glibc.git, branch codonell/ld-audit Unnamed repository; edit this file 'description' to name the repository. Fix elf/tst-audit25a with default bind now toolchains 2022-03-29T21:02:51+00:00 Szabolcs Nagy szabolcs.nagy@arm.com 2022-02-02T14:03:58+00:00 529cfa039a3d287cc94c9efc61afac406cf70e4e This test relies on lazy binding for the executable so request that explicitly in case the toolchain defaults to bind now. (cherry picked from commit 80a08d0faa9b224019f895800c4d97de4e23e1aa) 
This test relies on lazy binding for the executable so request that
explicitly in case the toolchain defaults to bind now.

(cherry picked from commit 80a08d0faa9b224019f895800c4d97de4e23e1aa)
elf: Fix runtime linker auditing on aarch64 (BZ #26643) 2022-03-29T21:02:36+00:00 Ben Woodard woodard@redhat.com 2022-01-24T13:46:18+00:00 b7f913c052ec1349a3f27e2302cc81380f67a218 The rtld audit support show two problems on aarch64: 1. _dl_runtime_resolve does not preserve x8, the indirect result location register, which might generate wrong result calls depending of the function signature. 2. The NEON Q registers pushed onto the stack by _dl_runtime_resolve were twice the size of D registers extracted from the stack frame by _dl_runtime_profile. While 2. might result in wrong information passed on the PLT tracing, 1. generates wrong runtime behaviour. The aarch64 rtld audit support is changed to: * Both La_aarch64_regs and La_aarch64_retval are expanded to include both x8 and the full sized NEON V registers, as defined by the ABI. * dl_runtime_profile needed to extract registers saved by _dl_runtime_resolve and put them into the new correctly sized La_aarch64_regs structure. * The LAV_CURRENT check is change to only accept new audit modules to avoid the undefined behavior of not save/restore x8. * Different than other architectures, audit modules older than LAV_CURRENT are rejected (both La_aarch64_regs and La_aarch64_retval changed their layout and there are no requirements to support multiple audit interface with the inherent aarch64 issues). * A new field is also reserved on both La_aarch64_regs and La_aarch64_retval to support variant pcs symbols. Similar to x86, a new La_aarch64_vector type to represent the NEON register is added on the La_aarch64_regs (so each type can be accessed directly). Since LAV_CURRENT was already bumped to support bind-now, there is no need to increase it again. Checked on aarch64-linux-gnu. Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit ce9a68c57c260c8417afc93972849ac9ad243ec4) Resolved conflicts: NEWS elf/rtld.c 
The rtld audit support show two problems on aarch64:

  1. _dl_runtime_resolve does not preserve x8, the indirect result
      location register, which might generate wrong result calls
      depending of the function signature.

  2. The NEON Q registers pushed onto the stack by _dl_runtime_resolve
     were twice the size of D registers extracted from the stack frame by
     _dl_runtime_profile.

While 2. might result in wrong information passed on the PLT tracing,
1. generates wrong runtime behaviour.

The aarch64 rtld audit support is changed to:

  * Both La_aarch64_regs and La_aarch64_retval are expanded to include
    both x8 and the full sized NEON V registers, as defined by the
    ABI.

  * dl_runtime_profile needed to extract registers saved by
    _dl_runtime_resolve and put them into the new correctly sized
    La_aarch64_regs structure.

  * The LAV_CURRENT check is change to only accept new audit modules
    to avoid the undefined behavior of not save/restore x8.

  * Different than other architectures, audit modules older than
    LAV_CURRENT are rejected (both La_aarch64_regs and La_aarch64_retval
    changed their layout and there are no requirements to support multiple
    audit interface with the inherent aarch64 issues).

  * A new field is also reserved on both La_aarch64_regs and
    La_aarch64_retval to support variant pcs symbols.

Similar to x86, a new La_aarch64_vector type to represent the NEON
register is added on the La_aarch64_regs (so each type can be accessed
directly).

Since LAV_CURRENT was already bumped to support bind-now, there is
no need to increase it again.

Checked on aarch64-linux-gnu.

Co-authored-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit ce9a68c57c260c8417afc93972849ac9ad243ec4)

Resolved conflicts:
	NEWS
	elf/rtld.c
elf: Issue la_symbind for bind-now (BZ #23734) 2022-03-29T21:02:31+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2022-01-24T13:46:17+00:00 1d1466e7c45a557e2426c650d6fab3c1b80162ec The audit symbind callback is not called for binaries built with -Wl,-z,now or when LD_BIND_NOW=1 is used, nor the PLT tracking callbacks (plt_enter and plt_exit) since this would change the expected program semantics (where no PLT is expected) and would have performance implications (such as for BZ#15533). LAV_CURRENT is also bumped to indicate the audit ABI change (where la_symbind flags are set by the loader to indicate no possible PLT trace). To handle powerpc64 ELFv1 function descriptor, _dl_audit_symbind requires to know whether bind-now is used so the symbol value is updated to function text segment instead of the OPD (for lazy binding this is done by PPC64_LOAD_FUNCPTR on _dl_runtime_resolve). Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, powerpc64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 32612615c58b394c3eb09f020f31310797ad3854) Resolved conflicts: NEWS 
The audit symbind callback is not called for binaries built with
-Wl,-z,now or when LD_BIND_NOW=1 is used, nor the PLT tracking callbacks
(plt_enter and plt_exit) since this would change the expected
program semantics (where no PLT is expected) and would have performance
implications (such as for BZ#15533).

LAV_CURRENT is also bumped to indicate the audit ABI change (where
la_symbind flags are set by the loader to indicate no possible PLT
trace).

To handle powerpc64 ELFv1 function descriptor, _dl_audit_symbind
requires to know whether bind-now is used so the symbol value is
updated to function text segment instead of the OPD (for lazy binding
this is done by PPC64_LOAD_FUNCPTR on _dl_runtime_resolve).

Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
powerpc64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 32612615c58b394c3eb09f020f31310797ad3854)

Resolved conflicts:
	NEWS
elf: Move LAV_CURRENT to link_lavcurrent.h 2022-03-29T21:02:26+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2021-07-29T14:13:57+00:00 e798a21fef1571bde6a3db549c68e33a5d781a3e No functional change. (cherry picked from commit 54816ae98d57930b7c945f17485714a5574bfe47) Resolved conflicts: elf/Makefile 
No functional change.

(cherry picked from commit 54816ae98d57930b7c945f17485714a5574bfe47)

Resolved conflicts:
	elf/Makefile
elf: Fix initial-exec TLS access on audit modules (BZ #28096) 2022-03-29T21:02:24+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2022-01-24T13:46:16+00:00 faedaa0f9a802820fb0f04e9d568db1e15326213 For audit modules and dependencies with initial-exec TLS, we can not set the initial TLS image on default loader initialization because it would already be set by the audit setup. However, subsequent thread creation would need to follow the default behaviour. This patch fixes it by setting l_auditing link_map field not only for the audit modules, but also for all its dependencies. This is used on _dl_allocate_tls_init to avoid the static TLS initialization at load time. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 254d3d5aef2fd8430c469e1938209ac100ebf132) 
For audit modules and dependencies with initial-exec TLS, we can not
set the initial TLS image on default loader initialization because it
would already be set by the audit setup.  However, subsequent thread
creation would need to follow the default behaviour.

This patch fixes it by setting l_auditing link_map field not only
for the audit modules, but also for all its dependencies.  This is
used on _dl_allocate_tls_init to avoid the static TLS initialization
at load time.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 254d3d5aef2fd8430c469e1938209ac100ebf132)
elf: Do not fail for failed dlmopen on audit modules (BZ #28061) 2022-03-29T21:02:19+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2021-06-30T20:33:57+00:00 b8d11f955108dc1d444538dc31ef64c18d0142fc The dl_main sets the LM_ID_BASE to RT_ADD just before starting to add load new shared objects. The state is set to RT_CONSISTENT just after all objects are loaded. However if a audit modules tries to dlmopen an inexistent module, the _dl_open will assert that the namespace is in an inconsistent state. This is different than dlopen, since first it will not use LM_ID_BASE and second _dl_map_object_from_fd is the sole responsible to set and reset the r_state value. So the assert on _dl_open can not really be seen if the state is consistent, since _dt_main resets it. This patch removes the assert. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit 484e672ddabe0a919a692520e6ac8f2580866235) Resolved conflicts: elf/Makefile elf/dl-open.c 
The dl_main sets the LM_ID_BASE to RT_ADD just before starting to
add load new shared objects.  The state is set to RT_CONSISTENT just
after all objects are loaded.

However if a audit modules tries to dlmopen an inexistent module,
the _dl_open will assert that the namespace is in an inconsistent
state.

This is different than dlopen, since first it will not use
LM_ID_BASE and second _dl_map_object_from_fd is the sole responsible
to set and reset the r_state value.

So the assert on _dl_open can not really be seen if the state is
consistent, since _dt_main resets it.  This patch removes the assert.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 484e672ddabe0a919a692520e6ac8f2580866235)

Resolved conflicts:
	elf/Makefile
	elf/dl-open.c
elf: Add la_activity during application exit 2022-03-29T21:02:17+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2022-01-24T13:46:15+00:00 6c5ae7503196ce36bc7831309eabc972cc98fc4b la_activity is not called during application exit, even though la_objclose is. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 5fa11a2bc94c912c3b25860065086902674537ba) 
la_activity is not called during application exit, even though
la_objclose is.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 5fa11a2bc94c912c3b25860065086902674537ba)
elf: Issue audit la_objopen for vDSO 2022-03-29T21:02:12+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2021-07-19T21:42:26+00:00 e206033c278ad5bab6f5e15e5aecf761153c73ae The vDSO is is listed in the link_map chain, but is never the subject of an la_objopen call. A new internal flag __RTLD_VDSO is added that acts as __RTLD_OPENEXEC to allocate the required 'struct auditstate' extra space for the 'struct link_map'. The return value from the callback is currently ignored, since there is no PLT call involved by glibc when using the vDSO, neither the vDSO are exported directly. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit f0e23d34a7bdf6b90fba954ee741419171ac41b2) Resolved conflicts: elf/Makefile 
The vDSO is is listed in the link_map chain, but is never the subject of
an la_objopen call.  A new internal flag __RTLD_VDSO is added that
acts as __RTLD_OPENEXEC to allocate the required 'struct auditstate'
extra space for the 'struct link_map'.

The return value from the callback is currently ignored, since there
is no PLT call involved by glibc when using the vDSO, neither the vDSO
are exported directly.

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit f0e23d34a7bdf6b90fba954ee741419171ac41b2)

Resolved conflicts:
	elf/Makefile
elf: Add audit tests for modules with TLSDESC 2022-03-29T21:02:08+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2021-06-30T18:51:31+00:00 3723319805aadcc4aa550bd23b9823db17a1550d Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit d1b38173c9255b1a4ae00018ad9b35404a7c74d0) 
Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit d1b38173c9255b1a4ae00018ad9b35404a7c74d0)
elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) 2022-03-29T21:02:03+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2021-06-30T13:24:09+00:00 09c5dcf73b40e69a3dae97b6f98007797ad263eb The rtld-audit interfaces introduces a slowdown due to enabling profiling instrumentation (as if LD_AUDIT implied LD_PROFILE). However, instrumenting is only necessary if one of audit libraries provides PLT callbacks (la_pltenter or la_pltexit symbols). Otherwise, the slowdown can be avoided. The following patch adjusts the logic that enables profiling to iterate over all audit modules and check if any of those provides a PLT hook. To keep la_symbind to work even without PLT callbacks, _dl_fixup now calls the audit callback if the modules implements it. Co-authored-by: Alexander Monakov <amonakov@ispras.ru> Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Florian Weimer <fweimer@redhat.com> (cherry picked from commit 063f9ba220f434c7f30dd65c4cff17c0c458a7cf) Resolved conflicts: NEWS elf/Makefile 
The rtld-audit interfaces introduces a slowdown due to enabling
profiling instrumentation (as if LD_AUDIT implied LD_PROFILE).
However, instrumenting is only necessary if one of audit libraries
provides PLT callbacks (la_pltenter or la_pltexit symbols).  Otherwise,
the slowdown can be avoided.

The following patch adjusts the logic that enables profiling to iterate
over all audit modules and check if any of those provides a PLT hook.
To keep la_symbind to work even without PLT callbacks, _dl_fixup now
calls the audit callback if the modules implements it.

Co-authored-by: Alexander Monakov <amonakov@ispras.ru>

Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 063f9ba220f434c7f30dd65c4cff17c0c458a7cf)

Resolved conflicts:
	NEWS
	elf/Makefile