[Bug dynamic-link/31230] New: PLT rewrite failed without SELinux

[Bug dynamic-link/31230] New: PLT rewrite failed without SELinux

[hjl.tools at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31230

            Bug ID: 31230
           Summary: PLT rewrite failed without SELinux
           Product: glibc
           Version: 2.39
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dynamic-link
          Assignee: unassigned at sourceware dot org
          Reporter: hjl.tools at gmail dot com
  Target Milestone: ---

I backported PLT rewrite to my glibc and added

export GLIBC_TUNABLES=glibc.cpu.plt_rewrite=2

to my shell.  Now I got

Jan 10 17:23:28 gnu-cfl-3 pipewire[2420]: /usr/bin/pipewire: error while
loading shared libraries: /lib64/libc.so.6: failed to change PLT back to
read-only
Jan 10 17:23:28 gnu-cfl-3 wireplumber[2711]: /usr/bin/wireplumber: error while
loading shared libraries: /lib64/libc.so.6: failed to change PLT back to
read-only
Jan 10 17:23:29 gnu-cfl-3 pipewire-pulse[3019]: /usr/bin/pipewire-pulse: error
while loading shared libraries: /lib64/libc.so.6: failed to change PLT back to
read-only

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug dynamic-link/31230] PLT rewrite failed without SELinux

[sam at gentoo dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31230

Sam James <sam at gentoo dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sam at gentoo dot org

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug dynamic-link/31230] PLT rewrite failed without SELinux

[hjl.tools at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31230

--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
/usr/lib/systemd/user/pipewire.service has

[Service]
LockPersonality=yes
MemoryDenyWriteExecute=yes
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug dynamic-link/31230] PLT rewrite failed without SELinux

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31230

--- Comment #2 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=457bd9cf2e27550dd66b2d8f3c5a8dbd0dfb398f

commit 457bd9cf2e27550dd66b2d8f3c5a8dbd0dfb398f
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Jan 12 10:19:41 2024 -0800

    x86-64: Check if mprotect works before rewriting PLT

    Systemd execution environment configuration may prohibit changing a memory
    mapping to become executable:

    MemoryDenyWriteExecute=
    Takes a boolean argument. If set, attempts to create memory mappings
    that are writable and executable at the same time, or to change existing
    memory mappings to become executable, or mapping shared memory segments
    as executable, are prohibited.

    When it is set, systemd service stops working if PLT rewrite is enabled.
    Check if mprotect works before rewriting PLT.  This fixes BZ #31230.
    This also works with SELinux when deny_execmem is on.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug dynamic-link/31230] PLT rewrite failed without SELinux

[hjl.tools at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31230

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED
   Target Milestone|---                         |2.39

--- Comment #3 from H.J. Lu <hjl.tools at gmail dot com> ---
Fixed for 2.39.

-- 
You are receiving this mail because:
You are on the CC list for the bug.