This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] [BZ #18422] elf/tst-audit tests fail without PLT entries

From: "Carlos O'Donell" <carlos at redhat dot com>
To: "H.J. Lu" <hjl dot tools at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>, Florian Weimer <fweimer at redhat dot com>, Adam Conrad <adconrad at 0c3 dot net>, Aurelien Jarno <aurelien at aurel32 dot net>, Andreas Schwab <schwab at suse dot de>
Cc: Jeff Law <law at redhat dot com>
Date: Sat, 23 May 2015 23:37:01 -0400
Subject: Re: [PATCH] [BZ #18422] elf/tst-audit tests fail without PLT entries
Authentication-results: sourceware.org; auth=none
References: <20150523131408 dot GA18203 at gmail dot com>

On 05/23/2015 09:14 AM, H.J. Lu wrote:
> Since ld.so is built with -z now, there are no PLT relocations and this
> calloc won't be used:

Which is bad. We always want these functions to be interposable by all
of the analysis tools that want and need to track memory allocations.
Thus it is not just the test that matters.

> Relocation section '.rela.dyn' at offset 0x66c contains 16 entries:
>  Offset     Info    Type            Sym.Value  Sym. Name + Addend
> 00222e88  00000008 R_X86_64_RELATIVE            10970
> 00222e8c  00000008 R_X86_64_RELATIVE            f8f0
> 00222e90  00000008 R_X86_64_RELATIVE            f6c0
> 00222e94  00000008 R_X86_64_RELATIVE            11bd0
> 00222e98  00000008 R_X86_64_RELATIVE            a1b0
> 00222e9c  00000008 R_X86_64_RELATIVE            130c0
> 00222ea0  00000008 R_X86_64_RELATIVE            13c50
> 00222ea4  00000008 R_X86_64_RELATIVE            15fc0
> 00222ea8  00000008 R_X86_64_RELATIVE            12cd0
> 00222eac  00000008 R_X86_64_RELATIVE            17f90
> 00222fbc  00000a06 R_X86_64_GLOB_DAT 00018230	__libc_memalign@@GLIBC_2.16 + 0
> 00222fc4  00001506 R_X86_64_GLOB_DAT 00018300   malloc@@GLIBC_2.16 + 0
> 00222fcc  00000d06 R_X86_64_GLOB_DAT 00018310   calloc@@GLIBC_2.16 + 0
> 00222fd4  00000506 R_X86_64_GLOB_DAT 000184a0   realloc@@GLIBC_2.16 + 0
> 00222fdc  00000706 R_X86_64_GLOB_DAT 002239a0   _r_debug@@GLIBC_2.16 + 0
> 00222fe4  00000406 R_X86_64_GLOB_DAT 00018340   free@@GLIBC_2.16 + 0

Doesn't this also cause check-localplt to fail for ld.so given
that calloc and others are no longer R_X86_64_JUMP_SLOT?

> Assuming we do want to keep PLT relocations in ld.so so that malloc
> functions in ld.so can be overridden, ld.so should be built with -z now.
> There is no reason to build ld.so with -z now since ld.so is the one
> doing BIND_NOW.  The only thing we get with -z now on ld.so is DT tag:
> 
>  0x0000000000000018 (BIND_NOW)
>  0x000000006ffffffb (FLAGS_1)            Flags: NOW
> 
> This patch removes -Wl,-z,now from ld.so build.
> 
> OK for master?

No. I'd like to see more discussion on this.

I don't see any other way forward, and I agree that DT_BIND_NOW seems
a bit silly for the linker since it itself is the component responsible
for that binding.

My worry is that the missing DT tag is going to have security implications.
I'm including several other distro people on the TO.

The first thing I'll have to explain is "Why doesn't ld.so meet full RELRO?"
Since full RELRO requires DT_BIND_NOW + RO segments. Does this mean ld.so
with your patch will by lazily bound and not mark it's own PLT immediately RO?
That seems wrong.

Given the wrongness I'd like to see more discussion, and it's late in my TZ
so I'm not up for a detailed response yet.

However, the first thing that pops into mind is that this wrong, but wrong
in the sense that I don't know if the static linker can even make this choice
(removing the PLT) without information from the user.

The notion of -z,now means "Bind symbols now, not lazily", but that doesn't
give you enough information to elide the PLT and use the GOT directly since
the interposition is still useful and relied upon semantic in ELF.

Cheers,
Carlos.

> H.J.
> 	[BZ #18422]
> 	* elf/Makefile (z-now-yes): Removed.
> 	($(objpfx)ld.so): Remove $(z-now-$(bind-now)).
> ---
>  elf/Makefile | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/elf/Makefile b/elf/Makefile
> index 34450ea..324b4a2 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -349,13 +349,11 @@ $(objpfx)librtld.os: $(objpfx)dl-allobjs.os $(objpfx)rtld-libc.a
>  
>  generated += librtld.map librtld.mk rtld-libc.a librtld.os.map
>  
> -z-now-yes = -Wl,-z,now
> -
>  $(objpfx)ld.so: $(objpfx)librtld.os $(ld-map)
>  # Link into a temporary file so that we don't touch $@ at all
>  # if the sanity check below fails.
>  	$(LINK.o) -nostdlib -nostartfiles -shared -o $@.new		\
> -		  $(LDFLAGS-rtld) -Wl,-z,defs $(z-now-$(bind-now))	\
> +		  $(LDFLAGS-rtld) -Wl,-z,defs				\
>  		  $(filter-out $(map-file),$^) $(load-map-file)		\
>  		  -Wl,-soname=$(rtld-installed-name)			\
>  		  -Wl,-defsym=_begin=0
>

Follow-Ups:
- Re: [PATCH] [BZ #18422] elf/tst-audit tests fail without PLT entries
  - From: H.J. Lu
- Re: [PATCH] [BZ #18422] elf/tst-audit tests fail without PLT entries
  - From: Florian Weimer

References:
- [PATCH] [BZ #18422] elf/tst-audit tests fail without PLT entries
  - From: H.J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]