From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-3.7 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, PDS_RDNS_DYNAMIC_FP,RCVD_IN_DNSWL_MED,RDNS_DYNAMIC,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 27DBA1F8C6 for ; Fri, 30 Jul 2021 19:51:47 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 505EF398200F for ; Fri, 30 Jul 2021 19:51:46 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 505EF398200F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627674706; bh=znrKQgboyfDIg6UhYGDE4sLpUjA0XsGPbvkRUZyc69A=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=nK3vob2CnNunnP26PJK1nkITfJrrHgSWJ1V0iFkqVGaLyTqz2wuwC3ymbquBO0aCV V2LwHyh+7N/erNrn7ysT56qpNDWEOR18Ni92AmcbNFukg/Nk70jSW/Xpll4bhqZf20 Sg37g0mP4eFJRH66G++2UwwDK5b07CNN/9iSoqBE= Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by sourceware.org (Postfix) with ESMTPS id 476983982420 for ; Fri, 30 Jul 2021 19:47:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 476983982420 Received: by mail-pl1-x62e.google.com with SMTP id k1so12304307plt.12 for ; Fri, 30 Jul 2021 12:47:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=znrKQgboyfDIg6UhYGDE4sLpUjA0XsGPbvkRUZyc69A=; b=n7UtK4ARFnhJ9vbT6Hx1IZHsuybeb9oQG+0Bz6AwG48vOb/SVd41c1FI1wv3A4Iq1m tMBMXcsFnp4lW8WTDs8u1twFIxyEqSyXCreWBaIGaiwiL2e09w1IxSql8hWD1by009mL WFOwkWLjCoMciN37r42OVRwiXvLRdbll470n6NE9LDykzGNTacNkMBnIur9tEyVjVRKo n5aFS/PLlJppJS7s2zZP+TOJjFvr/votJZJ2hgiwjpg683EgyIYcpy3uTC28vFP99muo gAIffo/OEcz2cwPi+4QWQlO8jHqF0sGNZf1C20h46u331sJj4j5rivgpE0DC+97dh8Vk yARg== X-Gm-Message-State: AOAM530PrWcJJBHtdpYAb6wEY9seFqCNGAHnbTFKxkXif0FcMIF1Dyo7 Rxj6d5lasE97FlVAk4KQlujN+ufcQOHQ4Q== X-Google-Smtp-Source: ABdhPJxKn6uyQPZy386+pLfJkAJj9z23+p/4Clb62CmtYrYI7wamrOdImm1Thwn+2MUgW1bdLioTgA== X-Received: by 2002:a17:902:c711:b029:12c:9b3c:9986 with SMTP id p17-20020a170902c711b029012c9b3c9986mr1468558plp.44.1627674455192; Fri, 30 Jul 2021 12:47:35 -0700 (PDT) Received: from birita.. ([2804:431:c7cb:43e2:6c33:fd81:e602:d33]) by smtp.gmail.com with ESMTPSA id c12sm3041426pfl.56.2021.07.30.12.47.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jul 2021 12:47:34 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH v3 05/20] elf: Fix initial-exec TLS access on audit modules (BZ #28096) Date: Fri, 30 Jul 2021 16:47:00 -0300 Message-Id: <20210730194715.881900-6-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210730194715.881900-1-adhemerval.zanella@linaro.org> References: <20210730194715.881900-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Adhemerval Zanella via Libc-alpha Reply-To: Adhemerval Zanella Cc: John Mellor-Crummey Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" For ldaudit modules or dependencies with initial-exec TLS, we can not set the initial TLS image on default loader initialization because it would already be set by the ldaudit setup. However, subsequent thread creation would need to follow the default behaviour. This patch fixes by making_dl_new_object() sets a new link_map flag 'l_dont_set_tls_static' only for __RTLD_AUDIT modules. The flag is later reset on _dl_allocate_tls_init(). Checked on x86_64-linux-gnu. --- elf/Makefile | 5 ++++ elf/dl-object.c | 3 ++ elf/dl-tls.c | 16 +++++++--- elf/rtld.c | 2 ++ elf/tst-audit21.c | 42 +++++++++++++++++++++++++++ elf/tst-auditmod21.c | 69 ++++++++++++++++++++++++++++++++++++++++++++ include/link.h | 2 ++ 7 files changed, 135 insertions(+), 4 deletions(-) create mode 100644 elf/tst-audit21.c create mode 100644 elf/tst-auditmod21.c diff --git a/elf/Makefile b/elf/Makefile index 519ba595dc..78ab9f2228 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -223,6 +223,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \ tst-audit18a tst-audit18b \ tst-audit19 \ tst-audit20 \ + tst-audit21 \ tst-single_threaded tst-single_threaded-pthread \ tst-tls-ie tst-tls-ie-dlmopen argv0test \ tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \ @@ -307,6 +308,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \ tst-auditmod18a tst-auditmod18b tst-audit18bmod \ tst-auditmod19 \ tst-auditmod20 tst-audit20mod \ + tst-auditmod21 \ $(if $(CXX),tst-unique3lib tst-unique3lib2 tst-unique4lib \ tst-nodelete-uniquemod tst-nodelete-rtldmod \ tst-nodelete-zmod \ @@ -1520,6 +1522,9 @@ $(objpfx)tst-audit20.out: $(objpfx)tst-auditmod20.so \ $(objpfx)tst-audit20mod.so tst-audit20-ARGS = -- $(host-test-program-cmd) +$(objpfx)tst-audit21.out: $(objpfx)tst-auditmod21.so +tst-audit21-ENV = LD_AUDIT=$(objpfx)tst-auditmod21.so + # tst-sonamemove links against an older implementation of the library. LDFLAGS-tst-sonamemove-linkmod1.so = \ -Wl,--version-script=tst-sonamemove-linkmod1.map \ diff --git a/elf/dl-object.c b/elf/dl-object.c index 1875599eb2..eb2158a84b 100644 --- a/elf/dl-object.c +++ b/elf/dl-object.c @@ -175,6 +175,9 @@ _dl_new_object (char *realname, const char *libname, int type, new->l_local_scope[0] = &new->l_searchlist; + if (mode & __RTLD_AUDIT) + new->l_dont_set_tls_static = 1; + /* Determine the origin. If allocating the link map for the main executable, the realname is not known and "". In this case, the origin needs to be determined by other means. However, in case diff --git a/elf/dl-tls.c b/elf/dl-tls.c index 423e380f7c..4763fdb856 100644 --- a/elf/dl-tls.c +++ b/elf/dl-tls.c @@ -593,10 +593,18 @@ _dl_allocate_tls_init (void *result) some platforms use in static programs requires it. */ dtv[map->l_tls_modid].pointer.val = dest; - /* Copy the initialization image and clear the BSS part. */ - memset (__mempcpy (dest, map->l_tls_initimage, - map->l_tls_initimage_size), '\0', - map->l_tls_blocksize - map->l_tls_initimage_size); + /* Copy the initialization image and clear the BSS part. For + ldaudit modules or depedencies with initial-exec TLS, we can not + set the initial TLS image on default loader initialization + because it would already be set by the ldaudit setup. However, + subsequent thread creation would need to follow the default + behaviour. */ + if (__glibc_unlikely (!map->l_dont_set_tls_static)) + memset (__mempcpy (dest, map->l_tls_initimage, + map->l_tls_initimage_size), '\0', + map->l_tls_blocksize - map->l_tls_initimage_size); + else + map->l_dont_set_tls_static = 0; } total += cnt; diff --git a/elf/rtld.c b/elf/rtld.c index 374bf86a69..1312378b5f 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1053,6 +1053,8 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d); /* Mark the DSO as being used for auditing. */ dlmargs.map->l_auditing = 1; + /* Mark the DSO to not clear the TLS bss in tls initialization. */ + dlmargs.map->l_dont_set_tls_static = 1; } /* Notify the the audit modules that the object MAP has already been diff --git a/elf/tst-audit21.c b/elf/tst-audit21.c new file mode 100644 index 0000000000..7f4996d66f --- /dev/null +++ b/elf/tst-audit21.c @@ -0,0 +1,42 @@ +/* Check DT_AUDIT with static TLS. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +static volatile __thread int out __attribute__ ((tls_model ("initial-exec"))); + +static void * +tf (void *) +{ + TEST_COMPARE (out, 0); + out = isspace (' '); + return NULL; +} + +int main (int argc, char *argv[]) +{ + TEST_COMPARE (out, 0); + out = isspace (' '); + + pthread_t t = xpthread_create (NULL, tf, NULL); + xpthread_join (t); + + return 0; +} diff --git a/elf/tst-auditmod21.c b/elf/tst-auditmod21.c new file mode 100644 index 0000000000..e6248622f4 --- /dev/null +++ b/elf/tst-auditmod21.c @@ -0,0 +1,69 @@ +/* Check DT_AUDIT with static TLS. + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +#define tls_ie __attribute__ ((tls_model ("initial-exec"))) + +__thread int tls_var0 tls_ie; +__thread int tls_var1 tls_ie = 0x10; + +static volatile int out; + +static void +call_libc (void) +{ + /* isspace() access the initial-exec glibc TLS variables, which are + setup in glibc initialization. */ + out = isspace (' '); +} + +unsigned int +la_version (unsigned int v) +{ + tls_var0 = 0x1; + if (tls_var1 != 0x10) + abort (); + tls_var1 = 0x20; + call_libc (); + return LAV_CURRENT; +} + +unsigned int +la_objopen (struct link_map* map, Lmid_t lmid, uintptr_t* cookie) +{ + call_libc (); + *cookie = (uintptr_t) map; + return 0; +} + +void +la_activity (uintptr_t* cookie, unsigned int flag) +{ + if (tls_var0 != 0x1 || tls_var1 != 0x20) + abort (); + call_libc (); +} + +void +la_preinit (uintptr_t* cookie) +{ + call_libc (); +} diff --git a/include/link.h b/include/link.h index ebd0f511e2..aca6fa58dc 100644 --- a/include/link.h +++ b/include/link.h @@ -190,6 +190,8 @@ struct link_map unsigned int l_need_tls_init:1; /* Nonzero if GL(dl_init_static_tls) should be called on this link map when relocation finishes. */ + unsigned int l_dont_set_tls_static:1; /* Non zero if static TLS setup should + not be initialized. */ unsigned int l_auditing:1; /* Nonzero if the DSO is used in auditing. */ unsigned int l_audit_any_plt:1; /* Nonzero if at least one audit module is interested in the PLT interception.*/ -- 2.30.2