[RFC,v8,15/20] Suppress audit calls when a (new) namespace is empty
Commit Message
When preparing an RTLD_SHARED proxy in a new namespace
it is possible for the target namespace to be empty:
This can happen for RTLD_SHARED + LM_ID_NEWLM.
The audit infrastructure should not be invoked at this
point (as there's nothing there to audit yet).
---
elf/dl-load.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
Comments
On 09/02/2021 14:18, Vivek Das Mohapatra via Libc-alpha wrote:
> When preparing an RTLD_SHARED proxy in a new namespace
> it is possible for the target namespace to be empty:
>
> This can happen for RTLD_SHARED + LM_ID_NEWLM.
>
> The audit infrastructure should not be invoked at this
> point (as there's nothing there to audit yet).
> ---
> elf/dl-load.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/elf/dl-load.c b/elf/dl-load.c
> index 13879af82c..4e8e7ca031 100644
> --- a/elf/dl-load.c
> +++ b/elf/dl-load.c
> @@ -1127,8 +1127,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
> && __glibc_unlikely (GLRO(dl_naudit) > 0))
> {
> struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
> - /* Do not call the functions for any auditing object. */
> - if (head->l_auditing == 0)
> + /* Do not call the functions for any auditing object.
> + Do not try to call auditing functions if the namespace
> + is currently empty. This can hapen when opening the first
> + DSO in a new namespace. */
> + if (head && head->l_auditing == 0)
No implicit checks.
> {
> struct audit_ifaces *afct = GLRO(dl_audit);
> for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
>
@@ -1127,8 +1127,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
&& __glibc_unlikely (GLRO(dl_naudit) > 0))
{
struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
- /* Do not call the functions for any auditing object. */
- if (head->l_auditing == 0)
+ /* Do not call the functions for any auditing object.
+ Do not try to call auditing functions if the namespace
+ is currently empty. This can hapen when opening the first
+ DSO in a new namespace. */
+ if (head && head->l_auditing == 0)
{
struct audit_ifaces *afct = GLRO(dl_audit);
for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)