diff mbox series

[RFC,v8,15/20] Suppress audit calls when a (new) namespace is empty

Message ID 20210209171839.7911-16-vivek@collabora.com
State Superseded
Delegated to: Adhemerval Zanella Netto
Headers
Series Implementation of RTLD_SHARED for dlmopen |

Commit Message

Vivek Dasmohapatra Feb. 9, 2021, 5:18 p.m. UTC 
  When preparing an RTLD_SHARED proxy in a new namespace
it is possible for the target namespace to be empty:

This can happen for RTLD_SHARED + LM_ID_NEWLM.

The audit infrastructure should not be invoked at this
point (as there's nothing there to audit yet).
---
 elf/dl-load.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Adhemerval Zanella Netto Feb. 19, 2021, 7:45 p.m. UTC | #1 
On 09/02/2021 14:18, Vivek Das Mohapatra via Libc-alpha wrote:
> When preparing an RTLD_SHARED proxy in a new namespace
> it is possible for the target namespace to be empty:
> 
> This can happen for RTLD_SHARED + LM_ID_NEWLM.
> 
> The audit infrastructure should not be invoked at this
> point (as there's nothing there to audit yet).
> ---
>  elf/dl-load.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/elf/dl-load.c b/elf/dl-load.c
> index 13879af82c..4e8e7ca031 100644
> --- a/elf/dl-load.c
> +++ b/elf/dl-load.c
> @@ -1127,8 +1127,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
>  	  && __glibc_unlikely (GLRO(dl_naudit) > 0))
>  	{
>  	  struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
> -	  /* Do not call the functions for any auditing object.  */
> -	  if (head->l_auditing == 0)
> +	  /* Do not call the functions for any auditing object.
> +	     Do not try to call auditing functions if the namespace
> +	     is currently empty. This can hapen when opening the first
> +	     DSO in a new namespace.  */
> +	  if (head && head->l_auditing == 0)

No implicit checks.

>  	    {
>  	      struct audit_ifaces *afct = GLRO(dl_audit);
>  	      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
>
diff mbox series

Patch

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 13879af82c..4e8e7ca031 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1127,8 +1127,11 @@  _dl_map_object_from_fd (const char *name, const char *origname, int fd,
 	  && __glibc_unlikely (GLRO(dl_naudit) > 0))
 	{
 	  struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
-	  /* Do not call the functions for any auditing object.  */
-	  if (head->l_auditing == 0)
+	  /* Do not call the functions for any auditing object.
+	     Do not try to call auditing functions if the namespace
+	     is currently empty. This can hapen when opening the first
+	     DSO in a new namespace.  */
+	  if (head && head->l_auditing == 0)
 	    {
 	      struct audit_ifaces *afct = GLRO(dl_audit);
 	      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)