abe59f
commit 254d3d5aef2fd8430c469e1938209ac100ebf132
abe59f
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
abe59f
Date:   Mon Jan 24 10:46:16 2022 -0300
abe59f
abe59f
    elf: Fix initial-exec TLS access on audit modules (BZ #28096)
abe59f
    
abe59f
    For audit modules and dependencies with initial-exec TLS, we can not
abe59f
    set the initial TLS image on default loader initialization because it
abe59f
    would already be set by the audit setup.  However, subsequent thread
abe59f
    creation would need to follow the default behaviour.
abe59f
    
abe59f
    This patch fixes it by setting l_auditing link_map field not only
abe59f
    for the audit modules, but also for all its dependencies.  This is
abe59f
    used on _dl_allocate_tls_init to avoid the static TLS initialization
abe59f
    at load time.
abe59f
    
abe59f
    Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu.
abe59f
    
abe59f
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
abe59f
    Tested-by: Carlos O'Donell <carlos@redhat.com>
abe59f
abe59f
diff --git a/elf/Makefile b/elf/Makefile
abe59f
index e4955c9f575f9015..3f5f72257a5fbea4 100644
abe59f
--- a/elf/Makefile
abe59f
+++ b/elf/Makefile
abe59f
@@ -344,6 +344,7 @@ tests += \
abe59f
   tst-audit19b \
abe59f
   tst-audit2 \
abe59f
   tst-audit20 \
abe59f
+  tst-audit21 \
abe59f
   tst-audit22 \
abe59f
   tst-audit23 \
abe59f
   tst-audit8 \
abe59f
@@ -631,6 +632,8 @@ modules-names = \
abe59f
   tst-auditmod19a \
abe59f
   tst-auditmod19b \
abe59f
   tst-auditmod20 \
abe59f
+  tst-auditmod21a \
abe59f
+  tst-auditmod21b \
abe59f
   tst-auditmod22 \
abe59f
   tst-auditmod23 \
abe59f
   tst-big-note-lib \
abe59f
@@ -2041,6 +2044,11 @@ $(objpfx)tst-audit20.out: $(objpfx)tst-auditmod20.so
abe59f
 tst-audit20-ENV = LD_AUDIT=$(objpfx)tst-auditmod20.so
abe59f
 $(objpfx)tst-auditmod20.so: $(libdl)
abe59f
 
abe59f
+$(objpfx)tst-audit21: $(shared-thread-library)
abe59f
+$(objpfx)tst-audit21.out: $(objpfx)tst-auditmod21a.so
abe59f
+$(objpfx)tst-auditmod21a.so: $(objpfx)tst-auditmod21b.so
abe59f
+tst-audit21-ENV = LD_AUDIT=$(objpfx)tst-auditmod21a.so
abe59f
+
abe59f
 $(objpfx)tst-audit22.out: $(objpfx)tst-auditmod22.so
abe59f
 tst-audit22-ARGS = -- $(host-test-program-cmd)
abe59f
 
abe59f
diff --git a/elf/dl-tls.c b/elf/dl-tls.c
abe59f
index 7865fc390c3f3f0a..a918e9a6f585eb72 100644
abe59f
--- a/elf/dl-tls.c
abe59f
+++ b/elf/dl-tls.c
abe59f
@@ -514,8 +514,12 @@ _dl_resize_dtv (dtv_t *dtv, size_t max_modid)
abe59f
 }
abe59f
 
abe59f
 
abe59f
+/* Allocate initial TLS.  RESULT should be a non-NULL pointer to storage
abe59f
+   for the TLS space.  The DTV may be resized, and so this function may
abe59f
+   call malloc to allocate that space.  The loader's GL(dl_load_tls_lock)
abe59f
+   is taken when manipulating global TLS-related data in the loader.  */
abe59f
 void *
abe59f
-_dl_allocate_tls_init (void *result)
abe59f
+_dl_allocate_tls_init (void *result, bool init_tls)
abe59f
 {
abe59f
   if (result == NULL)
abe59f
     /* The memory allocation failed.  */
abe59f
@@ -588,7 +592,14 @@ _dl_allocate_tls_init (void *result)
abe59f
 	     some platforms use in static programs requires it.  */
abe59f
 	  dtv[map->l_tls_modid].pointer.val = dest;
abe59f
 
abe59f
-	  /* Copy the initialization image and clear the BSS part.  */
abe59f
+	  /* Copy the initialization image and clear the BSS part.  For
abe59f
+	     audit modules or dependencies with initial-exec TLS, we can not
abe59f
+	     set the initial TLS image on default loader initialization
abe59f
+	     because it would already be set by the audit setup.  However,
abe59f
+	     subsequent thread creation would need to follow the default
abe59f
+	     behaviour.   */
abe59f
+	  if (map->l_ns != LM_ID_BASE && !init_tls)
abe59f
+	    continue;
abe59f
 	  memset (__mempcpy (dest, map->l_tls_initimage,
abe59f
 			     map->l_tls_initimage_size), '\0',
abe59f
 		  map->l_tls_blocksize - map->l_tls_initimage_size);
abe59f
@@ -615,7 +626,7 @@ _dl_allocate_tls (void *mem)
abe59f
 {
abe59f
   return _dl_allocate_tls_init (mem == NULL
abe59f
 				? _dl_allocate_tls_storage ()
abe59f
-				: allocate_dtv (mem));
abe59f
+				: allocate_dtv (mem), true);
abe59f
 }
abe59f
 rtld_hidden_def (_dl_allocate_tls)
abe59f
 
abe59f
diff --git a/elf/rtld.c b/elf/rtld.c
abe59f
index efcbeac6c24c4b7b..caa980dbda3d1a72 100644
abe59f
--- a/elf/rtld.c
abe59f
+++ b/elf/rtld.c
abe59f
@@ -2421,7 +2421,7 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);
abe59f
      into the main thread's TLS area, which we allocated above.
abe59f
      Note: thread-local variables must only be accessed after completing
abe59f
      the next step.  */
abe59f
-  _dl_allocate_tls_init (tcbp);
abe59f
+  _dl_allocate_tls_init (tcbp, false);
abe59f
 
abe59f
   /* And finally install it for the main thread.  */
abe59f
   if (! tls_init_tp_called)
abe59f
diff --git a/elf/tst-audit21.c b/elf/tst-audit21.c
abe59f
new file mode 100644
abe59f
index 0000000000000000..3a47ab64d44421ee
abe59f
--- /dev/null
abe59f
+++ b/elf/tst-audit21.c
abe59f
@@ -0,0 +1,42 @@
abe59f
+/* Check LD_AUDIT with static TLS.
abe59f
+   Copyright (C) 2022 Free Software Foundation, Inc.
abe59f
+   This file is part of the GNU C Library.
abe59f
+
abe59f
+   The GNU C Library is free software; you can redistribute it and/or
abe59f
+   modify it under the terms of the GNU Lesser General Public
abe59f
+   License as published by the Free Software Foundation; either
abe59f
+   version 2.1 of the License, or (at your option) any later version.
abe59f
+
abe59f
+   The GNU C Library is distributed in the hope that it will be useful,
abe59f
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
abe59f
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
abe59f
+   Lesser General Public License for more details.
abe59f
+
abe59f
+   You should have received a copy of the GNU Lesser General Public
abe59f
+   License along with the GNU C Library; if not, see
abe59f
+   <https://www.gnu.org/licenses/>.  */
abe59f
+
abe59f
+#include <ctype.h>
abe59f
+#include <support/xthread.h>
abe59f
+#include <support/check.h>
abe59f
+
abe59f
+static volatile __thread int out __attribute__ ((tls_model ("initial-exec")));
abe59f
+
abe59f
+static void *
abe59f
+tf (void *arg)
abe59f
+{
abe59f
+  TEST_COMPARE (out, 0);
abe59f
+  out = isspace (' ');
abe59f
+  return NULL;
abe59f
+}
abe59f
+
abe59f
+int main (int argc, char *argv[])
abe59f
+{
abe59f
+  TEST_COMPARE (out, 0);
abe59f
+  out = isspace (' ');
abe59f
+
abe59f
+  pthread_t t = xpthread_create (NULL, tf, NULL);
abe59f
+  xpthread_join (t);
abe59f
+
abe59f
+  return 0;
abe59f
+}
abe59f
diff --git a/elf/tst-auditmod21a.c b/elf/tst-auditmod21a.c
abe59f
new file mode 100644
abe59f
index 0000000000000000..f6d51b5c0531c49d
abe59f
--- /dev/null
abe59f
+++ b/elf/tst-auditmod21a.c
abe59f
@@ -0,0 +1,80 @@
abe59f
+/* Check LD_AUDIT with static TLS.
abe59f
+   Copyright (C) 2022 Free Software Foundation, Inc.
abe59f
+   This file is part of the GNU C Library.
abe59f
+
abe59f
+   The GNU C Library is free software; you can redistribute it and/or
abe59f
+   modify it under the terms of the GNU Lesser General Public
abe59f
+   License as published by the Free Software Foundation; either
abe59f
+   version 2.1 of the License, or (at your option) any later version.
abe59f
+
abe59f
+   The GNU C Library is distributed in the hope that it will be useful,
abe59f
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
abe59f
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
abe59f
+   Lesser General Public License for more details.
abe59f
+
abe59f
+   You should have received a copy of the GNU Lesser General Public
abe59f
+   License along with the GNU C Library; if not, see
abe59f
+   <https://www.gnu.org/licenses/>.  */
abe59f
+
abe59f
+#include <ctype.h>
abe59f
+#include <stdlib.h>
abe59f
+#include <link.h>
abe59f
+
abe59f
+#define tls_ie __attribute__ ((tls_model ("initial-exec")))
abe59f
+
abe59f
+__thread int tls_var0 tls_ie;
abe59f
+__thread int tls_var1 tls_ie = 0x10;
abe59f
+
abe59f
+/* Defined at tst-auditmod21b.so  */
abe59f
+extern __thread int tls_var2;
abe59f
+extern __thread int tls_var3;
abe59f
+
abe59f
+static volatile int out;
abe59f
+
abe59f
+static void
abe59f
+call_libc (void)
abe59f
+{
abe59f
+  /* isspace accesses the initial-exec glibc TLS variables, which are
abe59f
+     setup in glibc initialization.  */
abe59f
+  out = isspace (' ');
abe59f
+}
abe59f
+
abe59f
+unsigned int
abe59f
+la_version (unsigned int v)
abe59f
+{
abe59f
+  tls_var0 = 0x1;
abe59f
+  if (tls_var1 != 0x10)
abe59f
+    abort ();
abe59f
+  tls_var1 = 0x20;
abe59f
+
abe59f
+  tls_var2 = 0x2;
abe59f
+  if (tls_var3 != 0x20)
abe59f
+    abort ();
abe59f
+  tls_var3 = 0x40;
abe59f
+
abe59f
+  call_libc ();
abe59f
+
abe59f
+  return LAV_CURRENT;
abe59f
+}
abe59f
+
abe59f
+unsigned int
abe59f
+la_objopen (struct link_map* map, Lmid_t lmid, uintptr_t* cookie)
abe59f
+{
abe59f
+  call_libc ();
abe59f
+  *cookie = (uintptr_t) map;
abe59f
+  return 0;
abe59f
+}
abe59f
+
abe59f
+void
abe59f
+la_activity (uintptr_t* cookie, unsigned int flag)
abe59f
+{
abe59f
+  if (tls_var0 != 0x1 || tls_var1 != 0x20)
abe59f
+    abort ();
abe59f
+  call_libc ();
abe59f
+}
abe59f
+
abe59f
+void
abe59f
+la_preinit (uintptr_t* cookie)
abe59f
+{
abe59f
+  call_libc ();
abe59f
+}
abe59f
diff --git a/elf/tst-auditmod21b.c b/elf/tst-auditmod21b.c
abe59f
new file mode 100644
abe59f
index 0000000000000000..6ba5335b7514c674
abe59f
--- /dev/null
abe59f
+++ b/elf/tst-auditmod21b.c
abe59f
@@ -0,0 +1,22 @@
abe59f
+/* Check LD_AUDIT with static TLS.
abe59f
+   Copyright (C) 2022 Free Software Foundation, Inc.
abe59f
+   This file is part of the GNU C Library.
abe59f
+
abe59f
+   The GNU C Library is free software; you can redistribute it and/or
abe59f
+   modify it under the terms of the GNU Lesser General Public
abe59f
+   License as published by the Free Software Foundation; either
abe59f
+   version 2.1 of the License, or (at your option) any later version.
abe59f
+
abe59f
+   The GNU C Library is distributed in the hope that it will be useful,
abe59f
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
abe59f
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
abe59f
+   Lesser General Public License for more details.
abe59f
+
abe59f
+   You should have received a copy of the GNU Lesser General Public
abe59f
+   License along with the GNU C Library; if not, see
abe59f
+   <https://www.gnu.org/licenses/>.  */
abe59f
+
abe59f
+#define tls_ie __attribute__ ((tls_model ("initial-exec")))
abe59f
+
abe59f
+__thread int tls_var2 tls_ie;
abe59f
+__thread int tls_var3 tls_ie = 0x20;
abe59f
diff --git a/nptl/allocatestack.c b/nptl/allocatestack.c
abe59f
index 5fa45b19987717e1..58170d9da2bf0fa6 100644
abe59f
--- a/nptl/allocatestack.c
abe59f
+++ b/nptl/allocatestack.c
abe59f
@@ -244,7 +244,7 @@ get_cached_stack (size_t *sizep, void **memp)
abe59f
   memset (dtv, '\0', (dtv[-1].counter + 1) * sizeof (dtv_t));
abe59f
 
abe59f
   /* Re-initialize the TLS.  */
abe59f
-  _dl_allocate_tls_init (TLS_TPADJ (result));
abe59f
+  _dl_allocate_tls_init (TLS_TPADJ (result), true);
abe59f
 
abe59f
   return result;
abe59f
 }
abe59f
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
abe59f
index 29b77b35175c1116..73f4863fd43922b9 100644
abe59f
--- a/sysdeps/generic/ldsodefs.h
abe59f
+++ b/sysdeps/generic/ldsodefs.h
abe59f
@@ -1182,7 +1182,7 @@ extern void _dl_allocate_static_tls (struct link_map *map) attribute_hidden;
abe59f
 /* These are internal entry points to the two halves of _dl_allocate_tls,
abe59f
    only used within rtld.c itself at startup time.  */
abe59f
 extern void *_dl_allocate_tls_storage (void) attribute_hidden;
abe59f
-extern void *_dl_allocate_tls_init (void *);
abe59f
+extern void *_dl_allocate_tls_init (void *, bool);
abe59f
 rtld_hidden_proto (_dl_allocate_tls_init)
abe59f
 
abe59f
 /* Deallocate memory allocated with _dl_allocate_tls.  */