abe59f
commit b2964eb1d9a6b8ab1250e8a881cf406182da5875
abe59f
Author: Florian Weimer <fweimer@redhat.com>
abe59f
Date:   Wed Apr 21 19:49:51 2021 +0200
abe59f
abe59f
    dlfcn: Failures after dlmopen should not terminate process [BZ #24772]
abe59f
    
abe59f
    Commit 9e78f6f6e7134a5f299cc8de77370218f8019237 ("Implement
abe59f
    _dl_catch_error, _dl_signal_error in libc.so [BZ #16628]") has the
abe59f
    side effect that distinct namespaces, as created by dlmopen, now have
abe59f
    separate implementations of the rtld exception mechanism.  This means
abe59f
    that the call to _dl_catch_error from libdl in a secondary namespace
abe59f
    does not actually install an exception handler because the
abe59f
    thread-local variable catch_hook in the libc.so copy in the secondary
abe59f
    namespace is distinct from that of the base namepace.  As a result, a
abe59f
    dlsym/dlopen/... failure in a secondary namespace terminates the process
abe59f
    with a dynamic linker error because it looks to the exception handler
abe59f
    mechanism as if no handler has been installed.
abe59f
    
abe59f
    This commit restores GLRO (dl_catch_error) and uses it to set the
abe59f
    handler in the base namespace.
abe59f
    
abe59f
    Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
abe59f
abe59f
Conflicts:
abe59f
	elf/Makefile
abe59f
abe59f
diff --git a/dlfcn/dlerror.c b/dlfcn/dlerror.c
abe59f
index 06732460ea1512cd..e08ac3afef302817 100644
abe59f
--- a/dlfcn/dlerror.c
abe59f
+++ b/dlfcn/dlerror.c
abe59f
@@ -167,8 +167,10 @@ _dlerror_run (void (*operate) (void *), void *args)
abe59f
       result->errstring = NULL;
abe59f
     }
abe59f
 
abe59f
-  result->errcode = _dl_catch_error (&result->objname, &result->errstring,
abe59f
-				     &result->malloced, operate, args);
abe59f
+  result->errcode = GLRO (dl_catch_error) (&result->objname,
abe59f
+					   &result->errstring,
abe59f
+					   &result->malloced,
abe59f
+					   operate, args);
abe59f
 
abe59f
   /* If no error we mark that no error string is available.  */
abe59f
   result->returned = result->errstring == NULL;
abe59f
diff --git a/elf/Makefile b/elf/Makefile
abe59f
index a811919ba4568d64..e0919486a14cab1a 100644
abe59f
--- a/elf/Makefile
abe59f
+++ b/elf/Makefile
abe59f
@@ -216,6 +216,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
abe59f
 	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
abe59f
 	 tst-tls20 tst-tls21 \
abe59f
 	 tst-rtld-run-static \
abe59f
+	 tst-dlmopen-dlerror \
abe59f
 #	 reldep9
abe59f
 tests-internal += loadtest unload unload2 circleload1 \
abe59f
 	 neededtest neededtest2 neededtest3 neededtest4 \
abe59f
@@ -349,6 +350,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
abe59f
 		libmarkermod4-1 libmarkermod4-2 libmarkermod4-3 libmarkermod4-4 \
abe59f
 		libmarkermod5-1 libmarkermod5-2 libmarkermod5-3 libmarkermod5-4 \
abe59f
 		libmarkermod5-5 tst-tls20mod-bad tst-tls21mod \
abe59f
+		tst-dlmopen-dlerror-mod \
abe59f
 
abe59f
 # Most modules build with _ISOMAC defined, but those filtered out
abe59f
 # depend on internal headers.
abe59f
@@ -1546,6 +1548,10 @@ $(objpfx)tst-sonamemove-dlopen.out: \
abe59f
   $(objpfx)tst-sonamemove-runmod1.so \
abe59f
   $(objpfx)tst-sonamemove-runmod2.so
abe59f
 
abe59f
+$(objpfx)tst-dlmopen-dlerror: $(libdl)
abe59f
+$(objpfx)tst-dlmopen-dlerror-mod.so: $(libdl) $(libsupport)
abe59f
+$(objpfx)tst-dlmopen-dlerror.out: $(objpfx)tst-dlmopen-dlerror-mod.so
abe59f
+
abe59f
 # Override -z defs, so that we can reference an undefined symbol.
abe59f
 # Force lazy binding for the same reason.
abe59f
 LDFLAGS-tst-latepthreadmod.so = \
abe59f
diff --git a/elf/dl-error-skeleton.c b/elf/dl-error-skeleton.c
abe59f
index 9cb002ccfed2c7b4..7801aa433b12275f 100644
abe59f
--- a/elf/dl-error-skeleton.c
abe59f
+++ b/elf/dl-error-skeleton.c
abe59f
@@ -248,4 +248,16 @@ _dl_receive_error (receiver_fct fct, void (*operate) (void *), void *args)
abe59f
   catch_hook = old_catch;
abe59f
   receiver = old_receiver;
abe59f
 }
abe59f
+
abe59f
+/* Forwarder used for initializing GLRO (_dl_catch_error).  */
abe59f
+int
abe59f
+_rtld_catch_error (const char **objname, const char **errstring,
abe59f
+		   bool *mallocedp, void (*operate) (void *),
abe59f
+		   void *args)
abe59f
+{
abe59f
+  /* The reference to _dl_catch_error will eventually be relocated to
abe59f
+     point to the implementation in libc.so.  */
abe59f
+  return _dl_catch_error (objname, errstring, mallocedp, operate, args);
abe59f
+}
abe59f
+
abe59f
 #endif /* DL_ERROR_BOOTSTRAP */
abe59f
diff --git a/elf/rtld.c b/elf/rtld.c
abe59f
index 461d8c114a875a9b..c445b5ca25dea193 100644
abe59f
--- a/elf/rtld.c
abe59f
+++ b/elf/rtld.c
abe59f
@@ -365,6 +365,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
abe59f
     ._dl_lookup_symbol_x = _dl_lookup_symbol_x,
abe59f
     ._dl_open = _dl_open,
abe59f
     ._dl_close = _dl_close,
abe59f
+    ._dl_catch_error = _rtld_catch_error,
abe59f
     ._dl_tls_get_addr_soft = _dl_tls_get_addr_soft,
abe59f
 #ifdef HAVE_DL_DISCOVER_OSVERSION
abe59f
     ._dl_discover_osversion = _dl_discover_osversion
abe59f
diff --git a/elf/tst-dlmopen-dlerror-mod.c b/elf/tst-dlmopen-dlerror-mod.c
abe59f
new file mode 100644
abe59f
index 0000000000000000..7e95dcdeacf005be
abe59f
--- /dev/null
abe59f
+++ b/elf/tst-dlmopen-dlerror-mod.c
abe59f
@@ -0,0 +1,41 @@
abe59f
+/* Check that dlfcn errors are reported properly after dlmopen.  Test module.
abe59f
+   Copyright (C) 2021 Free Software Foundation, Inc.
abe59f
+   This file is part of the GNU C Library.
abe59f
+
abe59f
+   The GNU C Library is free software; you can redistribute it and/or
abe59f
+   modify it under the terms of the GNU Lesser General Public
abe59f
+   License as published by the Free Software Foundation; either
abe59f
+   version 2.1 of the License, or (at your option) any later version.
abe59f
+
abe59f
+   The GNU C Library is distributed in the hope that it will be useful,
abe59f
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
abe59f
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
abe59f
+   Lesser General Public License for more details.
abe59f
+
abe59f
+   You should have received a copy of the GNU Lesser General Public
abe59f
+   License along with the GNU C Library; if not, see
abe59f
+   <http://www.gnu.org/licenses/>.  */
abe59f
+
abe59f
+#include <dlfcn.h>
abe59f
+#include <stddef.h>
abe59f
+#include <support/check.h>
abe59f
+
abe59f
+/* Note: This object is not linked into the main program, so we cannot
abe59f
+   use delayed test failure reporting via TEST_VERIFY etc., and have
abe59f
+   to use FAIL_EXIT1 (or something else that calls exit).  */
abe59f
+
abe59f
+void
abe59f
+call_dlsym (void)
abe59f
+{
abe59f
+  void *ptr = dlsym (NULL, "does not exist");
abe59f
+  if (ptr != NULL)
abe59f
+    FAIL_EXIT1 ("dlsym did not fail as expected");
abe59f
+}
abe59f
+
abe59f
+void
abe59f
+call_dlopen (void)
abe59f
+{
abe59f
+  void *handle = dlopen ("tst-dlmopen-dlerror does not exist", RTLD_NOW);
abe59f
+  if (handle != NULL)
abe59f
+    FAIL_EXIT1 ("dlopen did not fail as expected");
abe59f
+}
abe59f
diff --git a/elf/tst-dlmopen-dlerror.c b/elf/tst-dlmopen-dlerror.c
abe59f
new file mode 100644
abe59f
index 0000000000000000..e864d2fe4c3484ab
abe59f
--- /dev/null
abe59f
+++ b/elf/tst-dlmopen-dlerror.c
abe59f
@@ -0,0 +1,37 @@
abe59f
+/* Check that dlfcn errors are reported properly after dlmopen.
abe59f
+   Copyright (C) 2021 Free Software Foundation, Inc.
abe59f
+   This file is part of the GNU C Library.
abe59f
+
abe59f
+   The GNU C Library is free software; you can redistribute it and/or
abe59f
+   modify it under the terms of the GNU Lesser General Public
abe59f
+   License as published by the Free Software Foundation; either
abe59f
+   version 2.1 of the License, or (at your option) any later version.
abe59f
+
abe59f
+   The GNU C Library is distributed in the hope that it will be useful,
abe59f
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
abe59f
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
abe59f
+   Lesser General Public License for more details.
abe59f
+
abe59f
+   You should have received a copy of the GNU Lesser General Public
abe59f
+   License along with the GNU C Library; if not, see
abe59f
+   <http://www.gnu.org/licenses/>.  */
abe59f
+
abe59f
+#include <stddef.h>
abe59f
+#include <support/check.h>
abe59f
+#include <support/xdlfcn.h>
abe59f
+
abe59f
+static int
abe59f
+do_test (void)
abe59f
+{
abe59f
+  void *handle = xdlmopen (LM_ID_NEWLM, "tst-dlmopen-dlerror-mod.so",
abe59f
+                           RTLD_NOW);
abe59f
+  void (*call_dlsym) (void) = xdlsym (handle, "call_dlsym");
abe59f
+  void (*call_dlopen) (void) = xdlsym (handle, "call_dlopen");
abe59f
+
abe59f
+  call_dlsym ();
abe59f
+  call_dlopen ();
abe59f
+
abe59f
+  return 0;
abe59f
+}
abe59f
+
abe59f
+#include <support/test-driver.c>
abe59f
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
abe59f
index 7b0a667629ddc06a..d6d02aa3ccffba33 100644
abe59f
--- a/sysdeps/generic/ldsodefs.h
abe59f
+++ b/sysdeps/generic/ldsodefs.h
abe59f
@@ -647,6 +647,12 @@ struct rtld_global_ro
abe59f
   void *(*_dl_open) (const char *file, int mode, const void *caller_dlopen,
abe59f
 		     Lmid_t nsid, int argc, char *argv[], char *env[]);
abe59f
   void (*_dl_close) (void *map);
abe59f
+  /* libdl in a secondary namespace (after dlopen) must use
abe59f
+     _dl_catch_error from the main namespace, so it has to be
abe59f
+     exported in some way.  */
abe59f
+  int (*_dl_catch_error) (const char **objname, const char **errstring,
abe59f
+			  bool *mallocedp, void (*operate) (void *),
abe59f
+			  void *args);
abe59f
   void *(*_dl_tls_get_addr_soft) (struct link_map *);
abe59f
 #ifdef HAVE_DL_DISCOVER_OSVERSION
abe59f
   int (*_dl_discover_osversion) (void);
abe59f
@@ -889,6 +895,9 @@ extern int _dl_catch_error (const char **objname, const char **errstring,
abe59f
 			    void *args);
abe59f
 libc_hidden_proto (_dl_catch_error)
abe59f
 
abe59f
+/* Used for initializing GLRO (_dl_catch_error).  */
abe59f
+extern __typeof__ (_dl_catch_error) _rtld_catch_error attribute_hidden;
abe59f
+
abe59f
 /* Call OPERATE (ARGS).  If no error occurs, set *EXCEPTION to zero.
abe59f
    Otherwise, store a copy of the raised exception in *EXCEPTION,
abe59f
    which has to be freed by _dl_exception_free.  As a special case, if