This is the mail archive of the
mailing list for the glibc project.
Re: Harden powerpc64 elf_machine_fixup_plt
- From: Steven Munroe <munroesj at linux dot vnet dot ibm dot comcom>
- To: Alan Modra <amodra at gmail dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 25 Mar 2015 19:29:43 -0500
- Subject: Re: Harden powerpc64 elf_machine_fixup_plt
- Authentication-results: sourceware.org; auth=none
- References: <20150319235208 dot GB26234 at bubble dot grove dot modra dot org>
- Reply-to: munroesj at linux dot vnet dot ibm dot com
On Fri, 2015-03-20 at 10:22 +1030, Alan Modra wrote:
> IFUNC is difficult to correctly implement on any target needing a GOT
> to support position independent code, due to the dependency on order
> of dynamic relocations. ld.so should be changed to apply IFUNC
> relocations last, globally, because without that it is actually
> impossible to write an IFUNC resolver in C that works in all
> situations. Case in point, vfork in libpthread.so is an IFUNC with
> the resolver returning &__libc_vfork. (system and fork are similar.)
> If another shared library, libA say, uses vfork then it is quite
> possible that libpthread.so hasn't been dynamically relocated before
> the unfortunate libA is dynamically relocated. In that case the GOT
> entry for &__libc_vfork is still zero, so the IFUNC resolver returns
> NULL. LD_BIND_NOW=1 results in libA PLT dynamic relocations being
> applied using this NULL value and ld.so segfaults.
> This patch hardens ld.so to not segfault on a NULL from an IFUNC
> resolver. It also fixes a problem with undefined weak. If you leave
> the plt entry as-is for undefined weak then if the entry is ever
> called it will loop in ld.so rather than segfaulting.
> Regression tested powerpc64-linux.
> * sysdeps/powerpc/powerpc64/dl-machine.h (elf_machine_fixup_plt):
> Don't segfault if ifunc resolver returns a NULL. Do set plt to
> zero for undefined weak.
> (elf_machine_plt_conflict): Similarly.
I have reviewed this patch and agree it should committed.