commit 9637d8a253493be471d9a71640e91349f7a8a050
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Jul 29 11:57:54 2015 -0700
Extend local PLT reference check
On x86, linker in binutils 2.26 and newer consolidates R_*_JUMP_SLOT with
R_*_GLOB_DAT relocation against the same symbol. This patch extends
local PLT reference check to support alternate relocations.
[BZ #18078]
* scripts/check-localplt.awk: Support alternate relocations.
* scripts/localplt.awk: Also check relocations in DT_RELA/DT_REL
sections.
* sysdeps/unix/sysv/linux/i386/localplt.data: Mark free and
malloc entries with + REL R_386_GLOB_DAT.
* sysdeps/x86_64/localplt.data: New file.
commit da53d6dbc28d2a90d6e14dd661e68611c3b741cf
Author: Carlos O'Donell <carlos@redhat.com>
Date: Thu Nov 6 15:48:44 2014 -0500
Run check-localpltk/textrel/execstack over ld.so.
For maximum paranoia we run ld.so through the normal set
of tests for all of the shared libraries. This includes
running ld.so through check-localplt, check-textrel, and
check-execstack. While none of these should trigger any
failures given the way ld.so is built, it might possibly
fail if a developer does something wrong. This paranoia
was triggered by a discussion over the use of __strcpy
vs. strcpy [1] and if the symbol could leak and use the
libc.so version.
The check-localplt test fails right away because localplt.data
needs updating for all arches. By default we add 6 new symbols:
__tls_get_addr, __libc_memalign, malloc, calloc, realloc and
free. Other machines like i386, power, and s390 require some
different symbol sets e.g. ___tls_get_addr vs. __tls_get_addr
for i386.
commit d3d9c95aefded7716d037e241f9d23a1cccab45a
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Oct 14 05:59:50 2015 -0700
Support PLT and GOT references in local PIC check
commit a0af371c25ac1f215cf0db64e54cbb9a1b51f78c
Author: Alan Modra <amodra@gmail.com>
Date: Fri Feb 20 15:23:28 2015 +1030
Fix localplt test breakage with new readelf
Since 2014-11-24 binutils git commit bb4d2ac2, readelf has appended
the symbol version to symbols shown in reloc dumps.
[BZ #16512]
* scripts/localplt.awk: Strip off symbol version.
* NEWS: Mention bug fix.
diff -Nrup a/elf/Makefile b/elf/Makefile
--- a/elf/Makefile 2017-10-22 09:16:02.451399056 -0400
+++ b/elf/Makefile 2017-10-22 09:16:39.217285466 -0400
@@ -915,7 +915,7 @@ $(objpfx)tst-pie1: $(objpfx)tst-piemod1.
ifeq (yes,$(build-shared))
tests: $(objpfx)check-textrel.out $(objpfx)check-execstack.out
-all-built-dso := $(common-objpfx)libc.so \
+all-built-dso := $(common-objpfx)elf/ld.so $(common-objpfx)libc.so \
$(filter-out $(common-objpfx)linkobj/libc.so, \
$(sort $(wildcard $(addprefix $(common-objpfx), \
*/lib*.so \
@@ -974,6 +974,7 @@ tests: $(objpfx)check-localplt.out
localplt-built-dso := $(addprefix $(common-objpfx),\
libc.so \
+ elf/ld.so \
math/libm.so \
rt/librt.so \
dlfcn/libdl.so \
diff -Nrup a/ports/sysdeps/unix/sysv/linux/aarch64/nptl/localplt.data b/ports/sysdeps/unix/sysv/linux/aarch64/nptl/localplt.data
--- a/ports/sysdeps/unix/sysv/linux/aarch64/nptl/localplt.data 2017-10-22 09:16:01.379402341 -0400
+++ b/ports/sysdeps/unix/sysv/linux/aarch64/nptl/localplt.data 2017-10-22 09:16:39.217285466 -0400
@@ -12,3 +12,15 @@ libm.so: matherr
libm.so: __signbit
libm.so: __signbitf
libm.so: __signbitl
+# The dynamic loader needs __tls_get_addr for TLS.
+ld.so: __tls_get_addr
+# The dynamic loader uses __libc_memalign internally to allocate aligned
+# TLS storage. The other malloc family of functions are expected to allow
+# user symbol interposition.
+ld.so: __libc_memalign + RELA R_X86_64_GLOB_DAT
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc
+ld.so: calloc
+ld.so: realloc
+ld.so: free
diff -Nrup a/scripts/check-localplt.awk b/scripts/check-localplt.awk
--- a/scripts/check-localplt.awk 2012-12-24 22:02:13.000000000 -0500
+++ b/scripts/check-localplt.awk 2017-10-22 09:16:39.218285463 -0400
@@ -3,9 +3,16 @@
# Each line is either a comment starting with # or it looks like:
# libfoo.so: function
# or
+# libfoo.so: function + {RELA|REL} RELOC
+# or
# libfoo.so: function ?
# The latter means that a PLT entry for function is optional in libfoo.so.
# The former means one is required.
+# The first entry means that one is required.
+# The second entry means that one is required and relocation may also be
+# {RELA|REL} RELOC.
+# The third entry means that a PLT entry for function is optional in
+# libfoo.so.
# The second file argument is - and this (stdin) receives the output
# of the check-localplt program.
@@ -14,7 +21,10 @@ BEGIN { result = 0 }
FILENAME != "-" && /^#/ { next }
FILENAME != "-" {
- if (NF != 2 && !(NF == 3 && $3 == "?")) {
+ if (NF == 5 && $3 == "+" && ($4 == "RELA" || $4 == "REL")) {
+ accept_type[$1 " " $2] = $4;
+ accept_reloc[$1 " " $2] = $5;
+ } else if (NF != 2 && !(NF == 3 && $3 == "?")) {
printf "%s:%d: bad data line: %s\n", FILENAME, FNR, $0 > "/dev/stderr";
result = 2;
} else {
@@ -23,7 +33,7 @@ FILENAME != "-" {
next;
}
-NF != 2 {
+NF != 2 && !(NF == 4 && ($3 == "RELA" || $3 == "REL")) {
print "Unexpected output from check-localplt:", $0 > "/dev/stderr";
result = 2;
next
@@ -31,7 +41,23 @@ NF != 2 {
{
key = $1 " " $2
- if (key in accept) {
+ if ($3 == "RELA" || $3 == "REL") {
+ # Entries like:
+ # libc.so: free + RELA R_X86_64_GLOB_DAT
+ # may be ignored.
+ if (key in accept_type && accept_type[key] == $3 && accept_reloc[key] == $4) {
+ # Match
+ # libc.so: free + RELA R_X86_64_GLOB_DAT
+ delete accept_type[key]
+ }
+ } else if (NF == 2 && key in accept_reloc) {
+ # Match
+ # libc.so: free
+ # against
+ # libc.so: free + RELA R_X86_64_GLOB_DAT
+ if (key in accept_type)
+ delete accept_type[key]
+ } else if (key in accept) {
delete accept[key]
} else {
print "Extra PLT reference:", $0;
@@ -49,5 +75,11 @@ END {
}
}
+ for (key in accept_type) {
+ # It's mandatory.
+ print "Missing required PLT or " accept_reloc[key] " reference:", key;
+ result = 1;
+ }
+
exit(result);
}
diff -Nrup a/scripts/localplt.awk b/scripts/localplt.awk
--- a/scripts/localplt.awk 2012-12-24 22:02:13.000000000 -0500
+++ b/scripts/localplt.awk 2017-10-22 09:16:39.218285463 -0400
@@ -7,12 +7,14 @@
BEGIN { result = 0 }
FILENAME != lastfile {
- if (lastfile && jmprel_offset == 0) {
+ if (lastfile && jmprel_offset == 0 && rela_offset == 0 && rel_offset == 0) {
print FILENAME ": *** failed to find expected output (readelf -WSdr)";
result = 2;
}
lastfile = FILENAME;
jmprel_offset = 0;
+ rela_offset = 0;
+ rel_offset = 0;
delete section_offset_by_address;
}
@@ -32,9 +34,39 @@ $1 == "Offset" && $2 == "Info" { in_relo
NF == 0 { in_relocs = 0 }
in_relocs && relocs_offset == jmprel_offset && NF >= 5 {
- symval = strtonum("0x" $4);
- if (symval != 0)
- print whatfile, $5
+ # Relocations against GNU_IFUNC symbols are not shown as an hexadecimal
+ # value, but rather as the resolver symbol followed by ().
+ if ($4 ~ /\(\)/) {
+ print whatfile, gensub(/@.*/, "", "g", $5)
+ } else {
+ symval = strtonum("0x" $4);
+ if (symval != 0)
+ print whatfile, gensub(/@.*/, "", "g", $5)
+ }
+}
+
+in_relocs && relocs_offset == rela_offset && NF >= 5 {
+ # Relocations against GNU_IFUNC symbols are not shown as an hexadecimal
+ # value, but rather as the resolver symbol followed by ().
+ if ($4 ~ /\(\)/) {
+ print whatfile, gensub(/@.*/, "", "g", $5), "RELA", $3
+ } else {
+ symval = strtonum("0x" $4);
+ if (symval != 0)
+ print whatfile, gensub(/@.*/, "", "g", $5), "RELA", $3
+ }
+}
+
+in_relocs && relocs_offset == rel_offset && NF >= 5 {
+ # Relocations against GNU_IFUNC symbols are not shown as an hexadecimal
+ # value, but rather as the resolver symbol followed by ().
+ if ($4 ~ /\(\)/) {
+ print whatfile, gensub(/@.*/, "", "g", $5), "REL", $3
+ } else {
+ symval = strtonum("0x" $4);
+ if (symval != 0)
+ print whatfile, gensub(/@.*/, "", "g", $5), "REL", $3
+ }
}
in_relocs { next }
@@ -56,4 +88,25 @@ $2 == "(JMPREL)" {
next
}
+$2 == "(RELA)" {
+ rela_addr = strtonum($3);
+ if (rela_addr in section_offset_by_address) {
+ rela_offset = section_offset_by_address[rela_addr];
+ } else {
+ print FILENAME ": *** DT_RELA does not match any section's address";
+ result = 2;
+ }
+ next
+}
+
+$2 == "(REL)" {
+ rel_addr = strtonum($3);
+ if (rel_addr in section_offset_by_address) {
+ rel_offset = section_offset_by_address[rel_addr];
+ } else {
+ print FILENAME ": *** DT_REL does not match any section's address";
+ result = 2;
+ }
+ next
+}
END { exit(result) }
diff -Nrup a/sysdeps/generic/localplt.data b/sysdeps/generic/localplt.data
--- a/sysdeps/generic/localplt.data 2012-12-24 22:02:13.000000000 -0500
+++ b/sysdeps/generic/localplt.data 2017-10-22 09:18:03.383023954 -0400
@@ -7,3 +7,9 @@ libc.so: malloc
libc.so: memalign
libc.so: realloc
libm.so: matherr
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc
+ld.so: calloc
+ld.so: realloc
+ld.so: free
diff -Nrup a/sysdeps/unix/sysv/linux/i386/nptl/localplt.data b/sysdeps/unix/sysv/linux/i386/nptl/localplt.data
--- a/sysdeps/unix/sysv/linux/i386/nptl/localplt.data 2012-12-24 22:02:13.000000000 -0500
+++ b/sysdeps/unix/sysv/linux/i386/nptl/localplt.data 2017-10-22 09:16:39.218285463 -0400
@@ -1,7 +1,21 @@
-libc.so: _Unwind_Find_FDE
-libc.so: calloc
-libc.so: free
-libc.so: malloc
-libc.so: memalign
-libc.so: realloc
-libm.so: matherr
+# Linker in binutils 2.26 and newer consolidates R_X86_64_JUMP_SLOT
+# relocation with R_386_GLOB_DAT relocation against the same symbol.
+libc.so: _Unwind_Find_FDE + REL R_386_GLOB_DAT
+libc.so: calloc + REL R_386_GLOB_DAT
+libc.so: free + REL R_386_GLOB_DAT
+libc.so: malloc + REL R_386_GLOB_DAT
+libc.so: memalign + REL R_386_GLOB_DAT
+libc.so: realloc + REL R_386_GLOB_DAT
+libm.so: matherr + REL R_386_GLOB_DAT
+# The dynamic loader uses __libc_memalign internally to allocate aligned
+# TLS storage. The other malloc family of functions are expected to allow
+# user symbol interposition.
+ld.so: __libc_memalign + REL R_386_GLOB_DAT
+# The dynamic loader needs __tls_get_addr for TLS.
+ld.so: ___tls_get_addr + REL R_386_GLOB_DAT
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc + REL R_386_GLOB_DAT
+ld.so: calloc + REL R_386_GLOB_DAT
+ld.so: realloc + REL R_386_GLOB_DAT
+ld.so: free + REL R_386_GLOB_DAT
diff -Nrup a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/localplt.data b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/localplt.data
--- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/localplt.data 2012-12-24 22:02:13.000000000 -0500
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/localplt.data 2017-10-22 09:16:39.218285463 -0400
@@ -5,3 +5,13 @@ libc.so: malloc
libc.so: memalign
libc.so: realloc
libm.so: matherr
+# The dynamic loader uses __libc_memalign internally to allocate aligned
+# TLS storage. The other malloc family of functions are expected to allow
+# user symbol interposition.
+ld.so: __libc_memalign
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc
+ld.so: calloc
+ld.so: realloc
+ld.so: free
diff -Nrup a/sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/localplt.data b/sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/localplt.data
--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/localplt.data 2012-12-24 22:02:13.000000000 -0500
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/localplt.data 2017-10-22 09:16:39.218285463 -0400
@@ -4,3 +4,13 @@ libc.so: malloc
libc.so: memalign
libc.so: realloc
libm.so: matherr
+# The dynamic loader uses __libc_memalign internally to allocate aligned
+# TLS storage. The other malloc family of functions are expected to allow
+# user symbol interposition.
+ld.so: __libc_memalign
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc
+ld.so: calloc
+ld.so: realloc
+ld.so: free
diff -Nrup a/sysdeps/unix/sysv/linux/s390/s390-32/nptl/localplt.data b/sysdeps/unix/sysv/linux/s390/s390-32/nptl/localplt.data
--- a/sysdeps/unix/sysv/linux/s390/s390-32/nptl/localplt.data 2012-12-24 22:02:13.000000000 -0500
+++ b/sysdeps/unix/sysv/linux/s390/s390-32/nptl/localplt.data 2017-10-22 09:16:39.219285460 -0400
@@ -5,3 +5,13 @@ libc.so: malloc
libc.so: memalign
libc.so: realloc
libm.so: matherr
+# The dynamic loader uses __libc_memalign internally to allocate aligned
+# TLS storage. The other malloc family of functions are expected to allow
+# user symbol interposition.
+ld.so: __libc_memalign
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc
+ld.so: calloc
+ld.so: realloc
+ld.so: free
diff -Nrup a/sysdeps/unix/sysv/linux/s390/s390-64/nptl/localplt.data b/sysdeps/unix/sysv/linux/s390/s390-64/nptl/localplt.data
--- a/sysdeps/unix/sysv/linux/s390/s390-64/nptl/localplt.data 2012-12-24 22:02:13.000000000 -0500
+++ b/sysdeps/unix/sysv/linux/s390/s390-64/nptl/localplt.data 2017-10-22 09:16:39.219285460 -0400
@@ -5,3 +5,13 @@ libc.so: malloc
libc.so: memalign
libc.so: realloc
libm.so: matherr
+# The dynamic loader uses __libc_memalign internally to allocate aligned
+# TLS storage. The other malloc family of functions are expected to allow
+# user symbol interposition.
+ld.so: __libc_memalign
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc
+ld.so: calloc
+ld.so: realloc
+ld.so: free
diff -Nrup a/sysdeps/x86_64/nptl/localplt.data b/sysdeps/x86_64/nptl/localplt.data
--- a/sysdeps/x86_64/nptl/localplt.data 1969-12-31 19:00:00.000000000 -0500
+++ b/sysdeps/x86_64/nptl/localplt.data 2017-10-22 09:16:39.219285460 -0400
@@ -0,0 +1,23 @@
+# See scripts/check-localplt.awk for how this file is processed.
+# PLT use is required for the malloc family and for matherr because
+# users can define their own functions and have library internals call them.
+# Linker in binutils 2.26 and newer consolidates R_X86_64_JUMP_SLOT
+# relocation with R_X86_64_GLOB_DAT relocation against the same symbol.
+libc.so: calloc + RELA R_X86_64_GLOB_DAT
+libc.so: free + RELA R_X86_64_GLOB_DAT
+libc.so: malloc + RELA R_X86_64_GLOB_DAT
+libc.so: memalign + RELA R_X86_64_GLOB_DAT
+libc.so: realloc + RELA R_X86_64_GLOB_DAT
+libm.so: matherr + RELA R_X86_64_GLOB_DAT
+# The dynamic loader uses __libc_memalign internally to allocate aligned
+# TLS storage. The other malloc family of functions are expected to allow
+# user symbol interposition.
+ld.so: __libc_memalign + RELA R_X86_64_GLOB_DAT
+# The dynamic loader needs __tls_get_addr for TLS.
+ld.so: __tls_get_addr + RELA R_X86_64_GLOB_DAT
+# The main malloc is interposed into the dynamic linker, for
+# allocations after the initial link (when dlopen is used).
+ld.so: malloc + RELA R_X86_64_GLOB_DAT
+ld.so: calloc + RELA R_X86_64_GLOB_DAT
+ld.so: realloc + RELA R_X86_64_GLOB_DAT
+ld.so: free + RELA R_X86_64_GLOB_DAT