This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi!
As the attached testcase shows, stack is not sufficiently aligned
in DSO constructors called from _dl_init (before control has been transfered
to program's _start).
While looking at this, I have noticed that audit changes changed a few
things:
1) binary's destructors used to be run after DSO destructors, now they are
run first - is this intentional?
2) if we don't run __libc_csu_fini at all, then I wonder if we shouldn't
take the #if 0 out from __libc_csu_fini, it is just a few bytes.
With the #if 0 in csu/elf-init.c it means if you compile/link a program
against glibc with the audit patch in, but mistakenly run it against
older glibc, then unless it will be caught by newer symbol versions
(that's certainly not certain, especially if the two glibc's aren't
that far appart), the destructors will not be silently run, which
is a bad thing.
2005-01-21 Jakub Jelinek <jakub@redhat.com>
* elf/Makefile: Add rules to build and run tst-align2.
* elf/tst-align2.c: New test.
* elf/tst-alignmod2.c: New file.
* sysdeps/powerpc/tst-stack-align.h: New file.
* sysdeps/i386/dl-machine.h (RTLD_START): Align stack and clear frame
pointer before calling _dl_init.
* sysdeps/x86_64/dl-machine.h (RTLD_START): Likewise.
--- libc/elf/Makefile.jj 2005-01-19 14:15:48.000000000 +0100
+++ libc/elf/Makefile 2005-01-21 10:24:34.348626416 +0100
@@ -72,7 +72,7 @@ distribute := rtld-Rules \
tst-tlsmod1.c tst-tlsmod2.c tst-tlsmod3.c tst-tlsmod4.c \
tst-tlsmod5.c tst-tlsmod6.c tst-tlsmod7.c tst-tlsmod8.c \
tst-tlsmod9.c tst-tlsmod10.c tst-tlsmod11.c \
- tst-tlsmod12.c tst-tls10.h tst-alignmod.c \
+ tst-tlsmod12.c tst-tls10.h tst-alignmod.c tst-alignmod2.c \
circlemod1.c circlemod1a.c circlemod2.c circlemod2a.c \
circlemod3.c circlemod3a.c nodlopenmod2.c \
tls-macros.h \
@@ -154,7 +154,7 @@ tests += loadtest restest1 preloadtest l
restest2 next dblload dblunload reldep5 reldep6 reldep7 reldep8 \
circleload1 tst-tls3 tst-tls4 tst-tls5 tst-tls6 tst-tls7 tst-tls8 \
tst-tls10 tst-tls11 tst-tls12 tst-tls13 tst-tls14 tst-align \
- $(tests-execstack-$(have-z-execstack)) tst-dlmodcount \
+ tst-align2 $(tests-execstack-$(have-z-execstack)) tst-dlmodcount \
tst-dlopenrpath tst-deep1 tst-dlmopen1 tst-dlmopen2 tst-dlmopen3 \
tst-audit1
# reldep9
@@ -188,7 +188,8 @@ modules-names = testobj1 testobj2 testob
circlemod3 circlemod3a \
reldep8mod1 reldep8mod2 reldep8mod3 \
reldep9mod1 reldep9mod2 reldep9mod3 \
- tst-alignmod $(modules-execstack-$(have-z-execstack)) \
+ tst-alignmod tst-alignmod2 \
+ $(modules-execstack-$(have-z-execstack)) \
tst-dlopenrpathmod tst-deep1mod1 tst-deep1mod2 tst-deep1mod3 \
tst-dlmopen1mod tst-auditmod1
ifeq (yes,$(have-initfini-array))
@@ -670,9 +671,12 @@ $(objpfx)tst-tls14: $(objpfx)tst-tlsmod
$(objpfx)tst-tls14.out:$(objpfx)tst-tlsmod14b.so
CFLAGS-tst-align.c = $(stack-align-test-flags)
+CFLAGS-tst-align2.c = $(stack-align-test-flags)
CFLAGS-tst-alignmod.c = $(stack-align-test-flags)
+CFLAGS-tst-alignmod2.c = $(stack-align-test-flags)
$(objpfx)tst-align: $(libdl)
$(objpfx)tst-align.out: $(objpfx)tst-alignmod.so
+$(objpfx)tst-align2: $(objpfx)tst-alignmod2.so
ifdef libdl
$(objpfx)tst-tls9-static: $(common-objpfx)dlfcn/libdl.a
--- libc/elf/tst-align2.c.jj 2005-01-20 19:04:41.000000000 +0100
+++ libc/elf/tst-align2.c 2005-01-21 10:36:50.140470628 +0100
@@ -0,0 +1,157 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+ Contributed by Jakub Jelinek <jakub@redhat.com>, 2005.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <tst-stack-align.h>
+#include <unistd.h>
+
+static int res, fds[2], result;
+static bool test_destructors;
+
+extern void in_dso (int *, bool *, int *);
+
+static void __attribute__ ((constructor)) con (void)
+{
+ res = TEST_STACK_ALIGN () ? -1 : 1;
+}
+
+static void __attribute__ ((destructor)) des (void)
+{
+ if (!test_destructors)
+ return;
+
+ char c = TEST_STACK_ALIGN () ? 'B' : 'A';
+ write (fds[1], &c, 1);
+}
+
+static int
+do_test (void)
+{
+ if (!res)
+ {
+ puts ("binary's constructor has not been run");
+ result = 1;
+ }
+ else if (res != 1)
+ {
+ puts ("binary's constructor has been run without sufficient alignment");
+ result = 1;
+ }
+
+ if (TEST_STACK_ALIGN ())
+ {
+ puts ("insufficient stack alignment in do_test");
+ result = 1;
+ }
+
+ in_dso (&result, &test_destructors, &fds[1]);
+
+ if (pipe (fds) < 0)
+ {
+ printf ("couldn't create pipe: %m\n");
+ return 1;
+ }
+
+ pid_t pid = fork ();
+ if (pid < 0)
+ {
+ printf ("fork failed: %m\n");
+ return 1;
+ }
+
+ if (!pid)
+ {
+ close (fds[0]);
+ test_destructors = true;
+ exit (0);
+ }
+
+ close (fds[1]);
+
+ unsigned char c;
+ ssize_t len;
+ int des_seen = 0, dso_des_seen = 0;
+ while ((len = TEMP_FAILURE_RETRY (read (fds[0], &c, 1))) > 0)
+ {
+ switch (c)
+ {
+ case 'B':
+ puts ("insufficient alignment in binary's destructor");
+ result = 1;
+ /* FALLTHROUGH */
+ case 'A':
+ des_seen++;
+ break;
+ case 'D':
+ puts ("insufficient alignment in DSO destructor");
+ result = 1;
+ /* FALLTHROUGH */
+ case 'C':
+ dso_des_seen++;
+ break;
+ default:
+ printf ("unexpected character %x read from pipe", c);
+ result = 1;
+ break;
+ }
+ }
+
+ close (fds[0]);
+
+ if (des_seen != 1)
+ {
+ printf ("binary destructor run %d times instead of once\n", des_seen);
+ result = 1;
+ }
+
+ if (dso_des_seen != 1)
+ {
+ printf ("DSO destructor run %d times instead of once\n", dso_des_seen);
+ result = 1;
+ }
+
+ int status;
+ pid_t termpid;
+ termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0));
+ if (termpid == -1)
+ {
+ printf ("waitpid failed: %m\n");
+ result = 1;
+ }
+ else if (termpid != pid)
+ {
+ printf ("waitpid returned %ld != %ld\n",
+ (long int) termpid, (long int) pid);
+ result = 1;
+ }
+ else if (!WIFEXITED (status) || WEXITSTATUS (status))
+ {
+ puts ("child hasn't exited with exit status 0");
+ result = 1;
+ }
+
+ return result;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
--- libc/elf/tst-alignmod2.c.jj 2005-01-21 10:23:38.183636295 +0100
+++ libc/elf/tst-alignmod2.c 2005-01-21 10:51:16.971925777 +0100
@@ -0,0 +1,60 @@
+/* Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+ Contributed by Jakub Jelinek <jakub@redhat.com>, 2003.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <tst-stack-align.h>
+#include <unistd.h>
+
+static int res, *fdp;
+static bool *test_destructorsp;
+
+static void __attribute__((constructor))
+con (void)
+{
+ res = TEST_STACK_ALIGN () ? -1 : 1;
+}
+
+void
+in_dso (int *result, bool *test_destructors, int *fd)
+{
+ if (!res)
+ {
+ puts ("constructor has not been run");
+ *result = 1;
+ }
+ else if (res != 1)
+ {
+ puts ("constructor has been run without sufficient alignment");
+ *result = 1;
+ }
+
+ test_destructorsp = test_destructors;
+ fdp = fd;
+}
+
+static void __attribute__((destructor))
+des (void)
+{
+ if (!test_destructorsp || !*test_destructorsp)
+ return;
+
+ char c = TEST_STACK_ALIGN () ? 'D' : 'C';
+ write (*fdp, &c, 1);
+}
--- libc/sysdeps/powerpc/tst-stack-align.h.jj 2005-01-21 12:06:39.500717589 +0100
+++ libc/sysdeps/powerpc/tst-stack-align.h 2005-01-21 12:10:06.605797193 +0100
@@ -0,0 +1,47 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <stdio.h>
+#include <stdint.h>
+
+#define TEST_STACK_ALIGN() \
+ ({ \
+ /* Altivec __vector int etc. needs 16byte aligned stack. \
+ Instead of using altivec.h here, use aligned attribute instead. */ \
+ struct _S \
+ { \
+ int _i __attribute__((aligned (16))); \
+ int _j[3]; \
+ } _s = { ._i = 18, ._j[0] = 19, ._j[1] = 20, ._j[2] = 21 }; \
+ double _d = 12.0; \
+ long double _ld = 15.0; \
+ int _ret = 0; \
+ printf ("__vector int: { %d, %d, %d, %d } %p %zu\n", _s._i, _s._j[0], \
+ _s._j[1], _s._j[2], &_s, __alignof (_s)); \
+ if ((((uintptr_t) &_s) & (__alignof (_s) - 1)) != 0) \
+ _ret = 1; \
+ \
+ printf ("double: %g %p %zu\n", _d, &_d, __alignof (double)); \
+ if ((((uintptr_t) &_d) & (__alignof (double) - 1)) != 0) \
+ _ret = 1; \
+ \
+ printf ("ldouble: %Lg %p %zu\n", _ld, &_ld, __alignof (long double)); \
+ if ((((uintptr_t) &_ld) & (__alignof (long double) - 1)) != 0) \
+ _ret = 1; \
+ _ret; \
+ })
--- libc/sysdeps/i386/dl-machine.h.jj 2005-01-08 16:50:24.000000000 +0100
+++ libc/sysdeps/i386/dl-machine.h 2005-01-21 11:28:54.109445947 +0100
@@ -1,5 +1,5 @@
/* Machine-dependent ELF dynamic relocation inline functions. i386 version.
- Copyright (C) 1995-2002, 2003, 2004 Free Software Foundation, Inc.
+ Copyright (C) 1995-2002, 2003, 2004, 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -215,11 +215,21 @@ _dl_start_user:\n\
movl _rtld_local@GOTOFF(%ebx), %eax\n\
leal 8(%esp,%edx,4), %esi\n\
leal 4(%esp), %ecx\n\
+ movl %esp, %ebp\n\
+ # Make sure _dl_init is run with 16 byte aligned stack.\n\
+ andl $-16, %esp\n\
+ pushl %eax\n\
+ pushl %eax\n\
+ pushl %ebp\n\
pushl %esi\n\
+ # Clear %ebp, so that even constructors have terminated backchain.\n\
+ xorl %ebp, %ebp\n\
# Call the function to run the initializers.\n\
call _dl_init_internal@PLT\n\
# Pass our finalizer function to the user in %edx, as per ELF ABI.\n\
leal _dl_fini@GOTOFF(%ebx), %edx\n\
+ # Restore %esp _start expects.\n\
+ movl (%esp), %esp\n\
# Jump to the user's entry point.\n\
jmp *%edi\n\
.previous\n\
--- libc/sysdeps/x86_64/dl-machine.h.jj 2005-01-08 16:50:30.000000000 +0100
+++ libc/sysdeps/x86_64/dl-machine.h 2005-01-21 11:30:34.766494084 +0100
@@ -1,5 +1,5 @@
/* Machine-dependent ELF dynamic relocation inline functions. x86-64 version.
- Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+ Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Andreas Jaeger <aj@suse.de>.
@@ -159,16 +159,24 @@ _dl_start_user:\n\
# Call _dl_init (struct link_map *main_map, int argc, char **argv, char **env)\n\
# argc -> rsi\n\
movq %rdx, %rsi\n\
+ # Save %rsp value in %r13.\n\
+ movq %rsp, %r13\n\
+ # And align stack for the _dl_init_internal call. \n\
+ andq $-16, %rsp\n\
# _dl_loaded -> rdi\n\
movq _rtld_local(%rip), %rdi\n\
# env -> rcx\n\
- leaq 16(%rsp,%rdx,8), %rcx\n\
+ leaq 16(%r13,%rdx,8), %rcx\n\
# argv -> rdx\n\
- leaq 8(%rsp), %rdx\n\
+ leaq 8(%r13), %rdx\n\
+ # Clear %rbp to mark outermost frame obviously even for constructors.\n\
+ xorl %rbp, %rbp\n\
# Call the function to run the initializers.\n\
call _dl_init_internal@PLT\n\
# Pass our finalizer function to the user in %rdx, as per ELF ABI.\n\
leaq _dl_fini(%rip), %rdx\n\
+ # And make sure %rsp points to argc stored on the stack.\n\
+ movq %r13, %rsp\n\
# Jump to the user's entry point.\n\
jmp *%r12\n\
.previous\n\
Jakub
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |