[v2,0/6] Some rtld-audit fixes

Message ID 20210719143309.2848878-1-adhemerval.zanella@linaro.org
Headers show
Series
  • Some rtld-audit fixes
Related show

Message

Yang Yanchao via Libc-alpha July 19, 2021, 2:33 p.m.
Changes from v1 [1]

  - Fixed -fstack-protector-all tst-auditmod17.
  - Simplify the _dl_call_libc_early_init call the 'Fix audit
    regression' patch.
  - Remove symbind check fr BZ#15333.
  - Added the BZ#28096 fix.

---

This patchset fixes some rtld-audit issues brought by John
Mellor-Crummey [2] while trying to use it along with the HPCToolkit
tool.  This should cover the issues listed as 'Tier 1' [3], modulo
the aarch64 onexi (which I plan to address in a different patch set)
and also an important 'Tier2' issue (BZ#28096) which prevents the
use of some glibc function that uses TLS internally on the audir
module.

The first patch fixes a regression issue introduced by a
__libc_early_init() change.

The second patch is long-standing issue where the lazy resolution
trampolines are used even when the audit modules does not implement
the PLT or symbol binding callback.  The original patch from
Alexander Monakov is incomplete, since it also requires to take
la_symbind{32,64} in consideration.

The third patch add some tests to check if TLSDESC works along with
audit modules.

The forth patch fixes an issue when a dlmopen failure in a audit
module callback trigger an assert.

The fifth patch fixes another dlmopen failure when audit module
is used along with dlmopen.  This patch was proposed along with 
RTLD_SHARED support, so I added a regression test.

The final patch fixes an issue where the initial-exec TLS are reset
after the audit modules is already loader (thus clearing any state
that the library might update).

[1] https://patchwork.sourceware.org/project/glibc/list/?series=2443
[2] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html
[3] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDna9gL5BWWI0/edit#

Adhemerval Zanella (5):
  elf: Fix audit regression
  elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)
  elf: Add audit tests for modules with TLSDESC
  elf: Do not fail for failed dlopem on audit modules (BZ #28061)
  elf: Fix initial-exec TLS access on audit modules (BZ #28096)

Vivek Das Mohapatra (1):
  elf: Suppress audit calls when a (new) namespace is empty (BZ #28062)

 NEWS                           |   4 ++
 elf/Makefile                   |  43 ++++++++++-
 elf/dl-load.c                  |   7 +-
 elf/dl-object.c                |   3 +
 elf/dl-open.c                  |  12 +---
 elf/dl-reloc.c                 |  12 +++-
 elf/dl-tls.c                   |  16 +++--
 elf/rtld.c                     |  10 +--
 elf/tst-audit-tlsdesc-audit.c  |  23 ++++++
 elf/tst-audit-tlsdesc-dlopen.c |  67 +++++++++++++++++
 elf/tst-audit-tlsdesc.c        |  60 ++++++++++++++++
 elf/tst-audit17.c              |  25 +++++++
 elf/tst-audit18.c              |  39 ++++++++++
 elf/tst-audit19.c              |  25 +++++++
 elf/tst-audit20.c              | 128 +++++++++++++++++++++++++++++++++
 elf/tst-audit20mod.c           |  26 +++++++
 elf/tst-audit21.c              |  42 +++++++++++
 elf/tst-auditmod-tlsdesc1.c    |  41 +++++++++++
 elf/tst-auditmod-tlsdesc2.c    |  33 +++++++++
 elf/tst-auditmod17.c           |  23 ++++++
 elf/tst-auditmod18.c           |  24 +++++++
 elf/tst-auditmod19.c           |  57 +++++++++++++++
 elf/tst-auditmod20.c           |  73 +++++++++++++++++++
 elf/tst-auditmod21.c           |  69 ++++++++++++++++++
 include/link.h                 |   4 ++
 25 files changed, 840 insertions(+), 26 deletions(-)
 create mode 100644 elf/tst-audit-tlsdesc-audit.c
 create mode 100644 elf/tst-audit-tlsdesc-dlopen.c
 create mode 100644 elf/tst-audit-tlsdesc.c
 create mode 100644 elf/tst-audit17.c
 create mode 100644 elf/tst-audit18.c
 create mode 100644 elf/tst-audit19.c
 create mode 100644 elf/tst-audit20.c
 create mode 100644 elf/tst-audit20mod.c
 create mode 100644 elf/tst-audit21.c
 create mode 100644 elf/tst-auditmod-tlsdesc1.c
 create mode 100644 elf/tst-auditmod-tlsdesc2.c
 create mode 100644 elf/tst-auditmod17.c
 create mode 100644 elf/tst-auditmod18.c
 create mode 100644 elf/tst-auditmod19.c
 create mode 100644 elf/tst-auditmod20.c
 create mode 100644 elf/tst-auditmod21.c

-- 
2.30.2

Comments

Yang Yanchao via Libc-alpha July 20, 2021, 10:09 p.m. | #1
On Tue, 20 Jul 2021 at 02:33, Adhemerval Zanella via Libc-alpha <
libc-alpha@sourceware.org> wrote:

> Adhemerval Zanella (5):

>   elf: Fix audit regression

>   elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)

>   elf: Add audit tests for modules with TLSDESC

>   elf: Do not fail for failed dlopem on audit modules (BZ #28061)

>


There is a typo here (dlopem/dlopen)

Cheers,
mwh
Yang Yanchao via Libc-alpha July 20, 2021, 10:11 p.m. | #2
On Wed, 21 Jul 2021 at 10:09, Michael Hudson-Doyle <
michael.hudson@canonical.com> wrote:

> On Tue, 20 Jul 2021 at 02:33, Adhemerval Zanella via Libc-alpha <

> libc-alpha@sourceware.org> wrote:

>

>> Adhemerval Zanella (5):

>>   elf: Fix audit regression

>>   elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)

>>   elf: Add audit tests for modules with TLSDESC

>>   elf: Do not fail for failed dlopem on audit modules (BZ #28061)

>>

>

> There is a typo here (dlopem/dlopen)

>


Or maybe it's meant to be dlmopen? I don't understand the patch really but
I'm pretty sure it's not meant to be dlopem :)