From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gnu-gabi-return-247-listarch-gnu-gabi=sourceware.org@sourceware.org>
Received: (qmail 114823 invoked by alias); 28 Mar 2018 18:37:34 -0000
Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gnu-gabi.sourceware.org>
List-Post: <mailto:gnu-gabi@sourceware.org>
List-Help: <mailto:gnu-gabi-help@sourceware.org>
List-Subscribe: <mailto:gnu-gabi-subscribe@sourceware.org>
Sender: gnu-gabi-owner@sourceware.org
Received: (qmail 114783 invoked by uid 89); 28 Mar 2018 18:37:33 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=Auditing, installs
X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org
X-Spam-Level:
X-HELO: mx1.redhat.com
Received: from mx3-rdu2.redhat.com (HELO mx1.redhat.com) (66.187.233.73) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 28 Mar 2018 18:37:32 +0000
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id 4DAF38D761;	Wed, 28 Mar 2018 18:37:31 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.36.118.27])	by smtp.corp.redhat.com (Postfix) with ESMTP id 87842215CDC5;	Wed, 28 Mar 2018 18:37:30 +0000 (UTC)
Subject: Re: RFC: Audit external function called indirectly via GOT
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: Generic System V Application Binary Interface <generic-abi@googlegroups.com>, gnu-gabi@sourceware.org
References: <20180317133115.GA4681@gmail.com> <ba9013ec-7c77-9a3d-d474-3f5f4670d093@redhat.com> <CAMe9rOq3_U_T88+j8teyGRrrFoHWbvS=D+hHSBHZ01gQTWy=Hw@mail.gmail.com>
From: Florian Weimer <fweimer@redhat.com>
Message-ID: <e6935942-f8d6-3193-3e91-343715be5c5d@redhat.com>
Date: Mon, 01 Jan 2018 00:00:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CAMe9rOq3_U_T88+j8teyGRrrFoHWbvS=D+hHSBHZ01gQTWy=Hw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 28 Mar 2018 18:37:31 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 28 Mar 2018 18:37:31 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'fweimer@redhat.com' RCPT:''
X-IsSubscribed: yes
X-SW-Source: 2018-q1/txt/msg00031.txt.bz2

On 03/20/2018 05:52 PM, H.J. Lu wrote:
> On Mon, Mar 19, 2018 at 1:21 AM, Florian Weimer <fweimer@redhat.com> wrote:
>> On 03/17/2018 02:31 PM, H.J. Lu wrote:
>>>
>>> Auditing of external function calls and their return values relies on
>>> lazy binding with PLT.  When external functions are called indirectly
>>> via GOT without using PLT, auditing stops working.
>>>
>>> Here is a proposal to support auditing of external function called
>>> indirectly via GOT:
>>>
>>> 1. Add optional dynamic tags:
>>>
>>>    #define DT_GNU_PLT     0x6ffffef4  /* Address of PLT section  */
>>>    #define DT_GNU_PLTSZ   0x6ffffdf1  /* Size of PLT section  */
>>>    #define DT_GNU_PLTENT  0x6ffffdf2  /* Size of one PLT entry  */
>>>    #define DT_GNU_PLT0SZ  0x6ffffdf3  /* Size of the first PLT entry  */
>>>    #define DT_GNU_PLTGOTSZ 0x6ffffdf4 /* Size of PLTGOT section  */
>>>
>>> and update DT_FLAGS_1 with:
>>>
>>>    #define DF_1_JMPRELIGN 0x10000000  /* DT_JMPREL can be ignored  */
>>> 2. Linker creates PLT entries for auditing external function calls via
>>> GOT and sets DT_GNU_PLT, DT_GNU_PLTSZ, DT_GNU_PLTENT, DT_GNU_PLT0SZ and
>>> DT_GNU_PLTGOTSZ.  If PLT isn't required for lazy binding, set the
>>> DF_1_JMPRELIGN bit in DT_FLAGS_1.
>>
>>
>> Could we ship a template for the PLT entries in ld.so instead?  And if
>> needed, map it from the file together with an address array, like this?
> 
> This won't work since linker needs to know exactly PLT layout to generate
> JUMP_SLOT relocations for LD_AUDIT.

I don't see why it would need JUMP_SLOT relocations if it simply 
auto-generates PLT stub equivalents and installs them in GLOB_DAT 
relocations.

Anyway, going back to the larger question what we need here.

I used  this as a test case for audit support with BIND_NOW:

latrace /bin/true --help

Most of Fedora is compiled with BIND_NOW.  Fedora 26 does not print 
latrace messages (the problem I mentioned earlier), Fedora 27 works 
(yay), Fedora 28 crashes (meh).

So depending on which side Fedora 28+ falls, I think your approach might 
be viable.  I expect that a future binutils version would do this by 
default, and beyond the additional dynamic section tags, new PLT stubs 
would only be created for no-plt functions because current binutils is 
supposed to generate PLT entries again (after they went missing for -z 
now binaries for some time).

Thanks,
Florian