Bug 18422 - elf/tst-audit tests fail without PLT entries
Summary: elf/tst-audit tests fail without PLT entries
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: dynamic-link (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.22
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-16 14:05 UTC by H.J. Lu
Modified: 2015-05-28 12:11 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description H.J. Lu 2015-05-16 14:05:38 UTC 
PLT entries aren't required when -z now used.  Linker on master with:


commit 25070364b0ce33eed46aa5d78ebebbec6accec7e
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Sat May 16 07:00:21 2015 -0700

    Don't generate PLT relocations for now binding
    
    There is no need for PLT relocations with -z now. We can use GOT
    relocations, which take less space, instead and replace 16-byte .plt
    entres with 8-byte .plt.got entries.
    
    bfd/
    
      * elf32-i386.c (elf_i386_check_relocs): Create .plt.got section
      for now binding.
      (elf_i386_allocate_dynrelocs): Use .plt.got section for now
      binding.
      * elf64-x86-64.c (elf_x86_64_check_relocs): Create .plt.got
      section for now binding.
      (elf_x86_64_allocate_dynrelocs): Use .plt.got section for now
      binding.

won't generate PLT entries with -z now and

FAIL: elf/tst-audit1
FAIL: elf/tst-audit10
FAIL: elf/tst-audit2
FAIL: elf/tst-audit3
FAIL: elf/tst-audit4
FAIL: elf/tst-audit5
FAIL: elf/tst-audit6
FAIL: elf/tst-audit7
FAIL: elf/tst-audit8
FAIL: elf/tst-audit9

fail.  Those tests should be built without -z now, even when glibc
is configured with --enable-bind-now.
Comment 1 H.J. Lu 2015-05-23 13:04:54 UTC 
The error message was

no PLTREL found in object /export/build/gnu/glibc-test/build-x86_64-linux/elf/ld.so

since ld.so was built with -z now. After

commit 3e058c9d7eab6d6361e7cda5ba1394bc1757c9f6
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri May 22 17:46:42 2015 -0700

    Don't issue an error if DT_PLTRELSZ is missing
    
    A shared object doesn't need PLT if there are no PLT relocations.  It
    shouldn't be an error if DT_PLTRELSZ is missing.
    
      [BZ #18410]
      * elf/dl-reloc.c (_dl_relocate_object): Don't issue an error
      for missing DT_PLTRELSZ.

the error message is gone.  But there is still:

FAIL: elf/tst-audit2

elf/tst-audit2.c has

/* This calloc definition will be called by the dynamic linker itself.
   We test that it has initialized our TLS block by the time it does so.  */

void *
calloc (size_t n, size_t m)
{
  if (magic[0] != MAGIC1 || magic[1] != MAGIC2)
    {
      printf ("{%x, %x} != {%x, %x}\n", magic[0], magic[1], MAGIC1, MAGIC2);
      abort ();
    }
  magic[0] = MAGIC2;
  magic[1] = MAGIC1;

Since ld.so is built with -z now, there are no PLT relocations and this calloc
won't be used:

Relocation section '.rela.dyn' at offset 0x8a8 contains 16 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000221d48  000000000008 R_X86_64_RELATIVE                    10160
000000221d50  000000000008 R_X86_64_RELATIVE                    f070
000000221d58  000000000008 R_X86_64_RELATIVE                    ee30
000000221d60  000000000008 R_X86_64_RELATIVE                    11410
000000221d68  000000000008 R_X86_64_RELATIVE                    9c10
000000221d70  000000000008 R_X86_64_RELATIVE                    129c0
000000221d78  000000000008 R_X86_64_RELATIVE                    12e20
000000221d80  000000000008 R_X86_64_RELATIVE                    14da0
000000221d88  000000000008 R_X86_64_RELATIVE                    12570
000000221d90  000000000008 R_X86_64_RELATIVE                    16e40
000000221f98  000b00000006 R_X86_64_GLOB_DAT 00000000000170d0 __libc_memalign@@GLIBC_2.2.5 + 0
000000221fa0  001700000006 R_X86_64_GLOB_DAT 00000000000171d0 malloc@@GLIBC_2.2.5 + 0
000000221fa8  000e00000006 R_X86_64_GLOB_DAT 00000000000171e0 calloc@@GLIBC_2.2.5 + 0
000000221fb0  000700000006 R_X86_64_GLOB_DAT 0000000000017390 realloc@@GLIBC_2.2.5 + 0
000000221fb8  000900000006 R_X86_64_GLOB_DAT 0000000000223120 _r_debug@@GLIBC_2.2.5 + 0
000000221fc0  000600000006 R_X86_64_GLOB_DAT 0000000000017220 free@@GLIBC_2.2.5 + 0

Assuming we do want to keep PLT relocations in ld.so so that malloc functions
in ld.so can be overridden, I don't think ld.so should be built with -z now.
There is no reason to build ld.so with -z now since ld.so is the one doing
BIND_NOW.  The only thing we get with -z now on ld.so is

 0x0000000000000018 (BIND_NOW)           
 0x000000006ffffffb (FLAGS_1)            Flags: NOW
Comment 2 Sourceware Commits 2015-05-25 12:03:05 UTC 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, hjl/pr18422 has been created
        at  df5dc4f32dc00eecd24534275ad82e1a3b49335a (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=df5dc4f32dc00eecd24534275ad82e1a3b49335a

commit df5dc4f32dc00eecd24534275ad82e1a3b49335a
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Sat May 23 06:05:19 2015 -0700

    Don't build ld.so with -Wl,-z,now
    
    PLT entries aren't required when -z now used.  Linker on master with:
    
    commit 25070364b0ce33eed46aa5d78ebebbec6accec7e
    Author: H.J. Lu <hjl.tools@gmail.com>
    Date:   Sat May 16 07:00:21 2015 -0700
    
        Don't generate PLT relocations for now binding
    
        There is no need for PLT relocations with -z now. We can use GOT
        relocations, which take less space, instead and replace 16-byte .plt
        entres with 8-byte .plt.got entries.
    
        bfd/
    
          * elf32-i386.c (elf_i386_check_relocs): Create .plt.got section
          for now binding.
          (elf_i386_allocate_dynrelocs): Use .plt.got section for now
          binding.
          * elf64-x86-64.c (elf_x86_64_check_relocs): Create .plt.got
          section for now binding.
          (elf_x86_64_allocate_dynrelocs): Use .plt.got section for now
          binding.
    
    won't generate PLT entries with -z now.  elf/tst-audit2.c has
    
    /* This calloc definition will be called by the dynamic linker itself.
       We test that it has initialized our TLS block by the time it does so.
    */
    
    void *
    calloc (size_t n, size_t m)
    {
      if (magic[0] != MAGIC1 || magic[1] != MAGIC2)
        {
          printf ("{%x, %x} != {%x, %x}\n", magic[0], magic[1], MAGIC1, MAGIC2);
          abort ();
        }
      magic[0] = MAGIC2;
      magic[1] = MAGIC1;
    
    Since ld.so is built with -z now, there are no PLT relocations and this
    calloc won't be used:
    
    Relocation section '.rela.dyn' at offset 0x66c contains 16 entries:
     Offset     Info    Type            Sym.Value  Sym. Name + Addend
    00222e88  00000008 R_X86_64_RELATIVE            10970
    00222e8c  00000008 R_X86_64_RELATIVE            f8f0
    00222e90  00000008 R_X86_64_RELATIVE            f6c0
    00222e94  00000008 R_X86_64_RELATIVE            11bd0
    00222e98  00000008 R_X86_64_RELATIVE            a1b0
    00222e9c  00000008 R_X86_64_RELATIVE            130c0
    00222ea0  00000008 R_X86_64_RELATIVE            13c50
    00222ea4  00000008 R_X86_64_RELATIVE            15fc0
    00222ea8  00000008 R_X86_64_RELATIVE            12cd0
    00222eac  00000008 R_X86_64_RELATIVE            17f90
    00222fbc  00000a06 R_X86_64_GLOB_DAT 00018230	__libc_memalign@@GLIBC_2.16 + 0
    00222fc4  00001506 R_X86_64_GLOB_DAT 00018300   malloc@@GLIBC_2.16 + 0
    00222fcc  00000d06 R_X86_64_GLOB_DAT 00018310   calloc@@GLIBC_2.16 + 0
    00222fd4  00000506 R_X86_64_GLOB_DAT 000184a0   realloc@@GLIBC_2.16 + 0
    00222fdc  00000706 R_X86_64_GLOB_DAT 002239a0   _r_debug@@GLIBC_2.16 + 0
    00222fe4  00000406 R_X86_64_GLOB_DAT 00018340   free@@GLIBC_2.16 + 0
    
    Assuming we do want to keep PLT relocations in ld.so so that malloc
    functions in ld.so can be overridden, ld.so should be built with -z now.
    There is no reason to build ld.so with -z now since ld.so is the one
    doing BIND_NOW.  The only thing we get with -z now on ld.so is DT tag:
    
     0x0000000000000018 (BIND_NOW)
     0x000000006ffffffb (FLAGS_1)            Flags: NOW
    
    This patch removes -Wl,-z,now from ld.so build.
    
    	[BZ #18422]
    	* elf/Makefile (z-now-yes): Removed.
    	($(objpfx)ld.so): Remove $(z-now-$(bind-now)).

-----------------------------------------------------------------------
Comment 3 Sourceware Commits 2015-05-28 12:08:30 UTC 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  58007e9e68913290b1f4f73afc1055f779a8ed5d (commit)
      from  be2e25bbd78f9fdf27bed254d02915d019c5b363 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=58007e9e68913290b1f4f73afc1055f779a8ed5d

commit 58007e9e68913290b1f4f73afc1055f779a8ed5d
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Thu May 28 05:06:27 2015 -0700

    Make sure that calloc is called at least once
    
    PLT relocations aren't required when -z now used.  Linker on master with:
    
    commit 25070364b0ce33eed46aa5d78ebebbec6accec7e
    Author: H.J. Lu <hjl.tools@gmail.com>
    Date:   Sat May 16 07:00:21 2015 -0700
    
        Don't generate PLT relocations for now binding
    
        There is no need for PLT relocations with -z now. We can use GOT
        relocations, which take less space, instead and replace 16-byte .plt
        entres with 8-byte .plt.got entries.
    
        bfd/
    
          * elf32-i386.c (elf_i386_check_relocs): Create .plt.got section
          for now binding.
          (elf_i386_allocate_dynrelocs): Use .plt.got section for now
          binding.
          * elf64-x86-64.c (elf_x86_64_check_relocs): Create .plt.got
          section for now binding.
          (elf_x86_64_allocate_dynrelocs): Use .plt.got section for now
          binding.
    
    won't generate PLT relocations with -z now.  elf/tst-audit2.c expect
    certain order of execution in ld.so. �With PLT relocations, the GOTPLT
    entry of calloc is update to calloc defined in tst-audit2:
    
    (gdb) bt
    � � skip_ifunc=<optimized out>, reloc_addr_arg=<optimized out>,
    � � version=<optimized out>, sym=<optimized out>, map=<optimized out>)
    � � at ../sysdeps/i386/dl-machine.h:329
    out>,
    � � nrelative=<optimized out>, relsize=<optimized out>,
    � � reladdr=<optimized out>, map=<optimized out>) at do-rel.h:137
    reloc_mode=reloc_mode@entry=0,
    � � consider_profiling=1, consider_profiling@entry=0) at dl-reloc.c:258
    � � user_entry=0xffffcf1c, auxv=0xffffd0a8) at rtld.c:2133
    � � start_argptr=start_argptr@entry=0xffffcfb0,
    � � dl_main=dl_main@entry=0xf7fda6f0 <dl_main>) at
    ../elf/dl-sysdep.c:249
    � �from /export/build/gnu/glibc-32bit/build-i686-linux/elf/ld.so
    (gdb)
    
    and then calloc is called:
    
    (gdb) c
    Continuing.
    
    Breakpoint 4, calloc (n=n@entry=20, m=4) at tst-audit2.c:18
    18 {
    (gdb) bt
    � � reloc_mode=reloc_mode@entry=0, consider_profiling=1,
    � � consider_profiling@entry=0) at dl-reloc.c:272
    � � user_entry=0xffffcf1c, auxv=0xffffd0a8) at rtld.c:2133
    � � start_argptr=start_argptr@entry=0xffffcfb0,
    � � dl_main=dl_main@entry=0xf7fda6f0 <dl_main>) at
    ../elf/dl-sysdep.c:249
    � �from /export/build/gnu/glibc-32bit/build-i686-linux/elf/ld.so
    (gdb)
    
    With GOT relocation, calloc in ld.so is called first:
    
    (gdb) bt
    � � consider_profiling=1) at dl-reloc.c:272
    � � user_entry=0xffffcf0c, auxv=0xffffd098) at rtld.c:2074
    � � start_argptr=start_argptr@entry=0xffffcfa0,
    � � dl_main=dl_main@entry=0xf7fda6c0 <dl_main>) at
    ../elf/dl-sysdep.c:249
    � �from /export/build/gnu/glibc-32bit-test/build-i686-linux/elf/ld.so
    (gdb)
    
    and then the GOT entry of calloc is updated:
    
    (gdb) bt
    � � skip_ifunc=<optimized out>, reloc_addr_arg=<optimized out>,
    � � version=<optimized out>, sym=<optimized out>, map=<optimized out>)
    � � at ../sysdeps/i386/dl-machine.h:329
    out>,
    � � nrelative=<optimized out>, relsize=<optimized out>,
    � � reladdr=<optimized out>, map=<optimized out>) at do-rel.h:137
    reloc_mode=reloc_mode@entry=0,
    � � consider_profiling=1, consider_profiling@entry=0) at dl-reloc.c:258
    � � user_entry=0xffffcf0c, auxv=0xffffd098) at rtld.c:2133
    � � start_argptr=start_argptr@entry=0xffffcfa0,
    � � dl_main=dl_main@entry=0xf7fda6c0 <dl_main>) at
    ../elf/dl-sysdep.c:249
    � �from /export/build/gnu/glibc-32bit-test/build-i686-linux/elf/ld.so
    (gdb)
    
    After that, since calloc isn't called from ld.so nor any other modules,
    magic in tst-audit2 isn't updated. �Both orders are correct.  This patch
    makes sure that calloc in tst-audit2.c is called at least once from ld.so.
    
    	[BZ #18422]
    	* Makefile ($(objpfx)tst-audit2): Depend on $(libdl).
    	($(objpfx)tst-audit2.out): Also depend on
    	$(objpfx)tst-auditmod9b.so.
    	* elf/tst-audit2.c: Include <dlfcn.h>.
    	(calloc_called): New.
    	(calloc): Allow to be called more than once.
    	(do_test): dllopen/dlclose $ORIGIN/tst-auditmod9b.so.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog        |   11 +++++++++++
 NEWS             |    2 +-
 elf/Makefile     |    3 ++-
 elf/tst-audit2.c |   26 ++++++++++++++++++++------
 4 files changed, 34 insertions(+), 8 deletions(-)
Comment 4 H.J. Lu 2015-05-28 12:11:54 UTC 
Fixed.