From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 19CC0385840C for ; Tue, 29 Mar 2022 20:46:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 19CC0385840C Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-25-m4fBejpsNlu_BrQEzYoBSA-1; Tue, 29 Mar 2022 16:46:39 -0400 X-MC-Unique: m4fBejpsNlu_BrQEzYoBSA-1 Received: by mail-qv1-f71.google.com with SMTP id k20-20020ad44714000000b00440fd2c4a0aso14639444qvz.20 for ; Tue, 29 Mar 2022 13:46:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :content-language:to:from:subject:organization :content-transfer-encoding; bh=I4Aj9bnvmMbmRrWx3bp2MVE/MjnZvPnFhjuUXavXkrc=; b=UFfccHgPi5M2y69l20Ad80c5x8ecgzTciOzPgTw8cRQyAw6mlUnNVrCyAaUCas7V+6 DUHrw3q3zguEgKKMNeNNbvvDS+zUptEHOHSsEPkMn8K37TbLfNjik6qoHhvQabUhcuNW Dxc7qgNaaGQCsA+ErrFNgC0Mnkxuh9+VGhWnHSn60FpoVQ+H8jWKmjZYjoWdGX5HoTAH G5hnQE5AnQkbwI4MK/koxNba74OtcUriVqnL1BNljBxdT89pw2eneQDGS30Unyi0vTdf WwTZMB/C7D04emt43xX1tNKCns8xIq/wGykQnvodRaW0IuHNHa9MlTuXgtRUZSnsPUOk PmNg== X-Gm-Message-State: AOAM532ajyMDFOLQeUidVPUNVsHaseEAOAVMA3c8zPlJUdNBTRyyVIY/ BjZdd7uyEgWSw3toag2rJ5WmKgJOSHnnUmHK93zdrx9L9goy92peOt97flau2npaq1SJgCQM+We lnI4avYFCsWHUu8MhjJainBX9zfj+KEbExlJ2F2UkTEAyJiDtM99FBvS5l7oEfQkaIa+iJg== X-Received: by 2002:a37:bd3:0:b0:67e:704d:ab9c with SMTP id 202-20020a370bd3000000b0067e704dab9cmr21977949qkl.306.1648586798417; Tue, 29 Mar 2022 13:46:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzNL++y9cQ9yIq/QMKhhI2KNjij5Pldo1GeBjtzf1YGb53gc55I2vg4zAtV4uV5qN1fWaRltw== X-Received: by 2002:a37:bd3:0:b0:67e:704d:ab9c with SMTP id 202-20020a370bd3000000b0067e704dab9cmr21977932qkl.306.1648586798134; Tue, 29 Mar 2022 13:46:38 -0700 (PDT) Received: from [192.168.0.241] (135-23-175-80.cpe.pppoe.ca. [135.23.175.80]) by smtp.gmail.com with ESMTPSA id a9-20020ac85b89000000b002e2072c9dedsm16740672qta.67.2022.03.29.13.46.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 29 Mar 2022 13:46:37 -0700 (PDT) Message-ID: <5d39e78f-2a9f-c914-81a7-0582239f8c7e@redhat.com> Date: Tue, 29 Mar 2022 16:46:36 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 To: libc-alpha , Adhemerval Zanella , Aurelien Jarno , Michael Hudson-Doyle , Andreas Schwab From: Carlos O'Donell Subject: Backporting LD_AUDIT fixes to the glibc 2.34 release branch? Organization: Red Hat X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_LOTSOFHASH, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2022 20:46:42 -0000 I have the opportunity to backport the LD_AUDIT fixes to glibc 2.34. In total the set looks like this (no regressions on x86_64 and some minor conflicts): 80a08d0faa9b224019f895800c4d97de4e23e1aa - Fix elf/tst-audit25a with default bind now toolchains ce9a68c57c260c8417afc93972849ac9ad243ec4 - elf: Fix runtime linker auditing on aarch64 (BZ #26643) 32612615c58b394c3eb09f020f31310797ad3854 - elf: Issue la_symbind for bind-now (BZ #23734) 54816ae98d57930b7c945f17485714a5574bfe47 - elf: Move LAV_CURRENT to link_lavcurrent.h 254d3d5aef2fd8430c469e1938209ac100ebf132 - elf: Fix initial-exec TLS access on audit modules (BZ #28096) 484e672ddabe0a919a692520e6ac8f2580866235 - elf: Do not fail for failed dlmopen on audit modules (BZ #28061) 5fa11a2bc94c912c3b25860065086902674537ba - elf: Add la_activity during application exit f0e23d34a7bdf6b90fba954ee741419171ac41b2 - elf: Issue audit la_objopen for vDSO d1b38173c9255b1a4ae00018ad9b35404a7c74d0 - elf: Add audit tests for modules with TLSDESC 063f9ba220f434c7f30dd65c4cff17c0c458a7cf - elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) 8c0664e2b861fd3789602cc0b0b1922b0e20cb3a - elf: Add _dl_audit_pltexit eff687e8462b0eaf65992a6031b54a4b1cd16796 - elf: Add _dl_audit_pltenter 0b98a8748759e88b58927882a8714109abe0a2d6 - elf: Add _dl_audit_preinit cda4f265c65fb6c4ce38ca1cf0a7e527c5e77cd5 - elf: Add _dl_audit_symbind_alt and _dl_audit_symbind 311c9ee54ea963ff69bd3a2e6981c37e893b4c3e - elf: Add _dl_audit_objclose c91008d3490e4e3ce29520068405f081f0d368ca - elf: Add _dl_audit_objsearch 3dac3959a5cb585b065cef2cb8a8d909c907e202 - elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid aee6e90f93e285016b6cd9c8bd00402c19ba271b - elf: Add _dl_audit_objopen ed3ce71f5c64c5f07cbde0ef03554ea8950d8f2c - elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062) d6d89608ac8cf2b37c75debad1fff653f6939f90 - elf: Fix dynamic-link.h usage on rtld.c 4af6982e4c9fc465ffb7a54b794aaaa134241f05 - elf: Fix elf_get_dynamic_info definition 490e6c62aa31a8aa5c4a059f6e646ede121edf0a - elf: Avoid nested functions in the loader [BZ #27220] I exclude the _r_debug changes (3 commits) because of the gdb and tooling impact. I have the option to add one more commit to reinstate tst-audit17 (haven't tested it yet). Backporting these changes to glibc 2.34 release branch would allow me to more easily make them available in Fedora 35 (Fedora 36 already has them) and share their overall maintenance with other distributions. The downsides are as follows: - LAV_CURRENT is bumped, so existing auditors would need to be rebuilt. - The loader will not load the old auditors and the error message is clear. The upsides are that we get LD_AUDIT fixed and have wider coverage for the recent changes. I expect the most impacted distributions will be Debian/Ubuntu since they actively use the release branches like Fedora. Aurelien, Any objections? Michael, Any objections? Andreas, Would a backport into 2.34 release branch impact OpenSUSE? Any objections? -- Cheers, Carlos.