From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id D4DE53858400 for ; Wed, 10 Nov 2021 13:23:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D4DE53858400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-219-IJu1cKRvOPS3Xb4mEOgylw-1; Wed, 10 Nov 2021 08:23:52 -0500 X-MC-Unique: IJu1cKRvOPS3Xb4mEOgylw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 13B2310168C0; Wed, 10 Nov 2021 13:23:51 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.82]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C9E5756A86; Wed, 10 Nov 2021 13:23:49 +0000 (UTC) From: Florian Weimer To: Adhemerval Zanella Cc: libc-alpha@sourceware.org, John Mellor-Crummey , Ben Woodard Subject: Re: [PATCH v5 05/22] elf: Fix initial-exec TLS access on audit modules (BZ #28096) References: <20211109183347.2943786-1-adhemerval.zanella@linaro.org> <20211109183347.2943786-6-adhemerval.zanella@linaro.org> Date: Wed, 10 Nov 2021 14:23:47 +0100 In-Reply-To: <20211109183347.2943786-6-adhemerval.zanella@linaro.org> (Adhemerval Zanella's message of "Tue, 9 Nov 2021 15:33:30 -0300") Message-ID: <87v9105el8.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2021 13:23:55 -0000 * Adhemerval Zanella: > diff --git a/elf/Makefile b/elf/Makefile > index 4758cb23c4..861e83236e 100644 > --- a/elf/Makefile > +++ b/elf/Makefile > +$(objpfx)tst-audit21.out: $(objpfx)tst-auditmod21.so > +tst-audit21-ENV = LD_AUDIT=$(objpfx)tst-auditmod21.so This is needed to fix a Hurd build failure: $(objpfx)tst-audit21: $(shared-thread-library) > diff --git a/elf/dl-object.c b/elf/dl-object.c > index 1875599eb2..eb2158a84b 100644 > --- a/elf/dl-object.c > +++ b/elf/dl-object.c > @@ -175,6 +175,9 @@ _dl_new_object (char *realname, const char *libname, int type, > > new->l_local_scope[0] = &new->l_searchlist; > > + if (mode & __RTLD_AUDIT) > + new->l_dont_set_tls_static = 1; > + > /* Determine the origin. If allocating the link map for the main > executable, the realname is not known and "". In this case, the > origin needs to be determined by other means. However, in case > diff --git a/elf/rtld.c b/elf/rtld.c > index 8953347b00..db1817655f 100644 > --- a/elf/rtld.c > +++ b/elf/rtld.c > @@ -1055,6 +1055,8 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d); > > /* Mark the DSO as being used for auditing. */ > dlmargs.map->l_auditing = 1; > + /* Mark the DSO to not clear the TLS bss in tls initialization. */ > + dlmargs.map->l_dont_set_tls_static = 1; > } > > /* Notify the the audit modules that the object MAP has already been I'm not sure if this actually works. As far as I understand it, everything in an audit namespace needs this special treatment, and not just the audit module itself. I think we shuld add a parameter to _dl_allocate_tls_init and that indicates the initialization should only be applied to objects in the base namespace. This way, initialization is also skipped for dlopen'ed modules in an audit namespace. Thanks, Florian