diff mbox series

[v12,1/4] elf: Add la_activity during application exit

Message ID 20220125183700.1280931-2-adhemerval.zanella@linaro.org
State Superseded
Headers show
Series Multiple rtld-audit fixes | expand

Checks

Context Check Description
dj/TryBot-apply_patch success Patch applied to master at the time it was sent

Commit Message

Adhemerval Zanella Jan. 25, 2022, 6:36 p.m. UTC
la_activity is not called during application exit, even though
la_objclose is.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
---
 elf/Makefile         |   7 ++
 elf/dl-fini.c        |   8 ++
 elf/tst-audit23.c    | 239 +++++++++++++++++++++++++++++++++++++++++++
 elf/tst-audit23mod.c |  23 +++++
 elf/tst-auditmod23.c |  74 ++++++++++++++
 5 files changed, 351 insertions(+)
 create mode 100644 elf/tst-audit23.c
 create mode 100644 elf/tst-audit23mod.c
 create mode 100644 elf/tst-auditmod23.c

Comments

Florian Weimer Jan. 26, 2022, 11:42 a.m. UTC | #1
* Adhemerval Zanella via Libc-alpha:

> +static int
> +do_test (int argc, char *argv[])
> +{
> +  /* We must have either:
> +     - One our fource parameters left if called initially:
> +       + path to ld.so         optional
> +       + "--library-path"      optional
> +       + the library path      optional
> +       + the application name  */
> +  if (restart)
> +    return handle_restart ();
> +
> +  char *spargv[9];
> +  int i = 0;
> +  for (; i < argc - 1; i++)
> +    spargv[i] = argv[i + 1];
> +  spargv[i++] = (char *) "--direct";
> +  spargv[i++] = (char *) "--restart";
> +  spargv[i] = NULL;
> +  TEST_VERIFY_EXIT (i < array_length (spargv));

Sorry, I think this test is invalid because it happens after the
out-of-bounds write.  I expect that compilers will eventually warn about
that.

Thanks,
Florian
Adhemerval Zanella Jan. 26, 2022, 12:18 p.m. UTC | #2
On 26/01/2022 08:42, Florian Weimer wrote:
> * Adhemerval Zanella via Libc-alpha:
> 
>> +static int
>> +do_test (int argc, char *argv[])
>> +{
>> +  /* We must have either:
>> +     - One our fource parameters left if called initially:
>> +       + path to ld.so         optional
>> +       + "--library-path"      optional
>> +       + the library path      optional
>> +       + the application name  */
>> +  if (restart)
>> +    return handle_restart ();
>> +
>> +  char *spargv[9];
>> +  int i = 0;
>> +  for (; i < argc - 1; i++)
>> +    spargv[i] = argv[i + 1];
>> +  spargv[i++] = (char *) "--direct";
>> +  spargv[i++] = (char *) "--restart";
>> +  spargv[i] = NULL;
>> +  TEST_VERIFY_EXIT (i < array_length (spargv));
> 
> Sorry, I think this test is invalid because it happens after the
> out-of-bounds write.  I expect that compilers will eventually warn about
> that.

It seems that at least gcc 11 does not warn if the array is not large
enough.  Maybe this is better:

  char *spargv[9];
  TEST_VERIFY_EXIT (((argc - 1) + 3) < array_length (spargv));
  int i = 0;
  for (; i < argc - 1; i++)
    spargv[i] = argv[i + 1];
  spargv[i++] = (char *) "--direct";
  spargv[i++] = (char *) "--restart";
  spargv[i] = NULL;
Florian Weimer Jan. 26, 2022, 12:25 p.m. UTC | #3
* Adhemerval Zanella:

> On 26/01/2022 08:42, Florian Weimer wrote:
>> * Adhemerval Zanella via Libc-alpha:
>> 
>>> +static int
>>> +do_test (int argc, char *argv[])
>>> +{
>>> +  /* We must have either:
>>> +     - One our fource parameters left if called initially:
>>> +       + path to ld.so         optional
>>> +       + "--library-path"      optional
>>> +       + the library path      optional
>>> +       + the application name  */
>>> +  if (restart)
>>> +    return handle_restart ();
>>> +
>>> +  char *spargv[9];
>>> +  int i = 0;
>>> +  for (; i < argc - 1; i++)
>>> +    spargv[i] = argv[i + 1];
>>> +  spargv[i++] = (char *) "--direct";
>>> +  spargv[i++] = (char *) "--restart";
>>> +  spargv[i] = NULL;
>>> +  TEST_VERIFY_EXIT (i < array_length (spargv));
>> 
>> Sorry, I think this test is invalid because it happens after the
>> out-of-bounds write.  I expect that compilers will eventually warn about
>> that.
>
> It seems that at least gcc 11 does not warn if the array is not large
> enough.  Maybe this is better:
>
>   char *spargv[9];
>   TEST_VERIFY_EXIT (((argc - 1) + 3) < array_length (spargv));
>   int i = 0;
>   for (; i < argc - 1; i++)
>     spargv[i] = argv[i + 1];
>   spargv[i++] = (char *) "--direct";
>   spargv[i++] = (char *) "--restart";
>   spargv[i] = NULL;

Yes, it is.  Thanks.  It's a bit unfortunate that there is no succinct
way to express this.

Florian
Carlos O'Donell Feb. 1, 2022, 4:21 a.m. UTC | #4
On 1/25/22 13:36, Adhemerval Zanella wrote:
> la_activity is not called during application exit, even though
> la_objclose is.

Logically this does what I expected, and I think the dlfini pieces are in the
right place. I worked through the logic around re-running again: and making
sure that we have guards in place for all the called audit modules so we don't
call callbacks for modules are they are being finalized. This looks good to me.

OK for glibc 2.35 with comment corrections, but please post v13 and I'll ACK that
as release manager.
 
> Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
> ---
>  elf/Makefile         |   7 ++
>  elf/dl-fini.c        |   8 ++
>  elf/tst-audit23.c    | 239 +++++++++++++++++++++++++++++++++++++++++++
>  elf/tst-audit23mod.c |  23 +++++
>  elf/tst-auditmod23.c |  74 ++++++++++++++
>  5 files changed, 351 insertions(+)
>  create mode 100644 elf/tst-audit23.c
>  create mode 100644 elf/tst-audit23mod.c
>  create mode 100644 elf/tst-auditmod23.c
> 
> diff --git a/elf/Makefile b/elf/Makefile
> index 41e0f2e8c4..a3b4468593 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -377,6 +377,7 @@ tests += \
>    tst-audit19b \
>    tst-audit20 \
>    tst-audit22 \
> +  tst-audit23 \

OK. Test.

>    tst-auditmany \
>    tst-auxobj \
>    tst-auxobj-dlopen \
> @@ -673,6 +674,7 @@ modules-names = \
>    tst-audit13mod1 \
>    tst-audit18mod \
>    tst-audit19bmod \
> +  tst-audit23mod \

OK. And DSO.

>    tst-auditlogmod-1 \
>    tst-auditlogmod-2 \
>    tst-auditlogmod-3 \
> @@ -695,6 +697,7 @@ modules-names = \
>    tst-auditmod19b \
>    tst-auditmod20 \
>    tst-auditmod22 \
> +  tst-auditmod23 \

OK. And audit module.

>    tst-auxvalmod \
>    tst-big-note-lib \
>    tst-deep1mod1 \
> @@ -2136,6 +2139,10 @@ tst-audit20-ENV = LD_AUDIT=$(objpfx)tst-auditmod20.so
>  $(objpfx)tst-audit22.out: $(objpfx)tst-auditmod22.so
>  tst-audit22-ARGS = -- $(host-test-program-cmd)
>  
> +$(objpfx)tst-audit23.out: $(objpfx)tst-auditmod23.so \
> +			  $(objpfx)tst-audit23mod.so
> +tst-audit23-ARGS = -- $(host-test-program-cmd)

OK. Dep on the two DSOs.

> +
>  # tst-sonamemove links against an older implementation of the library.
>  LDFLAGS-tst-sonamemove-linkmod1.so = \
>    -Wl,--version-script=tst-sonamemove-linkmod1.map \
> diff --git a/elf/dl-fini.c b/elf/dl-fini.c
> index de8eb1b3c9..030b1fcbcd 100644
> --- a/elf/dl-fini.c
> +++ b/elf/dl-fini.c
> @@ -64,6 +64,10 @@ _dl_fini (void)

OK. In _dl_fini and winding down the object.

>  	__rtld_lock_unlock_recursive (GL(dl_load_lock));
>        else
>  	{
> +#ifdef SHARED
> +	  _dl_audit_activity_nsid (ns, LA_ACT_DELETE);

OK. This is the start of the operation for the namespace that isn't empty
or just used for auditing. We are calling LA_ACT_DELETE here to signal that
we are closing objects as part of exit. The only other place we call LA_ACT_DELETE
is in _dl_close_worker() which is only used for dlclose and others. We can choose
to place LA_ACT_DELETE at any point, but this is 

> +#endif
> +
>  	  /* Now we can allocate an array to hold all the pointers and
>  	     copy the pointers in.  */
>  	  struct link_map *maps[nloaded];
> @@ -153,6 +157,10 @@ _dl_fini (void)
>  	      /* Correct the previous increment.  */
>  	      --l->l_direct_opencount;
>  	    }
> +
> +#ifdef SHARED
> +	  _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT);
> +#endif

OK. Confirmed this is the closing set of braces from LA_ACT_DELETE, and so marks
that we are consistent. Nothing should ever call _dl_fini() again, but some
cases may jump to again:, like when we are unloading the auditors as the last
step in _dl_fini(). There is no harm in doing this unconditionally because all
of _dl_audit_activity_nsid and _dl_audit_objclose are guarded by l_auditing
being zero before actually calling the callback. That is to say that no auditor
can audit another auditor.

>  	}
>      }
>  
> diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c
> new file mode 100644
> index 0000000000..3eea322051
> --- /dev/null
> +++ b/elf/tst-audit23.c
> @@ -0,0 +1,239 @@
> +/* Check DT_AUDIT la_objopen and la_objclose for all objects.

This does not check DT_AUDIT, which is set only by the static linker for --audit?

Suggest:
Check for expected la_objopen and la_objeclose for all objects.

> +   Copyright (C) 2022 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <https://www.gnu.org/licenses/>.  */
> +
> +#include <array_length.h>
> +#include <errno.h>
> +#include <getopt.h>
> +#include <link.h>
> +#include <limits.h>
> +#include <inttypes.h>
> +#include <gnu/lib-names.h>
> +#include <string.h>
> +#include <stdlib.h>
> +#include <support/capture_subprocess.h>
> +#include <support/check.h>
> +#include <support/xstdio.h>
> +#include <support/xdlfcn.h>
> +#include <support/support.h>
> +
> +static int restart;
> +#define CMDLINE_OPTIONS \
> +  { "restart", no_argument, &restart, 1 },
> +
> +static int
> +handle_restart (void)
> +{
> +  xdlopen ("tst-audit23mod.so", RTLD_NOW);
> +  xdlmopen (LM_ID_NEWLM, LIBC_SO, RTLD_NOW);
> +
> +  return 0;
> +}
> +
> +static inline bool
> +startswith (const char *str, const char *pre)
> +{
> +  size_t lenpre = strlen (pre);
> +  size_t lenstr = strlen (str);
> +  return lenstr >= lenpre && memcmp (pre, str, lenpre) == 0;
> +}
> +
> +static inline bool
> +is_vdso (const char *str)
> +{
> +  return startswith (str, "linux-gate")
> +	 || startswith (str, "linux-vdso");
> +}
> +
> +static int
> +do_test (int argc, char *argv[])
> +{
> +  /* We must have either:
> +     - One our fource parameters left if called initially:

s/One our fource/One or four/g.

> +       + path to ld.so         optional
> +       + "--library-path"      optional
> +       + the library path      optional
> +       + the application name  */
> +  if (restart)
> +    return handle_restart ();
> +
> +  char *spargv[9];
> +  int i = 0;
> +  for (; i < argc - 1; i++)
> +    spargv[i] = argv[i + 1];
> +  spargv[i++] = (char *) "--direct";
> +  spargv[i++] = (char *) "--restart";
> +  spargv[i] = NULL;
> +  TEST_VERIFY_EXIT (i < array_length (spargv));
> +

OK. Prepare to re-run ourselves with auditor.

> +  setenv ("LD_AUDIT", "tst-auditmod23.so", 0);
> +  struct support_capture_subprocess result
> +    = support_capture_subprogram (spargv[0], spargv);
> +  support_capture_subprocess_check (&result, "tst-audit22", 0, sc_allow_stderr);
> +
> +  /* The expected la_objopen/la_objclose:
> +     1. executable
> +     2. loader
> +     3. libc.so
> +     4. tst-audit23mod.so
> +     5. libc.so (LM_ID_NEWLM).
> +     6. vdso (optional and ignored).  */
> +  enum { max_objs = 6 };
> +  struct la_obj_t
> +  {
> +    char *lname;
> +    uintptr_t laddr;
> +    Lmid_t lmid;
> +    bool closed;
> +  } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } };
> +  size_t nobjs = 0;
> +
> +  /* The expected namespaces are one for the audit module, one for the
> +     application, and another for the dlmopen on handle_restart.  */
> +  enum { max_ns = 3 };
> +  uintptr_t acts[max_ns] = { 0 };
> +  size_t nacts = 0;
> +  int last_act = -1;
> +  uintptr_t last_act_cookie = -1;
> +  bool seen_first_objclose = false;
> +
> +  FILE *out = fmemopen (result.err.buffer, result.err.length, "r");
> +  TEST_VERIFY (out != NULL);
> +  char *buffer = NULL;
> +  size_t buffer_length = 0;
> +  while (xgetline (&buffer, &buffer_length, out))
> +    {
> +      if (startswith (buffer, "la_activity: "))
> +	{
> +	  uintptr_t cookie;
> +	  int this_act;
> +	  int r = sscanf (buffer, "la_activity: %d %"SCNxPTR"", &this_act,
> +			  &cookie);
> +	  TEST_COMPARE (r, 2);
> +
> +	  /* The cookie identifies the object at the head of the link map,
> +	     so we only add a new namespace if it changes from previous

s/from/from the/g

> +	     one.  This work since dlmopen is the last in the test body.  */

s/work/works/g

> +	  if (cookie != last_act_cookie && last_act_cookie != -1)
> +	    TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
> +
> +	  if (this_act == LA_ACT_ADD && acts[nacts] != cookie)
> +	    {
> +	      acts[nacts++] = cookie;
> +	      last_act_cookie = cookie;
> +	    }
> +	  /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD
> +	     at program termination (if the tests adds a dlclose or a library
> +	     with extra dependencies this require to be adapted).  */

s/require/will need/g

Florian's fix to make dlclose order consistent will make this consistent too!

> +	  else if (this_act == LA_ACT_DELETE)
> +	    {
> +	      last_act_cookie = acts[--nacts];
> +	      TEST_COMPARE (acts[nacts], cookie);
> +	      acts[nacts] = 0;
> +	    }
> +	  else if (this_act == LA_ACT_CONSISTENT)
> +	    {
> +	      TEST_COMPARE (cookie, last_act_cookie);
> +
> +	      /* LA_ACT_DELETE must always be followed by an la_objclose.  */
> +	      if (last_act == LA_ACT_DELETE)
> +		TEST_COMPARE (seen_first_objclose, true);
> +	      else
> +		TEST_COMPARE (last_act, LA_ACT_ADD);
> +	    }
> +
> +	  last_act = this_act;
> +	  seen_first_objclose = false;
> +	}
> +      else if (startswith (buffer, "la_objopen: "))
> +	{
> +	  char *lname;
> +	  uintptr_t laddr;
> +	  Lmid_t lmid;
> +	  uintptr_t cookie;
> +	  int r = sscanf (buffer, "la_objopen: %"SCNxPTR"  %ms %"SCNxPTR" %ld",
> +			  &cookie, &lname, &laddr, &lmid);
> +	  TEST_COMPARE (r, 4);
> +
> +	  /* la_objclose is not triggered by vDSO because glibc does not
> +	     unload it.  */

OK.

> +	  if (is_vdso (lname))
> +	    continue;
> +	  if (nobjs == max_objs)
> +	    FAIL_EXIT1 ("non expected la_objopen: %s %"PRIxPTR" %ld",
> +			lname, laddr, lmid);
> +	  objs[nobjs].lname = lname;
> +	  objs[nobjs].laddr = laddr;
> +	  objs[nobjs].lmid = lmid;
> +	  objs[nobjs].closed = false;
> +	  nobjs++;
> +
> +	  /* This indirectly checks that la_objopen always come before

s/come/comes/g

> +	     la_objclose btween la_activity calls.  */
> +	  seen_first_objclose = false;
> +	}
> +      else if (startswith (buffer, "la_objclose: "))
> +	{
> +	  char *lname;
> +	  uintptr_t laddr;
> +	  Lmid_t lmid;
> +	  uintptr_t cookie;
> +	  int r = sscanf (buffer, "la_objclose: %"SCNxPTR" %ms %"SCNxPTR" %ld",
> +			  &cookie, &lname, &laddr, &lmid);
> +	  TEST_COMPARE (r, 4);
> +
> +	  for (size_t i = 0; i < nobjs; i++)
> +	    {
> +	      if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid)
> +		{
> +		  TEST_COMPARE (objs[i].closed, false);
> +		  objs[i].closed = true;
> +		  break;
> +		}
> +	    }
> +
> +	  /* la_objclose should be called after la_activity(LA_ACT_DELETE) for
> +	     the closed object's namespace.  */

OK. Agreed.

> +	  TEST_COMPARE (last_act, LA_ACT_DELETE);
> +	  if (!seen_first_objclose)
> +	    {
> +	      TEST_COMPARE (last_act_cookie, cookie);
> +	      seen_first_objclose = true;
> +	    }
> +	}
> +    }
> +
> +  for (size_t i = 0; i < nobjs; i++)
> +    {
> +      TEST_COMPARE (objs[i].closed, true);
> +      free (objs[i].lname);
> +    }
> +
> +  /* la_activity(LA_ACT_CONSISTENT) should be the last callback received.
> +     Since only one link map may be not-CONSISTENT at a time, this also
> +     ensures la_activity(LA_ACT_CONSISTENT) is the last callback received
> +     for every namespace.  */
> +  TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
> +
> +  free (buffer);
> +  xfclose (out);
> +
> +  return 0;
> +}
> +
> +#define TEST_FUNCTION_ARGV do_test
> +#include <support/test-driver.c>
> diff --git a/elf/tst-audit23mod.c b/elf/tst-audit23mod.c
> new file mode 100644
> index 0000000000..9a116ff682
> --- /dev/null
> +++ b/elf/tst-audit23mod.c
> @@ -0,0 +1,23 @@
> +/* Extra modules for tst-audit23

s/modules/module/g

> +   Copyright (C) 2022 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <https://www.gnu.org/licenses/>.  */
> +
> +int
> +foo (void)
> +{
> +  return 0;
> +}

OK.

> diff --git a/elf/tst-auditmod23.c b/elf/tst-auditmod23.c
> new file mode 100644
> index 0000000000..42eccae11b
> --- /dev/null
> +++ b/elf/tst-auditmod23.c
> @@ -0,0 +1,74 @@
> +/* Audit modules loaded by tst-audit23.

s/modules/module/g.

> +   Copyright (C) 2022 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <https://www.gnu.org/licenses/>.  */
> +
> +#include <link.h>
> +#include <inttypes.h>
> +#include <stdlib.h>
> +#include <stdio.h>
> +#include <string.h>
> +#include <sys/auxv.h>
> +
> +unsigned int
> +la_version (unsigned int version)
> +{
> +  return LAV_CURRENT;
> +}
> +
> +struct map_desc_t
> +{
> +  char *lname;
> +  uintptr_t laddr;
> +  Lmid_t lmid;
> +};
> +
> +void
> +la_activity (uintptr_t *cookie, unsigned int flag)
> +{
> +  fprintf (stderr, "%s: %d %"PRIxPTR"\n", __func__, flag, (uintptr_t) cookie);
> +}
> +
> +unsigned int
> +la_objopen (struct link_map *map, Lmid_t lmid, uintptr_t *cookie)
> +{
> +  const char *l_name = map->l_name[0] == '\0' ? "mainapp" : map->l_name;
> +  fprintf (stderr, "%s: %"PRIxPTR" %s %"PRIxPTR" %ld\n", __func__,
> +	   (uintptr_t) cookie, l_name, map->l_addr, lmid);
> +
> +  struct map_desc_t *map_desc = malloc (sizeof (struct map_desc_t));
> +  if (map_desc == NULL)
> +    abort ();
> +
> +  map_desc->lname = strdup (l_name);
> +  map_desc->laddr = map->l_addr;
> +  map_desc->lmid = lmid;
> +
> +  *cookie = (uintptr_t) map_desc;

OK.

> +
> +  return 0;
> +}
> +
> +unsigned int
> +la_objclose (uintptr_t *cookie)
> +{
> +  struct map_desc_t *map_desc = (struct map_desc_t *) *cookie;
> +  fprintf (stderr, "%s: %"PRIxPTR" %s %"PRIxPTR" %ld\n", __func__,
> +	   (uintptr_t) cookie, map_desc->lname, map_desc->laddr,
> +	   map_desc->lmid);
> +
> +  return 0;
> +}
Adhemerval Zanella Feb. 1, 2022, 1:30 p.m. UTC | #5
On 01/02/2022 01:21, Carlos O'Donell wrote:
> On 1/25/22 13:36, Adhemerval Zanella wrote:
>> diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c
>> new file mode 100644
>> index 0000000000..3eea322051
>> --- /dev/null
>> +++ b/elf/tst-audit23.c
>> @@ -0,0 +1,239 @@
>> +/* Check DT_AUDIT la_objopen and la_objclose for all objects.
> 
> This does not check DT_AUDIT, which is set only by the static linker for --audit?
> 
> Suggest:
> Check for expected la_objopen and la_objeclose for all objects.
> 

Ack.

>> +   Copyright (C) 2022 Free Software Foundation, Inc.
>> +   This file is part of the GNU C Library.
>> +
>> +   The GNU C Library is free software; you can redistribute it and/or
>> +   modify it under the terms of the GNU Lesser General Public
>> +   License as published by the Free Software Foundation; either
>> +   version 2.1 of the License, or (at your option) any later version.
>> +
>> +   The GNU C Library is distributed in the hope that it will be useful,
>> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
>> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> +   Lesser General Public License for more details.
>> +
>> +   You should have received a copy of the GNU Lesser General Public
>> +   License along with the GNU C Library; if not, see
>> +   <https://www.gnu.org/licenses/>.  */
>> +
>> +#include <array_length.h>
>> +#include <errno.h>
>> +#include <getopt.h>
>> +#include <link.h>
>> +#include <limits.h>
>> +#include <inttypes.h>
>> +#include <gnu/lib-names.h>
>> +#include <string.h>
>> +#include <stdlib.h>
>> +#include <support/capture_subprocess.h>
>> +#include <support/check.h>
>> +#include <support/xstdio.h>
>> +#include <support/xdlfcn.h>
>> +#include <support/support.h>
>> +
>> +static int restart;
>> +#define CMDLINE_OPTIONS \
>> +  { "restart", no_argument, &restart, 1 },
>> +
>> +static int
>> +handle_restart (void)
>> +{
>> +  xdlopen ("tst-audit23mod.so", RTLD_NOW);
>> +  xdlmopen (LM_ID_NEWLM, LIBC_SO, RTLD_NOW);
>> +
>> +  return 0;
>> +}
>> +
>> +static inline bool
>> +startswith (const char *str, const char *pre)
>> +{
>> +  size_t lenpre = strlen (pre);
>> +  size_t lenstr = strlen (str);
>> +  return lenstr >= lenpre && memcmp (pre, str, lenpre) == 0;
>> +}
>> +
>> +static inline bool
>> +is_vdso (const char *str)
>> +{
>> +  return startswith (str, "linux-gate")
>> +	 || startswith (str, "linux-vdso");
>> +}
>> +
>> +static int
>> +do_test (int argc, char *argv[])
>> +{
>> +  /* We must have either:
>> +     - One our fource parameters left if called initially:
> 
> s/One our fource/One or four/g.
> 

Ack.

>> +       + path to ld.so         optional
>> +       + "--library-path"      optional
>> +       + the library path      optional
>> +       + the application name  */
>> +  if (restart)
>> +    return handle_restart ();
>> +
>> +  char *spargv[9];
>> +  int i = 0;
>> +  for (; i < argc - 1; i++)
>> +    spargv[i] = argv[i + 1];
>> +  spargv[i++] = (char *) "--direct";
>> +  spargv[i++] = (char *) "--restart";
>> +  spargv[i] = NULL;
>> +  TEST_VERIFY_EXIT (i < array_length (spargv));
>> +
> 
> OK. Prepare to re-run ourselves with auditor.
> 
>> +  setenv ("LD_AUDIT", "tst-auditmod23.so", 0);
>> +  struct support_capture_subprocess result
>> +    = support_capture_subprogram (spargv[0], spargv);
>> +  support_capture_subprocess_check (&result, "tst-audit22", 0, sc_allow_stderr);
>> +
>> +  /* The expected la_objopen/la_objclose:
>> +     1. executable
>> +     2. loader
>> +     3. libc.so
>> +     4. tst-audit23mod.so
>> +     5. libc.so (LM_ID_NEWLM).
>> +     6. vdso (optional and ignored).  */
>> +  enum { max_objs = 6 };
>> +  struct la_obj_t
>> +  {
>> +    char *lname;
>> +    uintptr_t laddr;
>> +    Lmid_t lmid;
>> +    bool closed;
>> +  } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } };
>> +  size_t nobjs = 0;
>> +
>> +  /* The expected namespaces are one for the audit module, one for the
>> +     application, and another for the dlmopen on handle_restart.  */
>> +  enum { max_ns = 3 };
>> +  uintptr_t acts[max_ns] = { 0 };
>> +  size_t nacts = 0;
>> +  int last_act = -1;
>> +  uintptr_t last_act_cookie = -1;
>> +  bool seen_first_objclose = false;
>> +
>> +  FILE *out = fmemopen (result.err.buffer, result.err.length, "r");
>> +  TEST_VERIFY (out != NULL);
>> +  char *buffer = NULL;
>> +  size_t buffer_length = 0;
>> +  while (xgetline (&buffer, &buffer_length, out))
>> +    {
>> +      if (startswith (buffer, "la_activity: "))
>> +	{
>> +	  uintptr_t cookie;
>> +	  int this_act;
>> +	  int r = sscanf (buffer, "la_activity: %d %"SCNxPTR"", &this_act,
>> +			  &cookie);
>> +	  TEST_COMPARE (r, 2);
>> +
>> +	  /* The cookie identifies the object at the head of the link map,
>> +	     so we only add a new namespace if it changes from previous
> 
> s/from/from the/g
> 

Ack.

>> +	     one.  This work since dlmopen is the last in the test body.  */
> 
> s/work/works/g

Ack.

> 
>> +	  if (cookie != last_act_cookie && last_act_cookie != -1)
>> +	    TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
>> +
>> +	  if (this_act == LA_ACT_ADD && acts[nacts] != cookie)
>> +	    {
>> +	      acts[nacts++] = cookie;
>> +	      last_act_cookie = cookie;
>> +	    }
>> +	  /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD
>> +	     at program termination (if the tests adds a dlclose or a library
>> +	     with extra dependencies this require to be adapted).  */
> 
> s/require/will need/g

Ack.

> 
> Florian's fix to make dlclose order consistent will make this consistent too!
> 
>> +	  else if (this_act == LA_ACT_DELETE)
>> +	    {
>> +	      last_act_cookie = acts[--nacts];
>> +	      TEST_COMPARE (acts[nacts], cookie);
>> +	      acts[nacts] = 0;
>> +	    }
>> +	  else if (this_act == LA_ACT_CONSISTENT)
>> +	    {
>> +	      TEST_COMPARE (cookie, last_act_cookie);
>> +
>> +	      /* LA_ACT_DELETE must always be followed by an la_objclose.  */
>> +	      if (last_act == LA_ACT_DELETE)
>> +		TEST_COMPARE (seen_first_objclose, true);
>> +	      else
>> +		TEST_COMPARE (last_act, LA_ACT_ADD);
>> +	    }
>> +
>> +	  last_act = this_act;
>> +	  seen_first_objclose = false;
>> +	}
>> +      else if (startswith (buffer, "la_objopen: "))
>> +	{
>> +	  char *lname;
>> +	  uintptr_t laddr;
>> +	  Lmid_t lmid;
>> +	  uintptr_t cookie;
>> +	  int r = sscanf (buffer, "la_objopen: %"SCNxPTR"  %ms %"SCNxPTR" %ld",
>> +			  &cookie, &lname, &laddr, &lmid);
>> +	  TEST_COMPARE (r, 4);
>> +
>> +	  /* la_objclose is not triggered by vDSO because glibc does not
>> +	     unload it.  */
> 
> OK.
> 
>> +	  if (is_vdso (lname))
>> +	    continue;
>> +	  if (nobjs == max_objs)
>> +	    FAIL_EXIT1 ("non expected la_objopen: %s %"PRIxPTR" %ld",
>> +			lname, laddr, lmid);
>> +	  objs[nobjs].lname = lname;
>> +	  objs[nobjs].laddr = laddr;
>> +	  objs[nobjs].lmid = lmid;
>> +	  objs[nobjs].closed = false;
>> +	  nobjs++;
>> +
>> +	  /* This indirectly checks that la_objopen always come before
> 
> s/come/comes/g

Ack.

> 
>> +	     la_objclose btween la_activity calls.  */
>> +	  seen_first_objclose = false;
>> +	}
>> +      else if (startswith (buffer, "la_objclose: "))
>> +	{
>> +	  char *lname;
>> +	  uintptr_t laddr;
>> +	  Lmid_t lmid;
>> +	  uintptr_t cookie;
>> +	  int r = sscanf (buffer, "la_objclose: %"SCNxPTR" %ms %"SCNxPTR" %ld",
>> +			  &cookie, &lname, &laddr, &lmid);
>> +	  TEST_COMPARE (r, 4);
>> +
>> +	  for (size_t i = 0; i < nobjs; i++)
>> +	    {
>> +	      if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid)
>> +		{
>> +		  TEST_COMPARE (objs[i].closed, false);
>> +		  objs[i].closed = true;
>> +		  break;
>> +		}
>> +	    }
>> +
>> +	  /* la_objclose should be called after la_activity(LA_ACT_DELETE) for
>> +	     the closed object's namespace.  */
> 
> OK. Agreed.
> 
>> +	  TEST_COMPARE (last_act, LA_ACT_DELETE);
>> +	  if (!seen_first_objclose)
>> +	    {
>> +	      TEST_COMPARE (last_act_cookie, cookie);
>> +	      seen_first_objclose = true;
>> +	    }
>> +	}
>> +    }
>> +
>> +  for (size_t i = 0; i < nobjs; i++)
>> +    {
>> +      TEST_COMPARE (objs[i].closed, true);
>> +      free (objs[i].lname);
>> +    }
>> +
>> +  /* la_activity(LA_ACT_CONSISTENT) should be the last callback received.
>> +     Since only one link map may be not-CONSISTENT at a time, this also
>> +     ensures la_activity(LA_ACT_CONSISTENT) is the last callback received
>> +     for every namespace.  */
>> +  TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
>> +
>> +  free (buffer);
>> +  xfclose (out);
>> +
>> +  return 0;
>> +}
>> +
>> +#define TEST_FUNCTION_ARGV do_test
>> +#include <support/test-driver.c>
>> diff --git a/elf/tst-audit23mod.c b/elf/tst-audit23mod.c
>> new file mode 100644
>> index 0000000000..9a116ff682
>> --- /dev/null
>> +++ b/elf/tst-audit23mod.c
>> @@ -0,0 +1,23 @@
>> +/* Extra modules for tst-audit23
> 
> s/modules/module/g

Ack.

> 
>> +   Copyright (C) 2022 Free Software Foundation, Inc.
>> +   This file is part of the GNU C Library.
>> +
>> +   The GNU C Library is free software; you can redistribute it and/or
>> +   modify it under the terms of the GNU Lesser General Public
>> +   License as published by the Free Software Foundation; either
>> +   version 2.1 of the License, or (at your option) any later version.
>> +
>> +   The GNU C Library is distributed in the hope that it will be useful,
>> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
>> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> +   Lesser General Public License for more details.
>> +
>> +   You should have received a copy of the GNU Lesser General Public
>> +   License along with the GNU C Library; if not, see
>> +   <https://www.gnu.org/licenses/>.  */
>> +
>> +int
>> +foo (void)
>> +{
>> +  return 0;
>> +}
> 
> OK.
> 
>> diff --git a/elf/tst-auditmod23.c b/elf/tst-auditmod23.c
>> new file mode 100644
>> index 0000000000..42eccae11b
>> --- /dev/null
>> +++ b/elf/tst-auditmod23.c
>> @@ -0,0 +1,74 @@
>> +/* Audit modules loaded by tst-audit23.
> 
> s/modules/module/g.

Ack.

> 
>> +   Copyright (C) 2022 Free Software Foundation, Inc.
>> +   This file is part of the GNU C Library.
>> +
>> +   The GNU C Library is free software; you can redistribute it and/or
>> +   modify it under the terms of the GNU Lesser General Public
>> +   License as published by the Free Software Foundation; either
>> +   version 2.1 of the License, or (at your option) any later version.
>> +
>> +   The GNU C Library is distributed in the hope that it will be useful,
>> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
>> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> +   Lesser General Public License for more details.
>> +
>> +   You should have received a copy of the GNU Lesser General Public
>> +   License along with the GNU C Library; if not, see
>> +   <https://www.gnu.org/licenses/>.  */
>> +
>> +#include <link.h>
>> +#include <inttypes.h>
>> +#include <stdlib.h>
>> +#include <stdio.h>
>> +#include <string.h>
>> +#include <sys/auxv.h>
>> +
>> +unsigned int
>> +la_version (unsigned int version)
>> +{
>> +  return LAV_CURRENT;
>> +}
>> +
>> +struct map_desc_t
>> +{
>> +  char *lname;
>> +  uintptr_t laddr;
>> +  Lmid_t lmid;
>> +};
>> +
>> +void
>> +la_activity (uintptr_t *cookie, unsigned int flag)
>> +{
>> +  fprintf (stderr, "%s: %d %"PRIxPTR"\n", __func__, flag, (uintptr_t) cookie);
>> +}
>> +
>> +unsigned int
>> +la_objopen (struct link_map *map, Lmid_t lmid, uintptr_t *cookie)
>> +{
>> +  const char *l_name = map->l_name[0] == '\0' ? "mainapp" : map->l_name;
>> +  fprintf (stderr, "%s: %"PRIxPTR" %s %"PRIxPTR" %ld\n", __func__,
>> +	   (uintptr_t) cookie, l_name, map->l_addr, lmid);
>> +
>> +  struct map_desc_t *map_desc = malloc (sizeof (struct map_desc_t));
>> +  if (map_desc == NULL)
>> +    abort ();
>> +
>> +  map_desc->lname = strdup (l_name);
>> +  map_desc->laddr = map->l_addr;
>> +  map_desc->lmid = lmid;
>> +
>> +  *cookie = (uintptr_t) map_desc;
> 
> OK.
> 
>> +
>> +  return 0;
>> +}
>> +
>> +unsigned int
>> +la_objclose (uintptr_t *cookie)
>> +{
>> +  struct map_desc_t *map_desc = (struct map_desc_t *) *cookie;
>> +  fprintf (stderr, "%s: %"PRIxPTR" %s %"PRIxPTR" %ld\n", __func__,
>> +	   (uintptr_t) cookie, map_desc->lname, map_desc->laddr,
>> +	   map_desc->lmid);
>> +
>> +  return 0;
>> +}
> 
>
diff mbox series

Patch

diff --git a/elf/Makefile b/elf/Makefile
index 41e0f2e8c4..a3b4468593 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -377,6 +377,7 @@  tests += \
   tst-audit19b \
   tst-audit20 \
   tst-audit22 \
+  tst-audit23 \
   tst-auditmany \
   tst-auxobj \
   tst-auxobj-dlopen \
@@ -673,6 +674,7 @@  modules-names = \
   tst-audit13mod1 \
   tst-audit18mod \
   tst-audit19bmod \
+  tst-audit23mod \
   tst-auditlogmod-1 \
   tst-auditlogmod-2 \
   tst-auditlogmod-3 \
@@ -695,6 +697,7 @@  modules-names = \
   tst-auditmod19b \
   tst-auditmod20 \
   tst-auditmod22 \
+  tst-auditmod23 \
   tst-auxvalmod \
   tst-big-note-lib \
   tst-deep1mod1 \
@@ -2136,6 +2139,10 @@  tst-audit20-ENV = LD_AUDIT=$(objpfx)tst-auditmod20.so
 $(objpfx)tst-audit22.out: $(objpfx)tst-auditmod22.so
 tst-audit22-ARGS = -- $(host-test-program-cmd)
 
+$(objpfx)tst-audit23.out: $(objpfx)tst-auditmod23.so \
+			  $(objpfx)tst-audit23mod.so
+tst-audit23-ARGS = -- $(host-test-program-cmd)
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \
diff --git a/elf/dl-fini.c b/elf/dl-fini.c
index de8eb1b3c9..030b1fcbcd 100644
--- a/elf/dl-fini.c
+++ b/elf/dl-fini.c
@@ -64,6 +64,10 @@  _dl_fini (void)
 	__rtld_lock_unlock_recursive (GL(dl_load_lock));
       else
 	{
+#ifdef SHARED
+	  _dl_audit_activity_nsid (ns, LA_ACT_DELETE);
+#endif
+
 	  /* Now we can allocate an array to hold all the pointers and
 	     copy the pointers in.  */
 	  struct link_map *maps[nloaded];
@@ -153,6 +157,10 @@  _dl_fini (void)
 	      /* Correct the previous increment.  */
 	      --l->l_direct_opencount;
 	    }
+
+#ifdef SHARED
+	  _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT);
+#endif
 	}
     }
 
diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c
new file mode 100644
index 0000000000..3eea322051
--- /dev/null
+++ b/elf/tst-audit23.c
@@ -0,0 +1,239 @@ 
+/* Check DT_AUDIT la_objopen and la_objclose for all objects.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <array_length.h>
+#include <errno.h>
+#include <getopt.h>
+#include <link.h>
+#include <limits.h>
+#include <inttypes.h>
+#include <gnu/lib-names.h>
+#include <string.h>
+#include <stdlib.h>
+#include <support/capture_subprocess.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+#include <support/xdlfcn.h>
+#include <support/support.h>
+
+static int restart;
+#define CMDLINE_OPTIONS \
+  { "restart", no_argument, &restart, 1 },
+
+static int
+handle_restart (void)
+{
+  xdlopen ("tst-audit23mod.so", RTLD_NOW);
+  xdlmopen (LM_ID_NEWLM, LIBC_SO, RTLD_NOW);
+
+  return 0;
+}
+
+static inline bool
+startswith (const char *str, const char *pre)
+{
+  size_t lenpre = strlen (pre);
+  size_t lenstr = strlen (str);
+  return lenstr >= lenpre && memcmp (pre, str, lenpre) == 0;
+}
+
+static inline bool
+is_vdso (const char *str)
+{
+  return startswith (str, "linux-gate")
+	 || startswith (str, "linux-vdso");
+}
+
+static int
+do_test (int argc, char *argv[])
+{
+  /* We must have either:
+     - One our fource parameters left if called initially:
+       + path to ld.so         optional
+       + "--library-path"      optional
+       + the library path      optional
+       + the application name  */
+  if (restart)
+    return handle_restart ();
+
+  char *spargv[9];
+  int i = 0;
+  for (; i < argc - 1; i++)
+    spargv[i] = argv[i + 1];
+  spargv[i++] = (char *) "--direct";
+  spargv[i++] = (char *) "--restart";
+  spargv[i] = NULL;
+  TEST_VERIFY_EXIT (i < array_length (spargv));
+
+  setenv ("LD_AUDIT", "tst-auditmod23.so", 0);
+  struct support_capture_subprocess result
+    = support_capture_subprogram (spargv[0], spargv);
+  support_capture_subprocess_check (&result, "tst-audit22", 0, sc_allow_stderr);
+
+  /* The expected la_objopen/la_objclose:
+     1. executable
+     2. loader
+     3. libc.so
+     4. tst-audit23mod.so
+     5. libc.so (LM_ID_NEWLM).
+     6. vdso (optional and ignored).  */
+  enum { max_objs = 6 };
+  struct la_obj_t
+  {
+    char *lname;
+    uintptr_t laddr;
+    Lmid_t lmid;
+    bool closed;
+  } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } };
+  size_t nobjs = 0;
+
+  /* The expected namespaces are one for the audit module, one for the
+     application, and another for the dlmopen on handle_restart.  */
+  enum { max_ns = 3 };
+  uintptr_t acts[max_ns] = { 0 };
+  size_t nacts = 0;
+  int last_act = -1;
+  uintptr_t last_act_cookie = -1;
+  bool seen_first_objclose = false;
+
+  FILE *out = fmemopen (result.err.buffer, result.err.length, "r");
+  TEST_VERIFY (out != NULL);
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  while (xgetline (&buffer, &buffer_length, out))
+    {
+      if (startswith (buffer, "la_activity: "))
+	{
+	  uintptr_t cookie;
+	  int this_act;
+	  int r = sscanf (buffer, "la_activity: %d %"SCNxPTR"", &this_act,
+			  &cookie);
+	  TEST_COMPARE (r, 2);
+
+	  /* The cookie identifies the object at the head of the link map,
+	     so we only add a new namespace if it changes from previous
+	     one.  This work since dlmopen is the last in the test body.  */
+	  if (cookie != last_act_cookie && last_act_cookie != -1)
+	    TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
+
+	  if (this_act == LA_ACT_ADD && acts[nacts] != cookie)
+	    {
+	      acts[nacts++] = cookie;
+	      last_act_cookie = cookie;
+	    }
+	  /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD
+	     at program termination (if the tests adds a dlclose or a library
+	     with extra dependencies this require to be adapted).  */
+	  else if (this_act == LA_ACT_DELETE)
+	    {
+	      last_act_cookie = acts[--nacts];
+	      TEST_COMPARE (acts[nacts], cookie);
+	      acts[nacts] = 0;
+	    }
+	  else if (this_act == LA_ACT_CONSISTENT)
+	    {
+	      TEST_COMPARE (cookie, last_act_cookie);
+
+	      /* LA_ACT_DELETE must always be followed by an la_objclose.  */
+	      if (last_act == LA_ACT_DELETE)
+		TEST_COMPARE (seen_first_objclose, true);
+	      else
+		TEST_COMPARE (last_act, LA_ACT_ADD);
+	    }
+
+	  last_act = this_act;
+	  seen_first_objclose = false;
+	}
+      else if (startswith (buffer, "la_objopen: "))
+	{
+	  char *lname;
+	  uintptr_t laddr;
+	  Lmid_t lmid;
+	  uintptr_t cookie;
+	  int r = sscanf (buffer, "la_objopen: %"SCNxPTR"  %ms %"SCNxPTR" %ld",
+			  &cookie, &lname, &laddr, &lmid);
+	  TEST_COMPARE (r, 4);
+
+	  /* la_objclose is not triggered by vDSO because glibc does not
+	     unload it.  */
+	  if (is_vdso (lname))
+	    continue;
+	  if (nobjs == max_objs)
+	    FAIL_EXIT1 ("non expected la_objopen: %s %"PRIxPTR" %ld",
+			lname, laddr, lmid);
+	  objs[nobjs].lname = lname;
+	  objs[nobjs].laddr = laddr;
+	  objs[nobjs].lmid = lmid;
+	  objs[nobjs].closed = false;
+	  nobjs++;
+
+	  /* This indirectly checks that la_objopen always come before
+	     la_objclose btween la_activity calls.  */
+	  seen_first_objclose = false;
+	}
+      else if (startswith (buffer, "la_objclose: "))
+	{
+	  char *lname;
+	  uintptr_t laddr;
+	  Lmid_t lmid;
+	  uintptr_t cookie;
+	  int r = sscanf (buffer, "la_objclose: %"SCNxPTR" %ms %"SCNxPTR" %ld",
+			  &cookie, &lname, &laddr, &lmid);
+	  TEST_COMPARE (r, 4);
+
+	  for (size_t i = 0; i < nobjs; i++)
+	    {
+	      if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid)
+		{
+		  TEST_COMPARE (objs[i].closed, false);
+		  objs[i].closed = true;
+		  break;
+		}
+	    }
+
+	  /* la_objclose should be called after la_activity(LA_ACT_DELETE) for
+	     the closed object's namespace.  */
+	  TEST_COMPARE (last_act, LA_ACT_DELETE);
+	  if (!seen_first_objclose)
+	    {
+	      TEST_COMPARE (last_act_cookie, cookie);
+	      seen_first_objclose = true;
+	    }
+	}
+    }
+
+  for (size_t i = 0; i < nobjs; i++)
+    {
+      TEST_COMPARE (objs[i].closed, true);
+      free (objs[i].lname);
+    }
+
+  /* la_activity(LA_ACT_CONSISTENT) should be the last callback received.
+     Since only one link map may be not-CONSISTENT at a time, this also
+     ensures la_activity(LA_ACT_CONSISTENT) is the last callback received
+     for every namespace.  */
+  TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
+
+  free (buffer);
+  xfclose (out);
+
+  return 0;
+}
+
+#define TEST_FUNCTION_ARGV do_test
+#include <support/test-driver.c>
diff --git a/elf/tst-audit23mod.c b/elf/tst-audit23mod.c
new file mode 100644
index 0000000000..9a116ff682
--- /dev/null
+++ b/elf/tst-audit23mod.c
@@ -0,0 +1,23 @@ 
+/* Extra modules for tst-audit23
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+int
+foo (void)
+{
+  return 0;
+}
diff --git a/elf/tst-auditmod23.c b/elf/tst-auditmod23.c
new file mode 100644
index 0000000000..42eccae11b
--- /dev/null
+++ b/elf/tst-auditmod23.c
@@ -0,0 +1,74 @@ 
+/* Audit modules loaded by tst-audit23.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/auxv.h>
+
+unsigned int
+la_version (unsigned int version)
+{
+  return LAV_CURRENT;
+}
+
+struct map_desc_t
+{
+  char *lname;
+  uintptr_t laddr;
+  Lmid_t lmid;
+};
+
+void
+la_activity (uintptr_t *cookie, unsigned int flag)
+{
+  fprintf (stderr, "%s: %d %"PRIxPTR"\n", __func__, flag, (uintptr_t) cookie);
+}
+
+unsigned int
+la_objopen (struct link_map *map, Lmid_t lmid, uintptr_t *cookie)
+{
+  const char *l_name = map->l_name[0] == '\0' ? "mainapp" : map->l_name;
+  fprintf (stderr, "%s: %"PRIxPTR" %s %"PRIxPTR" %ld\n", __func__,
+	   (uintptr_t) cookie, l_name, map->l_addr, lmid);
+
+  struct map_desc_t *map_desc = malloc (sizeof (struct map_desc_t));
+  if (map_desc == NULL)
+    abort ();
+
+  map_desc->lname = strdup (l_name);
+  map_desc->laddr = map->l_addr;
+  map_desc->lmid = lmid;
+
+  *cookie = (uintptr_t) map_desc;
+
+  return 0;
+}
+
+unsigned int
+la_objclose (uintptr_t *cookie)
+{
+  struct map_desc_t *map_desc = (struct map_desc_t *) *cookie;
+  fprintf (stderr, "%s: %"PRIxPTR" %s %"PRIxPTR" %ld\n", __func__,
+	   (uintptr_t) cookie, map_desc->lname, map_desc->laddr,
+	   map_desc->lmid);
+
+  return 0;
+}