From patchwork Thu Mar  7 21:40:29 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joe Simmons-Talbott <josimmon@redhat.com>
X-Patchwork-Id: 1909462
Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=W5esGypy;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=8.43.85.97; helo=server2.sourceware.org;
 envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=patchwork.ozlabs.org)
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TrN5n69LWz1yWx
	for <incoming@patchwork.ozlabs.org>; Fri,  8 Mar 2024 08:41:01 +1100 (AEDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id C70353858D1E
	for <incoming@patchwork.ozlabs.org>; Thu,  7 Mar 2024 21:40:58 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 4197C3858D1E
 for <libc-alpha@sourceware.org>; Thu,  7 Mar 2024 21:40:42 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4197C3858D1E
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4197C3858D1E
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709847643; cv=none;
 b=pjn9qU2Ptj/nwNmy55kOM1iI3owyTXQ2ttPDS9wv18TdVpKENJMRuXtrU41TYbD3in1t29DNEdMTkbg8zWTqOzhMqfZIynbHNTuHLKbduiZjGzAYwUY1BlIdR4IHNUKgkh8AT7wSykdwMKXGt11nK0JVip5YUQQufPnutL3wHnM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1709847643; c=relaxed/simple;
 bh=gQxQCafJXJIyiKkwjtIak9NuFsXLhSNRpVWut1Yf18c=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=dIbrf4xDrgM4T8p58lodNTej6/+KX64gzQwJRi30j+IBtf+MpWKYyYptQp/kyPR+hRTt8TEOnk7MX0WoNNNhR0j1LXempWSz+BD/0eLmrLRY+jxhqXqGRI4GpydSiY8dUz51jAWo08zl6hUydTT/9AvcgcbqhjT3kJKm/EnfnY8=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1709847641;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=4FtUIDl/TzfIQKG9k0BWqwYlDancCAKyHlF1Wo/L+JA=;
 b=W5esGypygdSOatjEiYFacX4tuT6gdKj5nOsTh8GZytghb4OznrBHZHkQdALYzxrIOTFMHM
 wkE+kuhJyGDu4kvaj0D8KTOEHz4VPRgmmBCTkdTr5ADXCuCZXgRATW2iBsHmkTT6ggGUKq
 smC6UUwKN6XnatIycBwneCFILdT3ADE=
Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com
 [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-607-D_xAp2m9PyuyoHzbMBBNBg-1; Thu, 07 Mar 2024 16:40:40 -0500
X-MC-Unique: D_xAp2m9PyuyoHzbMBBNBg-1
Received: by mail-qv1-f72.google.com with SMTP id
 6a1803df08f44-68fa6c656dbso42030046d6.0
 for <libc-alpha@sourceware.org>; Thu, 07 Mar 2024 13:40:40 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1709847639; x=1710452439;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=uMfHc52YA3iXveVm+o+ZBYzRP60Rv7tngqAy9hCn0cQ=;
 b=kbfqPSbU53ERlKVjW2+U+ZFnfzC8A2iD1z7/6v3Bb5X2o6jfJ92Q1gbuMRTBAE3728
 Wr9LPSl+I9/ZjbrliWHmNrE5oFIYmfz27ip66cXGjgxRGgWxvk1OaYkAALj6dcUEZ3u/
 VQuK3WooWSYE1//8bDuW4s/Pc4VXl6nU45q/CixSGE87lfMFH2YczCetUnfgACLQGhrL
 oxd4t0oD+HyXzVYem6ckBNyyE2cUuTFf+TNCBr5InCXLrrAOCtXmydIy5pAaj5ci7vgp
 Vsc9ejDjEh1eC/M3XBeEmmWR77iSYGEkxZhJ96Z0vVFkAclBH4Rqy5N4L6g9zOdPBBSN
 h+Ow==
X-Gm-Message-State: AOJu0YxkIP0h520onCXOEXLAYJRpJgqcKqiwqEoQ/1TpBiq8uZknp3/j
 m/Pq0hqew1oKPChYJ/wvz5CId7HB5AebIf9+LxlhLk0VYDdU//EoYn8uJBxW8LdHkVVWwKWAmVM
 uBxzUFDDOcnwYYd04EJzDH/HL6OWOd5q+vcQz1CMzuzFPmjVM/sliLJyN3JtxLJRekdSH/MVtLK
 KCsQ/37HumBbkancrMnvgZEo7yz0R5KwpxLVJAJx+ipw==
X-Received: by 2002:a0c:e24e:0:b0:690:aa22:bff2 with SMTP id
 x14-20020a0ce24e000000b00690aa22bff2mr3019067qvl.11.1709847639365;
 Thu, 07 Mar 2024 13:40:39 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IFPk6kJB1LQa51rBhSgRpyhVSN2hLzIKOwD4tEWWvgdeRhrS8btnrHwHVg2tZmM1veZZwmG+Q==
X-Received: by 2002:a0c:e24e:0:b0:690:aa22:bff2 with SMTP id
 x14-20020a0ce24e000000b00690aa22bff2mr3019046qvl.11.1709847638966;
 Thu, 07 Mar 2024 13:40:38 -0800 (PST)
Received: from oak.. (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238])
 by smtp.gmail.com with ESMTPSA id
 pe23-20020a056214495700b00690766cd5b5sm4993840qvb.141.2024.03.07.13.40.37
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 07 Mar 2024 13:40:38 -0800 (PST)
From: Joe Simmons-Talbott <josimmon@redhat.com>
To: libc-alpha@sourceware.org
Cc: Joe Simmons-Talbott <josimmon@redhat.com>
Subject: [PATCH v2] elf/rtld: Count skipped environment variables for
 enable_secure
Date: Thu,  7 Mar 2024 16:40:29 -0500
Message-ID: <20240307214032.2773074-1-josimmon@redhat.com>
X-Mailer: git-send-email 2.44.0
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, DKIM_INVALID,
 DKIM_SIGNED, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS,
 RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org

When using the glibc.rtld.enable_secure tunable we need to keep track of
the count of environment variables we skip due to __libc_enable_secure
being set and adjust the auxv section of the stack.  This fixes an
assertion when running ld.so directly with glibc.rtld.enable_secure set.

elf/rtld.c:1324   assert (auxv == sp + 1);
---
Changes to v1:
* Add comment explaining how and why skip_env is adjusted.

 elf/rtld.c | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/elf/rtld.c b/elf/rtld.c
index ac4bb23652..e9525ea987 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -155,7 +155,7 @@ static void dl_main_state_init (struct dl_main_state *state);
    Since all of them start with `LD_' we are a bit smarter while finding
    all the entries.  */
 extern char **_environ attribute_hidden;
-static void process_envvars (struct dl_main_state *state);
+static int process_envvars (struct dl_main_state *state);
 
 int _dl_argc attribute_relro attribute_hidden;
 char **_dl_argv attribute_relro = NULL;
@@ -1287,7 +1287,7 @@ rtld_setup_main_map (struct link_map *main_map)
    _dl_argv and _dl_argc accordingly.  Those arguments are removed from
    argv here.  */
 static void
-_dl_start_args_adjust (int skip_args)
+_dl_start_args_adjust (int skip_args, int skip_env)
 {
   void **sp = (void **) (_dl_argv - skip_args - 1);
   void **p = sp + skip_args;
@@ -1319,7 +1319,7 @@ _dl_start_args_adjust (int skip_args)
   while (*p != NULL);
 
 #ifdef HAVE_AUX_VECTOR
-  void **auxv = (void **) GLRO(dl_auxv) - skip_args;
+  void **auxv = (void **) GLRO(dl_auxv) - skip_args - skip_env;
   GLRO(dl_auxv) = (ElfW(auxv_t) *) auxv; /* Aliasing violation.  */
   assert (auxv == sp + 1);
 
@@ -1350,6 +1350,7 @@ dl_main (const ElfW(Phdr) *phdr,
   unsigned int i;
   bool rtld_is_main = false;
   void *tcbp = NULL;
+  int skip_env = 0;
 
   struct dl_main_state state;
   dl_main_state_init (&state);
@@ -1363,7 +1364,7 @@ dl_main (const ElfW(Phdr) *phdr,
 #endif
 
   /* Process the environment variable which control the behaviour.  */
-  process_envvars (&state);
+  skip_env = process_envvars (&state);
 
 #ifndef HAVE_INLINED_SYSCALLS
   /* Set up a flag which tells we are just starting.  */
@@ -1628,7 +1629,7 @@ dl_main (const ElfW(Phdr) *phdr,
         _dl_argv[0] = argv0;
 
       /* Adjust arguments for the application entry point.  */
-      _dl_start_args_adjust (_dl_argv - orig_argv);
+      _dl_start_args_adjust (_dl_argv - orig_argv, skip_env);
     }
   else
     {
@@ -2532,11 +2533,12 @@ a filename can be specified using the LD_DEBUG_OUTPUT environment variable.\n");
     }
 }
 
-static void
+static int
 process_envvars_secure (struct dl_main_state *state)
 {
   char **runp = _environ;
   char *envline;
+  int skip_env = 0;
 
   while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
     {
@@ -2578,6 +2580,14 @@ process_envvars_secure (struct dl_main_state *state)
   const char *nextp = UNSECURE_ENVVARS;
   do
     {
+      /* Keep track of the number of environment variables that were set in
+         the environment and are unset below.  Use getenv() which returns
+	 non-NULL if the variable is set in the environment.  This count is
+	 needed if we need to adjust the location of the AUX vector on the
+	 stack when running ld.so directly. */
+      if (getenv (nextp) != NULL)
+        skip_env++;
+
       unsetenv (nextp);
       nextp = strchr (nextp, '\0') + 1;
     }
@@ -2590,6 +2600,8 @@ process_envvars_secure (struct dl_main_state *state)
       || state->mode != rtld_mode_normal
       || state->version_info)
     _exit (5);
+
+  return skip_env;
 }
 
 static void
@@ -2743,13 +2755,16 @@ process_envvars_default (struct dl_main_state *state)
     }
 }
 
-static void
+static int
 process_envvars (struct dl_main_state *state)
 {
+  int skip_env = 0;
   if (__glibc_unlikely (__libc_enable_secure))
-    process_envvars_secure (state);
+    skip_env += process_envvars_secure (state);
   else
     process_envvars_default (state);
+
+  return skip_env;
 }
 
 #if HP_TIMING_INLINE