mbox series

[RFC,v12,0/8] Implementation of RTLD_SHARED for dlmopen

Message ID 20210708163255.812-1-vivek@collabora.com
Headers show
Series Implementation of RTLD_SHARED for dlmopen | expand

Message

Vivek Das Mohapatra July 8, 2021, 4:32 p.m. UTC
This is a revision of a previous patchset that I posted here
regarding https://sourceware.org/bugzilla/show_bug.cgi?id=22745 

Introduction:

=======================================================================
  As discussed in the URL above dlmopen requires a mechanism for
  [optionally] sharing some objects between more than one namespace.

  The following patchset provides an implementation for this: If an
  object is loaded with the new RTLD_SHARED flag we instead ensure
  that a "master" copy exists (and is flagged as no-delete) in the
  main namespace and a thin wrapper or clone is placed in the target
  namespace.

  This patch series should address all the comments received on the
  earlier (v1-v10) series.

=======================================================================

Changes from v11:

 - If a DSO is required in a non-base namespace because it is mentioned
   in a DT_NEEDED entry and it is itself flagged DF_GNU_1_UNIQUE then
   a proxy is generated for it.

 - Relocations via non-base namespace proxies work reliably (some code
   paths did not do the address calculation relative to the DSO base
   correctly when a proxy was involved).

 - Tests extended cover the above two scenarios.

Changes from v10:

 - A segfault in a dlmopen error pathway (which does not seem to have existed
   when v10 was applied to the then-HEAD commit) has been fixed.

 - The fallback mechanism for adding DT_GNU_FLAGS_1 sections to the required
   binaries has had some infrastructure moved to the elf/ directory

 - The runstatedir setting introduced by recent autoconf has been omitted from
   the patchset as it is not relevant to this feature.

 - libpthread no longer tagged DT_GNU_FLAGS_1/DF_GNU_1_UNIQUE.
   (with both -z unique supporting linkers and if the .os hack is
   used to add the new flag - this was inconsistent before).

Not changed:

 - There is still some diagnostic info in the config.log when the linker
   layout is acceptable but -z unique is not yet supported. I believe this
   _is_ useful diagnostic information as a developer might otherwise wonder
   why the vanilla linker was being rejected when its layout output seemed
   fine.

I have not yet implemented, but plan to address once this series is
accepted/acceptable:

 - dl_iterate_ns_phdr (cf dl_iterate_phdr but taking a namespace argument)

 - Check RTLD_GLOBAL interacts properly and unsurprisingly with RTLD_SHARED.

Vivek Das Mohapatra (8):
  Define a new dynamic section tag - DT_GNU_FLAGS_1 (bug 22745)
  Abstract loaded-DSO search code into a helper function
  Use the new DSO finder helper function
  Add DT_GNU_FLAGS_1/DF_GNU_1_UNIQUE to glibc DSOs (bug 22745)
  Implement dlmopen RTLD_SHARED flag (bug 22745)
  Add dlmopen / RTLD_SHARED tests
  Restore separate libc loading for the TLS/namespace storage test
  Drop DT_GNU_FLAGS_1/DF_GNU_1_UNIQUE from the libpthread DSO

 Makeconfig                           |   3 +
 Makerules                            |  18 +-
 bits/dlfcn.h                         |  10 +
 config.make.in                       |   1 +
 configure                            |  42 +-
 configure.ac                         |  31 +-
 elf/Makefile                         | 109 +++-
 elf/dl-close.c                       |  43 +-
 elf/dl-deps.c                        |  17 +
 elf/dl-fini.c                        |   6 +-
 elf/dl-init.c                        |   4 +-
 elf/dl-load.c                        | 223 ++++++-
 elf/dl-lookup.c                      |  26 +-
 elf/dl-object.c                      |  78 +++
 elf/dl-open.c                        | 121 +++-
 elf/dl-sym.c                         |  14 +
 elf/dynamic-notes.c                  |   4 +
 elf/elf.h                            |   7 +-
 elf/get-dynamic-info.h               |  12 +
 elf/rtld.c                           |   2 +-
 elf/tst-dlmopen-auditmod.c           |  23 +
 elf/tst-dlmopen-common.h             |  33 +
 elf/tst-dlmopen-main.h               | 879 +++++++++++++++++++++++++++
 elf/tst-dlmopen-modules.h            |  21 +
 elf/tst-dlmopen-rtld-audit-shared1.c |   8 +
 elf/tst-dlmopen-rtld-audit-shared2.c |   8 +
 elf/tst-dlmopen-rtld-audit-shared3.c |   7 +
 elf/tst-dlmopen-rtld-audit-shared4.c |   8 +
 elf/tst-dlmopen-rtld-audit-shared5.c |   8 +
 elf/tst-dlmopen-rtld-audit-shared6.c |   8 +
 elf/tst-dlmopen-rtld-audit-unique1.c |   7 +
 elf/tst-dlmopen-rtld-audit-unique2.c |   7 +
 elf/tst-dlmopen-rtld-audit-unique3.c |   7 +
 elf/tst-dlmopen-rtld-audit-unique4.c |   7 +
 elf/tst-dlmopen-rtld-audit-unique5.c |   7 +
 elf/tst-dlmopen-rtld-audit-unique6.c |   7 +
 elf/tst-dlmopen-rtld-shared1.c       |   7 +
 elf/tst-dlmopen-rtld-shared1.h       |  64 ++
 elf/tst-dlmopen-rtld-shared2.c       |   7 +
 elf/tst-dlmopen-rtld-shared2.h       |  66 ++
 elf/tst-dlmopen-rtld-shared3.c       |   7 +
 elf/tst-dlmopen-rtld-shared3.h       |  43 ++
 elf/tst-dlmopen-rtld-shared4.c       |   7 +
 elf/tst-dlmopen-rtld-shared4.h       |  14 +
 elf/tst-dlmopen-rtld-shared5.c       |   7 +
 elf/tst-dlmopen-rtld-shared5.h       |  25 +
 elf/tst-dlmopen-rtld-shared6.c       |   7 +
 elf/tst-dlmopen-rtld-shared6.h       |  36 ++
 elf/tst-dlmopen-rtld-unique1.c       |   7 +
 elf/tst-dlmopen-rtld-unique1.h       |  86 +++
 elf/tst-dlmopen-rtld-unique2.c       |   7 +
 elf/tst-dlmopen-rtld-unique2.h       |  25 +
 elf/tst-dlmopen-rtld-unique3.c       |   7 +
 elf/tst-dlmopen-rtld-unique3.h       |  13 +
 elf/tst-dlmopen-rtld-unique4.c       |   7 +
 elf/tst-dlmopen-rtld-unique4.h       |  14 +
 elf/tst-dlmopen-rtld-unique5.c       |   7 +
 elf/tst-dlmopen-rtld-unique5.h       |  58 ++
 elf/tst-dlmopen-rtld-unique6.c       |   7 +
 elf/tst-dlmopen-rtld-unique6.h       |  51 ++
 elf/tst-dlmopen-sharedmod-norm.c     |  34 ++
 elf/tst-dlmopen-sharedmod-uniq.c     |  33 +
 elf/tst-dlmopen-std-do-test.c        |  12 +
 elf/tst-tls-ie-dlmopen.c             |   4 +-
 extra-lib.mk                         |   5 +
 htl/Makefile                         |   4 +
 iconvdata/Makefile                   |   3 +
 iconvdata/extra-module.mk            |   4 +
 include/elf.h                        |   2 +
 include/link.h                       |   7 +-
 nptl/Makefile                        |   8 +-
 sysdeps/generic/ldsodefs.h           |  11 +
 sysdeps/mips/bits/dlfcn.h            |  10 +
 73 files changed, 2455 insertions(+), 77 deletions(-)
 create mode 100644 elf/dynamic-notes.c
 create mode 100644 elf/tst-dlmopen-auditmod.c
 create mode 100644 elf/tst-dlmopen-common.h
 create mode 100644 elf/tst-dlmopen-main.h
 create mode 100644 elf/tst-dlmopen-modules.h
 create mode 100644 elf/tst-dlmopen-rtld-audit-shared1.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-shared2.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-shared3.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-shared4.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-shared5.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-shared6.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-unique1.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-unique2.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-unique3.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-unique4.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-unique5.c
 create mode 100644 elf/tst-dlmopen-rtld-audit-unique6.c
 create mode 100644 elf/tst-dlmopen-rtld-shared1.c
 create mode 100644 elf/tst-dlmopen-rtld-shared1.h
 create mode 100644 elf/tst-dlmopen-rtld-shared2.c
 create mode 100644 elf/tst-dlmopen-rtld-shared2.h
 create mode 100644 elf/tst-dlmopen-rtld-shared3.c
 create mode 100644 elf/tst-dlmopen-rtld-shared3.h
 create mode 100644 elf/tst-dlmopen-rtld-shared4.c
 create mode 100644 elf/tst-dlmopen-rtld-shared4.h
 create mode 100644 elf/tst-dlmopen-rtld-shared5.c
 create mode 100644 elf/tst-dlmopen-rtld-shared5.h
 create mode 100644 elf/tst-dlmopen-rtld-shared6.c
 create mode 100644 elf/tst-dlmopen-rtld-shared6.h
 create mode 100644 elf/tst-dlmopen-rtld-unique1.c
 create mode 100644 elf/tst-dlmopen-rtld-unique1.h
 create mode 100644 elf/tst-dlmopen-rtld-unique2.c
 create mode 100644 elf/tst-dlmopen-rtld-unique2.h
 create mode 100644 elf/tst-dlmopen-rtld-unique3.c
 create mode 100644 elf/tst-dlmopen-rtld-unique3.h
 create mode 100644 elf/tst-dlmopen-rtld-unique4.c
 create mode 100644 elf/tst-dlmopen-rtld-unique4.h
 create mode 100644 elf/tst-dlmopen-rtld-unique5.c
 create mode 100644 elf/tst-dlmopen-rtld-unique5.h
 create mode 100644 elf/tst-dlmopen-rtld-unique6.c
 create mode 100644 elf/tst-dlmopen-rtld-unique6.h
 create mode 100644 elf/tst-dlmopen-sharedmod-norm.c
 create mode 100644 elf/tst-dlmopen-sharedmod-uniq.c
 create mode 100644 elf/tst-dlmopen-std-do-test.c

Comments

Alfonso Alfonso Peterssen July 13, 2021, 1:08 p.m. UTC | #1
These patches + https://patchwork.sourceware.org/project/glibc/patch/20200626193228.1953-2-danielwa@cisco.com/ allow to spawn several isolated JVMs within the same process, each one with its own isolated set of native libraries, including the Linux graphical stack, something that wasn't possible before.

The JVM exercises MANY corner cases with its native libraries; we managed to run NetBeans, jEdit, MochaDoom, kotNES... (all graphical applications) inside isolated namespaces, something we've been struggling for years and finally we see some light.
This is a huge milestone, if such complex applications can run, most likely everything else will just work.
We look forward to integrating these patches to make dlmopen fully usable and bug-free.
Best,
Alfonso²
Adhemerval Zanella Aug. 9, 2021, 8:34 p.m. UTC | #2
On 08/07/2021 13:32, Vivek Das Mohapatra via Libc-alpha wrote:
> This is a revision of a previous patchset that I posted here
> regarding https://sourceware.org/bugzilla/show_bug.cgi?id=22745 
> 
> Introduction:
> 
> =======================================================================
>   As discussed in the URL above dlmopen requires a mechanism for
>   [optionally] sharing some objects between more than one namespace.
> 
>   The following patchset provides an implementation for this: If an
>   object is loaded with the new RTLD_SHARED flag we instead ensure
>   that a "master" copy exists (and is flagged as no-delete) in the
>   main namespace and a thin wrapper or clone is placed in the target
>   namespace.
> 
>   This patch series should address all the comments received on the
>   earlier (v1-v10) series.
> 
> =======================================================================
> 
> Changes from v11:
> 
>  - If a DSO is required in a non-base namespace because it is mentioned
>    in a DT_NEEDED entry and it is itself flagged DF_GNU_1_UNIQUE then
>    a proxy is generated for it.
> 
>  - Relocations via non-base namespace proxies work reliably (some code
>    paths did not do the address calculation relative to the DSO base
>    correctly when a proxy was involved).
> 
>  - Tests extended cover the above two scenarios.
> 
> Changes from v10:
> 
>  - A segfault in a dlmopen error pathway (which does not seem to have existed
>    when v10 was applied to the then-HEAD commit) has been fixed.
> 
>  - The fallback mechanism for adding DT_GNU_FLAGS_1 sections to the required
>    binaries has had some infrastructure moved to the elf/ directory
> 
>  - The runstatedir setting introduced by recent autoconf has been omitted from
>    the patchset as it is not relevant to this feature.
> 
>  - libpthread no longer tagged DT_GNU_FLAGS_1/DF_GNU_1_UNIQUE.
>    (with both -z unique supporting linkers and if the .os hack is
>    used to add the new flag - this was inconsistent before).
> 
> Not changed:
> 
>  - There is still some diagnostic info in the config.log when the linker
>    layout is acceptable but -z unique is not yet supported. I believe this
>    _is_ useful diagnostic information as a developer might otherwise wonder
>    why the vanilla linker was being rejected when its layout output seemed
>    fine.
> 
> I have not yet implemented, but plan to address once this series is
> accepted/acceptable:
> 
>  - dl_iterate_ns_phdr (cf dl_iterate_phdr but taking a namespace argument)
> 
>  - Check RTLD_GLOBAL interacts properly and unsurprisingly with RTLD_SHARED.

Hi Vivek, 

This patchset looks much better than before, I have added my comments on the
set. There are some spots that need rework, like some patches that should be
merged, some style fixes, and testcase; but in general I think we can move 
forward.

I have fixed all my remarks on a personal branch [1] and checked on both
x86_64-linux-gnu and i686-linux-gnu with binutils with and without DT_GNU_FLAGS_1 
support. If you are ok with my changes, please report the patches without the RFC 
so I can ack them and I will push them upstream.

Thanks for working on this.

[1] https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/azanella/rtld-shared