[2.25 1/2] tunables: Use direct syscall for access (BZ#21744)

[2.25 1/2] tunables: Use direct syscall for access (BZ#21744)

[Gabriel F. T. Gomes]

From: Adhemerval Zanella <adhemerval.zanella@linaro.org>

The function maybe_enable_malloc_check, which is called by
__tunables_init, calls __access_noerrno.  It isn't problem when
symbol is is in ld.so, which has a special version of __access_noerrno
without stack protector.  But when glibc is built with stack protector,
maybe_enable_malloc_check in libc.a can't call the regular version of
__access_noerrno with stack protector.

This patch changes how Linux defines the __access_noerrno to be an
inline call instead and thus preventing defining different build
rules for ld/static and shared.

	H.J. Lu  <hongjiu.lu@intel.com>
	Adhemerval Zanella  <adhemerval.zanella@linaro.org>

	[BZ #21744]
	* elf/dl-tunables.c: Include not-errno.h header.
	* include/unistd.h (__access_noerrno): Remove definition.
	* sysdeps/unix/sysv/linux/access.c (__access_noerrno): Likewise.
	* sysdeps/generic/not-errno.h: New file.
	* sysdeps/unix/sysv/linux/not-errno.h: Likewise.

(cherry picked from commit 95a73392580761abc62fc9b1386d232cd55878e9)
---
 ChangeLog                           | 10 ++++++++++
 NEWS                                |  1 +
 elf/dl-tunables.c                   |  2 ++
 include/unistd.h                    |  7 -------
 sysdeps/generic/not-errno.h         | 19 +++++++++++++++++++
 sysdeps/unix/sysv/linux/access.c    | 15 ---------------
 sysdeps/unix/sysv/linux/not-errno.h | 35 +++++++++++++++++++++++++++++++++++
 7 files changed, 67 insertions(+), 22 deletions(-)
 create mode 100644 sysdeps/generic/not-errno.h
 create mode 100644 sysdeps/unix/sysv/linux/not-errno.h

diff --git a/ChangeLog b/ChangeLog
index a875c01445..ea0a24adf9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2017-07-24  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+	    H.J. Lu  <hongjiu.lu@intel.com>
+
+	[BZ #21744]
+	* elf/dl-tunables.c: Include not-errno.h header.
+	* include/unistd.h (__access_noerrno): Remove definition.
+	* sysdeps/unix/sysv/linux/access.c (__access_noerrno): Likewise.
+	* sysdeps/generic/not-errno.h: New file.
+	* sysdeps/unix/sysv/linux/not-errno.h: Likewise.
+
 2018-01-19  H.J. Lu  <hongjiu.lu@intel.com>
 
 	[BZ #22715]
diff --git a/NEWS b/NEWS
index 2f3f492edd..4c4eb834a1 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,7 @@ The following bugs are resolved with this release:
   [21386] Assertion in fork for distinct parent PID is incorrect
   [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
   [21654] nss: Fix invalid cast in group merging
+  [21744] tunables: Use direct syscall for access
   [21778] Robust mutex may deadlock
   [21915] getaddrinfo: incorrect result handling for NSS service modules
   [21922] getaddrinfo with AF_INET(6) returns EAI_NONAME, not EAI_NODATA
diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
index e42aa67003..7ee3f98c8d 100644
--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@@ -30,6 +30,8 @@
 #define TUNABLES_INTERNAL 1
 #include "dl-tunables.h"
 
+#include <not-errno.h>
+
 #if TUNABLES_FRONTEND == TUNABLES_FRONTEND_valstring
 # define GLIBC_TUNABLES "GLIBC_TUNABLES"
 #endif
diff --git a/include/unistd.h b/include/unistd.h
index 16d68a1505..d2802b2b3e 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -181,13 +181,6 @@ extern int __getlogin_r_loginuid (char *name, size_t namesize)
 #   include <dl-unistd.h>
 #  endif
 
-#  if IS_IN (rtld) || !defined SHARED
-/* __access variant that does not set errno.  Used in very early initialization
-   code in libc.a and ld.so.  It follows access return semantics (zero for
-   sucess otherwise a value different than 0).  */
-extern __typeof (__access) __access_noerrno attribute_hidden;
-#  endif
-
 __END_DECLS
 # endif
 
diff --git a/sysdeps/generic/not-errno.h b/sysdeps/generic/not-errno.h
new file mode 100644
index 0000000000..2aac095e71
--- /dev/null
+++ b/sysdeps/generic/not-errno.h
@@ -0,0 +1,19 @@
+/* Syscall wrapper that do not set errno.  Generic version.
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+extern __typeof (__access) __access_noerrno attribute_hidden;
diff --git a/sysdeps/unix/sysv/linux/access.c b/sysdeps/unix/sysv/linux/access.c
index 67e69bd163..366b6b6461 100644
--- a/sysdeps/unix/sysv/linux/access.c
+++ b/sysdeps/unix/sysv/linux/access.c
@@ -21,21 +21,6 @@
 #include <sysdep-cancel.h>
 
 int
-__access_noerrno (const char *file, int type)
-{
-  int res;
-  INTERNAL_SYSCALL_DECL (err);
-#ifdef __NR_access
-  res = INTERNAL_SYSCALL_CALL (access, err, file, type);
-#else
-  res = INTERNAL_SYSCALL_CALL (faccessat, err, AT_FDCWD, file, type);
-#endif
-  if (INTERNAL_SYSCALL_ERROR_P (res, err))
-    return INTERNAL_SYSCALL_ERRNO (res, err);
-  return 0;
-}
-
-int
 __access (const char *file, int type)
 {
 #ifdef __NR_access
diff --git a/sysdeps/unix/sysv/linux/not-errno.h b/sysdeps/unix/sysv/linux/not-errno.h
new file mode 100644
index 0000000000..65f93f331d
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/not-errno.h
@@ -0,0 +1,35 @@
+/* Syscall wrapper that do not set errno.  Linux version.
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* This function is used on maybe_enable_malloc_check (elf/dl-tunables.c)
+   and to avoid having to build/use multiple versions if stack protection
+   in enabled it is defined as inline.  */
+static inline int
+__access_noerrno (const char *pathname, int mode)
+{
+  int res;
+  INTERNAL_SYSCALL_DECL (err);
+#ifdef __NR_access
+  res = INTERNAL_SYSCALL_CALL (access, err, pathname, mode);
+#else
+  res = INTERNAL_SYSCALL_CALL (faccessat, err, AT_FDCWD, pathname, mode);
+#endif
+  if (INTERNAL_SYSCALL_ERROR_P (res, err))
+    return INTERNAL_SYSCALL_ERRNO (res, err);
+  return 0;
+}
-- 
2.13.6

[2.25 0/2] Backport fixes for bugs 22685 and 21744 to 2.25?

[Gabriel F. T. Gomes]

The fix for bug 22685 alone is not enough to fix the failures in
stdlib/tst-secure-getent, elf/tst-env-setuid, and
elf/tst-env-setuid-tunables.  To the best of my knowledge, it requires
the backporting of the fix for bug 21744.

Both fixes are submitted in this thread and I have tested that
backporting both to 2.25 indeed fixes the errors in the aforementioned
test cases for powerpc64le and x86_64.

Is it OK to backport these two patches to the 2.25 branch?

Thanks,
Gabriel

Adhemerval Zanella (1):
  tunables: Use direct syscall for access (BZ#21744)

Tulio Magno Quites Machado Filho (1):
  powerpc: Fix syscalls during early process initialization [BZ #22685]

 ChangeLog                                   | 21 +++++++++++++++++
 NEWS                                        |  2 ++
 elf/dl-tunables.c                           |  2 ++
 include/unistd.h                            |  7 ------
 sysdeps/generic/not-errno.h                 | 19 ++++++++++++++++
 sysdeps/powerpc/powerpc32/sysdep.h          |  5 +++--
 sysdeps/powerpc/powerpc64/sysdep.h          |  5 +++--
 sysdeps/unix/sysv/linux/access.c            | 15 -------------
 sysdeps/unix/sysv/linux/not-errno.h         | 35 +++++++++++++++++++++++++++++
 sysdeps/unix/sysv/linux/powerpc/not-errno.h | 30 +++++++++++++++++++++++++
 10 files changed, 115 insertions(+), 26 deletions(-)
 create mode 100644 sysdeps/generic/not-errno.h
 create mode 100644 sysdeps/unix/sysv/linux/not-errno.h
 create mode 100644 sysdeps/unix/sysv/linux/powerpc/not-errno.h

-- 
2.13.6

[2.25 2/2] powerpc: Fix syscalls during early process initialization [BZ #22685]

[Gabriel F. T. Gomes]

From: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>

The tunables framework needs to execute syscall early in process
initialization, before the TCB is available for consumption.  This
behavior conflicts with powerpc{|64|64le}'s lock elision code, that
checks the TCB before trying to abort transactions immediately before
executing a syscall.

This patch adds a powerpc-specific implementation of __access_noerrno
that does not abort transactions before the executing syscall.

Tested on powerpc{|64|64le}.

	[BZ #22685]
	* sysdeps/powerpc/powerpc32/sysdep.h (ABORT_TRANSACTION_IMPL): Renamed
	from ABORT_TRANSACTION.
	(ABORT_TRANSACTION): Redirect to ABORT_TRANSACTION_IMPL.
	* sysdeps/powerpc/powerpc64/sysdep.h (ABORT_TRANSACTION,
	ABORT_TRANSACTION_IMPL): Likewise.
	* sysdeps/unix/sysv/linux/powerpc/not-errno.h: New file.  Reuse
	Linux code, but remove the code that aborts transactions.

Signed-off-by: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 4612268a0ad8e3409d8ce2314dd2dd8ee0af5269)
---
 ChangeLog                                   | 11 +++++++++++
 NEWS                                        |  1 +
 sysdeps/powerpc/powerpc32/sysdep.h          |  5 +++--
 sysdeps/powerpc/powerpc64/sysdep.h          |  5 +++--
 sysdeps/unix/sysv/linux/powerpc/not-errno.h | 30 +++++++++++++++++++++++++++++
 5 files changed, 48 insertions(+), 4 deletions(-)
 create mode 100644 sysdeps/unix/sysv/linux/powerpc/not-errno.h

diff --git a/ChangeLog b/ChangeLog
index ea0a24adf9..a198edd947 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-01-19  Tulio Magno Quites Machado Filho  <tuliom@linux.vnet.ibm.com>
+
+	[BZ #22685]
+	* sysdeps/powerpc/powerpc32/sysdep.h (ABORT_TRANSACTION_IMPL): Renamed
+	from ABORT_TRANSACTION.
+	(ABORT_TRANSACTION): Redirect to ABORT_TRANSACTION_IMPL.
+	* sysdeps/powerpc/powerpc64/sysdep.h (ABORT_TRANSACTION,
+	ABORT_TRANSACTION_IMPL): Likewise.
+	* sysdeps/unix/sysv/linux/powerpc/not-errno.h: New file.  Reuse
+	Linux code, but remove the code that aborts transactions.
+
 2017-07-24  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 	    H.J. Lu  <hongjiu.lu@intel.com>
 
diff --git a/NEWS b/NEWS
index 4c4eb834a1..40eded2158 100644
--- a/NEWS
+++ b/NEWS
@@ -72,6 +72,7 @@ The following bugs are resolved with this release:
   [22637] nptl: Fix stack guard size accounting
   [22679] getcwd(3) can succeed without returning an absolute path
     (CVE-2018-1000001)
+  [22685] powerpc: Fix syscalls during early process initialization
   [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE
 \f
 Version 2.25
diff --git a/sysdeps/powerpc/powerpc32/sysdep.h b/sysdeps/powerpc/powerpc32/sysdep.h
index f92ab2cded..2ece0e0686 100644
--- a/sysdeps/powerpc/powerpc32/sysdep.h
+++ b/sysdeps/powerpc/powerpc32/sysdep.h
@@ -89,7 +89,7 @@ GOT_LABEL:			;					      \
   ASM_SIZE_DIRECTIVE(name)
 
 #if ! IS_IN(rtld) && defined (ENABLE_LOCK_ELISION)
-# define ABORT_TRANSACTION \
+# define ABORT_TRANSACTION_IMPL \
     cmpwi    2,0;		\
     beq      1f;		\
     lwz      0,TM_CAPABLE(2);	\
@@ -100,8 +100,9 @@ GOT_LABEL:			;					      \
     .align 4;			\
 1:
 #else
-# define ABORT_TRANSACTION
+# define ABORT_TRANSACTION_IMPL
 #endif
+#define ABORT_TRANSACTION ABORT_TRANSACTION_IMPL
 
 #define DO_CALL(syscall)						      \
     ABORT_TRANSACTION							      \
diff --git a/sysdeps/powerpc/powerpc64/sysdep.h b/sysdeps/powerpc/powerpc64/sysdep.h
index db7c1d78b5..8133156031 100644
--- a/sysdeps/powerpc/powerpc64/sysdep.h
+++ b/sysdeps/powerpc/powerpc64/sysdep.h
@@ -273,7 +273,7 @@ LT_LABELSUFFIX(name,_name_end): ; \
   END_2(name)
 
 #if !IS_IN(rtld) && defined (ENABLE_LOCK_ELISION)
-# define ABORT_TRANSACTION \
+# define ABORT_TRANSACTION_IMPL \
     cmpdi    13,0;		\
     beq      1f;		\
     lwz      0,TM_CAPABLE(13);	\
@@ -284,8 +284,9 @@ LT_LABELSUFFIX(name,_name_end): ; \
     .align 4;                   \
 1:
 #else
-# define ABORT_TRANSACTION
+# define ABORT_TRANSACTION_IMPL
 #endif
+#define ABORT_TRANSACTION ABORT_TRANSACTION_IMPL
 
 #define DO_CALL(syscall) \
     ABORT_TRANSACTION \
diff --git a/sysdeps/unix/sysv/linux/powerpc/not-errno.h b/sysdeps/unix/sysv/linux/powerpc/not-errno.h
new file mode 100644
index 0000000000..27da21bdf1
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/powerpc/not-errno.h
@@ -0,0 +1,30 @@
+/* Syscall wrapper that do not set errno.  Linux powerpc version.
+   Copyright (C) 2018 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* __access_noerrno is used during process initialization in elf/dl-tunables.c
+   before the TCB is initialized, prohibiting the usage of
+   ABORT_TRANSACTION.  */
+#undef ABORT_TRANSACTION
+#define ABORT_TRANSACTION
+
+#include "sysdeps/unix/sysv/linux/not-errno.h"
+
+/* Recover ABORT_TRANSACTION's previous value, in order to not affect
+   other syscalls.  */
+#undef ABORT_TRANSACTION
+#define ABORT_TRANSACTION ABORT_TRANSACTION_IMPL
-- 
2.13.6

Re: [2.25 0/2] Backport fixes for bugs 22685 and 21744 to 2.25?

[Adhemerval Zanella]

On 30/01/2018 17:31, Gabriel F. T. Gomes wrote:
> The fix for bug 22685 alone is not enough to fix the failures in
> stdlib/tst-secure-getent, elf/tst-env-setuid, and
> elf/tst-env-setuid-tunables.  To the best of my knowledge, it requires
> the backporting of the fix for bug 21744.
> 
> Both fixes are submitted in this thread and I have tested that
> backporting both to 2.25 indeed fixes the errors in the aforementioned
> test cases for powerpc64le and x86_64.
> 
> Is it OK to backport these two patches to the 2.25 branch?

LGTM.

> 
> Thanks,
> Gabriel
> 
> Adhemerval Zanella (1):
>   tunables: Use direct syscall for access (BZ#21744)
> 
> Tulio Magno Quites Machado Filho (1):
>   powerpc: Fix syscalls during early process initialization [BZ #22685]
> 
>  ChangeLog                                   | 21 +++++++++++++++++
>  NEWS                                        |  2 ++
>  elf/dl-tunables.c                           |  2 ++
>  include/unistd.h                            |  7 ------
>  sysdeps/generic/not-errno.h                 | 19 ++++++++++++++++
>  sysdeps/powerpc/powerpc32/sysdep.h          |  5 +++--
>  sysdeps/powerpc/powerpc64/sysdep.h          |  5 +++--
>  sysdeps/unix/sysv/linux/access.c            | 15 -------------
>  sysdeps/unix/sysv/linux/not-errno.h         | 35 +++++++++++++++++++++++++++++
>  sysdeps/unix/sysv/linux/powerpc/not-errno.h | 30 +++++++++++++++++++++++++
>  10 files changed, 115 insertions(+), 26 deletions(-)
>  create mode 100644 sysdeps/generic/not-errno.h
>  create mode 100644 sysdeps/unix/sysv/linux/not-errno.h
>  create mode 100644 sysdeps/unix/sysv/linux/powerpc/not-errno.h
> 

Re: [2.25 0/2] Backport fixes for bugs 22685 and 21744 to 2.25?

[Gabriel F. T. Gomes]

On Tue, 06 Feb 2018, Adhemerval Zanella wrote:

>On 30/01/2018 17:31, Gabriel F. T. Gomes wrote:
>>
>> Is it OK to backport these two patches to the 2.25 branch?  
>
>LGTM.

Thanks.  These patches are now pushed to the 2.25 branch.