Extend la_objopen in ldso auditing API

1. Proposal

Add a new flag to the return value of the la_objopen() function in the ld_audit interface. This flag would be named something like LA_FLG_ONCEPLT and its purpose would be to instruct the dynamic linker to finalize the the binding of the symbol in the PLT and to suspend auditing for the relocation of the procedure after it has been been resolved rather than continuing to provide the option for the audit subsystem to provide a new version of the function at each and every invocation of the function. Problem

Currently, the dynamic linker's audit API function la_objopen() only provides two possible flag in its return value LA_FLG_BINDTO and LA_FLG_BINDFROM. If either of these flags are returned from la_objopen() then the relocation is never finalized and each and every invocation of the functions from that library will call the audit API's functions la_pltenter() and la_pltexit(). This is a useful capability because it can be used to return different functions at different times. e.g. a faulty vs reliable malloc() for testing. However, to accomplish this the relocations are never finalized. This introduces unnecessary extra runtime overhead on each inter library call.

Secondly, a non-zero return value from la_objopen() also enables some code originally designed for profiling. This code creates a table which stores the destination of the utilized symbols. This table unnecessarily consumes memory. When the applications have a large number of inter-library function relocations the amount of memory consumed can be quite substantial and can impact application performance.

2. Solution

By adding a flag in the return value of la_objopen() which signifies to the dynamic linker that the normal lazy symbol resolution in the PLT can proceed after one audited pass through la_pltenter() we can avoid most of the extra runtime overhead incurred by using the audit API. And since this flag disables the ability to audit subsequent inter-library function calls, allocating a table to count the destinations of those relocations is not needed. Therefore, no additional memory is consumed and application performance is not impacted.

3. Backward compatibility

There are no known backward compatibility impacts. la_objopen() returns an unsigned int which is at least 32 bits but currently only two of those bits are consumed. Adding a third possible bit will not impact code which currently makes use of the audit API.

la_version() will need to have its version number incremented by one to signify that a new version of the interface is available. Applications, which are unfamiliar with the new API version can return the previous version of the audit API which they are familiar with.

4. Forward compatibility

If an audit library ignores the audit version and returns LA_FLG_ONCEPLT, it must by definition be passed along with at least one of the LA_FLG_BIND* flags and therefore older versions of the audit API will continue to function correctly even if there is a unknown flag in the return code. It will just consume more memory and have additional overhead calling inter-library functions. If additional forward compatibility protection is required in older versions of glibc, the few places in the dynamic linker that call la_objopen() can simply mask out unknown bits.

5. Documentation

The RTLD-AUDIT(7) man page will have the following text added to its description of the la_objopen() function:

LA_FLG_ONCEPLT Provide normal lazy object relocation resolution for symbols in this object. LA_FLG_ONCEPLT can only be used in conjunction with LA_FLG_BINDTO and LA_FLG_BINDFROM. Note: la_pltenter() will only be called once for each symbol.

Currently the man page also specifies that la_objopen() should return 0 if it isn't interested in auditing symbols from that object. This should be made explicit and a new flag should be declared.

LA_FLG_NOBIND Should be returned if there is no interest in auditing symbols from that object. Currently this symbol is synonymous with 0.

None: Proposals/AuditFlag (last edited 2015-10-21 16:03:21 by MikeFrysinger)