From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS3215 2.6.0.0/16 X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id D07BC1F8C6 for ; Fri, 30 Jul 2021 19:55:43 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1885E3983832 for ; Fri, 30 Jul 2021 19:55:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1885E3983832 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627674943; bh=/+qcGGIYCycKPWd7eNxxGlaP8gcqtlAdl5kbucU9eGk=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=cqETVEJVFWU4VteRa3eQyhb2kuEbcL/LSrebd8dDTwDIwdLkUDeh4/bdkVL4qGwqG 65T70ic6s4H7cuE2C6Sa2ID+2S+DvVCVUUdNW+P35ZOCqBeYiPFll0d8A6Fd4i/RC2 PqNCN5MdBm74Vjfe2FkzCH5WMEnzFcELydIISm1w= Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id 8CBF6397EC2B for ; Fri, 30 Jul 2021 19:47:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8CBF6397EC2B Received: by mail-pj1-x1031.google.com with SMTP id g23-20020a17090a5797b02901765d605e14so15878231pji.5 for ; Fri, 30 Jul 2021 12:47:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/+qcGGIYCycKPWd7eNxxGlaP8gcqtlAdl5kbucU9eGk=; b=uXNvTdn4CLE3d/a9tacNxZSO2pIIpAZkwC42EncY/F0aPk+/rlxTWJ3Jk1e46N67uK ROU8i62mdWr15UmwjwLMEu6QPRtJfrzXbMzQJ0G98eo9xbhU1QKIscDQN9ilFowWbxil ZcWf9wO8TBNO7n0W+1j88ematpzt2uMEDnvibWFQyuctYCvra14zFxc2KgOLS/PZdSZC iNfueBZpCOJQU8/z6Nd8Uxpq189G4YebAqq2hcLm6Qzohym1aziUgqEaSIdYQQZonlSr jGJxlJKGxf7bi/WxFs2a5sgmQ3LvkEqAD/aFEBKas2+TgFJtLaJuWXdc5csuarwXF8U2 B0tg== X-Gm-Message-State: AOAM532GDKdITsH8o3cQ/rr0tQ/Psg2YHTHzQQj+ckfD9DFWQpYhFwB0 d++uSX+lUOsALCg+vy1G8UI0HHAE0ZGTKg== X-Google-Smtp-Source: ABdhPJzg3KeRZh0lyd15cdTMWs8I4mPSgqu0efQS61LfMNM+cBxmqx1ranRLo4wa/zv4lq4DHRup+w== X-Received: by 2002:a63:3c5d:: with SMTP id i29mr3709443pgn.147.1627674463425; Fri, 30 Jul 2021 12:47:43 -0700 (PDT) Received: from birita.. ([2804:431:c7cb:43e2:6c33:fd81:e602:d33]) by smtp.gmail.com with ESMTPSA id c12sm3041426pfl.56.2021.07.30.12.47.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jul 2021 12:47:43 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH v3 10/20] elf: Add _dl_audit_symbind_alt and _dl_audit_symbind Date: Fri, 30 Jul 2021 16:47:05 -0300 Message-Id: <20210730194715.881900-11-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210730194715.881900-1-adhemerval.zanella@linaro.org> References: <20210730194715.881900-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Adhemerval Zanella via Libc-alpha Reply-To: Adhemerval Zanella Cc: John Mellor-Crummey Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" It consolidates the code required to call la_symbind{32,64}() audit callback. No function change, checked on x86_64-linux-gnu. --- elf/Versions | 1 + elf/dl-audit.c | 122 +++++++++++++++++++++++++++++++++++++ elf/dl-runtime.c | 77 ----------------------- elf/dl-sym-post.h | 47 +------------- sysdeps/generic/ldsodefs.h | 14 +++++ 5 files changed, 138 insertions(+), 123 deletions(-) diff --git a/elf/Versions b/elf/Versions index 775aab62af..25e91339b5 100644 --- a/elf/Versions +++ b/elf/Versions @@ -55,6 +55,7 @@ ld { _dl_argv; _dl_find_dso_for_object; _dl_get_tls_static_info; _dl_deallocate_tls; _dl_make_stack_executable; _dl_rtld_di_serinfo; _dl_starting_up; _dl_fatal_printf; + _dl_audit_symbind_alt; _rtld_global; _rtld_global_ro; # Only here for gdb while a better method is developed. diff --git a/elf/dl-audit.c b/elf/dl-audit.c index ef34ff761c..8e4c65fdaf 100644 --- a/elf/dl-audit.c +++ b/elf/dl-audit.c @@ -16,6 +16,7 @@ License along with the GNU C Library; if not, see . */ +#include #include #ifdef SHARED @@ -120,4 +121,125 @@ _dl_audit_objclose (struct link_map *l, Lmid_t nsid) afct = afct->next; } } + +void +_dl_audit_symbind_alt (struct link_map *l, const ElfW(Sym) *ref, void **value, + lookup_t result) +{ + if ((l->l_audit_any_plt | result->l_audit_any_plt) == 0) + return; + + const char *strtab = (const char *) D_PTR (result, l_info[DT_STRTAB]); + /* Compute index of the symbol entry in the symbol table of the DSO with + the definition. */ + unsigned int ndx = (ref - (ElfW(Sym) *) D_PTR (result, l_info[DT_SYMTAB])); + + unsigned int altvalue = 0; + /* Synthesize a symbol record where the st_value field is the result. */ + ElfW(Sym) sym = *ref; + sym.st_value = (ElfW(Addr)) *value; + + struct audit_ifaces *afct = GLRO(dl_audit); + for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) + { + struct auditstate *match_audit = link_map_audit_state (l, cnt); + struct auditstate *result_audit = link_map_audit_state (result, cnt); + if (afct->symbind != NULL + && ((match_audit->bindflags & LA_FLG_BINDFROM) != 0 + || ((result_audit->bindflags & LA_FLG_BINDTO) + != 0))) + { + unsigned int flags = altvalue | LA_SYMB_DLSYM; + uintptr_t new_value = afct->symbind (&sym, ndx, + &match_audit->cookie, + &result_audit->cookie, + &flags, strtab + ref->st_name); + if (new_value != (uintptr_t) sym.st_value) + { + altvalue = LA_SYMB_ALTVALUE; + sym.st_value = new_value; + } + + afct = afct->next; + } + + *value = (void *) sym.st_value; + } +} +rtld_hidden_def (_dl_audit_symbind_alt) + +void +_dl_audit_symbind (struct link_map *l, struct reloc_result *reloc_result, + const ElfW(Sym) *defsym, DL_FIXUP_VALUE_TYPE *value, + lookup_t result) +{ + reloc_result->bound = result; + /* Compute index of the symbol entry in the symbol table of the DSO with the + definition. */ + reloc_result->boundndx = (defsym - (ElfW(Sym) *) D_PTR (result, + l_info[DT_SYMTAB])); + + if ((l->l_audit_any_plt | result->l_audit_any_plt) == 0) + { + /* Set all bits since this symbol binding is not interesting. */ + reloc_result->enterexit = (1u << DL_NNS) - 1; + return; + } + + /* Synthesize a symbol record where the st_value field is the result. */ + ElfW(Sym) sym = *defsym; + sym.st_value = DL_FIXUP_VALUE_ADDR (*value); + + /* Keep track whether there is any interest in tracing the call in the lower + two bits. */ + assert (DL_NNS * 2 <= sizeof (reloc_result->flags) * 8); + assert ((LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT) == 3); + reloc_result->enterexit = LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT; + + const char *strtab2 = (const void *) D_PTR (result, l_info[DT_STRTAB]); + + unsigned int flags = 0; + struct audit_ifaces *afct = GLRO(dl_audit); + for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) + { + /* XXX Check whether both DSOs must request action or only one */ + struct auditstate *l_state = link_map_audit_state (l, cnt); + struct auditstate *result_state = link_map_audit_state (result, cnt); + if ((l_state->bindflags & LA_FLG_BINDFROM) != 0 + && (result_state->bindflags & LA_FLG_BINDTO) != 0) + { + if (afct->symbind != NULL) + { + uintptr_t new_value = afct->symbind (&sym, + reloc_result->boundndx, + &l_state->cookie, + &result_state->cookie, + &flags, + strtab2 + defsym->st_name); + if (new_value != (uintptr_t) sym.st_value) + { + flags |= LA_SYMB_ALTVALUE; + sym.st_value = new_value; + } + } + + /* Remember the results for every audit library and store a summary + in the first two bits. */ + reloc_result->enterexit &= flags & (LA_SYMB_NOPLTENTER + | LA_SYMB_NOPLTEXIT); + reloc_result->enterexit |= ((flags & (LA_SYMB_NOPLTENTER + | LA_SYMB_NOPLTEXIT)) + << ((cnt + 1) * 2)); + } + else + /* If the bind flags say this auditor is not interested, set the bits + manually. */ + reloc_result->enterexit |= ((LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT) + << ((cnt + 1) * 2)); + afct = afct->next; + } + + reloc_result->flags = flags; + *value = DL_FIXUP_ADDR_VALUE (sym.st_value); +} #endif diff --git a/elf/dl-runtime.c b/elf/dl-runtime.c index 29031099f5..680e66a6d6 100644 --- a/elf/dl-runtime.c +++ b/elf/dl-runtime.c @@ -43,83 +43,6 @@ # define ARCH_FIXUP_ATTRIBUTE #endif -#ifdef SHARED -static void -_dl_audit_symbind (struct link_map *l, struct reloc_result *reloc_result, - const ElfW(Sym) *defsym, DL_FIXUP_VALUE_TYPE *value, - lookup_t result) -{ - reloc_result->bound = result; - /* Compute index of the symbol entry in the symbol table of the DSO with the - definition. */ - reloc_result->boundndx = (defsym - (ElfW(Sym) *) D_PTR (result, - l_info[DT_SYMTAB])); - - if ((l->l_audit_any_plt | result->l_audit_any_plt) == 0) - { - /* Set all bits since this symbol binding is not interesting. */ - reloc_result->enterexit = (1u << DL_NNS) - 1; - return; - } - - /* Synthesize a symbol record where the st_value field is the result. */ - ElfW(Sym) sym = *defsym; - sym.st_value = DL_FIXUP_VALUE_ADDR (*value); - - /* Keep track whether there is any interest in tracing the call in the lower - two bits. */ - assert (DL_NNS * 2 <= sizeof (reloc_result->flags) * 8); - assert ((LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT) == 3); - reloc_result->enterexit = LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT; - - const char *strtab2 = (const void *) D_PTR (result, l_info[DT_STRTAB]); - - unsigned int flags = 0; - struct audit_ifaces *afct = GLRO(dl_audit); - for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) - { - /* XXX Check whether both DSOs must request action or only one */ - struct auditstate *l_state = link_map_audit_state (l, cnt); - struct auditstate *result_state = link_map_audit_state (result, cnt); - - if ((l_state->bindflags & LA_FLG_BINDFROM) != 0 - && (result_state->bindflags & LA_FLG_BINDTO) != 0) - { - if (afct->symbind != NULL) - { - uintptr_t new_value = afct->symbind (&sym, - reloc_result->boundndx, - &l_state->cookie, - &result_state->cookie, - &flags, - strtab2 + defsym->st_name); - if (new_value != (uintptr_t) sym.st_value) - { - flags |= LA_SYMB_ALTVALUE; - sym.st_value = new_value; - } - } - - /* Remember the results for every audit library and store a summary - in the first two bits. */ - reloc_result->enterexit &= flags & (LA_SYMB_NOPLTENTER - | LA_SYMB_NOPLTEXIT); - reloc_result->enterexit |= ((flags & (LA_SYMB_NOPLTENTER - | LA_SYMB_NOPLTEXIT)) - << ((cnt + 1) * 2)); - } - else - /* If the bind flags say this auditor is not interested, set the bits - manually. */ - reloc_result->enterexit |= ((LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT) - << ((cnt + 1) * 2)); - afct = afct->next; - } - - reloc_result->flags = flags; - *value = DL_FIXUP_ADDR_VALUE (sym.st_value); -} -#endif /* This function is called through a special trampoline from the PLT the first time each PLT entry is called. We must perform the relocation diff --git a/elf/dl-sym-post.h b/elf/dl-sym-post.h index d68c2d2b1c..a11095d3e8 100644 --- a/elf/dl-sym-post.h +++ b/elf/dl-sym-post.h @@ -52,54 +52,9 @@ _dl_sym_post (lookup_t result, const ElfW(Sym) *ref, void *value, tell us whether further auditing is wanted. */ if (__glibc_unlikely (GLRO(dl_naudit) > 0)) { - const char *strtab = (const char *) D_PTR (result, - l_info[DT_STRTAB]); - /* Compute index of the symbol entry in the symbol table of - the DSO with the definition. */ - unsigned int ndx = (ref - (ElfW(Sym) *) D_PTR (result, - l_info[DT_SYMTAB])); - if (match == NULL) match = _dl_sym_find_caller_link_map (caller); - - if ((match->l_audit_any_plt | result->l_audit_any_plt) != 0) - { - unsigned int altvalue = 0; - struct audit_ifaces *afct = GLRO(dl_audit); - /* Synthesize a symbol record where the st_value field is - the result. */ - ElfW(Sym) sym = *ref; - sym.st_value = (ElfW(Addr)) value; - - for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) - { - struct auditstate *match_audit - = link_map_audit_state (match, cnt); - struct auditstate *result_audit - = link_map_audit_state (result, cnt); - if (afct->symbind != NULL - && ((match_audit->bindflags & LA_FLG_BINDFROM) != 0 - || ((result_audit->bindflags & LA_FLG_BINDTO) - != 0))) - { - unsigned int flags = altvalue | LA_SYMB_DLSYM; - uintptr_t new_value - = afct->symbind (&sym, ndx, - &match_audit->cookie, - &result_audit->cookie, - &flags, strtab + ref->st_name); - if (new_value != (uintptr_t) sym.st_value) - { - altvalue = LA_SYMB_ALTVALUE; - sym.st_value = new_value; - } - } - - afct = afct->next; - } - - value = (void *) sym.st_value; - } + _dl_audit_symbind_alt (match, ref, &value, result); } #endif return value; diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index fa56d43678..f7db886fc0 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1363,6 +1363,20 @@ void _dl_audit_objopen (struct link_map *l, Lmid_t nsid, bool check_audit); /* Call the la_objclose () from audit modules for the link_map L on the namespace identification NSID. */ void _dl_audit_objclose (struct link_map *l, Lmid_t nsid); +/* Call the la_symbind32() or la_symbind64() from audit modules for the + link_map L. The RELOC_RESULT is the entry from link_map::l_reloc_result used + to keep track of the binding actions set by the audir modules, while DEFSYM + is the reference used to resolve the target symbol, VALUE is the relocation + result value (which might be overwritten by the callback), and RESULT is the + link_map for the symbol resolved. */ +void _dl_audit_symbind (struct link_map *l, struct reloc_result *reloc_result, + const ElfW(Sym) *defsym, DL_FIXUP_VALUE_TYPE *value, + lookup_t result); +/* Same as _dl_audit_symbind(), but called from the dlsym(). The flag + LA_SYMB_DLSYM will be set before calling la_symbind() callback. */ +void _dl_audit_symbind_alt (struct link_map *l, const ElfW(Sym) *ref, + void **value, lookup_t result); +rtld_hidden_proto (_dl_audit_symbind_alt) #endif /* SHARED */ #if PTHREAD_IN_LIBC && defined SHARED -- 2.30.2