From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org, John Mellor-Crummey <johnmc@rice.edu>,
Ben Woodard <woodard@redhat.com>
Subject: Re: [PATCH v6 19/20] elf: Fix runtime linker auditing on aarch64 (BZ #26643)
Date: Tue, 21 Dec 2021 18:22:17 +0100 [thread overview]
Message-ID: <87r1a598l2.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <b59949eb-abf1-9cb6-ba4e-3075991fd43a@linaro.org> (Adhemerval Zanella's message of "Tue, 21 Dec 2021 14:03:48 -0300")
* Adhemerval Zanella:
> On 21/12/2021 11:54, Florian Weimer wrote:
>> * Adhemerval Zanella:
>>
>>>>> At least for aarch64 old audit modules are error-prone and potentially adds
>>>>> more subtle issues since they do not save/restore some return register that
>>>>> I don't see any real gain to keep supporting them.
>>>>
>>>> I disagree. la_objsearch alone is a significant use case, and I don't
>>>> see why it wouldn't work today. It does not need any
>>>> architecture-specific code whatsoever.
>>>
>>> My main problem is provide a API which undocumented and missing support
>>> where if users tries to replicate what other architecture does it will
>>> shoot in the foot. I think this is just a broken API and we should
>>> avoid it.
>>
>> Sorry, which API?
>
> THe audit modules one, making la_objsearch work when the rest of the possible
> callbacks functions might trigger undefined behavior (as per BZ#26643) does
> not seems to me as as good way forward. It has not bitten us before because
> the user case is quite limited.
Red Hat has at least one customer that only uses la_objsearch and not
la_symbind (but they don't use aarch64, so they aren't impacted by this
bug either way).
However, you are changing generic code, so what you are proposing
rejects all old audit modules on all architectures. This is really not
the way to do this.
Let me summarize my recommendation:
. Change LAV_CURRENT to 2.
. Treat la_version return values 1 and 2 the same for now (so > as
before in the check, not !=).
. *If* a user shows up whose aarch64 audit modules were broken by the
fix for bug 26643, support two ABIs for the PLT enter/exit hooks.
. Consider issuing more la_symbind callbacks for LAV_CURRENT == 2
only (BIND_NOW functions and basically all symbols).
Thanks,
Florian
next prev parent reply other threads:[~2021-12-21 17:22 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 18:37 [PATCH v6 00/20] Multiple rtld-audit fixes Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 01/20] elf: Suppress audit calls when a (new) namespace is empty (BZ #28062) Adhemerval Zanella
2021-11-15 19:01 ` Florian Weimer
2021-11-16 13:14 ` Adhemerval Zanella
2021-11-16 13:15 ` Florian Weimer
2021-11-16 13:45 ` Andreas Schwab
2021-11-16 13:48 ` Florian Weimer
2021-11-16 14:16 ` Andreas Schwab
2021-11-18 19:58 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 02/20] elf: Add _dl_audit_objopen Adhemerval Zanella
2021-12-10 12:40 ` Florian Weimer
2021-12-10 12:48 ` Florian Weimer
2021-12-10 13:45 ` Adhemerval Zanella
2021-12-10 14:11 ` Adhemerval Zanella
2021-12-10 14:15 ` Florian Weimer
2021-12-10 14:41 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 03/20] elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid Adhemerval Zanella
2021-12-10 13:54 ` Florian Weimer
2021-12-10 14:58 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 04/20] elf: Add _dl_audit_objsearch Adhemerval Zanella
2021-12-17 12:21 ` Florian Weimer
2021-12-17 16:09 ` Adhemerval Zanella
2021-12-17 16:12 ` Florian Weimer
2021-12-17 16:33 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 05/20] elf: Add _dl_audit_objclose Adhemerval Zanella
2021-12-17 16:29 ` Florian Weimer
2021-12-17 16:39 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 06/20] elf: Add _dl_audit_symbind_alt and _dl_audit_symbind Adhemerval Zanella
2021-12-17 16:50 ` Florian Weimer
2021-12-17 18:46 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 07/20] elf: Add _dl_audit_preinit Adhemerval Zanella
2021-12-17 17:13 ` Florian Weimer
2021-12-17 18:54 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 08/20] elf: Add _dl_audit_pltenter Adhemerval Zanella
2021-12-17 17:21 ` Florian Weimer
2021-11-15 18:37 ` [PATCH v6 09/20] elf: Add _dl_audit_pltexit Adhemerval Zanella
2021-12-17 17:43 ` Florian Weimer
2021-12-17 19:02 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 10/20] elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) Adhemerval Zanella
2021-12-18 18:45 ` Florian Weimer
2021-12-20 12:10 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 11/20] elf: Add audit tests for modules with TLSDESC Adhemerval Zanella
2021-12-18 18:53 ` Florian Weimer
2021-12-20 12:23 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 12/20] elf: Do not fail for failed dlmopen on audit modules (BZ #28061) Adhemerval Zanella
2021-12-18 18:59 ` Florian Weimer
2021-12-20 12:24 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 13/20] elf: Fix initial-exec TLS access on audit modules (BZ #28096) Adhemerval Zanella
2021-12-18 18:01 ` Florian Weimer
2021-12-20 13:25 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 14/20] elf: Issue audit la_objopen() for vDSO Adhemerval Zanella
2021-12-18 20:00 ` Florian Weimer
2021-12-20 12:50 ` Adhemerval Zanella
2021-12-20 13:18 ` Florian Weimer
2021-11-15 18:37 ` [PATCH v6 15/20] elf: Run constructors if executable has a soname of a dependency Adhemerval Zanella
2021-12-18 20:08 ` Florian Weimer
2021-12-20 16:49 ` Adhemerval Zanella
2021-12-20 16:52 ` Florian Weimer
2021-12-20 16:55 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 16/20] elf: Add main application on main_map l_name Adhemerval Zanella
2021-12-20 13:32 ` Florian Weimer
2021-12-20 18:04 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 17/20] elf: Add la_activity during application exit Adhemerval Zanella
2021-12-20 13:34 ` Florian Weimer
2021-12-20 19:46 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 18/20] elf: Issue la_symbind() for bind-now (BZ #23734) Adhemerval Zanella
2021-12-20 19:18 ` Florian Weimer
2021-12-20 20:43 ` Adhemerval Zanella
2021-12-20 21:04 ` Florian Weimer
2021-12-20 21:09 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 19/20] elf: Fix runtime linker auditing on aarch64 (BZ #26643) Adhemerval Zanella
2021-12-20 21:32 ` Florian Weimer
2021-12-21 14:33 ` Adhemerval Zanella
2021-12-21 14:44 ` Florian Weimer
2021-12-21 14:48 ` Adhemerval Zanella
2021-12-21 14:54 ` Florian Weimer
2021-12-21 17:03 ` Adhemerval Zanella
2021-12-21 17:22 ` Florian Weimer [this message]
2021-12-21 17:38 ` Adhemerval Zanella
2021-12-21 18:11 ` Florian Weimer
2021-12-21 18:19 ` Adhemerval Zanella
2021-12-20 21:34 ` Florian Weimer
2021-12-21 17:47 ` Szabolcs Nagy
2021-12-21 17:49 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 20/20] elf: Add SVE support for aarch64 rtld-audit Adhemerval Zanella
2021-12-21 14:27 ` Florian Weimer
2021-12-21 14:37 ` Adhemerval Zanella
2021-12-21 16:45 ` Szabolcs Nagy
2021-12-21 17:08 ` Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1a598l2.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=adhemerval.zanella@linaro.org \
--cc=johnmc@rice.edu \
--cc=libc-alpha@sourceware.org \
--cc=woodard@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).