From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2040.outbound.protection.outlook.com [40.107.223.40]) by sourceware.org (Postfix) with ESMTPS id D16C73858C54 for ; Wed, 8 Mar 2023 10:21:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D16C73858C54 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=azul.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=azul.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TChwf3mLksS+V2q3wvv7q1X2Vs/WzFlYZS/fZJgq9/nLrsdyMLSXbJWoazGBrjL0yAV7TxxHHiUaTHwSiZ6tn13H5g46Jy7rrU2pk9CAmsuekTWedfgUzhD/sp7Nzid05643Rm4QguxdC0jWpjyp0mF4JNQvjv0HOzWbCbKeF9Cz3xmLxOyLfstg3mhv0ThWm6m1PUDspuCPz2XAc1LNVK4rdGaYsP4IMPmrA9uqZ8DdZ8O1he0WoByWUEN6JQ5/nuUdd97drXeWdtKoMsM/tbeLhKQVhDKk2/RH8AjyCkkXXC26EKwiiHROEzgImL0B41KdDLdYkwsGURpfANFewQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2h8r3iXLVsvCJngt6LtPL0zjSq7tzdkZH1Gef1w+Qjs=; b=iExoguPiKLPnpnaU97Kl5CttZ8KTr3GarjokDhdSfgfcEWbEX4XVMXi12XGlWD1zruLgT6b/FPfe7Qn9JT3+8GahtrhHEO68GpsL6TvVvbH2IFL9tlc2vhzznHE2pckGCTO8E/FfKRRWIAjaNZnJtTZrHRAInd6rvCaKA1ti/CUYwUF0IdOCZCXAyHydM9PO4TvOB7AKwlOCJ+UsZW4YH2oJAYIZ9tUUUhJrGBz8JLQntAddiGZoMjcR2dd+zOgaxQNuHgmJ+3Hv2H2bxcwb/FFR9FK6BYtUSgMGbfGrpwo3gtbcGLYrQhY3bYsTcvec1Rb+5wdnpaFq3bun2eoSNg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=azul.com; dmarc=pass action=none header.from=azul.com; dkim=pass header.d=azul.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azul.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2h8r3iXLVsvCJngt6LtPL0zjSq7tzdkZH1Gef1w+Qjs=; b=bb/kmxlf2mmQBL7+ZiEwY4ncPOWnuKns+lns+GcrYEzK2polJ5+vCSTaEFTaETqqOXhfj3UPrMBE/FLwv6fW0Wlj2v+AIeWaE7/w3ZUR1Egm3atkdfgMLgiELwAHkZJ+TuFKunNLk0soDZoBKNUigPZSOQXUk4/wYMamk2gvAShxiJX4/BbkGfy3Tln/AG1fckEf/tyG0L+Q0j3lScuRQ/31jP5Er7Jfzi0xeoRIHxDVWCcNPOIlYWd01y/5ErHKWOPJxKSVu473cK3dsM6IBYhHDdUw8c3/PqoDn0lxLFXYq526dE8pRBfT63oacyALqTLkCCjNjHVu3QCy7X1viw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=azul.com; Received: from DM6PR11MB4073.namprd11.prod.outlook.com (2603:10b6:5:19f::22) by SJ1PR11MB6274.namprd11.prod.outlook.com (2603:10b6:a03:457::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.17; Wed, 8 Mar 2023 10:21:27 +0000 Received: from DM6PR11MB4073.namprd11.prod.outlook.com ([fe80::8476:1cf6:afeb:c285]) by DM6PR11MB4073.namprd11.prod.outlook.com ([fe80::8476:1cf6:afeb:c285%3]) with mapi id 15.20.6156.028; Wed, 8 Mar 2023 10:21:26 +0000 Date: Wed, 8 Mar 2023 18:21:18 +0800 From: Jan Kratochvil To: Adhemerval Zanella Netto Cc: Florian Weimer , libc-alpha@sourceware.org, Anton Kozlov Subject: Re: [PATCH] RFC: Provide a function to reset IFUNC PLTs Message-ID: References: <87v8jdq7ht.fsf@oldenburg.str.redhat.com> <2659aadc-6518-cc0e-d103-84eafcbdc3f9@linaro.org> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2659aadc-6518-cc0e-d103-84eafcbdc3f9@linaro.org> User-Agent: Mutt/2.2.7 (2022-08-07) X-ClientProxiedBy: VI1PR0701CA0051.eurprd07.prod.outlook.com (2603:10a6:800:5f::13) To DM6PR11MB4073.namprd11.prod.outlook.com (2603:10b6:5:19f::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6PR11MB4073:EE_|SJ1PR11MB6274:EE_ X-MS-Office365-Filtering-Correlation-Id: a723d92e-8f82-40e0-8d1d-08db1fbedfda X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KcoGlgqHn3fQD7+0FeDU5Kf0LzLjPyAV0ffjgp7oV0VYvhfQXbHNX+cCUUkwbpY7pQMmlcu97eeoW+oNcPKonsLCMzz1Tni+cfiX8TgqABG6rdsRxFAwCJyhK+pc91wGsu+Gb9/0OIyDn8FbjGuLzMLehDNJ148qg3a0g7urr35wVRPGQc48dpzNIcL8sLuZoVZxqBfMF59J9TewTa/jyP0xF/MTEu8LRSAcy5pLHzePxZihyinmz7fzUvVLS4XS3bzSlMhD8wQY900wzKaalliz9BtR7+vwFOnSG4JUIyEK1ZdAmjsPCTiQx18lnwpQTDMkhJ4SjWSSyMkrI5AEiRjQvHm5Irw+MM10G7qEouST6KzlHzM1LAAwKnanSiF2gTo+nCfD4do+5zYfxYCSsmqTKcWBB1ubQyOTFpq6QZ2dPq9d22Q2wwSVRDSxhwooBr5EqZ/+sgPoyiNDhxT3YAqkIzvsleErcsWMSUkJIVE3HY6w0EoQzoZrq0Q+sAkzleMfQCvouRfE2XEqHmupTPRnV1Wx2mmUV2FofpYGxxW7zhu37U263/WBFcvtK6qm+uVlFwZNGHfXgUKgkqU4b0AdhwUZ9KS5TQ995Z43NNrctYULdXcUXgZnNyxQAiVb X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB4073.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(376002)(39850400004)(366004)(136003)(396003)(346002)(451199018)(4744005)(8936002)(5660300002)(6506007)(9686003)(6512007)(6666004)(38100700002)(107886003)(83380400001)(186003)(54906003)(86362001)(316002)(41300700001)(66556008)(6916009)(8676002)(66476007)(66946007)(6486002)(966005)(478600001)(2906002)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?B7E1V/FiNFi9DlaWXd6qoAnY465Xc0q64fzGvrvOYHntImRGSk2dievV064Y?= =?us-ascii?Q?SOcuPVxviWfqkdbTiMRQM5IvXn6YbCWjEs62ardigqRYZ8zcTO/azxnmrwH+?= =?us-ascii?Q?VwDH04tvrMax+Vn56Yglor8Zq7azlv07NWFBgps+0zCjA0pXkP46/sPYfVPD?= =?us-ascii?Q?DYgxJuL2SQyuIE6rRPdQkX6x8MOmyySquzvOGDGhhKYovj/f2fbWpTbtqMCk?= =?us-ascii?Q?y1wDQVnJmUw6D4OUCflh4Gsw0q6K4wCT9LZg/jSjMP2MSuoRdJrBZlUZT9aX?= =?us-ascii?Q?gGEqNxLU68z4EKSapN/y7zrzEf9iKyQBk9aA428M/BOthCq1pLd2vuQXk02a?= =?us-ascii?Q?rXHUWyCnfIXXyuM/dnXI21+M8LFoWLi+WdWKThbaVA2cycMOrJt4L8cPqdNQ?= =?us-ascii?Q?trsqDBfI7syjgRPPgkcuZnmMzXoU7PFtYPLdCpkVOzHL4+QvbZwc8L/jfKjB?= =?us-ascii?Q?finnsviMGQ8nErIsqvKcIuJZY2y09ijS++bbwUGhlS+v2VZXU0LAd9qgXHC6?= =?us-ascii?Q?9enVyTA/YQ1v3g0/bEEh3pFX2Ip7YPYGYKZzR7AO/FTa242rR96G7pY98Lkg?= =?us-ascii?Q?UrC0QAScu5pX7uck6Kx/di+SbQtJw/wS+Pq1nW8SdduOOL2fh5K9XO6yjZiJ?= =?us-ascii?Q?yNyC2TJygatnVqBV/BIkhq1Kbj5jAejI+UKCb0WExVMZHtDHgb7milAZmyIg?= =?us-ascii?Q?LZniWur6mA8VCrdhJdKJ4Px92WU832MhGv1uFvcmC9tXG1thFcpOUSBcWXdq?= =?us-ascii?Q?9lwcLL9eGd2Si4OiYLJZUPxUc4hZtM48mvXFajIpABP+nv99gCRVLLXq8ofb?= =?us-ascii?Q?n4WLPsHCS9XtqRRx4PiHWKemr5QNMVkQ8Mkqe45P6NuHm0Eeq0C0FSDDc4Nr?= =?us-ascii?Q?/phRSday5KdYwQEOCoBE8Mgr9+YYzrpprKS4qMiV8dVvYDITTHPUjeSZwbcq?= =?us-ascii?Q?Tzt9FcFwrLVcNL78f7OUsT8F44fWeA5SrVnadIdJJFX0zXsCX+aFjHurJCUn?= =?us-ascii?Q?DxJL1VvJF6UFvVOcwwdrhZBRVA7WbqwlEYcT90XNkcfoIUL67tTIS7h6i7E5?= =?us-ascii?Q?aF8ll6M2IdjfVfXwD3+vbiaMyJ/bVNO63UF2RZM3Y2CW8U92tZZTb550jSq5?= =?us-ascii?Q?Hd2vgGoFXN133JFcioe7tpWEcw0a972ZhjyoXUyA6LIK7YqzL4AxIjdhfBsa?= =?us-ascii?Q?asNEm0mXflB4uelFmaO+pS+dWVclS86qs4feRXeo0VF//f/rUjjFzINgQey6?= =?us-ascii?Q?6+qrn7k6Q9h46fLBKeMkbbarC8mPkUmylw3o18upa5ds6Y/GhnieVMk+jNCE?= =?us-ascii?Q?O+q4eQsYrhbSy5JT0ABy2joODYe4x3M9p9GpJ7Sgd6aTNvS7axzhRmCD8IGI?= =?us-ascii?Q?iLib46B0J0fFu0owcWaIAhU87hdW7LsLzSwqxQu05sEqwlf3MYEzzhsc5Khn?= =?us-ascii?Q?MTpe0wlH2O3Wm+hmqeKT+0Om+TA3LR7P3gNljCufV2w1Ily3eCLHpj8BGcaF?= =?us-ascii?Q?NYNCPM/8FQpyY+SiB3tTEeyjbhbdVpWhPcq4kl3Tma12lnNNQhU1p5/Fd7Ie?= =?us-ascii?Q?rjAHmwyW9HUvO+HtEvOH54+U4xcHfyle8NeUfZftvnBXFIUniJsC1pa8rGO8?= =?us-ascii?Q?Bw=3D=3D?= X-OriginatorOrg: azul.com X-MS-Exchange-CrossTenant-Network-Message-Id: a723d92e-8f82-40e0-8d1d-08db1fbedfda X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4073.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2023 10:21:26.6227 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: c480eb31-2b17-43d7-b4c7-9bcb20cc4bf2 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /oi5NzjxrDVCdLSdS57dvq6W/s2PEX1Uuvf8uE6GjPPs8fAMWRXI5xaM0vslJBENYtblRNi7aIxYPMWypnpnLQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR11MB6274 X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, 07 Mar 2023 21:07:58 +0800, Adhemerval Zanella Netto wrote: > I am not sure if the ifunc reset will be really safe without adding CRIU > migrate sync points, to avoid suspend execution in a context that the > ifunc variants are already being executed or its address is being in a > function point (for instance in PLT code). You are right but I left the thread safety up to the caller ("Freezer"): https://github.com/openjdk/crac/pull/41/files#diff-aeec57d804d56002f26a85359fc4ac8b48cfc249d57c656a30a63fc6bf3457adR6029 It could be moved to the glibc part. > Besides, I also not sure if adding way to remove RELRO protection won't > add more security issues (we can disable for sesuid binaries, but even > though it is not a good security practice). RELRO is removed only temporarily, it gets re-engaged. And that time other threads should be even stopped (see above). Is it still a security issues? Thanks, Jan