From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 2D3DA3857C68; Wed, 3 Mar 2021 04:16:08 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2D3DA3857C68 From: "navinp0304 at gmail dot com" To: frysk-bugzilla@sourceware.org Subject: [Bug general/27502] New: $ORIGIN doesn't work when compiled with address sanitizer and dlopen Date: Wed, 03 Mar 2021 04:16:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: frysk X-Bugzilla-Component: general X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: navinp0304 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: frysk-bugzilla at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: frysk-bugzilla@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Frysk-bugzilla mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2021 04:16:08 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D27502 Bug ID: 27502 Summary: $ORIGIN doesn't work when compiled with address sanitizer and dlopen Product: frysk Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: general Assignee: frysk-bugzilla at sourceware dot org Reporter: navinp0304 at gmail dot com Target Milestone: --- Hi, Please find the details below. /* gcc dlopen.c -ldl -Wl,-rpath,\$ORIGIN -Wl,--enable-new-dtags */ #include #include int main(int argc,char **argv){ void *validhandle=3Ddlopen(argv[1],RTLD_NOW); if(validhandle){ printf("dlopen succeeded \n"); dlclose(validhandle); } else { printf("dlopen failed : %s\n",dlerror()); } return 0; } lib.c is an empty file used to create shared object libfoo.so using=20 gcc -shared -o libfoo.so lib.c readelf -d a.out | grep RUNPATH 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN] navin@mint-Aspire:~/doctest/origin/plain$ ./a.out libfoo.so dlopen succeeded=20 navin@mint-Aspire:~/doctest/origin/plain$ Now compile with additonal flag -fsanitize=3Daddress gcc -fsanitize=3Daddress dlopen.c -ldl -Wl,-rpath,\$ORIGIN -Wl,--enable-new= -dtags gcc -fsanitize=3Daddress -shared -o libfoo.so lib.c navin@mint-Aspire:~/doctest/origin/asan$ readelf -d a.out | grep -i runpath 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN] navin@mint-Aspire:~/doctest/origin/asan$ ls a.out dlopen.c lib.c libfoo.so navin@mint-Aspire:~/doctest/origin/asan$=20 navin@mint-Aspire:~/doctest/origin/asan$ ./a.out libfoo.so=20 dlopen failed : libfoo.so: cannot open shared object file: No such file or directory navin@mint-Aspire:~/doctest/origin/asan$=20 Doesn't work. Now with patch applied 0x000000000000001d (RUNPATH) Library runpath: [/media/navin/c19d52cf-2537-4ced-af7f-5584e3ac3004/build-glibc/scratch:/med= ia/navin/c19d52cf-2537-4ced-af7f-5584e3ac3004/build-glibc/scratch/math:/med= ia/navin/c19d52cf-2537-4ced-af7f-5584e3ac3004/build-glibc/scratch/rt:/media= /navin/c19d52cf-2537-4ced-af7f-5584e3ac3004/build-glibc/scratch/dlfcn:/medi= a/navin/c19d52cf-2537-4ced-af7f-5584e3ac3004/build-glibc/scratch/nptl:$ORIG= IN] navin@mint-Aspire:~/doctest/origin/afterfix$ ./a.out libfoo.so=20 dlopen succeeded=20 patch details >>From d2cb9bba3de58af3516eb7099d0452e2ee6365d2 Mon Sep 17 00:00:00 2001 From: Navin P Date: Mon, 22 Feb 2021 15:02:00 +0530 Subject: [PATCH] If executables are compiled with asan, it should perform additional LM_ID_BASE D_RUNPATH also. --- elf/dl-load.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/elf/dl-load.c b/elf/dl-load.c index 9e2089cfaa..fe88c8c9ea 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -2161,6 +2161,34 @@ _dl_map_object (struct link_map *loader, const char *name, &loader->l_runpath_dirs, &realname, &fb, loader, LA_SER_RUNPATH, &found_other_class); + /* + * This is not transitive dependency.It it just an additional + * lookup into executable/dso runpath when loader is different + * from LM_ID_BASE loader. + * In usual cases like direct call to executable, then main_map + * is same as loader and no lookup is performed. + * In cases like libasan.so being the parent caller with dl_caller + * set to libasan.so which is called by GL(dls_ns)[LIM_ID_BASE], + * we need to additionally search the executable/dso link_map + * other than loader link_map which is performed above. + */ + struct link_map *main_map =3D GL(dl_ns)[LM_ID_BASE]._ns_loaded; + + /* Look at the RUNPATH information for this binary using main_map. + * This lookup is only done when the binary is in namespace 0. + * For nested namespaces from dlmopen LM_ID_NEWLM, we don't search + * in namespace 0 because it is detached from LM_ID_BASE. + * In that case lookup is done in the callers RUNPATH above. + */ + + if (fd =3D=3D -1 && (nsid =3D=3D LM_ID_BASE ) && main_map !=3D NULL + && main_map !=3D loader + && cache_rpath (main_map, &main_map->l_runpath_dirs, + DT_RUNPATH, "RUNPATH")) + fd =3D open_path (name, namelen, mode, + &main_map->l_runpath_dirs, &realname, &fb, main_map, + LA_SER_RUNPATH, &found_other_class); + if (fd =3D=3D -1) { realname =3D _dl_sysdep_open_object (name, namelen, &fd); --=20 2.25.1 --=20 You are receiving this mail because: You are the assignee for the bug.=