From 0e088aed5b73d3872a6e6ec40162d3ddcb5aabdd Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Wed, 21 May 2025 12:34:43 +0000 Subject: [PATCH 01/19] Do not use RTLD_DEEPBIND if dlmopen is available --- Zend/zend_portability.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 65ce533c753bd..06fe2ff11f2b5 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -164,7 +164,7 @@ # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) -# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) +# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) && !defined(LM_ID_NEWLM) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL) From d178fe16b9c5dca337a1ed282790570bab847b7b Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 29 May 2025 19:38:18 +0200 Subject: [PATCH 02/19] Re-enable RTLD_DEEPBIND when on apache for a different reason --- Zend/zend_portability.h | 2 +- sapi/apache2handler/config.m4 | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 06fe2ff11f2b5..1b6fffa213be9 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -164,7 +164,7 @@ # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) -# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) && !defined(LM_ID_NEWLM) +# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) && (!defined(LM_ID_NEWLM) || defined(PHP_USE_RTLD_DEEPBIND)) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL) diff --git a/sapi/apache2handler/config.m4 b/sapi/apache2handler/config.m4 index e335721f19e98..67cbfa647e528 100644 --- a/sapi/apache2handler/config.m4 +++ b/sapi/apache2handler/config.m4 @@ -7,6 +7,7 @@ PHP_ARG_WITH([apxs2], [no]) if test "$PHP_APXS2" != "no"; then + AC_DEFINE(PHP_USE_RTLD_DEEPBIND, 1, [ Use dlopen with RTLD_DEEPBIND instead of delegating isolation to the user via dlmopen ]) AS_VAR_IF([PHP_APXS2], [yes], [ APXS=apxs $APXS -q CFLAGS >/dev/null 2>&1 From 44af273de379faeba44dbecc05c9f8431441a23f Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 29 May 2025 19:51:03 +0200 Subject: [PATCH 03/19] Use a sapi config instead --- Zend/zend_portability.h | 8 ++++++-- main/SAPI.h | 5 ++++- sapi/apache2handler/config.m4 | 1 - sapi/apache2handler/sapi_apache2.c | 18 +++++++++++++++++- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 1b6fffa213be9..fa3946ed2ed92 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -164,8 +164,12 @@ # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) -# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) && (!defined(LM_ID_NEWLM) || defined(PHP_USE_RTLD_DEEPBIND)) -# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) +# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) +# if defined(LM_ID_NEWLM) +# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (sapi_module.isolate_symbols ? RTLD_DEEPBIND : 0)) +# else +# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) +# endif # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL) # endif diff --git a/main/SAPI.h b/main/SAPI.h index 284f4cb96f1fa..f64776b18095b 100644 --- a/main/SAPI.h +++ b/main/SAPI.h @@ -287,6 +287,8 @@ struct _sapi_module_struct { const char *ini_entries; const zend_function_entry *additional_functions; unsigned int (*input_filter_init)(void); + + bool isolate_symbols; }; struct _sapi_post_entry { @@ -337,6 +339,7 @@ END_EXTERN_C() 0, /* phpinfo_as_text; */ \ NULL, /* ini_entries; */ \ NULL, /* additional_functions */ \ - NULL /* input_filter_init */ + NULL, /* input_filter_init */ \ + false /* isolate_symbols */ #endif /* SAPI_H */ diff --git a/sapi/apache2handler/config.m4 b/sapi/apache2handler/config.m4 index 67cbfa647e528..e335721f19e98 100644 --- a/sapi/apache2handler/config.m4 +++ b/sapi/apache2handler/config.m4 @@ -7,7 +7,6 @@ PHP_ARG_WITH([apxs2], [no]) if test "$PHP_APXS2" != "no"; then - AC_DEFINE(PHP_USE_RTLD_DEEPBIND, 1, [ Use dlopen with RTLD_DEEPBIND instead of delegating isolation to the user via dlmopen ]) AS_VAR_IF([PHP_APXS2], [yes], [ APXS=apxs $APXS -q CFLAGS >/dev/null 2>&1 diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 1d85a92ebf4d8..9609649c6f2a2 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -415,7 +415,23 @@ static sapi_module_struct apache2_sapi_module = { php_apache_sapi_get_request_time, /* Request Time */ NULL, /* Child Terminate */ - STANDARD_SAPI_MODULE_PROPERTIES + NULL, /* php_ini_path_override */ + NULL, /* default_post_reader */ + NULL, /* treat_data */ + NULL, /* executable_location */ + 0, /* php_ini_ignore */ + 0, /* php_ini_ignore_cwd */ + NULL, /* get_fd */ + NULL, /* force_http_10 */ + NULL, /* get_target_uid */ + NULL, /* get_target_gid */ + NULL, /* input_filter */ + NULL, /* ini_defaults */ + 0, /* phpinfo_as_text; */ + NULL, /* ini_entries; */ + NULL, /* additional_functions */ + NULL, /* input_filter_init */ + true /* isolate_symbols */ }; static apr_status_t php_apache_server_shutdown(void *tmp) From 8fa5f573da68f00acf7300a44d2783420754578b Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 29 May 2025 19:54:52 +0200 Subject: [PATCH 04/19] Add missing include --- Zend/zend_extensions.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Zend/zend_extensions.c b/Zend/zend_extensions.c index a4e5a38f90d89..140b900a3c89d 100644 --- a/Zend/zend_extensions.c +++ b/Zend/zend_extensions.c @@ -19,6 +19,7 @@ #include "zend_extensions.h" #include "zend_system_id.h" +#include "SAPI.h" ZEND_API zend_llist zend_extensions; ZEND_API uint32_t zend_extension_flags = 0; From 18f7741da42d46b9a3460799bcf9fff1eb68591d Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Sat, 31 May 2025 20:23:28 +0000 Subject: [PATCH 05/19] CS --- sapi/apache2handler/sapi_apache2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 9609649c6f2a2..41821df31f77b 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -431,7 +431,7 @@ static sapi_module_struct apache2_sapi_module = { NULL, /* ini_entries; */ NULL, /* additional_functions */ NULL, /* input_filter_init */ - true /* isolate_symbols */ + true /* isolate_symbols */ }; static apr_status_t php_apache_server_shutdown(void *tmp) From a9a1146b875b33fb32e0b5a8a5bbd7bd7e15cbe5 Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Sun, 1 Jun 2025 16:25:05 +0200 Subject: [PATCH 06/19] Add missing includes --- ext/standard/dl.c | 2 +- sapi/litespeed/lsapilib.c | 1 + sapi/litespeed/lscriu.c | 1 + sapi/phpdbg/phpdbg_prompt.c | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ext/standard/dl.c b/ext/standard/dl.c index 31adbceac8c29..2d1d2c83c15b7 100644 --- a/ext/standard/dl.c +++ b/ext/standard/dl.c @@ -22,7 +22,7 @@ #include "php_ini.h" #include "ext/standard/info.h" -#include "SAPI.h" +#include "main/SAPI.h" #ifdef HAVE_LIBDL #include diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 9d8408c613395..2c7fce98a6336 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -93,6 +93,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #endif #include +#include "main/SAPI.h" struct lsapi_MD5Context { uint32 buf[4]; diff --git a/sapi/litespeed/lscriu.c b/sapi/litespeed/lscriu.c index 09ad53e233c62..9691be06bf08f 100644 --- a/sapi/litespeed/lscriu.c +++ b/sapi/litespeed/lscriu.c @@ -85,6 +85,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "lscriu.h" #include +#include "main/SAPI.h" #define LSCRIU_PATH 256 diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 84bd7a076acec..168981a16254e 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -19,6 +19,7 @@ #include #include #include "zend.h" +#include "main/SAPI.h" #include "zend_compile.h" #include "zend_exceptions.h" #include "zend_vm.h" From cf7bb0e08cb92a269355d6b350b8e57372d68317 Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Sun, 1 Jun 2025 16:26:12 +0200 Subject: [PATCH 07/19] Fix --- ext/standard/dl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/standard/dl.c b/ext/standard/dl.c index 2d1d2c83c15b7..31adbceac8c29 100644 --- a/ext/standard/dl.c +++ b/ext/standard/dl.c @@ -22,7 +22,7 @@ #include "php_ini.h" #include "ext/standard/info.h" -#include "main/SAPI.h" +#include "SAPI.h" #ifdef HAVE_LIBDL #include From 259eb29c47d80cfae086b02184047979ed1457cf Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Sun, 1 Jun 2025 16:34:57 +0200 Subject: [PATCH 08/19] Switch to flags --- Zend/zend_portability.h | 2 +- main/SAPI.h | 42 ++++++++++++++++-------------- sapi/apache2handler/sapi_apache2.c | 18 +------------ 3 files changed, 25 insertions(+), 37 deletions(-) diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index fa3946ed2ed92..50f0b4a288670 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -166,7 +166,7 @@ # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) # if defined(LM_ID_NEWLM) -# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (sapi_module.isolate_symbols ? RTLD_DEEPBIND : 0)) +# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | ((sapi_module.flags & SAPI_MODULE_FLAG_ISOLATE_SYMBOLS) != 0 ? RTLD_DEEPBIND : 0)) # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) # endif diff --git a/main/SAPI.h b/main/SAPI.h index f64776b18095b..0ff632738c8bd 100644 --- a/main/SAPI.h +++ b/main/SAPI.h @@ -234,6 +234,8 @@ SAPI_API double sapi_get_request_time(void); SAPI_API void sapi_terminate_process(void); END_EXTERN_C() +#define SAPI_MODULE_FLAG_ISOLATE_SYMBOLS (1<<0) + struct _sapi_module_struct { char *name; char *pretty_name; @@ -288,7 +290,7 @@ struct _sapi_module_struct { const zend_function_entry *additional_functions; unsigned int (*input_filter_init)(void); - bool isolate_symbols; + unsigned int flags; }; struct _sapi_post_entry { @@ -323,23 +325,25 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data); SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter); END_EXTERN_C() -#define STANDARD_SAPI_MODULE_PROPERTIES \ - NULL, /* php_ini_path_override */ \ - NULL, /* default_post_reader */ \ - NULL, /* treat_data */ \ - NULL, /* executable_location */ \ - 0, /* php_ini_ignore */ \ - 0, /* php_ini_ignore_cwd */ \ - NULL, /* get_fd */ \ - NULL, /* force_http_10 */ \ - NULL, /* get_target_uid */ \ - NULL, /* get_target_gid */ \ - NULL, /* input_filter */ \ - NULL, /* ini_defaults */ \ - 0, /* phpinfo_as_text; */ \ - NULL, /* ini_entries; */ \ - NULL, /* additional_functions */ \ - NULL, /* input_filter_init */ \ - false /* isolate_symbols */ +#define STANDARD_SAPI_MODULE_PROPERTIES STANDARD_SAPI_MODULE_PROPERTIES_WITH_FLAGS(0) + +#define STANDARD_SAPI_MODULE_PROPERTIES_WITH_FLAGS(_flags) \ + NULL, /* php_ini_path_override */ \ + NULL, /* default_post_reader */ \ + NULL, /* treat_data */ \ + NULL, /* executable_location */ \ + 0, /* php_ini_ignore */ \ + 0, /* php_ini_ignore_cwd */ \ + NULL, /* get_fd */ \ + NULL, /* force_http_10 */ \ + NULL, /* get_target_uid */ \ + NULL, /* get_target_gid */ \ + NULL, /* input_filter */ \ + NULL, /* ini_defaults */ \ + 0, /* phpinfo_as_text; */ \ + NULL, /* ini_entries; */ \ + NULL, /* additional_functions */ \ + NULL, /* input_filter_init */ \ + (_flags) /* flags */ #endif /* SAPI_H */ diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 41821df31f77b..73c10b8f792a6 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -415,23 +415,7 @@ static sapi_module_struct apache2_sapi_module = { php_apache_sapi_get_request_time, /* Request Time */ NULL, /* Child Terminate */ - NULL, /* php_ini_path_override */ - NULL, /* default_post_reader */ - NULL, /* treat_data */ - NULL, /* executable_location */ - 0, /* php_ini_ignore */ - 0, /* php_ini_ignore_cwd */ - NULL, /* get_fd */ - NULL, /* force_http_10 */ - NULL, /* get_target_uid */ - NULL, /* get_target_gid */ - NULL, /* input_filter */ - NULL, /* ini_defaults */ - 0, /* phpinfo_as_text; */ - NULL, /* ini_entries; */ - NULL, /* additional_functions */ - NULL, /* input_filter_init */ - true /* isolate_symbols */ + STANDARD_SAPI_MODULE_PROPERTIES_WITH_FLAGS(SAPI_MODULE_FLAG_ISOLATE_SYMBOLS) }; static apr_status_t php_apache_server_shutdown(void *tmp) From e2ca39213bbfa091991f68314ad4dde21b137c4b Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Tue, 10 Jun 2025 10:25:22 +0200 Subject: [PATCH 09/19] Remove unneeded SAPI include --- Zend/zend_extensions.c | 1 - sapi/litespeed/lsapilib.c | 1 - sapi/litespeed/lscriu.c | 1 - sapi/phpdbg/phpdbg_prompt.c | 1 - 4 files changed, 4 deletions(-) diff --git a/Zend/zend_extensions.c b/Zend/zend_extensions.c index 140b900a3c89d..a4e5a38f90d89 100644 --- a/Zend/zend_extensions.c +++ b/Zend/zend_extensions.c @@ -19,7 +19,6 @@ #include "zend_extensions.h" #include "zend_system_id.h" -#include "SAPI.h" ZEND_API zend_llist zend_extensions; ZEND_API uint32_t zend_extension_flags = 0; diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 2c7fce98a6336..9d8408c613395 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -93,7 +93,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #endif #include -#include "main/SAPI.h" struct lsapi_MD5Context { uint32 buf[4]; diff --git a/sapi/litespeed/lscriu.c b/sapi/litespeed/lscriu.c index 9691be06bf08f..09ad53e233c62 100644 --- a/sapi/litespeed/lscriu.c +++ b/sapi/litespeed/lscriu.c @@ -85,7 +85,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "lscriu.h" #include -#include "main/SAPI.h" #define LSCRIU_PATH 256 diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 168981a16254e..84bd7a076acec 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -19,7 +19,6 @@ #include #include #include "zend.h" -#include "main/SAPI.h" #include "zend_compile.h" #include "zend_exceptions.h" #include "zend_vm.h" From 447034b4dc211fcac9662569ae81601dd1264ee9 Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Tue, 10 Jun 2025 10:30:43 +0200 Subject: [PATCH 10/19] Revert "Remove unneeded SAPI include" This reverts commit 7d59f7cefb08f0efee4d8a4583033851dbfff517. --- Zend/zend_extensions.c | 1 + sapi/litespeed/lsapilib.c | 1 + sapi/litespeed/lscriu.c | 1 + sapi/phpdbg/phpdbg_prompt.c | 1 + 4 files changed, 4 insertions(+) diff --git a/Zend/zend_extensions.c b/Zend/zend_extensions.c index a4e5a38f90d89..140b900a3c89d 100644 --- a/Zend/zend_extensions.c +++ b/Zend/zend_extensions.c @@ -19,6 +19,7 @@ #include "zend_extensions.h" #include "zend_system_id.h" +#include "SAPI.h" ZEND_API zend_llist zend_extensions; ZEND_API uint32_t zend_extension_flags = 0; diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 9d8408c613395..2c7fce98a6336 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -93,6 +93,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #endif #include +#include "main/SAPI.h" struct lsapi_MD5Context { uint32 buf[4]; diff --git a/sapi/litespeed/lscriu.c b/sapi/litespeed/lscriu.c index 09ad53e233c62..9691be06bf08f 100644 --- a/sapi/litespeed/lscriu.c +++ b/sapi/litespeed/lscriu.c @@ -85,6 +85,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "lscriu.h" #include +#include "main/SAPI.h" #define LSCRIU_PATH 256 diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 84bd7a076acec..168981a16254e 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -19,6 +19,7 @@ #include #include #include "zend.h" +#include "main/SAPI.h" #include "zend_compile.h" #include "zend_exceptions.h" #include "zend_vm.h" From 59b05963bbfc4cc229a78ee16f968b02e57141cd Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 19 Jun 2025 13:13:49 +0200 Subject: [PATCH 11/19] Bump --- Zend/zend_extensions.c | 1 - Zend/zend_portability.h | 5 ++++- main/SAPI.h | 41 +++++++++++++++---------------------- sapi/litespeed/lsapilib.c | 1 - sapi/litespeed/lscriu.c | 1 - sapi/phpdbg/phpdbg_prompt.c | 1 - 6 files changed, 21 insertions(+), 29 deletions(-) diff --git a/Zend/zend_extensions.c b/Zend/zend_extensions.c index 140b900a3c89d..a4e5a38f90d89 100644 --- a/Zend/zend_extensions.c +++ b/Zend/zend_extensions.c @@ -19,7 +19,6 @@ #include "zend_extensions.h" #include "zend_system_id.h" -#include "SAPI.h" ZEND_API zend_llist zend_extensions; ZEND_API uint32_t zend_extension_flags = 0; diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 50f0b4a288670..ac37f759bf49e 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -162,11 +162,14 @@ # define PHP_RTLD_MODE RTLD_LAZY # endif +/* True global */ +static bool use_deepbind = false; + # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) # if defined(LM_ID_NEWLM) -# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | ((sapi_module.flags & SAPI_MODULE_FLAG_ISOLATE_SYMBOLS) != 0 ? RTLD_DEEPBIND : 0)) +# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (use_deepbind ? RTLD_DEEPBIND : 0)) # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) # endif diff --git a/main/SAPI.h b/main/SAPI.h index 0ff632738c8bd..284f4cb96f1fa 100644 --- a/main/SAPI.h +++ b/main/SAPI.h @@ -234,8 +234,6 @@ SAPI_API double sapi_get_request_time(void); SAPI_API void sapi_terminate_process(void); END_EXTERN_C() -#define SAPI_MODULE_FLAG_ISOLATE_SYMBOLS (1<<0) - struct _sapi_module_struct { char *name; char *pretty_name; @@ -289,8 +287,6 @@ struct _sapi_module_struct { const char *ini_entries; const zend_function_entry *additional_functions; unsigned int (*input_filter_init)(void); - - unsigned int flags; }; struct _sapi_post_entry { @@ -325,25 +321,22 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data); SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter); END_EXTERN_C() -#define STANDARD_SAPI_MODULE_PROPERTIES STANDARD_SAPI_MODULE_PROPERTIES_WITH_FLAGS(0) - -#define STANDARD_SAPI_MODULE_PROPERTIES_WITH_FLAGS(_flags) \ - NULL, /* php_ini_path_override */ \ - NULL, /* default_post_reader */ \ - NULL, /* treat_data */ \ - NULL, /* executable_location */ \ - 0, /* php_ini_ignore */ \ - 0, /* php_ini_ignore_cwd */ \ - NULL, /* get_fd */ \ - NULL, /* force_http_10 */ \ - NULL, /* get_target_uid */ \ - NULL, /* get_target_gid */ \ - NULL, /* input_filter */ \ - NULL, /* ini_defaults */ \ - 0, /* phpinfo_as_text; */ \ - NULL, /* ini_entries; */ \ - NULL, /* additional_functions */ \ - NULL, /* input_filter_init */ \ - (_flags) /* flags */ +#define STANDARD_SAPI_MODULE_PROPERTIES \ + NULL, /* php_ini_path_override */ \ + NULL, /* default_post_reader */ \ + NULL, /* treat_data */ \ + NULL, /* executable_location */ \ + 0, /* php_ini_ignore */ \ + 0, /* php_ini_ignore_cwd */ \ + NULL, /* get_fd */ \ + NULL, /* force_http_10 */ \ + NULL, /* get_target_uid */ \ + NULL, /* get_target_gid */ \ + NULL, /* input_filter */ \ + NULL, /* ini_defaults */ \ + 0, /* phpinfo_as_text; */ \ + NULL, /* ini_entries; */ \ + NULL, /* additional_functions */ \ + NULL /* input_filter_init */ #endif /* SAPI_H */ diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 2c7fce98a6336..9d8408c613395 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -93,7 +93,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #endif #include -#include "main/SAPI.h" struct lsapi_MD5Context { uint32 buf[4]; diff --git a/sapi/litespeed/lscriu.c b/sapi/litespeed/lscriu.c index 9691be06bf08f..09ad53e233c62 100644 --- a/sapi/litespeed/lscriu.c +++ b/sapi/litespeed/lscriu.c @@ -85,7 +85,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "lscriu.h" #include -#include "main/SAPI.h" #define LSCRIU_PATH 256 diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 168981a16254e..84bd7a076acec 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -19,7 +19,6 @@ #include #include #include "zend.h" -#include "main/SAPI.h" #include "zend_compile.h" #include "zend_exceptions.h" #include "zend_vm.h" From 8a0eaad2f97ca23999b38bf9dc0f79c307d1dee7 Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 19 Jun 2025 13:42:50 +0200 Subject: [PATCH 12/19] Cleanup --- Zend/zend_portability.h | 4 +--- main/main.c | 2 ++ sapi/apache2handler/sapi_apache2.c | 5 ++++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index ac37f759bf49e..0829cf7aedc8a 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -162,13 +162,11 @@ # define PHP_RTLD_MODE RTLD_LAZY # endif -/* True global */ -static bool use_deepbind = false; - # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) # if defined(LM_ID_NEWLM) + extern bool use_deepbind; # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (use_deepbind ? RTLD_DEEPBIND : 0)) # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) diff --git a/main/main.c b/main/main.c index 18c8e2dfac7ec..28d6049d4cdcb 100644 --- a/main/main.c +++ b/main/main.c @@ -845,6 +845,8 @@ static bool module_initialized = false; static bool module_startup = true; static bool module_shutdown = false; +bool use_deepbind = false; + /* {{{ php_during_module_startup */ PHPAPI bool php_during_module_startup(void) { diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 73c10b8f792a6..59e15f65d2b84 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -415,7 +415,7 @@ static sapi_module_struct apache2_sapi_module = { php_apache_sapi_get_request_time, /* Request Time */ NULL, /* Child Terminate */ - STANDARD_SAPI_MODULE_PROPERTIES_WITH_FLAGS(SAPI_MODULE_FLAG_ISOLATE_SYMBOLS) + STANDARD_SAPI_MODULE_PROPERTIES }; static apr_status_t php_apache_server_shutdown(void *tmp) @@ -461,11 +461,14 @@ static int php_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp return OK; } +extern bool use_deepbind; + static int php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { void *data = NULL; const char *userdata_key = "apache2hook_post_config"; + use_deepbind = true; /* Apache will load, unload and then reload a DSO module. This * prevents us from starting PHP until the second load. */ From 6e3ee3170ef02cfe18467a9dfb02942caddbcfee Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 19 Jun 2025 14:24:33 +0200 Subject: [PATCH 13/19] Test --- Zend/zend_API.c | 2 ++ main/main.c | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Zend/zend_API.c b/Zend/zend_API.c index e0006e7d7275f..1a8dc3954fa75 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -40,6 +40,8 @@ /* these variables are true statics/globals, and have to be mutex'ed on every access */ ZEND_API HashTable module_registry; +bool use_deepbind = false; + static zend_module_entry **module_request_startup_handlers; static zend_module_entry **module_request_shutdown_handlers; static zend_module_entry **module_post_deactivate_handlers; diff --git a/main/main.c b/main/main.c index 28d6049d4cdcb..18c8e2dfac7ec 100644 --- a/main/main.c +++ b/main/main.c @@ -845,8 +845,6 @@ static bool module_initialized = false; static bool module_startup = true; static bool module_shutdown = false; -bool use_deepbind = false; - /* {{{ php_during_module_startup */ PHPAPI bool php_during_module_startup(void) { From 7f493993a9633bd8dc0a97c12a05b9c89ecfbd33 Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 19 Jun 2025 14:32:58 +0200 Subject: [PATCH 14/19] Fixup --- Zend/zend_API.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 1a8dc3954fa75..bd251aa1aa441 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -40,7 +40,7 @@ /* these variables are true statics/globals, and have to be mutex'ed on every access */ ZEND_API HashTable module_registry; -bool use_deepbind = false; +ZEND_API bool use_deepbind = false; static zend_module_entry **module_request_startup_handlers; static zend_module_entry **module_request_shutdown_handlers; From d306040e8ba517543edb6866f0783579c00b6550 Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 19 Jun 2025 15:41:34 +0200 Subject: [PATCH 15/19] Test --- Zend/zend_portability.h | 2 +- sapi/apache2handler/sapi_apache2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 0829cf7aedc8a..83e56add82b38 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -166,7 +166,7 @@ # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) # if defined(LM_ID_NEWLM) - extern bool use_deepbind; + ZEND_API extern bool use_deepbind; # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (use_deepbind ? RTLD_DEEPBIND : 0)) # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 59e15f65d2b84..0e0d7e719b22c 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -461,7 +461,7 @@ static int php_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp return OK; } -extern bool use_deepbind; +ZEND_API bool use_deepbind; static int php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) From 5e98bec4716f11388fb06b37af7f7ffcd69cc99b Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Thu, 19 Jun 2025 15:44:22 +0200 Subject: [PATCH 16/19] Fix typo --- sapi/apache2handler/sapi_apache2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 0e0d7e719b22c..ebedf81423c9a 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -461,7 +461,7 @@ static int php_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp return OK; } -ZEND_API bool use_deepbind; +ZEND_API extern bool use_deepbind; static int php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) From 173e367434e55f5be9e4ceb4d12d117c43da372f Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Fri, 20 Jun 2025 11:18:57 +0200 Subject: [PATCH 17/19] Refactor --- Zend/zend_API.c | 7 ++++++- Zend/zend_API.h | 2 ++ Zend/zend_portability.h | 4 ++-- sapi/apache2handler/sapi_apache2.c | 4 +--- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Zend/zend_API.c b/Zend/zend_API.c index bd251aa1aa441..d29fe8ae8e3c3 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -40,7 +40,7 @@ /* these variables are true statics/globals, and have to be mutex'ed on every access */ ZEND_API HashTable module_registry; -ZEND_API bool use_deepbind = false; +ZEND_API bool zend_dl_use_deepbind = false; static zend_module_entry **module_request_startup_handlers; static zend_module_entry **module_request_shutdown_handlers; @@ -49,6 +49,11 @@ static zend_module_entry **modules_dl_loaded; static zend_class_entry **class_cleanup_handlers; +ZEND_API void zend_set_dl_use_deepbind(bool use_deepbind) +{ + zend_dl_use_deepbind = use_deepbind; +} + ZEND_API zend_result zend_get_parameters_array_ex(uint32_t param_count, zval *argument_array) /* {{{ */ { zval *param_ptr; diff --git a/Zend/zend_API.h b/Zend/zend_API.h index a644de8e15134..02ec1b18a6b69 100644 --- a/Zend/zend_API.h +++ b/Zend/zend_API.h @@ -343,6 +343,8 @@ typedef struct _zend_fcall_info_cache { ZEND_API int zend_next_free_module(void); BEGIN_EXTERN_C() +ZEND_API void zend_set_dl_use_deepbind(bool use_deepbind); + ZEND_API zend_result zend_get_parameters_array_ex(uint32_t param_count, zval *argument_array); /* internal function to efficiently copy parameters when executing __call() */ diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 83e56add82b38..97bd038ecf3d8 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -166,8 +166,8 @@ # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) # if defined(LM_ID_NEWLM) - ZEND_API extern bool use_deepbind; -# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (use_deepbind ? RTLD_DEEPBIND : 0)) + ZEND_API extern bool zend_dl_use_deepbind; +# define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | (zend_dl_use_deepbind ? RTLD_DEEPBIND : 0)) # else # define DL_LOAD(libname) dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND) # endif diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index ebedf81423c9a..e87223b055e12 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -461,14 +461,12 @@ static int php_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp return OK; } -ZEND_API extern bool use_deepbind; - static int php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { void *data = NULL; const char *userdata_key = "apache2hook_post_config"; - use_deepbind = true; + zend_set_dl_use_deepbind(true); /* Apache will load, unload and then reload a DSO module. This * prevents us from starting PHP until the second load. */ From 85090c9fffc0263ec431407e293b0195b1cf77ff Mon Sep 17 00:00:00 2001 From: Daniil Gentili Date: Mon, 23 Jun 2025 10:56:27 +0200 Subject: [PATCH 18/19] Add changelog --- UPGRADING.INTERNALS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 432754528f09a..47482d40d0b8d 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -17,6 +17,12 @@ PHP 8.5 INTERNALS UPGRADE NOTES - Core . PG(arg_separator).input and PG(arg_separator).output are now `zend_string*` instead of `char*`. + . DL_LOAD now doesn't use RTLD_DEEPBIND deepbind anymore on platforms + where dlmopen with LM_ID_NEWLM is available: + this means shared library symbol isolation (if needed) must be enabled on + the user side when requiring libphp.so, by using dlmopen with LM_ID_NEWLM + instead of dlopen. + RTLD_DEEPBIND is still enabled when the Apache SAPI is in use. - Zend . Added zend_safe_assign_to_variable_noref() function to safely assign From f75baf968d90bb25f9af8adebd5510d822491393 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Mon, 23 Jun 2025 21:42:54 +0200 Subject: [PATCH 19/19] [ci skip] NEWS --- NEWS | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS b/NEWS index 1ce8ce754adc9..65fb408ddaacf 100644 --- a/NEWS +++ b/NEWS @@ -58,6 +58,7 @@ PHP NEWS . Added the pipe (|>) operator. (crell) . Added support for `final` with constructor property promotion. (DanielEScherzer) + . Do not use RTLD_DEEPBIND if dlmopen is available. (Daniil Gentili) - Curl: . Added curl_multi_get_handles(). (timwolla)