From owner-svn-src-head@FreeBSD.ORG Wed Jun 27 20:24:26 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 97865106564A; Wed, 27 Jun 2012 20:24:26 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 54DBE8FC16; Wed, 27 Jun 2012 20:24:26 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q5RKOQZ4030763; Wed, 27 Jun 2012 20:24:26 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q5RKOQRU030761; Wed, 27 Jun 2012 20:24:26 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201206272024.q5RKOQRU030761@svn.freebsd.org> From: Konstantin Belousov Date: Wed, 27 Jun 2012 20:24:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r237659 - head/libexec/rtld-elf X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 20:24:26 -0000 Author: kib Date: Wed Jun 27 20:24:25 2012 New Revision: 237659 URL: http://svn.freebsd.org/changeset/base/237659 Log: Ensure that for the object which is a dependency for some filtee, relocations are performed before the object's initializer is called. When dlopen()ing an object, relocate the whole DAG rooted in the object instead of only relocating the object itself and list of newly loaded dependencies. Reversed sequence currently can occur if the same object is a dependency for both filtee and filter, since filtees are loaded typically during the relocation processing, when some filter dependencies might be already loaded but not relocated yet. Reported and tested by: swills Reviewed by: kan MFC after: 1 week Modified: head/libexec/rtld-elf/rtld.c Modified: head/libexec/rtld-elf/rtld.c ============================================================================== --- head/libexec/rtld-elf/rtld.c Wed Jun 27 19:23:29 2012 (r237658) +++ head/libexec/rtld-elf/rtld.c Wed Jun 27 20:24:25 2012 (r237659) @@ -117,6 +117,10 @@ static void objlist_push_head(Objlist *, static void objlist_push_tail(Objlist *, Obj_Entry *); static void objlist_remove(Objlist *, Obj_Entry *); static void *path_enumerate(const char *, path_enum_proc, void *); +static int relocate_object_dag(Obj_Entry *root, bool bind_now, + Obj_Entry *rtldobj, int flags, RtldLockState *lockstate); +static int relocate_object(Obj_Entry *obj, bool bind_now, Obj_Entry *rtldobj, + int flags, RtldLockState *lockstate); static int relocate_objects(Obj_Entry *, bool, Obj_Entry *, int, RtldLockState *); static int resolve_objects_ifunc(Obj_Entry *first, bool bind_now, @@ -2217,52 +2221,70 @@ objlist_remove(Objlist *list, Obj_Entry } /* - * Relocate newly-loaded shared objects. The argument is a pointer to - * the Obj_Entry for the first such object. All objects from the first - * to the end of the list of objects are relocated. Returns 0 on success, - * or -1 on failure. + * Relocate dag rooted in the specified object. + * Returns 0 on success, or -1 on failure. */ + static int -relocate_objects(Obj_Entry *first, bool bind_now, Obj_Entry *rtldobj, +relocate_object_dag(Obj_Entry *root, bool bind_now, Obj_Entry *rtldobj, + int flags, RtldLockState *lockstate) +{ + Objlist_Entry *elm; + int error; + + error = 0; + STAILQ_FOREACH(elm, &root->dagmembers, link) { + error = relocate_object(elm->obj, bind_now, rtldobj, flags, + lockstate); + if (error == -1) + break; + } + return (error); +} + +/* + * Relocate single object. + * Returns 0 on success, or -1 on failure. + */ +static int +relocate_object(Obj_Entry *obj, bool bind_now, Obj_Entry *rtldobj, int flags, RtldLockState *lockstate) { - Obj_Entry *obj; - for (obj = first; obj != NULL; obj = obj->next) { if (obj->relocated) - continue; + return (0); obj->relocated = true; if (obj != rtldobj) - dbg("relocating \"%s\"", obj->path); + dbg("relocating \"%s\"", obj->path); if (obj->symtab == NULL || obj->strtab == NULL || - !(obj->valid_hash_sysv || obj->valid_hash_gnu)) { - _rtld_error("%s: Shared object has no run-time symbol table", - obj->path); - return -1; + !(obj->valid_hash_sysv || obj->valid_hash_gnu)) { + _rtld_error("%s: Shared object has no run-time symbol table", + obj->path); + return (-1); } if (obj->textrel) { - /* There are relocations to the write-protected text segment. */ - if (mprotect(obj->mapbase, obj->textsize, - PROT_READ|PROT_WRITE|PROT_EXEC) == -1) { - _rtld_error("%s: Cannot write-enable text segment: %s", - obj->path, rtld_strerror(errno)); - return -1; - } + /* There are relocations to the write-protected text segment. */ + if (mprotect(obj->mapbase, obj->textsize, + PROT_READ|PROT_WRITE|PROT_EXEC) == -1) { + _rtld_error("%s: Cannot write-enable text segment: %s", + obj->path, rtld_strerror(errno)); + return (-1); + } } /* Process the non-PLT relocations. */ if (reloc_non_plt(obj, rtldobj, flags, lockstate)) - return -1; + return (-1); if (obj->textrel) { /* Re-protected the text segment. */ - if (mprotect(obj->mapbase, obj->textsize, - PROT_READ|PROT_EXEC) == -1) { - _rtld_error("%s: Cannot write-protect text segment: %s", - obj->path, rtld_strerror(errno)); - return -1; - } + if (mprotect(obj->mapbase, obj->textsize, + PROT_READ|PROT_EXEC) == -1) { + _rtld_error("%s: Cannot write-protect text segment: %s", + obj->path, rtld_strerror(errno)); + return (-1); + } } @@ -2271,18 +2293,19 @@ relocate_objects(Obj_Entry *first, bool /* Process the PLT relocations. */ if (reloc_plt(obj) == -1) - return -1; + return (-1); /* Relocate the jump slots if we are doing immediate binding. */ if (obj->bind_now || bind_now) - if (reloc_jmpslots(obj, flags, lockstate) == -1) - return -1; + if (reloc_jmpslots(obj, flags, lockstate) == -1) + return (-1); if (obj->relro_size > 0) { - if (mprotect(obj->relro_page, obj->relro_size, PROT_READ) == -1) { - _rtld_error("%s: Cannot enforce relro protection: %s", - obj->path, rtld_strerror(errno)); - return -1; - } + if (mprotect(obj->relro_page, obj->relro_size, + PROT_READ) == -1) { + _rtld_error("%s: Cannot enforce relro protection: %s", + obj->path, rtld_strerror(errno)); + return (-1); + } } /* @@ -2292,9 +2315,30 @@ relocate_objects(Obj_Entry *first, bool */ obj->magic = RTLD_MAGIC; obj->version = RTLD_VERSION; - } - return (0); + return (0); +} + +/* + * Relocate newly-loaded shared objects. The argument is a pointer to + * the Obj_Entry for the first such object. All objects from the first + * to the end of the list of objects are relocated. Returns 0 on success, + * or -1 on failure. + */ +static int +relocate_objects(Obj_Entry *first, bool bind_now, Obj_Entry *rtldobj, + int flags, RtldLockState *lockstate) +{ + Obj_Entry *obj; + int error; + + for (error = 0, obj = first; obj != NULL; obj = obj->next) { + error = relocate_object(obj, bind_now, rtldobj, flags, + lockstate); + if (error == -1) + break; + } + return (error); } /* @@ -2614,10 +2658,10 @@ dlopen_object(const char *name, int fd, result = rtld_verify_versions(&obj->dagmembers); if (result != -1 && ld_tracing) goto trace; - if (result == -1 || (relocate_objects(obj, - (mode & RTLD_MODEMASK) == RTLD_NOW, &obj_rtld, + if (result == -1 || relocate_object_dag(obj, + (mode & RTLD_MODEMASK) == RTLD_NOW, &obj_rtld, (lo_flags & RTLD_LO_EARLY) ? SYMLOOK_EARLY : 0, - lockstate)) == -1) { + lockstate) == -1) { dlopen_cleanup(obj); obj = NULL; } else if (lo_flags & RTLD_LO_EARLY) {