From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) by sourceware.org (Postfix) with ESMTPS id E14B73858D28 for ; Sun, 1 May 2022 07:56:13 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E14B73858D28 Received: by mail-pg1-x532.google.com with SMTP id t13so9601455pgn.8 for ; Sun, 01 May 2022 00:56:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=z38xnCbgOAC6HzBmIxx3itl/QiIPyyodbRAc48v/muA=; b=prU31SIgU1WKBNuV7xwieTXaBZxvk1HKTzxtbZ2RqanC3QLofZXec/fBmUglbWYxoM CBfMLFPFYSkaBoEXd7jtl4ABqpwfsHQDM4xmRbzFzcpt7EWQ9M+cbzTSJxSf538MbUCm LDTFsQkmaWBDjkq662TTQA9jL4i7geYt75ZjLfLFh6Wg99sfrvJs9Pe8Bk2AEw+Fr1wS QN9GmMLU77EVdYaG/tWfMQzHmY7KOc2lJup1hoyZCtkMvPQrsv2Hc4QvIYfLywj5maNB 8zG9W3MDp3VIwzUvEbD1EA85zc+w8LafEnHNGOz+g4HI4tKIwrFXGLElaCaRj5oaWsEC wLKw== X-Gm-Message-State: AOAM5336cwsnlOXBRHRQ/x49JRuqqxrQoJmu25RiOoWZOyDQLK4XcO83 I53sQ4n2PXr18yejSPoFX2Pw+W5U34Uk3w== X-Google-Smtp-Source: ABdhPJxnje43aZoDkJYl0owreps6+t80og3N1gIzYnD8/RV4qYxOhMR6LiQcn9qlMF283BYuXh7d5g== X-Received: by 2002:a65:490d:0:b0:39e:58cb:b1eb with SMTP id p13-20020a65490d000000b0039e58cbb1ebmr5631326pgs.390.1651391772631; Sun, 01 May 2022 00:56:12 -0700 (PDT) Received: from google.com ([2620:15c:2ce:200:a6bd:e82a:7b1:cc1]) by smtp.gmail.com with ESMTPSA id x14-20020a1709027c0e00b0015e8d4eb2e4sm2475629pll.302.2022.05.01.00.56.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 May 2022 00:56:12 -0700 (PDT) Date: Sun, 1 May 2022 00:56:09 -0700 From: Fangrui Song To: libc-alpha@sourceware.org, Florian Weimer Subject: Re: [PATCH] elf: Simplify version test when searching a versioned symbol Message-ID: <20220501075609.wi3bydt7h27vj6sr@google.com> References: <20220501074619.1744068-1-maskray@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20220501074619.1744068-1-maskray@google.com> X-Spam-Status: No, score=-27.4 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2022 07:56:15 -0000 On 2022-05-01, Fangrui Song wrote: >--- > elf/dl-lookup.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > >diff --git a/elf/dl-lookup.c b/elf/dl-lookup.c >index 989b073e4f..3ad6c95d79 100644 >--- a/elf/dl-lookup.c >+++ b/elf/dl-lookup.c >@@ -110,14 +110,14 @@ check_match (const char *const undef_name, > } > else > { >- /* We can match the version information or use the >- default one if it is not hidden. */ >- ElfW(Half) ndx = verstab[symidx] & 0x7fff; >+ /* When the version does not match, allow VER_NDX_GLOBAL fallback when >+ resolving relocations (version->hidden==0). Don't bother with the >+ check done by the linker: VER_NDX_GLOBAL symbol cannot be hidden. >+ */ >+ ElfW (Half) ndx = verstab[symidx] & 0x7fff; > if ((map->l_versions[ndx].hash != version->hash > || strcmp (map->l_versions[ndx].name, version->name)) >- && (version->hidden || map->l_versions[ndx].hash >- || (verstab[symidx] & 0x8000))) >- /* It's not the version we want. */ >+ && (version->hidden || ndx != VER_NDX_GLOBAL)) > return NULL; > } > } >-- >2.36.0.464.gb9c8b46e94-goog The existing code has a bug. If a has foo@v1 referencing b.so. If I rebuild b.so and change foo@v1 to foo VER_NDX_GLOBAL, `strcmp (map->l_versions[ndx].name, version->name)` may trigger a null pointer dereference: (rr) p map->l_versions[1] $7 = {name = 0x0, hash = 0, hidden = 0, filename = 0x0} This can be fixed with `!map->l_versions[ndx].name || strcmp (map->l_versions[ndx].name, version->name)`