From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id F0C20385840E
 for <libc-alpha@sourceware.org>; Thu, 11 Nov 2021 12:02:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F0C20385840E
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-203-QKbJixeoMFOOoH0KYOWu0w-1; Thu, 11 Nov 2021 07:02:16 -0500
X-MC-Unique: QKbJixeoMFOOoH0KYOWu0w-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 873341006AA4;
 Thu, 11 Nov 2021 12:02:14 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.192.82])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 9CDE45DA61;
 Thu, 11 Nov 2021 12:02:09 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org,  John Mellor-Crummey <johnmc@rice.edu>,  Ben
 Woodard <woodard@redhat.com>,  Vivek Das Mohapatra <vivek@collabora.com>
Subject: Re: [PATCH v5 04/22] elf: Suppress audit calls when a (new)
 namespace is empty (BZ #28062)
References: <20211109183347.2943786-1-adhemerval.zanella@linaro.org>
 <20211109183347.2943786-5-adhemerval.zanella@linaro.org>
 <871r3o5c77.fsf@oldenburg.str.redhat.com>
 <dbd4b0b6-ca10-ec14-144d-4afd5ffc3fd3@linaro.org>
Date: Thu, 11 Nov 2021 13:02:07 +0100
In-Reply-To: <dbd4b0b6-ca10-ec14-144d-4afd5ffc3fd3@linaro.org> (Adhemerval
 Zanella's message of "Thu, 11 Nov 2021 08:51:35 -0300")
Message-ID: <87o86qzyrk.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 12:02:23 -0000

* Adhemerval Zanella:

> On 10/11/2021 11:15, Florian Weimer wrote:
>> * Adhemerval Zanella:
>> 
>>> diff --git a/elf/dl-load.c b/elf/dl-load.c
>>> index 9f4fa9617d..72298776f6 100644
>>> --- a/elf/dl-load.c
>>> +++ b/elf/dl-load.c
>>> @@ -1067,8 +1067,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
>>>  	  && __glibc_unlikely (GLRO(dl_naudit) > 0))
>>>  	{
>>>  	  struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
>>> -	  /* Do not call the functions for any auditing object.  */
>>> -	  if (head->l_auditing == 0)
>>> +	  /* Do not call the functions for any auditing object and also do not
>>> +	     try to call auditing functions if the namespace is currently
>>> +	     empty.  This happens when opening the first DSO in a new
>>> +	     namespace.  */
>>> +	  if (head != NULL && head->l_auditing == 0)
>>>  	    {
>>>  	      struct audit_ifaces *afct = GLRO(dl_audit);
>>>  	      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
>> 
>> As far as I can tell, using GL(dl_ns)[nsid]._ns_loaded for la_activity
>> is a completely arbitrary choice.  I think we should use
>> &GL(dl_ns)[nsid] for secondary namespace instead, and keep
>> GL(dl_ns)[LM_ID_BASE]._ns_loaded for backwards compatibility.
>> 
>> This will allow us to generate an LA_ACT_ADD event for an empty
>> namespace.
>
> I am not really following you here, '&GL(dl_ns)[nsid]' is just the container
> here, we need to iterate over the 'link_maps' within it.

Hmm.  I had a peeked at the Solaris documentation, and it says that
LA_ACT_ADD uses the head link map of the namespace as a cookie.

I really dislike that we produce a LA_ACT_DELETE without the
corresponding LA_ACT_ADD due to this issue.

Can we use the link map allocated used _dl_new_object as the cookie if
the namespace is empty?  This seems like the right thing to do here.
The allocation happens just a few lines further down.

Thanks,
Florian