From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) by sourceware.org (Postfix) with ESMTPS id 976E33858400 for ; Wed, 25 Aug 2021 20:11:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 976E33858400 Received: by mail-wm1-x330.google.com with SMTP id u15so315531wmj.1 for ; Wed, 25 Aug 2021 13:11:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=6tlaIUaVbOFJbCOLRSvlOKTxW5T+Drdtl0TZnjp1apo=; b=Zq0IUB1uQ3yN8uVcHcph+eL/PstWVGcZeyl+myGMI4tAIwkt6Ojqm5SFlUIv1L0iDD 3lR4SYYEqP+oYPXeeG5x8tB8gkiLGW/njiql03VY6EoglzQ7FaCGgWTTQmiy/+CHBMSV v0dy6s9QxZxmrtu5MFU7UtFgEgQ/0lgMuH+DRofRu2TXPsobpQAdodsHp/m/yV1o+zX8 af6cZWdZpFsxSg5GjK6sikqZGg/NyyiBzrft9jsZoCo9N/fJZzuYpycxncxu6dJHKtLV ib7KgqKJQvCbZlYczjtHhst7NtXFV2ludU2BqUywWQKc6rDwTk6laL2fRYgTz1L8lGZV MMJQ== X-Gm-Message-State: AOAM531jt6x273S2oAQrI6iTWD1dIuzq0N8QDK8Mn0aGgVdSpp0Dp81f aJZ7vb8+JvMqFdfEJRpgrWMMzAhk6d8SKg== X-Google-Smtp-Source: ABdhPJxbGoqg2463h2+PkKdiMbTXDOXF/RgjXqVh9Pcj05v/zUzELuTyUTTptRGzhuLq750oeoBpOA== X-Received: by 2002:a1c:cc03:: with SMTP id h3mr10700694wmb.73.1629922265614; Wed, 25 Aug 2021 13:11:05 -0700 (PDT) Received: from ?IPv6:2001:8b0:aba:5f3c:a9d5:4a4f:480b:62d4? ([2001:8b0:aba:5f3c:a9d5:4a4f:480b:62d4]) by smtp.gmail.com with ESMTPSA id c24sm867693wrb.57.2021.08.25.13.11.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 13:11:05 -0700 (PDT) Message-ID: <55b147c8807abe56c41670b6c3e20fdbec85f291.camel@linuxfoundation.org> Subject: Re: glibc 2.34 and Yocto Project's "uninative" From: Richard Purdie To: Adhemerval Zanella , Libc-help Date: Wed, 25 Aug 2021 21:11:04 +0100 In-Reply-To: <4224ac85-83b7-6fe8-6781-b8e8f514924a@linaro.org> References: <978104bdbebcd09d159f1713499cf1315edf40f2.camel@linuxfoundation.org> <4224ac85-83b7-6fe8-6781-b8e8f514924a@linaro.org> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.40.2-1build1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLACK autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Aug 2021 20:11:17 -0000 On Wed, 2021-08-25 at 12:05 -0300, Adhemerval Zanella wrote: > > On 20/08/2021 11:37, Richard Purdie via Libc-help wrote: > > Hi, > > > > Yocto Project is a cross compiling build system used to build customised > > Linux, RTOSs, firmware and more. It has some interesting technology. One piece > > of it is "pseudo" (http://git.yoctoproject.org/cgit.cgi/pseudo/) which is an > > LD_PRELOAD which intercepts calls to libc and fakes root privileges. One way or > > another we've managed to keep that working with multiple libc versions for the > > last decade. > > > > A second piece of technology is uninative. We build a lot binary artefacts, some > > for the target, some as tools running natively on the build system. We have a > > cache of these artefacts people can share and reuse. Uninative is our way of > > allowing one binary to run on any host distro. We do that by shipping a ld+libc > > binary shim and change the interpreter in the native binary to point at our own. > > As long as the shim is the same version or later than system version, it works. > > > > In glibc 2.34, the merge of libdl and libpthread into libc is causing a problem > > for us. Basically, I've been able to make pseudo work and I can make uninative > > work however I can't make them both work together with glibc 2.34. > > > > Pseudo uses minimal dl calls from libdl (dlsym, dlvsym and dlerror) and has a > > pthread mutex, therefore it links to -ldl and -lpthread. > > > > The issue is that pseudo being an LD_PRELOAD, if linked against glibc 2.34 > > doesn't "see" symbols in libdl and just links to libc. I did try forcing older > > versions of the symbols along the lines of: > > > > __asm__(".symver dlerror,dlerror@GLIBC_" DLSYMVER); > > __asm__(".symver dlvsym,dlvsym@GLIBC_" DLVSYMVER); > > __asm__(".symver dlsym,dlsym@GLIBC_" DLSYMVER); > > > > with some arch specific version number defines however even if I do this, and > > put back a libdl.so symlink to the lib, the linker ignores the weak wildcard > > reference and links back to libc.so itself. When we then use this preloaded lib > > on a system with an older libc: > > > > relocation error: [...]/libpseudo.so: symbol dlerror, version GLIBC_2.2.5 not defined in file libc.so.6 with link time reference > > Unfortunately this was never officially supported, since it is basically > trying to run a binary built in a newer glibc on an older one. The > issue is not that linker put back libc.so, but rather that with GLIBC > 2.34 there is a lot of more default symbols that are tied to GLIBC_2.34 > version. Thanks for the reply. I do appreciate this isn't officially supported. I had hoped that by using minimal calls we might have been able to figure something out but I hadn't realised there were the other symbols being added. That certainly complicates it and explains a few things. > For instance: > > $ cat dl.c > #include > #include > > int main (int argc, char *argv[]) > { > void *h = dlopen (argv[1], RTLD_NOW); > assert (h != 0); > return 0; > } > > asm (".symver dlopen,dlopen@GLIBC_2.2.5"); > > $ readelf -Ws dl | grep GLIBC_2.34 > 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 (2) > 24: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 > > > The __libc_start_main has the additional issue that it is provided by crt1.o, > so the symver in the main TU won't solve it. You will need to hack it with > the static linker, even by adding some wrap symbol to redirect to the > __libc_start_main@GLIBC_2.2.5. Needing to hack these kinds of internals starts to make me worry a lot about whether there are details that will trip things up at runtime. > > I did try ensuring libpseudo.so has a RUNPATH that includes our uninative libc > > however the loader ignores that for loading libc. I did then add our uninative > > libc path to LD_LIBRARY_PATH however that fails: > > And I don't think this would work, it would force two libc with potentially > two different versions. It was very clear that the ld and libc need to be matched from the kinds of mismatches and I gave up on this route quickly. > > > > libc.so.6: symbol _dl_exception_create, version GLIBC_PRIVATE not defined in file ld-linux-x86-64.so.2 with link time reference > > > > since the ld being used doesn't match the libc. > > > > Can anyone see a way we could make things work? > I don't have easy library based solution for the requisites you posed, > building a newer glibc and running on a older one. I think what *might* > work is to provide a auditor library linked against the newer glibc and > it then intercepts and routes the required library calls. You will need > to redistribute the libc which the auditor was linked against. The other libc is already there so that bit is easy. I hadn't thought about using an auditor library and I'll have to explore that. I was going to go down the route of dummy libraries to link against however I realised it was easier for testing just to pull down 2.33 binaries and use those to link against. I did have to replace use of pthread_atfork with __register_atfork which is ugly but probably okish for our use as it has been there since 2.3.2. That probably gets us out the immediate problem although it does highlight we're doing something that isn't supported and could break again in ways we may struggle to fix. We can probably replace the pthread linkage for the mutex with direct code/syscall usage. We're going to need the libdl usage regardless though so it may be worth us figuring out the dummy library to link against for that piece. Thanks for the info though, it is much appreciated and it helps a lot to understand what was breaking and some other avenues like the auditor lib to explore. Cheers, Richard