[PATCH v2 0/2] Some ld.so updates

[PATCH v2 0/2] Some ld.so updates

[Adhemerval Zanella]

The patchset clarify the LD_PROFILE on secure-execution mode, and
add the recent glibc hardware capability that replaced the legacy one.

Adhemerval Zanella (2):
  ld.so.8: Clarify LD_PROFILE in secure-execution mode
  ld.so.8: Describe glibc Hardware capabilities

 man8/ld.so.8 | 54 ++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 48 insertions(+), 6 deletions(-)

-- 
2.34.1

[PATCH v2 1/2] ld.so.8: Clarify LD_PROFILE in secure-execution mode

[Adhemerval Zanella]

Different than specified, glibc 2.2.5 does not ignore LD_PROFILE in
secure-execution mode.  Instead, it uses the default LD_PROFILE_OUTPUT
(/var/profile) folder.

Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
---
 man8/ld.so.8 | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/man8/ld.so.8 b/man8/ld.so.8
index d4eb27a70..cf03cb85e 100644
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@@ -687,7 +687,7 @@ Profiling output is appended to the file whose name is:
 .IP
 Since glibc 2.2.5,
 .B LD_PROFILE
-is ignored in secure-execution mode.
+uses a different default path in secure-execution mode.
 .TP
 .BR LD_PROFILE_OUTPUT " (since glibc 2.1)"
 Directory where
@@ -701,10 +701,6 @@ then the default is
 is ignored in secure-execution mode; instead
 .I /var/profile
 is always used.
-(This detail is relevant only before glibc 2.2.5,
-since in later glibc versions,
-.B LD_PROFILE
-is also ignored in secure-execution mode.)
 .TP
 .BR LD_SHOW_AUXV " (since glibc 2.1)"
 If this environment variable is defined (with any value),
-- 
2.34.1

[PATCH v2 2/2] ld.so.8: Describe glibc Hardware capabilities

[Adhemerval Zanella]

It was added on glibc 2.33 as a way to improve path search, since
legacy hardware capabilities combination scheme do not scale
properly with new hardware support.  The legacy support was removed
on glibc 2.37, so it is the only scheme currently supported.

Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
---
 man8/ld.so.8 | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 47 insertions(+), 1 deletion(-)

diff --git a/man8/ld.so.8 b/man8/ld.so.8
index cf03cb85e..3025da861 100644
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@@ -208,6 +208,14 @@ The objects in
 .I list
 are delimited by colons.
 .TP
+.BI \-\-glibc-hwcaps-mask " list"
+only search built-in subdirectories if in
+.IR list .
+.TP
+.BI \-\-glibc-hwcaps-prepend " list"
+Search glibc-hwcaps subdirectories in
+.IR list .
+.TP
 .B \-\-inhibit\-cache
 Do not use
 .IR /etc/ld.so.cache .
@@ -808,7 +816,7 @@ as a temporary workaround to a library misconfiguration issue.)
 .I lib*.so*
 shared objects
 .SH NOTES
-.SS Hardware capabilities
+.SS Legacy Hardware capabilities (from glibc 2.5 to glibc 2.37)
 Some shared objects are compiled using hardware-specific instructions which do
 not exist on every CPU.
 Such objects should be installed in directories whose names define the
@@ -843,6 +851,44 @@ z900, z990, z9-109, z10, zarch
 .B x86 (32-bit only)
 acpi, apic, clflush, cmov, cx8, dts, fxsr, ht, i386, i486, i586, i686, mca, mmx,
 mtrr, pat, pbe, pge, pn, pse36, sep, ss, sse, sse2, tm
+.SS glibc Hardware capabilities (from glibc 2.33)
+The legacy hardware capabilities combinations has the drawback where each
+feature name incur in cascading extra paths added on the search path list,
+adding a lot of overhead on
+.B ld.so
+during library resolution.
+For instance, on x86 32-bit, if the hardware
+supports
+.B i686
+and
+.B sse2
+, the resulting search path will be
+.B
+i686/sse2:i686:sse2:. .
+A new capability
+.B newcap
+will set the search path to
+.B
+newcap/i686/sse2:newcap/i686:newcap/sse2:newcap:i686/sse2:i686:sse2: .
+
+glibc 2.33 added a new hardware capability scheme, where each ABI can define
+a set of paths based on expected hardware support.
+Each path is added depending of the hardware of the machine, and they are not
+combined together.
+They also have priority over the legacy hardware capabilities. The following
+paths are currently supported.
+.TP
+.B PowerPC (64-bit little-endian only)
+power9, power10
+.TP
+.B s390 (64-bit only)
+z13, z14, z15, z16
+.TP
+.B x86 (64-bit only)
+x86-64-v2, x86-64-v3, x86-64-v4
+.PP
+The glibc 2.37 removed support for the legacy hardware capabilities.
+.
 .SH SEE ALSO
 .BR ld (1),
 .BR ldd (1),
-- 
2.34.1

Re: [PATCH v2 1/2] ld.so.8: Clarify LD_PROFILE in secure-execution mode

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 1351 bytes --]

Hi Adhemerval,

On Thu, Oct 19, 2023 at 09:31:38AM -0300, Adhemerval Zanella wrote:
> Different than specified, glibc 2.2.5 does not ignore LD_PROFILE in
> secure-execution mode.  Instead, it uses the default LD_PROFILE_OUTPUT
> (/var/profile) folder.
> 
> Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

Patch applied.  Thanks,

Alex

> ---
>  man8/ld.so.8 | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/man8/ld.so.8 b/man8/ld.so.8
> index d4eb27a70..cf03cb85e 100644
> --- a/man8/ld.so.8
> +++ b/man8/ld.so.8
> @@ -687,7 +687,7 @@ Profiling output is appended to the file whose name is:
>  .IP
>  Since glibc 2.2.5,
>  .B LD_PROFILE
> -is ignored in secure-execution mode.
> +uses a different default path in secure-execution mode.
>  .TP
>  .BR LD_PROFILE_OUTPUT " (since glibc 2.1)"
>  Directory where
> @@ -701,10 +701,6 @@ then the default is
>  is ignored in secure-execution mode; instead
>  .I /var/profile
>  is always used.
> -(This detail is relevant only before glibc 2.2.5,
> -since in later glibc versions,
> -.B LD_PROFILE
> -is also ignored in secure-execution mode.)
>  .TP
>  .BR LD_SHOW_AUXV " (since glibc 2.1)"
>  If this environment variable is defined (with any value),
> -- 
> 2.34.1
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v2 2/2] ld.so.8: Describe glibc Hardware capabilities

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 3588 bytes --]

Hi Adhemerval,

On Thu, Oct 19, 2023 at 09:31:39AM -0300, Adhemerval Zanella wrote:
> It was added on glibc 2.33 as a way to improve path search, since
> legacy hardware capabilities combination scheme do not scale
> properly with new hardware support.  The legacy support was removed
> on glibc 2.37, so it is the only scheme currently supported.
> 
> Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
>  man8/ld.so.8 | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 47 insertions(+), 1 deletion(-)
> 
> diff --git a/man8/ld.so.8 b/man8/ld.so.8
> index cf03cb85e..3025da861 100644
> --- a/man8/ld.so.8
> +++ b/man8/ld.so.8
> @@ -208,6 +208,14 @@ The objects in
>  .I list
>  are delimited by colons.
>  .TP
> +.BI \-\-glibc-hwcaps-mask " list"
> +only search built-in subdirectories if in
> +.IR list .
> +.TP
> +.BI \-\-glibc-hwcaps-prepend " list"
> +Search glibc-hwcaps subdirectories in
> +.IR list .
> +.TP
>  .B \-\-inhibit\-cache
>  Do not use
>  .IR /etc/ld.so.cache .
> @@ -808,7 +816,7 @@ as a temporary workaround to a library misconfiguration issue.)
>  .I lib*.so*
>  shared objects
>  .SH NOTES
> -.SS Hardware capabilities
> +.SS Legacy Hardware capabilities (from glibc 2.5 to glibc 2.37)
>  Some shared objects are compiled using hardware-specific instructions which do
>  not exist on every CPU.
>  Such objects should be installed in directories whose names define the
> @@ -843,6 +851,44 @@ z900, z990, z9-109, z10, zarch
>  .B x86 (32-bit only)
>  acpi, apic, clflush, cmov, cx8, dts, fxsr, ht, i386, i486, i586, i686, mca, mmx,
>  mtrr, pat, pbe, pge, pn, pse36, sep, ss, sse, sse2, tm
> +.SS glibc Hardware capabilities (from glibc 2.33)
> +The legacy hardware capabilities combinations has the drawback where each
> +feature name incur in cascading extra paths added on the search path list,

Use semantic newlines:

The legacy hardware capabilities combinations has the drawback where
each feature name incur in
cascading extra paths added on the search path list

> +adding a lot of overhead on
> +.B ld.so
> +during library resolution.
> +For instance, on x86 32-bit, if the hardware
> +supports
> +.B i686
> +and
> +.B sse2

.BR sse2 ,

Otherwise, you'll see a space after the comma.  BR alternates bold and
roman for its arguments, and puts them together without spaces.

> +, the resulting search path will be
> +.B
> +i686/sse2:i686:sse2:. .

.BR i686/sse2:i686:sse2:. .

> +A new capability
> +.B newcap
> +will set the search path to
> +.B
> +newcap/i686/sse2:newcap/i686:newcap/sse2:newcap:i686/sse2:i686:sse2: .

.BR newcap/i686/sse2:newcap/i686:newcap/sse2:newcap:i686/sse2:i686:sse2: .

> +

.PP

> +glibc 2.33 added a new hardware capability scheme, where each ABI can define

s/, /,\n/

> +a set of paths based on expected hardware support.
> +Each path is added depending of the hardware of the machine, and they are not

s/, /,\n/

> +combined together.
> +They also have priority over the legacy hardware capabilities. The following

s/\. /\.\n/

Cheers,
Alex

> +paths are currently supported.
> +.TP
> +.B PowerPC (64-bit little-endian only)
> +power9, power10
> +.TP
> +.B s390 (64-bit only)
> +z13, z14, z15, z16
> +.TP
> +.B x86 (64-bit only)
> +x86-64-v2, x86-64-v3, x86-64-v4
> +.PP
> +The glibc 2.37 removed support for the legacy hardware capabilities.
> +.
>  .SH SEE ALSO
>  .BR ld (1),
>  .BR ldd (1),
> -- 
> 2.34.1
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v2 2/2] ld.so.8: Describe glibc Hardware capabilities

[Adhemerval Zanella Netto]

On 19/10/23 10:03, Alejandro Colomar wrote:
> Hi Adhemerval,
> 
> On Thu, Oct 19, 2023 at 09:31:39AM -0300, Adhemerval Zanella wrote:
>> It was added on glibc 2.33 as a way to improve path search, since
>> legacy hardware capabilities combination scheme do not scale
>> properly with new hardware support.  The legacy support was removed
>> on glibc 2.37, so it is the only scheme currently supported.
>>
>> Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
>> ---
>>  man8/ld.so.8 | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
>>  1 file changed, 47 insertions(+), 1 deletion(-)
>>
>> diff --git a/man8/ld.so.8 b/man8/ld.so.8
>> index cf03cb85e..3025da861 100644
>> --- a/man8/ld.so.8
>> +++ b/man8/ld.so.8
>> @@ -208,6 +208,14 @@ The objects in
>>  .I list
>>  are delimited by colons.
>>  .TP
>> +.BI \-\-glibc-hwcaps-mask " list"
>> +only search built-in subdirectories if in
>> +.IR list .
>> +.TP
>> +.BI \-\-glibc-hwcaps-prepend " list"
>> +Search glibc-hwcaps subdirectories in
>> +.IR list .
>> +.TP
>>  .B \-\-inhibit\-cache
>>  Do not use
>>  .IR /etc/ld.so.cache .
>> @@ -808,7 +816,7 @@ as a temporary workaround to a library misconfiguration issue.)
>>  .I lib*.so*
>>  shared objects
>>  .SH NOTES
>> -.SS Hardware capabilities
>> +.SS Legacy Hardware capabilities (from glibc 2.5 to glibc 2.37)
>>  Some shared objects are compiled using hardware-specific instructions which do
>>  not exist on every CPU.
>>  Such objects should be installed in directories whose names define the
>> @@ -843,6 +851,44 @@ z900, z990, z9-109, z10, zarch
>>  .B x86 (32-bit only)
>>  acpi, apic, clflush, cmov, cx8, dts, fxsr, ht, i386, i486, i586, i686, mca, mmx,
>>  mtrr, pat, pbe, pge, pn, pse36, sep, ss, sse, sse2, tm
>> +.SS glibc Hardware capabilities (from glibc 2.33)
>> +The legacy hardware capabilities combinations has the drawback where each
>> +feature name incur in cascading extra paths added on the search path list,
> 
> Use semantic newlines:
> 
> The legacy hardware capabilities combinations has the drawback where
> each feature name incur in
> cascading extra paths added on the search path list

Right, I am still getting hold on this scheme.  I will send a newer version 
based on your suggestions.

> 
>> +adding a lot of overhead on
>> +.B ld.so
>> +during library resolution.
>> +For instance, on x86 32-bit, if the hardware
>> +supports
>> +.B i686
>> +and
>> +.B sse2
> 
> .BR sse2 ,
> 
> Otherwise, you'll see a space after the comma.  BR alternates bold and
> roman for its arguments, and puts them together without spaces.
> 
>> +, the resulting search path will be
>> +.B
>> +i686/sse2:i686:sse2:. .
> 
> .BR i686/sse2:i686:sse2:. .
> 
>> +A new capability
>> +.B newcap
>> +will set the search path to
>> +.B
>> +newcap/i686/sse2:newcap/i686:newcap/sse2:newcap:i686/sse2:i686:sse2: .
> 
> .BR newcap/i686/sse2:newcap/i686:newcap/sse2:newcap:i686/sse2:i686:sse2: .
> 
>> +
> 
> .PP
> 
>> +glibc 2.33 added a new hardware capability scheme, where each ABI can define
> 
> s/, /,\n/
> 
>> +a set of paths based on expected hardware support.
>> +Each path is added depending of the hardware of the machine, and they are not
> 
> s/, /,\n/
> 
>> +combined together.
>> +They also have priority over the legacy hardware capabilities. The following
> 
> s/\. /\.\n/
> 
> Cheers,
> Alex
> 
>> +paths are currently supported.
>> +.TP
>> +.B PowerPC (64-bit little-endian only)
>> +power9, power10
>> +.TP
>> +.B s390 (64-bit only)
>> +z13, z14, z15, z16
>> +.TP
>> +.B x86 (64-bit only)
>> +x86-64-v2, x86-64-v3, x86-64-v4
>> +.PP
>> +The glibc 2.37 removed support for the legacy hardware capabilities.
>> +.
>>  .SH SEE ALSO
>>  .BR ld (1),
>>  .BR ldd (1),
>> -- 
>> 2.34.1
>>
>