When dlopening a shared object, _dl_open_check will throw an exception
if CET shadow stack is enabled and the shared object has no shadow stack
support. dl_open_worker must call _dl_open_check after relocation is
finished. Otherwise, the dependency shared objects may be mmapped
without relocation. This will lead to run-time failure later when they
are needed by another dlopened shared object which is shadow stack
Note: My understanding is that this bug is visible even on non-CET hardware because the CET markup is checked for consistency even in non-CET mode, which makes this bug visible on current x86 hardware.
Author: H.J. Lu <firstname.lastname@example.org>
Date: Mon Jul 1 12:23:10 2019 -0700
Call _dl_open_check after relocation [BZ #24259]
This is a workaround for [BZ #20839] which doesn't remove the NODELETE
object when _dl_open_check throws an exception. Move it after relocation
in dl_open_worker to avoid leaving the NODELETE object mapped without
Please also verify upstream branch backports:
release/2.30/master - May be required. Please check.
release/2.29/master - May be required. Please check.
release/2.28/master - May be required. Please check.
Backported to upstream 2.29 and 2.28
Verified with elf/tst-cet-legacy-5a, elf/tst-cet-legacy-6a
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.