232986 – Use of ifunc in libc causes segfaults

Bug 232986 - Use of ifunc in libc causes segfaults

Summary: Use of ifunc in libc causes segfaults

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-05 14:52 UTC by Shawn Webb
Modified:	2019-04-08 15:39 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
RTLD debug log for /bin/ls (46.29 KB, text/plain) 2018-11-05 16:50 UTC, Shawn Webb	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shawn Webb 2018-11-05 14:52:02 UTC

In r339898, kib@ introduced the first use of ifunc in userland, specifically in libc. This causes issues with dynamically-linked binaries where RELRO+BIND_NOW is used. This is an issue in HardenedBSD, where RELRO and BIND_NOW are set by default.

In r340137, emaste@ found one and fixed one issue: the enforcement of RELRO was being done in the RTLD prior to the resolution of the ifunc. I suspect there may be more to do in the RTLD to complete ifunc support in shared libraries, especially ones as critical as libc.

This could be seen as a HardenedBSD-specific issue. However, as FreeBSD re-implements parts of HardenedBSD, FreeBSD will likely run across the same issue. Regardless, we at HardenedBSD will work to find the underlying cause, fix it, and (if applicable) upstream the fix.

Comment 1 Shawn Webb 2018-11-05 15:00:30 UTC

Log of the segfault in my dev VM:

WARNING: WITNESS option enabled, expect reduced performance.                                                                                                 
Trying to mount root from zfs:rpool/ROOT/master-2018-11-05_01 []...                                                                                          
pid 16798 (sh), uid 0: exited on signal 11                                                                                                                   
2018-11-05T04:38:13.582502-05:00  init 1 - - /bin/sh on /etc/rc terminated abnormally, going to single user mode                                             
Enter root password, or ^D to go multi-user                                                                                                                  
Password:                                                                                                                                                    
Enter full pathname of shell or RETURN for /bin/sh:                                                                                                          
pid 38293 (sh), uid 0: exited on signal 11                                                                                                                   
2018-11-05T04:38:50.300393-05:00  init 1 - - single user shell terminated, restarting                                                                        
Enter root password, or ^D to go multi-user                                   
Password:                                                                                                         
Enter full pathname of shell or RETURN for /bin/sh: /rescue/sh                
pid 69875 (resizewin), uid 0: exited on signal 11                      
Segmentation fault                                                                                                         
# bectl list                                                                                                                                   
pid 90914 (bectl), uid 0: exited on signal 11                                              
Segmentation fault                                                                                               
# /rescue/bectl list                                                              
BE                   Active Mountpoint Space Created                  
master-2018-11-05_01 NR     /          38.9G 2018-11-05 05:28                                           
master-2018-11-01_01 -      -          3.51G 2018-11-01 12:11                                                
master-2018-10-23_01 -      -          3.48G 2018-10-23 17:01                             
master-2018-10-22_01 -      -          3.49G 2018-10-22 06:38       
master-2018-09-26_02 -      -          19.8M 2018-09-26 16:07
master-2018-09-22_01 -      -          39.7G 2018-09-22 10:18                                                                                                
master-2018-10-31_01 -      -          3.59G 2018-10-31 14:25                                 
master-2018-10-26_01 -      -          3.51G 2018-10-26 15:50      
# /rescue/bectl activate master-2018-11-01_01                  
successfully activated boot environment master-2018-11-01_01                                                             
# /rescue/shutdown -r now

Comment 2 Shawn Webb 2018-11-05 16:50:18 UTC

Created attachment 198981 [details]
RTLD debug log for /bin/ls

Ed Maste requested a debug log from the RTLD. I hope this is complete. I had to copy it by hand from the nmdm device for the VM.

Comment 3 Ed Maste freebsd_committer

2019-04-08 15:37:15 UTC

Should be fixed after the changes described in PR 233333 - Shawn can you confirm?

Comment 4 Shawn Webb 2019-04-08 15:39:58 UTC

Can do. May take some time as I'm working on a few other things at the moment.