Re: glibc 2.34 and Yocto Project's "uninative"

[Adhemerval Zanella <adhemerval.zanella@linaro.org>]

On 20/08/2021 11:37, Richard Purdie via Libc-help wrote:
> Hi,
> 
> Yocto Project is a cross compiling build system used to build customised
> Linux, RTOSs, firmware and more. It has some interesting technology. One piece
> of it is "pseudo" (http://git.yoctoproject.org/cgit.cgi/pseudo/) which is an 
> LD_PRELOAD which intercepts calls to libc and fakes root privileges. One way or
> another we've managed to keep that working with multiple libc versions for the
> last decade.
> 
> A second piece of technology is uninative. We build a lot binary artefacts, some
> for the target, some as tools running natively on the build system. We have a
> cache of these artefacts people can share and reuse. Uninative is our way of
> allowing one binary to run on any host distro. We do that by shipping a ld+libc
> binary shim and change the interpreter in the native binary to point at our own.
> As long as the shim is the same version or later than system version, it works.
> 
> In glibc 2.34, the merge of libdl and libpthread into libc is causing a problem
> for us. Basically, I've been able to make pseudo work and I can make uninative
> work however I can't make them both work together with glibc 2.34.
> 
> Pseudo uses minimal dl calls from libdl (dlsym, dlvsym and dlerror) and has a
> pthread mutex, therefore it links to -ldl and -lpthread.
> 
> The issue is that pseudo being an LD_PRELOAD, if linked against glibc 2.34
> doesn't "see" symbols in libdl and just links to libc. I did try forcing older
> versions of the symbols along the lines of:
> 
> __asm__(".symver dlerror,dlerror@GLIBC_" DLSYMVER);
> __asm__(".symver dlvsym,dlvsym@GLIBC_" DLVSYMVER);
> __asm__(".symver dlsym,dlsym@GLIBC_" DLSYMVER);
> 
> with some arch specific version number defines however even if I do this, and
> put back a libdl.so symlink to the lib, the linker ignores the weak wildcard
> reference and links back to libc.so itself. When we then use this preloaded lib
> on a system with an older libc:
> 
> relocation error: [...]/libpseudo.so: symbol dlerror, version GLIBC_2.2.5 not defined in file libc.so.6 with link time reference

Unfortunately this was never officially supported, since it is basically
trying to run a binary built in a newer glibc on an older one.  The
issue is not that linker put back libc.so, but rather that with GLIBC
2.34 there is a lot of more default symbols that are tied to GLIBC_2.34
version.

For instance:

$ cat dl.c 
#include <dlfcn.h>
#include <assert.h>

int main (int argc, char *argv[])
{
  void *h = dlopen (argv[1], RTLD_NOW);
  assert (h != 0);
  return 0;
}

asm (".symver dlopen,dlopen@GLIBC_2.2.5");

$ readelf -Ws dl | grep GLIBC_2.34
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.34 (2)
    24: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.34


The __libc_start_main has the additional issue that it is provided by crt1.o,
so the symver in the main TU won't solve it.  You will need to hack it with
the static linker, even by adding some wrap symbol to redirect to the 
__libc_start_main@GLIBC_2.2.5.


> 
> I did try ensuring libpseudo.so has a RUNPATH that includes our uninative libc
> however the loader ignores that for loading libc. I did then add our uninative
> libc path to LD_LIBRARY_PATH however that fails:

And I don't think this would work, it would force two libc with potentially
two different versions.

> 
> libc.so.6: symbol _dl_exception_create, version GLIBC_PRIVATE not defined in file ld-linux-x86-64.so.2 with link time reference
> 
> since the ld being used doesn't match the libc.
> 
> Can anyone see a way we could make things work?
I don't have easy library based solution for the requisites you posed,
building a newer glibc and running on a older one.  I think what *might*
work is to provide a auditor library linked against the newer glibc and
it then intercepts and routes the required library calls.  You will need
to redistribute the libc which the auditor was linked against.