|
 |
8a8cfb |
commit a332bd1518af518c984fad73eba6f46dc5b2b2d4
|
|
|
8a8cfb |
Author: Florian Weimer <fweimer@redhat.com>
|
|
|
8a8cfb |
Date: Thu Jan 16 16:53:58 2020 +0100
|
|
|
8a8cfb |
|
|
|
8a8cfb |
elf: Add elf/tst-dlopenfail-2 [BZ #25396]
|
|
|
8a8cfb |
|
|
|
8a8cfb |
Without CET, a jump into a newly loaded object through an overwritten
|
|
|
8a8cfb |
link map often does not crash, it just executes some random code.
|
|
|
8a8cfb |
CET detects this in some cases because the function pointer does not
|
|
|
8a8cfb |
point to the start of a function in the replacement shared object,
|
|
|
8a8cfb |
so there is no ENDBR instruction.
|
|
|
8a8cfb |
|
|
|
8a8cfb |
The new test uses a small shared object and the existing dangling
|
|
|
8a8cfb |
link map to trigger the bug.
|
|
|
8a8cfb |
|
|
|
8a8cfb |
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
|
8a8cfb |
|
|
|
8a8cfb |
Conflicts:
|
|
|
8a8cfb |
elf/Makefile
|
|
|
8a8cfb |
(Test backport differences.)
|
|
|
8a8cfb |
|
|
|
8a8cfb |
diff --git a/elf/Makefile b/elf/Makefile
|
|
|
8a8cfb |
index 16a3e8dcda19b4ba..f1a16fe8ca594c57 100644
|
|
|
8a8cfb |
--- a/elf/Makefile
|
|
|
8a8cfb |
+++ b/elf/Makefile
|
|
|
8a8cfb |
@@ -192,7 +192,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
|
|
|
8a8cfb |
tst-latepthread tst-tls-manydynamic tst-nodelete-dlclose \
|
|
|
8a8cfb |
tst-debug1 tst-main1 tst-absolute-sym tst-absolute-zero tst-big-note \
|
|
|
8a8cfb |
tst-sonamemove-link tst-sonamemove-dlopen tst-initfinilazyfail \
|
|
|
8a8cfb |
- tst-dlopenfail
|
|
|
8a8cfb |
+ tst-dlopenfail tst-dlopenfail-2
|
|
|
8a8cfb |
# reldep9
|
|
|
8a8cfb |
tests-internal += loadtest unload unload2 circleload1 \
|
|
|
8a8cfb |
neededtest neededtest2 neededtest3 neededtest4 \
|
|
|
8a8cfb |
@@ -301,7 +301,8 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
|
|
|
8a8cfb |
tst-sonamemove-linkmod1 \
|
|
|
8a8cfb |
tst-sonamemove-runmod1 tst-sonamemove-runmod2 \
|
|
|
8a8cfb |
tst-initlazyfailmod tst-finilazyfailmod \
|
|
|
8a8cfb |
- tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2
|
|
|
8a8cfb |
+ tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \
|
|
|
8a8cfb |
+ tst-dlopenfailmod3
|
|
|
8a8cfb |
|
|
|
8a8cfb |
ifeq (yes,$(have-mtls-dialect-gnu2))
|
|
|
8a8cfb |
tests += tst-gnu2-tls1
|
|
|
8a8cfb |
@@ -1569,6 +1570,10 @@ $(objpfx)tst-dlopenfailmod1.so: \
|
|
|
8a8cfb |
$(shared-thread-library) $(objpfx)tst-dlopenfaillinkmod.so
|
|
|
8a8cfb |
LDFLAGS-tst-dlopenfaillinkmod.so = -Wl,-soname,tst-dlopenfail-missingmod.so
|
|
|
8a8cfb |
$(objpfx)tst-dlopenfailmod2.so: $(shared-thread-library)
|
|
|
8a8cfb |
+$(objpfx)tst-dlopenfail-2: $(libdl)
|
|
|
8a8cfb |
+$(objpfx)tst-dlopenfail.out: \
|
|
|
8a8cfb |
+ $(objpfx)tst-dlopenfailmod1.so $(objpfx)tst-dlopenfailmod2.so \
|
|
|
8a8cfb |
+ $(objpfx)tst-dlopenfailmod3.so
|
|
|
8a8cfb |
|
|
|
8a8cfb |
$(objpfx)tst-dlopen-nodelete-reloc: $(libdl)
|
|
|
8a8cfb |
$(objpfx)tst-dlopen-nodelete-reloc.out: \
|
|
|
8a8cfb |
diff --git a/elf/tst-dlopenfail-2.c b/elf/tst-dlopenfail-2.c
|
|
|
8a8cfb |
new file mode 100644
|
|
|
8a8cfb |
index 0000000000000000..35bbde64abbb6603
|
|
|
8a8cfb |
--- /dev/null
|
|
|
8a8cfb |
+++ b/elf/tst-dlopenfail-2.c
|
|
|
8a8cfb |
@@ -0,0 +1,59 @@
|
|
|
8a8cfb |
+/* Test unrelated dlopen after dlopen failure involving NODELETE.
|
|
|
8a8cfb |
+ Copyright (C) 2019-2020 Free Software Foundation, Inc.
|
|
|
8a8cfb |
+ This file is part of the GNU C Library.
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ The GNU C Library is free software; you can redistribute it and/or
|
|
|
8a8cfb |
+ modify it under the terms of the GNU Lesser General Public
|
|
|
8a8cfb |
+ License as published by the Free Software Foundation; either
|
|
|
8a8cfb |
+ version 2.1 of the License, or (at your option) any later version.
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
|
8a8cfb |
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
8a8cfb |
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
8a8cfb |
+ Lesser General Public License for more details.
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ You should have received a copy of the GNU Lesser General Public
|
|
|
8a8cfb |
+ License along with the GNU C Library; if not, see
|
|
|
8a8cfb |
+ <https://www.gnu.org/licenses/>. */
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+#include <dlfcn.h>
|
|
|
8a8cfb |
+#include <errno.h>
|
|
|
8a8cfb |
+#include <gnu/lib-names.h>
|
|
|
8a8cfb |
+#include <stddef.h>
|
|
|
8a8cfb |
+#include <stdio.h>
|
|
|
8a8cfb |
+#include <string.h>
|
|
|
8a8cfb |
+#include <support/check.h>
|
|
|
8a8cfb |
+#include <support/xdlfcn.h>
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+static int
|
|
|
8a8cfb |
+do_test (void)
|
|
|
8a8cfb |
+{
|
|
|
8a8cfb |
+ /* This test uses libpthread as the canonical NODELETE module. If
|
|
|
8a8cfb |
+ libpthread is no longer NODELETE because it has been merged into
|
|
|
8a8cfb |
+ libc, the test needs to be updated. */
|
|
|
8a8cfb |
+ TEST_VERIFY (dlsym (NULL, "pthread_create") == NULL);
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ /* This is expected to fail because of the missing dependency. */
|
|
|
8a8cfb |
+ puts ("info: attempting to load tst-dlopenfailmod1.so");
|
|
|
8a8cfb |
+ TEST_VERIFY (dlopen ("tst-dlopenfailmod1.so", RTLD_LAZY) == NULL);
|
|
|
8a8cfb |
+ const char *message = dlerror ();
|
|
|
8a8cfb |
+ TEST_COMPARE_STRING (message,
|
|
|
8a8cfb |
+ "tst-dlopenfail-missingmod.so:"
|
|
|
8a8cfb |
+ " cannot open shared object file:"
|
|
|
8a8cfb |
+ " No such file or directory");
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ /* Open a small shared object. With a dangling GL (dl_initfirst)
|
|
|
8a8cfb |
+ pointer, this is likely to crash because there is no longer any
|
|
|
8a8cfb |
+ mapped text segment there (bug 25396). */
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ puts ("info: attempting to load tst-dlopenfailmod3.so");
|
|
|
8a8cfb |
+ xdlclose (xdlopen ("tst-dlopenfailmod3.so", RTLD_NOW));
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ return 0;
|
|
|
8a8cfb |
+}
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+/* Do not perturb the dangling link map. With M_PERTURB, the link map
|
|
|
8a8cfb |
+ appears to have l_init_called set, so there are no constructor
|
|
|
8a8cfb |
+ calls and no crashes. */
|
|
|
8a8cfb |
+#define TEST_NO_MALLOPT
|
|
|
8a8cfb |
+#include <support/test-driver.c>
|
|
|
8a8cfb |
diff --git a/elf/tst-dlopenfailmod3.c b/elf/tst-dlopenfailmod3.c
|
|
|
8a8cfb |
new file mode 100644
|
|
|
8a8cfb |
index 0000000000000000..636e971264292110
|
|
|
8a8cfb |
--- /dev/null
|
|
|
8a8cfb |
+++ b/elf/tst-dlopenfailmod3.c
|
|
|
8a8cfb |
@@ -0,0 +1,17 @@
|
|
|
8a8cfb |
+/* Empty module for the tst-dlopenfail-2 test.
|
|
|
8a8cfb |
+ Copyright (C) 2020 Free Software Foundation, Inc.
|
|
|
8a8cfb |
+ This file is part of the GNU C Library.
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ The GNU C Library is free software; you can redistribute it and/or
|
|
|
8a8cfb |
+ modify it under the terms of the GNU Lesser General Public
|
|
|
8a8cfb |
+ License as published by the Free Software Foundation; either
|
|
|
8a8cfb |
+ version 2.1 of the License, or (at your option) any later version.
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
|
8a8cfb |
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
8a8cfb |
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
8a8cfb |
+ Lesser General Public License for more details.
|
|
|
8a8cfb |
+
|
|
|
8a8cfb |
+ You should have received a copy of the GNU Lesser General Public
|
|
|
8a8cfb |
+ License along with the GNU C Library; if not, see
|
|
|
8a8cfb |
+ <https://www.gnu.org/licenses/>. */
|