mbox series

[v3,00/20] Some rtld-audit fixes

Message ID 20210730194715.881900-1-adhemerval.zanella@linaro.org
Headers show
Series Some rtld-audit fixes | expand

Message

Adhemerval Zanella July 30, 2021, 7:46 p.m. UTC
This patchset fixes most of the rtld-audit issues brought by John
Mellor-Crummey [2] while trying to use it along with the HPCToolkit
tool.  This should cover all the issues listed as 'Tier 1' [3], modulo
the aarch64 SVE (which requires setting one if and how we would handle
it) and also most of the 'Tier2' issue (BZ#28096 inclusive) which
prevents the use of some glibc function that uses TLS internally on
the audit module.

The first patch is long-standing issue where the lazy resolution
trampolines are used even when the audit modules does not implement
the PLT or symbol binding callback.  The original patch from
Alexander Monakov is incomplete, since it also requires to take
la_symbind{32,64} in consideration.

The second patch add some tests to check if TLSDESC works along with
audit modules.

The third patch fixes an issue when a dlmopen failure in an audit
module callback trigger an assert.

The forth patch fixes another dlmopen failure when audit module
is used along with dlmopen.  This patch was proposed along with 
RTLD_SHARED support, so I added a regression test.

The fifth patch fixes an issue where the initial-exec TLS are reset
after the audit modules is already loader (thus clearing any state
that the library might update).

The 6th to 13th patches refactor the rtld audit code to move the
common definition on dl-audit.c.  It helps slight on code size and
simplifies the code required to subsequent fixes.

The 14th patch issues la_objopen() for vDSO (marked as tier2 issue).

The 15th patch adds the application name on link_map::l_name for
la_objopen().  Although is a semantic change, I think it is really
an improvement, since previously an empty string was returned requiring
additional code on the audit interface to obtain it.

The 16th patch add la_activity() calls on application exit, to keep
in sync with the la_objclose().

The 17th issue the la_symbind() for bind-now configutation (either
when application is linked with -Wl,-z,now or issued with LD_BIND_NOW).
It does not change the semantic regarding PLT tracking callbacks,
son patch 18th adds a new flag, LA_SYMB_BINDNOW, to indicate that
the la_symbind() callback return code will be ignored.

The 19th is a simple refactoring that move the LAV_CURRENT to its own
header, so aarch64 can overrides it.

The 20th and final patch is a respin of Ben Woodard's one [4], which
a small fix (a missing x8 restore after _dl_profile_fixup()), proper
tests for both the indirect return register and the Q registers, and
slight change ABI for lr_vreg.

I also pushed this patch on a personal branch [5].

There is also some point brough by John Melloc-Crummey documents that
I don't have a straighforward answer so I haven't added on this
patchset:

  1 la_activity(LA_ACT_ADD) is never called for auditor namespaces,
     even though la_objopen and la_activity(LA_ACT_CONSISTENT) are.

  There is no easy solution for this: we need at least to load the *first*
  auditor to actually issue the la_activity(LA_ACT_ADD).  It means that
  it would *only* work for subsequent audit modules, and adding this
  specific semantic is confusing and does not really improve things
  (it only helps when multiple audit modules are used).

  2. la_objopen is called for the main binary and for ld.so before the
     first la_activity(LA_ACT_ADD) call. This contradicts the pattern
     found in a successful dlopen (where la_activity(LA_ACT_ADD) precedes
     la_objopen).

  The constrain here is we need to handle DT_AUDIT and DT_DEPAUDIT dynamic
  tags, which means we need to first load the executable in memory to parse
  the required audit modules.  So we need to first parse the dynamic audit
  tags, load the audit modules, and then load the object itself.

  3. For non-PIE executables the base address listed in link_map->l_addr
     for the main application binary is 0, even though dladdr is able to
     recover the correct offset. La_objopen is affected by this.

  This would require to change an internal semantic for link_map::l_addr.
  This is not straighfoward and I am not sure about the direct gains.

I have checked the patches on x86_64-linux-gnu, i686-linux-gnu,
aarch64-linux-gnu, and armv7-linux-gnueabihf.  I plan to spin on some
other architectures as well.

[1] https://patchwork.sourceware.org/project/glibc/list/?series=2443
[2] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html
[3] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDna9gL5BWWI0/edit#
[4] https://sourceware.org/pipermail/libc-alpha/2020-September/117828.html
[5] https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/azanella/ld-audit-fixes

Changes from v2 [1]

  - Refactored rtld-audit code to move common come to dl-audit.c.
  - Issue audit la_objopen() for vDSO.
  - Isseu la_activity during application exit.
  - Issue la_symbind() for bind-now (BZ #23734).
  - Fix runtime linker auditing on aarch64 (BZ #26643)

Changes from v1 [1]

  - Fixed -fstack-protector-all tst-auditmod17.
  - Simplify the _dl_call_libc_early_init call the 'Fix audit
    regression' patch.
  - Remove symbind check fr BZ#15333.
  - Added the BZ#28096 fix.

Adhemerval Zanella (18):
  elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)
  elf: Add audit tests for modules with TLSDESC
  elf: Do not fail for failed dlopem on audit modules (BZ #28061)
  elf: Fix initial-exec TLS access on audit modules (BZ #28096)
  elf: Add _dl_audit_objopen
  elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid
  elf: Add _dl_audit_objsearch
  elf: Add _dl_audit_objclose
  elf: Add _dl_audit_symbind_alt and _dl_audit_symbind
  elf: Add _dl_audit_preinit
  elf: Add _dl_audit_pltenter
  elf: Add _dl_audit_pltexit
  elf: Issue audit la_objopen() for vDSO
  elf: Add main application on main_map l_name
  elf: Add la_activity during application exit
  elf: Issue la_symbind() for bind-now (BZ #23734)
  elf: Add LA_SYMB_BINDNOW
  elf: Move LAV_CURRENT to link_lavcurrent.h

Ben Woodard (1):
  elf: Fix runtime linker auditing on aarch64 (BZ #26643)

Vivek Das Mohapatra (1):
  elf: Suppress audit calls when a (new) namespace is empty (BZ #28062)

 NEWS                                      |   3 +
 bits/link_lavcurrent.h                    |  25 ++
 csu/libc-start.c                          |  23 +-
 dlfcn/Makefile                            |   4 +-
 dlfcn/tst-dladdr-self.c                   |  55 +++
 elf/Makefile                              | 127 ++++++-
 elf/Versions                              |   1 +
 elf/dl-addr.c                             |   5 -
 elf/dl-audit.c                            | 393 ++++++++++++++++++++++
 elf/dl-close.c                            |  74 +---
 elf/dl-dst.h                              |   2 +-
 elf/dl-fini.c                             |  25 +-
 elf/dl-init.c                             |   3 +-
 elf/dl-load.c                             | 112 ++----
 elf/dl-misc.c                             |   1 +
 elf/dl-object.c                           |  20 +-
 elf/dl-open.c                             |  22 +-
 elf/dl-reloc.c                            |  26 +-
 elf/dl-runtime.c                          | 244 ++------------
 elf/dl-sym-post.h                         |  47 +--
 elf/dl-tls.c                              |  16 +-
 elf/do-rel.h                              |  62 +++-
 elf/link.h                                |   7 +-
 elf/rtld.c                                |  81 +----
 elf/setup-vdso.h                          |   2 +-
 elf/tst-audit-tlsdesc-audit.c             |  23 ++
 elf/tst-audit-tlsdesc-dlopen.c            |  67 ++++
 elf/tst-audit-tlsdesc.c                   |  60 ++++
 elf/tst-audit18a.c                        |  39 +++
 elf/tst-audit18b.c                        |  94 ++++++
 elf/tst-audit18bmod.c                     |  23 ++
 elf/tst-audit18mod.c                      |  17 +
 elf/tst-audit19.c                         |  25 ++
 elf/tst-audit20.c                         | 129 +++++++
 elf/tst-audit20mod.c                      |  26 ++
 elf/tst-audit21.c                         |  42 +++
 elf/tst-audit22.c                         | 123 +++++++
 elf/tst-audit23.c                         | 161 +++++++++
 elf/tst-audit23mod.c                      |  23 ++
 elf/tst-audit24a.c                        |  36 ++
 elf/tst-audit24amod1.c                    |  31 ++
 elf/tst-audit24amod2.c                    |  25 ++
 elf/tst-audit24b.c                        |  37 ++
 elf/tst-audit24bmod1.c                    |  31 ++
 elf/tst-audit24bmod2.c                    |  23 ++
 elf/tst-audit24c.c                        |   2 +
 elf/tst-audit24d.c                        |  36 ++
 elf/tst-audit24dmod1.c                    |  33 ++
 elf/tst-audit24dmod2.c                    |  28 ++
 elf/tst-audit24dmod3.c                    |  31 ++
 elf/tst-audit24dmod4.c                    |  25 ++
 elf/tst-audit25a.c                        | 126 +++++++
 elf/tst-audit25b.c                        | 127 +++++++
 elf/tst-audit25mod1.c                     |  30 ++
 elf/tst-audit25mod2.c                     |  30 ++
 elf/tst-audit25mod3.c                     |  22 ++
 elf/tst-audit25mod4.c                     |  22 ++
 elf/tst-auditmod-tlsdesc1.c               |  41 +++
 elf/tst-auditmod-tlsdesc2.c               |  33 ++
 elf/tst-auditmod18a.c                     |  23 ++
 elf/tst-auditmod18b.c                     |  46 +++
 elf/tst-auditmod19.c                      |  57 ++++
 elf/tst-auditmod20.c                      |  73 ++++
 elf/tst-auditmod21.c                      |  69 ++++
 elf/tst-auditmod22.c                      |  65 ++++
 elf/tst-auditmod23.c                      |  78 +++++
 elf/tst-auditmod24a.c                     | 104 ++++++
 elf/tst-auditmod24b.c                     |  99 ++++++
 elf/tst-auditmod24c.c                     |   3 +
 elf/tst-auditmod24d.c                     | 114 +++++++
 elf/tst-auditmod25.c                      |  77 +++++
 gmon/gmon.c                               |  10 +-
 include/dlfcn.h                           |   1 +
 include/link.h                            |   4 +
 sysdeps/aarch64/Makefile                  |  20 ++
 sysdeps/aarch64/bits/link.h               |  24 +-
 sysdeps/aarch64/bits/link_lavcurrent.h    |  25 ++
 sysdeps/aarch64/dl-link.sym               |   4 +-
 sysdeps/aarch64/dl-trampoline.S           |  92 +++--
 sysdeps/aarch64/tst-audit26.c             |  37 ++
 sysdeps/aarch64/tst-audit26mod.c          |  33 ++
 sysdeps/aarch64/tst-audit26mod.h          |  50 +++
 sysdeps/aarch64/tst-audit27.c             |  64 ++++
 sysdeps/aarch64/tst-audit27mod.c          |  95 ++++++
 sysdeps/aarch64/tst-audit27mod.h          |  67 ++++
 sysdeps/aarch64/tst-auditmod26.c          |  93 +++++
 sysdeps/aarch64/tst-auditmod27.c          | 173 ++++++++++
 sysdeps/alpha/dl-trampoline.S             |   8 +-
 sysdeps/arm/dl-trampoline.S               |   2 +-
 sysdeps/generic/dl-fixup-attribute.h      |  24 ++
 sysdeps/generic/ldsodefs.h                |  50 +++
 sysdeps/hppa/dl-runtime.c                 |   2 +-
 sysdeps/hppa/dl-trampoline.S              |   6 +-
 sysdeps/i386/dl-fixup-attribute.h         |  30 ++
 sysdeps/i386/dl-machine.h                 |  23 --
 sysdeps/i386/dl-trampoline.S              |   2 +-
 sysdeps/ia64/dl-trampoline.S              |  16 +-
 sysdeps/m68k/dl-trampoline.S              |   2 +-
 sysdeps/powerpc/powerpc64/dl-trampoline.S |   4 +-
 sysdeps/s390/s390-32/dl-trampoline.h      |   4 +-
 sysdeps/s390/s390-64/dl-trampoline.h      |   2 +-
 sysdeps/sh/dl-trampoline.S                |   4 +-
 sysdeps/sparc/sparc32/dl-trampoline.S     |   2 +-
 sysdeps/sparc/sparc64/dl-trampoline.S     |   2 +-
 sysdeps/x86_64/dl-runtime.h               |   2 +-
 sysdeps/x86_64/dl-trampoline.h            |   6 +-
 106 files changed, 4108 insertions(+), 684 deletions(-)
 create mode 100644 bits/link_lavcurrent.h
 create mode 100644 dlfcn/tst-dladdr-self.c
 create mode 100644 elf/dl-audit.c
 create mode 100644 elf/tst-audit-tlsdesc-audit.c
 create mode 100644 elf/tst-audit-tlsdesc-dlopen.c
 create mode 100644 elf/tst-audit-tlsdesc.c
 create mode 100644 elf/tst-audit18a.c
 create mode 100644 elf/tst-audit18b.c
 create mode 100644 elf/tst-audit18bmod.c
 create mode 100644 elf/tst-audit18mod.c
 create mode 100644 elf/tst-audit19.c
 create mode 100644 elf/tst-audit20.c
 create mode 100644 elf/tst-audit20mod.c
 create mode 100644 elf/tst-audit21.c
 create mode 100644 elf/tst-audit22.c
 create mode 100644 elf/tst-audit23.c
 create mode 100644 elf/tst-audit23mod.c
 create mode 100644 elf/tst-audit24a.c
 create mode 100644 elf/tst-audit24amod1.c
 create mode 100644 elf/tst-audit24amod2.c
 create mode 100644 elf/tst-audit24b.c
 create mode 100644 elf/tst-audit24bmod1.c
 create mode 100644 elf/tst-audit24bmod2.c
 create mode 100644 elf/tst-audit24c.c
 create mode 100644 elf/tst-audit24d.c
 create mode 100644 elf/tst-audit24dmod1.c
 create mode 100644 elf/tst-audit24dmod2.c
 create mode 100644 elf/tst-audit24dmod3.c
 create mode 100644 elf/tst-audit24dmod4.c
 create mode 100644 elf/tst-audit25a.c
 create mode 100644 elf/tst-audit25b.c
 create mode 100644 elf/tst-audit25mod1.c
 create mode 100644 elf/tst-audit25mod2.c
 create mode 100644 elf/tst-audit25mod3.c
 create mode 100644 elf/tst-audit25mod4.c
 create mode 100644 elf/tst-auditmod-tlsdesc1.c
 create mode 100644 elf/tst-auditmod-tlsdesc2.c
 create mode 100644 elf/tst-auditmod18a.c
 create mode 100644 elf/tst-auditmod18b.c
 create mode 100644 elf/tst-auditmod19.c
 create mode 100644 elf/tst-auditmod20.c
 create mode 100644 elf/tst-auditmod21.c
 create mode 100644 elf/tst-auditmod22.c
 create mode 100644 elf/tst-auditmod23.c
 create mode 100644 elf/tst-auditmod24a.c
 create mode 100644 elf/tst-auditmod24b.c
 create mode 100644 elf/tst-auditmod24c.c
 create mode 100644 elf/tst-auditmod24d.c
 create mode 100644 elf/tst-auditmod25.c
 create mode 100644 sysdeps/aarch64/bits/link_lavcurrent.h
 create mode 100644 sysdeps/aarch64/tst-audit26.c
 create mode 100644 sysdeps/aarch64/tst-audit26mod.c
 create mode 100644 sysdeps/aarch64/tst-audit26mod.h
 create mode 100644 sysdeps/aarch64/tst-audit27.c
 create mode 100644 sysdeps/aarch64/tst-audit27mod.c
 create mode 100644 sysdeps/aarch64/tst-audit27mod.h
 create mode 100644 sysdeps/aarch64/tst-auditmod26.c
 create mode 100644 sysdeps/aarch64/tst-auditmod27.c
 create mode 100644 sysdeps/generic/dl-fixup-attribute.h
 create mode 100644 sysdeps/i386/dl-fixup-attribute.h