ldso: fix calloc misuse allocating initial tls

this is analogous to commit 2f1f51ae7b2d78247568e7fdb8462f3c19e469a4,
and should have been caught at the same time since it was right next
to the code moved in that commit. between final stage 3 reloc_all and
the jump to the main program's entry point, it is not valid to call
any functions which may be interposed by the application; doing so
results in execution of application code before ctors have run, and on
fdpic archs, before the main program's fdpic self-fixups have taken
place, which will produce runaway wrong execution.

diff --git a/ldso/dynlink.c b/ldso/dynlink.c
index d1edb131f7a8e57e1239d325a9149fb148d45e98..93ef3633cffdfea118cc1310038a62ac30138b36 100644 (file)
--- a/ldso/dynlink.c
+++ b/ldso/dynlink.c
@@ -1874,11 +1874,8 @@ void __dls3(size_t *sp)
         * code can see to perform. */
        main_ctor_queue = queue_ctors(&app);
 
-       /* The main program must be relocated LAST since it may contin
-        * copy relocations which depend on libraries' relocations. */
-       reloc_all(app.next);
-       reloc_all(&app);
-
+       /* Initial TLS must also be allocated before final relocations
+        * might result in calloc being a call to application code. */
        update_tls_size();
        if (libc.tls_size > sizeof builtin_tls || tls_align > MIN_TLS_ALIGN) {
                void *initial_tls = calloc(libc.tls_size, 1);
@@ -1902,6 +1899,11 @@ void __dls3(size_t *sp)
        }
        static_tls_cnt = tls_cnt;
 
+       /* The main program must be relocated LAST since it may contin
+        * copy relocations which depend on libraries' relocations. */
+       reloc_all(app.next);
+       reloc_all(&app);
+
        if (ldso_fail) _exit(127);
        if (ldd_mode) _exit(0);