x86: Check IFUNC definition in unrelocated executable [BZ #20019]
Calling an IFUNC function defined in unrelocated executable also leads to segfault. Issue a fatal error message when calling IFUNC function defined in the unrelocated executable from a shared library. On x86, ifuncmain6pie failed with: [hjl@gnu-cfl-2 build-i686-linux]$ ./elf/ifuncmain6pie --direct ./elf/ifuncmain6pie: IFUNC symbol 'foo' referenced in '/export/build/gnu/tools-build/glibc-32bit/build-i686-linux/elf/ifuncmod6.so' is defined in the executable and creates an unsatisfiable circular dependency. [hjl@gnu-cfl-2 build-i686-linux]$ readelf -rW elf/ifuncmod6.so | grep foo 00003ff4 00000706 R_386_GLOB_DAT 0000400c foo_ptr 00003ff8 00000406 R_386_GLOB_DAT 00000000 foo 0000400c 00000401 R_386_32 00000000 foo [hjl@gnu-cfl-2 build-i686-linux]$ Remove non-JUMP_SLOT relocations against foo in ifuncmod6.so, which trigger the circular IFUNC dependency, and build ifuncmain6pie with -Wl,-z,lazy. (cherry picked from commits6ea5b57afa
and7137d682eb
)
This commit is contained in:
parent
420ade1f64
commit
1864775abc
1
NEWS
1
NEWS
|
@ -25,6 +25,7 @@ The following bugs are resolved with this release:
|
||||||
|
|
||||||
[16573] malloc: Set and reset all hooks for tracing
|
[16573] malloc: Set and reset all hooks for tracing
|
||||||
[18035] Fix pldd hang
|
[18035] Fix pldd hang
|
||||||
|
[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
|
||||||
[20568] Fix crash in _IO_wfile_sync
|
[20568] Fix crash in _IO_wfile_sync
|
||||||
[24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309)
|
[24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309)
|
||||||
[24164] Systemtap probes need to use "nr" constraint on 32-bit Arm
|
[24164] Systemtap probes need to use "nr" constraint on 32-bit Arm
|
||||||
|
|
|
@ -1279,6 +1279,8 @@ CFLAGS-ifuncmain6pie.c += $(pie-ccflag)
|
||||||
CFLAGS-ifuncmain7pie.c += $(pie-ccflag)
|
CFLAGS-ifuncmain7pie.c += $(pie-ccflag)
|
||||||
CFLAGS-tst-ifunc-textrel.c += $(pic-ccflag)
|
CFLAGS-tst-ifunc-textrel.c += $(pic-ccflag)
|
||||||
|
|
||||||
|
LDFLAGS-ifuncmain6pie = -Wl,-z,lazy
|
||||||
|
|
||||||
$(objpfx)ifuncmain1pie: $(objpfx)ifuncmod1.so
|
$(objpfx)ifuncmain1pie: $(objpfx)ifuncmod1.so
|
||||||
$(objpfx)ifuncmain1staticpie: $(objpfx)ifuncdep1pic.o
|
$(objpfx)ifuncmain1staticpie: $(objpfx)ifuncdep1pic.o
|
||||||
$(objpfx)ifuncmain1vispie: $(objpfx)ifuncmod1.so
|
$(objpfx)ifuncmain1vispie: $(objpfx)ifuncmod1.so
|
||||||
|
|
|
@ -9,7 +9,6 @@
|
||||||
#include "ifunc-sel.h"
|
#include "ifunc-sel.h"
|
||||||
|
|
||||||
typedef int (*foo_p) (void);
|
typedef int (*foo_p) (void);
|
||||||
extern foo_p foo_ptr;
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
one (void)
|
one (void)
|
||||||
|
@ -28,20 +27,17 @@ foo_ifunc (void)
|
||||||
}
|
}
|
||||||
|
|
||||||
extern int foo (void);
|
extern int foo (void);
|
||||||
extern foo_p get_foo (void);
|
extern int call_foo (void);
|
||||||
extern foo_p get_foo_p (void);
|
extern foo_p get_foo_p (void);
|
||||||
|
|
||||||
foo_p my_foo_ptr = foo;
|
foo_p foo_ptr = foo;
|
||||||
|
|
||||||
int
|
int
|
||||||
main (void)
|
main (void)
|
||||||
{
|
{
|
||||||
foo_p p;
|
foo_p p;
|
||||||
|
|
||||||
p = get_foo ();
|
if (call_foo () != -30)
|
||||||
if (p != foo)
|
|
||||||
abort ();
|
|
||||||
if ((*p) () != -30)
|
|
||||||
abort ();
|
abort ();
|
||||||
|
|
||||||
p = get_foo_p ();
|
p = get_foo_p ();
|
||||||
|
@ -52,12 +48,8 @@ main (void)
|
||||||
|
|
||||||
if (foo_ptr != foo)
|
if (foo_ptr != foo)
|
||||||
abort ();
|
abort ();
|
||||||
if (my_foo_ptr != foo)
|
|
||||||
abort ();
|
|
||||||
if ((*foo_ptr) () != -30)
|
if ((*foo_ptr) () != -30)
|
||||||
abort ();
|
abort ();
|
||||||
if ((*my_foo_ptr) () != -30)
|
|
||||||
abort ();
|
|
||||||
if (foo () != -30)
|
if (foo () != -30)
|
||||||
abort ();
|
abort ();
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ extern int foo (void);
|
||||||
|
|
||||||
typedef int (*foo_p) (void);
|
typedef int (*foo_p) (void);
|
||||||
|
|
||||||
foo_p foo_ptr = foo;
|
extern foo_p foo_ptr;
|
||||||
|
|
||||||
foo_p
|
foo_p
|
||||||
get_foo_p (void)
|
get_foo_p (void)
|
||||||
|
@ -12,8 +12,8 @@ get_foo_p (void)
|
||||||
return foo_ptr;
|
return foo_ptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
foo_p
|
int
|
||||||
get_foo (void)
|
call_foo (void)
|
||||||
{
|
{
|
||||||
return foo;
|
return foo ();
|
||||||
}
|
}
|
||||||
|
|
|
@ -338,16 +338,22 @@ elf_machine_rel (struct link_map *map, const Elf32_Rel *reloc,
|
||||||
{
|
{
|
||||||
# ifndef RTLD_BOOTSTRAP
|
# ifndef RTLD_BOOTSTRAP
|
||||||
if (sym_map != map
|
if (sym_map != map
|
||||||
&& sym_map->l_type != lt_executable
|
|
||||||
&& !sym_map->l_relocated)
|
&& !sym_map->l_relocated)
|
||||||
{
|
{
|
||||||
const char *strtab
|
const char *strtab
|
||||||
= (const char *) D_PTR (map, l_info[DT_STRTAB]);
|
= (const char *) D_PTR (map, l_info[DT_STRTAB]);
|
||||||
_dl_error_printf ("\
|
if (sym_map->l_type == lt_executable)
|
||||||
|
_dl_fatal_printf ("\
|
||||||
|
%s: IFUNC symbol '%s' referenced in '%s' is defined in the executable \
|
||||||
|
and creates an unsatisfiable circular dependency.\n",
|
||||||
|
RTLD_PROGNAME, strtab + refsym->st_name,
|
||||||
|
map->l_name);
|
||||||
|
else
|
||||||
|
_dl_error_printf ("\
|
||||||
%s: Relink `%s' with `%s' for IFUNC symbol `%s'\n",
|
%s: Relink `%s' with `%s' for IFUNC symbol `%s'\n",
|
||||||
RTLD_PROGNAME, map->l_name,
|
RTLD_PROGNAME, map->l_name,
|
||||||
sym_map->l_name,
|
sym_map->l_name,
|
||||||
strtab + refsym->st_name);
|
strtab + refsym->st_name);
|
||||||
}
|
}
|
||||||
# endif
|
# endif
|
||||||
value = ((Elf32_Addr (*) (void)) value) ();
|
value = ((Elf32_Addr (*) (void)) value) ();
|
||||||
|
|
|
@ -315,16 +315,22 @@ elf_machine_rela (struct link_map *map, const ElfW(Rela) *reloc,
|
||||||
{
|
{
|
||||||
# ifndef RTLD_BOOTSTRAP
|
# ifndef RTLD_BOOTSTRAP
|
||||||
if (sym_map != map
|
if (sym_map != map
|
||||||
&& sym_map->l_type != lt_executable
|
|
||||||
&& !sym_map->l_relocated)
|
&& !sym_map->l_relocated)
|
||||||
{
|
{
|
||||||
const char *strtab
|
const char *strtab
|
||||||
= (const char *) D_PTR (map, l_info[DT_STRTAB]);
|
= (const char *) D_PTR (map, l_info[DT_STRTAB]);
|
||||||
_dl_error_printf ("\
|
if (sym_map->l_type == lt_executable)
|
||||||
|
_dl_fatal_printf ("\
|
||||||
|
%s: IFUNC symbol '%s' referenced in '%s' is defined in the executable \
|
||||||
|
and creates an unsatisfiable circular dependency.\n",
|
||||||
|
RTLD_PROGNAME, strtab + refsym->st_name,
|
||||||
|
map->l_name);
|
||||||
|
else
|
||||||
|
_dl_error_printf ("\
|
||||||
%s: Relink `%s' with `%s' for IFUNC symbol `%s'\n",
|
%s: Relink `%s' with `%s' for IFUNC symbol `%s'\n",
|
||||||
RTLD_PROGNAME, map->l_name,
|
RTLD_PROGNAME, map->l_name,
|
||||||
sym_map->l_name,
|
sym_map->l_name,
|
||||||
strtab + refsym->st_name);
|
strtab + refsym->st_name);
|
||||||
}
|
}
|
||||||
# endif
|
# endif
|
||||||
value = ((ElfW(Addr) (*) (void)) value) ();
|
value = ((ElfW(Addr) (*) (void)) value) ();
|
||||||
|
|
Loading…
Reference in New Issue