File dlopen-filter-object.patch of Package glibc.21693

From eb447b7b4bd6177f876ba9420ad9e048c27bae91 Mon Sep 17 00:00:00 2001
From: David Kilroy <David.Kilroy@arm.com>
Date: Wed, 12 Feb 2020 14:28:15 -0300
Subject: [PATCH] elf: Allow dlopen of filter object to work [BZ #16272]

There are two fixes that are needed to be able to dlopen filter
objects. First _dl_map_object_deps cannot assume that map will be at
the beginning of l_searchlist.r_list[], as filtees are inserted before
map. Secondly dl_open_worker needs to ensure that filtees get
relocated.

In _dl_map_object_deps:

* avoiding removing relocation dependencies of map by setting
  l_reserved to 0 and otherwise processing the rest of the search
  list.

* ensure that map remains at the beginning of l_initfini - the list
  of things that need initialisation (and destruction). Do this by
  splitting the copy up. This may not be required, but matches the
  initialization order without dlopen.

Modify dl_open_worker to relocate the objects in new->l_inifini.
new->l_initfini is constructed in _dl_map_object_deps, and lists the
objects that need initialization and destruction. Originally the list
of objects in new->l_next are relocated. All of these objects should
also be included in new->l_initfini (both lists are populated with
dependencies in _dl_map_object_deps). We can't use new->l_prev to pick
up filtees, as during a recursive dlopen from an interposed malloc
call, l->prev can contain objects that are not ready for relocation.

Add tests to verify that symbols resolve to the filtee implementation
when auxiliary and filter objects are used, both as a normal link and
when dlopen'd.

Tested by running the testsuite on x86_64.

Index: glibc-2.26/elf/dl-deps.c
===================================================================
--- glibc-2.26.orig/elf/dl-deps.c
+++ glibc-2.26/elf/dl-deps.c
@@ -506,14 +506,18 @@ _dl_map_object_deps (struct link_map *ma
 
   map->l_searchlist.r_list = &l_initfini[nlist + 1];
   map->l_searchlist.r_nlist = nlist;
+  unsigned int map_index = UINT_MAX;
 
   for (nlist = 0, runp = known; runp; runp = runp->next)
     {
       if (__builtin_expect (trace_mode, 0) && runp->map->l_faked)
 	/* This can happen when we trace the loading.  */
 	--map->l_searchlist.r_nlist;
-      else
+      else {
+	if (runp->map == map)
+	  map_index = nlist;
 	map->l_searchlist.r_list[nlist++] = runp->map;
+      }
 
       /* Now clear all the mark bits we set in the objects on the search list
 	 to avoid duplicates, so the next call starts fresh.  */
@@ -571,13 +575,14 @@ Filters not supported with LD_TRACE_PREL
     }
 
   /* Maybe we can remove some relocation dependencies now.  */
-  assert (map->l_searchlist.r_list[0] == map);
   struct link_map_reldeps *l_reldeps = NULL;
   if (map->l_reldeps != NULL)
     {
-      for (i = 1; i < nlist; ++i)
+      for (i = 0; i < nlist; ++i)
 	map->l_searchlist.r_list[i]->l_reserved = 1;
 
+      /* Avoid removing relocation dependencies of the main binary.  */
+      map->l_reserved = 0;
       struct link_map **list = &map->l_reldeps->list[0];
       for (i = 0; i < map->l_reldeps->act; ++i)
 	if (list[i]->l_reserved)
@@ -602,16 +607,30 @@ Filters not supported with LD_TRACE_PREL
 	      }
 	  }
 
-      for (i = 1; i < nlist; ++i)
+      for (i = 0; i < nlist; ++i)
 	map->l_searchlist.r_list[i]->l_reserved = 0;
     }
 
-  /* Sort the initializer list to take dependencies into account.  The binary
-     itself will always be initialize last.  */
-  memcpy (l_initfini, map->l_searchlist.r_list,
-	  nlist * sizeof (struct link_map *));
-  /* We can skip looking for the binary itself which is at the front of
-     the search list.  */
+  /* Sort the initializer list to take dependencies into account.  Always
+     initialize the binary itself last.  */
+  assert (map_index < nlist);
+  if (map_index > 0)
+    {
+      /* Copy the binary into position 0.  */
+      l_initfini[0] = map->l_searchlist.r_list[map_index];
+
+      /* Copy the filtees.  */
+      for (i = 0; i < map_index; ++i)
+	l_initfini[i+1] = map->l_searchlist.r_list[i];
+
+      /* Copy the remainder.  */
+      for (i = map_index + 1; i < nlist; ++i)
+	l_initfini[i] = map->l_searchlist.r_list[i];
+    }
+  else
+    memcpy (l_initfini, map->l_searchlist.r_list,
+	    nlist * sizeof (struct link_map *));
+
   _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false);
 
   /* Terminate the list of dependencies.  */
Index: glibc-2.26/elf/dl-open.c
===================================================================
--- glibc-2.26.orig/elf/dl-open.c
+++ glibc-2.26/elf/dl-open.c
@@ -314,22 +314,25 @@ dl_open_worker (void *a)
      allows IFUNC relocations to work and it also means copy
      relocation of dependencies are if necessary overwritten.  */
   unsigned int nmaps = 0;
-  struct link_map *l = new;
+  unsigned int j = 0;
+  struct link_map *l = new->l_initfini[0];
   do
     {
       if (! l->l_real->l_relocated)
 	++nmaps;
-      l = l->l_next;
+      l = new->l_initfini[++j];
     }
   while (l != NULL);
+  /* Stack allocation is limited by the number of loaded objects.  */
   struct link_map *maps[nmaps];
   nmaps = 0;
-  l = new;
+  j = 0;
+  l = new->l_initfini[0];
   do
     {
       if (! l->l_real->l_relocated)
 	maps[nmaps++] = l;
-      l = l->l_next;
+      l = new->l_initfini[++j];
     }
   while (l != NULL);
   _dl_sort_maps (maps, nmaps, NULL, false);