From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: Florian Weimer <fweimer@redhat.com>
Cc: libc-alpha@sourceware.org, John Mellor-Crummey <johnmc@rice.edu>,
Ben Woodard <woodard@redhat.com>
Subject: Re: [PATCH v6 19/20] elf: Fix runtime linker auditing on aarch64 (BZ #26643)
Date: Tue, 21 Dec 2021 14:38:54 -0300 [thread overview]
Message-ID: <aefefdf5-acac-bbdf-177b-335fd54cb33a@linaro.org> (raw)
In-Reply-To: <87r1a598l2.fsf@oldenburg.str.redhat.com>
On 21/12/2021 14:22, Florian Weimer wrote:
> * Adhemerval Zanella:
>
>> On 21/12/2021 11:54, Florian Weimer wrote:
>>> * Adhemerval Zanella:
>>>
>>>>>> At least for aarch64 old audit modules are error-prone and potentially adds
>>>>>> more subtle issues since they do not save/restore some return register that
>>>>>> I don't see any real gain to keep supporting them.
>>>>>
>>>>> I disagree. la_objsearch alone is a significant use case, and I don't
>>>>> see why it wouldn't work today. It does not need any
>>>>> architecture-specific code whatsoever.
>>>>
>>>> My main problem is provide a API which undocumented and missing support
>>>> where if users tries to replicate what other architecture does it will
>>>> shoot in the foot. I think this is just a broken API and we should
>>>> avoid it.
>>>
>>> Sorry, which API?
>>
>> THe audit modules one, making la_objsearch work when the rest of the possible
>> callbacks functions might trigger undefined behavior (as per BZ#26643) does
>> not seems to me as as good way forward. It has not bitten us before because
>> the user case is quite limited.
>
> Red Hat has at least one customer that only uses la_objsearch and not
> la_symbind (but they don't use aarch64, so they aren't impacted by this
> bug either way).
>
> However, you are changing generic code, so what you are proposing
> rejects all old audit modules on all architectures. This is really not
> the way to do this.
Yes, I agree that changing the generic code was kind unnecessary on most
architectures.
>
> Let me summarize my recommendation:
>
> . Change LAV_CURRENT to 2.
>
> . Treat la_version return values 1 and 2 the same for now (so > as
> before in the check, not !=).
And that is what I am doing now.
>
> . *If* a user shows up whose aarch64 audit modules were broken by the
> fix for bug 26643, support two ABIs for the PLT enter/exit hooks.
And that is what I really dislike and I want to avoid, I see absolute
no gain about supporting an interface for aarch64 (or any other port,
the issue is only aarch64 is currently showing) that has subtle and
broken API.
For aarch64 I still think it better to just avoid loading old audit
modules.
>
> . Consider issuing more la_symbind callbacks for LAV_CURRENT == 2
> only (BIND_NOW functions and basically all symbols).
>
What about newer audit module version that request PLT trace? Currently
my plan is to stop execution with an error, instead of just ignoring it.
next prev parent reply other threads:[~2021-12-21 17:38 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 18:37 [PATCH v6 00/20] Multiple rtld-audit fixes Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 01/20] elf: Suppress audit calls when a (new) namespace is empty (BZ #28062) Adhemerval Zanella
2021-11-15 19:01 ` Florian Weimer
2021-11-16 13:14 ` Adhemerval Zanella
2021-11-16 13:15 ` Florian Weimer
2021-11-16 13:45 ` Andreas Schwab
2021-11-16 13:48 ` Florian Weimer
2021-11-16 14:16 ` Andreas Schwab
2021-11-18 19:58 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 02/20] elf: Add _dl_audit_objopen Adhemerval Zanella
2021-12-10 12:40 ` Florian Weimer
2021-12-10 12:48 ` Florian Weimer
2021-12-10 13:45 ` Adhemerval Zanella
2021-12-10 14:11 ` Adhemerval Zanella
2021-12-10 14:15 ` Florian Weimer
2021-12-10 14:41 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 03/20] elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid Adhemerval Zanella
2021-12-10 13:54 ` Florian Weimer
2021-12-10 14:58 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 04/20] elf: Add _dl_audit_objsearch Adhemerval Zanella
2021-12-17 12:21 ` Florian Weimer
2021-12-17 16:09 ` Adhemerval Zanella
2021-12-17 16:12 ` Florian Weimer
2021-12-17 16:33 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 05/20] elf: Add _dl_audit_objclose Adhemerval Zanella
2021-12-17 16:29 ` Florian Weimer
2021-12-17 16:39 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 06/20] elf: Add _dl_audit_symbind_alt and _dl_audit_symbind Adhemerval Zanella
2021-12-17 16:50 ` Florian Weimer
2021-12-17 18:46 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 07/20] elf: Add _dl_audit_preinit Adhemerval Zanella
2021-12-17 17:13 ` Florian Weimer
2021-12-17 18:54 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 08/20] elf: Add _dl_audit_pltenter Adhemerval Zanella
2021-12-17 17:21 ` Florian Weimer
2021-11-15 18:37 ` [PATCH v6 09/20] elf: Add _dl_audit_pltexit Adhemerval Zanella
2021-12-17 17:43 ` Florian Weimer
2021-12-17 19:02 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 10/20] elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) Adhemerval Zanella
2021-12-18 18:45 ` Florian Weimer
2021-12-20 12:10 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 11/20] elf: Add audit tests for modules with TLSDESC Adhemerval Zanella
2021-12-18 18:53 ` Florian Weimer
2021-12-20 12:23 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 12/20] elf: Do not fail for failed dlmopen on audit modules (BZ #28061) Adhemerval Zanella
2021-12-18 18:59 ` Florian Weimer
2021-12-20 12:24 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 13/20] elf: Fix initial-exec TLS access on audit modules (BZ #28096) Adhemerval Zanella
2021-12-18 18:01 ` Florian Weimer
2021-12-20 13:25 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 14/20] elf: Issue audit la_objopen() for vDSO Adhemerval Zanella
2021-12-18 20:00 ` Florian Weimer
2021-12-20 12:50 ` Adhemerval Zanella
2021-12-20 13:18 ` Florian Weimer
2021-11-15 18:37 ` [PATCH v6 15/20] elf: Run constructors if executable has a soname of a dependency Adhemerval Zanella
2021-12-18 20:08 ` Florian Weimer
2021-12-20 16:49 ` Adhemerval Zanella
2021-12-20 16:52 ` Florian Weimer
2021-12-20 16:55 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 16/20] elf: Add main application on main_map l_name Adhemerval Zanella
2021-12-20 13:32 ` Florian Weimer
2021-12-20 18:04 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 17/20] elf: Add la_activity during application exit Adhemerval Zanella
2021-12-20 13:34 ` Florian Weimer
2021-12-20 19:46 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 18/20] elf: Issue la_symbind() for bind-now (BZ #23734) Adhemerval Zanella
2021-12-20 19:18 ` Florian Weimer
2021-12-20 20:43 ` Adhemerval Zanella
2021-12-20 21:04 ` Florian Weimer
2021-12-20 21:09 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 19/20] elf: Fix runtime linker auditing on aarch64 (BZ #26643) Adhemerval Zanella
2021-12-20 21:32 ` Florian Weimer
2021-12-21 14:33 ` Adhemerval Zanella
2021-12-21 14:44 ` Florian Weimer
2021-12-21 14:48 ` Adhemerval Zanella
2021-12-21 14:54 ` Florian Weimer
2021-12-21 17:03 ` Adhemerval Zanella
2021-12-21 17:22 ` Florian Weimer
2021-12-21 17:38 ` Adhemerval Zanella [this message]
2021-12-21 18:11 ` Florian Weimer
2021-12-21 18:19 ` Adhemerval Zanella
2021-12-20 21:34 ` Florian Weimer
2021-12-21 17:47 ` Szabolcs Nagy
2021-12-21 17:49 ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 20/20] elf: Add SVE support for aarch64 rtld-audit Adhemerval Zanella
2021-12-21 14:27 ` Florian Weimer
2021-12-21 14:37 ` Adhemerval Zanella
2021-12-21 16:45 ` Szabolcs Nagy
2021-12-21 17:08 ` Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aefefdf5-acac-bbdf-177b-335fd54cb33a@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=fweimer@redhat.com \
--cc=johnmc@rice.edu \
--cc=libc-alpha@sourceware.org \
--cc=woodard@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).