, 4 and 12 will searched for shared libraries
before the normal path-based mechanisms are used. This allows us to execute
unprivileged binaries from within a Capsicum sandbox even if they require
shared libraries.
Approved by: rwatson (mentor)
Reviewed by: kib
MFC after: 3 weeks
Sponsored by: DARPA/AFRL
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
mode. This allows the binder to be functional in the child after the
fork (assuming no lazy loading of a filter is needed), but other rtld
services which require write lock on rtld_bind_lock cause deadlock, if
called by child.
Change the _rtld_atfork() to lock the bind lock in write mode, making
the rtld fully functional after the fork.
Pre-resolve the symbols which are called by the libthr' fork()
interposer, since dynamic resolution causes deadlock due to the
rtld_bind_lock already owned in the write mode.
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
_rtld_debug_postinit(). [1]
- Use __compiler_membar() instead of inline asm in _r_debug_state() and
_r_debug_postinit(). [2]
Pointy hat to: markj [1]
Reported by: attilio [2]
Discussed with: kib
X-MFC-With: r265456
the victim process before its entry point is called, at which point probes
and DOF data are registered with the kernel. The r_debug_state hook cannot
be used for this purpose, as it is called before the program's init routines
are invoked and in particular before DOF data is registered (via drti.o).
Reviewed by: kib
MFC after: 2 weeks
first calls mmap() with the arguments PROT_NONE and MAP_ANON to reserve a
single, contiguous range of virtual addresses for the entire shared library.
Later, rtld calls mmap() with the the shared library's file descriptor
and the argument MAP_FIXED to place the text and data sections within the
reserved range. The rationale for mapping shared libraries in this way is
explained in the commit message for Revision 190885. However, this approach
does have an unintended, negative consequence. Since the first call to
mmap() specifies MAP_ANON and not the shared library's file descriptor, the
kernel has no idea what alignment the vm object backing the file prefers.
As a result, the reserved range's alignment is unlikely to be the same as
the vm object's, and so mapping with superpages becomes impossible. To
address this problem, this revision adds the argument MAP_ALIGNED_SUPER to
the first call to mmap() if the text section is larger than the smallest
superpage size.
To determine if the text section is larger than the smallest superpage
size, rtld must always fetch the page size information. As a result, the
private code for fetching the base page size in rtld's builtin malloc is
redundant. Eliminate it. Requested by: kib
Tested by: zbb (on arm)
Reviewed by: kib (an earlier version)
Discussed with: jhb
Some modules do not align data at least to size of pointer, they uses a
smaller alignment, but our pointer should be aligned to its native
boundary, otherwise on some platforms, hardware alignment checking
will cause bus error.
saving the pointer will overwrite bytes belongs to another memory block
unexpectly, to fix the problem, use (allocated address + sizeof(void *)) as
initial value, and slip to next aligned address, so maximum extra bytes is
sizeof(void *) + align - 1.
Tested by: Andre Albsmeier < mail at ma17 dot ata dot myota dot orgndre >
the max required alignment for the static tls segments, and honor it
when carving the pieces for next module, from the static space. Use
aligned allocator to get properly-aligned dynamic blocks.
Reported by: dt71@gmx.com
Reviewed by: kan
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
On MIPS the .dynamic section is read-only, so the pointer to rtld
information for debuggers cannot be stored there (in DT_DEBUG).
Instead, a special section .rld_map is used.
Sponsored by: DARPA, AFRL
Approved by: re (delphij)
available in 32-bit compatibility mode, unconditional.
Overhaul the man page, which had evolved more by accretion than by design.
Approved by: re (gjb)
MFC after: 3 weeks
PATH_MAX after the token substitution. This is wrong, because
origin_subst_one() performs the substitution on the whole rpath and
similar strings, which contain several pathes separated by colon. As
result, long (but correct) rpath consisting of many path elements is
rejected by the function.
Correct the problem by rewriting the origin_subst_one() to perform two
passes, first pass to calculate the number of substitutions to be
performed, and second pass to generate the resulting string. Second
pass allocates the memory for the result based on the count from the
first pass, without enforcing a limit.
Reported and tested by: pgj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Normal libraries have base address 0 and are unaffected by this change.
PR: 176216
Submitted by: Damjan Jovanovic <damjan.jov@gmail.com>
Reviewed by: kib
MFC after: 1 week
instead of /libexec/ld-elf.so.1. Below in the Makefile we execute
'chflags noschg ${DESTDIR}/usr/libexec/ld-elf.so.1', which follows
symlink and removes 'schg' flag from system's /libexec/ld-elf.so.1
instead of the one in DESTDIR. It is also more friendly to use
replative paths in symlink in case of jail/chroot environments.
Obtained from: WHEEL Systems
MFC after: 2 weeks
Rtld did not set FD_CLOEXEC on its internal file descriptors; therefore,
such a file descriptor may be passed to a process created by another thread
running in parallel to dlopen() or fdlopen().
No other threads are expected to be running during parsing of the hints
and libmap files but the file descriptors need not be passed to child
processes so add O_CLOEXEC there as well.
This change will break fdlopen() (as used by OpenPAM) on kernels without
F_DUPFD_CLOEXEC (added in July). Note that running new userland on old
kernels is not supported.
Reviewed by: kib
The place where the function is called can be reached if object loading
and relocation fails too, in which case obj pointer will be NULL. Do not
call process_nodelete then, or crash will follow.
Pointy hat to: kan
Trying to up the reference from the load loop risks missing dependencies
that have not been loaded yet.
MFC afer: 1 week
Reported by: nox
Reviewd by: kib
This is not strictly required with the current ABI but will be when we
switch to the ARM EABI. The aapcs requires the stack to be 4 byte aligned
at all times and 8 byte aligned when calling a public subroutine where the
current ABI only requires sp to be a multiple of 4.
by John Marino <draco@marino.st>, with the following (edited) commit
message
Date: Sat, 24 Mar 2012 06:40:50 +0100
Subject: [PATCH 1/1] rtld: Implement DT_RUNPATH and -z nodefaultlib
DT_RUNPATH is incorrectly being considered as an alias of DT_RPATH. The
purpose of DT_RUNPATH is to have two different types of rpath: one that
can be overridden by the environment variable LD_LIBRARY_PATH and one that
can't. With the currently implementation, LD_LIBRARY_PATH will always
trump any embedded rpath or runpath tags.
Current path search order by rtld:
==================================
LD_LIBRARY_PATH
DT_RPATH / DT_RUNPATH (always the same)
ldconfig hints file (default: /var/run/ld-elf.so.hints)
/usr/lib
New path search order by rtld:
==============================
DT_RPATH of the calling object if no DT_RUNPATH
DT_RPATH of the main binary if no DT_RUNPATH and binary isn't calling obj
LD_LIBRARY_PATH
DT_RUNPATH
ldconfig hints file
/usr/lib
The new path search matches how the linux runtime loader works. The other
major added feature is support for linker flag "-z nodefaultlib". When
this flag is passed to the linker, rtld will skip all references to the
standard library search path ("/usr/lib" in this case but it could handle
more color delimited paths) except in DT_RPATH and DT_RUNPATH.
New path search order by rtld with -z nodefaultlib flag set:
============================================================
DT_RPATH of the calling object if no DT_RUNPATH
DT_RPATH of the main binary if no DT_RUNPATH and binary isn't calling obj
LD_LIBRARY_PATH
DT_RUNPATH
ldconfig hints file (skips all references to /usr/lib)
FreeBSD notes:
- we fixed some bugs which were submitted to DragonFly and merged there
as commit 1ff8a2bd3eb6e5587174c6a983303ea3a79e0002;
- we added LD_LIBRARY_PATH_RPATH environment variable to switch to
the previous behaviour of considering DT_RPATH a synonym for DT_RUNPATH;
- the FreeBSD default search path is /lib:/usr/lib and not /usr/lib.
Reviewed by: kan
MFC after: 1 month
MFC note: flip the ld_library_path_rpath default value for stable/9
relocations are performed before the object's initializer is called.
When dlopen()ing an object, relocate the whole DAG rooted in the
object instead of only relocating the object itself and list of newly
loaded dependencies.
Reversed sequence currently can occur if the same object is a
dependency for both filtee and filter, since filtees are loaded
typically during the relocation processing, when some filter
dependencies might be already loaded but not relocated yet.
Reported and tested by: swills
Reviewed by: kan
MFC after: 1 week
object, and eliminate the pread(2) call as well [1]. Mmap the first
page of the object temporaly, and unmap it on error or last use.
Potentially, this leaves one-page gap between succeeding dlopen(3),
but there are other mmap(2) consumers as well.
Fix several cases were the whole mapping of the object leaked on error.
Use MAP_PREFAULT_READ for mmap(2) calls which map real object pages [2].
Insipired by the patch by: Ian Lepore <freebsd damnhippie dyndns org> [1]
Suggested by: alc [2]
MFC after: 2 weeks
object for which digest_dynamic1() was not done yet. Just return
EINVAL and do not try to dereference NULL buckets hash array.
This seems to happen on ia64 for rtld object itself, where the
R_IA_64_FPTR64LSB relocations require symbol lookup. The dynamic
linker itself does not rely on identity of the C-level function
pointers (i.e. function descriptors).
Reported and reviewed by: marcel
MFC after: 8 days
include <file>:
Parse the contents of file before continuing with the current file.
includedir <dir>:
Parse the contents of every file in dir that ends in .conf before continuing
with the current file.
Any file or directory encountered while processing include or includedir
directives will be parsed exactly once, even if it is encountered multiple
times.
Reviewed by: kib, des
Approved by: des (mentor)
MFC after: 1 month
hash elements, and a helper matched_symbol() which match the given hash
entry and request, performing needed type and version checks.
Based on dragonflybsd support for GNU hash by John Marino <draco marino st>
Reviewed by: kan
Tested by: bapt
MFC after: 2 weeks
through the filter loading call chain. This fixes attempts to
write-lock the already locked rtld_bind_lock when filter loading is
initiated by relocation of dlopening dso.
Reported and tested by: Taku YAMAMOTO <taku tackymt homeip net>
MFC after: 1 week
for the same object. This can happen when object is a dependency of the
dlopen()ed dso. When called several times, we waste time due to unneeded
processing, and memory, because obj->vertab is allocated anew on each
iteration.
Reviewed by: kan
MFC after: 2 weeks
are assumed to not fail.
Make the xcalloc() calling conventions follow the calloc(3) calling
conventions and replace unchecked calls to calloc() with calls to
xcalloc().
Remove redundand declarations from xmalloc.c, which are already
present in rtld.h.
Reviewed by: kan
Discussed with: bde
MFC after: 2 weeks
Do not relocate twice an object which happens to be needed by loaded
binary (or dso) and some filtee opened due to symbol resolution when
relocating need objects. Record the state of the relocation
processing in Obj_Entry and short-circuit relocate_objects() if
current object already processed.
Do not call constructors for filtees loaded during the early
relocation processing before image is initialized enough to run
user-provided code. Filtees are loaded using dlopen_object(), which
normally performs relocation and initialization. If filtee is
lazy-loaded during the relocation of dso needed by the main object,
dlopen_object() runs too earlier, when most runtime services are not
yet ready.
Postpone the constructors call to the time when main binary and
depended libraries constructors are run, passing the new flag
RTLD_LO_EARLY to dlopen_object(). Symbol lookups callers inform
symlook_* functions about early stage of initialization with
SYMLOOK_EARLY. Pass flags through all functions participating in
object relocation.
Use the opportunity and fix flags argument to find_symdef() in
arch-specific reloc.c to use proper name SYMLOOK_IN_PLT instead of
true, which happen to have the same numeric value.
Reported and tested by: theraven
Reviewed by: kan
MFC after: 2 weeks
Stop using strerror(3) in rtld, which brings in msgcat and stdio.
Directly access sys_errlist array of errno messages with private
rtld_strerror() function.
Now,
$ size /libexec/ld-elf.so.1
text data bss dec hex filename
96983 2480 8744 108207 1a6af /libexec/ld-elf.so.1
Reviewed by: dim, kan
MFC after: 2 weeks
Provide rtld-private implementations of __stack_chk_guard,
__stack_chk_fail() and __chk_fail() symbols, to be used by functions
linked from libc_pic.a. This avoids use of libc stack_protector.c,
which pulls in syslog(3) and stdio as dependency.
Also, do initialize rtld-private copy __stack_chk_guard, previously
libc-provided one was not initialized, since we do not call rtld
object _init() methods.
Reviewed by: kan
MFC after: 3 weeks
yet, and object segments are not yet mapped. Only parse the notes that
appear in the first page of the dso (as it should be anyway), and use
the preloaded page content.
Reported and tested by: stass
MFC after: 20 days
particular on ARM, do require working init arrays.
Traditional FreeBSD crt1 calls _init and _fini of the binary, instead
of allowing runtime linker to arrange the calls. This was probably
done to have the same crt code serve both statically and dynamically
linked binaries. Since ABI mandates that first is called preinit
array functions, then init, and then init array functions, the init
have to be called from rtld now.
To provide binary compatibility to old FreeBSD crt1, which calls _init
itself, rtld only calls intializers and finalizers for main binary if
binary has a note indicating that new crt was used for linking. Add
parsing of ELF notes to rtld, and cache p_osrel value since we parsed
it anyway.
The patch is inspired by init_array support for DragonflyBSD, written
by John Marino.
Reviewed by: kan
Tested by: andrew (arm, previous version), flo (sparc64, previous version)
MFC after: 3 weeks
for TLS microbenchmark using global-dynamic TLS model on amd64 (which is
default for PIC dso objects).
Split the slow path into tls_get_addr_slow(), for which inlining is
disabled. This prevents the registers spill on tls_get_addr_common()
entry.
Provide static branch hint to the compiler, indicating that slow path
is not likely to be taken.
While there, do some minimal style adjustments.
Reported and tested by: davidxu
MFC after: 1 week
Since after r232498 the ctype macros require working access to
thread-local variables, rtld crashes when libmap.conf is present.
Use hand-made isspace1() macro which is enough to detect spaces in
libmap.conf.
Reported by: alc, lme, many on current@
Tested by: lme
Reviewed by: dim, kan
MFC after: 1 week
relocations until tls is initialized and stacks permissions correctly
set. This allows the ifunc to call malloc(3) and some other heavy
services.
Add debug banner.
MFC after: 3 days
from the dispatcher would also acquire bind lock in read mode, which
is the supported operation. plt is explicitely designed to allow safe
multithreaded updates, so the shared lock do not cause problems.
The error in r228435 is that it allows read lock acquisition after the
write lock for the bind block. If we dlopened the shared object that
contains IRELATIVE or jump slot which target is STT_GNU_IFUNC, then
possible recursive plt resolve from the dispatcher would cause it.
Postpone the resolution for irelative/ifunc right before initializers
are called, and drop bind lock around calls to dispatcher. Use
initlist to iterate over the objects instead of the ->next, due to
drop of the bind lock in iteration.
For i386/reloc.c:reloc_iresolve(), fix calculation of the dispatch
function address for dso, by taking into account possible non-zero
relocbase.
MFC after: 3 weeks
rtld on 386 and amd64. This adds runtime bits neccessary for the use
of the dispatch functions from the dynamically-linked executables and
shared libraries.
To allow use of external references from the dispatch function, resolution
of the R_MACHINE_IRESOLVE relocations in PLT is postponed until GOT entries
for PLT are prepared, and normal resolution of the GOT entries is finished.
Similar to how it is done by GNU, IRELATIVE relocations are resolved in
advance, instead of normal lazy handling for PLT.
Move the init_pltgot() call before the relocations for the object are
processed.
MFC after: 3 weeks
relocations are processed, since tls initialization section might be
itself subject for relocations. Only set up of the block is postponed,
the tls block offsets are allocated before relocation processing, since
TLS-related relocations may need offsets ready.
Reported by: ale
PR: threads/161344
Reviewed by: kan
MFC after: 1 week
executable) after r190885. The whole region for the dso is mmaped with
MAP_NOCORE flag, doing only mprotect(2) over .bss prevented it from
writing .bss to core files.
Revert the optimization of using mprotect(2) to establish .bss, overlap
the section with mmap(2).
Reported by: attilio
Reviewed by: attilio, emaste
Approved by: re (bz)
MFC after: 2 weeks
functions. The _rtld_error() function might be called early during the rtld
bootstrap, in which case function pointers are not yet functional on ia64
due to required relocations not yet performed.
Reported, reviewed and tested by: marcel
Approved by: re (bz)
