From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, PDS_RDNS_DYNAMIC_FP,RCVD_IN_DNSWL_MED,RDNS_DYNAMIC,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id E00421F8C6 for ; Fri, 30 Jul 2021 19:47:43 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CC11E397EC3B for ; Fri, 30 Jul 2021 19:47:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CC11E397EC3B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627674462; bh=wU9d656LxPpL6SWpN+yfSS+DfOLvg4O+WHmZPs3HSI8=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=NgLDboHSPEQqiNiQlGUM3ErR4VhAq1HPMWUmmQiJg7q0Uyvf6jUurqfVAPEMTrs/K wb+C1qHKIcjTbtNn+yfGlIx1n01b5QLG3iVrLGeFERfmZrW/57OvqTXFmQeLI7jZpN /Kmkq9aUtthQuh3BOzcMwgi+uiojPEkAhyaG48I4= Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id EB503384F00D for ; Fri, 30 Jul 2021 19:47:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EB503384F00D Received: by mail-pj1-x1031.google.com with SMTP id g23-20020a17090a5797b02901765d605e14so15876461pji.5 for ; Fri, 30 Jul 2021 12:47:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=wU9d656LxPpL6SWpN+yfSS+DfOLvg4O+WHmZPs3HSI8=; b=YAJKUJ+PKAdfB1ABClCcKrWLmmwcICubvdln/pXzlk7H28pbovAs5KmCwDl0SwZLBx 1auL3mNVVsdT/ZFE98/C+sZi7BMkfmy5l2mvLYBW1yOHTO6DFPADIcV9DzbtblTiCkjQ owaDVx5520SBrWij9x8TdK4ryAv001JQZ0tYy1CEAqUYfeVqKHWLiup+aG+7H1CAQgRV hSGVHyQaCe4yGR6xf1HUaDFyp2qSNfhJTOVSRyHH8uYyRt7LqWywWtZKZUnEQds2Ukgm ukTGjB00dt3gwzM25MqB3Lr8bqZW0pbP68F+7UVJOd632cJNbFMZvZClCO+GtV6typvW RqBw== X-Gm-Message-State: AOAM530NtzupuAVQmhdanpphE0FaA4c0m2z/O98L+NK03Y5hopvqoyIP L/CUF8Id9R52ITSRTBrZXQNqKSgYPmFNrw== X-Google-Smtp-Source: ABdhPJwQhrCxtREuQyY1lQtf1DcsOURGK1knLimwggS3JccDbVv2Cle4W0TXwQjgdzzA+cBIfsMmzA== X-Received: by 2002:a17:902:da8a:b029:12c:4261:a2d6 with SMTP id j10-20020a170902da8ab029012c4261a2d6mr3744806plx.50.1627674439614; Fri, 30 Jul 2021 12:47:19 -0700 (PDT) Received: from birita.. ([2804:431:c7cb:43e2:6c33:fd81:e602:d33]) by smtp.gmail.com with ESMTPSA id c12sm3041426pfl.56.2021.07.30.12.47.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jul 2021 12:47:19 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH v3 00/20] Some rtld-audit fixes Date: Fri, 30 Jul 2021 16:46:55 -0300 Message-Id: <20210730194715.881900-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Adhemerval Zanella via Libc-alpha Reply-To: Adhemerval Zanella Cc: John Mellor-Crummey Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" This patchset fixes most of the rtld-audit issues brought by John Mellor-Crummey [2] while trying to use it along with the HPCToolkit tool. This should cover all the issues listed as 'Tier 1' [3], modulo the aarch64 SVE (which requires setting one if and how we would handle it) and also most of the 'Tier2' issue (BZ#28096 inclusive) which prevents the use of some glibc function that uses TLS internally on the audit module. The first patch is long-standing issue where the lazy resolution trampolines are used even when the audit modules does not implement the PLT or symbol binding callback. The original patch from Alexander Monakov is incomplete, since it also requires to take la_symbind{32,64} in consideration. The second patch add some tests to check if TLSDESC works along with audit modules. The third patch fixes an issue when a dlmopen failure in an audit module callback trigger an assert. The forth patch fixes another dlmopen failure when audit module is used along with dlmopen. This patch was proposed along with RTLD_SHARED support, so I added a regression test. The fifth patch fixes an issue where the initial-exec TLS are reset after the audit modules is already loader (thus clearing any state that the library might update). The 6th to 13th patches refactor the rtld audit code to move the common definition on dl-audit.c. It helps slight on code size and simplifies the code required to subsequent fixes. The 14th patch issues la_objopen() for vDSO (marked as tier2 issue). The 15th patch adds the application name on link_map::l_name for la_objopen(). Although is a semantic change, I think it is really an improvement, since previously an empty string was returned requiring additional code on the audit interface to obtain it. The 16th patch add la_activity() calls on application exit, to keep in sync with the la_objclose(). The 17th issue the la_symbind() for bind-now configutation (either when application is linked with -Wl,-z,now or issued with LD_BIND_NOW). It does not change the semantic regarding PLT tracking callbacks, son patch 18th adds a new flag, LA_SYMB_BINDNOW, to indicate that the la_symbind() callback return code will be ignored. The 19th is a simple refactoring that move the LAV_CURRENT to its own header, so aarch64 can overrides it. The 20th and final patch is a respin of Ben Woodard's one [4], which a small fix (a missing x8 restore after _dl_profile_fixup()), proper tests for both the indirect return register and the Q registers, and slight change ABI for lr_vreg. I also pushed this patch on a personal branch [5]. There is also some point brough by John Melloc-Crummey documents that I don't have a straighforward answer so I haven't added on this patchset: 1 la_activity(LA_ACT_ADD) is never called for auditor namespaces, even though la_objopen and la_activity(LA_ACT_CONSISTENT) are. There is no easy solution for this: we need at least to load the *first* auditor to actually issue the la_activity(LA_ACT_ADD). It means that it would *only* work for subsequent audit modules, and adding this specific semantic is confusing and does not really improve things (it only helps when multiple audit modules are used). 2. la_objopen is called for the main binary and for ld.so before the first la_activity(LA_ACT_ADD) call. This contradicts the pattern found in a successful dlopen (where la_activity(LA_ACT_ADD) precedes la_objopen). The constrain here is we need to handle DT_AUDIT and DT_DEPAUDIT dynamic tags, which means we need to first load the executable in memory to parse the required audit modules. So we need to first parse the dynamic audit tags, load the audit modules, and then load the object itself. 3. For non-PIE executables the base address listed in link_map->l_addr for the main application binary is 0, even though dladdr is able to recover the correct offset. La_objopen is affected by this. This would require to change an internal semantic for link_map::l_addr. This is not straighfoward and I am not sure about the direct gains. I have checked the patches on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, and armv7-linux-gnueabihf. I plan to spin on some other architectures as well. [1] https://patchwork.sourceware.org/project/glibc/list/?series=2443 [2] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html [3] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDna9gL5BWWI0/edit# [4] https://sourceware.org/pipermail/libc-alpha/2020-September/117828.html [5] https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/azanella/ld-audit-fixes Changes from v2 [1] - Refactored rtld-audit code to move common come to dl-audit.c. - Issue audit la_objopen() for vDSO. - Isseu la_activity during application exit. - Issue la_symbind() for bind-now (BZ #23734). - Fix runtime linker auditing on aarch64 (BZ #26643) Changes from v1 [1] - Fixed -fstack-protector-all tst-auditmod17. - Simplify the _dl_call_libc_early_init call the 'Fix audit regression' patch. - Remove symbind check fr BZ#15333. - Added the BZ#28096 fix. Adhemerval Zanella (18): elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) elf: Add audit tests for modules with TLSDESC elf: Do not fail for failed dlopem on audit modules (BZ #28061) elf: Fix initial-exec TLS access on audit modules (BZ #28096) elf: Add _dl_audit_objopen elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid elf: Add _dl_audit_objsearch elf: Add _dl_audit_objclose elf: Add _dl_audit_symbind_alt and _dl_audit_symbind elf: Add _dl_audit_preinit elf: Add _dl_audit_pltenter elf: Add _dl_audit_pltexit elf: Issue audit la_objopen() for vDSO elf: Add main application on main_map l_name elf: Add la_activity during application exit elf: Issue la_symbind() for bind-now (BZ #23734) elf: Add LA_SYMB_BINDNOW elf: Move LAV_CURRENT to link_lavcurrent.h Ben Woodard (1): elf: Fix runtime linker auditing on aarch64 (BZ #26643) Vivek Das Mohapatra (1): elf: Suppress audit calls when a (new) namespace is empty (BZ #28062) NEWS | 3 + bits/link_lavcurrent.h | 25 ++ csu/libc-start.c | 23 +- dlfcn/Makefile | 4 +- dlfcn/tst-dladdr-self.c | 55 +++ elf/Makefile | 127 ++++++- elf/Versions | 1 + elf/dl-addr.c | 5 - elf/dl-audit.c | 393 ++++++++++++++++++++++ elf/dl-close.c | 74 +--- elf/dl-dst.h | 2 +- elf/dl-fini.c | 25 +- elf/dl-init.c | 3 +- elf/dl-load.c | 112 ++---- elf/dl-misc.c | 1 + elf/dl-object.c | 20 +- elf/dl-open.c | 22 +- elf/dl-reloc.c | 26 +- elf/dl-runtime.c | 244 ++------------ elf/dl-sym-post.h | 47 +-- elf/dl-tls.c | 16 +- elf/do-rel.h | 62 +++- elf/link.h | 7 +- elf/rtld.c | 81 +---- elf/setup-vdso.h | 2 +- elf/tst-audit-tlsdesc-audit.c | 23 ++ elf/tst-audit-tlsdesc-dlopen.c | 67 ++++ elf/tst-audit-tlsdesc.c | 60 ++++ elf/tst-audit18a.c | 39 +++ elf/tst-audit18b.c | 94 ++++++ elf/tst-audit18bmod.c | 23 ++ elf/tst-audit18mod.c | 17 + elf/tst-audit19.c | 25 ++ elf/tst-audit20.c | 129 +++++++ elf/tst-audit20mod.c | 26 ++ elf/tst-audit21.c | 42 +++ elf/tst-audit22.c | 123 +++++++ elf/tst-audit23.c | 161 +++++++++ elf/tst-audit23mod.c | 23 ++ elf/tst-audit24a.c | 36 ++ elf/tst-audit24amod1.c | 31 ++ elf/tst-audit24amod2.c | 25 ++ elf/tst-audit24b.c | 37 ++ elf/tst-audit24bmod1.c | 31 ++ elf/tst-audit24bmod2.c | 23 ++ elf/tst-audit24c.c | 2 + elf/tst-audit24d.c | 36 ++ elf/tst-audit24dmod1.c | 33 ++ elf/tst-audit24dmod2.c | 28 ++ elf/tst-audit24dmod3.c | 31 ++ elf/tst-audit24dmod4.c | 25 ++ elf/tst-audit25a.c | 126 +++++++ elf/tst-audit25b.c | 127 +++++++ elf/tst-audit25mod1.c | 30 ++ elf/tst-audit25mod2.c | 30 ++ elf/tst-audit25mod3.c | 22 ++ elf/tst-audit25mod4.c | 22 ++ elf/tst-auditmod-tlsdesc1.c | 41 +++ elf/tst-auditmod-tlsdesc2.c | 33 ++ elf/tst-auditmod18a.c | 23 ++ elf/tst-auditmod18b.c | 46 +++ elf/tst-auditmod19.c | 57 ++++ elf/tst-auditmod20.c | 73 ++++ elf/tst-auditmod21.c | 69 ++++ elf/tst-auditmod22.c | 65 ++++ elf/tst-auditmod23.c | 78 +++++ elf/tst-auditmod24a.c | 104 ++++++ elf/tst-auditmod24b.c | 99 ++++++ elf/tst-auditmod24c.c | 3 + elf/tst-auditmod24d.c | 114 +++++++ elf/tst-auditmod25.c | 77 +++++ gmon/gmon.c | 10 +- include/dlfcn.h | 1 + include/link.h | 4 + sysdeps/aarch64/Makefile | 20 ++ sysdeps/aarch64/bits/link.h | 24 +- sysdeps/aarch64/bits/link_lavcurrent.h | 25 ++ sysdeps/aarch64/dl-link.sym | 4 +- sysdeps/aarch64/dl-trampoline.S | 92 +++-- sysdeps/aarch64/tst-audit26.c | 37 ++ sysdeps/aarch64/tst-audit26mod.c | 33 ++ sysdeps/aarch64/tst-audit26mod.h | 50 +++ sysdeps/aarch64/tst-audit27.c | 64 ++++ sysdeps/aarch64/tst-audit27mod.c | 95 ++++++ sysdeps/aarch64/tst-audit27mod.h | 67 ++++ sysdeps/aarch64/tst-auditmod26.c | 93 +++++ sysdeps/aarch64/tst-auditmod27.c | 173 ++++++++++ sysdeps/alpha/dl-trampoline.S | 8 +- sysdeps/arm/dl-trampoline.S | 2 +- sysdeps/generic/dl-fixup-attribute.h | 24 ++ sysdeps/generic/ldsodefs.h | 50 +++ sysdeps/hppa/dl-runtime.c | 2 +- sysdeps/hppa/dl-trampoline.S | 6 +- sysdeps/i386/dl-fixup-attribute.h | 30 ++ sysdeps/i386/dl-machine.h | 23 -- sysdeps/i386/dl-trampoline.S | 2 +- sysdeps/ia64/dl-trampoline.S | 16 +- sysdeps/m68k/dl-trampoline.S | 2 +- sysdeps/powerpc/powerpc64/dl-trampoline.S | 4 +- sysdeps/s390/s390-32/dl-trampoline.h | 4 +- sysdeps/s390/s390-64/dl-trampoline.h | 2 +- sysdeps/sh/dl-trampoline.S | 4 +- sysdeps/sparc/sparc32/dl-trampoline.S | 2 +- sysdeps/sparc/sparc64/dl-trampoline.S | 2 +- sysdeps/x86_64/dl-runtime.h | 2 +- sysdeps/x86_64/dl-trampoline.h | 6 +- 106 files changed, 4108 insertions(+), 684 deletions(-) create mode 100644 bits/link_lavcurrent.h create mode 100644 dlfcn/tst-dladdr-self.c create mode 100644 elf/dl-audit.c create mode 100644 elf/tst-audit-tlsdesc-audit.c create mode 100644 elf/tst-audit-tlsdesc-dlopen.c create mode 100644 elf/tst-audit-tlsdesc.c create mode 100644 elf/tst-audit18a.c create mode 100644 elf/tst-audit18b.c create mode 100644 elf/tst-audit18bmod.c create mode 100644 elf/tst-audit18mod.c create mode 100644 elf/tst-audit19.c create mode 100644 elf/tst-audit20.c create mode 100644 elf/tst-audit20mod.c create mode 100644 elf/tst-audit21.c create mode 100644 elf/tst-audit22.c create mode 100644 elf/tst-audit23.c create mode 100644 elf/tst-audit23mod.c create mode 100644 elf/tst-audit24a.c create mode 100644 elf/tst-audit24amod1.c create mode 100644 elf/tst-audit24amod2.c create mode 100644 elf/tst-audit24b.c create mode 100644 elf/tst-audit24bmod1.c create mode 100644 elf/tst-audit24bmod2.c create mode 100644 elf/tst-audit24c.c create mode 100644 elf/tst-audit24d.c create mode 100644 elf/tst-audit24dmod1.c create mode 100644 elf/tst-audit24dmod2.c create mode 100644 elf/tst-audit24dmod3.c create mode 100644 elf/tst-audit24dmod4.c create mode 100644 elf/tst-audit25a.c create mode 100644 elf/tst-audit25b.c create mode 100644 elf/tst-audit25mod1.c create mode 100644 elf/tst-audit25mod2.c create mode 100644 elf/tst-audit25mod3.c create mode 100644 elf/tst-audit25mod4.c create mode 100644 elf/tst-auditmod-tlsdesc1.c create mode 100644 elf/tst-auditmod-tlsdesc2.c create mode 100644 elf/tst-auditmod18a.c create mode 100644 elf/tst-auditmod18b.c create mode 100644 elf/tst-auditmod19.c create mode 100644 elf/tst-auditmod20.c create mode 100644 elf/tst-auditmod21.c create mode 100644 elf/tst-auditmod22.c create mode 100644 elf/tst-auditmod23.c create mode 100644 elf/tst-auditmod24a.c create mode 100644 elf/tst-auditmod24b.c create mode 100644 elf/tst-auditmod24c.c create mode 100644 elf/tst-auditmod24d.c create mode 100644 elf/tst-auditmod25.c create mode 100644 sysdeps/aarch64/bits/link_lavcurrent.h create mode 100644 sysdeps/aarch64/tst-audit26.c create mode 100644 sysdeps/aarch64/tst-audit26mod.c create mode 100644 sysdeps/aarch64/tst-audit26mod.h create mode 100644 sysdeps/aarch64/tst-audit27.c create mode 100644 sysdeps/aarch64/tst-audit27mod.c create mode 100644 sysdeps/aarch64/tst-audit27mod.h create mode 100644 sysdeps/aarch64/tst-auditmod26.c create mode 100644 sysdeps/aarch64/tst-auditmod27.c create mode 100644 sysdeps/generic/dl-fixup-attribute.h create mode 100644 sysdeps/i386/dl-fixup-attribute.h -- 2.30.2