[PATCH v4 3/5] Add GLIBC_ABI_DT_RELR for DT_RELR support
Fangrui Song
maskray@google.com
Tue Mar 1 19:31:45 GMT 2022
On 2022-03-01, H.J. Lu wrote:
>The EI_ABIVERSION field of the ELF header in executables and shared
>libraries can be bumped to indicate the minimum ABI requirement on the
>dynamic linker. However, EI_ABIVERSION in executables isn't checked by
>the Linux kernel ELF loader nor the existing dynamic linker. Executables
>will crash mysteriously if the dynamic linker doesn't support the ABI
>features required by the EI_ABIVERSION field. The dynamic linker should
>be changed to check EI_ABIVERSION in executables.
>
>Add a glibc version, GLIBC_ABI_DT_RELR, to indicate DT_RELR support so
>that the existing dynamic linkers will issue an error on executables with
>GLIBC_ABI_DT_RELR dependency. Issue an error if there is a DT_RELR entry
>without GLIBC_ABI_DT_RELR dependency nor GLIBC_PRIVATE definition.
>
>Support __placeholder_only_for_empty_version_map as the placeholder symbol
>used only for empty version map to generate GLIBC_ABI_DT_RELR without any
>symbols.
>---
> elf/Makefile | 16 ++++++++++++++--
> elf/Versions | 5 +++++
> elf/dl-version.c | 33 +++++++++++++++++++++++++++++++--
> elf/libc-abi-version.exp | 1 +
> include/link.h | 6 ++++++
> scripts/abilist.awk | 2 ++
> scripts/versions.awk | 7 ++++++-
> 7 files changed, 65 insertions(+), 5 deletions(-)
> create mode 100644 elf/libc-abi-version.exp
>
>diff --git a/elf/Makefile b/elf/Makefile
>index fd462ba315..f533d377fd 100644
>--- a/elf/Makefile
>+++ b/elf/Makefile
>@@ -1113,8 +1113,10 @@ $(eval $(call include_dsosort_tests,dso-sort-tests-1.def))
> $(eval $(call include_dsosort_tests,dso-sort-tests-2.def))
> endif
>
>-check-abi: $(objpfx)check-abi-ld.out
>-tests-special += $(objpfx)check-abi-ld.out
>+check-abi: $(objpfx)check-abi-ld.out \
>+ $(objpfx)check-abi-version-libc.out
>+tests-special += $(objpfx)check-abi-ld.out \
>+ $(objpfx)check-abi-version-libc.out
> update-abi: update-abi-ld
> update-all-abi: update-all-abi-ld
>
>@@ -2739,3 +2741,13 @@ $(objpfx)check-tst-relr-pie.out: $(objpfx)tst-relr-pie
> | sed -ne '/required from libc.so/,$$ p' \
> | grep GLIBC_ABI_DT_RELR > $@; \
> $(evaluate-test)
>+
>+$(objpfx)check-abi-version-libc.out: libc-abi-version.exp \
>+ $(objpfx)libc.symlist-abi-version
>+ cmp $^ > $@; \
>+ $(evaluate-test)
>+
>+$(objpfx)libc.symlist-abi-version: $(common-objpfx)libc.so
>+ LC_ALL=C $(OBJDUMP) --dynamic-syms $< | grep " GLIBC_ABI_" \
>+ | sed "s/0\+/00000000/g;s/[ \t]\+/ /g" > $@T
>+ mv -f $@T $@
As just mentioned on https://sourceware.org/pipermail/libc-alpha/2022-March/136764.html ,
perhaps use something like $(READELF) -V $< | grep GLIBC_ABI_DT_RELR
% nm -D a/glibc
U stat@GLIBC_2.33
% objdump --dynamic-syms a/glibc
a/glibc: file format elf64-x86-64
DYNAMIC SYMBOL TABLE:
0000000000000000 D *UND* 0000000000000000 (GLIBC_2.33) stat
% readelf -V a/glibc
Version symbols section '.gnu.version' contains 2 entries:
Addr: 0x0000000000000230 Offset: 0x000230 Link: 1 (.dynsym)
000: 0 (*local*) 2 (GLIBC_2.33)
Version needs section '.gnu.version_r' contains 1 entry:
Addr: 0x0000000000000234 Offset: 0x000234 Link: 6 (.dynstr)
000000: Version: 1 File: libc.so.6 Cnt: 2
0x0010: Name: GLIBC_2.33 Flags: none Version: 2
0x0020: Name: GLIBC_ABI_DT_RELR Flags: none Version: 3
Is there a static pie test? A static pie has DT_RELR but does not have verneed.
>diff --git a/elf/Versions b/elf/Versions
>index 8bed855d8c..a9ff278de7 100644
>--- a/elf/Versions
>+++ b/elf/Versions
>@@ -23,6 +23,11 @@ libc {
> GLIBC_2.35 {
> _dl_find_object;
> }
>+ GLIBC_ABI_DT_RELR {
>+ # This symbol is used only for empty version map and will be removed
>+ # by scripts/versions.awk.
>+ __placeholder_only_for_empty_version_map;
>+ }
> GLIBC_PRIVATE {
> # functions used in other libraries
> __libc_early_init;
>diff --git a/elf/dl-version.c b/elf/dl-version.c
>index b47bd91727..720ec596a5 100644
>--- a/elf/dl-version.c
>+++ b/elf/dl-version.c
>@@ -214,12 +214,20 @@ _dl_check_map_versions (struct link_map *map, int verbose, int trace_mode)
> while (1)
> {
> /* Match the symbol. */
>+ const char *string = strtab + aux->vna_name;
> result |= match_symbol (DSO_FILENAME (map->l_name),
> map->l_ns, aux->vna_hash,
>- strtab + aux->vna_name,
>- needed->l_real, verbose,
>+ string, needed->l_real, verbose,
> aux->vna_flags & VER_FLG_WEAK);
>
>+ if (map->l_abi_version == lav_none
>+ /* 0xfd0e42: _dl_elf_hash ("GLIBC_ABI_DT_RELR"). */
>+ && aux->vna_hash == 0xfd0e42
>+ && __glibc_likely (strcmp (string,
>+ "GLIBC_ABI_DT_RELR")
>+ == 0))
>+ map->l_abi_version = lav_dt_relr_ref;
>+
> /* Compare the version index. */
> if ((unsigned int) (aux->vna_other & 0x7fff) > ndx_high)
> ndx_high = aux->vna_other & 0x7fff;
>@@ -253,6 +261,16 @@ _dl_check_map_versions (struct link_map *map, int verbose, int trace_mode)
> ent = (ElfW(Verdef) *) (map->l_addr + def->d_un.d_ptr);
> while (1)
> {
>+ /* 0x0963cf85: _dl_elf_hash ("GLIBC_PRIVATE"). */
>+ if (ent->vd_hash == 0x0963cf85)
>+ {
>+ ElfW(Verdaux) *aux = (ElfW(Verdaux) *) ((char *) ent
>+ + ent->vd_aux);
>+ if (__glibc_likely (strcmp ("GLIBC_PRIVATE",
>+ strtab + aux->vda_name) == 0))
>+ map->l_abi_version = lav_private_def;
>+ }
>+
> if ((unsigned int) (ent->vd_ndx & 0x7fff) > ndx_high)
> ndx_high = ent->vd_ndx & 0x7fff;
>
>@@ -352,6 +370,17 @@ _dl_check_map_versions (struct link_map *map, int verbose, int trace_mode)
> }
> }
>
>+ /* Issue an error if there is a DT_RELR entry without GLIBC_ABI_DT_RELR
>+ dependency nor GLIBC_PRIVATE definition. */
>+ if (map->l_info[DT_RELR] != NULL
>+ && __glibc_unlikely (map->l_abi_version == lav_none))
>+ {
>+ _dl_exception_create
>+ (&exception, DSO_FILENAME (map->l_name),
>+ N_("DT_RELR without GLIBC_ABI_DT_RELR dependency"));
>+ goto call_error;
>+ }
>+
> return result;
> }
>
>diff --git a/elf/libc-abi-version.exp b/elf/libc-abi-version.exp
>new file mode 100644
>index 0000000000..ff8506b3ba
>--- /dev/null
>+++ b/elf/libc-abi-version.exp
>@@ -0,0 +1 @@
>+00000000 g DO *ABS* 00000000 GLIBC_ABI_DT_RELR GLIBC_ABI_DT_RELR
>diff --git a/include/link.h b/include/link.h
>index 03db14c7b0..8ec5e35cf2 100644
>--- a/include/link.h
>+++ b/include/link.h
>@@ -177,6 +177,12 @@ struct link_map
> lt_library, /* Library needed by main executable. */
> lt_loaded /* Extra run-time loaded shared object. */
> } l_type:2;
>+ enum /* ABI dependency of this object. */
>+ {
>+ lav_none, /* No ABI dependency. */
>+ lav_dt_relr_ref, /* Need GLIBC_ABI_DT_RELR. */
>+ lav_private_def /* Define GLIBC_PRIVATE. */
>+ } l_abi_version:2;
> unsigned int l_relocated:1; /* Nonzero if object's relocations done. */
> unsigned int l_init_called:1; /* Nonzero if DT_INIT function called. */
> unsigned int l_global:1; /* Nonzero if object in _dl_global_scope. */
>diff --git a/scripts/abilist.awk b/scripts/abilist.awk
>index 24a34ccbed..6cc7af6ac8 100644
>--- a/scripts/abilist.awk
>+++ b/scripts/abilist.awk
>@@ -55,6 +55,8 @@ $2 == "g" || $2 == "w" && (NF == 7 || NF == 8) {
> # caused STV_HIDDEN symbols to appear in .dynsym, though that is useless.
> if (NF > 7 && $7 == ".hidden") next;
>
>+ if (version ~ /^GLIBC_ABI_/ && !include_abi_version) next;
>+
> if (version == "GLIBC_PRIVATE" && !include_private) next;
>
> desc = "";
>diff --git a/scripts/versions.awk b/scripts/versions.awk
>index 357ad1355e..d70b07bd1a 100644
>--- a/scripts/versions.awk
>+++ b/scripts/versions.awk
>@@ -185,8 +185,13 @@ END {
> closeversion(oldver, veryoldver);
> veryoldver = oldver;
> }
>- printf("%s {\n global:\n", $2) > outfile;
> oldver = $2;
>+ # Skip the placeholder symbol used only for empty version map.
>+ if ($3 == "__placeholder_only_for_empty_version_map;") {
>+ printf("%s {\n", $2) > outfile;
>+ continue;
>+ }
>+ printf("%s {\n global:\n", $2) > outfile;
> }
> printf(" ") > outfile;
> for (n = 3; n <= NF; ++n) {
>--
>2.35.1
>
More information about the Libc-alpha
mailing list