In _rtld(), reorder local declarations to compact the block and
partially sort them by style(9). Move locals declarations from nested
blocks into the block at function start.

Discussed with: emaste

In _rtld(), reorder local declarations to compact the block and
partially sort them by style(9). Move locals declarations from nested
blocks into the block at function start.

Discussed with: emaste
MFC after: 1 week

show more ...

Disable LD_BIND_NOT for setugid processes.

Requested by: jilles
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

Implement LD_BIND_NOT knob for rtld.

From the manpage:
When set to a nonempty string, prevents modifications of the PLT slots
when doing bindings. As result, each call of the PLT-resolved
function

Implement LD_BIND_NOT knob for rtld.

From the manpage:
When set to a nonempty string, prevents modifications of the PLT slots
when doing bindings. As result, each call of the PLT-resolved
function is resolved. In combination with debug output, this provides
complete account of all bind actions at runtime.

Same feature exists on Linux and Solaris.

Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

show more ...

Avoid bind lock recursion.

When dlclose(3) unloads an object with filtees, it recursively calls
dlclose(3) on each filtee in free_needed_filtees(). Introduce
dlclose_locked() helper, called from fr

Avoid bind lock recursion.

When dlclose(3) unloads an object with filtees, it recursively calls
dlclose(3) on each filtee in free_needed_filtees(). Introduce
dlclose_locked() helper, called from free_needed_filtees() instead of
dlclose(), and pass the bind lockstate down to avoid recursing.

Reported and tested by: jhibbits
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

show more ...

Merge ^/head r313301 through r313643.

Handle protected symbols in rtld.

Protected symbol reference in GOT of the defining object must be
resolved to itself, same as -Bsymbolic globally.

Discussed with: emaste
Sponsored by: The FreeBSD

Handle protected symbols in rtld.

Protected symbol reference in GOT of the defining object must be
resolved to itself, same as -Bsymbolic globally.

Discussed with: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D9317

show more ...

MFhead@r313243

Merge ^/head r312968 through r313054.

Extend LD_UTRACE by also generating utrace(2) log events for runtime linker
errors.

Reviewed by: kib, jhb
Approved by: jhb(mentor)
MFC after: 1 week
Differential Revision: D9347

Merge ^/head r311940 through r312200.

For the main binary, postpone enforcing relro read-only protection
until copy relocations are done.

Newer binutils and lld seems to output copy into relro-protected range.

Reported by: Rafael Espц╜

For the main binary, postpone enforcing relro read-only protection
until copy relocations are done.

Newer binutils and lld seems to output copy into relro-protected range.

Reported by: Rafael Espц╜ndola via emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

show more ...

rtld: Fix a couple of bugs around the unloading of ELF filters.

- Pass the correct object to unload_filtees().
- Use a marker to restart iteration after unload_filtees() has returned.
It calls dlc

rtld: Fix a couple of bugs around the unloading of ELF filters.

- Pass the correct object to unload_filtees().
- Use a marker to restart iteration after unload_filtees() has returned.
It calls dlclose() and may recursively remove entries from the global
object list, so TAILQ_FOREACH_SAFE is not sufficient.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

show more ...

rtld: Ensure that dlopen() cannot obtain a reference on a doomed object.

rtld drops the bind lock to call fini functions in an object prior to
unmapping it. The new "doomed" state flag prevents the

rtld: Ensure that dlopen() cannot obtain a reference on a doomed object.

rtld drops the bind lock to call fini functions in an object prior to
unmapping it. The new "doomed" state flag prevents the acquisition of new
references for an object while the lock is dropped.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

show more ...

rtld: Fix a race between dl_iterate_phdr() and dlclose().

Add a transient reference count to ensure that the phdr argument to the
callback remains valid while the bind lock is dropped.

Reviewed by:

rtld: Fix a race between dl_iterate_phdr() and dlclose().

Add a transient reference count to ensure that the phdr argument to the
callback remains valid while the bind lock is dropped.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

show more ...

Merge ^/head r309817 through r310168.

Fix typo.

MFC after: 3 days

Take write lock for rtld_bind before modifying obj_list in dl_iterate_phdr().

This avoids a race with readers such as dladdr(3)/dlinfo(3)/dlsym(3) and
the atexit(3) handler. This race was introduce

Take write lock for rtld_bind before modifying obj_list in dl_iterate_phdr().

This avoids a race with readers such as dladdr(3)/dlinfo(3)/dlsym(3) and
the atexit(3) handler. This race was introduced in r294373.

Reviewed by: markj, kib, kan
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon

show more ...

Merge ^/head r309263 through r309518.

Retire long-broken/unused static rtld support

rtld-elf has some vestigial support for building as a static executable.
r45501 introduced a partial implementation with a prescient note that it
"might

Retire long-broken/unused static rtld support

rtld-elf has some vestigial support for building as a static executable.
r45501 introduced a partial implementation with a prescient note that it
"might never be enabled." r153515 introduced ELF symbol versioning
support, and removed part of the unused build infrastructure for static
rtld.

GNU ld populates rela relocation addends and GOT entries with the same
values, and rtld's run-time dynamic executable check relied on this.
Alternate toolchains may not populate the GOT entries, which caused
RTLD_IS_DYNAMIC to return false. Simplify rtld by just removing the
unused check.

If we want to restore static rtld support later on we ought to introduce
a build-time #ifdef flag.

PR: 214972
Reviewed by: kan
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8687

show more ...

Merge ^/head r308870 through r309105.

Fix _mips_rtld_bind() to handle ELF filters.

MIPS does not use the common _rtld_bind() to handle runtime binding.
Instead, it uses a private _mips_rtld_bind(). Update _mips_rtld_bind()
to include t

Fix _mips_rtld_bind() to handle ELF filters.

MIPS does not use the common _rtld_bind() to handle runtime binding.
Instead, it uses a private _mips_rtld_bind(). Update _mips_rtld_bind()
to include the changes made to _rtld_bind() in r216695 and r218476 to
support upgrading the read-locked rtld_bind_lock to a write lock when
an object with a filter is encountered.

While here, add a 'where' variable to track the location of the fixup
in the GOT to make the code flow more closely match _rtld_bind().

Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: DARPA / AFRL
Differential Revision: https://reviews.freebsd.org/D8625

show more ...

Merge ^/head r308491 through r308841.

Pass CPUID[1] %edx (cpu_feature), %ecx (cpu_feature2) and
CPUID[7].%ebx (cpu_stdext_feature), %ecx (cpu_stdext_feature2) to the
ifunc resolvers on x86.

It is much more clean to use CPUID instruction

Pass CPUID[1] %edx (cpu_feature), %ecx (cpu_feature2) and
CPUID[7].%ebx (cpu_stdext_feature), %ecx (cpu_stdext_feature2) to the
ifunc resolvers on x86.

It is much more clean to use CPUID instruction in usermode to retrieve
this information than to pass AT_HWCAP aux vector from kernel, on
x86. Still, the change does allow for use of AT_HWCAP on arches where it is
needed, by passing aux array to ifunc_init() initializer which should
prepare arguments for ifunc resolvers.

Current signature for resolvers on x86 is
func_t iresolve(uint32_t cpu_feature, uint32_t cpu_feature2,
uint32_t cpu_stdext_feature, uint32_t cpu_stdext_feature2);
where arguments have identical meaning as the kernel variables of the
same name. The ABIs allow to use resolvers with the void or shortened
list of arguments.

Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D8448

show more ...

Merge ^/head r308227 through r308490.

Pass the correct flag to find_symdef() from _rtld_bind().

When symbol versioning was added to rtld, the boolean 'in_plt' argument
to find_symdef() was converted to a bitmask of flags. The first fla

Pass the correct flag to find_symdef() from _rtld_bind().

When symbol versioning was added to rtld, the boolean 'in_plt' argument
to find_symdef() was converted to a bitmask of flags. The first flag
added was 'SYMLOOK_IN_PLT' which replaced the 'in_plt' bool. This
happened to still work by accident as SYMLOOK_IN_PLT had the value of 1
which is the same as 'true', so there should be no functional change.

Tested on: amd64
Reviewed by: kan
MFC after: 2 weeks
Sponsored by: DARPA / AFRL

show more ...