From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-0010f301.pphosted.com (mx0a-0010f301.pphosted.com [148.163.149.254]) by sourceware.org (Postfix) with ESMTPS id 9F9BB3858D20 for ; Tue, 1 Feb 2022 07:53:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9F9BB3858D20 Received: from pps.filterd (m0102855.ppops.net [127.0.0.1]) by mx0b-0010f301.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 2116rcX4012452; Tue, 1 Feb 2022 01:53:18 -0600 Received: from mh2.mail.rice.edu (mh2.mail.rice.edu [128.42.201.21]) by mx0b-0010f301.pphosted.com (PPS) with ESMTPS id 3dxth0r74r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 01 Feb 2022 01:53:17 -0600 Received-X: from mh2.mail.rice.edu (localhost [127.0.0.1]) by mh2.mail.rice.edu (Postfix) with ESMTP id 2577E217818; Tue, 1 Feb 2022 01:53:17 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by mh2.mail.rice.edu (Postfix) with ESMTP id 060D520A488; Tue, 1 Feb 2022 01:53:17 -0600 (CST) X-Virus-Scanned: by amavis-2.12.1 at mh2.mail.rice.edu, auth channel Received: from mh2.mail.rice.edu ([127.0.0.1]) by localhost (mh2.mail.rice.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id prZb5fbJw6y7; Tue, 1 Feb 2022 01:53:08 -0600 (CST) Received: from smtpclient.apple (c-98-200-175-18.hsd1.tx.comcast.net [98.200.175.18]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: johnmc) by mh2.mail.rice.edu (Postfix) with ESMTPSA id 3D780217828; Tue, 1 Feb 2022 01:53:08 -0600 (CST) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v12 0/4] Multiple rtld-audit fixes From: John Mellor-Crummey In-Reply-To: <2490cb9e-fd04-316a-4642-d1b52d69d919@redhat.com> Date: Tue, 1 Feb 2022 01:53:07 -0600 Cc: Adhemerval Zanella , libc-alpha@sourceware.org, jma14 , Ben Woodard Message-Id: <5B3A03FD-FBAD-4AC1-89B5-71D7007BB7E1@rice.edu> References: <2490cb9e-fd04-316a-4642-d1b52d69d919@redhat.com> To: Carlos O'Donell X-Mailer: iPhone Mail (19D50) X-Proofpoint-ORIG-GUID: H8yNL7ryBOnWe54o8XjqY2wwu9Iacvua X-Proofpoint-GUID: H8yNL7ryBOnWe54o8XjqY2wwu9Iacvua X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-01_02,2022-01-31_01,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 suspectscore=0 malwarescore=0 clxscore=1011 bulkscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 spamscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202010040 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2022 07:53:26 -0000 Thanks to Adhemerval, Florian, Szabolcs, and Carlos for all of the work it t= ook to develop, test, and land these changes. My team really appreciates it!= =20 These fixes will provide the firm foundation we need for reliable tools. John Mellor-Crummey (sent from my phone) > On Feb 1, 2022, at 12:45 AM, Carlos O'Donell wrote: >=20 > =EF=BB=BFOn 1/25/22 13:36, Adhemerval Zanella wrote: >> This patches fixes some of remaining issues brought by John >> Mellor-Crummey [1] while trying to use it along with the HPCToolkit. >> This should cover all the issues listed as 'Tier 1' [2] (the aarch64 >> SVE requires additional work, so it is postpone to 2.36) and also >> most of the 'Tier2' issue (BZ#28096 inclusive) which prevents the use >> of some glibc function that uses TLS internally on the audit module. >=20 > These changes look good to me. I've reviewed all 4 patches and I don't hav= e any > logical changes, just minor cleanups. Please post v13 and I'll ACK that fo= r inclusion > in glibc 2.35. >=20 >> I have checked the patches on x86_64, i686, aarch64, armv7, powerpc64, >> powerpc64le, and powerpc. >=20 > I have tested on x86_64 and i686. Thanks for working on this. I would like= to include > this in glibc 2.35. The only external public data change is the LAV_VERSIO= N bump, > otherwise we can change the internal implementation at will. The LAV_VERSI= ON bump > will mean pre-glibc-2.35 audit modules need to be recompiled. >=20 > Thank you for working through these issues for the users who presented the= ir > requirements to the community. >=20 > I tested these changes in a Fedora Rawhide desktop environment to catch an= y potential > issues like the DTV gap reuse problem. I didn't see any problems and ran G= NOME, > the full desktop, Firefox, and sandboxed content (youtube), all without pr= oblems. >=20 > I also tested the downgrade errors: > LD_AUDIT=3D./audit.so ./main=20 > 4124: ERROR: audit interface './audit.so' requires version 2 (maxi= mum supported version 1); ignored. >=20 > Which shows a new audit module trying to be loaded by an old glibc. >=20 > The test passes with your changes, but segfaults without them. >=20 >> [1] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html >> [2] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDn= a9gL5BWWI0/edit# >> [3] https://sourceware.org/git/?p=3Dglibc.git;a=3Dshortlog;h=3Drefs/heads= /azanella/ld-audit-fixes >>=20 >> Changes from v11: >> - Fixed tst-audit23. >>=20 >> Changes from v10: >> - Removed l_auditing usage on initial-exec TLS access fix. >> - Fixed aarch64 comments about the _dl_runtime_profile stack layout. >> - Added some more argumet checking on some tests. >> - Fixed copyright years. >>=20 >> Changes from v9: >> - Fixed aarch64 comments about the _dl_runtime_profile stack layout. >> - Rebased against master. >>=20 >> Changes from v8: >> - Improved la_activity test coverage. >> - Fixed BZ#28096 regression. >>=20 >> Changes from v7: >> - Added la_activity tests during application exit. >> - Refactor _dl_allocate_tls_init to not initialize static TLS. >> - Changed sotruss to warn instead of error for bind-now. >> - Added NEWS and changed commit message for aarch64. >>=20 >> Changes from v6: >> - Dropped SVE, main application on main_map l_name, and Run >> constructors if executable has a soname of a dependency patches. >> - Bumped LAV_VERSION to 2 on la_symbind bind-now support. >> - Added extension pointer on aarch64 fix. >> - Moved the refactor patch at the start of the set. >> - Changed _dl_audit_objsearch interface. >>=20 >> Changes from v5: >> - Fixed build with --enable-profiling=3Dyes. >> - Moved la_activity (LA_ACT_ADD) *after* _dl_add_to_namespace_list() >> for BZ#28062 fix. >> - Fixed powerpc64 ELFv1 OPD toc setup for bind-now. >> - Fixed testsuite issues for ia64. >> - Removed LA_SYMB_BINDNOW now that LA_SYMB_NOPLTENTER and >> LA_SYMB_NOPLTEXIT is passed for bind-now. >>=20 >> Changes from v4: >> - Added a fix for constructors if executable has a soname of a >> dependency >> - Rebased against master. >>=20 >> Changes from v3 >> - Added a aarch64 SVE RFC patch. >> - Fixed an issue with bind-now fix on powerpc64 ELFv1. >> - Rebased against master. >>=20 >> Changes from v2 >> - Refactored rtld-audit code to move common come to dl-audit.c. >> - Issue audit la_objopen() for vDSO. >> - Isseu la_activity during application exit. >> - Issue la_symbind() for bind-now (BZ #23734). >> - Fix runtime linker auditing on aarch64 (BZ #26643) >>=20 >> Changes from v1 >> - Fixed -fstack-protector-all tst-auditmod17. >> - Simplify the _dl_call_libc_early_init call the 'Fix audit >> regression' patch. >> - Remove symbind check fr BZ#15333. >> - Added the BZ#28096 fix. >>=20 >> -- >>=20 >> Adhemerval Zanella (3): >> elf: Add la_activity during application exit >> elf: Fix initial-exec TLS access on audit modules (BZ #28096) >> elf: Issue la_symbind for bind-now (BZ #23734) >>=20 >> Ben Woodard (1): >> elf: Fix runtime linker auditing on aarch64 (BZ #26643) >>=20 >> NEWS | 8 ++ >> bits/link_lavcurrent.h | 2 +- >> elf/Makefile | 104 +++++++++++++- >> elf/dl-audit.c | 58 +++++--- >> elf/dl-fini.c | 8 ++ >> elf/dl-tls.c | 13 +- >> elf/do-rel.h | 57 ++++++-- >> elf/rtld.c | 5 +- >> elf/sotruss-lib.c | 7 + >> elf/tst-audit21.c | 42 ++++++ >> elf/tst-audit23.c | 239 +++++++++++++++++++++++++++++++ >> elf/tst-audit23mod.c | 23 +++ >> elf/tst-audit24a.c | 36 +++++ >> elf/tst-audit24amod1.c | 31 ++++ >> elf/tst-audit24amod2.c | 25 ++++ >> elf/tst-audit24b.c | 37 +++++ >> elf/tst-audit24bmod1.c | 31 ++++ >> elf/tst-audit24bmod2.c | 23 +++ >> elf/tst-audit24c.c | 2 + >> elf/tst-audit24d.c | 36 +++++ >> elf/tst-audit24dmod1.c | 33 +++++ >> elf/tst-audit24dmod2.c | 28 ++++ >> elf/tst-audit24dmod3.c | 31 ++++ >> elf/tst-audit24dmod4.c | 25 ++++ >> elf/tst-audit25a.c | 129 +++++++++++++++++ >> elf/tst-audit25b.c | 128 +++++++++++++++++ >> elf/tst-audit25mod1.c | 30 ++++ >> elf/tst-audit25mod2.c | 30 ++++ >> elf/tst-audit25mod3.c | 22 +++ >> elf/tst-audit25mod4.c | 22 +++ >> elf/tst-auditmod21a.c | 80 +++++++++++ >> elf/tst-auditmod21b.c | 22 +++ >> elf/tst-auditmod23.c | 74 ++++++++++ >> elf/tst-auditmod24.h | 29 ++++ >> elf/tst-auditmod24a.c | 114 +++++++++++++++ >> elf/tst-auditmod24b.c | 104 ++++++++++++++ >> elf/tst-auditmod24c.c | 3 + >> elf/tst-auditmod24d.c | 120 ++++++++++++++++ >> elf/tst-auditmod25.c | 79 ++++++++++ >> nptl/allocatestack.c | 2 +- >> sysdeps/aarch64/Makefile | 20 +++ >> sysdeps/aarch64/bits/link.h | 26 ++-- >> sysdeps/aarch64/dl-audit-check.h | 28 ++++ >> sysdeps/aarch64/dl-link.sym | 6 +- >> sysdeps/aarch64/dl-trampoline.S | 81 +++++++---- >> sysdeps/aarch64/tst-audit26.c | 37 +++++ >> sysdeps/aarch64/tst-audit26mod.c | 33 +++++ >> sysdeps/aarch64/tst-audit26mod.h | 50 +++++++ >> sysdeps/aarch64/tst-audit27.c | 64 +++++++++ >> sysdeps/aarch64/tst-audit27mod.c | 95 ++++++++++++ >> sysdeps/aarch64/tst-audit27mod.h | 67 +++++++++ >> sysdeps/aarch64/tst-auditmod26.c | 103 +++++++++++++ >> sysdeps/aarch64/tst-auditmod27.c | 180 +++++++++++++++++++++++ >> sysdeps/generic/dl-audit-check.h | 23 +++ >> sysdeps/generic/dl-lookupcfg.h | 3 + >> sysdeps/generic/ldsodefs.h | 7 +- >> sysdeps/hppa/dl-lookupcfg.h | 3 + >> sysdeps/ia64/dl-lookupcfg.h | 3 + >> sysdeps/powerpc/dl-lookupcfg.h | 39 +++++ >> 59 files changed, 2674 insertions(+), 86 deletions(-) >> create mode 100644 elf/tst-audit21.c >> create mode 100644 elf/tst-audit23.c >> create mode 100644 elf/tst-audit23mod.c >> create mode 100644 elf/tst-audit24a.c >> create mode 100644 elf/tst-audit24amod1.c >> create mode 100644 elf/tst-audit24amod2.c >> create mode 100644 elf/tst-audit24b.c >> create mode 100644 elf/tst-audit24bmod1.c >> create mode 100644 elf/tst-audit24bmod2.c >> create mode 100644 elf/tst-audit24c.c >> create mode 100644 elf/tst-audit24d.c >> create mode 100644 elf/tst-audit24dmod1.c >> create mode 100644 elf/tst-audit24dmod2.c >> create mode 100644 elf/tst-audit24dmod3.c >> create mode 100644 elf/tst-audit24dmod4.c >> create mode 100644 elf/tst-audit25a.c >> create mode 100644 elf/tst-audit25b.c >> create mode 100644 elf/tst-audit25mod1.c >> create mode 100644 elf/tst-audit25mod2.c >> create mode 100644 elf/tst-audit25mod3.c >> create mode 100644 elf/tst-audit25mod4.c >> create mode 100644 elf/tst-auditmod21a.c >> create mode 100644 elf/tst-auditmod21b.c >> create mode 100644 elf/tst-auditmod23.c >> create mode 100644 elf/tst-auditmod24.h >> create mode 100644 elf/tst-auditmod24a.c >> create mode 100644 elf/tst-auditmod24b.c >> create mode 100644 elf/tst-auditmod24c.c >> create mode 100644 elf/tst-auditmod24d.c >> create mode 100644 elf/tst-auditmod25.c >> create mode 100644 sysdeps/aarch64/dl-audit-check.h >> create mode 100644 sysdeps/aarch64/tst-audit26.c >> create mode 100644 sysdeps/aarch64/tst-audit26mod.c >> create mode 100644 sysdeps/aarch64/tst-audit26mod.h >> create mode 100644 sysdeps/aarch64/tst-audit27.c >> create mode 100644 sysdeps/aarch64/tst-audit27mod.c >> create mode 100644 sysdeps/aarch64/tst-audit27mod.h >> create mode 100644 sysdeps/aarch64/tst-auditmod26.c >> create mode 100644 sysdeps/aarch64/tst-auditmod27.c >> create mode 100644 sysdeps/generic/dl-audit-check.h >> create mode 100644 sysdeps/powerpc/dl-lookupcfg.h >>=20 >=20 >=20 > --=20 > Cheers, > Carlos. >=20