From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 98A1A3858C3A
 for <libc-alpha@sourceware.org>; Tue, 21 Dec 2021 17:22:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 98A1A3858C3A
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-629-eoSGzdEGNRWxWm6p9ylwlA-1; Tue, 21 Dec 2021 12:22:22 -0500
X-MC-Unique: eoSGzdEGNRWxWm6p9ylwlA-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CD9B61385C4;
 Tue, 21 Dec 2021 17:22:20 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.192.104])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 752345BE2A;
 Tue, 21 Dec 2021 17:22:19 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org,  John Mellor-Crummey <johnmc@rice.edu>,  Ben
 Woodard <woodard@redhat.com>
Subject: Re: [PATCH v6 19/20] elf: Fix runtime linker auditing on aarch64
 (BZ #26643)
References: <20211115183734.531155-1-adhemerval.zanella@linaro.org>
 <20211115183734.531155-20-adhemerval.zanella@linaro.org>
 <87zgovc68b.fsf@oldenburg.str.redhat.com>
 <eb8f6bd0-7029-7108-d9e6-7d8579d04bb6@linaro.org>
 <87mtku9fvd.fsf@oldenburg.str.redhat.com>
 <fc0fe731-2b00-8aef-eb6b-a8c06a393746@linaro.org>
 <87ee669fey.fsf@oldenburg.str.redhat.com>
 <b59949eb-abf1-9cb6-ba4e-3075991fd43a@linaro.org>
Date: Tue, 21 Dec 2021 18:22:17 +0100
In-Reply-To: <b59949eb-abf1-9cb6-ba4e-3075991fd43a@linaro.org> (Adhemerval
 Zanella's message of "Tue, 21 Dec 2021 14:03:48 -0300")
Message-ID: <87r1a598l2.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Dec 2021 17:22:27 -0000

* Adhemerval Zanella:

> On 21/12/2021 11:54, Florian Weimer wrote:
>> * Adhemerval Zanella:
>> 
>>>>> At least for aarch64 old audit modules are error-prone and potentially adds
>>>>> more subtle issues since they do not save/restore some return register that
>>>>> I don't see any real gain to keep supporting them.
>>>>
>>>> I disagree.  la_objsearch alone is a significant use case, and I don't
>>>> see why it wouldn't work today.  It does not need any
>>>> architecture-specific code whatsoever.
>>>
>>> My main problem is provide a API which undocumented and missing support
>>> where if users tries to replicate what other architecture does it will
>>> shoot in the foot.  I think this is just a broken API and we should
>>> avoid it.
>> 
>> Sorry, which API?
>
> THe audit modules one, making la_objsearch work when the rest of the possible
> callbacks functions might trigger undefined behavior (as per BZ#26643) does
> not seems to me as as good way forward.  It has not bitten us before because
> the user case is quite limited.

Red Hat has at least one customer that only uses la_objsearch and not
la_symbind (but they don't use aarch64, so they aren't impacted by this
bug either way).

However, you are changing generic code, so what you are proposing
rejects all old audit modules on all architectures.  This is really not
the way to do this.

Let me summarize my recommendation:

. Change LAV_CURRENT to 2.

. Treat la_version return values 1 and 2 the same for now (so > as
  before in the check, not !=).

. *If* a user shows up whose aarch64 audit modules were broken by the
  fix for bug 26643, support two ABIs for the PLT enter/exit hooks.

. Consider issuing more la_symbind callbacks for LAV_CURRENT == 2
  only (BIND_NOW functions and basically all symbols).

Thanks,
Florian