From patchwork Wed Jul 8 10:58:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 39958 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 881E13861038; Wed, 8 Jul 2020 10:59:22 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2061.outbound.protection.outlook.com [40.107.22.61]) by sourceware.org (Postfix) with ESMTPS id 925163861024 for ; Wed, 8 Jul 2020 10:59:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 925163861024 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ER/Ch2KeT8PqwbnI0oHvkc7sIqx6hDiqon3sxnfJETo=; b=DaWIK+qp9rKtSF4AiXCQRT2b+AmoqozSvZjIcIZOdD9pi+Cu0T7bweKTp9QGnB3tH8kv/uSauTt3hHWD10MiV72bfR8ijwjZaOvWGr1X/tVm5HyyBzIXAjogMbrV0TmqpK4GTW31wmnLx5yVV4LXCEbn5GdPPFfCN5fSn/PEiiE= Received: from DB3PR08CA0012.eurprd08.prod.outlook.com (2603:10a6:8::25) by VI1PR08MB3102.eurprd08.prod.outlook.com (2603:10a6:803:3e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.23; Wed, 8 Jul 2020 10:59:17 +0000 Received: from DB5EUR03FT021.eop-EUR03.prod.protection.outlook.com (2603:10a6:8:0:cafe::55) by DB3PR08CA0012.outlook.office365.com (2603:10a6:8::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend Transport; Wed, 8 Jul 2020 10:59:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT021.mail.protection.outlook.com (10.152.20.238) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend Transport; Wed, 8 Jul 2020 10:59:17 +0000 Received: ("Tessian outbound f7489b7e84a7:v62"); Wed, 08 Jul 2020 10:59:17 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: a5995aadc46bcc77 X-CR-MTA-TID: 64aa7808 Received: from eb487acc9a5d.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 37407115-2534-4FE4-8800-1D64770B4844.1; Wed, 08 Jul 2020 10:59:12 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id eb487acc9a5d.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 08 Jul 2020 10:59:12 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q6S6eDMFNWU+clvYP8fj6KgLhPA67MfWmadliU7TicV0F4PSxgslquzBi/raDxzrm0wl4g84RvouPCL1602yAcO0Hwukjq/cSp41jshkoeCkRTsJS4VqiF/sRmH3DCkzKVELAbcaiDkrjwqvD8u8CIowbJF5tJNOh9BttovJyBYH0goXwcWIlHFtjWgzILvs62F3uBHckQUqDyE8yOI/uavZAsZlCOXsWfp41dsmV8BRoD0jJmQten//JaojltpESiJFGjOn6Ff9+pYbs+reDKQUN531zenFOR/jKJqS+aWv4KeLr2OvztjUZneMsw5v6yU0YHUNUE0YdmCF4Qc1MQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ER/Ch2KeT8PqwbnI0oHvkc7sIqx6hDiqon3sxnfJETo=; b=HmN3uqv2fZ1xS5EQ2QPREF1ZKgo6r37C4/XXiavHEERxtIrR+uqOlpD4y+jWoYwugCRUgh9y35Dz7MV0XvtrxJdrQ7SsjdBeMLZFzDSr0QptFv3Ok2GX+y+STjOIOdlVNMSqJLhT3DvtEXRXsHn5gXgoIAh05tWYeo5loDR7BcuD2gOeyfRmpXC2sOKVO6fCcNTalmKHMUwvFORIkVMG3UWuoUUku0/vTm4FLjRkchJBUWEhbpPejv58gMWl+auVtj2LwrmU/M77kXluERlDXInVkF2iD/dzBato3IRT+xeAX5rEKX5rK7kj7/hjUS4vBE+mjJ3a0rgkKXuWk9kEAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ER/Ch2KeT8PqwbnI0oHvkc7sIqx6hDiqon3sxnfJETo=; b=DaWIK+qp9rKtSF4AiXCQRT2b+AmoqozSvZjIcIZOdD9pi+Cu0T7bweKTp9QGnB3tH8kv/uSauTt3hHWD10MiV72bfR8ijwjZaOvWGr1X/tVm5HyyBzIXAjogMbrV0TmqpK4GTW31wmnLx5yVV4LXCEbn5GdPPFfCN5fSn/PEiiE= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB4133.eurprd08.prod.outlook.com (2603:10a6:20b:ab::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.27; Wed, 8 Jul 2020 10:59:10 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3153.031; Wed, 8 Jul 2020 10:59:10 +0000 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: [PATCH v6 2/3] rtld: Account static TLS surplus for audit modules Date: Wed, 8 Jul 2020 11:58:58 +0100 Message-Id: <3ca44e2df9025ecaf28d89553e9eefbc8ee07e8e.1594205502.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0201CA0029.namprd02.prod.outlook.com (2603:10b6:803:2e::15) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.53) by SN4PR0201CA0029.namprd02.prod.outlook.com (2603:10b6:803:2e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend Transport; Wed, 8 Jul 2020 10:59:09 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.53] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2ab19850-b2cb-4ece-1a49-08d8232df59e X-MS-TrafficTypeDiagnostic: AM6PR08MB4133:|VI1PR08MB3102: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:357;OLM:357; X-Forefront-PRVS: 04583CED1A X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: L/m/IkWnEsHWVRyJwxYwqnP+3Q3B2V77kcIoCdlNNHkPKUx4TZQZ6TheXSc9DmUvQyNIPd1vz8VQYyTjAnYdnZ6LMoElWMxxxuhdQZnX0ul1qckcBmwCJKbnQ7c4BLk62xJASaFI7wCz425TuK4DOa1KKThnhTLetylRXEmn34x0FmmXrML14woYu7m6JRANTUi69hzu4MWodabgKrbAvb9p/nXlWibCdN0lCrYLgwjqbmwYenR2VjhIRG7zLI7eimDtKXR8aTo3seWk4+MA67AE8O0iUvVFtOeQn+pIZM8gE6XHKbqyK/M74XpJQWQM1U61xY0Pi/vgHE7YCfkNsNXxuM09eQGhOgUz5QceaAht1t5f77UjnFfrIVSQ1HTTkRvF0gZKpi+wATnVmrew1pE15ST00sE+A66DKY3QgY8= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(366004)(136003)(396003)(376002)(36756003)(316002)(6506007)(52116002)(6916009)(86362001)(6512007)(66946007)(66476007)(66556008)(6666004)(83380400001)(6486002)(44832011)(956004)(2616005)(2906002)(15650500001)(69590400007)(26005)(5660300002)(16526019)(186003)(8936002)(8676002)(478600001)(136400200001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: PgSVRJqyZuJjqEUYHHcjSWpTlarxbGyIApj2f/0eThC1IEqO1m7T2T+oUzqLr7fdKh9B6GtG6lW4/b/fK053cXYyyN0vQ8FLb+BsQoXis1oFg42K1ihj5YWvQxaEhHR5knoHgK0DaTUIZDaC7Dw7F26LIo4SSWRPluyZfKPcwgZJCeXUELE8WX6bVzxPCRVPgegXbRkuWKmMsJRw8ULWKXKhFHvCstXf2pl3C+UazD9RQNcRNG9BNc/fuuhFxOkINOWb27x4TL2LD7FQT7NDgtkwXfjxqjZj5TJbOD2hcF8nUWnDhORiSv6/axe+o1Ye0gLstkdEU/P0vCZRE1l5D5lgQy7aaf7MbynOSVl5EDXpeLKttvpAZ961aMsmnzpRYeNcQdiUspiC/JNCzCUvutjueJyhg91rNImqm0W9Yuc+aGpRj4eoE7Ks00fnEry23jKwTM5XbH/Vpl2KwQ3sbDW0oTPGrGPpCTUjK70Rd8hW7kXycqGvEVMVq2oTcTVs X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4133 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT021.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(376002)(39860400002)(346002)(136003)(396003)(46966005)(15650500001)(336012)(478600001)(956004)(2616005)(44832011)(5660300002)(6486002)(83380400001)(82310400002)(6512007)(6666004)(2906002)(86362001)(356005)(8676002)(8936002)(316002)(6916009)(81166007)(69590400007)(70586007)(70206006)(36756003)(47076004)(82740400003)(26005)(6506007)(16526019)(186003)(136400200001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: b345cc46-2e46-4da7-a87b-08d8232df122 X-Forefront-PRVS: 04583CED1A X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sfo9zOK0IUhD6RP9nuK3+M6+RnFIXtX0oHc8f1GWaZQzG2BXsoMmD40/xeccP0A00LPyxUrIoiT7RnrhcOdzB6GhaiIXXegSNz3Cn8zAnPjDyLtOsR+Hb/tIW7iUlGE1JyDKUfonyz1yPMJYacxR/lolXfucc0dGWlVCGsCQVrR0GSAalt385KIXpA4yvGDlN3kJwl+jLWjQ91XgwtXPilwQan0CbMi2krmQEuR9d96WmpeWMw2sBhXHZYW9NgcKx8GISBqO3ofOaEF5GNXMAe1CrJ72yGLUiUMlQsWaEzqErlKOQp2L/CoglcG9CgWhnDYE7ntKlFfdsWj248Y8gzHL4HzYPCEkJYS29sJjVk+7mWV7orOj0ocVN11HFk/hw0TGmofMsazqnrZe2mNLEwm/pfOvE/EGMQ0ni3DMLF4IXIBoOe+lIjYugIC16NBmkfLkkYGmpUe4ZYo/up7PJw== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2020 10:59:17.4030 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2ab19850-b2cb-4ece-1a49-08d8232df59e X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT021.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3102 X-Spam-Status: No, score=-16.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" The new static TLS surplus size computation is surplus_tls = 192 * (nns-1) + 144 * nns + 512 where nns is controlled via the rtld.nns tunable. This commit accounts audit modules too so nns = rtld.nns + audit modules. rtld.nns should only include the namespaces required by the application, namespaces for audit modules are accounted on top of that so audit modules don't use up the static TLS that is reserved for the application. This allows loading many audit modules without tuning rtld.nns or using up static TLS, and it fixes FAIL: elf/tst-auditmany Note that DL_NNS is currently a hard upper limit for nns, and if rtld.nns + audit modules go over the limit that's a fatal error. By default rtld.nns is 4 which allows 12 audit modules. Counting the audit modules is based on existing audit string parsing code, we cannot use GLRO(dl_naudit) before the modules are actually loaded. --- csu/libc-tls.c | 4 ++-- elf/dl-tls.c | 15 +++++++++++++-- elf/rtld.c | 31 +++++++++++++++++++++++++++---- sysdeps/generic/ldsodefs.h | 5 +++-- 4 files changed, 45 insertions(+), 10 deletions(-) diff --git a/csu/libc-tls.c b/csu/libc-tls.c index e2603157e8..a67cc1dd4f 100644 --- a/csu/libc-tls.c +++ b/csu/libc-tls.c @@ -126,8 +126,8 @@ __libc_setup_tls (void) break; } - /* Calculate the size of the static TLS surplus. */ - _dl_tls_static_surplus_init (); + /* Calculate the size of the static TLS surplus, with 0 auditors. */ + _dl_tls_static_surplus_init (0); /* We have to set up the TCB block which also (possibly) contains 'errno'. Therefore we avoid 'malloc' which might touch 'errno'. diff --git a/elf/dl-tls.c b/elf/dl-tls.c index 924ee5d989..4e7b10edd8 100644 --- a/elf/dl-tls.c +++ b/elf/dl-tls.c @@ -49,7 +49,10 @@ that affects the size of the static TLS and by default it's small enough not to cause problems with existing applications. The limit is not enforced or checked: it is the user's responsibility to increase rtld.nns - if more dlmopen namespaces are used. */ + if more dlmopen namespaces are used. + + Audit modules use their own namespaces, they are not included in rtld.nns, + but come on top when computing the number of namespaces. */ /* Size of initial-exec TLS in libc.so. */ #define LIBC_IE_TLS 192 @@ -60,8 +63,11 @@ /* Size of additional surplus TLS, placeholder for TLS optimizations. */ #define OPT_SURPLUS_TLS 512 +/* Calculate the size of the static TLS surplus, when the given + number of audit modules are loaded. Must be called after the + number of audit modules is known and before static TLS allocation. */ void -_dl_tls_static_surplus_init (void) +_dl_tls_static_surplus_init (size_t naudit) { size_t nns; @@ -73,6 +79,11 @@ _dl_tls_static_surplus_init (void) #endif if (nns > DL_NNS) nns = DL_NNS; + if (DL_NNS - nns < naudit) + _dl_fatal_printf ("Failed loading %lu audit modules, %lu are supported.\n", + (unsigned long) naudit, (unsigned long) (DL_NNS - nns)); + nns += naudit; + GLRO(dl_tls_static_surplus) = ((nns - 1) * LIBC_IE_TLS + nns * OTHER_IE_TLS + OPT_SURPLUS_TLS); diff --git a/elf/rtld.c b/elf/rtld.c index 99a8c75477..cd0e547e54 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -299,6 +299,23 @@ audit_list_next (struct audit_list *list) } } +/* Count audit modules before they are loaded so GLRO(dl_naudit) + is not yet usable. */ +static size_t +audit_list_count (struct audit_list *list) +{ + /* Restore the audit_list iterator state at the end. */ + const char *saved_tail = list->current_tail; + size_t naudit = 0; + + assert (list->current_index == 0); + while (audit_list_next (list) != NULL) + naudit++; + list->current_tail = saved_tail; + list->current_index = 0; + return naudit; +} + #ifndef HAVE_INLINED_SYSCALLS /* Set nonzero during loading and initialization of executable and libraries, cleared before the executable's entry point runs. This @@ -738,7 +755,7 @@ match_version (const char *string, struct link_map *map) static bool tls_init_tp_called; static void * -init_tls (void) +init_tls (size_t naudit) { /* Number of elements in the static TLS block. */ GL(dl_tls_static_nelem) = GL(dl_tls_max_dtv_idx); @@ -781,7 +798,7 @@ init_tls (void) assert (i == GL(dl_tls_max_dtv_idx)); /* Calculate the size of the static TLS surplus. */ - _dl_tls_static_surplus_init (); + _dl_tls_static_surplus_init (naudit); /* Compute the TLS offsets for the various blocks. */ _dl_determine_tlsoffset (); @@ -1668,9 +1685,11 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]); bool need_security_init = true; if (audit_list.length > 0) { + size_t naudit = audit_list_count (&audit_list); + /* Since we start using the auditing DSOs right away we need to initialize the data structures now. */ - tcbp = init_tls (); + tcbp = init_tls (naudit); /* Initialize security features. We need to do it this early since otherwise the constructors of the audit libraries will @@ -1680,6 +1699,10 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]); need_security_init = false; load_audit_modules (main_map, &audit_list); + + /* The count based on audit strings may overestimate the number + of audit modules that got loaded, but not underestimate. */ + assert (GLRO(dl_naudit) <= naudit); } /* Keep track of the currently loaded modules to count how many @@ -1923,7 +1946,7 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]); multiple threads (from a non-TLS-using libpthread). */ bool was_tls_init_tp_called = tls_init_tp_called; if (tcbp == NULL) - tcbp = init_tls (); + tcbp = init_tls (0); if (__glibc_likely (need_security_init)) /* Initialize security features. But only if we have not done it diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 5156410834..64b4552653 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1102,8 +1102,9 @@ extern size_t _dl_count_modids (void) attribute_hidden; /* Calculate offset of the TLS blocks in the static TLS block. */ extern void _dl_determine_tlsoffset (void) attribute_hidden; -/* Calculate the size of the static TLS surplus. */ -void _dl_tls_static_surplus_init (void) attribute_hidden; +/* Calculate the size of the static TLS surplus, when the given + number of audit modules are loaded. */ +void _dl_tls_static_surplus_init (size_t naudit) attribute_hidden; #ifndef SHARED /* Set up the TCB for statically linked applications. This is called