elf: Implement DT_AUDIT, DT_DEPAUDIT support [BZ #24943]

Message ID 87ftf9mcbe.fsf@oldenburg2.str.redhat.com
State New
Headers show
Series
  • elf: Implement DT_AUDIT, DT_DEPAUDIT support [BZ #24943]
Related show

Commit Message

Florian Weimer Feb. 17, 2020, 4:02 p.m.
binutils ld has supported --audit, --depaudit for a long time,
only support in glibc has been missing.

[Rebased &repost of an old, unreviewed patch.]

-----
 NEWS                    |  3 ++
 elf/Makefile            | 22 ++++++++++++--
 elf/rtld.c              | 78 +++++++++++++++++++++++++++++++++++++++++++++----
 elf/tst-audit14.c       | 46 +++++++++++++++++++++++++++++
 elf/tst-audit15.c       | 50 +++++++++++++++++++++++++++++++
 elf/tst-audit16.c       | 54 ++++++++++++++++++++++++++++++++++
 elf/tst-auditlogmod-1.c | 27 +++++++++++++++++
 elf/tst-auditlogmod-2.c | 27 +++++++++++++++++
 elf/tst-auditlogmod-3.c | 27 +++++++++++++++++
 support/Makefile        |  1 +
 support/xgetline.c      | 39 +++++++++++++++++++++++++
 support/xstdio.h        |  6 ++++
 12 files changed, 373 insertions(+), 7 deletions(-)

Comments

Florian Weimer via Libc-alpha April 1, 2020, 9:13 p.m. | #1
On 2/17/20 11:02 AM, Florian Weimer wrote:
> binutils ld has supported --audit, --depaudit for a long time,

> only support in glibc has been missing.

> 

> [Rebased &repost of an old, unreviewed patch.]


OK for master.

Includes tests of DT_AUDIT, and DT_DEPAUDIT for a variable number
of audit libraries.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>


> -----

>  NEWS                    |  3 ++

>  elf/Makefile            | 22 ++++++++++++--

>  elf/rtld.c              | 78 +++++++++++++++++++++++++++++++++++++++++++++----

>  elf/tst-audit14.c       | 46 +++++++++++++++++++++++++++++

>  elf/tst-audit15.c       | 50 +++++++++++++++++++++++++++++++

>  elf/tst-audit16.c       | 54 ++++++++++++++++++++++++++++++++++

>  elf/tst-auditlogmod-1.c | 27 +++++++++++++++++

>  elf/tst-auditlogmod-2.c | 27 +++++++++++++++++

>  elf/tst-auditlogmod-3.c | 27 +++++++++++++++++

>  support/Makefile        |  1 +

>  support/xgetline.c      | 39 +++++++++++++++++++++++++

>  support/xstdio.h        |  6 ++++

>  12 files changed, 373 insertions(+), 7 deletions(-)

> 

> diff --git a/NEWS b/NEWS

> index 77631ca707..3d75d6cfc6 100644

> --- a/NEWS

> +++ b/NEWS

> @@ -11,6 +11,9 @@ Major new features:

>  

>    * New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)

>  

> +* The GNU C Library now loads audit modules listed in the DT_AUDIT and

> +  DT_DEPAUDIT dynamic section entries of the main executable.

> +

>  Deprecated and removed features, and other changes affecting compatibility:

>  

>    [Add deprecations, removals and changes affecting compatibility here]

> diff --git a/elf/Makefile b/elf/Makefile

> index a137143db7..12c505f3b7 100644

> --- a/elf/Makefile

> +++ b/elf/Makefile

> @@ -202,7 +202,8 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \

>  	 tst-sonamemove-link tst-sonamemove-dlopen tst-dlopen-tlsmodid \

>  	 tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \

>  	 tst-dlopenfail-2 \

> -	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen

> +	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \

> +	 tst-audit14 tst-audit15 tst-audit16

>  #	 reldep9

>  tests-internal += loadtest unload unload2 circleload1 \

>  	 neededtest neededtest2 neededtest3 neededtest4 \

> @@ -314,7 +315,8 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \

>  		tst-initlazyfailmod tst-finilazyfailmod \

>  		tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \

>  		tst-dlopenfailmod3 tst-ldconfig-ld-mod \

> -		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee

> +		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee \

> +		tst-auditlogmod-1 tst-auditlogmod-2 tst-auditlogmod-3

>  # Most modules build with _ISOMAC defined, but those filtered out

>  # depend on internal headers.

>  modules-names-tests = $(filter-out ifuncmod% tst-libc_dlvsym-dso tst-tlsmod%,\

> @@ -1491,6 +1493,22 @@ $(objpfx)tst-auditmany.out: $(objpfx)tst-auditmanymod1.so \

>  tst-auditmany-ENV = \

>    LD_AUDIT=tst-auditmanymod1.so:tst-auditmanymod2.so:tst-auditmanymod3.so:tst-auditmanymod4.so:tst-auditmanymod5.so:tst-auditmanymod6.so:tst-auditmanymod7.so:tst-auditmanymod8.so:tst-auditmanymod9.so

>  

> +LDFLAGS-tst-audit14 = -Wl,--audit=tst-auditlogmod-1.so

> +$(objpfx)tst-auditlogmod-1.so: $(libsupport)

> +$(objpfx)tst-audit14.out: $(objpfx)tst-auditlogmod-1.so

> +LDFLAGS-tst-audit15 = \

> +  -Wl,--audit=tst-auditlogmod-1.so,--depaudit=tst-auditlogmod-2.so

> +$(objpfx)tst-auditlogmod-2.so: $(libsupport)

> +$(objpfx)tst-audit15.out: \

> +  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so

> +LDFLAGS-tst-audit16 = \

> +  -Wl,--audit=tst-auditlogmod-1.so:tst-auditlogmod-2.so \

> +  -Wl,--depaudit=tst-auditlogmod-3.so

> +$(objpfx)tst-auditlogmod-3.so: $(libsupport)

> +$(objpfx)tst-audit16.out: \

> +  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so \

> +  $(objpfx)tst-auditlogmod-3.so

> +

>  # tst-sonamemove links against an older implementation of the library.

>  LDFLAGS-tst-sonamemove-linkmod1.so = \

>    -Wl,--version-script=tst-sonamemove-linkmod1.map \

> diff --git a/elf/rtld.c b/elf/rtld.c

> index 51dfaf966a..167da48def 100644

> --- a/elf/rtld.c

> +++ b/elf/rtld.c

> @@ -188,6 +188,15 @@ static struct audit_list

>    struct audit_list *next;

>  } *audit_list;

>  

> +/* State flag for hte struct audit_list_iter iterator.  */

> +enum audit_iter_list_state

> +  {

> +    audit_iter_list_in_string,

> +    audit_iter_list_in_dt_audit,

> +    audit_iter_list_in_dt_depaudit,

> +    audit_iter_list_in_list,

> +  };

> +

>  /* Iterator for audit_list_string followed by audit_list.  */

>  struct audit_list_iter

>  {

> @@ -198,6 +207,9 @@ struct audit_list_iter

>       the first element.  */

>    struct audit_list *previous;

>  

> +  /* One of the enum audit_iter_list_state values.  */

> +  unsigned char state;

> +

>    /* Scratch buffer for returning a name which is part of

>       audit_list_string.  */

>    char fname[SECURE_NAME_LIMIT];

> @@ -209,14 +221,66 @@ audit_list_iter_init (struct audit_list_iter *iter)

>  {

>    iter->audit_list_tail = audit_list_string;

>    iter->previous = NULL;

> +  iter->state = audit_iter_list_in_string;

> +}

> +

> +/* Look up the INDEX of a dynamic tag in MAIN_MAP and store it in

> +   ITER->audit_list_tail if it exists.  */

> +static void

> +audit_list_iter_fetch_index (struct audit_list_iter *iter,

> +			     struct link_map *main_map, size_t index)

> +{

> +  if (main_map->l_info[index] != NULL)

> +    iter->audit_list_tail

> +      = ((const char *) D_PTR (main_map, l_info[DT_STRTAB])

> +	 +  main_map->l_info[index]->d_un.d_val);

> +}

> +

> +/* Advance ITER->state and put the next string into

> +   ITER->audit_list_tail.  */

> +static void

> +audit_list_iter_fetch_string (struct audit_list_iter *iter,

> +			      struct link_map *main_map)

> +{

> +  /* Advance the state.  */

> +  ++iter->state;

> +  assert (iter->state <= audit_iter_list_in_list);

> +

> +  /* Default to a missing string.  */

> +  iter->audit_list_tail = NULL;

> +

> +  /* Determine the next string.  */

> +  switch ((enum audit_iter_list_state) iter->state)

> +    {

> +    case audit_iter_list_in_string:

> +      /* Not possible because state was advanced.  */

> +      __builtin_unreachable ();

> +    case audit_iter_list_in_dt_audit:

> +      audit_list_iter_fetch_index (iter, main_map, ADDRIDX (DT_AUDIT));

> +      break;

> +    case audit_iter_list_in_dt_depaudit:

> +      audit_list_iter_fetch_index (iter, main_map, ADDRIDX (DT_DEPAUDIT));

> +      break;

> +    case audit_iter_list_in_list:

> +      /* No DT_* tag left to process.  */

> +      return;

> +    }

>  }

>  

>  /* Iterate through both audit_list_string and audit_list.  */

>  static const char *

> -audit_list_iter_next (struct audit_list_iter *iter)

> +audit_list_iter_next (struct audit_list_iter *iter, struct link_map *main_map)

>  {

> -  if (iter->audit_list_tail != NULL)

> +  while (iter->state != audit_iter_list_in_list)

>      {

> +      /* If the current string is missing or exhausted, fetch the next

> +	 string.  This advances iter->state.  */

> +      if (iter->audit_list_tail == NULL || *iter->audit_list_tail == '\0')

> +	{

> +	  audit_list_iter_fetch_string (iter, main_map);

> +	  continue;

> +	}

> +

>        /* First iterate over audit_list_string.  */

>        while (*iter->audit_list_tail != '\0')

>  	{

> @@ -241,7 +305,9 @@ audit_list_iter_next (struct audit_list_iter *iter)

>  	    return iter->fname;

>  	  /* Otherwise, wrap around and try the next name.  */

>  	}

> -      /* Fall through to the procesing of audit_list.  */

> +

> +      /* Fetch the next audit string, or fall through to linked list

> +	 processing below.  */

>      }

>  

>    if (iter->previous == NULL)

> @@ -1070,7 +1136,7 @@ load_audit_modules (struct link_map *main_map)

>  

>    while (true)

>      {

> -      const char *name = audit_list_iter_next (&al_iter);

> +      const char *name = audit_list_iter_next (&al_iter, main_map);

>        if (name == NULL)

>  	break;

>        load_audit_module (name, &last_audit);

> @@ -1620,7 +1686,9 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);

>    /* If we have auditing DSOs to load, do it now.  */

>    bool need_security_init = true;

>    if (__glibc_unlikely (audit_list != NULL)

> -      || __glibc_unlikely (audit_list_string != NULL))

> +      || __glibc_unlikely (audit_list_string != NULL)

> +      || __glibc_unlikely (main_map->l_info[ADDRIDX (DT_AUDIT)] != NULL)

> +      || __glibc_unlikely (main_map->l_info[ADDRIDX (DT_DEPAUDIT)] != NULL))


OK.

>      {

>        /* Since we start using the auditing DSOs right away we need to

>  	 initialize the data structures now.  */

> diff --git a/elf/tst-audit14.c b/elf/tst-audit14.c

> new file mode 100644

> index 0000000000..73e6634e35

> --- /dev/null

> +++ b/elf/tst-audit14.c

> @@ -0,0 +1,46 @@

> +/* Main program with DT_AUDIT.  One audit module.

> +   Copyright (C) 2020 Free Software Foundation, Inc.

> +   This file is part of the GNU C Library.

> +

> +   The GNU C Library is free software; you can redistribute it and/or

> +   modify it under the terms of the GNU Lesser General Public

> +   License as published by the Free Software Foundation; either

> +   version 2.1 of the License, or (at your option) any later version.

> +

> +   The GNU C Library is distributed in the hope that it will be useful,

> +   but WITHOUT ANY WARRANTY; without even the implied warranty of

> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

> +   Lesser General Public License for more details.

> +

> +   You should have received a copy of the GNU Lesser General Public

> +   License along with the GNU C Library; if not, see

> +   <http://www.gnu.org/licenses/>.  */

> +

> +#include <stdlib.h>

> +#include <string.h>

> +#include <support/check.h>

> +#include <support/xstdio.h>

> +

> +static int

> +do_test (void)

> +{

> +  /* Verify what the audit module has written.  This test assumes that

> +     standard output has been redirected to a regular file.  */

> +  FILE *fp = xfopen ("/dev/stdout", "r");

> +

> +  char *buffer = NULL;

> +  size_t buffer_length = 0;

> +  size_t line_length = xgetline (&buffer, &buffer_length, fp);

> +  const char *message = "info: tst-auditlogmod-1.so loaded\n";


OK.

> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);

> +

> +  /* No more audit module output.  */

> +  line_length = xgetline (&buffer, &buffer_length, fp);

> +  TEST_COMPARE_BLOB ("", 0, buffer, line_length);

> +

> +  free (buffer);

> +  xfclose (fp);

> +  return 0;

> +}

> +

> +#include <support/test-driver.c>

> diff --git a/elf/tst-audit15.c b/elf/tst-audit15.c

> new file mode 100644

> index 0000000000..3d6a31c242

> --- /dev/null

> +++ b/elf/tst-audit15.c

> @@ -0,0 +1,50 @@

> +/* Main program with DT_AUDIT and DT_DEPAUDIT.  Two audit modules.

> +   Copyright (C) 2020 Free Software Foundation, Inc.

> +   This file is part of the GNU C Library.

> +

> +   The GNU C Library is free software; you can redistribute it and/or

> +   modify it under the terms of the GNU Lesser General Public

> +   License as published by the Free Software Foundation; either

> +   version 2.1 of the License, or (at your option) any later version.

> +

> +   The GNU C Library is distributed in the hope that it will be useful,

> +   but WITHOUT ANY WARRANTY; without even the implied warranty of

> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

> +   Lesser General Public License for more details.

> +

> +   You should have received a copy of the GNU Lesser General Public

> +   License along with the GNU C Library; if not, see

> +   <http://www.gnu.org/licenses/>.  */

> +

> +#include <stdlib.h>

> +#include <string.h>

> +#include <support/check.h>

> +#include <support/xstdio.h>

> +

> +static int

> +do_test (void)

> +{

> +  /* Verify what the audit modules have written.  This test assumes

> +     that standard output has been redirected to a regular file.  */

> +  FILE *fp = xfopen ("/dev/stdout", "r");

> +

> +  char *buffer = NULL;

> +  size_t buffer_length = 0;

> +  size_t line_length = xgetline (&buffer, &buffer_length, fp);

> +  const char *message = "info: tst-auditlogmod-1.so loaded\n";

> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);

> +

> +  line_length = xgetline (&buffer, &buffer_length, fp);

> +  message = "info: tst-auditlogmod-2.so loaded\n";

> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);

> +

> +  /* No more audit module output.  */

> +  line_length = xgetline (&buffer, &buffer_length, fp);

> +  TEST_COMPARE_BLOB ("", 0, buffer, line_length);

> +

> +  free (buffer);

> +  xfclose (fp);

> +  return 0;

> +}

> +

> +#include <support/test-driver.c>

> diff --git a/elf/tst-audit16.c b/elf/tst-audit16.c

> new file mode 100644

> index 0000000000..1a7d6eee5e

> --- /dev/null

> +++ b/elf/tst-audit16.c

> @@ -0,0 +1,54 @@

> +/* Main program with DT_AUDIT and DT_DEPAUDIT.  Three audit modules.

> +   Copyright (C) 2020 Free Software Foundation, Inc.

> +   This file is part of the GNU C Library.

> +

> +   The GNU C Library is free software; you can redistribute it and/or

> +   modify it under the terms of the GNU Lesser General Public

> +   License as published by the Free Software Foundation; either

> +   version 2.1 of the License, or (at your option) any later version.

> +

> +   The GNU C Library is distributed in the hope that it will be useful,

> +   but WITHOUT ANY WARRANTY; without even the implied warranty of

> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

> +   Lesser General Public License for more details.

> +

> +   You should have received a copy of the GNU Lesser General Public

> +   License along with the GNU C Library; if not, see

> +   <http://www.gnu.org/licenses/>.  */

> +

> +#include <stdlib.h>

> +#include <string.h>

> +#include <support/check.h>

> +#include <support/xstdio.h>

> +

> +static int

> +do_test (void)

> +{

> +  /* Verify what the audit modules have written.  This test assumes

> +     that standard output has been redirected to a regular file.  */

> +  FILE *fp = xfopen ("/dev/stdout", "r");

> +

> +  char *buffer = NULL;

> +  size_t buffer_length = 0;

> +  size_t line_length = xgetline (&buffer, &buffer_length, fp);

> +  const char *message = "info: tst-auditlogmod-1.so loaded\n";

> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);

> +

> +  line_length = xgetline (&buffer, &buffer_length, fp);

> +  message = "info: tst-auditlogmod-2.so loaded\n";

> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);

> +

> +  line_length = xgetline (&buffer, &buffer_length, fp);

> +  message = "info: tst-auditlogmod-3.so loaded\n";

> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);

> +

> +  /* No more audit module output.  */

> +  line_length = xgetline (&buffer, &buffer_length, fp);

> +  TEST_COMPARE_BLOB ("", 0, buffer, line_length);

> +

> +  free (buffer);

> +  xfclose (fp);

> +  return 0;

> +}

> +

> +#include <support/test-driver.c>

> diff --git a/elf/tst-auditlogmod-1.c b/elf/tst-auditlogmod-1.c

> new file mode 100644

> index 0000000000..e6b8cd9094

> --- /dev/null

> +++ b/elf/tst-auditlogmod-1.c

> @@ -0,0 +1,27 @@

> +/* Audit module which logs that it was loaded.  Variant 1.

> +   Copyright (C) 2020 Free Software Foundation, Inc.

> +   This file is part of the GNU C Library.

> +

> +   The GNU C Library is free software; you can redistribute it and/or

> +   modify it under the terms of the GNU Lesser General Public

> +   License as published by the Free Software Foundation; either

> +   version 2.1 of the License, or (at your option) any later version.

> +

> +   The GNU C Library is distributed in the hope that it will be useful,

> +   but WITHOUT ANY WARRANTY; without even the implied warranty of

> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

> +   Lesser General Public License for more details.

> +

> +   You should have received a copy of the GNU Lesser General Public

> +   License along with the GNU C Library; if not, see

> +   <http://www.gnu.org/licenses/>.  */

> +

> +#include <link.h>

> +#include <support/support.h>

> +

> +unsigned int

> +la_version (unsigned int v)

> +{

> +  write_message ("info: tst-auditlogmod-1.so loaded\n");

> +  return LAV_CURRENT;

> +}


OK.

> diff --git a/elf/tst-auditlogmod-2.c b/elf/tst-auditlogmod-2.c

> new file mode 100644

> index 0000000000..9e7f0acabc

> --- /dev/null

> +++ b/elf/tst-auditlogmod-2.c

> @@ -0,0 +1,27 @@

> +/* Audit module which logs that it was loaded.  Variant 2.

> +   Copyright (C) 2020 Free Software Foundation, Inc.

> +   This file is part of the GNU C Library.

> +

> +   The GNU C Library is free software; you can redistribute it and/or

> +   modify it under the terms of the GNU Lesser General Public

> +   License as published by the Free Software Foundation; either

> +   version 2.1 of the License, or (at your option) any later version.

> +

> +   The GNU C Library is distributed in the hope that it will be useful,

> +   but WITHOUT ANY WARRANTY; without even the implied warranty of

> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

> +   Lesser General Public License for more details.

> +

> +   You should have received a copy of the GNU Lesser General Public

> +   License along with the GNU C Library; if not, see

> +   <http://www.gnu.org/licenses/>.  */

> +

> +#include <link.h>

> +#include <support/support.h>

> +

> +unsigned int

> +la_version (unsigned int v)

> +{

> +  write_message ("info: tst-auditlogmod-2.so loaded\n");

> +  return LAV_CURRENT;

> +}


OK.

> diff --git a/elf/tst-auditlogmod-3.c b/elf/tst-auditlogmod-3.c

> new file mode 100644

> index 0000000000..c4c1a58145

> --- /dev/null

> +++ b/elf/tst-auditlogmod-3.c

> @@ -0,0 +1,27 @@

> +/* Audit module which logs that it was loaded.  Variant 3.

> +   Copyright (C) 2020 Free Software Foundation, Inc.

> +   This file is part of the GNU C Library.

> +

> +   The GNU C Library is free software; you can redistribute it and/or

> +   modify it under the terms of the GNU Lesser General Public

> +   License as published by the Free Software Foundation; either

> +   version 2.1 of the License, or (at your option) any later version.

> +

> +   The GNU C Library is distributed in the hope that it will be useful,

> +   but WITHOUT ANY WARRANTY; without even the implied warranty of

> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

> +   Lesser General Public License for more details.

> +

> +   You should have received a copy of the GNU Lesser General Public

> +   License along with the GNU C Library; if not, see

> +   <http://www.gnu.org/licenses/>.  */

> +

> +#include <link.h>

> +#include <support/support.h>

> +

> +unsigned int

> +la_version (unsigned int v)

> +{

> +  write_message ("info: tst-auditlogmod-3.so loaded\n");

> +  return LAV_CURRENT;

> +}


OK.

> diff --git a/support/Makefile b/support/Makefile

> index a0304e6def..0c1e622286 100644

> --- a/support/Makefile

> +++ b/support/Makefile

> @@ -95,6 +95,7 @@ libsupport-routines = \

>    xfopen \

>    xfork \

>    xftruncate \

> +  xgetline \

>    xgetsockname \

>    xlisten \

>    xlseek \

> diff --git a/support/xgetline.c b/support/xgetline.c

> new file mode 100644

> index 0000000000..50326a44cd

> --- /dev/null

> +++ b/support/xgetline.c

> @@ -0,0 +1,39 @@

> +/* getline with error checking.

> +   Copyright (C) 2020 Free Software Foundation, Inc.

> +   This file is part of the GNU C Library.

> +

> +   The GNU C Library is free software; you can redistribute it and/or

> +   modify it under the terms of the GNU Lesser General Public

> +   License as published by the Free Software Foundation; either

> +   version 2.1 of the License, or (at your option) any later version.

> +

> +   The GNU C Library is distributed in the hope that it will be useful,

> +   but WITHOUT ANY WARRANTY; without even the implied warranty of

> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

> +   Lesser General Public License for more details.

> +

> +   You should have received a copy of the GNU Lesser General Public

> +   License along with the GNU C Library; if not, see

> +   <http://www.gnu.org/licenses/>.  */

> +

> +#include <support/check.h>

> +#include <support/xstdio.h>

> +

> +size_t

> +xgetline (char **buffer, size_t *length,  FILE *fp)

> +{

> +  TEST_VERIFY (!ferror (fp));

> +  ssize_t ret = getline (buffer, length, fp);

> +  if (ferror (fp))

> +    {

> +      TEST_VERIFY (ret < 0);

> +      FAIL_EXIT1 ("getline: %m");

> +    }

> +  if (feof (fp))

> +    {

> +      TEST_VERIFY (ret <= 0);

> +      return 0;

> +    }

> +  TEST_VERIFY (ret > 0);

> +  return ret;

> +}


OK.

> diff --git a/support/xstdio.h b/support/xstdio.h

> index b62267a2a2..de32a8fe1d 100644

> --- a/support/xstdio.h

> +++ b/support/xstdio.h

> @@ -19,6 +19,7 @@

>  #ifndef SUPPORT_XSTDIO_H

>  #define SUPPORT_XSTDIO_H

>  

> +#include <stddef.h>

>  #include <stdio.h>

>  #include <sys/cdefs.h>

>  

> @@ -27,6 +28,11 @@ __BEGIN_DECLS

>  FILE *xfopen (const char *path, const char *mode);

>  void xfclose (FILE *);

>  

> +/* Read a line from FP, using getline.  *BUFFER must be NULL, or a

> +   heap-allocated pointer of *LENGTH bytes.  Return the number of bytes

> +   in the line if a line was read, or 0 on EOF.  */

> +size_t xgetline (char **buffer, size_t *length,  FILE *fp);


OK.

> +

>  __END_DECLS

>  

>  #endif /* SUPPORT_XSTDIO_H */

> 



-- 
Cheers,
Carlos.
Florian Weimer via Libc-alpha April 1, 2020, 9:33 p.m. | #2
On 17/02/2020 13:02, Florian Weimer wrote:
> diff --git a/elf/rtld.c b/elf/rtld.c

> index 51dfaf966a..167da48def 100644

> --- a/elf/rtld.c

> +++ b/elf/rtld.c

> @@ -188,6 +188,15 @@ static struct audit_list

>    struct audit_list *next;

>  } *audit_list;

>  

> +/* State flag for hte struct audit_list_iter iterator.  */

> +enum audit_iter_list_state

> +  {

> +    audit_iter_list_in_string,

> +    audit_iter_list_in_dt_audit,

> +    audit_iter_list_in_dt_depaudit,

> +    audit_iter_list_in_list,

> +  };

> +

>  /* Iterator for audit_list_string followed by audit_list.  */

>  struct audit_list_iter

>  {

> @@ -198,6 +207,9 @@ struct audit_list_iter

>       the first element.  */

>    struct audit_list *previous;

>  

> +  /* One of the enum audit_iter_list_state values.  */

> +  unsigned char state;


Why not use enum audit_iter_list_state as the type?

Rest looks ok, thanks.
Florian Weimer via Libc-alpha April 2, 2020, 8:46 a.m. | #3
* Adhemerval Zanella via Libc-alpha:

> On 17/02/2020 13:02, Florian Weimer wrote:

>> diff --git a/elf/rtld.c b/elf/rtld.c

>> index 51dfaf966a..167da48def 100644

>> --- a/elf/rtld.c

>> +++ b/elf/rtld.c

>> @@ -188,6 +188,15 @@ static struct audit_list

>>    struct audit_list *next;

>>  } *audit_list;

>>  

>> +/* State flag for hte struct audit_list_iter iterator.  */

>> +enum audit_iter_list_state

>> +  {

>> +    audit_iter_list_in_string,

>> +    audit_iter_list_in_dt_audit,

>> +    audit_iter_list_in_dt_depaudit,

>> +    audit_iter_list_in_list,

>> +  };

>> +

>>  /* Iterator for audit_list_string followed by audit_list.  */

>>  struct audit_list_iter

>>  {

>> @@ -198,6 +207,9 @@ struct audit_list_iter

>>       the first element.  */

>>    struct audit_list *previous;

>>  

>> +  /* One of the enum audit_iter_list_state values.  */

>> +  unsigned char state;

>

> Why not use enum audit_iter_list_state as the type?


It avoids increasing the size of struct audit_list_iter.

Thanks,
Florian
Florian Weimer via Libc-alpha April 2, 2020, 11:34 a.m. | #4
On 02/04/2020 05:46, Florian Weimer wrote:
> * Adhemerval Zanella via Libc-alpha:

> 

>> On 17/02/2020 13:02, Florian Weimer wrote:

>>> diff --git a/elf/rtld.c b/elf/rtld.c

>>> index 51dfaf966a..167da48def 100644

>>> --- a/elf/rtld.c

>>> +++ b/elf/rtld.c

>>> @@ -188,6 +188,15 @@ static struct audit_list

>>>    struct audit_list *next;

>>>  } *audit_list;

>>>  

>>> +/* State flag for hte struct audit_list_iter iterator.  */

>>> +enum audit_iter_list_state

>>> +  {

>>> +    audit_iter_list_in_string,

>>> +    audit_iter_list_in_dt_audit,

>>> +    audit_iter_list_in_dt_depaudit,

>>> +    audit_iter_list_in_list,

>>> +  };

>>> +

>>>  /* Iterator for audit_list_string followed by audit_list.  */

>>>  struct audit_list_iter

>>>  {

>>> @@ -198,6 +207,9 @@ struct audit_list_iter

>>>       the first element.  */

>>>    struct audit_list *previous;

>>>  

>>> +  /* One of the enum audit_iter_list_state values.  */

>>> +  unsigned char state;

>>

>> Why not use enum audit_iter_list_state as the type?

> 

> It avoids increasing the size of struct audit_list_iter.


But do we care for this specific usage?
Florian Weimer via Libc-alpha April 3, 2020, 11:39 a.m. | #5
* Adhemerval Zanella:

> On 02/04/2020 05:46, Florian Weimer wrote:

>> * Adhemerval Zanella via Libc-alpha:

>> 

>>> On 17/02/2020 13:02, Florian Weimer wrote:

>>>> diff --git a/elf/rtld.c b/elf/rtld.c

>>>> index 51dfaf966a..167da48def 100644

>>>> --- a/elf/rtld.c

>>>> +++ b/elf/rtld.c

>>>> @@ -188,6 +188,15 @@ static struct audit_list

>>>>    struct audit_list *next;

>>>>  } *audit_list;

>>>>  

>>>> +/* State flag for hte struct audit_list_iter iterator.  */

>>>> +enum audit_iter_list_state

>>>> +  {

>>>> +    audit_iter_list_in_string,

>>>> +    audit_iter_list_in_dt_audit,

>>>> +    audit_iter_list_in_dt_depaudit,

>>>> +    audit_iter_list_in_list,

>>>> +  };

>>>> +

>>>>  /* Iterator for audit_list_string followed by audit_list.  */

>>>>  struct audit_list_iter

>>>>  {

>>>> @@ -198,6 +207,9 @@ struct audit_list_iter

>>>>       the first element.  */

>>>>    struct audit_list *previous;

>>>>  

>>>> +  /* One of the enum audit_iter_list_state values.  */

>>>> +  unsigned char state;

>>>

>>> Why not use enum audit_iter_list_state as the type?

>> 

>> It avoids increasing the size of struct audit_list_iter.

>

> But do we care for this specific usage? 


No, not really.

I looked at this again from a larger view and will use a simple
stack-allocated array for all string lists.  It turns out that all list
strings use ':' as a separator, so there is no reason to handle
individual strings differently.

Thanks,
Florian

Patch

diff --git a/NEWS b/NEWS
index 77631ca707..3d75d6cfc6 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@  Major new features:
 
   * New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)
 
+* The GNU C Library now loads audit modules listed in the DT_AUDIT and
+  DT_DEPAUDIT dynamic section entries of the main executable.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
   [Add deprecations, removals and changes affecting compatibility here]
diff --git a/elf/Makefile b/elf/Makefile
index a137143db7..12c505f3b7 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -202,7 +202,8 @@  tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-sonamemove-link tst-sonamemove-dlopen tst-dlopen-tlsmodid \
 	 tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \
 	 tst-dlopenfail-2 \
-	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen
+	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
+	 tst-audit14 tst-audit15 tst-audit16
 #	 reldep9
 tests-internal += loadtest unload unload2 circleload1 \
 	 neededtest neededtest2 neededtest3 neededtest4 \
@@ -314,7 +315,8 @@  modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		tst-initlazyfailmod tst-finilazyfailmod \
 		tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \
 		tst-dlopenfailmod3 tst-ldconfig-ld-mod \
-		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee
+		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee \
+		tst-auditlogmod-1 tst-auditlogmod-2 tst-auditlogmod-3
 # Most modules build with _ISOMAC defined, but those filtered out
 # depend on internal headers.
 modules-names-tests = $(filter-out ifuncmod% tst-libc_dlvsym-dso tst-tlsmod%,\
@@ -1491,6 +1493,22 @@  $(objpfx)tst-auditmany.out: $(objpfx)tst-auditmanymod1.so \
 tst-auditmany-ENV = \
   LD_AUDIT=tst-auditmanymod1.so:tst-auditmanymod2.so:tst-auditmanymod3.so:tst-auditmanymod4.so:tst-auditmanymod5.so:tst-auditmanymod6.so:tst-auditmanymod7.so:tst-auditmanymod8.so:tst-auditmanymod9.so
 
+LDFLAGS-tst-audit14 = -Wl,--audit=tst-auditlogmod-1.so
+$(objpfx)tst-auditlogmod-1.so: $(libsupport)
+$(objpfx)tst-audit14.out: $(objpfx)tst-auditlogmod-1.so
+LDFLAGS-tst-audit15 = \
+  -Wl,--audit=tst-auditlogmod-1.so,--depaudit=tst-auditlogmod-2.so
+$(objpfx)tst-auditlogmod-2.so: $(libsupport)
+$(objpfx)tst-audit15.out: \
+  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so
+LDFLAGS-tst-audit16 = \
+  -Wl,--audit=tst-auditlogmod-1.so:tst-auditlogmod-2.so \
+  -Wl,--depaudit=tst-auditlogmod-3.so
+$(objpfx)tst-auditlogmod-3.so: $(libsupport)
+$(objpfx)tst-audit16.out: \
+  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so \
+  $(objpfx)tst-auditlogmod-3.so
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \
diff --git a/elf/rtld.c b/elf/rtld.c
index 51dfaf966a..167da48def 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -188,6 +188,15 @@  static struct audit_list
   struct audit_list *next;
 } *audit_list;
 
+/* State flag for hte struct audit_list_iter iterator.  */
+enum audit_iter_list_state
+  {
+    audit_iter_list_in_string,
+    audit_iter_list_in_dt_audit,
+    audit_iter_list_in_dt_depaudit,
+    audit_iter_list_in_list,
+  };
+
 /* Iterator for audit_list_string followed by audit_list.  */
 struct audit_list_iter
 {
@@ -198,6 +207,9 @@  struct audit_list_iter
      the first element.  */
   struct audit_list *previous;
 
+  /* One of the enum audit_iter_list_state values.  */
+  unsigned char state;
+
   /* Scratch buffer for returning a name which is part of
      audit_list_string.  */
   char fname[SECURE_NAME_LIMIT];
@@ -209,14 +221,66 @@  audit_list_iter_init (struct audit_list_iter *iter)
 {
   iter->audit_list_tail = audit_list_string;
   iter->previous = NULL;
+  iter->state = audit_iter_list_in_string;
+}
+
+/* Look up the INDEX of a dynamic tag in MAIN_MAP and store it in
+   ITER->audit_list_tail if it exists.  */
+static void
+audit_list_iter_fetch_index (struct audit_list_iter *iter,
+			     struct link_map *main_map, size_t index)
+{
+  if (main_map->l_info[index] != NULL)
+    iter->audit_list_tail
+      = ((const char *) D_PTR (main_map, l_info[DT_STRTAB])
+	 +  main_map->l_info[index]->d_un.d_val);
+}
+
+/* Advance ITER->state and put the next string into
+   ITER->audit_list_tail.  */
+static void
+audit_list_iter_fetch_string (struct audit_list_iter *iter,
+			      struct link_map *main_map)
+{
+  /* Advance the state.  */
+  ++iter->state;
+  assert (iter->state <= audit_iter_list_in_list);
+
+  /* Default to a missing string.  */
+  iter->audit_list_tail = NULL;
+
+  /* Determine the next string.  */
+  switch ((enum audit_iter_list_state) iter->state)
+    {
+    case audit_iter_list_in_string:
+      /* Not possible because state was advanced.  */
+      __builtin_unreachable ();
+    case audit_iter_list_in_dt_audit:
+      audit_list_iter_fetch_index (iter, main_map, ADDRIDX (DT_AUDIT));
+      break;
+    case audit_iter_list_in_dt_depaudit:
+      audit_list_iter_fetch_index (iter, main_map, ADDRIDX (DT_DEPAUDIT));
+      break;
+    case audit_iter_list_in_list:
+      /* No DT_* tag left to process.  */
+      return;
+    }
 }
 
 /* Iterate through both audit_list_string and audit_list.  */
 static const char *
-audit_list_iter_next (struct audit_list_iter *iter)
+audit_list_iter_next (struct audit_list_iter *iter, struct link_map *main_map)
 {
-  if (iter->audit_list_tail != NULL)
+  while (iter->state != audit_iter_list_in_list)
     {
+      /* If the current string is missing or exhausted, fetch the next
+	 string.  This advances iter->state.  */
+      if (iter->audit_list_tail == NULL || *iter->audit_list_tail == '\0')
+	{
+	  audit_list_iter_fetch_string (iter, main_map);
+	  continue;
+	}
+
       /* First iterate over audit_list_string.  */
       while (*iter->audit_list_tail != '\0')
 	{
@@ -241,7 +305,9 @@  audit_list_iter_next (struct audit_list_iter *iter)
 	    return iter->fname;
 	  /* Otherwise, wrap around and try the next name.  */
 	}
-      /* Fall through to the procesing of audit_list.  */
+
+      /* Fetch the next audit string, or fall through to linked list
+	 processing below.  */
     }
 
   if (iter->previous == NULL)
@@ -1070,7 +1136,7 @@  load_audit_modules (struct link_map *main_map)
 
   while (true)
     {
-      const char *name = audit_list_iter_next (&al_iter);
+      const char *name = audit_list_iter_next (&al_iter, main_map);
       if (name == NULL)
 	break;
       load_audit_module (name, &last_audit);
@@ -1620,7 +1686,9 @@  ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);
   /* If we have auditing DSOs to load, do it now.  */
   bool need_security_init = true;
   if (__glibc_unlikely (audit_list != NULL)
-      || __glibc_unlikely (audit_list_string != NULL))
+      || __glibc_unlikely (audit_list_string != NULL)
+      || __glibc_unlikely (main_map->l_info[ADDRIDX (DT_AUDIT)] != NULL)
+      || __glibc_unlikely (main_map->l_info[ADDRIDX (DT_DEPAUDIT)] != NULL))
     {
       /* Since we start using the auditing DSOs right away we need to
 	 initialize the data structures now.  */
diff --git a/elf/tst-audit14.c b/elf/tst-audit14.c
new file mode 100644
index 0000000000..73e6634e35
--- /dev/null
+++ b/elf/tst-audit14.c
@@ -0,0 +1,46 @@ 
+/* Main program with DT_AUDIT.  One audit module.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit module has written.  This test assumes that
+     standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-audit15.c b/elf/tst-audit15.c
new file mode 100644
index 0000000000..3d6a31c242
--- /dev/null
+++ b/elf/tst-audit15.c
@@ -0,0 +1,50 @@ 
+/* Main program with DT_AUDIT and DT_DEPAUDIT.  Two audit modules.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit modules have written.  This test assumes
+     that standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-2.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-audit16.c b/elf/tst-audit16.c
new file mode 100644
index 0000000000..1a7d6eee5e
--- /dev/null
+++ b/elf/tst-audit16.c
@@ -0,0 +1,54 @@ 
+/* Main program with DT_AUDIT and DT_DEPAUDIT.  Three audit modules.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit modules have written.  This test assumes
+     that standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-2.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-3.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-auditlogmod-1.c b/elf/tst-auditlogmod-1.c
new file mode 100644
index 0000000000..e6b8cd9094
--- /dev/null
+++ b/elf/tst-auditlogmod-1.c
@@ -0,0 +1,27 @@ 
+/* Audit module which logs that it was loaded.  Variant 1.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-1.so loaded\n");
+  return LAV_CURRENT;
+}
diff --git a/elf/tst-auditlogmod-2.c b/elf/tst-auditlogmod-2.c
new file mode 100644
index 0000000000..9e7f0acabc
--- /dev/null
+++ b/elf/tst-auditlogmod-2.c
@@ -0,0 +1,27 @@ 
+/* Audit module which logs that it was loaded.  Variant 2.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-2.so loaded\n");
+  return LAV_CURRENT;
+}
diff --git a/elf/tst-auditlogmod-3.c b/elf/tst-auditlogmod-3.c
new file mode 100644
index 0000000000..c4c1a58145
--- /dev/null
+++ b/elf/tst-auditlogmod-3.c
@@ -0,0 +1,27 @@ 
+/* Audit module which logs that it was loaded.  Variant 3.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-3.so loaded\n");
+  return LAV_CURRENT;
+}
diff --git a/support/Makefile b/support/Makefile
index a0304e6def..0c1e622286 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -95,6 +95,7 @@  libsupport-routines = \
   xfopen \
   xfork \
   xftruncate \
+  xgetline \
   xgetsockname \
   xlisten \
   xlseek \
diff --git a/support/xgetline.c b/support/xgetline.c
new file mode 100644
index 0000000000..50326a44cd
--- /dev/null
+++ b/support/xgetline.c
@@ -0,0 +1,39 @@ 
+/* getline with error checking.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <support/check.h>
+#include <support/xstdio.h>
+
+size_t
+xgetline (char **buffer, size_t *length,  FILE *fp)
+{
+  TEST_VERIFY (!ferror (fp));
+  ssize_t ret = getline (buffer, length, fp);
+  if (ferror (fp))
+    {
+      TEST_VERIFY (ret < 0);
+      FAIL_EXIT1 ("getline: %m");
+    }
+  if (feof (fp))
+    {
+      TEST_VERIFY (ret <= 0);
+      return 0;
+    }
+  TEST_VERIFY (ret > 0);
+  return ret;
+}
diff --git a/support/xstdio.h b/support/xstdio.h
index b62267a2a2..de32a8fe1d 100644
--- a/support/xstdio.h
+++ b/support/xstdio.h
@@ -19,6 +19,7 @@ 
 #ifndef SUPPORT_XSTDIO_H
 #define SUPPORT_XSTDIO_H
 
+#include <stddef.h>
 #include <stdio.h>
 #include <sys/cdefs.h>
 
@@ -27,6 +28,11 @@  __BEGIN_DECLS
 FILE *xfopen (const char *path, const char *mode);
 void xfclose (FILE *);
 
+/* Read a line from FP, using getline.  *BUFFER must be NULL, or a
+   heap-allocated pointer of *LENGTH bytes.  Return the number of bytes
+   in the line if a line was read, or 0 on EOF.  */
+size_t xgetline (char **buffer, size_t *length,  FILE *fp);
+
 __END_DECLS
 
 #endif /* SUPPORT_XSTDIO_H */