Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 7 Sep 2021 08:18:04 -0700
From: "H.J. Lu" <hjl.tools@...il.com>
To: Florian Weimer <fweimer@...hat.com>
Cc: GNU C Library <libc-alpha@...rceware.org>, GDB <gdb@...rceware.org>, 
	libc-coord@...ts.openwall.com, Daniel Walker <danielwa@...co.com>
Subject: Re: [PATCH v6 2/2] Extend struct r_debug to support multiple namespaces

On Mon, Sep 6, 2021 at 7:31 AM H.J. Lu <hjl.tools@...il.com> wrote:
>
> On Mon, Sep 6, 2021 at 7:24 AM Florian Weimer <fweimer@...hat.com> wrote:
> >
> > * H. J. Lu:
> >
> > > On Mon, Sep 6, 2021 at 2:39 AM Florian Weimer <fweimer@...hat.com> wrote:
> > >>
> > >> * H. J. Lu:
> > >>
> > >> > +* The r_version update in the debugger interface makes the glibc binary
> > >> > +  incompatible with GDB binaries built without the following commits:
> > >> > +
> > >> > +  c0154a4a21a gdb: Don't assume r_ldsomap when r_version > 1 on Linux
> > >> > +  4eb629d50d4 gdbserver: Check r_version < 1 for Linux debugger interface
> > >>
> > >> Does this incompatibility happen even if audit modules and dlmopen are
> > >> not used?
> > >
> > > Yes.
> >
> > Why?  Can't we keep r_version at 1 in this case?
>
> r_version is checked in GDB whenever DT_DEBUG is used to access
> the rtld debug interface, independent of audit modules and dlmopen.
>
> We can bump r_version only if a non-default namespace is used.

Fixed.

> > >> This puts the assember output from the compiler through the
> > >> preprocessor.  That seems to be brittle.  I think you would have to
> > >> preprocess the manually written fragment separately.
> > >>
> > >> However, I think we are overdesigning things here.  The following in
> > >> dl-debug-symbols-gen.c should work (and the file should have a different
> > >> name then):
> > >>
> > >> /* Alias _r_debug to a prefix of _r_debug_extended.  */
> > >> asm (".set _r_debug, _r_debug_extended\n\t"
> > >>      ".type _r_debug, %object\n\t"
> > >>      ".symver _r_debug_extended, _r_debug@@" FIRST_VERSION_ld__r_debug_STRING);
> > >> #if __WORDSIZE == 64
> > >> _Static_assert (sizeof (struct r_debug) == 40, "sizeof (struct r_debug)");
> > >> asm (".size _r_debug, 40");
> > >> #else
> > >> _Static_assert (sizeof (struct r_debug) == 20, "sizeof (struct r_debug)");
> > >> asm (".size _r_debug, 20");
> > >> #endif
> > >>
> > >> It's not exactly pretty, but at least it's obvious what is going on.
> > >> (Extended asm with input operands is not supported outside of functions.)
> > >
> > > This was the first thing I tried and it didn't work:
> > >
> > > [hjl@...-cfl-2 tmp]$ cat foo.s
> > > .set  _r_debug, _r_debug_extended
> > > .globl _r_debug
> > > .type _r_debug, %object
> > > .size _r_debug, 40
> > > .data
> > > .type _r_debug_extended, %object
> > > .size _r_debug_extended, 48
> > > .globl _r_debug_extended
> > > _r_debug_extended:
> > > .zero 48
> > > [hjl@...-cfl-2 tmp]$ gcc -c foo.s
> > > [hjl@...-cfl-2 tmp]$ readelf -sW foo.o | grep _r_debug
> > >      1: 0000000000000000    48 OBJECT  GLOBAL DEFAULT    2 _r_debug
> > >      2: 0000000000000000    48 OBJECT  GLOBAL DEFAULT    2 _r_debug_extended
> > > [hjl@...-cfl-2 tmp]$
> >
> > Huh.  Does this mean this depends on the symbol definition order in the
> > assembler file?
> >
> > I really hate the post-processing of compiler output.  This isn't GHC. 8->
> >
> > Can we write a portable assembler file instead?
> >
> > Nick Clifton has written down some guidelines:
> >
> >   Tips for writing portable assembler with GNU Assembler (GAS)
> >   <https://developers.redhat.com/blog/2021/02/26/tips-for-writing-portable-assembler-with-gnu-assembler-gas>
> >
> > There's no initializer, so all we need to know is size and alignment.
>
> Yes, I can do that.

Fixed.

> > >> Is this necessary?  It makes concurrent access to the list harder and
> > >
> > > When _dl_close_worker is called, it holds GL(dl_load_lock).  Why does
> > > this change make concurrent access harder?
> >
> > Something else might want to read the list directly, by starting with
> > DT_DEBUG.
>
> I can add _dl_debug_get and use _dl_debug_initialize only for initialization.
> Will it work?
>

I submitted the v7 patch with:

1. Rewrite dl-debug-symbols.S and remove dl-debug-compat-symbols.c.
2. Bump r_version to 2 only when multiple namespaces are used.
3. Verify r_version == 1 without multiple namespaces.
4. Keep the empty (unused) namespace on the namespace linked list.
5. Use atomic_store_release to update r_version and r_next.
6. Add _dl_debug_update without adding the namespace to the namespace
linked list.

-- 
H.J.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.