From patchwork Mon Jan 3 12:53:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 49467 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B73B63858421 for ; Mon, 3 Jan 2022 12:55:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B73B63858421 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1641214511; bh=bxd+EsHYMjfEgTVE2namKYl46zsJCHdnqgKn1GDucYU=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=An5DDNy1gooFModjy+T5w2ry/DQgVPt6+bL3TxANzG6HZA8ieJwfcMJGXxRb5f2hX pscKVqR580LvFRf2rzV9rP/rLXKYWdJ4tYXiml2wPR1O2flkzPVGRP583KUuHpIc1E m4cA7+jhoirEVbzi5EzYuLzpe/HdoGY/JFA16HkQ= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) by sourceware.org (Postfix) with ESMTPS id 88AF83858411 for ; Mon, 3 Jan 2022 12:53:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 88AF83858411 Received: by mail-qk1-x731.google.com with SMTP id 202so27432321qkg.13 for ; Mon, 03 Jan 2022 04:53:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bxd+EsHYMjfEgTVE2namKYl46zsJCHdnqgKn1GDucYU=; b=o5Zm8rEKXI0Rdv1hgcQN9h1BoxVF65HeqMyh0pikIp97NtK0YzlbJg/d9SySpBzHJ9 Qy2R/IhbOLv1rgnpEIxrIEX96OINp0gN7rr0FMxrQvse2NeRoeAxIaKW2d73zMQWkHLc 2+xW9iSc5/niDee8CHnnfF/IK5wrb/XqnuJ96Cykc+5T1ClgG3OQde3+0eF4yIAEbnKy bSTpz6v25mWSUMn5U1aqkKG3iMd3QqsKeNz8f4X0e3QX6WD9shfzdmWMt8UYkk48jRNG sWkOicXASz1eVC8YmsTynzTJ1X0d3OCzct0UL/bPzhGNWJ7ay0DLSdILhui7WjnchKlQ AyRg== X-Gm-Message-State: AOAM533KoxBJyrHuW4QXG3iergnTZGYL1cTh6LJWgd+cSdqhk0x0+fZF Kyo7qalvjMEK9opOTkvTHzugusUfw1UJuQ== X-Google-Smtp-Source: ABdhPJxaQCfPfzH12crvhE+N8A/NBMUv806tdG5xPkKUG2sQOn4edx+Qht1Zy3vpEN+caDXAE89EOA== X-Received: by 2002:a05:620a:2550:: with SMTP id s16mr31242405qko.275.1641214393901; Mon, 03 Jan 2022 04:53:13 -0800 (PST) Received: from birita.. ([2804:431:c7ca:a350:6969:50a8:eab8:8f2f]) by smtp.gmail.com with ESMTPSA id c8sm28921141qkp.8.2022.01.03.04.53.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jan 2022 04:53:13 -0800 (PST) To: libc-alpha@sourceware.org, jma14 Subject: [PATCH v9 2/4] elf: Fix initial-exec TLS access on audit modules (BZ #28096) Date: Mon, 3 Jan 2022 09:53:04 -0300 Message-Id: <20220103125306.4151129-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220103125306.4151129-1-adhemerval.zanella@linaro.org> References: <20220103125306.4151129-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Adhemerval Zanella via Libc-alpha From: Adhemerval Zanella Reply-To: Adhemerval Zanella Cc: John Mellor-Crummey Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" For audit modules and dependencies with initial-exec TLS, we can not set the initial TLS image on default loader initialization because it would already be set by the audit setup. However, subsequent thread creation would need to follow the default behaviour. This patch fixes it by setting l_auditing link_map field not only for the audit modules, but also for all its dependencies. This is used on _dl_allocate_tls_init to avoid the static TLS initialization only at loading time. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. --- elf/Makefile | 8 ++++ elf/dl-load.c | 3 ++ elf/dl-tls.c | 13 +++++-- elf/rtld.c | 5 +-- elf/tst-audit21.c | 42 ++++++++++++++++++++ elf/tst-auditmod21a.c | 80 ++++++++++++++++++++++++++++++++++++++ elf/tst-auditmod21b.c | 22 +++++++++++ nptl/allocatestack.c | 2 +- sysdeps/generic/ldsodefs.h | 2 +- 9 files changed, 168 insertions(+), 9 deletions(-) create mode 100644 elf/tst-audit21.c create mode 100644 elf/tst-auditmod21a.c create mode 100644 elf/tst-auditmod21b.c diff --git a/elf/Makefile b/elf/Makefile index d486be67d8..4f9a9f3c8e 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -239,6 +239,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \ tst-audit18 \ tst-audit19b \ tst-audit20 \ + tst-audit21 \ tst-audit22 \ tst-audit23 \ # reldep9 @@ -392,6 +393,8 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \ tst-auditmod19b \ tst-audit19bmod \ tst-auditmod20 \ + tst-auditmod21a \ + tst-auditmod21b \ tst-auditmod22 \ tst-auditmod23 \ tst-audit23mod \ @@ -1619,6 +1622,11 @@ tst-audit19b-ARGS = -- $(host-test-program-cmd) $(objpfx)tst-audit20.out: $(objpfx)tst-auditmod20.so tst-audit20-ENV = LD_AUDIT=$(objpfx)tst-auditmod20.so +$(objpfx)tst-audit21: $(shared-thread-library) +$(objpfx)tst-audit21.out: $(objpfx)tst-auditmod21a.so +$(objpfx)tst-auditmod21a.so: $(objpfx)tst-auditmod21b.so +tst-audit21-ENV = LD_AUDIT=$(objpfx)tst-auditmod21a.so + $(objpfx)tst-audit22.out: $(objpfx)tst-auditmod22.so tst-audit22-ARGS = -- $(host-test-program-cmd) diff --git a/elf/dl-load.c b/elf/dl-load.c index ddc4295ef5..0aed95cbb6 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1502,6 +1502,9 @@ cannot enable executable stack as shared object requires"); /* Auditing checkpoint: we have a new object. */ if (!GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing) _dl_audit_objopen (l, nsid); + + if ((mode & __RTLD_AUDIT)) + l->l_auditing = 1; #endif return l; diff --git a/elf/dl-tls.c b/elf/dl-tls.c index 8ba70c9a9d..8ed91ff599 100644 --- a/elf/dl-tls.c +++ b/elf/dl-tls.c @@ -520,7 +520,7 @@ _dl_resize_dtv (dtv_t *dtv, size_t max_modid) void * -_dl_allocate_tls_init (void *result) +_dl_allocate_tls_init (void *result, bool init_tls) { if (result == NULL) /* The memory allocation failed. */ @@ -593,7 +593,14 @@ _dl_allocate_tls_init (void *result) some platforms use in static programs requires it. */ dtv[map->l_tls_modid].pointer.val = dest; - /* Copy the initialization image and clear the BSS part. */ + /* Copy the initialization image and clear the BSS part. For + audit modules or depedencies with initial-exec TLS, we can not + set the initial TLS image on default loader initialization + because it would already be set by the audit setup. However, + subsequent thread creation would need to follow the default + behaviour. */ + if (__glibc_unlikely (map->l_auditing && !init_tls)) + continue; memset (__mempcpy (dest, map->l_tls_initimage, map->l_tls_initimage_size), '\0', map->l_tls_blocksize - map->l_tls_initimage_size); @@ -620,7 +627,7 @@ _dl_allocate_tls (void *mem) { return _dl_allocate_tls_init (mem == NULL ? _dl_allocate_tls_storage () - : allocate_dtv (mem)); + : allocate_dtv (mem), true); } rtld_hidden_def (_dl_allocate_tls) diff --git a/elf/rtld.c b/elf/rtld.c index 24e48bf3fa..75583db2f2 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1059,9 +1059,6 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d); = (intptr_t) &GL (dl_rtld_map); ++GLRO(dl_naudit); - - /* Mark the DSO as being used for auditing. */ - dlmargs.map->l_auditing = 1; } /* Load all audit modules. */ @@ -2427,7 +2424,7 @@ dl_main (const ElfW(Phdr) *phdr, into the main thread's TLS area, which we allocated above. Note: thread-local variables must only be accessed after completing the next step. */ - _dl_allocate_tls_init (tcbp); + _dl_allocate_tls_init (tcbp, false); /* And finally install it for the main thread. */ if (! tls_init_tp_called) diff --git a/elf/tst-audit21.c b/elf/tst-audit21.c new file mode 100644 index 0000000000..307cb6fc3b --- /dev/null +++ b/elf/tst-audit21.c @@ -0,0 +1,42 @@ +/* Check DT_AUDIT with static TLS. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +static volatile __thread int out __attribute__ ((tls_model ("initial-exec"))); + +static void * +tf (void *arg) +{ + TEST_COMPARE (out, 0); + out = isspace (' '); + return NULL; +} + +int main (int argc, char *argv[]) +{ + TEST_COMPARE (out, 0); + out = isspace (' '); + + pthread_t t = xpthread_create (NULL, tf, NULL); + xpthread_join (t); + + return 0; +} diff --git a/elf/tst-auditmod21a.c b/elf/tst-auditmod21a.c new file mode 100644 index 0000000000..f00470e105 --- /dev/null +++ b/elf/tst-auditmod21a.c @@ -0,0 +1,80 @@ +/* Check DT_AUDIT with static TLS. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +#define tls_ie __attribute__ ((tls_model ("initial-exec"))) + +__thread int tls_var0 tls_ie; +__thread int tls_var1 tls_ie = 0x10; + +/* Defined at tst-auditmod21b.so */ +extern __thread int tls_var2; +extern __thread int tls_var3; + +static volatile int out; + +static void +call_libc (void) +{ + /* isspace access the initial-exec glibc TLS variables, which are + setup in glibc initialization. */ + out = isspace (' '); +} + +unsigned int +la_version (unsigned int v) +{ + tls_var0 = 0x1; + if (tls_var1 != 0x10) + abort (); + tls_var1 = 0x20; + + tls_var2 = 0x2; + if (tls_var3 != 0x20) + abort (); + tls_var3 = 0x40; + + call_libc (); + + return LAV_CURRENT; +} + +unsigned int +la_objopen (struct link_map* map, Lmid_t lmid, uintptr_t* cookie) +{ + call_libc (); + *cookie = (uintptr_t) map; + return 0; +} + +void +la_activity (uintptr_t* cookie, unsigned int flag) +{ + if (tls_var0 != 0x1 || tls_var1 != 0x20) + abort (); + call_libc (); +} + +void +la_preinit (uintptr_t* cookie) +{ + call_libc (); +} diff --git a/elf/tst-auditmod21b.c b/elf/tst-auditmod21b.c new file mode 100644 index 0000000000..550f858b1d --- /dev/null +++ b/elf/tst-auditmod21b.c @@ -0,0 +1,22 @@ +/* Check DT_AUDIT with static TLS. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#define tls_ie __attribute__ ((tls_model ("initial-exec"))) + +__thread int tls_var2 tls_ie; +__thread int tls_var3 tls_ie = 0x20; diff --git a/nptl/allocatestack.c b/nptl/allocatestack.c index 3fb085f9a1..34a33164ff 100644 --- a/nptl/allocatestack.c +++ b/nptl/allocatestack.c @@ -138,7 +138,7 @@ get_cached_stack (size_t *sizep, void **memp) memset (dtv, '\0', (dtv[-1].counter + 1) * sizeof (dtv_t)); /* Re-initialize the TLS. */ - _dl_allocate_tls_init (TLS_TPADJ (result)); + _dl_allocate_tls_init (TLS_TPADJ (result), true); return result; } diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index f6b2b415a6..97061bdf9f 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1282,7 +1282,7 @@ extern void _dl_allocate_static_tls (struct link_map *map) attribute_hidden; /* These are internal entry points to the two halves of _dl_allocate_tls, only used within rtld.c itself at startup time. */ extern void *_dl_allocate_tls_storage (void) attribute_hidden; -extern void *_dl_allocate_tls_init (void *); +extern void *_dl_allocate_tls_init (void *, bool); rtld_hidden_proto (_dl_allocate_tls_init) /* Deallocate memory allocated with _dl_allocate_tls. */