elf: Include libc.so.6 as main program in dependency sort (bug 20972)

_dl_map_object_deps always sorts the initially loaded object first
during dependency sorting.  This means it is relocated last in
dl_open_worker.  This results in crashes in IFUNC resolvers without
lazy bindings if libraries are preloaded that refer to IFUNCs in
libc.so.6: the resolvers are called when libc.so.6 has not been
relocated yet, so references to _rtld_global_ro etc. crash.

The fix is to check against the libc.so.6 link map recorded by the
__libc_early_init framework, and let it participate in the dependency
sort.

This fixes bug 20972.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

elf/Makefile

@@ -229,7 +229,7 @@ tests-internal += loadtest unload unload2 circleload1 \
 	 tst-ptrguard1 tst-stackguard1 tst-libc_dlvsym \
 	 tst-create_format1 tst-tls-surplus tst-dl-hwcaps_split
 tests-container += tst-pldd tst-dlopen-tlsmodid-container \
-  tst-dlopen-self-container
+  tst-dlopen-self-container tst-preload-pthread-libc
 test-srcs = tst-pathopt
 selinux-enabled := $(shell cat /selinux/enforce 2> /dev/null)
 ifneq ($(selinux-enabled),1)

elf/dl-deps.c

@@ -611,7 +611,12 @@ Filters not supported with LD_TRACE_PRELINKING"));
     memcpy (l_initfini, map->l_searchlist.r_list,
 	    nlist * sizeof (struct link_map *));
 
-  _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false);
+  /* If libc.so.6 is the main map, it participates in the sort, so
+     that the relocation order is correct regarding libc.so.6.  */
+  if (l_initfini[0] == GL (dl_ns)[l_initfini[0]->l_ns].libc_map)
+    _dl_sort_maps (l_initfini, nlist, NULL, false);
+  else
+    _dl_sort_maps (&l_initfini[1], nlist - 1, NULL, false);
 
   /* Terminate the list of dependencies.  */
   l_initfini[nlist] = NULL;

elf/tst-preload-pthread-libc.c

@@ -0,0 +1,36 @@
+/* Test relocation ordering if the main executable is libc.so.6 (bug 20972).
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <gnu/lib-names.h>
+#include <stdio.h>
+#include <support/support.h>
+#include <unistd.h>
+
+int
+main (void)
+{
+  char *libc = xasprintf ("%s/%s", support_slibdir_prefix, LIBC_SO);
+  char *argv[] = { libc, NULL };
+  char *envp[] = { (char *) "LD_PRELOAD=" LIBPTHREAD_SO,
+    /* Relocation ordering matters most without lazy binding.  */
+    (char *) "LD_BIND_NOW=1",
+    NULL };
+  execve (libc, argv, envp);
+  printf ("execve of %s failed: %m\n", libc);
+  return 1;
+}