From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=8Iel=CW=redhat.com=fweimer@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by sourceware.org (Postfix) with ESMTPS id CB32D3870C2C
	for <libc-alpha@sourceware.org>; Tue,  4 Jul 2023 20:03:40 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CB32D3870C2C
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1688501020;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=jzzF3qca2rZsoVMTCEhtYkgqpeOudIiBPSGSxOF+FHI=;
	b=HxsOXN6YyGGXFBogQanpWF/2QiQiLvZcnisNJSAoamBo3eCyf+njEridHw4kz40mI6HLUU
	KxRtcrsxjKRjEOqNTFh+wc9tXnb7bm0MOiRxnm6Qzhk6wHHBMWGItSrN5DF/38FB72iLjW
	mFLNzDRW6VFHvPMQ0WD4UNWHCkWsr6Y=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-269-PYwrRjMHN_yD49F1Zo48Tw-1; Tue, 04 Jul 2023 16:03:39 -0400
X-MC-Unique: PYwrRjMHN_yD49F1Zo48Tw-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 164618007CE
	for <libc-alpha@sourceware.org>; Tue,  4 Jul 2023 20:03:39 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.2.16.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6FE4D1121315
	for <libc-alpha@sourceware.org>; Tue,  4 Jul 2023 20:03:38 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: libc-alpha@sourceware.org
Subject: [PATCH 18/33] elf: Allocate auditor state after read-write link map
In-Reply-To: <cover.1688499219.git.fweimer@redhat.com>
Message-ID: <24eccac223a694152ea6d39cb281db9823648314.1688499219.git.fweimer@redhat.com>
References: <cover.1688499219.git.fweimer@redhat.com>
X-From-Line: 24eccac223a694152ea6d39cb281db9823648314 Mon Sep 17 00:00:00 2001
Date: Tue, 04 Jul 2023 22:03:36 +0200
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

Auditors can write to the cookie member, so it has to remain
read-write even if other parts of the link map are write-protected.
---
 elf/dl-object.c            |  6 +++---
 elf/rtld.c                 |  9 +++++++--
 include/link.h             |  9 +++++----
 sysdeps/generic/ldsodefs.h | 17 +++--------------
 4 files changed, 18 insertions(+), 23 deletions(-)

diff --git a/elf/dl-object.c b/elf/dl-object.c
index 1a9b04dd3c..0741371b80 100644
--- a/elf/dl-object.c
+++ b/elf/dl-object.c
@@ -89,12 +89,12 @@ _dl_new_object (char *realname, const char *libname, int type,
 # define audit_space 0
 #endif
 
-  new = calloc (sizeof (*new) + audit_space
+  new = calloc (sizeof (*new)
 		+ sizeof (struct link_map_private *)
 		+ sizeof (*newname) + libname_len, 1);
   if (new == NULL)
     return NULL;
-  new->l_rw = calloc (1, sizeof (*new->l_rw));
+  new->l_rw = calloc (1, sizeof (*new->l_rw) + audit_space);
   if (new->l_rw == NULL)
     {
       free (new);
@@ -103,7 +103,7 @@ _dl_new_object (char *realname, const char *libname, int type,
 
   new->l_real = new;
   new->l_symbolic_searchlist.r_list
-    = (struct link_map_private **) ((char *) (new + 1) + audit_space);
+    = (struct link_map_private **) ((char *) (new + 1));
 
   new->l_libname = newname
     = (struct libname_list *) (new->l_symbolic_searchlist.r_list + 1);
diff --git a/elf/rtld.c b/elf/rtld.c
index 3bdf3d814e..f086ee1712 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -458,8 +458,13 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
      interfere with __rtld_static_init.  */
   GLRO (dl_find_object) = &_dl_find_object;
 
-  static struct link_map_rw rtld_map_rw;
-  GL (dl_rtld_map).l_rw = &rtld_map_rw;
+  /* Pre-allocated read-write status of the ld.so link map.  */
+  static struct
+  {
+    struct link_map_rw l;
+    struct auditstate _dl_rtld_auditstate[DL_NNS];
+  } rtld_map_rw;
+  GL (dl_rtld_map).l_rw = &rtld_map_rw.l;
 #if NO_TLS_OFFSET != 0
   GL (dl_rtld_map).l_rw->l_tls_offset = NO_TLS_OFFSET;
 #endif
diff --git a/include/link.h b/include/link.h
index 1c0170372e..181cd2e444 100644
--- a/include/link.h
+++ b/include/link.h
@@ -374,15 +374,16 @@ l_next (struct link_map_private *l)
 
 #include <dl-relocate-ld.h>
 
-/* Information used by audit modules.  For most link maps, this data
-   immediate follows the link map in memory.  For the dynamic linker,
-   it is allocated separately.  See link_map_audit_state in
-   <ldsodefs.h>.  */
+/* Information used by audit modules.  An array of size GLRO (naudit)
+   elements follows the l_rw link map data in memory (in some cases
+   conservatively extended to to DL_NNS).  */
 struct auditstate
 {
   uintptr_t cookie;
   unsigned int bindflags;
 };
+_Static_assert (__alignof (struct auditstate) <= __alignof (struct link_map_rw),
+		"auditstate alignment compatible with link_map_rw alignment");
 
 
 /* This is the hidden instance of struct r_debug_extended used by the
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index 12271c37f3..cdba342f99 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -396,11 +396,6 @@ struct rtld_global
 
   /* Structure describing the dynamic linker itself.  */
   EXTERN struct link_map_private _dl_rtld_map;
-#ifdef SHARED
-  /* Used to store the audit information for the link map of the
-     dynamic loader.  */
-  struct auditstate _dl_rtld_auditstate[DL_NNS];
-#endif
 
 #if !PTHREAD_IN_LIBC && defined SHARED \
     && defined __rtld_lock_default_lock_recursive
@@ -1323,15 +1318,9 @@ rtld_active (void)
 static inline struct auditstate *
 link_map_audit_state (struct link_map_private *l, size_t index)
 {
-  if (l == &GL (dl_rtld_map))
-    /* The auditstate array is stored separately.  */
-    return &GL (dl_rtld_auditstate) [index];
-  else
-    {
-      /* The auditstate array follows the link map in memory.  */
-      struct auditstate *base = (struct auditstate *) (l + 1);
-      return &base[index];
-    }
+  /* The auditstate array follows the read-write link map part in memory.  */
+  struct auditstate *base = (struct auditstate *) (l->l_rw + 1);
+  return &base[index];
 }
 
 /* Call the la_objsearch from the audit modules from the link map L.  If
-- 
2.41.0