public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "stsp at users dot sourceforge.net" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/30007] rfe: dlopen to specified address Date: Wed, 15 Mar 2023 06:33:25 +0000 [thread overview] Message-ID: <bug-30007-131-Zlzcfca4rT@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-30007-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=30007 --- Comment #9 from Stas Sergeev <stsp at users dot sourceforge.net> --- (In reply to Jonathon Anderson from comment #8) > I think above and this is a succinct description of Stas's intended use > case: having double mappings for solibs allows sharing data between the host > and a VM with only address translation at the VM boundary, instead of > address translation on every memory access inside the VM. Solutions exist > for heap memory and stack memory, leaving primarily the .data/.bss memory > allocated as part of an solib. (Correct me if I'm mistaken of course.) That's correct. > The proposed la_premap and la_premap_dlmem (part of the dlmem() patch) > collectively "solve" this problem by granting LD_AUDIT some limited control > over the object (segment) mapping process. My first impression from reading > the test cases, they seem a bit too specific to this use case. IMHO they are > also out-of-scope for LD_AUDIT: LD_AUDIT works at the level of symbols and > objects, both generic across OSs and even binary formats (ELF + DLL), > whereas la_premap* expose an implementation detail of the dynamic linker. What exactly implementation detail? Its just "here's the length I need to map for solib. if you want, give me a buffer and/or fd for it". To me its quite similar to "here's the name of the solib. if you want, give me a different one to use". > Most importantly, we do not yet deeply understand the implications exposing > these callbacks can have, security or otherwise. Any explanation why there can be any security concerns here? > An alternative solution I brought up in the prior discussion is "wrapping" > the mmap syscall. In general, any Linux syscall can be wrapped using seccomp > (e.g. via libseccomp [1]) or more recently with syscall user dispatch [2]. > With the wrapper in place, every mmap would be replicated in the VM memory > window and update a table used for address translation. Some behavior > changes would be needed to appropriately implement MAP_ANONYMOUS and > MAP_FIXED, but neither seem particularly problematic. I don't understand what you mean. Besides the fact that you want to describe something very specific to particular libc (intercepting the particular mmap call, knowing how the particular dynamic loader works), you haven't written the detailed scheme of what you propose. You were referring (in another thread) to trapping only the first mmap() call done by dynamic loader, IIRC. How can that lead to a solution of having 2 identical mappings, is essentially unclear. At best it can solve the problem of specifying the reloc address, by the cost of depending on a particular impl of particular libc, forgetting about any portability to other libces. So please detail your proposal. > If this well-understood approach solves the problem, IMHO there isn't much > point in arguing this RFE further. It doesn't solve anything (except probably the reloc address), and the statements like this, together with the statement that my patch breaks your use-case or raises a security concerns, only suggests that you want to down-play any contributions that you review. In fact, since you never ever said a single word about how any of the multiple proposals (including DT_AUDIT for dlopen()) can be improved, I am quite sure its the case. I hope we can get more constructive. > (In reply to Stas Sergeev from comment > You're right, neglected .bss when suggesting this idea. This would not be an > issue when using an mmap wrapper however, as the region is simply mapped > with MAP_ANONYMOUS. I don't understand how this would not be an issue, please clarify. Region mapped with MAP_ANONYMOUS cannot be shared with VM. > (In reply to Stas Sergeev from comment > To clarify here, the "first" call to mmap() is the one without MAP_FIXED, > and is used to allocate the pages that will later be overwritten by > MAP_FIXED. Threads should not become a problem here, just check the flags. Why any other thread can't do unrelated mmap() without MAP_FIXED? -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2023-03-15 6:33 UTC|newest] Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-01-16 14:13 [Bug dynamic-link/30007] New: rfe: dlopen to user buffer or " stsp at users dot sourceforge.net 2023-01-17 14:17 ` [Bug dynamic-link/30007] " adhemerval.zanella at linaro dot org 2023-01-17 14:35 ` stsp at users dot sourceforge.net 2023-01-19 13:23 ` adhemerval.zanella at linaro dot org 2023-01-19 13:46 ` stsp at users dot sourceforge.net 2023-01-20 6:55 ` [Bug dynamic-link/30007] rfe: dlopen " stsp at users dot sourceforge.net 2023-02-15 16:58 ` stsp at users dot sourceforge.net 2023-03-14 3:20 ` stsp at users dot sourceforge.net 2023-03-14 13:21 ` adhemerval.zanella at linaro dot org 2023-03-15 5:34 ` janderson at rice dot edu 2023-03-15 6:33 ` stsp at users dot sourceforge.net [this message] 2023-03-15 10:03 ` stsp at users dot sourceforge.net 2023-03-15 11:05 ` stsp at users dot sourceforge.net 2023-03-15 11:41 ` stsp at users dot sourceforge.net 2023-03-15 12:07 ` stsp at users dot sourceforge.net 2023-03-17 6:44 ` stsp at users dot sourceforge.net 2023-03-18 23:28 ` janderson at rice dot edu 2023-03-19 2:12 ` stsp at users dot sourceforge.net 2023-03-19 2:37 ` stsp at users dot sourceforge.net 2023-03-19 9:47 ` stsp at users dot sourceforge.net 2023-03-19 10:14 ` stsp at users dot sourceforge.net 2023-03-19 13:56 ` stsp at users dot sourceforge.net 2023-03-23 10:34 ` stsp at users dot sourceforge.net 2023-03-27 7:12 ` stsp at users dot sourceforge.net 2023-03-27 17:16 ` janderson at rice dot edu 2023-03-28 1:29 ` stsp at users dot sourceforge.net 2023-03-28 5:02 ` stsp at users dot sourceforge.net 2023-03-28 5:37 ` stsp at users dot sourceforge.net 2023-03-28 6:17 ` janderson at rice dot edu 2023-03-28 9:14 ` stsp at users dot sourceforge.net 2023-03-29 15:26 ` stsp at users dot sourceforge.net 2023-03-31 15:43 ` stsp at users dot sourceforge.net 2023-03-31 15:53 ` stsp at users dot sourceforge.net 2023-03-31 16:08 ` stsp at users dot sourceforge.net 2023-04-03 9:28 ` stsp at users dot sourceforge.net 2023-04-03 9:28 ` stsp at users dot sourceforge.net 2023-04-14 19:09 ` stsp at users dot sourceforge.net 2023-04-14 19:11 ` adhemerval.zanella at linaro dot org 2023-04-14 19:12 ` stsp at users dot sourceforge.net 2023-05-08 14:51 ` stsp at users dot sourceforge.net
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-30007-131-Zlzcfca4rT@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).