From 5c2f46a214fceeee3c3e41700c51415e0a4f1acd Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Mon, 16 Jul 2018 12:32:57 -0400
Subject: block dlopen of libraries with initial-exec refs to dynamic TLS

previously, this operation succeeded, and the relocation results
worked for access from new threads created after dlopen, but produced
invalid accesses (and possibly clobbered other memory) from threads
that already existed.

the way the check is written, it still permits dlopen of libraries
containing initial-exec references to static TLS (TLS in the main
program or in a dynamic library loaded at startup).
---
 ldso/dynlink.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'ldso')

diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index 8242a1d1..87281ddb 100644
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -385,6 +385,14 @@ static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stri
 		sym_val = def.sym ? (size_t)laddr(def.dso, def.sym->st_value) : 0;
 		tls_val = def.sym ? def.sym->st_value : 0;
 
+		if ((type == REL_TPOFF || type == REL_TPOFF_NEG)
+		    && runtime && def.dso->tls_id > static_tls_cnt) {
+			error("Error relocating %s: %s: initial-exec TLS "
+				"resolves to dynamic definition in %s",
+				dso->name, name, def.dso->name);
+			longjmp(*rtld_fail, 1);
+		}
+
 		switch(type) {
 		case REL_NONE:
 			break;
-- 
cgit v1.2.1