summaryrefslogtreecommitdiff
path: root/libexec/ld.so
AgeCommit message (Collapse)Author
2023-08-15ldd can pledge "stdio rpath proc exec prot_exec". We can later bifurbicateTheo de Raadt
at the dlopen vs execve split, dropping either "proc" or "prot_exec". ok gnezdo
2023-08-15Improve handling of dlopen(RTLD_TRACE) aka ldd, of a library thatPhilip Guenther
is already loaded: * add a 'trace' argument to _dl_show_objects() and exit the walk-the-objects loop if you hit that traced object * in dlopen(), pass the trace object to _dl_show_objects() * also, invoke _dl_show_objects() + exit if the object was already opened * pass NULL to _dl_show_objects() for all the other calls * oh hey, _dl_tracelib is now superfluous: _dl_show_objects() should do the walk-the-objects loop only if trace is not NULL. Problem noted by gnezdo@ ok millert@
2023-08-15Skip the _dl_msyscall() invocation if tracing library loading.Philip Guenther
Problem noted by gnezdo@ ok millert@
2023-08-12Check for a full read, avoid warn when errno might be unmodifiedGreg Steuck
Promote size from int to size_t. From: lucas at sexy dot is Regress tests by gnezdo@ deraadt: yes
2023-07-24I added the 2nd argument (execpromises) to pledge(2), and then huntedTheo de Raadt
for more than a year code which could use it; but in all non-trivial circumstances (programs which would benefit), I was stopped by issues (in particular by environment variable behavious). But I never looked in ldd(1). This is the FIRST one which is completely obvious. spledge(NULL, "stdio rpath") ok guenther
2023-07-13- use IS_ELF() to check the ELF magic bytesJasper Lievisse Adriaanse
- reject non-sensical program header values which would result in a crash when accessing the 0 bytes sized buffer allocated due to it ok deraadt@ kettenis@
2023-07-12validate alignment of ELF program headersJasper Lievisse Adriaanse
2023-07-08turn an ifdef'd _dl_printf call into DL_DEB and various whitespace fixesJasper Lievisse Adriaanse
sure deraadt@
2023-07-08zap stray backslashJasper Lievisse Adriaanse
ok deraadt@
2023-05-18If you disable retpolineplt then _dl_bind_start is called with anPhilip Guenther
indirect branch, so include an endbr64 Just In Case. ok deraadt@
2023-04-27revert cache lookup for full pathnamesRobert Nagy
2023-04-25endbr64 is potentially neccessary in the syscall stubs.Theo de Raadt
2023-04-24Since ENTRY() already inserts a BTI instructions so don't add another one.Mark Kettenis
ok patrick@
2023-04-24do a cache lookup as well in case a full pathname is passed to dlopenRobert Nagy
2023-04-13Avoid an overflow in the ELF SYSV ABI hash function.Todd C. Miller
The hash function is supposed to return a value less than or equal to 0x0fffffff. Due to a bug in the sample code supplied with the ELF SYSV ABI documentation, the hash function can overflow on 64-bit systems. Apply the same fix used by GNU libc, MUSL libc and FreeBSD. Prompted by https://maskray.me/blog/2023-04-12-elf-hash-function OK tb@ miod@
2023-04-09Treat symlinks better in $ORIGIN determination in ld.soGreg Steuck
Now symlinking an executable away from the rest of its installation tree no longer prevents it from finding the libraries. This matches the behavior of other OS linkers. Prompted by a behavior change in lang/ghc test suite. Swapped the order of dirname/realpath in _dl_origin_path. Added some regress tests that pass and then bin3 that fails without this change and reflects the behavior needd for lang/ghc. Suggestion by semarie@, OK deraadt@
2023-03-31Call entry point of the executable through register x17. This allows itMark Kettenis
to be a normal C function that starts with "bti c" when BTI contro flow integretry enforcement is in place. Add "bti c" to _dl_bind_start(). Remove unused _rtld_tlsdesc() function to avoid having to add "bti c" to it. ok deraadt@
2023-02-20Adjust inline !libc check to match the intent in ld.soGreg Steuck
right, deraadt@
2023-02-18Lookup the start,len of the "execve" stub in libc.so, and tell the kernelTheo de Raadt
where it is with pinsyscall(). In non-static binaries, kernel execve(2) will now insist upon being called from that small region. Arriving from a different region smells like ROP methodology, and the process is killed.
2023-02-10Explicitly mark the text LOAD as FLAGS(5), meaning RX, with a comment.Theo de Raadt
This is the default value of the linker, but I really like placing the comment "architecturally required data islands".
2023-02-02unify spacing for LOAD FLAGS linesTheo de Raadt
2023-02-02i386 and alpha ld.so also work with X-only text LOAD. There is noTheo de Raadt
hardware enforcement for this, but uvm can some of it's own tricks on occasion.
2023-01-31powerpc xonly for G5 is coming. ld.so can have xonly text.Theo de Raadt
ok gkoehler
2023-01-29Accumulate intermediate imutables locally before applyingGreg Steuck
OK deraadt
2023-01-29Unite all nitems copies in ld.so/util.hGreg Steuck
OK deraadt
2023-01-29powerpc64 xonly works; ld.so can be switched overTheo de Raadt
2023-01-20amd64 now has xonly support via the PKU feature. Marking ld.so exec-onlyTheo de Raadt
is no longer a NOP on those systems, let's do it.
2023-01-12Use proper sparc64 illtrap instruction as text sections filler, rather thanMiod Vallat
the x86 one.
2023-01-11be very paranoid like other architectures and force no-jump-tablesTheo de Raadt
came up in two seperate conversations with miod and kettenis
2023-01-11put LD_SCRIPT in the canonical locationTheo de Raadt
2023-01-11Add ld.so linker scripts on the remaining platforms.Miod Vallat
2023-01-11force-disable jump tables in ld.so building on sparc64, to ease theTheo de Raadt
exonly transition for people building through an upcoming commit series
2023-01-11the kernel on mips64 (octeon, loongson) is in good enough shape to runTheo de Raadt
--execute-only ld.so (meaning FLAGS (1) on the LOAD line for the text segment, in the ld.script). the linker, when using built-in linker scripts, is not ready yet for other libraries / binaries..
2023-01-11Add retguard to amd64 syscalls.Todd Mortimer
Since we got rid of padded syscalls we have enough registers to do this. ok deraadt@ ok kettenis@
2023-01-10hppa ld.so works with executable-only text (non-readable)Theo de Raadt
2023-01-09riscv64 ld.so is ready to be xonlyTheo de Raadt
ok kettenis
2023-01-09Rewrite the hppa assembly code to avoid reads from .text, by using theMark Kettenis
standard PIC magic. This makes the code similar to what we already use for rcrt0.o. This makes it ready for execute-only. Build C code using -fno-jump-tables to make it ready for execute-only. ok deraadt@, miod@
2023-01-09In preparation for upcoming execute-only support, change the magic branchMark Kettenis
instruction used by __canonicalize_funcptr_for_compare() from "bl" into "b". This allows __canonicalize_funcptr_for_compare() to execute the branch instead of decoding the instruction to find the address of _dl_bind(). This is the first step in the transition to a new ABI. Once an updated ld.so has been installed, we can change __canonicalize_funcptr_for_compare() (which lives in libgcc) and rebuild everything with a new libgcc. Only then we can actually make ld.so executable-only. ok deraadt@, miod@
2022-12-25Re-enable DT_MIPS_RLD_MAP_REL tag in ld.soVisa Hankala
The linker now produces correct values for DT_MIPS_RLD_MAP_REL tags. The DT_MIPS_RLD_MAP_REL offset is relative to the entry of the original dynamic tags array. Therefore look up the tag from exe_obj->load_dyn instead of exe_obj->Dyn.info to get the correct base address. OK kettenis@ deraadt@
2022-12-24Make .text (and .btext) execute-only on arm64.Mark Kettenis
ok deraadt@
2022-12-18cannot try the boot.data unmap until all the ld.script are commited, andTheo de Raadt
fixed to identify the region correctly.
2022-12-16delete // debug comment chunks. If anyone wants to debug ld.so and runsTheo de Raadt
into a mimmutable related concern, you want to undo this revision to get this debug back. I do not consider this suitable for hiding behind a cpp macro.
2022-12-05Add linker script for hppa. The crucial bit is that hppa needs an extraMark Kettenis
segment for .plt/.got which needs to be placed correctly. ok deraadt@
2022-12-04ld.so: Disable DT_MIPS_RLD_MAP_RELVisa Hankala
The linker produces incorrect values for DT_MIPS_RLD_MAP_REL tags. Disable the handling of the tag in the dynamic loader. The linker will be fixed in a later commit when snapshots have the updated ld.so. Discussed with and OK kettenis@ deraadt@
2022-12-04The next step for mimmutable(). ld.so figures out what regions of memoryTheo de Raadt
of startup shared library mappings can be made immutable, and also does this for dlope() RTLD_NODELETE and subsidiary libraries. Complexity in this diff is due to the GNU_RELRO and OPENBSD_MUTABLE sections. Tested in snaps for about 3 weeks, with some bootstrap related pain felt in ports ok kettenis, much help from others.
2022-11-25Add ld.so linker script for mips64Visa Hankala
Since the introduction of automatic immutable from the kernel, the munmap() of ld.so boot.text region is now (silently) failing because the region is contained within the text LOAD, which is immutable. So create a new btext LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects in there. This LOAD must also be page-aligned so it doesn't skip unmapping some of the object region, previously it was hilariously unaligned. OK deraadt@
2022-11-14Since the introduction of automatic immutable from the kernel, the munmap()Theo de Raadt
of ld.so boot.text region is now (silently) failing because the region is contained within the text LOAD, which is immutable. So create a new btext LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects in there. This LOAD must also be page-aligned so it doesn't skip unmapping some of the object region, previously it was hilariously unaligned. ok kettenis and guenther seemed to like it also This one is for powerpc64 and a modified version of the diff deraadt@ mailed out to make sure the LOADs are in increasing address order. this is the alpha version
2022-11-14Since the introduction of automatic immutable from the kernel, the munmap()Theo de Raadt
of ld.so boot.text region is now (silently) failing because the region is contained within the text LOAD, which is immutable. So create a new btext LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects in there. This LOAD must also be page-aligned so it doesn't skip unmapping some of the object region, previously it was hilariously unaligned. ok kettenis and guenther seemed to like it also This one is for powerpc64 and a modified version of the diff deraadt@ mailed out to make sure the LOADs are in increasing address order. this is the i386 version
2022-11-14Since the introduction of automatic immutable from the kernel, the munmap()Theo de Raadt
of ld.so boot.text region is now (silently) failing because the region is contained within the text LOAD, which is immutable. So create a new btext LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects in there. This LOAD must also be page-aligned so it doesn't skip unmapping some of the object region, previously it was hilariously unaligned. ok kettenis and guenther seemed to like it also This one is for powerpc64 and a modified version of the diff deraadt@ mailed out to make sure the LOADs are in increasing address order. this is the version for sparc64, tested by pascal also
2022-11-14Since the introduction of automatic immutable from the kernel, the munmap()Theo de Raadt
of ld.so boot.text region is now (silently) failing because the region is contained within the text LOAD, which is immutable. So create a new btext LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects in there. This LOAD must also be page-aligned so it doesn't skip unmapping some of the object region, previously it was hilariously unaligned. ok kettenis and guenther seemed to like it also This one is for powerpc64 and a modified version of the diff deraadt@ mailed out to make sure the LOADs are in increasing address order. this is the version for powerpc, tested by pascal