From a79b262c1e68098701da6ac34bd1ba8ca8413961 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 1 Jun 2016 07:14:42 +0200
Subject: [PATCH] fork in libpthread cannot use IFUNC resolver [BZ #19861]
This commit only addresses the fork case, the vfork case has to be a
tail call, which is why the generic code needs an IFUNC resolver
there.
(cherry picked from commit f06f3f05b48c72e2c9b0fa78671f94fd22d67da8)
---
ChangeLog | 9 +++++++++
nptl/pt-fork.c | 43 ++++++++++---------------------------------
2 files changed, 19 insertions(+), 33 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 123274c..b09e88f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2016-06-01 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #19861]
+ Do not use IFUNC resolver with potentially unrelocated symbol.
+ * nptl/pt-fork.c [HAVE_IFUNC]: Remove.
+ (DEFINE_FORK): Remove macro and inline definition.
+ (fork_alias): Renamed from fork_ifunc.
+ (__fork_alias): Renamed from __fork_ifunc.
+
2016-05-23 Florian Weimer <fweimer@redhat.com>
CVE-2016-4429
diff --git a/nptl/pt-fork.c b/nptl/pt-fork.c
index fd6544b..325ff2b 100644
--- a/nptl/pt-fork.c
+++ b/nptl/pt-fork.c
@@ -25,33 +25,14 @@
the historical ABI requires it. For static linking, there is no need to
provide anything here--the libc version will be linked in. For shared
library ABI compatibility, there must be __fork and fork symbols in
- libpthread.so; so we define them using IFUNC to redirect to the libc
- function. */
+ libpthread.so.
-#if SHLIB_COMPAT (libpthread, GLIBC_2_0, GLIBC_2_22)
-
-# if HAVE_IFUNC
-
-static __typeof (fork) *
-__attribute__ ((used))
-fork_resolve (void)
-{
- return &__libc_fork;
-}
+ With an IFUNC resolver, it would be possible to avoid the
+ indirection, but the IFUNC resolver might run before the
+ __libc_fork symbol has been relocated, in which case the IFUNC
+ resolver would not be able to provide the correct address. */
-# ifdef HAVE_ASM_SET_DIRECTIVE
-# define DEFINE_FORK(name) \
- asm (".set " #name ", fork_resolve\n" \
- ".globl " #name "\n" \
- ".type " #name ", %gnu_indirect_function");
-# else
-# define DEFINE_FORK(name) \
- asm (#name " = fork_resolve\n" \
- ".globl " #name "\n" \
- ".type " #name ", %gnu_indirect_function");
-# endif
-
-# else /* !HAVE_IFUNC */
+#if SHLIB_COMPAT (libpthread, GLIBC_2_0, GLIBC_2_22)
static pid_t __attribute__ ((used))
fork_compat (void)
@@ -59,14 +40,10 @@ fork_compat (void)
return __libc_fork ();
}
-# define DEFINE_FORK(name) strong_alias (fork_compat, name)
-
-# endif /* HAVE_IFUNC */
-
-DEFINE_FORK (fork_ifunc)
-compat_symbol (libpthread, fork_ifunc, fork, GLIBC_2_0);
+strong_alias (fork_compat, fork_alias)
+compat_symbol (libpthread, fork_alias, fork, GLIBC_2_0);
-DEFINE_FORK (__fork_ifunc)
-compat_symbol (libpthread, __fork_ifunc, __fork, GLIBC_2_0);
+strong_alias (fork_compat, __fork_alias)
+compat_symbol (libpthread, __fork_alias, __fork, GLIBC_2_0);
#endif
--
2.8.3
