1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <dlfcn.h>
30 #include <link.h>
31
32 #include <gtest/gtest.h>
33
34 #include <string>
35 #include <thread>
36
37 #include "gtest_globals.h"
38 #include "platform/bionic/tls.h"
39 #include "utils.h"
40
41 #if defined(__BIONIC__)
42 #include "bionic/pthread_internal.h"
43 #endif
44
45 // Access libtest_elftls_shared_var.so's TLS variable using an IE access.
46 __attribute__((tls_model("initial-exec"))) extern "C" __thread int elftls_shared_var;
47
TEST(elftls_dl,dlopen_shared_var_ie)48 TEST(elftls_dl, dlopen_shared_var_ie) {
49 // libtest_elftls_shared_var_ie.so can be dlopen'ed, even though it contains a
50 // TLS IE access, because its IE access references a TLS variable from
51 // libtest_elftls_shared_var.so, which is DT_NEEDED by the executable. This
52 // pattern appears in sanitizers, which use TLS IE instrumentation in shared
53 // objects to access special variables exported from the executable or from a
54 // preloaded solib.
55 void* lib = dlopen("libtest_elftls_shared_var_ie.so", RTLD_LOCAL | RTLD_NOW);
56 ASSERT_NE(nullptr, lib);
57
58 auto bump_shared_var = reinterpret_cast<int(*)()>(dlsym(lib, "bump_shared_var"));
59 ASSERT_NE(nullptr, bump_shared_var);
60
61 ASSERT_EQ(21, ++elftls_shared_var);
62 ASSERT_EQ(22, bump_shared_var());
63
64 std::thread([bump_shared_var] {
65 ASSERT_EQ(21, ++elftls_shared_var);
66 ASSERT_EQ(22, bump_shared_var());
67 }).join();
68 }
69
TEST(elftls_dl,dlopen_ie_error)70 TEST(elftls_dl, dlopen_ie_error) {
71 std::string helper = GetTestLibRoot() + "/elftls_dlopen_ie_error_helper";
72 std::string src_path = GetTestLibRoot() + "/libtest_elftls_shared_var_ie.so";
73 std::string dst_path = GetTestLibRoot() + "/libtest_elftls_shared_var.so";
74 #if defined(__BIONIC__)
75 std::string error =
76 "dlerror: dlopen failed: TLS symbol \"elftls_shared_var\" in dlopened \"" + dst_path + "\" " +
77 "referenced from \"" + src_path + "\" using IE access model\n";
78 #else
79 // glibc will reserve some surplus static TLS memory, allowing this test to pass.
80 std::string error = "success\n";
81 #endif
82
83 ExecTestHelper eth;
84 eth.SetArgs({ helper.c_str(), nullptr });
85 eth.Run([&]() { execve(helper.c_str(), eth.GetArgs(), eth.GetEnv()); }, 0, error.c_str());
86 }
87
88 // Use a GD access (__tls_get_addr or TLSDESC) to modify a variable in static
89 // TLS memory.
TEST(elftls_dl,access_static_tls)90 TEST(elftls_dl, access_static_tls) {
91 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
92 ASSERT_NE(nullptr, lib);
93
94 auto bump_shared_var = reinterpret_cast<int(*)()>(dlsym(lib, "bump_shared_var"));
95 ASSERT_NE(nullptr, bump_shared_var);
96
97 ASSERT_EQ(21, ++elftls_shared_var);
98 ASSERT_EQ(22, bump_shared_var());
99
100 std::thread([bump_shared_var] {
101 ASSERT_EQ(21, ++elftls_shared_var);
102 ASSERT_EQ(22, bump_shared_var());
103 }).join();
104 }
105
TEST(elftls_dl,bump_local_vars)106 TEST(elftls_dl, bump_local_vars) {
107 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
108 ASSERT_NE(nullptr, lib);
109
110 auto get_local_var2 = reinterpret_cast<int(*)()>(dlsym(lib, "get_local_var2"));
111 ASSERT_NE(nullptr, get_local_var2);
112
113 auto get_local_var1 = reinterpret_cast<int(*)()>(dlsym(lib, "get_local_var1"));
114 ASSERT_NE(nullptr, get_local_var1);
115
116 auto get_local_var1_addr = reinterpret_cast<int*(*)()>(dlsym(lib, "get_local_var1_addr"));
117 ASSERT_NE(nullptr, get_local_var1_addr);
118
119 // Make sure subsequent accesses return the same pointer.
120 ASSERT_EQ(get_local_var1_addr(), get_local_var1_addr());
121
122 // Check the initial values are correct.
123 ASSERT_EQ(25, get_local_var2());
124 ASSERT_EQ(15, get_local_var1());
125
126 auto bump_local_vars = reinterpret_cast<int(*)()>(dlsym(lib, "bump_local_vars"));
127 ASSERT_NE(nullptr, bump_local_vars);
128
129 ASSERT_EQ(42, bump_local_vars());
130 std::thread([bump_local_vars] {
131 ASSERT_EQ(42, bump_local_vars());
132 }).join();
133 }
134
135 extern "C" int* missing_weak_tls_addr();
136
137 // The Bionic linker resolves a TPREL relocation to an unresolved weak TLS
138 // symbol to 0, which is added to the thread pointer. N.B.: A TPREL relocation
139 // in a static executable is resolved by the static linker instead, and static
140 // linker behavior varies (especially with bfd and gold). See
141 // https://bugs.llvm.org/show_bug.cgi?id=40570.
TEST(elftls_dl,tprel_missing_weak)142 TEST(elftls_dl, tprel_missing_weak) {
143 ASSERT_EQ(static_cast<void*>(__get_tls()), missing_weak_tls_addr());
144 std::thread([] {
145 ASSERT_EQ(static_cast<void*>(__get_tls()), missing_weak_tls_addr());
146 }).join();
147 }
148
149 // The behavior of accessing an unresolved weak TLS symbol using a dynamic TLS
150 // relocation depends on which kind of implementation the target uses. With
151 // TLSDESC, the result is NULL. With __tls_get_addr, the result is the
152 // generation count (or maybe undefined behavior)? This test only tests TLSDESC.
TEST(elftls_dl,tlsdesc_missing_weak)153 TEST(elftls_dl, tlsdesc_missing_weak) {
154 #if defined(__aarch64__) || defined(__riscv)
155 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
156 ASSERT_NE(nullptr, lib);
157
158 auto missing_weak_dyn_tls_addr = reinterpret_cast<int*(*)()>(dlsym(lib, "missing_weak_dyn_tls_addr"));
159 ASSERT_NE(nullptr, missing_weak_dyn_tls_addr);
160
161 ASSERT_EQ(nullptr, missing_weak_dyn_tls_addr());
162 std::thread([missing_weak_dyn_tls_addr] {
163 ASSERT_EQ(nullptr, missing_weak_dyn_tls_addr());
164 }).join();
165 #else
166 GTEST_SKIP() << "This test is only run on TLSDESC-based targets";
167 #endif
168 }
169
TEST(elftls_dl,dtv_resize)170 TEST(elftls_dl, dtv_resize) {
171 #if defined(__BIONIC__)
172 std::string helper = GetTestLibRoot() + "/elftls_dtv_resize_helper";
173 ExecTestHelper eth;
174 eth.SetArgs({helper.c_str(), nullptr});
175 eth.Run([&]() { execve(helper.c_str(), eth.GetArgs(), eth.GetEnv()); }, 0, nullptr);
176 #else
177 GTEST_SKIP() << "test doesn't apply to glibc";
178 #endif
179 }
180
181 // Verify that variables are reset to their initial values after the library
182 // containing them is closed.
TEST(elftls_dl,dlclose_resets_values)183 TEST(elftls_dl, dlclose_resets_values) {
184 for (int round = 0; round < 2; ++round) {
185 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
186 ASSERT_NE(nullptr, lib);
187
188 auto bump_local_vars = reinterpret_cast<int(*)()>(dlsym(lib, "bump_local_vars"));
189 ASSERT_NE(nullptr, bump_local_vars);
190
191 ASSERT_EQ(42, bump_local_vars());
192 ASSERT_EQ(44, bump_local_vars());
193
194 ASSERT_EQ(0, dlclose(lib));
195 }
196 }
197
198 // Calling dlclose should remove the entry for the solib from the global list of
199 // ELF TLS modules. Test that repeatedly loading and unloading a library doesn't
200 // increase the DTV size.
TEST(elftls_dl,dlclose_removes_entry)201 TEST(elftls_dl, dlclose_removes_entry) {
202 #if defined(__BIONIC__)
203 auto dtv = []() -> TlsDtv* { return __get_tcb_dtv(__get_bionic_tcb()); };
204
205 bool first = true;
206 size_t count = 0;
207
208 // Use a large number of rounds in case the DTV is initially larger than
209 // expected.
210 for (int round = 0; round < 32; ++round) {
211 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
212 ASSERT_NE(nullptr, lib);
213
214 auto bump_local_vars = reinterpret_cast<int(*)()>(dlsym(lib, "bump_local_vars"));
215 ASSERT_NE(nullptr, bump_local_vars);
216
217 ASSERT_EQ(42, bump_local_vars());
218 if (first) {
219 first = false;
220 count = dtv()->count;
221 } else {
222 ASSERT_EQ(count, dtv()->count);
223 }
224
225 dlclose(lib);
226 }
227 #else
228 GTEST_SKIP() << "test doesn't apply to glibc";
229 #endif
230 }
231
232 // Use dlsym to get the address of a TLS variable in static TLS and compare it
233 // against the ordinary address of the variable.
TEST(elftls_dl,dlsym_static_tls)234 TEST(elftls_dl, dlsym_static_tls) {
235 void* lib = dlopen("libtest_elftls_shared_var.so", RTLD_LOCAL | RTLD_NOW);
236 ASSERT_NE(nullptr, lib);
237
238 int* var_addr = static_cast<int*>(dlsym(lib, "elftls_shared_var"));
239 ASSERT_EQ(&elftls_shared_var, var_addr);
240
241 std::thread([lib] {
242 int* var_addr = static_cast<int*>(dlsym(lib, "elftls_shared_var"));
243 ASSERT_EQ(&elftls_shared_var, var_addr);
244 }).join();
245 }
246
247 // Use dlsym to get the address of a TLS variable in dynamic TLS and compare it
248 // against the ordinary address of the variable.
TEST(elftls_dl,dlsym_dynamic_tls)249 TEST(elftls_dl, dlsym_dynamic_tls) {
250 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
251 ASSERT_NE(nullptr, lib);
252 auto get_var_addr = reinterpret_cast<int*(*)()>(dlsym(lib, "get_large_tls_var_addr"));
253 ASSERT_NE(nullptr, get_var_addr);
254
255 int* var_addr = static_cast<int*>(dlsym(lib, "large_tls_var"));
256 ASSERT_EQ(get_var_addr(), var_addr);
257
258 std::thread([lib, get_var_addr] {
259 int* var_addr = static_cast<int*>(dlsym(lib, "large_tls_var"));
260 ASSERT_EQ(get_var_addr(), var_addr);
261 }).join();
262 }
263
264 // Calling dladdr on a TLS variable's address doesn't find anything.
TEST(elftls_dl,dladdr_on_tls_var)265 TEST(elftls_dl, dladdr_on_tls_var) {
266 Dl_info info;
267
268 // Static TLS variable
269 ASSERT_EQ(0, dladdr(&elftls_shared_var, &info));
270
271 // Dynamic TLS variable
272 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
273 ASSERT_NE(nullptr, lib);
274 int* var_addr = static_cast<int*>(dlsym(lib, "large_tls_var"));
275 ASSERT_EQ(0, dladdr(var_addr, &info));
276 }
277
278 // Verify that dladdr does not misinterpret a TLS symbol's value as a virtual
279 // address.
TEST(elftls_dl,dladdr_skip_tls_symbol)280 TEST(elftls_dl, dladdr_skip_tls_symbol) {
281 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
282
283 auto get_local_addr = reinterpret_cast<void*(*)()>(dlsym(lib, "get_local_addr"));
284 ASSERT_NE(nullptr, get_local_addr);
285 void* local_addr = get_local_addr();
286
287 Dl_info info;
288 ASSERT_NE(0, dladdr(local_addr, &info));
289
290 std::string libpath = GetTestLibRoot() + "/libtest_elftls_dynamic.so";
291 char dli_realpath[PATH_MAX];
292 ASSERT_TRUE(realpath(info.dli_fname, dli_realpath));
293 ASSERT_STREQ(libpath.c_str(), dli_realpath);
294 ASSERT_STREQ(nullptr, info.dli_sname);
295 ASSERT_EQ(nullptr, info.dli_saddr);
296 }
297
TEST(elftls_dl,dl_iterate_phdr)298 TEST(elftls_dl, dl_iterate_phdr) {
299 void* lib = dlopen("libtest_elftls_dynamic.so", RTLD_LOCAL | RTLD_NOW);
300
301 auto get_var_addr = reinterpret_cast<void*(*)()>(dlsym(lib, "get_large_tls_var_addr"));
302 ASSERT_NE(nullptr, get_var_addr);
303
304 struct TlsInfo {
305 bool found;
306 size_t modid;
307 void* data;
308 size_t memsz;
309 };
310
311 auto get_tls_info = []() {
312 auto callback = [](dl_phdr_info* info, size_t, void* data) {
313 TlsInfo& tls_info = *static_cast<TlsInfo*>(data);
314
315 // This test is also run with glibc, where dlpi_name may have relative path components, so
316 // examine just the basename when searching for the library.
317 if (strcmp(android::base::Basename(info->dlpi_name).c_str(), "libtest_elftls_dynamic.so") != 0) return 0;
318
319 tls_info.found = true;
320 tls_info.modid = info->dlpi_tls_modid;
321 tls_info.data = info->dlpi_tls_data;
322 for (ElfW(Half) i = 0; i < info->dlpi_phnum; ++i) {
323 if (info->dlpi_phdr[i].p_type == PT_TLS) {
324 tls_info.memsz = info->dlpi_phdr[i].p_memsz;
325 }
326 }
327 EXPECT_NE(static_cast<size_t>(0), tls_info.memsz);
328 return 1;
329 };
330
331 TlsInfo result {};
332 dl_iterate_phdr(callback, &result);
333 return result;
334 };
335
336 // The executable has a TLS segment, so it will use module ID #1, and the DSO's ID will be larger
337 // than 1. Initially, the data field is nullptr, because this thread's instance hasn't been
338 // allocated yet.
339 TlsInfo tls_info = get_tls_info();
340 ASSERT_TRUE(tls_info.found);
341 ASSERT_GT(tls_info.modid, static_cast<size_t>(1));
342 ASSERT_EQ(nullptr, tls_info.data);
343
344 void* var_addr = get_var_addr();
345
346 // Verify that dl_iterate_phdr returns a range of memory covering the allocated TLS variable.
347 tls_info = get_tls_info();
348 ASSERT_TRUE(tls_info.found);
349 ASSERT_GE(var_addr, tls_info.data);
350 ASSERT_LT(var_addr, static_cast<char*>(tls_info.data) + tls_info.memsz);
351 }
352