until copy relocations are done.
Newer binutils and lld seems to output copy into relro-protected range.
Reported by: Rafael Espц╜ndola via emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
- Pass the correct object to unload_filtees().
- Use a marker to restart iteration after unload_filtees() has returned.
It calls dlclose() and may recursively remove entries from the global
object list, so TAILQ_FOREACH_SAFE is not sufficient.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
rtld drops the bind lock to call fini functions in an object prior to
unmapping it. The new "doomed" state flag prevents the acquisition of new
references for an object while the lock is dropped.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Add a transient reference count to ensure that the phdr argument to the
callback remains valid while the bind lock is dropped.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
This avoids a race with readers such as dladdr(3)/dlinfo(3)/dlsym(3) and
the atexit(3) handler. This race was introduced in r294373.
Reviewed by: markj, kib, kan
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
rtld-elf has some vestigial support for building as a static executable.
r45501 introduced a partial implementation with a prescient note that it
"might never be enabled." r153515 introduced ELF symbol versioning
support, and removed part of the unused build infrastructure for static
rtld.
GNU ld populates rela relocation addends and GOT entries with the same
values, and rtld's run-time dynamic executable check relied on this.
Alternate toolchains may not populate the GOT entries, which caused
RTLD_IS_DYNAMIC to return false. Simplify rtld by just removing the
unused check.
If we want to restore static rtld support later on we ought to introduce
a build-time #ifdef flag.
PR: 214972
Reviewed by: kan
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8687
MIPS does not use the common _rtld_bind() to handle runtime binding.
Instead, it uses a private _mips_rtld_bind(). Update _mips_rtld_bind()
to include the changes made to _rtld_bind() in r216695 and r218476 to
support upgrading the read-locked rtld_bind_lock to a write lock when
an object with a filter is encountered.
While here, add a 'where' variable to track the location of the fixup
in the GOT to make the code flow more closely match _rtld_bind().
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: DARPA / AFRL
Differential Revision: https://reviews.freebsd.org/D8625
CPUID[7].%ebx (cpu_stdext_feature), %ecx (cpu_stdext_feature2) to the
ifunc resolvers on x86.
It is much more clean to use CPUID instruction in usermode to retrieve
this information than to pass AT_HWCAP aux vector from kernel, on
x86. Still, the change does allow for use of AT_HWCAP on arches where it is
needed, by passing aux array to ifunc_init() initializer which should
prepare arguments for ifunc resolvers.
Current signature for resolvers on x86 is
func_t iresolve(uint32_t cpu_feature, uint32_t cpu_feature2,
uint32_t cpu_stdext_feature, uint32_t cpu_stdext_feature2);
where arguments have identical meaning as the kernel variables of the
same name. The ABIs allow to use resolvers with the void or shortened
list of arguments.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D8448
When symbol versioning was added to rtld, the boolean 'in_plt' argument
to find_symdef() was converted to a bitmask of flags. The first flag
added was 'SYMLOOK_IN_PLT' which replaced the 'in_plt' bool. This
happened to still work by accident as SYMLOOK_IN_PLT had the value of 1
which is the same as 'true', so there should be no functional change.
Tested on: amd64
Reviewed by: kan
MFC after: 2 weeks
Sponsored by: DARPA / AFRL
The root of the problem here is that TAILQ_FOREACH_FROM will default to
the head of the list if passed NULL, which will be the case if there are
no libraries loaded after this one. Thus all libraries, including the
current, were iterated in that case rather than none.
This was broken in r294373.
Reviewed by: markj (earlier version), cem, kib, ngie
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7216
Check that the dirlist path string specification does not cause
overflow and is fully contained in the hints file.
Check that the dirlist string is nul-terminated.
Make 'hdr' static variable, so that hdr.dirlistlen is available when
hints cached value is used on next function calls. Reset hdr.dirlistlen
to zero if error was detected, so that allocations use reasonable size.
Use 'hints', and not 'p' in the body, since p is only initialized on the
first call.
Reported and reviewed by: truckman (previous version)
Sponsored by: The FreeBSD Foundation
CIDs: 1006503, 1006504, 1006676, 1008488, 1007263
MFC after: 2 weeks
segment. According to gABI spec, presence of the tag indicates that
dynamic linker must be prepared to handle relocations against any
read-only segment, not only the segment which we, somewhat arbitrary,
declared the text.
For each read-only segment, add write permission before relocs are
processed, and return to the mapping mode requested by the phdr, after
relocs are done.
Reported, tested, and reviewed by: emaste
PR: 207631
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
The dl_iterate_phdr consumer code in libgcc does not expect multiple
callbacks running concurrently. This was fixed once already in r178807,
but accidentally got reverted in r294373.
phdr locks locked. This allows to call rtld services from the
callback, which is only reasonable for dlopen(path, RTLD_NOLOAD) to
test existence of the library in the image, and for dlsym(). The
later might still be not quite safe, due to the lazy resolution of
filters.
To allow dropping the locks around iteration in dl_iterate_phdr(3), we
insert markers to track current position between relocks. The global
objects list is converted to tailq and all iterators skip markers,
globallist_next() and globallist_curr() helpers are added.
Reported and tested by: davide
Reviewed by: kan
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
transition mechanism, if we don't have /usr/libsoft, assume that soft
float ABI binaries are the default, so treat them as default binaries.
When we've fully transitioned, it will make no sense to do this stat,
and it will be removed.
MIPS has/had a read-only DYNAMIC segment, and uses an extra level of
indirection (through MIPS_RLD_MAP) to locate the debugger rendezvous
data.
Some linkers (e.g. LLVM's lld) may produce MIPS binaries with a writable
DYNAMIC segment, which would allow us to eventually drop a special case.
Therefore, instead of hardcoding knowledge that DYNAMIC is not writable
on MIPS just check the permissions on the segment.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D4791
for the environment variables we look up at runtime. Otherwise,
there's no way they will change, optimize it at compile time.
Differential Review: https://reviews.freebsd.org/D2718
allow later substitution at run time instead of compile time of the
environment variable name prefix.
Differential Review: https://reviews.freebsd.org/D2718
have TLS program header. This is needed on architectures with Variant I
tls, that is arm, arm64, mips, and powerpc. These place the thread control
block at the start of the buffer and, without this, this data may be
trashed.
This appears to not be an issue on mips or powerpc as they include a second
adjustment to move the thread local data, however this is on arm64 (with a
future change to fix placing this data), and should be on arm. I am unable
to trigger this on arm, even after changing the code to move the data
around to make it more likely to be hit. This is most likely because my
tests didn't use the variable in offset 0.
Reviewed by: kib
MFC after: 1 week
Sponsored by: ABT Systems Ltd
The requirement is for a GCC-compatible compiler and not necessarily
GCC itself. However, we currently expect any compiler used for building
the whole of FreeBSD to be GCC-compatible and many things will break if
not; there's no longer a need to have an explicit test for this in rtld.
Reviewed by: imp, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D2422
According to standard, the presence of the flags only means that the
object path must be resolved at the time object loading, instead of my
reading that the flag is required to enable token substitution at all.
The consequence is that -z origin linker flag is no longer required
for the token substitution in the run/rpath or the needed library
soname. It is only recommended if token substition is needed at
dlopen(3) time, since namecache might drop the required entries at the
time of resolution.
Found, reviewed and tested by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
* Add VCREAT flag to indicate when a new file is being created
* Add VVERIFY to indicate verification is required
* Both VCREAT and VVERIFY are only passed on the MAC method vnode_check_open
and are removed from the accmode after
* Add O_VERIFY flag to rtld open of objects
* Add 'v' flag to __sflags to set O_VERIFY flag.
Submitted by: Steve Kiernan <stevek@juniper.net>
Obtained from: Juniper Networks, Inc.
GitHub Pull Request: https://github.com/freebsd/freebsd/pull/27
Relnotes: yes
as always participating in the global symbols namespace, regardless of
the way the object was brought into the process address space.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
still need libc_pic for a few things, but this is expected to be ready
soon.
Differential Revision: https://reviews.freebsd.org/D2136
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
rtld on x86 to be hidden. This is a micro-optimization, which allows
intrinsic references inside rtld to be handled without indirection
through PLT. The visibility of rtld symbols for other objects in the
symbol namespace is controlled by a version script.
Reviewed by: kan, jilles
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
without any translation. If the file is a symbolic link, $ORIGIN may not be
expanded to the actual origin. Use realpath(3) to properly expand $ORIGIN
to its absolute path.
Reviewed by: kib
MFC after: 1 week
The symbol leaked after r276630 since lib/libc/sys/openat.c defines
versions for openat using .symver (version script cannot assign two
versions to one symbol), and rtld uses openat. Instead, directly use
__sys_openat().
Reported and tested by: antoine
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
it exports to the debugger. It currently has two choices: it can use
a compiled-in path (/libexec/ld-elf.so.1) or it can use the path stored
in the interpreter path in the binary being executed. The runtime linker
currently prefers the second. However, this is usually wrong for compat32
binaries since the binary specifies the path of rtld on a 32-bit system
(/libexec/ld-elf.so.1) instead of the actual path (/libexec/ld-elf32.so.1).
For now, always assume the compiled in path (/libexec/ld-elf32.so.1) as
the rtld path and ignore the path in the binary for the 32-bit runtime
linker.
Differential Revision: https://reviews.freebsd.org/D1236
Reviewed by: kib
