From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: Florian Weimer <fweimer@redhat.com>,
Adhemerval Zanella via Libc-alpha <libc-alpha@sourceware.org>
Cc: jma14 <jma14@rice.edu>, Carlos O'Donell <carlos@redhat.com>,
John Mellor-Crummey <johnmc@rice.edu>
Subject: Re: [PATCH v10 2/4] elf: Fix initial-exec TLS access on audit modules (BZ #28096)
Date: Tue, 18 Jan 2022 09:58:43 -0300 [thread overview]
Message-ID: <a607316e-cf5e-7d77-ebd1-2ee0e9d18685@linaro.org> (raw)
In-Reply-To: <87r195jn1p.fsf@oldenburg.str.redhat.com>
On 18/01/2022 08:33, Florian Weimer wrote:
> * Adhemerval Zanella via Libc-alpha:
>
>> diff --git a/elf/dl-tls.c b/elf/dl-tls.c
>> index 8ba70c9a9d..8ed91ff599 100644
>> --- a/elf/dl-tls.c
>> +++ b/elf/dl-tls.c
>> @@ -520,7 +520,7 @@ _dl_resize_dtv (dtv_t *dtv, size_t max_modid)
>>
>>
>> void *
>> -_dl_allocate_tls_init (void *result)
>> +_dl_allocate_tls_init (void *result, bool init_tls)
>> {
>> if (result == NULL)
>> /* The memory allocation failed. */
>> @@ -593,7 +593,14 @@ _dl_allocate_tls_init (void *result)
>> some platforms use in static programs requires it. */
>> dtv[map->l_tls_modid].pointer.val = dest;
>>
>> - /* Copy the initialization image and clear the BSS part. */
>> + /* Copy the initialization image and clear the BSS part. For
>> + audit modules or depedencies with initial-exec TLS, we can not
>> + set the initial TLS image on default loader initialization
>> + because it would already be set by the audit setup. However,
>> + subsequent thread creation would need to follow the default
>> + behaviour. */
>> + if (__glibc_unlikely (map->l_auditing && !init_tls))
>> + continue;
>> memset (__mempcpy (dest, map->l_tls_initimage,
>> map->l_tls_initimage_size), '\0',
>> map->l_tls_blocksize - map->l_tls_initimage_size);
>
> I don't understand why the map->l_auditing condition is correct.
> Shouldn't it be
>
> map->l_ns == LM_ID_BASE && !init_tls
>
> ? Everything else has been loaded via dlopen or dlmopen, so TLS
> initialization for the main thread has already happened.
This is not suffice (I tried before in fact) because we need to skip
solely for the audit modules and dependencies at the startup. For
instance with tst-audit21 we have with some _dl_debug_printf to
show what is happening
1533769: [rtld.c:966] load_audit_module
1533769: [rtld.c:973] load_audit_module
1533769: [rtld.c:2465] dl_main
1533769: [../elf/dl-tls.c:603] map->l_name= map->l_ns=0 map->l_auditing=0 init_tls=0 [INIT]
1533769: [../elf/dl-tls.c:603] map->l_name=[...]/elf/tst-auditmod21a.so map->l_ns=1 map->l_auditing=1 init_tls=0
1533769: [../elf/dl-tls.c:603] map->l_name=[...]/libc.so.6 map->l_ns=1 map->l_auditing=1 init_tls=0
1533769: [../elf/dl-tls.c:603] map->l_name=[...]/libc.so.6 map->l_ns=0 map->l_auditing=0 init_tls=0 [INIT]
1533769: [../elf/dl-tls.c:621]
1533769: [rtld.c:2467] dl_main
[allocatestack.c:435] allocate_stack
1533769: [../elf/dl-tls.c:633] _dl_allocate_tls
1533769: [../elf/dl-tls.c:603] map->l_name= map->l_ns=0 map->l_auditing=0 init_tls=1 [INIT]
1533769: [../elf/dl-tls.c:603] [...]/elf/tst-auditmod21a.so map->l_ns=1 map->l_auditing=1 init_tls=1 [INIT]
1533769: [../elf/dl-tls.c:603] [...]/libc.so.6 map->l_ns=1 map->l_auditing=1 init_tls=1 [INIT]
1533769: [../elf/dl-tls.c:603] [...]/libc.so.6 map->l_ns=0 map->l_auditing=0 init_tls=1 [INIT]
1533769: [../elf/dl-tls.c:621]
1533769: [../elf/dl-tls.c:642] _dl_allocate_tls
[allocatestack.c:446] allocate_stack
So we need to avoid initialization only for the libc.so loading by audit libraries,
the default one should still be initialized (marked as [INIT]). Later when new
threads are created we need to initialized everything.
next prev parent reply other threads:[~2022-01-18 12:58 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-17 21:31 [PATCH v10 0/4] Multiple rtld-audit fixes Adhemerval Zanella
2022-01-17 21:31 ` [PATCH v10 1/4] elf: Add la_activity during application exit Adhemerval Zanella
2022-01-18 11:29 ` Florian Weimer
2022-01-18 13:10 ` Adhemerval Zanella
2022-01-21 10:50 ` Florian Weimer
2022-01-21 10:50 ` Florian Weimer
2022-01-24 12:53 ` Adhemerval Zanella
2022-01-17 21:31 ` [PATCH v10 2/4] elf: Fix initial-exec TLS access on audit modules (BZ #28096) Adhemerval Zanella
2022-01-18 11:33 ` Florian Weimer
2022-01-18 12:58 ` Adhemerval Zanella [this message]
2022-01-18 13:02 ` Florian Weimer
2022-01-18 13:26 ` Adhemerval Zanella
2022-01-18 13:29 ` Florian Weimer
2022-01-18 13:33 ` Adhemerval Zanella
2022-01-18 13:46 ` Adhemerval Zanella
2022-01-18 13:47 ` Adhemerval Zanella
2022-01-17 21:31 ` [PATCH v10 3/4] elf: Issue la_symbind for bind-now (BZ #23734) Adhemerval Zanella
2022-01-21 11:18 ` Florian Weimer
2022-01-17 21:31 ` [PATCH v10 4/4] elf: Fix runtime linker auditing on aarch64 (BZ #26643) Adhemerval Zanella
2022-01-18 13:36 ` Szabolcs Nagy
2022-01-21 11:19 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a607316e-cf5e-7d77-ebd1-2ee0e9d18685@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=carlos@redhat.com \
--cc=fweimer@redhat.com \
--cc=jma14@rice.edu \
--cc=johnmc@rice.edu \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).