Re: [PATCH v4 00/10] fix ifunc with static pie [BZ #27072]

[Adhemerval Zanella via Libc-alpha <libc-alpha@sourceware.org>]

As a side note I tried your branch with a build for all support Linux
ABIs and it as least improves by issuing an error on architectures
where previously indicated support static-pie but it is broken in practice
(powerpc for instance [1])

So currently static-pie are support for all architectures, however it
fails to build for:

alpha-linux-gnu
arc-linux-gnuhf
hppa-linux-gnu
ia64-linux-gnu
m68k-linux-gnu
microblaze-linux-gnu
riscv32-linux-gnu-rv32imafdc-ilp32d
riscv64-linux-gnu-rv64imafdc-lp64d
s390-linux-gnu
sparc64-linux-gnu
sparcv9-linux-gnu

By requiring PI_STATIC_AND_HIDDEN hppa, m68, microblaze, mips, nios2,
and powerpc fail at configure.  Some architecture still fails at build:

alpha-linux-gnu
arc-linux-gnuhf
riscv32-linux-gnu-rv32imafdc-ilp32d
riscv64-linux-gnu-rv64imafdc-lp64d
s390-linux-gnu
sparc64-linux-gnu
sparcv9-linux-gnu

I haven't checked if mips is currently broken for static-pie (since
as for powerpc, it does not define PI_STATIC_AND_HIDDEN); but I would
expect so.

It would be good if we could avoid building the broken configuration
and warn it on configure, but I don't think this should be a blocker.
The NEWS for 2.27 states this features is only supported for x86
and aarch64, so I wonder if would be better to just enable it for
the supported architectures instead of relying on PI_STATIC_AND_HIDDEN.

I will finish review the patchset tomorrow.

[1] https://bugs.gentoo.org/719444

On 18/01/2021 13:22, Szabolcs Nagy via Libc-alpha wrote:
> v4:
> - added patches from H.J.Lu:
> 	- x86: fix libmvec tests
> 	- x86: fix syscalls in libc_enable_secure
> 	- x86: avoid relative reloc for _dl_sysinfo
> 	- x86: add ifunc test
> - i386 cannot mark all symbols hidden, so use fine grain
>   marking in files that participate in early code before
>   static pie self relocation.
> - the patch that makes all libc symbols hidden is still
>   included: it is now only an optimization for non-i386
>   targets.
> 
> v3:
> - refactor tunables: move internals out of dl-tunables.h
> - use generated max string length in the tunables list
>   instead of magic values.
> 
> v2:
> - check PI_STATIC_AND_HIDDEN for --enable-static-pie
> - change string buffer sizes in the tunables
> - fix env_alias == NULL logic in __tunables_init
> - move __ehdr_start processing after self relocation
> 
> 
> force pushed into nsz/bug27072 branch.
> 
> Issues that are not addressed:
> - tunables try to allocate memory even with non-suid exe.
>   allocation is only needed for rewriting the GLIBC_TUNABLES
>   env var. (i think a case can be made that if anything there
>   is TUNABLE_SECLEVEL_SXID_ERASE then this env var would be
>   simply dropped, that would simplify this significantly).
> - __sbrk only needs the hidden visibility magic because of
>   tunables, ideally we would not do allocations before self
>   relocation.
> - tunable list data structure is not optimized for compactness.
> - all symbols are forced hidden in libc.a, but i think lib*.a
>   should do the same. (other than lib*_nonshared.a)
> - i386 introduced a fair bit of complications: may be avoiding
>   relative relocs is too much to ask for and relocations should
>   be done in two steps after all: relative first, then irelative
>   when tunable etc are set up.
> 
> H.J. Lu (4):
>   libmvec: Add extra-test-objs to test-extras
>   elf: Avoid RELATIVE relocation for _dl_sysinfo
>   Use <startup.h> in __libc_init_secure
>   x86: Check ifunc resolver with CPU_FEATURE_USABLE [BZ #27072]
> 
> Szabolcs Nagy (6):
>   configure: Require PI_STATIC_AND_HIDDEN for static pie
>   elf: Make the tunable struct definition internal only
>   elf: Avoid RELATIVE relocs in __tunables_init
>   Use hidden visibility for early static PIE code
>   csu: Move static pie self relocation later [BZ #27072]
>   Make libc symbols hidden in static PIE
> 
>  configure                                    |  14 +++
>  configure.ac                                 |   5 +
>  csu/libc-start.c                             |  48 +++++---
>  elf/dl-reloc-static-pie.c                    |   2 +
>  elf/dl-support.c                             |  18 ++-
>  elf/dl-tunable-types.h                       |  42 +++++--
>  elf/dl-tunables.c                            |   6 +-
>  elf/dl-tunables.h                            |  35 ++----
>  elf/enbl-secure.c                            |  10 +-
>  include/libc-symbols.h                       |   9 +-
>  misc/sbrk.c                                  |   4 +
>  scripts/gen-tunables.awk                     |  16 ++-
>  sysdeps/generic/startup.h                    |  26 ++++
>  sysdeps/unix/sysv/linux/aarch64/libc-start.c |   5 +
>  sysdeps/unix/sysv/linux/i386/startup.h       |  29 ++++-
>  sysdeps/x86/Makefile                         |  14 +++
>  sysdeps/x86/libc-start.c                     |   5 +
>  sysdeps/x86/tst-ifunc-isa-1-static.c         |   1 +
>  sysdeps/x86/tst-ifunc-isa-1.c                | 115 ++++++++++++++++++
>  sysdeps/x86/tst-ifunc-isa-2-static.c         |   1 +
>  sysdeps/x86/tst-ifunc-isa-2.c                | 119 +++++++++++++++++++
>  sysdeps/x86_64/fpu/Makefile                  |   8 ++
>  22 files changed, 465 insertions(+), 67 deletions(-)
>  create mode 100644 sysdeps/x86/tst-ifunc-isa-1-static.c
>  create mode 100644 sysdeps/x86/tst-ifunc-isa-1.c
>  create mode 100644 sysdeps/x86/tst-ifunc-isa-2-static.c
>  create mode 100644 sysdeps/x86/tst-ifunc-isa-2.c
>