From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 0FA763857816 for ; Tue, 1 Feb 2022 06:45:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0FA763857816 Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-639-Jp5Ww9F3NQy1pPtTXMsi6A-1; Tue, 01 Feb 2022 01:45:23 -0500 X-MC-Unique: Jp5Ww9F3NQy1pPtTXMsi6A-1 Received: by mail-qk1-f200.google.com with SMTP id q5-20020ae9dc05000000b00507225deac5so2408284qkf.5 for ; Mon, 31 Jan 2022 22:45:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=8iPK/sldyVaVmRKcNiAbid/Oz7daJBjQLkr7rNI1psw=; b=advlXIdesd54aXos03bO6VmeVeo4Br91hTqHQPr2R5Ut+EQMDCyvW5BsVYpYcTaCMi FxBobMLBVYUQHK9buIrzbKUNsUXSqs2b8KK13ddlS2DPgFaPwzqEaaDdJMfR/VSU8vuR 0FezVeO2J6/BCFdffWvoiqoLZzYil0LMDVj2bfMp6lyZrEYQF9RVjr/Qmz4qhNOVNL5S +OvkW/NeL6b71R+cnUmpm+190NvQrii7I7s9wX63jx8C9IBkZOSiFbNDxF8C+OM1+7oV BG1s2kwjswT+IWwkhwHUCXz8t5EUVZ17rybw+iOi0jxFqeoAofJdb4nneDYbdTptA4Tq lHfg== X-Gm-Message-State: AOAM530drxxrZBYHI1RcklJM0/MUNOeRUvg0nP6ZwLrCYIwFSGuo5zzP mibafhP2V8MrXSPnMc9FDZFKDnEcOccpY1MYI69OrEDTZ7MVjvk6R3XzHPFUC+Gn6Vh9agi1m4L kQP1F62LODZMaAStpt8dX X-Received: by 2002:a05:620a:248b:: with SMTP id i11mr7417234qkn.280.1643697922506; Mon, 31 Jan 2022 22:45:22 -0800 (PST) X-Google-Smtp-Source: ABdhPJzj28CNLmkBHHd2hg3RpudujCVYDCdwdGXP4vczL56u2UecOz3QbWqS70pDnkLZNLvcSHx8Fw== X-Received: by 2002:a05:620a:248b:: with SMTP id i11mr7417225qkn.280.1643697922166; Mon, 31 Jan 2022 22:45:22 -0800 (PST) Received: from [192.168.0.241] (135-23-175-80.cpe.pppoe.ca. [135.23.175.80]) by smtp.gmail.com with ESMTPSA id v3sm803690qtw.50.2022.01.31.22.45.20 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 31 Jan 2022 22:45:21 -0800 (PST) Message-ID: <2490cb9e-fd04-316a-4642-d1b52d69d919@redhat.com> Date: Tue, 1 Feb 2022 01:45:20 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCH v12 0/4] Multiple rtld-audit fixes To: Adhemerval Zanella , libc-alpha@sourceware.org, jma14 Cc: John Mellor-Crummey , Ben Woodard References: <20220125183700.1280931-1-adhemerval.zanella@linaro.org> From: Carlos O'Donell Organization: Red Hat In-Reply-To: <20220125183700.1280931-1-adhemerval.zanella@linaro.org> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2022 06:45:31 -0000 On 1/25/22 13:36, Adhemerval Zanella wrote: > This patches fixes some of remaining issues brought by John > Mellor-Crummey [1] while trying to use it along with the HPCToolkit. > This should cover all the issues listed as 'Tier 1' [2] (the aarch64 > SVE requires additional work, so it is postpone to 2.36) and also > most of the 'Tier2' issue (BZ#28096 inclusive) which prevents the use > of some glibc function that uses TLS internally on the audit module. These changes look good to me. I've reviewed all 4 patches and I don't have any logical changes, just minor cleanups. Please post v13 and I'll ACK that for inclusion in glibc 2.35. > I have checked the patches on x86_64, i686, aarch64, armv7, powerpc64, > powerpc64le, and powerpc. I have tested on x86_64 and i686. Thanks for working on this. I would like to include this in glibc 2.35. The only external public data change is the LAV_VERSION bump, otherwise we can change the internal implementation at will. The LAV_VERSION bump will mean pre-glibc-2.35 audit modules need to be recompiled. Thank you for working through these issues for the users who presented their requirements to the community. I tested these changes in a Fedora Rawhide desktop environment to catch any potential issues like the DTV gap reuse problem. I didn't see any problems and ran GNOME, the full desktop, Firefox, and sandboxed content (youtube), all without problems. I also tested the downgrade errors: LD_AUDIT=./audit.so ./main 4124: ERROR: audit interface './audit.so' requires version 2 (maximum supported version 1); ignored. Which shows a new audit module trying to be loaded by an old glibc. The test passes with your changes, but segfaults without them. > [1] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html > [2] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDna9gL5BWWI0/edit# > [3] https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/azanella/ld-audit-fixes > > Changes from v11: > - Fixed tst-audit23. > > Changes from v10: > - Removed l_auditing usage on initial-exec TLS access fix. > - Fixed aarch64 comments about the _dl_runtime_profile stack layout. > - Added some more argumet checking on some tests. > - Fixed copyright years. > > Changes from v9: > - Fixed aarch64 comments about the _dl_runtime_profile stack layout. > - Rebased against master. > > Changes from v8: > - Improved la_activity test coverage. > - Fixed BZ#28096 regression. > > Changes from v7: > - Added la_activity tests during application exit. > - Refactor _dl_allocate_tls_init to not initialize static TLS. > - Changed sotruss to warn instead of error for bind-now. > - Added NEWS and changed commit message for aarch64. > > Changes from v6: > - Dropped SVE, main application on main_map l_name, and Run > constructors if executable has a soname of a dependency patches. > - Bumped LAV_VERSION to 2 on la_symbind bind-now support. > - Added extension pointer on aarch64 fix. > - Moved the refactor patch at the start of the set. > - Changed _dl_audit_objsearch interface. > > Changes from v5: > - Fixed build with --enable-profiling=yes. > - Moved la_activity (LA_ACT_ADD) *after* _dl_add_to_namespace_list() > for BZ#28062 fix. > - Fixed powerpc64 ELFv1 OPD toc setup for bind-now. > - Fixed testsuite issues for ia64. > - Removed LA_SYMB_BINDNOW now that LA_SYMB_NOPLTENTER and > LA_SYMB_NOPLTEXIT is passed for bind-now. > > Changes from v4: > - Added a fix for constructors if executable has a soname of a > dependency > - Rebased against master. > > Changes from v3 > - Added a aarch64 SVE RFC patch. > - Fixed an issue with bind-now fix on powerpc64 ELFv1. > - Rebased against master. > > Changes from v2 > - Refactored rtld-audit code to move common come to dl-audit.c. > - Issue audit la_objopen() for vDSO. > - Isseu la_activity during application exit. > - Issue la_symbind() for bind-now (BZ #23734). > - Fix runtime linker auditing on aarch64 (BZ #26643) > > Changes from v1 > - Fixed -fstack-protector-all tst-auditmod17. > - Simplify the _dl_call_libc_early_init call the 'Fix audit > regression' patch. > - Remove symbind check fr BZ#15333. > - Added the BZ#28096 fix. > > -- > > Adhemerval Zanella (3): > elf: Add la_activity during application exit > elf: Fix initial-exec TLS access on audit modules (BZ #28096) > elf: Issue la_symbind for bind-now (BZ #23734) > > Ben Woodard (1): > elf: Fix runtime linker auditing on aarch64 (BZ #26643) > > NEWS | 8 ++ > bits/link_lavcurrent.h | 2 +- > elf/Makefile | 104 +++++++++++++- > elf/dl-audit.c | 58 +++++--- > elf/dl-fini.c | 8 ++ > elf/dl-tls.c | 13 +- > elf/do-rel.h | 57 ++++++-- > elf/rtld.c | 5 +- > elf/sotruss-lib.c | 7 + > elf/tst-audit21.c | 42 ++++++ > elf/tst-audit23.c | 239 +++++++++++++++++++++++++++++++ > elf/tst-audit23mod.c | 23 +++ > elf/tst-audit24a.c | 36 +++++ > elf/tst-audit24amod1.c | 31 ++++ > elf/tst-audit24amod2.c | 25 ++++ > elf/tst-audit24b.c | 37 +++++ > elf/tst-audit24bmod1.c | 31 ++++ > elf/tst-audit24bmod2.c | 23 +++ > elf/tst-audit24c.c | 2 + > elf/tst-audit24d.c | 36 +++++ > elf/tst-audit24dmod1.c | 33 +++++ > elf/tst-audit24dmod2.c | 28 ++++ > elf/tst-audit24dmod3.c | 31 ++++ > elf/tst-audit24dmod4.c | 25 ++++ > elf/tst-audit25a.c | 129 +++++++++++++++++ > elf/tst-audit25b.c | 128 +++++++++++++++++ > elf/tst-audit25mod1.c | 30 ++++ > elf/tst-audit25mod2.c | 30 ++++ > elf/tst-audit25mod3.c | 22 +++ > elf/tst-audit25mod4.c | 22 +++ > elf/tst-auditmod21a.c | 80 +++++++++++ > elf/tst-auditmod21b.c | 22 +++ > elf/tst-auditmod23.c | 74 ++++++++++ > elf/tst-auditmod24.h | 29 ++++ > elf/tst-auditmod24a.c | 114 +++++++++++++++ > elf/tst-auditmod24b.c | 104 ++++++++++++++ > elf/tst-auditmod24c.c | 3 + > elf/tst-auditmod24d.c | 120 ++++++++++++++++ > elf/tst-auditmod25.c | 79 ++++++++++ > nptl/allocatestack.c | 2 +- > sysdeps/aarch64/Makefile | 20 +++ > sysdeps/aarch64/bits/link.h | 26 ++-- > sysdeps/aarch64/dl-audit-check.h | 28 ++++ > sysdeps/aarch64/dl-link.sym | 6 +- > sysdeps/aarch64/dl-trampoline.S | 81 +++++++---- > sysdeps/aarch64/tst-audit26.c | 37 +++++ > sysdeps/aarch64/tst-audit26mod.c | 33 +++++ > sysdeps/aarch64/tst-audit26mod.h | 50 +++++++ > sysdeps/aarch64/tst-audit27.c | 64 +++++++++ > sysdeps/aarch64/tst-audit27mod.c | 95 ++++++++++++ > sysdeps/aarch64/tst-audit27mod.h | 67 +++++++++ > sysdeps/aarch64/tst-auditmod26.c | 103 +++++++++++++ > sysdeps/aarch64/tst-auditmod27.c | 180 +++++++++++++++++++++++ > sysdeps/generic/dl-audit-check.h | 23 +++ > sysdeps/generic/dl-lookupcfg.h | 3 + > sysdeps/generic/ldsodefs.h | 7 +- > sysdeps/hppa/dl-lookupcfg.h | 3 + > sysdeps/ia64/dl-lookupcfg.h | 3 + > sysdeps/powerpc/dl-lookupcfg.h | 39 +++++ > 59 files changed, 2674 insertions(+), 86 deletions(-) > create mode 100644 elf/tst-audit21.c > create mode 100644 elf/tst-audit23.c > create mode 100644 elf/tst-audit23mod.c > create mode 100644 elf/tst-audit24a.c > create mode 100644 elf/tst-audit24amod1.c > create mode 100644 elf/tst-audit24amod2.c > create mode 100644 elf/tst-audit24b.c > create mode 100644 elf/tst-audit24bmod1.c > create mode 100644 elf/tst-audit24bmod2.c > create mode 100644 elf/tst-audit24c.c > create mode 100644 elf/tst-audit24d.c > create mode 100644 elf/tst-audit24dmod1.c > create mode 100644 elf/tst-audit24dmod2.c > create mode 100644 elf/tst-audit24dmod3.c > create mode 100644 elf/tst-audit24dmod4.c > create mode 100644 elf/tst-audit25a.c > create mode 100644 elf/tst-audit25b.c > create mode 100644 elf/tst-audit25mod1.c > create mode 100644 elf/tst-audit25mod2.c > create mode 100644 elf/tst-audit25mod3.c > create mode 100644 elf/tst-audit25mod4.c > create mode 100644 elf/tst-auditmod21a.c > create mode 100644 elf/tst-auditmod21b.c > create mode 100644 elf/tst-auditmod23.c > create mode 100644 elf/tst-auditmod24.h > create mode 100644 elf/tst-auditmod24a.c > create mode 100644 elf/tst-auditmod24b.c > create mode 100644 elf/tst-auditmod24c.c > create mode 100644 elf/tst-auditmod24d.c > create mode 100644 elf/tst-auditmod25.c > create mode 100644 sysdeps/aarch64/dl-audit-check.h > create mode 100644 sysdeps/aarch64/tst-audit26.c > create mode 100644 sysdeps/aarch64/tst-audit26mod.c > create mode 100644 sysdeps/aarch64/tst-audit26mod.h > create mode 100644 sysdeps/aarch64/tst-audit27.c > create mode 100644 sysdeps/aarch64/tst-audit27mod.c > create mode 100644 sysdeps/aarch64/tst-audit27mod.h > create mode 100644 sysdeps/aarch64/tst-auditmod26.c > create mode 100644 sysdeps/aarch64/tst-auditmod27.c > create mode 100644 sysdeps/generic/dl-audit-check.h > create mode 100644 sysdeps/powerpc/dl-lookupcfg.h > -- Cheers, Carlos.