This clarifies the code and makes it less error-prone. It also makes it
easier to extend downstream in CheriBSD (where pointer and integer
members no longer have the same representation and an additional member
is present).
Reviewed by: jhb, kib
Differential Revision: https://reviews.freebsd.org/D45143
There are two variables set by dynamic tags in the powerpc runtime
linker. Now we have a way to split out architecture-specific dynamic
tags use it to handle these.
Reviewed by: kib, jhibbits
Obtained from: jhibbits (earlier version)
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45182
When marking a function as variant pcs we can use registers not normally
used in procedure calls. Add a test that uses this and stores all
general purpose registers to a buffer and compare this buffer with the
expected value later.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D44870
The aarch64 ELF spec has support for a variant of the normal procedure
call standard that doesn't follow the normal register convention, e.g.
using more registers as arguments, or different register state is
preserved.
Add support to rtld to handle this. As we don't know which registers
need to be preserved disable lazy binding for these functions.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D44869
This will be used to handle the DT_AARCH64_VARIANT_PCS tag.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45117
Add a macro the architectures can use to add per-arch fields to
Struct_Obj_Entry.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45116
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
Instead of only ignoring insecure env vars, clear them all.
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44999
allowing to set any known LD_ parameter for the current rtld invocation,
but without polluting the activated' binary environment. In other
words, the set parameter is not exported into the environment.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44988
Read the elf note to decide when to set the guard page on arm64.
Reviewed by: kib
Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39452
Don't check if the elf hints file is in host byte order, but check
if it is in little endian by looking at the magic number.
This fixes rtld on big endian platforms.
Reviewed by: se, kib (prior version of the patch)
Fixes: 7b77d37a56 ("rtld-elf: support either byte-order of hints")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D44472
The byte-order independent code has been reported to fail on powerpc64.
Add some more debug statements to help identify the parametrs used and
to verify the correct operation of the byte-swap macros used..
It is needed at least to ensure that undesirable code is not linked into
rtld from libsys/libc, and adding the map file option each time is not
productive.
Reviewed by: brooks, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44136
Accept either little-endian or big-endian representation of the ELF
hints magic number in the header of a hints file and convert the
parameters to the native byte-order of the repsective system.
This is a pre-requisite for a planned change to always write the byte
order in little-endian format on all architectures. The only relvant
architecture that uses big-endian data is powerpc64, and it is not
likely that new architectures will choose that representation of data
in memory.
When all supported architectures use little-endian data in the hints
file, the byte swap logic can be enabled for big-endian CPUs at
compile time. Up to that point, there is a very small run-time penalty
that is paid on all systems to check the byte-order of the hints file
and to provide the option to byte-swap the parameters read from the
hints file header.
This commit contains the changes from review D44080 (which had been
split off from this patch for easier review),
Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D44053
This is expected behavior for both dlopen(3) and fdlopen(3).
PR: 277169
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44019
dlopen_basic just tests that libthr.so can be dlopen()ed, which will
just serve as a sanity check that "libthr.so" is a thing that can be
dlopened in case we get a weird failure in dlopen_recursing.
dlopen_recursing tests a regression reported after the libsys split,
where some dlopen() may cause infinite recursion and a resulting crash.
This case is inspired by bdrewery's description of what seemed to be
causing his issue.
The corresponding fix landed in commit
968a18975a ("rtld: ignore load_filtees() calls if we already [...]")
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43859
in addition to avoiding it for already loaded filtees. Issue is that
during load, rtld needs to resolve some special ABI symbols, like
executable stack fixer and static TLS initializer, which might trigger
recursion.
Example is libthr which is filter for libsys, and which exports
__pthread_distribute_static_tls.
Tested by: kevans, krion
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43858
In order to atomically upgrade the rtld bind lock, load_filtees() may
trigger a longjmp back to _rtld_bind() so that the binding can be done
with the write lock held. However, the write lock is only needed when
filtee objects haven't already been loaded, so move the
lock_restart_for_upgrade() call to avoid unnecessary lock upgrades when
a filtee is defined.
Reviewed by: kib
Tested by: brooks
MFC after: 1 week
Sponsored by: Innovate UK
This was originally used (along with FREEBSD_AOUT) to prefer the use
of ELF in various tools instead of a.out as part of the a.out to ELF
transition in the 3.x days. The last use of it was removed from
<link.h> in commit 66422f5b7a back in
2002, but various files still #define it.
Reviewed by: kevans, imp, emaste
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D42964
This tests that with RTLD_DEEPBIND, symbols are looked up in all of the
object's needed objects before the global object.
PR: 275393
Reviewed by: kib
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D42843
before starting the walk over the global list. Effectively we visit
needed objects first as well, instead of just the object itself.
This seems to better match the semantic offered by the glibc flag.
Reported by: kevans
PR: 275393
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D42841
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
net/frr[89] revealed an interesting edge-case on arm when dynamically
linking a shared library that declares more than one static TLS variable
with at least one using the "initial-exec" TLS model. In the case
of frr[89], this library was libfrr.so which essentially does the
following:
#include <stdio.h>
#include "lib.h"
static __thread int *a
__attribute__((tls_model("initial-exec")));
void lib_test()
{
static __thread int b = -1;
printf("&a = %p\n", &a);
printf(" a = %p\n", a);
printf("\n");
printf("&b = %p\n", &b);
printf(" b = %d\n", b);
}
Allocates a file scoped `static __thread` pointer with
tls_model("initial-exec") and later a block scoped TLS int. Notice in
the above minimal reproducer, `b == -1`. The relocation process does
the wrong thing and ends up pointing both `a` and `b` at the same place
in memory.
The output of the above in the broken state is:
&a = 0x4009c018
a = 0xffffffff
&b = 0x4009c018
b = -1
With the patch applied, the output becomes:
&a = 0x4009c01c
a = 0x0
&b = 0x4009c018
b = -1
Reviewed by: kib
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42415/
Forward compatibility code was added for running newer ino64 binaries on
older kernels as a transition aide. Now that ino64 has been in the tree
6 years, this code is no longer useful and should have been removed long
ago. Remove it now. Should be no user-visible changes at this point as
all the 'upgrade' scenarios it was intended for are long since past.
Also need to remove this stuff from rtld since the _foo versions
no longer exist.
Sponsored by: Netflix
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D42382
Add the Branch Target Identification (BTI) note to libc assembly
sources. As all obect files need the note for rtld to have it we need
to insert it in all asm files.
Reviewed by: markj, emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42228
The new STATIC_TLS_EXTRA variable provides a means for applications
to increases the size of the extra static TLS space allocated by
rtld beyond the default of '128'. This extra static TLS space is used
for objects loaded with dlopen.
The value specified in the variable must be no less than the default
value and no greater than the maximum allowed value for size_t type.
If an invalid value is specified, rtld will ignore it and just use
the default value.
The rtld(1) man page is updated to document this new option.
Obtained from: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D42025
Wrong value of ov_index resulted in magic check failure, and refuse to
free() the memory allocated with __crt_aligned_alloc_offset().
Then the TLS segments of exited threads leaked.
Reported and tested by: glebius
Fixes: c29ee08204
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Use regular free(), since it works now.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41150
It is modelled after aligned_alloc(3). Most importantly, to free the
allocation, __crt_free() can be used. Additionally, caller may specify
offset into the aligned allocation, so that we return offset-ed from
alignment pointer.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41150
Reorder it with magic, to keep alignment.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41150
for it to be useful to return unaligned pointer.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41150
The method might require resolving and binding symbols, which means
recursing on the bind lock. It is safe to unlock the bind lock,
since we operate on the private object list, and user attempting to
unload an object from the list of not yet fully loaded objects caused
self-inflicted race.
It is similar to how we treat user' init/fini methods.
Reported by: stevek
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Note that the pattern for matching is made slightly more specific, so as
to permit libcompats where one is a prefix of another (e.g. CheriBSD has
lib64 and lib64c).
Reviewed by: brooks, jhb, emaste, imp, kib
Differential Revision: https://reviews.freebsd.org/D41183
