From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by sourceware.org (Postfix) with ESMTPS id EB00F3858C50 for ; Mon, 2 May 2022 18:58:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EB00F3858C50 Received: by mail-pj1-x1033.google.com with SMTP id r9so13404035pjo.5 for ; Mon, 02 May 2022 11:58:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=yTuX1w0mH4tx+0z8f6A4bV/DFF3ST5aXKZJRz1iWHfY=; b=VVilgAoe9jgJhTAsVeCReX9eqn053ykh+Om1TeRulI+QpNC1VSOOFAy75U3wk1eSaS F/de9jpCpxi6SomFI+kXRBfN3gellaHF+kuTVmKCiznHql6fzBaUhFnpOYcaRHwPFPi+ KrvpITQY/KPDdHCoCGt6VuRdtf86jsPY1XjxecdPYRpfTWDRFdwuYh0r8UJrIz8JS9KG rOHKlm5xHLQQOTg8Y50cnX7I1F+GPqV6infsuf9xtrcIOopnYmtarjj7l9hmM01+rRZ1 iAfHJFuHq0qzKlK4AIvJ1W6R/72EknizoeKL7p4rNQxf3jgJMxz2UUYW6AKrKbVb7Mqf KhmA== X-Gm-Message-State: AOAM530CmGGjx2XBI+jkksXxx2sf8LvHzwqadf6985JPlQ4rDlxzUstD iKPzoMkkaS4z3IJLpjEFTTukeTVSFDRgWA== X-Google-Smtp-Source: ABdhPJyeVtfpuaaHZFFrdC+59utXFG7dWt96bZLoirkQXJPEPSiUm3QMK0luC0xz6XJothK+7eoo4Q== X-Received: by 2002:a17:903:32d2:b0:15e:8b2b:a5c2 with SMTP id i18-20020a17090332d200b0015e8b2ba5c2mr13282292plr.153.1651517932715; Mon, 02 May 2022 11:58:52 -0700 (PDT) Received: from google.com ([2620:15c:2ce:200:9b50:a399:e048:3563]) by smtp.gmail.com with ESMTPSA id m9-20020aa79009000000b0050dc7628158sm5038328pfo.50.2022.05.02.11.58.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 11:58:52 -0700 (PDT) Date: Mon, 2 May 2022 11:58:48 -0700 From: Fangrui Song To: Florian Weimer Cc: libc-alpha@sourceware.org Subject: Re: [PATCH] elf: Simplify version test when searching a versioned symbol Message-ID: <20220502185848.7hcslwkb43prnvi4@google.com> References: <20220501074619.1744068-1-maskray@google.com> <20220501075609.wi3bydt7h27vj6sr@google.com> <8735hs8gyu.fsf@oldenburg.str.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <8735hs8gyu.fsf@oldenburg.str.redhat.com> X-Spam-Status: No, score=-27.4 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2022 18:58:55 -0000 On 2022-05-02, Florian Weimer wrote: >* Fangrui Song: > >> On 2022-05-01, Fangrui Song wrote: >>>--- >>> elf/dl-lookup.c | 12 ++++++------ >>> 1 file changed, 6 insertions(+), 6 deletions(-) >>> >>>diff --git a/elf/dl-lookup.c b/elf/dl-lookup.c >>>index 989b073e4f..3ad6c95d79 100644 >>>--- a/elf/dl-lookup.c >>>+++ b/elf/dl-lookup.c >>>@@ -110,14 +110,14 @@ check_match (const char *const undef_name, >>> } >>> else >>> { >>>- /* We can match the version information or use the >>>- default one if it is not hidden. */ >>>- ElfW(Half) ndx = verstab[symidx] & 0x7fff; >>>+ /* When the version does not match, allow VER_NDX_GLOBAL fallback when >>>+ resolving relocations (version->hidden==0). Don't bother with the >>>+ check done by the linker: VER_NDX_GLOBAL symbol cannot be hidden. >>>+ */ >>>+ ElfW (Half) ndx = verstab[symidx] & 0x7fff; >>> if ((map->l_versions[ndx].hash != version->hash >>> || strcmp (map->l_versions[ndx].name, version->name)) >>>- && (version->hidden || map->l_versions[ndx].hash >>>- || (verstab[symidx] & 0x8000))) >>>- /* It's not the version we want. */ >>>+ && (version->hidden || ndx != VER_NDX_GLOBAL)) >>> return NULL; >>> } >>> } >>> -- 2.36.0.464.gb9c8b46e94-goog >> >> The existing code has a bug. >> >> If a has foo@v1 referencing b.so. If I rebuild b.so and change foo@v1 to >> foo VER_NDX_GLOBAL, >> >> `strcmp (map->l_versions[ndx].name, version->name)` may trigger a null >> pointer dereference: >> >> (rr) p map->l_versions[1] >> $7 = {name = 0x0, hash = 0, hidden = 0, filename = 0x0} >> >> This can be fixed with `!map->l_versions[ndx].name || strcmp (map->l_versions[ndx].name, version->name)` > >Hmm. How do we handle VER_NDX_GLOBAL in the dynamic linker? VER_NDX_GLOBAL (1) is handled the same way as versions with index >= 2, in _dl_check_map_versions in dl-version.c. I think l_versions[1] is typically filled in due to VER_FLG_BASE in DT_VERDEF (.gnu.version_d). An object may have DT_VERDEF but not DT_VERNEED. In that case, the field for VER_NDX_GLOBAL are all zeroes. >The if branch has an assert. I think it fires if we drop symbol >versioning completely. I think we should report a proper error for >that. > >Should the switch to VER_NDX_GLOBAL also result in an error >(eventually)? When playing around this yesterday, I have triggered the assert failure but I don't remember how I did. assert (version->filename == NULL || ! _dl_name_match_p (version->filename, map));