From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 01A283858D28
 for <libc-alpha@sourceware.org>; Sat, 18 Dec 2021 20:00:30 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 01A283858D28
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-121-S0fDQ9ZCPHu5eZ8JiGIxLQ-1; Sat, 18 Dec 2021 15:00:28 -0500
X-MC-Unique: S0fDQ9ZCPHu5eZ8JiGIxLQ-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 05695801B35;
 Sat, 18 Dec 2021 20:00:27 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.192.46])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 594685BE17;
 Sat, 18 Dec 2021 20:00:19 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org,  John Mellor-Crummey <johnmc@rice.edu>,  Ben
 Woodard <woodard@redhat.com>
Subject: Re: [PATCH v6 14/20] elf: Issue audit la_objopen() for vDSO
References: <20211115183734.531155-1-adhemerval.zanella@linaro.org>
 <20211115183734.531155-15-adhemerval.zanella@linaro.org>
Date: Sat, 18 Dec 2021 21:00:17 +0100
In-Reply-To: <20211115183734.531155-15-adhemerval.zanella@linaro.org>
 (Adhemerval Zanella's message of "Mon, 15 Nov 2021 15:37:28 -0300")
Message-ID: <878rwhheem.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Dec 2021 20:00:32 -0000

* Adhemerval Zanella:

> The vDSO is is listed in the link_map chain, but is never the subject of
> an la_objopen call.  A new internal flag __RTLD_VDSO is added that
> acts as __RTLD_OPENEXEC to allocate the required 'struct auditstate'
> extra space for the 'struct link_map'.
>
> The return value from the callback() is currently ignored, since there
> is no PLT call involved by glibc when using the vDSO, neither the vDSO
> are exported directly.

The usual comment about (). 8-)

> diff --git a/elf/dl-object.c b/elf/dl-object.c
> index eb2158a84b..6f26da4310 100644
> --- a/elf/dl-object.c
> +++ b/elf/dl-object.c
> @@ -59,16 +59,19 @@ _dl_new_object (char *realname, const char *libname, =
int type,
>  {
>  #ifdef SHARED
>    unsigned int naudit;
> -  if (__glibc_unlikely ((mode & __RTLD_OPENEXEC) !=3D 0))
> +  if (__glibc_unlikely ((mode & (__RTLD_OPENEXEC | __RTLD_VDSO)) !=3D 0)=
)
>      {
> -      assert (type =3D=3D lt_executable);
> -      assert (nsid =3D=3D LM_ID_BASE);
> +      if (mode & __RTLD_OPENEXEC)
> +=09{
> +=09  assert (type =3D=3D lt_executable);
> +=09  assert (nsid =3D=3D LM_ID_BASE);
> =20
> -      /* Ignore the specified libname for the main executable.  It is
> -=09 only known with an explicit loader invocation.  */
> -      libname =3D "";
> +=09  /* Ignore the specified libname for the main executable.  It is
> +=09     only known with an explicit loader invocation.  */
> +=09  libname =3D "";
> +=09}
> =20
> -      /* We create the map for the executable before we know whether
> +      /* We create the map for the executable and vDSO before we know wh=
ether
>  =09 we have auditing libraries and if yes, how many.  Assume the
>  =09 worst.  */
>        naudit =3D DL_NNS;

Okay, we call _dl_new_object early for the vDSO, too, so the comment is
appropriate.

> diff --git a/elf/tst-audit22.c b/elf/tst-audit22.c
> new file mode 100644
> index 0000000000..f136f25a32
> --- /dev/null
> +++ b/elf/tst-audit22.c

> +  /* The respawned process should always print the vDSO address (otherwi=
se it
> +     will fails as unsupported).  However, on some architectures the aud=
it
> +     module might see the vDSO with l_addr being 0, meaning a fixed mapp=
ing
> +     (linux-gate.so).  In this case we don't its value against AT_SYSINF=
O_EHDR
> +     one.  */

=E2=80=9Cwe don't [check] its value=E2=80=9D

> +  uintptr_t vdso_process =3D 0;
> +  bool vdso_audit_found =3D false;
> +  uintptr_t vdso_audit =3D 0;
> +
> +  FILE *out =3D fmemopen (result.err.buffer, result.err.length, "r");
> +  TEST_VERIFY (out !=3D NULL);
> +  char *buffer =3D NULL;
> +  size_t buffer_length =3D 0;
> +  while (xgetline (&buffer, &buffer_length, out))
> +    {
> +      if (startswith (buffer, "vdso: "))
> +=09vdso_process =3D parse_address (buffer + strlen ("vdso "));

"vdso: " (with colon), but sscanf already skips the leading space.

> +#define TEST_FUNCTION_ARGV do_test
> +#include <support/test-driver.c>
> diff --git a/elf/tst-auditmod22.c b/elf/tst-auditmod22.c
> new file mode 100644
> index 0000000000..8e05ce8cbb

> +static inline bool
> +startswith (const char *str, const char *pre)
> +{
> +  size_t lenpre =3D strlen (pre);
> +  size_t lenstr =3D strlen (str);
> +  return lenstr < lenpre ? false : memcmp (pre, str, lenpre) =3D=3D 0;
> +}

lenstr >=3D lenpre && memcmp (pre, str, lenpre) =3D=3D 0

> +
> +unsigned int
> +la_version (unsigned int version)
> +{
> +  return LAV_CURRENT;
> +}
> +
> +unsigned int
> +la_objopen (struct link_map *map, Lmid_t lmid, uintptr_t *cookie)
> +{
> +  /* The linux-gate.so is placed at a fixed address, thus l_addr being 0=
,
> +     and it might be the value reported as the AT_SYSINFO_EHDR.  */
> +  if (map->l_addr =3D=3D 0 && startswith (map->l_name, "linux-gate.so"))
> +    fprintf (stderr, "vdso found: %p\n", NULL);
> +  else if (map->l_addr =3D=3D getauxval (AT_SYSINFO_EHDR))
> +    fprintf (stderr, "vdso found: %p\n", (void*) map->l_addr);
> +
> +  return 0;
> +}

Would it be possible to look at the program headers to get the minimum
mapped address for the linux-gate.so object?

> diff --git a/include/dlfcn.h b/include/dlfcn.h
> index a4c283728f..66bcf2dff9 100644
> --- a/include/dlfcn.h
> +++ b/include/dlfcn.h
> @@ -12,6 +12,7 @@
>  #define __RTLD_AUDIT=090x08000000
>  #define __RTLD_SECURE=090x04000000 /* Apply additional security checks. =
 */
>  #define __RTLD_NOIFUNC=090x02000000 /* Suppress calling ifunc functions.=
  */
> +#define __RTLD_VDSO=090x01000000
> =20
>  #define __LM_ID_CALLER=09-2

The __RTLD_VDSO definition is unique, okay.  But maybe add a comment,
like =E2=80=9CTell _dl_new_object the object is system-loaded.=E2=80=9D

Thanks,
Florian