[Bug dynamic-link/30186] New: RTLD_DEEPBIND interacts badly with LD_PRELOAD

["parky at outlook dot com" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=30186

            Bug ID: 30186
           Summary: RTLD_DEEPBIND interacts badly with LD_PRELOAD
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: parky at outlook dot com
  Target Milestone: ---

Created attachment 14726
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14726&action=edit
Minimal example of issues with RTLD_DEEPBIND

Loading a library with RTLD_DEEPBIND ignores LD_PRELOAD on any symbols in libc.

# Minimal example 

I have constructed a minimal example to illustrate the problem (also attached
to the issue):

  https://github.com/mjp41/deepbindexample

This creates four things

  * `libdeepbind.so` - a library that exposes `expose`, which calls `free` with
a bad value
  * `libpreload.so` - a library that provides a `free` that does nothing
  * `main_works` - an application that loads libdeepbind.so with just
`RTLD_NOW`
  * `main_fails` - an application that loads libdeepbind.so with `RTLD_NOW |
RTLD_DEEPBIND`.

The two main applications just call `expose` on the loaded library
`libdeepbind.so`.

If we run
```
LD_PRELOAD=./libpreload.so ./main_works
```
then the program runs successfully: the bad `free` is handled by the preload
and ignored.

If we run
```
LD_PRELOAD=./libpreload.so ./main_fails
```
Then we get a segmentation fault from the libc allocator.

This behaviour is not great for debugging and allocator replacement for any
application using `RTLD_DEEPBIND`.

# Concrete examples

Previously, for allocator specific overrides, this was addressed with malloc
hooks, e.g.

https://github.com/jemalloc/jemalloc/commit/4bb09830133ffa8b27a95bc3727558007722c152

The jemalloc fix will fail silently now as the hooks have been removed in
glibc, and jemalloc didn't include `malloc.h` to receive the deprecation
warning.

The current behaviour causes issues for Address Sanitizer:

   https://github.com/google/sanitizers/issues/611

and for applications such as PHP cannot override the allocator because of this
behaviour:

   https://github.com/php/php-src/issues/10670

# Next steps

As a possible solution, I wonder if there should be an explicit preload scope
that is applied first to everything include RTLD_DEEPBIND libraries.  However,
I know very little about the loader, and cannot assess the compatibility issues
that might cause.

I am raising this issue as requested by Adhemerval Zanella in response to my
Twitter thread on the topic 
  https://twitter.com/ParkyMatthew/status/1630500641708683268

There is a previous bug raise on this issue: 
  https://sourceware.org/bugzilla/show_bug.cgi?id=25533
That is marked as WONTFIX. I am not convinced a shared understanding was
reached on the topic in that discussion.  I hope my minimal example helps to
make the problem clearer.

-- 
You are receiving this mail because:
You are on the CC list for the bug.