[PATCH] elf: Move post-relocation code of _dl_start into _dl_start_final

[PATCH] elf: Move post-relocation code of _dl_start into _dl_start_final

[Fangrui Song]

On non-PI_STATIC_AND_HIDDEN architectures, getting the address of
_rtld_local_ro (for GLRO (dl_final_object)) goes through a GOT entry.
The GOT load may be reordered before self relocation, leading to an
unrelocated/incorrect _rtld_local_ro address.

84e02af1ebc9988126eebe60bf19226cea835623 tickled GCC powerpc32 to
reorder the GOT load before relative relocations, leading to ld.so
crash. This is similar to the m68k issue fixed by
a8e9b5b8079d18116ca69c9797e77804ecf2ee7e.

Move code after self relocation into _dl_start_final to avoid the
reordering. This fixes powerpc32 and may help other architectures when
ELF_DYNAMIC_RELOCATE is simplified in the future.
---
 elf/rtld.c | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/elf/rtld.c b/elf/rtld.c
index 19e328f89e..93180466d6 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -468,6 +468,10 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
 {
   ElfW(Addr) start_addr;
 
+  /* Do not use an initializer for these members because it would
+     intefere with __rtld_static_init.  */
+  GLRO (dl_find_object) = &_dl_find_object;
+
   /* If it hasn't happen yet record the startup time.  */
   rtld_timer_start (&start_time);
 #if !defined DONT_USE_BOOTSTRAP_MAP
@@ -512,7 +516,10 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
       print_statistics (RTLD_TIMING_REF(rtld_total_time));
     }
 
-  return start_addr;
+#ifndef ELF_MACHINE_START_ADDRESS
+# define ELF_MACHINE_START_ADDRESS(map, start) (start)
+#endif
+  return ELF_MACHINE_START_ADDRESS (GL(dl_ns)[LM_ID_BASE]._ns_loaded, start_addr);
 }
 
 #ifdef DONT_USE_BOOTSTRAP_MAP
@@ -586,23 +593,11 @@ _dl_start (void *arg)
 
   __rtld_malloc_init_stubs ();
 
-  /* Do not use an initializer for these members because it would
-     intefere with __rtld_static_init.  */
-  GLRO (dl_find_object) = &_dl_find_object;
-
-  {
 #ifdef DONT_USE_BOOTSTRAP_MAP
-    ElfW(Addr) entry = _dl_start_final (arg);
+  return _dl_start_final (arg);
 #else
-    ElfW(Addr) entry = _dl_start_final (arg, &info);
+  return _dl_start_final (arg, &info);
 #endif
-
-#ifndef ELF_MACHINE_START_ADDRESS
-# define ELF_MACHINE_START_ADDRESS(map, start) (start)
-#endif
-
-    return ELF_MACHINE_START_ADDRESS (GL(dl_ns)[LM_ID_BASE]._ns_loaded, entry);
-  }
 }
 
 
-- 
2.36.0.rc2.479.g8af0fa9b8e-goog

Re: [PATCH] elf: Move post-relocation code of _dl_start into _dl_start_final

[Andreas Schwab]

On Apr 23 2022, Fangrui Song wrote:

> On non-PI_STATIC_AND_HIDDEN architectures, getting the address of
> _rtld_local_ro (for GLRO (dl_final_object)) goes through a GOT entry.
> The GOT load may be reordered before self relocation, leading to an
> unrelocated/incorrect _rtld_local_ro address.
>
> 84e02af1ebc9988126eebe60bf19226cea835623 tickled GCC powerpc32 to
> reorder the GOT load before relative relocations, leading to ld.so
> crash. This is similar to the m68k issue fixed by
> a8e9b5b8079d18116ca69c9797e77804ecf2ee7e.
>
> Move code after self relocation into _dl_start_final to avoid the
> reordering. This fixes powerpc32 and may help other architectures when
> ELF_DYNAMIC_RELOCATE is simplified in the future.

Ok.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."