From patchwork Mon Nov 15 18:37:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 47697 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C15183858027 for ; Mon, 15 Nov 2021 18:38:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C15183858027 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1637001482; bh=wrwQzVH2kdbOqNpZLDWj7Ezx/kOjMiFhB+KHNiXNR18=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=T9k9izBWErq2vB4qb8rn7ql4fFfcqJz6WnpsxNsEx29JeCfum4ogU038i2wMRIQRC XsRivT78JLElcJPgSzyRe7GxGojhmmC2gBaIMCetgWyMoOikXb1Dr6PqGw0QpA8TuG ypfHuFpPGVgeqj0AWPrsvElf+z8KZQOBo39J1eMw= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-ua1-x931.google.com (mail-ua1-x931.google.com [IPv6:2607:f8b0:4864:20::931]) by sourceware.org (Postfix) with ESMTPS id AC9DD3858405 for ; Mon, 15 Nov 2021 18:37:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AC9DD3858405 Received: by mail-ua1-x931.google.com with SMTP id az37so36887093uab.13 for ; Mon, 15 Nov 2021 10:37:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=wrwQzVH2kdbOqNpZLDWj7Ezx/kOjMiFhB+KHNiXNR18=; b=eRZeJ06XhvP/xe8Y5uXoiusVmc06c6YSIvYeURQTmzlIACIEpYVfs9jiDppi4h79ZC f+NjtRorrlww7rGBALEj4wkHdzV2AnFymw3ude4dQXxlV5lMJImlHvWybyJy09jqYP/8 ZPb1nFVoWdfQFDT5opT/NgnXWvd++JUCvlT2UShUqUVpCQHbdfbh3RzHwUY4II3gBoHj kQWYsUtA3hhFqROV0K/djrd0tw+H/8byEZgdYiBXozQU3FFgyA2MZW4R4rbaYxhcWig3 lVRW/sJVq8DqX3u/GYjUzE7EXEYrJcjpxCMcvanQJ8FjeH7ak1xQsAtOcAxuYEMn9ttX /70w== X-Gm-Message-State: AOAM530Il0hrqJOkluLLRQK6RkU9qW3Oz99NOCWaI/RMs5G8xhC5/wq8 knIXdNtIyVLHnFoqXkXPxrIRVO1/1tcCOQ== X-Google-Smtp-Source: ABdhPJyf3GBRbm5GlZ9yr61P3UohEgIhioMYuFBYrDlx4pn2c0JPSqEgZ0cDWP4gN0KNetOGxqcpXQ== X-Received: by 2002:a67:dd12:: with SMTP id y18mr46192636vsj.56.1637001458861; Mon, 15 Nov 2021 10:37:38 -0800 (PST) Received: from birita.. ([2804:431:c7ca:66dc:13f5:e2fb:5a0d:90]) by smtp.gmail.com with ESMTPSA id e7sm8976565vkn.20.2021.11.15.10.37.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Nov 2021 10:37:38 -0800 (PST) To: libc-alpha@sourceware.org, Florian Weimer Subject: [PATCH v6 00/20] Multiple rtld-audit fixes Date: Mon, 15 Nov 2021 15:37:14 -0300 Message-Id: <20211115183734.531155-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_STOCKGEN, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Adhemerval Zanella via Libc-alpha From: Adhemerval Zanella Netto Reply-To: Adhemerval Zanella Cc: John Mellor-Crummey Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" This patchset fixes most of the rtld-audit issues brought by John Mellor-Crummey [1] while trying to use it along with the HPCToolkit. This should cover all the issues listed as 'Tier 1' [2] (although the aarch64 SVE is marked as RFC) and also most of the 'Tier2' issue (BZ#28096 inclusive) which prevents the use of some glibc function that uses TLS internally on the audit module. On this set I also added a possible fix for the aarch64 SVE, although there is some issues regarding STO_AARCH64_VARIANT_PCS. I also pushed this patch on a personal branch [3]. There is also some point brough by John Melloc-Crummey documents that I don't have a straighforward answer so I haven't added on this patchset: 1 la_activity(LA_ACT_ADD) is never called for auditor namespaces, even though la_objopen and la_activity(LA_ACT_CONSISTENT) are. There is no easy solution for this: we need at least to load the *first* auditor to actually issue the la_activity(LA_ACT_ADD). It means that it would *only* work for subsequent audit modules, and adding this specific semantic is confusing and does not really improve things (it only helps when multiple audit modules are used). 2. la_objopen is called for the main binary and for ld.so before the first la_activity(LA_ACT_ADD) call. This contradicts the pattern found in a successful dlopen (where la_activity(LA_ACT_ADD) precedes la_objopen). The constrain here is we need to handle DT_AUDIT and DT_DEPAUDIT dynamic tags, which means we need to first load the executable in memory to parse the required audit modules. So we need to first parse the dynamic audit tags, load the audit modules, and then load the object itself. 3. For non-PIE executables the base address listed in link_map->l_addr for the main application binary is 0, even though dladdr is able to recover the correct offset. La_objopen is affected by this. This would require to change an internal semantic for link_map->l_addr. This is not straighfoward and I am not sure about the direct gains. I have checked the patches on x86_64, i686, aarch64, armv7, powerpc64, powerpc64le, and powerpc. [1] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html [2] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDna9gL5BWWI0/edit# [3] https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/azanella/ld-audit-fixes Changes from v5: - Fixed build with --enable-profiling=yes. - Moved la_activity (LA_ACT_ADD) *after* _dl_add_to_namespace_list() for BZ#28062 fix. - Fixed powerpc64 ELFv1 OPD toc setup for bind-now. - Fixed testsuite issues for ia64. - Removed LA_SYMB_BINDNOW now that LA_SYMB_NOPLTENTER and LA_SYMB_NOPLTEXIT is passed for bind-now. Changes from v4: - Added a fix for constructors if executable has a soname of a dependency - Rebased against master. Changes from v3 - Added a aarch64 SVE RFC patch. - Fixed an issue with bind-now fix on powerpc64 ELFv1. - Rebased against master. Changes from v2 - Refactored rtld-audit code to move common come to dl-audit.c. - Issue audit la_objopen() for vDSO. - Isseu la_activity during application exit. - Issue la_symbind() for bind-now (BZ #23734). - Fix runtime linker auditing on aarch64 (BZ #26643) Changes from v1 - Fixed -fstack-protector-all tst-auditmod17. - Simplify the _dl_call_libc_early_init call the 'Fix audit regression' patch. - Remove symbind check fr BZ#15333. - Added the BZ#28096 fix. Adhemerval Zanella (19): elf: Suppress audit calls when a (new) namespace is empty (BZ #28062) elf: Add _dl_audit_objopen elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid elf: Add _dl_audit_objsearch elf: Add _dl_audit_objclose elf: Add _dl_audit_symbind_alt and _dl_audit_symbind elf: Add _dl_audit_preinit elf: Add _dl_audit_pltenter elf: Add _dl_audit_pltexit elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) elf: Add audit tests for modules with TLSDESC elf: Do not fail for failed dlmopen on audit modules (BZ #28061) elf: Fix initial-exec TLS access on audit modules (BZ #28096) elf: Issue audit la_objopen() for vDSO elf: Run constructors if executable has a soname of a dependency elf: Add main application on main_map l_name elf: Add la_activity during application exit elf: Issue la_symbind() for bind-now (BZ #23734) elf: Add SVE support for aarch64 rtld-audit Ben Woodard (1): elf: Fix runtime linker auditing on aarch64 (BZ #26643) NEWS | 4 + csu/libc-start.c | 23 +- dlfcn/Makefile | 4 +- dlfcn/tst-dladdr-self.c | 55 +++ elf/Makefile | 148 +++++++- elf/Versions | 1 + elf/dl-addr.c | 5 - elf/dl-audit.c | 394 ++++++++++++++++++++++ elf/dl-close.c | 74 +--- elf/dl-dst.h | 2 +- elf/dl-fini.c | 25 +- elf/dl-init.c | 3 +- elf/dl-load.c | 141 ++------ elf/dl-misc.c | 1 + elf/dl-object.c | 20 +- elf/dl-open.c | 22 +- elf/dl-reloc.c | 28 +- elf/dl-runtime.c | 245 ++------------ elf/dl-sym-post.h | 47 +-- elf/dl-tls.c | 16 +- elf/do-rel.h | 71 +++- elf/dso-sort-tests-1.def | 5 +- elf/dynamic-link.h | 26 +- elf/rtld.c | 81 +---- elf/setup-vdso.h | 2 +- elf/tst-audit-tlsdesc-audit.c | 25 ++ elf/tst-audit-tlsdesc-dlopen.c | 67 ++++ elf/tst-audit-tlsdesc.c | 60 ++++ elf/tst-audit18.c | 129 +++++++ elf/tst-audit18mod.c | 23 ++ elf/tst-audit19a.c | 39 +++ elf/tst-audit19b.c | 94 ++++++ elf/tst-audit19bmod.c | 23 ++ elf/tst-audit20.c | 25 ++ elf/tst-audit21.c | 42 +++ elf/tst-audit22.c | 128 +++++++ elf/tst-audit23.c | 173 ++++++++++ elf/tst-audit23mod.c | 23 ++ elf/tst-audit24a.c | 36 ++ elf/tst-audit24amod1.c | 31 ++ elf/tst-audit24amod2.c | 25 ++ elf/tst-audit24b.c | 37 ++ elf/tst-audit24bmod1.c | 31 ++ elf/tst-audit24bmod2.c | 23 ++ elf/tst-audit24c.c | 2 + elf/tst-audit24d.c | 36 ++ elf/tst-audit24dmod1.c | 33 ++ elf/tst-audit24dmod2.c | 28 ++ elf/tst-audit24dmod3.c | 31 ++ elf/tst-audit24dmod4.c | 25 ++ elf/tst-audit25a.c | 127 +++++++ elf/tst-audit25b.c | 128 +++++++ elf/tst-audit25mod1.c | 30 ++ elf/tst-audit25mod2.c | 30 ++ elf/tst-audit25mod3.c | 22 ++ elf/tst-audit25mod4.c | 22 ++ elf/tst-auditmod-tlsdesc1.c | 41 +++ elf/tst-auditmod-tlsdesc2.c | 33 ++ elf/tst-auditmod18.c | 73 ++++ elf/tst-auditmod19a.c | 23 ++ elf/tst-auditmod19b.c | 46 +++ elf/tst-auditmod20.c | 57 ++++ elf/tst-auditmod21a.c | 80 +++++ elf/tst-auditmod21b.c | 22 ++ elf/tst-auditmod22.c | 59 ++++ elf/tst-auditmod23.c | 68 ++++ elf/tst-auditmod24.h | 29 ++ elf/tst-auditmod24a.c | 113 +++++++ elf/tst-auditmod24b.c | 103 ++++++ elf/tst-auditmod24c.c | 3 + elf/tst-auditmod24d.c | 119 +++++++ elf/tst-auditmod25.c | 78 +++++ gmon/gmon.c | 10 +- include/dlfcn.h | 1 + include/link.h | 4 + sysdeps/aarch64/Makefile | 32 ++ sysdeps/aarch64/bits/link.h | 28 +- sysdeps/aarch64/bits/link_lavcurrent.h | 25 ++ sysdeps/aarch64/dl-link.sym | 7 +- sysdeps/aarch64/dl-machine.h | 14 +- sysdeps/aarch64/dl-trampoline.S | 394 ++++++++++++++++++++-- sysdeps/aarch64/tst-audit26.c | 37 ++ sysdeps/aarch64/tst-audit26mod.c | 33 ++ sysdeps/aarch64/tst-audit26mod.h | 50 +++ sysdeps/aarch64/tst-audit27.c | 64 ++++ sysdeps/aarch64/tst-audit27mod.c | 95 ++++++ sysdeps/aarch64/tst-audit27mod.h | 67 ++++ sysdeps/aarch64/tst-audit28.c | 44 +++ sysdeps/aarch64/tst-audit28mod.c | 48 +++ sysdeps/aarch64/tst-audit28mod.h | 74 ++++ sysdeps/aarch64/tst-auditmod26.c | 98 ++++++ sysdeps/aarch64/tst-auditmod27.c | 252 ++++++++++++++ sysdeps/aarch64/tst-auditmod28.c | 193 +++++++++++ sysdeps/alpha/dl-machine.h | 2 +- sysdeps/alpha/dl-trampoline.S | 8 +- sysdeps/arc/dl-machine.h | 2 +- sysdeps/arm/dl-machine.h | 2 +- sysdeps/arm/dl-trampoline.S | 2 +- sysdeps/csky/dl-machine.h | 2 +- sysdeps/generic/dl-fixup-attribute.h | 24 ++ sysdeps/generic/dl-lookupcfg.h | 3 + sysdeps/generic/ldsodefs.h | 30 ++ sysdeps/hppa/dl-lookupcfg.h | 3 + sysdeps/hppa/dl-machine.h | 2 +- sysdeps/hppa/dl-runtime.c | 2 +- sysdeps/hppa/dl-trampoline.S | 6 +- sysdeps/i386/dl-fixup-attribute.h | 30 ++ sysdeps/i386/dl-machine.h | 25 +- sysdeps/i386/dl-trampoline.S | 2 +- sysdeps/ia64/dl-lookupcfg.h | 3 + sysdeps/ia64/dl-machine.h | 2 +- sysdeps/ia64/dl-trampoline.S | 16 +- sysdeps/m68k/dl-machine.h | 2 +- sysdeps/m68k/dl-trampoline.S | 2 +- sysdeps/microblaze/dl-machine.h | 2 +- sysdeps/mips/dl-machine.h | 2 +- sysdeps/nios2/dl-machine.h | 2 +- sysdeps/powerpc/dl-lookupcfg.h | 39 +++ sysdeps/powerpc/powerpc32/dl-machine.h | 2 +- sysdeps/powerpc/powerpc64/dl-machine.h | 2 +- sysdeps/powerpc/powerpc64/dl-trampoline.S | 4 +- sysdeps/riscv/dl-machine.h | 2 +- sysdeps/s390/s390-32/dl-machine.h | 2 +- sysdeps/s390/s390-32/dl-trampoline.h | 4 +- sysdeps/s390/s390-64/dl-machine.h | 2 +- sysdeps/s390/s390-64/dl-trampoline.h | 2 +- sysdeps/sh/dl-machine.h | 2 +- sysdeps/sh/dl-trampoline.S | 4 +- sysdeps/sparc/sparc32/dl-machine.h | 2 +- sysdeps/sparc/sparc32/dl-trampoline.S | 2 +- sysdeps/sparc/sparc64/dl-machine.h | 2 +- sysdeps/sparc/sparc64/dl-trampoline.S | 2 +- sysdeps/x86_64/dl-machine.h | 2 +- sysdeps/x86_64/dl-runtime.h | 2 +- sysdeps/x86_64/dl-trampoline.h | 6 +- 135 files changed, 5033 insertions(+), 734 deletions(-) create mode 100644 dlfcn/tst-dladdr-self.c create mode 100644 elf/dl-audit.c create mode 100644 elf/tst-audit-tlsdesc-audit.c create mode 100644 elf/tst-audit-tlsdesc-dlopen.c create mode 100644 elf/tst-audit-tlsdesc.c create mode 100644 elf/tst-audit18.c create mode 100644 elf/tst-audit18mod.c create mode 100644 elf/tst-audit19a.c create mode 100644 elf/tst-audit19b.c create mode 100644 elf/tst-audit19bmod.c create mode 100644 elf/tst-audit20.c create mode 100644 elf/tst-audit21.c create mode 100644 elf/tst-audit22.c create mode 100644 elf/tst-audit23.c create mode 100644 elf/tst-audit23mod.c create mode 100644 elf/tst-audit24a.c create mode 100644 elf/tst-audit24amod1.c create mode 100644 elf/tst-audit24amod2.c create mode 100644 elf/tst-audit24b.c create mode 100644 elf/tst-audit24bmod1.c create mode 100644 elf/tst-audit24bmod2.c create mode 100644 elf/tst-audit24c.c create mode 100644 elf/tst-audit24d.c create mode 100644 elf/tst-audit24dmod1.c create mode 100644 elf/tst-audit24dmod2.c create mode 100644 elf/tst-audit24dmod3.c create mode 100644 elf/tst-audit24dmod4.c create mode 100644 elf/tst-audit25a.c create mode 100644 elf/tst-audit25b.c create mode 100644 elf/tst-audit25mod1.c create mode 100644 elf/tst-audit25mod2.c create mode 100644 elf/tst-audit25mod3.c create mode 100644 elf/tst-audit25mod4.c create mode 100644 elf/tst-auditmod-tlsdesc1.c create mode 100644 elf/tst-auditmod-tlsdesc2.c create mode 100644 elf/tst-auditmod18.c create mode 100644 elf/tst-auditmod19a.c create mode 100644 elf/tst-auditmod19b.c create mode 100644 elf/tst-auditmod20.c create mode 100644 elf/tst-auditmod21a.c create mode 100644 elf/tst-auditmod21b.c create mode 100644 elf/tst-auditmod22.c create mode 100644 elf/tst-auditmod23.c create mode 100644 elf/tst-auditmod24.h create mode 100644 elf/tst-auditmod24a.c create mode 100644 elf/tst-auditmod24b.c create mode 100644 elf/tst-auditmod24c.c create mode 100644 elf/tst-auditmod24d.c create mode 100644 elf/tst-auditmod25.c create mode 100644 sysdeps/aarch64/bits/link_lavcurrent.h create mode 100644 sysdeps/aarch64/tst-audit26.c create mode 100644 sysdeps/aarch64/tst-audit26mod.c create mode 100644 sysdeps/aarch64/tst-audit26mod.h create mode 100644 sysdeps/aarch64/tst-audit27.c create mode 100644 sysdeps/aarch64/tst-audit27mod.c create mode 100644 sysdeps/aarch64/tst-audit27mod.h create mode 100644 sysdeps/aarch64/tst-audit28.c create mode 100644 sysdeps/aarch64/tst-audit28mod.c create mode 100644 sysdeps/aarch64/tst-audit28mod.h create mode 100644 sysdeps/aarch64/tst-auditmod26.c create mode 100644 sysdeps/aarch64/tst-auditmod27.c create mode 100644 sysdeps/aarch64/tst-auditmod28.c create mode 100644 sysdeps/generic/dl-fixup-attribute.h create mode 100644 sysdeps/i386/dl-fixup-attribute.h create mode 100644 sysdeps/powerpc/dl-lookupcfg.h