[PATCH v2 0/6] Some rtld-audit fixes

[PATCH v2 0/6] Some rtld-audit fixes

[Adhemerval Zanella via Libc-alpha]

Changes from v1 [1]

  - Fixed -fstack-protector-all tst-auditmod17.
  - Simplify the _dl_call_libc_early_init call the 'Fix audit
    regression' patch.
  - Remove symbind check fr BZ#15333.
  - Added the BZ#28096 fix.

---

This patchset fixes some rtld-audit issues brought by John
Mellor-Crummey [2] while trying to use it along with the HPCToolkit
tool.  This should cover the issues listed as 'Tier 1' [3], modulo
the aarch64 onexi (which I plan to address in a different patch set)
and also an important 'Tier2' issue (BZ#28096) which prevents the
use of some glibc function that uses TLS internally on the audir
module.

The first patch fixes a regression issue introduced by a
__libc_early_init() change.

The second patch is long-standing issue where the lazy resolution
trampolines are used even when the audit modules does not implement
the PLT or symbol binding callback.  The original patch from
Alexander Monakov is incomplete, since it also requires to take
la_symbind{32,64} in consideration.

The third patch add some tests to check if TLSDESC works along with
audit modules.

The forth patch fixes an issue when a dlmopen failure in a audit
module callback trigger an assert.

The fifth patch fixes another dlmopen failure when audit module
is used along with dlmopen.  This patch was proposed along with 
RTLD_SHARED support, so I added a regression test.

The final patch fixes an issue where the initial-exec TLS are reset
after the audit modules is already loader (thus clearing any state
that the library might update).

[1] https://patchwork.sourceware.org/project/glibc/list/?series=2443
[2] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html
[3] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDna9gL5BWWI0/edit#

Adhemerval Zanella (5):
  elf: Fix audit regression
  elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)
  elf: Add audit tests for modules with TLSDESC
  elf: Do not fail for failed dlopem on audit modules (BZ #28061)
  elf: Fix initial-exec TLS access on audit modules (BZ #28096)

Vivek Das Mohapatra (1):
  elf: Suppress audit calls when a (new) namespace is empty (BZ #28062)

 NEWS                           |   4 ++
 elf/Makefile                   |  43 ++++++++++-
 elf/dl-load.c                  |   7 +-
 elf/dl-object.c                |   3 +
 elf/dl-open.c                  |  12 +---
 elf/dl-reloc.c                 |  12 +++-
 elf/dl-tls.c                   |  16 +++--
 elf/rtld.c                     |  10 +--
 elf/tst-audit-tlsdesc-audit.c  |  23 ++++++
 elf/tst-audit-tlsdesc-dlopen.c |  67 +++++++++++++++++
 elf/tst-audit-tlsdesc.c        |  60 ++++++++++++++++
 elf/tst-audit17.c              |  25 +++++++
 elf/tst-audit18.c              |  39 ++++++++++
 elf/tst-audit19.c              |  25 +++++++
 elf/tst-audit20.c              | 128 +++++++++++++++++++++++++++++++++
 elf/tst-audit20mod.c           |  26 +++++++
 elf/tst-audit21.c              |  42 +++++++++++
 elf/tst-auditmod-tlsdesc1.c    |  41 +++++++++++
 elf/tst-auditmod-tlsdesc2.c    |  33 +++++++++
 elf/tst-auditmod17.c           |  23 ++++++
 elf/tst-auditmod18.c           |  24 +++++++
 elf/tst-auditmod19.c           |  57 +++++++++++++++
 elf/tst-auditmod20.c           |  73 +++++++++++++++++++
 elf/tst-auditmod21.c           |  69 ++++++++++++++++++
 include/link.h                 |   4 ++
 25 files changed, 840 insertions(+), 26 deletions(-)
 create mode 100644 elf/tst-audit-tlsdesc-audit.c
 create mode 100644 elf/tst-audit-tlsdesc-dlopen.c
 create mode 100644 elf/tst-audit-tlsdesc.c
 create mode 100644 elf/tst-audit17.c
 create mode 100644 elf/tst-audit18.c
 create mode 100644 elf/tst-audit19.c
 create mode 100644 elf/tst-audit20.c
 create mode 100644 elf/tst-audit20mod.c
 create mode 100644 elf/tst-audit21.c
 create mode 100644 elf/tst-auditmod-tlsdesc1.c
 create mode 100644 elf/tst-auditmod-tlsdesc2.c
 create mode 100644 elf/tst-auditmod17.c
 create mode 100644 elf/tst-auditmod18.c
 create mode 100644 elf/tst-auditmod19.c
 create mode 100644 elf/tst-auditmod20.c
 create mode 100644 elf/tst-auditmod21.c

-- 
2.30.2

[PATCH v2 1/6] elf: Fix audit regression

[Adhemerval Zanella via Libc-alpha]

Commit 03e187a41d9 added a regression when an audit module does not have
libc as DT_NEEDED (although unusual it is possible).

Checked on x86_64-linux-gnu.
---
 elf/Makefile         | 12 +++++++++++-
 elf/dl-open.c        | 10 +---------
 elf/tst-audit17.c    | 25 +++++++++++++++++++++++++
 elf/tst-auditmod17.c | 23 +++++++++++++++++++++++
 4 files changed, 60 insertions(+), 10 deletions(-)
 create mode 100644 elf/tst-audit17.c
 create mode 100644 elf/tst-auditmod17.c

diff --git a/elf/Makefile b/elf/Makefile
index 4fe60947ad..3216d67bb4 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -219,7 +219,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \
 	 tst-dlopenfail-2 \
 	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
-	 tst-audit14 tst-audit15 tst-audit16 \
+	 tst-audit14 tst-audit15 tst-audit16 tst-audit17 \
 	 tst-single_threaded tst-single_threaded-pthread \
 	 tst-tls-ie tst-tls-ie-dlmopen argv0test \
 	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
@@ -1478,6 +1478,16 @@ $(objpfx)tst-auditlogmod-3.so: $(libsupport)
 $(objpfx)tst-audit16.out: \
   $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so \
   $(objpfx)tst-auditlogmod-3.so
+$(objpfx)tst-audit17.out: $(objpfx)tst-auditmod17.so
+# The test check if a audit library without libc.so on DT_NEEDED works as
+# intended, so it uses an explicit link rule.
+$(objpfx)tst-auditmod17.so: $(objpfx)tst-auditmod17.os
+	$(CC) -nostdlib -nostartfiles -shared -o $@.new \
+	$(filter-out $(map-file),$^)
+	$(call after-link,$@.new)
+	mv -f $@.new $@
+CFLAGS-.os += $(call elide-stack-protector,.os,tst-auditmod17)
+tst-audit17-ENV = LD_AUDIT=$(objpfx)tst-auditmod17.so
 
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
diff --git a/elf/dl-open.c b/elf/dl-open.c
index d2240d8747..218a8312a3 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -770,15 +770,7 @@ dl_open_worker (void *a)
   if (!args->libc_already_loaded)
     {
       struct link_map *libc_map = GL(dl_ns)[args->nsid].libc_map;
-#ifdef SHARED
-      bool initial = libc_map->l_ns == LM_ID_BASE;
-#else
-      /* In the static case, there is only one namespace, but it
-	 contains a secondary libc (the primary libc is statically
-	 linked).  */
-      bool initial = false;
-#endif
-      _dl_call_libc_early_init (libc_map, initial);
+      _dl_call_libc_early_init (libc_map, false);
     }
 
   /* Run the initializer functions of new objects.  Temporarily
diff --git a/elf/tst-audit17.c b/elf/tst-audit17.c
new file mode 100644
index 0000000000..92986699d4
--- /dev/null
+++ b/elf/tst-audit17.c
@@ -0,0 +1,25 @@
+/* Check DT_AUDIT with audit not linked against libc.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+static int
+do_test (void)
+{
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-auditmod17.c b/elf/tst-auditmod17.c
new file mode 100644
index 0000000000..7a4467f597
--- /dev/null
+++ b/elf/tst-auditmod17.c
@@ -0,0 +1,23 @@
+/* Check DT_AUDIT with audit not linked against libc.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+unsigned int
+la_version (unsigned int version)
+{
+  return version;
+}
-- 
2.30.2

[PATCH v2 2/6] elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)

[Adhemerval Zanella via Libc-alpha]

The rtld-audit interfaces introduces a slowdown due to enabling profiling
instrumentation (as if LD_AUDIT implied LD_PROFILE).  However, instrumenting
is only necessary if one of audit libraries provides PLT (la_plt{enter,exit}
symbols).  Otherwise, the slowdown can be avoided.

The following patch adjusts the logic that enables profiling to iterate
over all audit modules and check if any of those provides a PLT hook.

Co-authored-by: Alexander Monakov <amonakov@ispras.dot.ru>
---
 NEWS                 |  4 ++++
 elf/Makefile         |  6 +++++-
 elf/dl-reloc.c       | 12 +++++++++++-
 elf/rtld.c           |  8 +-------
 elf/tst-audit18.c    | 39 +++++++++++++++++++++++++++++++++++++++
 elf/tst-auditmod18.c | 24 ++++++++++++++++++++++++
 include/link.h       |  2 ++
 7 files changed, 86 insertions(+), 9 deletions(-)
 create mode 100644 elf/tst-audit18.c
 create mode 100644 elf/tst-auditmod18.c

diff --git a/NEWS b/NEWS
index 13ffe627da..8fde312ec6 100644
--- a/NEWS
+++ b/NEWS
@@ -76,6 +76,10 @@ Major new features:
   equal to a giver integer.  This function is a GNU extension, although
   Solaris also provides a similar function.
 
+* The audit libraries will avoid unnecessary slowdown if it is not required
+  either PLT tracking or symbol binding profiling (enabled with LA_FLG_BINDFROM
+  or LA_FLG_BINDTO from la_objopen() callback).
+
 Deprecated and removed features, and other changes affecting compatibility:
 
 * The function pthread_mutex_consistent_np has been deprecated; programs
diff --git a/elf/Makefile b/elf/Makefile
index 3216d67bb4..9e2d766c03 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -219,7 +219,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \
 	 tst-dlopenfail-2 \
 	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
-	 tst-audit14 tst-audit15 tst-audit16 tst-audit17 \
+	 tst-audit14 tst-audit15 tst-audit16 tst-audit17 tst-audit18 \
 	 tst-single_threaded tst-single_threaded-pthread \
 	 tst-tls-ie tst-tls-ie-dlmopen argv0test \
 	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
@@ -301,6 +301,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		tst-unique1mod1 tst-unique1mod2 \
 		tst-unique2mod1 tst-unique2mod2 \
 		tst-auditmod9a tst-auditmod9b \
+		tst-auditmod18 \
 		$(if $(CXX),tst-unique3lib tst-unique3lib2 tst-unique4lib \
 		  tst-nodelete-uniquemod tst-nodelete-rtldmod \
 		  tst-nodelete-zmod \
@@ -1489,6 +1490,9 @@ $(objpfx)tst-auditmod17.so: $(objpfx)tst-auditmod17.os
 CFLAGS-.os += $(call elide-stack-protector,.os,tst-auditmod17)
 tst-audit17-ENV = LD_AUDIT=$(objpfx)tst-auditmod17.so
 
+$(objpfx)tst-audit18.out: $(objpfx)tst-auditmod18.so
+tst-audit18-ENV = LD_AUDIT=$(objpfx)tst-auditmod18.so
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \
diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c
index e13a672ade..2abcfc996f 100644
--- a/elf/dl-reloc.c
+++ b/elf/dl-reloc.c
@@ -181,7 +181,17 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
 #ifdef SHARED
   /* If we are auditing, install the same handlers we need for profiling.  */
   if ((reloc_mode & __RTLD_AUDIT) == 0)
-    consider_profiling |= GLRO(dl_audit) != NULL;
+    {
+      struct audit_ifaces *afct = GLRO(dl_audit);
+      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
+	{
+	  /* Profiling is needed only if PLT hooks are provided.  */
+	  if (afct->ARCH_LA_PLTENTER != NULL
+	      || afct->ARCH_LA_PLTEXIT != NULL)
+	    consider_profiling = 1;
+	  afct = afct->next;
+	}
+    }
 #elif defined PROF
   /* Never use dynamic linker profiling for gprof profiling code.  */
 # define consider_profiling 0
diff --git a/elf/rtld.c b/elf/rtld.c
index d733359eaf..374bf86a69 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -1013,13 +1013,7 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d);
     "la_objsearch\0"
     "la_objopen\0"
     "la_preinit\0"
-#if __ELF_NATIVE_CLASS == 32
-    "la_symbind32\0"
-#elif __ELF_NATIVE_CLASS == 64
-    "la_symbind64\0"
-#else
-# error "__ELF_NATIVE_CLASS must be defined"
-#endif
+    LA_SYMBIND "\0"
 #define STRING(s) __STRING (s)
     "la_" STRING (ARCH_LA_PLTENTER) "\0"
     "la_" STRING (ARCH_LA_PLTEXIT) "\0"
diff --git a/elf/tst-audit18.c b/elf/tst-audit18.c
new file mode 100644
index 0000000000..36b781f9be
--- /dev/null
+++ b/elf/tst-audit18.c
@@ -0,0 +1,39 @@
+/* Check if DT_AUDIT a module without la_plt{enter,exit} symbols does not incur
+   in profiling (BZ#15533).
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <stdio.h>
+
+/* We interpose the profile resolver and if it is called it means profiling is
+   enabled.  */
+void
+_dl_runtime_profile (ElfW(Word) addr)
+{
+  volatile int *p = NULL;
+  *p = 0;
+}
+
+static int
+do_test (void)
+{
+  printf ("...");
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-auditmod18.c b/elf/tst-auditmod18.c
new file mode 100644
index 0000000000..6d1b55223e
--- /dev/null
+++ b/elf/tst-auditmod18.c
@@ -0,0 +1,24 @@
+/* Check if DT_ADIT a module without la_plt{enter,exit} symbols does not incur
+   in profiling (BZ#15533).
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+unsigned int
+la_version (unsigned int version)
+{
+  return version;
+}
diff --git a/include/link.h b/include/link.h
index 4af16cb596..ebd0f511e2 100644
--- a/include/link.h
+++ b/include/link.h
@@ -355,8 +355,10 @@ struct auditstate
 
 #if __ELF_NATIVE_CLASS == 32
 # define symbind symbind32
+# define LA_SYMBIND "la_symbind32"
 #elif __ELF_NATIVE_CLASS == 64
 # define symbind symbind64
+# define LA_SYMBIND "la_symbind64"
 #else
 # error "__ELF_NATIVE_CLASS must be defined"
 #endif
-- 
2.30.2

[PATCH v2 3/6] elf: Add audit tests for modules with TLSDESC

[Adhemerval Zanella via Libc-alpha]

---
 elf/Makefile                   | 14 +++++++
 elf/tst-audit-tlsdesc-audit.c  | 23 ++++++++++++
 elf/tst-audit-tlsdesc-dlopen.c | 67 ++++++++++++++++++++++++++++++++++
 elf/tst-audit-tlsdesc.c        | 60 ++++++++++++++++++++++++++++++
 elf/tst-auditmod-tlsdesc1.c    | 41 +++++++++++++++++++++
 elf/tst-auditmod-tlsdesc2.c    | 33 +++++++++++++++++
 6 files changed, 238 insertions(+)
 create mode 100644 elf/tst-audit-tlsdesc-audit.c
 create mode 100644 elf/tst-audit-tlsdesc-dlopen.c
 create mode 100644 elf/tst-audit-tlsdesc.c
 create mode 100644 elf/tst-auditmod-tlsdesc1.c
 create mode 100644 elf/tst-auditmod-tlsdesc2.c

diff --git a/elf/Makefile b/elf/Makefile
index 9e2d766c03..20414bbc10 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -371,6 +371,20 @@ modules-names += tst-gnu2-tls1mod
 $(objpfx)tst-gnu2-tls1: $(objpfx)tst-gnu2-tls1mod.so
 tst-gnu2-tls1mod.so-no-z-defs = yes
 CFLAGS-tst-gnu2-tls1mod.c += -mtls-dialect=gnu2
+
+tests += tst-audit-tlsdesc tst-audit-tlsdesc-dlopen
+modules-names += tst-auditmod-tlsdesc1 tst-auditmod-tlsdesc2 tst-audit-tlsdesc-audit
+$(objpfx)tst-audit-tlsdesc: $(objpfx)tst-auditmod-tlsdesc1.so \
+			    $(objpfx)tst-auditmod-tlsdesc2.so \
+			    $(shared-thread-library)
+CFLAGS-tst-auditmod-tlsdesc1.c += -mtls-dialect=gnu2
+CFLAGS-tst-auditmod-tlsdesc2.c += -mtls-dialect=gnu2
+$(objpfx)tst-audit-tlsdesc-dlopen: $(shared-thread-library)
+$(objpfx)tst-audit-tlsdesc-dlopen.out: $(objpfx)tst-auditmod-tlsdesc1.so \
+				       $(objpfx)tst-auditmod-tlsdesc2.so
+$(objpfx)tst-auditmod-tlsdesc1.so: $(objpfx)tst-auditmod-tlsdesc2.so
+tst-audit-tlsdesc-ENV = LD_AUDIT=$(objpfx)tst-audit-tlsdesc-audit.so
+tst-audit-tlsdesc-dlopen-ENV = LD_AUDIT=$(objpfx)tst-audit-tlsdesc-audit.so
 endif
 ifeq (yes,$(have-protected-data))
 modules-names += tst-protected1moda tst-protected1modb
diff --git a/elf/tst-audit-tlsdesc-audit.c b/elf/tst-audit-tlsdesc-audit.c
new file mode 100644
index 0000000000..53993830c9
--- /dev/null
+++ b/elf/tst-audit-tlsdesc-audit.c
@@ -0,0 +1,23 @@
+/* DT_AUDIT with modules with TLSDESC.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+unsigned int
+la_version (unsigned int version)
+{
+  return version;
+}
diff --git a/elf/tst-audit-tlsdesc-dlopen.c b/elf/tst-audit-tlsdesc-dlopen.c
new file mode 100644
index 0000000000..e4d631fc94
--- /dev/null
+++ b/elf/tst-audit-tlsdesc-dlopen.c
@@ -0,0 +1,67 @@
+/* DT_AUDIT with modules with TLSDESC.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <support/check.h>
+#include <support/xthread.h>
+#include <support/xdlfcn.h>
+
+static void *
+thr_func (void *mod)
+{
+  int* (*get_global1)(void) = xdlsym (mod, "get_global1");
+  int* (*get_global2)(void) = xdlsym (mod, "get_global2");
+  void (*set_global2)(int) = xdlsym (mod, "set_global2");
+  int* (*get_local1)(void) = xdlsym (mod, "get_local1");
+  int* (*get_local2)(void) = xdlsym (mod, "get_local2");
+
+  int *global1 = get_global1 ();
+  TEST_COMPARE (*global1, 0);
+  ++*global1;
+
+  int *global2 = get_global2 ();
+  TEST_COMPARE (*global2, 0);
+  ++*global2;
+  TEST_COMPARE (*global2, 1);
+
+  set_global2 (10);
+  TEST_COMPARE (*global2, 10);
+
+  int *local1 = get_local1 ();
+  TEST_COMPARE (*local1, 0);
+  ++*local1;
+
+  int *local2 = get_local2 ();
+  TEST_COMPARE (*local2, 0);
+  ++*local2;
+
+  return 0;
+}
+
+static int
+do_test (void)
+{
+  void *mod = xdlopen ("tst-auditmod-tlsdesc1.so", RTLD_LAZY);
+
+  pthread_t thr = xpthread_create (NULL, thr_func, mod);
+  void *r = xpthread_join (thr);
+  TEST_VERIFY (r == NULL);
+
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-audit-tlsdesc.c b/elf/tst-audit-tlsdesc.c
new file mode 100644
index 0000000000..3c8be81c95
--- /dev/null
+++ b/elf/tst-audit-tlsdesc.c
@@ -0,0 +1,60 @@
+/* DT_AUDIT with modules with TLSDESC.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <support/check.h>
+#include <support/xthread.h>
+
+extern __thread int global1;
+extern __thread int global2;
+void *get_local1 (void);
+void set_global2 (int v);
+void *get_local2 (void);
+
+static void *
+thr_func (void *clousure)
+{
+  TEST_COMPARE (global1, 0);
+  ++global1;
+  TEST_COMPARE (global2, 0);
+  ++global2;
+  TEST_COMPARE (global2, 1);
+
+  set_global2 (10);
+  TEST_COMPARE (global2, 10);
+
+  int *local1 = get_local1 ();
+  TEST_COMPARE (*local1, 0);
+  ++*local1;
+
+  int *local2 = get_local2 ();
+  TEST_COMPARE (*local2, 0);
+  ++*local2;
+
+  return 0;
+}
+
+static int
+do_test (void)
+{
+  pthread_t thr = xpthread_create (NULL, thr_func, NULL);
+  void *r = xpthread_join (thr);
+  TEST_VERIFY (r == NULL);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-auditmod-tlsdesc1.c b/elf/tst-auditmod-tlsdesc1.c
new file mode 100644
index 0000000000..61c7dd99a2
--- /dev/null
+++ b/elf/tst-auditmod-tlsdesc1.c
@@ -0,0 +1,41 @@
+/* DT_AUDIT with modules with TLSDESC.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+__thread int global1;
+
+int *
+get_global1 (void)
+{
+  return &global1;
+}
+
+static __thread int local1;
+
+void *
+get_local1 (void)
+{
+  return &local1;
+}
+
+extern __thread int global2;
+
+void
+set_global2 (int v)
+{
+  global2 = v;
+}
diff --git a/elf/tst-auditmod-tlsdesc2.c b/elf/tst-auditmod-tlsdesc2.c
new file mode 100644
index 0000000000..28aef635f6
--- /dev/null
+++ b/elf/tst-auditmod-tlsdesc2.c
@@ -0,0 +1,33 @@
+/* DT_AUDIT with modules with TLSDESC.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+__thread int global2;
+
+int *
+get_global2 (void)
+{
+  return &global2;
+}
+
+static __thread int local2;
+
+void *
+get_local2 (void)
+{
+  return &local2;
+}
-- 
2.30.2

[PATCH v2 4/6] elf: Do not fail for failed dlopem on audit modules (BZ #28061)

[Adhemerval Zanella via Libc-alpha]

The dl_main() sets the LM_ID_BASE to RT_ADD just before starting to
add load new shared objects.  The state is set to R_CONSISTENT just
after all objects are loaded.

However if a audit modules tries to dlmopen() an inexistent module,
the _dl_open() will assert that the namespace is in an inconsistent
state.

This is different than dlopen(), since first it will not use
LM_ID_BASE and second _dl_map_object_from_fd() is the sole responsible
to set and reset the r_state value.

So the assert() on _dl_open() can not really see if the state is
consistent since it is _dt_main() that reset is.  This patch removes
the assert.

Checked on x86_64-linux-gnu.
---
 elf/Makefile         |  6 ++++-
 elf/dl-open.c        |  2 --
 elf/tst-audit19.c    | 25 +++++++++++++++++++
 elf/tst-auditmod19.c | 57 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 87 insertions(+), 3 deletions(-)
 create mode 100644 elf/tst-audit19.c
 create mode 100644 elf/tst-auditmod19.c

diff --git a/elf/Makefile b/elf/Makefile
index 20414bbc10..7f460545bb 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -220,6 +220,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-dlopenfail-2 \
 	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
 	 tst-audit14 tst-audit15 tst-audit16 tst-audit17 tst-audit18 \
+	 tst-audit19 \
 	 tst-single_threaded tst-single_threaded-pthread \
 	 tst-tls-ie tst-tls-ie-dlmopen argv0test \
 	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
@@ -301,7 +302,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		tst-unique1mod1 tst-unique1mod2 \
 		tst-unique2mod1 tst-unique2mod2 \
 		tst-auditmod9a tst-auditmod9b \
-		tst-auditmod18 \
+		tst-auditmod18 tst-auditmod19 \
 		$(if $(CXX),tst-unique3lib tst-unique3lib2 tst-unique4lib \
 		  tst-nodelete-uniquemod tst-nodelete-rtldmod \
 		  tst-nodelete-zmod \
@@ -1507,6 +1508,9 @@ tst-audit17-ENV = LD_AUDIT=$(objpfx)tst-auditmod17.so
 $(objpfx)tst-audit18.out: $(objpfx)tst-auditmod18.so
 tst-audit18-ENV = LD_AUDIT=$(objpfx)tst-auditmod18.so
 
+$(objpfx)tst-audit19.out: $(objpfx)tst-auditmod19.so
+tst-audit19-ENV = LD_AUDIT=$(objpfx)tst-auditmod19.so
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \
diff --git a/elf/dl-open.c b/elf/dl-open.c
index 218a8312a3..b771cbcb41 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -898,8 +898,6 @@ no more namespaces available for dlmopen()"));
 	     the flag here.  */
 	}
 
-      assert (_dl_debug_initialize (0, args.nsid)->r_state == RT_CONSISTENT);
-
       /* Release the lock.  */
       __rtld_lock_unlock_recursive (GL(dl_load_lock));
 
diff --git a/elf/tst-audit19.c b/elf/tst-audit19.c
new file mode 100644
index 0000000000..6f39ccee86
--- /dev/null
+++ b/elf/tst-audit19.c
@@ -0,0 +1,25 @@
+/* Check dlopen failure on audit modules.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+static int
+do_test (void)
+{
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-auditmod19.c b/elf/tst-auditmod19.c
new file mode 100644
index 0000000000..c57e50ee4e
--- /dev/null
+++ b/elf/tst-auditmod19.c
@@ -0,0 +1,57 @@
+/* Check dlopen failure on audit modules.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <dlfcn.h>
+#include <link.h>
+#include <stdlib.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  return LAV_CURRENT;
+}
+
+static void
+check (void)
+{
+  {
+    void *mod = dlopen ("nonexistent.so", RTLD_NOW);
+    if (mod != NULL)
+      abort ();
+  }
+
+  {
+    void *mod = dlmopen (LM_ID_BASE, "nonexistent.so", RTLD_NOW);
+    if (mod != NULL)
+      abort ();
+  }
+}
+
+void
+la_activity (uintptr_t *cookie, unsigned int flag)
+{
+  if (flag != LA_ACT_CONSISTENT)
+    return;
+  check ();
+}
+
+void
+la_preinit (uintptr_t *cookie)
+{
+  check ();
+}
-- 
2.30.2

[PATCH v2 5/6] elf: Suppress audit calls when a (new) namespace is empty (BZ #28062)

[Adhemerval Zanella via Libc-alpha]

From: Vivek Das Mohapatra <vivek@collabora.com>

For a new Lmid_t the namespace link_map list are empty, so it requires
to check if before using it.  This can happen for when audit module
is used along with dlmopen.

Checked on x86_64-linux-gnu.

Co-authored-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
---
 elf/Makefile         |   7 ++-
 elf/dl-load.c        |   7 ++-
 elf/tst-audit20.c    | 128 +++++++++++++++++++++++++++++++++++++++++++
 elf/tst-audit20mod.c |  26 +++++++++
 elf/tst-auditmod20.c |  73 ++++++++++++++++++++++++
 5 files changed, 238 insertions(+), 3 deletions(-)
 create mode 100644 elf/tst-audit20.c
 create mode 100644 elf/tst-audit20mod.c
 create mode 100644 elf/tst-auditmod20.c

diff --git a/elf/Makefile b/elf/Makefile
index 7f460545bb..c429023b66 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -220,7 +220,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-dlopenfail-2 \
 	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
 	 tst-audit14 tst-audit15 tst-audit16 tst-audit17 tst-audit18 \
-	 tst-audit19 \
+	 tst-audit19 tst-audit20 \
 	 tst-single_threaded tst-single_threaded-pthread \
 	 tst-tls-ie tst-tls-ie-dlmopen argv0test \
 	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
@@ -303,6 +303,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		tst-unique2mod1 tst-unique2mod2 \
 		tst-auditmod9a tst-auditmod9b \
 		tst-auditmod18 tst-auditmod19 \
+		tst-auditmod20 tst-audit20mod \
 		$(if $(CXX),tst-unique3lib tst-unique3lib2 tst-unique4lib \
 		  tst-nodelete-uniquemod tst-nodelete-rtldmod \
 		  tst-nodelete-zmod \
@@ -1511,6 +1512,10 @@ tst-audit18-ENV = LD_AUDIT=$(objpfx)tst-auditmod18.so
 $(objpfx)tst-audit19.out: $(objpfx)tst-auditmod19.so
 tst-audit19-ENV = LD_AUDIT=$(objpfx)tst-auditmod19.so
 
+$(objpfx)tst-audit20.out: $(objpfx)tst-auditmod20.so \
+			  $(objpfx)tst-audit20mod.so
+tst-audit20-ARGS = -- $(host-test-program-cmd)
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 650e4edc35..433a59191a 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1062,8 +1062,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
 	  && __glibc_unlikely (GLRO(dl_naudit) > 0))
 	{
 	  struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
-	  /* Do not call the functions for any auditing object.  */
-	  if (head->l_auditing == 0)
+	  /* Do not call the functions for any auditing object and also do not
+	     try to call auditing functions if the namespace is currently
+	     empty.  This happens when opening the first DSO in a new
+	     namespace.  */
+	  if (head != NULL && head->l_auditing == 0)
 	    {
 	      struct audit_ifaces *afct = GLRO(dl_audit);
 	      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
diff --git a/elf/tst-audit20.c b/elf/tst-audit20.c
new file mode 100644
index 0000000000..5c5d42b723
--- /dev/null
+++ b/elf/tst-audit20.c
@@ -0,0 +1,128 @@
+/* Check DT_AUDIT with dlmopen.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <array_length.h>
+#include <getopt.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <gnu/lib-names.h>
+#include <support/capture_subprocess.h>
+#include <support/check.h>
+#include <support/xdlfcn.h>
+#include <support/xstdio.h>
+#include <support/support.h>
+
+static int restart;
+#define CMDLINE_OPTIONS \
+  { "restart", no_argument, &restart, 1 },
+
+static int
+handle_restart (void)
+{
+  {
+    void *h = xdlmopen (LM_ID_NEWLM, LIBC_SO, RTLD_NOW);
+
+    pid_t (*s)(void) = xdlsym (h, "getpid");
+    TEST_COMPARE (s (), getpid ());
+
+    xdlclose (h);
+  }
+
+  {
+    void *h = xdlmopen (LM_ID_NEWLM, "tst-audit20mod.so", RTLD_NOW);
+
+    int (*foo)(void) = xdlsym (h, "foo");
+    TEST_COMPARE (foo (), 10);
+
+    xdlclose (h);
+  }
+
+  return 0;
+}
+
+static int
+do_test (int argc, char *argv[])
+{
+  /* We must have either:
+     - One our fource parameters left if called initially:
+       + path to ld.so         optional
+       + "--library-path"      optional
+       + the library path      optional
+       + the application name  */
+
+  if (restart)
+    return handle_restart ();
+
+  char *spargv[9];
+  int i = 0;
+  for (; i < argc - 1; i++)
+    spargv[i] = argv[i + 1];
+  spargv[i++] = (char *) "--direct";
+  spargv[i++] = (char *) "--restart";
+  spargv[i] = NULL;
+
+  setenv ("LD_AUDIT", "tst-auditmod20.so", 0);
+  struct support_capture_subprocess result
+    = support_capture_subprogram (spargv[0], spargv);
+  support_capture_subprocess_check (&result, "tst-audit20", 0, sc_allow_stderr);
+
+  struct
+  {
+    const char *name;
+    bool found;
+  } audit_iface[] =
+  {
+    { "la_version", false },
+    { "la_objsearch", false },
+    { "la_activity", false },
+    { "la_objopen", false },
+    { "la_objclose", false },
+    { "la_preinit", false },
+#if __WORDSIZE == 32
+    { "la_symbind32", false },
+#elif __WORDSIZE == 64
+    { "la_symbind64", false },
+#endif
+  };
+
+  /* Some hooks are called more than once but it only checkis if they are
+     called at least once.  */
+  FILE *out = fmemopen (result.err.buffer, result.err.length, "r");
+  TEST_VERIFY (out != NULL);
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  while (xgetline (&buffer, &buffer_length, out)) {
+    for (int i = 0; i < array_length (audit_iface); i++)
+      if (strncmp (buffer, audit_iface[i].name,
+		   strlen (audit_iface[i].name)) == 0)
+	audit_iface[i].found = true;
+  }
+  free (buffer);
+  xfclose (out);
+
+  for (int i = 0; i < array_length (audit_iface); i++)
+    TEST_COMPARE (audit_iface[i].found, true);
+
+  support_capture_subprocess_free (&result);
+
+  return 0;
+}
+
+#define TEST_FUNCTION_ARGV do_test
+#include <support/test-driver.c>
diff --git a/elf/tst-audit20mod.c b/elf/tst-audit20mod.c
new file mode 100644
index 0000000000..f229c4139b
--- /dev/null
+++ b/elf/tst-audit20mod.c
@@ -0,0 +1,26 @@
+/* Check DT_AUDIT with dlmopen.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <fcntl.h>
+#include <gnu/lib-names.h>
+
+int
+foo (void)
+{
+  return 10;
+}
diff --git a/elf/tst-auditmod20.c b/elf/tst-auditmod20.c
new file mode 100644
index 0000000000..182992e9fd
--- /dev/null
+++ b/elf/tst-auditmod20.c
@@ -0,0 +1,73 @@
+/* Check DT_AUDIT with dlmopen.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdio.h>
+#include <link.h>
+
+unsigned int
+la_version (unsigned int version)
+{
+  fprintf (stderr, "%s\n", __func__);
+  return LAV_CURRENT;
+}
+
+char *
+la_objsearch (const char *name, uintptr_t *cookie, unsigned int flag)
+{
+  fprintf (stderr, "%s\n", __func__);
+  return (char *) name;
+}
+
+void
+la_activity (uintptr_t *cookie, unsigned int flag)
+{
+  fprintf (stderr, "%s\n", __func__);
+}
+
+unsigned int
+la_objopen (struct link_map *map, Lmid_t lmid, uintptr_t *cookie)
+{
+  fprintf (stderr, "%s\n", __func__);
+  return LA_FLG_BINDTO | LA_FLG_BINDFROM;
+}
+
+unsigned int
+la_objclose (uintptr_t *cookie)
+{
+  fprintf (stderr, "%s\n", __func__);
+  return 0;
+}
+
+void
+la_preinit (uintptr_t *cookie)
+{
+  fprintf (stderr, "%s\n", __func__);
+}
+
+uintptr_t
+#if __ELF_NATIVE_CLASS == 32
+la_symbind32 (Elf32_Sym *sym, unsigned int ndx, uintptr_t *refcook,
+              uintptr_t *defcook, unsigned int *flags, const char *symname)
+#else
+la_symbind64 (Elf64_Sym *sym, unsigned int ndx, uintptr_t *refcook,
+              uintptr_t *defcook, unsigned int *flags, const char *symname)
+#endif
+{
+  fprintf (stderr, "%s\n", __func__);
+  return sym->st_value;
+}
-- 
2.30.2

[PATCH v2 6/6] elf: Fix initial-exec TLS access on audit modules (BZ #28096)

[Adhemerval Zanella via Libc-alpha]

For ldaudit modules or dependencies with initial-exec TLS, we can not
set the initial TLS image on default loader initialization because it
would already be set by the ldaudit setup.  However, subsequent thread
creation would need to follow the default behaviour.

This patch fixes by making_dl_new_object() sets a new link_map flag
'l_dont_set_tls_static' only for __RTLD_AUDIT modules.  The flag is
later reset on _dl_allocate_tls_init().

Checked on x86_64-linux-gnu.
---
 elf/Makefile         |  6 +++-
 elf/dl-object.c      |  3 ++
 elf/dl-tls.c         | 16 +++++++---
 elf/rtld.c           |  2 ++
 elf/tst-audit21.c    | 42 +++++++++++++++++++++++++++
 elf/tst-auditmod21.c | 69 ++++++++++++++++++++++++++++++++++++++++++++
 include/link.h       |  2 ++
 7 files changed, 135 insertions(+), 5 deletions(-)
 create mode 100644 elf/tst-audit21.c
 create mode 100644 elf/tst-auditmod21.c

diff --git a/elf/Makefile b/elf/Makefile
index c429023b66..498c4dc3b9 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -220,7 +220,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-dlopenfail-2 \
 	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
 	 tst-audit14 tst-audit15 tst-audit16 tst-audit17 tst-audit18 \
-	 tst-audit19 tst-audit20 \
+	 tst-audit19 tst-audit20 tst-audit21 \
 	 tst-single_threaded tst-single_threaded-pthread \
 	 tst-tls-ie tst-tls-ie-dlmopen argv0test \
 	 tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \
@@ -304,6 +304,7 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		tst-auditmod9a tst-auditmod9b \
 		tst-auditmod18 tst-auditmod19 \
 		tst-auditmod20 tst-audit20mod \
+		tst-auditmod21 \
 		$(if $(CXX),tst-unique3lib tst-unique3lib2 tst-unique4lib \
 		  tst-nodelete-uniquemod tst-nodelete-rtldmod \
 		  tst-nodelete-zmod \
@@ -1516,6 +1517,9 @@ $(objpfx)tst-audit20.out: $(objpfx)tst-auditmod20.so \
 			  $(objpfx)tst-audit20mod.so
 tst-audit20-ARGS = -- $(host-test-program-cmd)
 
+$(objpfx)tst-audit21.out: $(objpfx)tst-auditmod21.so
+tst-audit21-ENV = LD_AUDIT=$(objpfx)tst-auditmod21.so
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \
diff --git a/elf/dl-object.c b/elf/dl-object.c
index 1875599eb2..eb2158a84b 100644
--- a/elf/dl-object.c
+++ b/elf/dl-object.c
@@ -175,6 +175,9 @@ _dl_new_object (char *realname, const char *libname, int type,
 
   new->l_local_scope[0] = &new->l_searchlist;
 
+  if (mode & __RTLD_AUDIT)
+    new->l_dont_set_tls_static = 1;
+
   /* Determine the origin.  If allocating the link map for the main
      executable, the realname is not known and "".  In this case, the
      origin needs to be determined by other means.  However, in case
diff --git a/elf/dl-tls.c b/elf/dl-tls.c
index 423e380f7c..4763fdb856 100644
--- a/elf/dl-tls.c
+++ b/elf/dl-tls.c
@@ -593,10 +593,18 @@ _dl_allocate_tls_init (void *result)
 	     some platforms use in static programs requires it.  */
 	  dtv[map->l_tls_modid].pointer.val = dest;
 
-	  /* Copy the initialization image and clear the BSS part.  */
-	  memset (__mempcpy (dest, map->l_tls_initimage,
-			     map->l_tls_initimage_size), '\0',
-		  map->l_tls_blocksize - map->l_tls_initimage_size);
+	  /* Copy the initialization image and clear the BSS part.  For
+	     ldaudit modules or depedencies with initial-exec TLS, we can not
+	     set the initial TLS image on default loader initialization
+	     because it would already be set by the ldaudit setup.  However,
+	     subsequent thread creation would need to follow the default
+	     behaviour.   */
+	  if (__glibc_unlikely (!map->l_dont_set_tls_static))
+	    memset (__mempcpy (dest, map->l_tls_initimage,
+			       map->l_tls_initimage_size), '\0',
+		    map->l_tls_blocksize - map->l_tls_initimage_size);
+	  else
+	    map->l_dont_set_tls_static = 0;
 	}
 
       total += cnt;
diff --git a/elf/rtld.c b/elf/rtld.c
index 374bf86a69..1312378b5f 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -1053,6 +1053,8 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d);
 
   /* Mark the DSO as being used for auditing.  */
   dlmargs.map->l_auditing = 1;
+  /* Mark the DSO to not clear the TLS bss in tls initialization.  */
+  dlmargs.map->l_dont_set_tls_static = 1;
 }
 
 /* Notify the the audit modules that the object MAP has already been
diff --git a/elf/tst-audit21.c b/elf/tst-audit21.c
new file mode 100644
index 0000000000..7f4996d66f
--- /dev/null
+++ b/elf/tst-audit21.c
@@ -0,0 +1,42 @@
+/* Check DT_AUDIT with static TLS.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <ctype.h>
+#include <support/xthread.h>
+#include <support/check.h>
+
+static volatile __thread int out __attribute__ ((tls_model ("initial-exec")));
+
+static void *
+tf (void *)
+{
+  TEST_COMPARE (out, 0);
+  out = isspace (' ');
+  return NULL;
+}
+
+int main (int argc, char *argv[])
+{
+  TEST_COMPARE (out, 0);
+  out = isspace (' ');
+
+  pthread_t t = xpthread_create (NULL, tf, NULL);
+  xpthread_join (t);
+
+  return 0;
+}
diff --git a/elf/tst-auditmod21.c b/elf/tst-auditmod21.c
new file mode 100644
index 0000000000..e6248622f4
--- /dev/null
+++ b/elf/tst-auditmod21.c
@@ -0,0 +1,69 @@
+/* Check DT_AUDIT with static TLS.
+   Copyright (C) 2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <link.h>
+
+#define tls_ie __attribute__ ((tls_model ("initial-exec")))
+
+__thread int tls_var0 tls_ie;
+__thread int tls_var1 tls_ie = 0x10;
+
+static volatile int out;
+
+static void
+call_libc (void)
+{
+  /* isspace() access the initial-exec glibc TLS variables, which are
+     setup in glibc initialization.  */
+  out = isspace (' ');
+}
+
+unsigned int
+la_version (unsigned int v)
+{
+  tls_var0 = 0x1;
+  if (tls_var1 != 0x10)
+    abort ();
+  tls_var1 = 0x20;
+  call_libc ();
+  return LAV_CURRENT;
+}
+
+unsigned int
+la_objopen (struct link_map* map, Lmid_t lmid, uintptr_t* cookie)
+{
+  call_libc ();
+  *cookie = (uintptr_t) map;
+  return 0;
+}
+
+void
+la_activity (uintptr_t* cookie, unsigned int flag)
+{
+  if (tls_var0 != 0x1 || tls_var1 != 0x20)
+    abort ();
+  call_libc ();
+}
+
+void
+la_preinit (uintptr_t* cookie)
+{
+  call_libc ();
+}
diff --git a/include/link.h b/include/link.h
index ebd0f511e2..aca6fa58dc 100644
--- a/include/link.h
+++ b/include/link.h
@@ -190,6 +190,8 @@ struct link_map
     unsigned int l_need_tls_init:1; /* Nonzero if GL(dl_init_static_tls)
 				       should be called on this link map
 				       when relocation finishes.  */
+    unsigned int l_dont_set_tls_static:1; /* Non zero if static TLS setup should
+					     not be initialized.  */
     unsigned int l_auditing:1;	/* Nonzero if the DSO is used in auditing.  */
     unsigned int l_audit_any_plt:1; /* Nonzero if at least one audit module
 				       is interested in the PLT interception.*/
-- 
2.30.2

Re: [PATCH v2 2/6] elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)

[Alexander Monakov via Libc-alpha]

On Mon, 19 Jul 2021, Adhemerval Zanella via Libc-alpha wrote:

> The rtld-audit interfaces introduces a slowdown due to enabling profiling

"interface" (my original message had "using the audit interfaces introduces").

> instrumentation (as if LD_AUDIT implied LD_PROFILE).  However, instrumenting
> is only necessary if one of audit libraries provides PLT (la_plt{enter,exit}
> symbols).  Otherwise, the slowdown can be avoided.
> 
> The following patch adjusts the logic that enables profiling to iterate
> over all audit modules and check if any of those provides a PLT hook.
> 
> Co-authored-by: Alexander Monakov <amonakov@ispras.dot.ru>

Please use my correct email here and in the Cc list (it's ispras.ru, not
ispras.dot.ru).

> ---
>  NEWS                 |  4 ++++
>  elf/Makefile         |  6 +++++-
>  elf/dl-reloc.c       | 12 +++++++++++-
>  elf/rtld.c           |  8 +-------
>  elf/tst-audit18.c    | 39 +++++++++++++++++++++++++++++++++++++++
>  elf/tst-auditmod18.c | 24 ++++++++++++++++++++++++
>  include/link.h       |  2 ++
>  7 files changed, 86 insertions(+), 9 deletions(-)
>  create mode 100644 elf/tst-audit18.c
>  create mode 100644 elf/tst-auditmod18.c
> 
> diff --git a/NEWS b/NEWS
> index 13ffe627da..8fde312ec6 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -76,6 +76,10 @@ Major new features:
>    equal to a giver integer.  This function is a GNU extension, although
>    Solaris also provides a similar function.
>  
> +* The audit libraries will avoid unnecessary slowdown if it is not required

"required for" or "... by"?

> +  either PLT tracking or symbol binding profiling (enabled with LA_FLG_BINDFROM
> +  or LA_FLG_BINDTO from la_objopen() callback).

It seems the part about binding needs to be updated, because the commit message
and the patch itself does not change anything for binding hooks? My
understanding always was that no change is necessary w.r.t la_symbind
callbacks: the loader invokes them when doing symbol resolution, and presence
of PLT does not matter.

Alexander

Re: [PATCH v2 2/6] elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)

[Adhemerval Zanella via Libc-alpha]

On 20/07/2021 05:31, Alexander Monakov wrote:
> On Mon, 19 Jul 2021, Adhemerval Zanella via Libc-alpha wrote:
> 
>> The rtld-audit interfaces introduces a slowdown due to enabling profiling
> 
> "interface" (my original message had "using the audit interfaces introduces").
> 
>> instrumentation (as if LD_AUDIT implied LD_PROFILE).  However, instrumenting
>> is only necessary if one of audit libraries provides PLT (la_plt{enter,exit}
>> symbols).  Otherwise, the slowdown can be avoided.
>>
>> The following patch adjusts the logic that enables profiling to iterate
>> over all audit modules and check if any of those provides a PLT hook.
>>
>> Co-authored-by: Alexander Monakov <amonakov@ispras.dot.ru>
> 
> Please use my correct email here and in the Cc list (it's ispras.ru, not
> ispras.dot.ru).

Ack, I used the one on previous submission. I will update with the correct
one

> 
>> ---
>>  NEWS                 |  4 ++++
>>  elf/Makefile         |  6 +++++-
>>  elf/dl-reloc.c       | 12 +++++++++++-
>>  elf/rtld.c           |  8 +-------
>>  elf/tst-audit18.c    | 39 +++++++++++++++++++++++++++++++++++++++
>>  elf/tst-auditmod18.c | 24 ++++++++++++++++++++++++
>>  include/link.h       |  2 ++
>>  7 files changed, 86 insertions(+), 9 deletions(-)
>>  create mode 100644 elf/tst-audit18.c
>>  create mode 100644 elf/tst-auditmod18.c
>>
>> diff --git a/NEWS b/NEWS
>> index 13ffe627da..8fde312ec6 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -76,6 +76,10 @@ Major new features:
>>    equal to a giver integer.  This function is a GNU extension, although
>>    Solaris also provides a similar function.
>>  
>> +* The audit libraries will avoid unnecessary slowdown if it is not required
> 
> "required for" or "... by"?
> 
>> +  either PLT tracking or symbol binding profiling (enabled with LA_FLG_BINDFROM
>> +  or LA_FLG_BINDTO from la_objopen() callback).
> 
> It seems the part about binding needs to be updated, because the commit message
> and the patch itself does not change anything for binding hooks? My
> understanding always was that no change is necessary w.r.t la_symbind
> callbacks: the loader invokes them when doing symbol resolution, and presence
> of PLT does not matter.

The NEWS entry needs update indeed.  For 'la_symbind', I was trying to handle a
different issue which in turn made this very change ineffective (issue la_symbind
for bind-now).  My plan is to address it in a different patch.

Re: [PATCH v2 0/6] Some rtld-audit fixes

[Michael Hudson-Doyle via Libc-alpha]

On Tue, 20 Jul 2021 at 02:33, Adhemerval Zanella via Libc-alpha <
libc-alpha@sourceware.org> wrote:

> Adhemerval Zanella (5):
>   elf: Fix audit regression
>   elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)
>   elf: Add audit tests for modules with TLSDESC
>   elf: Do not fail for failed dlopem on audit modules (BZ #28061)
>

There is a typo here (dlopem/dlopen)

Cheers,
mwh

Re: [PATCH v2 0/6] Some rtld-audit fixes

[Michael Hudson-Doyle via Libc-alpha]

On Wed, 21 Jul 2021 at 10:09, Michael Hudson-Doyle <
michael.hudson@canonical.com> wrote:

> On Tue, 20 Jul 2021 at 02:33, Adhemerval Zanella via Libc-alpha <
> libc-alpha@sourceware.org> wrote:
>
>> Adhemerval Zanella (5):
>>   elf: Fix audit regression
>>   elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)
>>   elf: Add audit tests for modules with TLSDESC
>>   elf: Do not fail for failed dlopem on audit modules (BZ #28061)
>>
>
> There is a typo here (dlopem/dlopen)
>

Or maybe it's meant to be dlmopen? I don't understand the patch really but
I'm pretty sure it's not meant to be dlopem :)

Re: [PATCH v2 2/6] elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)

[Adhemerval Zanella via Libc-alpha]

On 19/07/2021 11:33, Adhemerval Zanella wrote:

> diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c
> index e13a672ade..2abcfc996f 100644
> --- a/elf/dl-reloc.c
> +++ b/elf/dl-reloc.c
> @@ -181,7 +181,17 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
>  #ifdef SHARED
>    /* If we are auditing, install the same handlers we need for profiling.  */
>    if ((reloc_mode & __RTLD_AUDIT) == 0)
> -    consider_profiling |= GLRO(dl_audit) != NULL;
> +    {
> +      struct audit_ifaces *afct = GLRO(dl_audit);
> +      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
> +	{
> +	  /* Profiling is needed only if PLT hooks are provided.  */
> +	  if (afct->ARCH_LA_PLTENTER != NULL
> +	      || afct->ARCH_LA_PLTEXIT != NULL)
> +	    consider_profiling = 1;
> +	  afct = afct->next;
> +	}
> +    }
>  #elif defined PROF

This is wrong since it disables la_symbind() for lazy resolution
if the audit modules does not provide the plt callbacks as well.
I will update the patch to now call la_symbind() on _dl_fixup() if
la_symbind() is set.

Re: [PATCH v2 1/6] elf: Fix audit regression

[Florian Weimer via Libc-alpha]

* Adhemerval Zanella via Libc-alpha:

> diff --git a/elf/dl-open.c b/elf/dl-open.c
> index d2240d8747..218a8312a3 100644
> --- a/elf/dl-open.c
> +++ b/elf/dl-open.c
> @@ -770,15 +770,7 @@ dl_open_worker (void *a)
>    if (!args->libc_already_loaded)
>      {
>        struct link_map *libc_map = GL(dl_ns)[args->nsid].libc_map;
> -#ifdef SHARED
> -      bool initial = libc_map->l_ns == LM_ID_BASE;
> -#else
> -      /* In the static case, there is only one namespace, but it
> -	 contains a secondary libc (the primary libc is statically
> -	 linked).  */
> -      bool initial = false;
> -#endif
> -      _dl_call_libc_early_init (libc_map, initial);
> +      _dl_call_libc_early_init (libc_map, false);
>      }
>  
>    /* Run the initializer functions of new objects.  Temporarily

Maybe add a comment that dlopen cannot be used to load an initial libc
by design?

Rest of the patch looks good to me.

Thanks,
Florian