Improves compatibility with AddressSanitizers

Address sanitizers is expecting shared objects loaded
without the flag RTLD_DEEPBIND. This can be achieved
by setting the environment variable AFB_NO_RTLD_DEEPBIND
to the value 1 (exactly).

This implies that the binder takes care of not clashing
the namespaces by defining the symbol afbBindingV3root
in both environment: the binder and the bindings.

Bug-AGL: SPEC-3040
Bug-AGL: SPEC-3162

Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Change-Id: Ic064590178d4cf8b34b939e4c9ecd587668f71b8

diff --git a/include/afb/afb-binding-v3.h b/include/afb/afb-binding-v3.h
index 79d36da..8e11fe8 100644 (file)
--- a/include/afb/afb-binding-v3.h
+++ b/include/afb/afb-binding-v3.h
@@ -139,10 +139,12 @@ struct afb_binding_v3
  * @see afbBindingV3
  * @see @ref validity-v3
  */
+#if !defined(AFB_BINDING_NO_ROOT) /* use with caution, see @ref validity-v3 */
 #if AFB_BINDING_VERSION != 3
 extern
 #endif
 struct afb_api_x3 *afbBindingV3root __attribute__((weak));
+#endif
 
 /**
  * Pre-initialization function.

diff --git a/src/afb-api-so.c b/src/afb-api-so.c
index 4b57487..02e986e 100644 (file)
--- a/src/afb-api-so.c
+++ b/src/afb-api-so.c
@@ -20,6 +20,7 @@
 #define _GNU_SOURCE
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <dlfcn.h>
 #include <string.h>
 #include <dirent.h>
@@ -74,10 +75,23 @@ static int load_binding(const char *path, int force, struct afb_apiset *declare_
        int obsolete = 0;
        int rc;
        void *handle;
+       static int dlopen_flags = 0;
+
+       /* compute the dlopen flags */
+       if (dlopen_flags == 0) {
+               /* For ASan mode, export AFB_NO_RTLD_DEEPBIND=1, to disable RTLD_DEEPBIND */
+               char *string = secure_getenv("AFB_NO_RTLD_DEEPBIND");
+               if (string && string[0] == '1' && string[1] == 0)
+                       dlopen_flags = RTLD_NOW | RTLD_LOCAL;
+               else
+                       dlopen_flags = RTLD_NOW | RTLD_LOCAL | RTLD_DEEPBIND;
+       }
 
-       // This is a loadable library let's check if it's a binding
+       /* set default return code rc according to force */
        rc = -!!force;
-       handle = safe_dlopen(path, RTLD_NOW | RTLD_LOCAL | RTLD_DEEPBIND);
+
+       /* try to open the library */
+       handle = safe_dlopen(path, dlopen_flags);
        if (handle == NULL) {
                if (force)
                        ERROR("binding [%s] not loadable: %s", path, dlerror());
@@ -85,6 +99,9 @@ static int load_binding(const char *path, int force, struct afb_apiset *declare_
                        WARNING("binding [%s] not loadable: %s", path, dlerror());
                goto error;
        }
+       /*
+        * This is a loadable library let's check if it's a binding ...
+        */
 
        /* try the version 3 */
        rc = afb_api_so_v3_add(path, handle, declare_set, call_set);

diff --git a/src/afb-monitor.c b/src/afb-monitor.c
index 40a6d3b..25e148f 100644 (file)
--- a/src/afb-monitor.c
+++ b/src/afb-monitor.c
@@ -22,6 +22,7 @@
 #include <json-c/json.h>
 
 #define AFB_BINDING_VERSION 3
+#define AFB_BINDING_NO_ROOT
 #include <afb/afb-binding.h>
 
 #include "afb-api.h"

diff --git a/src/afb-supervision.c b/src/afb-supervision.c
index 211c3fd..6563d92 100644 (file)
--- a/src/afb-supervision.c
+++ b/src/afb-supervision.c
@@ -32,6 +32,7 @@
 #include <json-c/json.h>
 
 #define AFB_BINDING_VERSION 3
+#define AFB_BINDING_NO_ROOT
 #include <afb/afb-binding.h>
 
 #include "afb-api.h"

diff --git a/src/afb-trace.c b/src/afb-trace.c
index 79c7e03..954cba7 100644 (file)
--- a/src/afb-trace.c
+++ b/src/afb-trace.c
@@ -34,6 +34,7 @@
 #endif
 
 #define AFB_BINDING_VERSION 3
+#define AFB_BINDING_NO_ROOT
 #include <afb/afb-binding.h>
 
 #include "afb-hook.h"

diff --git a/src/afs-supervisor.c b/src/afs-supervisor.c
index 8291713..01ffdc8 100644 (file)
--- a/src/afs-supervisor.c
+++ b/src/afs-supervisor.c
@@ -30,6 +30,7 @@
 #include <json-c/json.h>
 
 #define AFB_BINDING_VERSION 3
+#define AFB_BINDING_NO_ROOT
 #include <afb/afb-binding.h>
 
 #include "afb-cred.h"