Bug 24959

Summary: librt IFUNC resolvers for clock_gettime and clock_* functions other can lead to crashes
Product: glibc Reporter: Florian Weimer <fweimer>
Component: timeAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED FIXED    
Severity: normal Flags: fweimer: security-
Priority: P2    
Version: 2.30   
Target Milestone: 2.31   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1748197
https://sourceware.org/bugzilla/show_bug.cgi?id=24194
Host: Target:
Build: Last reconfirmed:
Bug Depends on: 24741    
Bug Blocks:    

Description Florian Weimer 2019-09-03 07:28:25 UTC
Similar to system/longjmp/vfork (bug 20188, bug 19861, and others), programs can fail to load due to the relocation dependency of the IFUNC resolvers for clock_gettime and the other clock_* functions in librt.

This is particularly visible if a program uses clock_gettime from libc (from an object which does not link against librt), and also has dynamic objects which are linked against librt.  In this case, the librt definition of clock_gettime interposes the libc definition, and its IFUNC resolver may run before librt is relocated (because not all clock_gettime users have a DT_NEEDED dependency on librt).
Comment 2 Sourceware Commits 2019-09-04 12:40:50 UTC
The master branch has been updated by Florian Weimer <fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7b5af2d8f2a2b858319a792678b15a0db08764c7

commit 7b5af2d8f2a2b858319a792678b15a0db08764c7
Author: Zack Weinberg <zackw@panix.com>
Date:   Wed Sep 4 08:18:57 2019 +0200

    Finish move of clock_* functions to libc. [BZ #24959]
    
    In glibc 2.17, the functions clock_getcpuclockid, clock_getres,
    clock_gettime, clock_nanosleep, and clock_settime were moved from
    librt.so to libc.so, leaving compatibility stubs behind.  Now that the
    dynamic linker no longer insists on finding versioned symbols in the
    same library that originally defined them, we do not need the stubs
    anymore, and this means we don't need GLIBC_PRIVATE __-prefix aliases
    for most of the functions anymore either.  (clock_gettime still needs
    one.)  For ports added before 2.17, libc.so needs to provide two
    symbol versions for each, the default at GLIBC_2.17 plus a compat
    version matching what librt had.
    
    While I'm at it, move the clock_*.c files and their tests from rt/ to
    time/.
Comment 3 Florian Weimer 2019-09-04 12:41:53 UTC
Fixed in glibc 2.31.
Comment 4 Sourceware Commits 2019-09-25 23:32:10 UTC
The master branch has been updated by Adhemerval Zanella <azanella@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b2b3b7598ae51c714b5fd0d0406d435e66f3624b

commit b2b3b7598ae51c714b5fd0d0406d435e66f3624b
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Wed Sep 25 22:10:00 2019 +0000

    Set the expects flags to clock_nanosleep
    
    It moves the missing CFLAGS from rt/Makefile to time/Makefile missing
    from 7b5af2d8f2a2b (Finish move of clock_* functions to libc. [BZ #24959]).
    
    Checked on powerpc64le-linux-gnu.
    
    	* rt/Makefile (CFLAGS-clock_nanosleep.c): Move to ...
    	* time/Makefile (CFLAGS-clock_nanosleep.c): ... here.