2007/413: Add -zglobalaudit option to ld

Rod Evans Rod.Evans at sun.com
Mon Jul 16 15:46:39 PDT 2007 

I'm sponsoring the following case for myself.   This case qualifies for
Architectural self-review, but I wish to record the following
information.

------------------------------------------------------------------------

Presently, two general types of auditing are available.

  .  Global auditing is enabled using the environment variable LD_AUDIT.
     The audit libraries that are made available by this method are provided
     with information regarding all dynamic objects used by the process.

  .  Local auditing is enabled through dynamic entries recorded within an object
     at the time the object was built. The audit libraries that are made
     available by this method are provided with information in regards to those
     dynamic objects that are identified for auditing.


The Interprocess Optimization project is tying to instrument the objects of
a process so that all the objects can be audited.  Using an environment variable
to trigger the auditing is not possible, so they have instrumented every object
with the same auditing requirements.  Although this works, several bugs have
been discovered (see 6568745), but the technique creates a great deal of
overhead.

ld.so.1 looks at each object and discovers that it needs auditing.  ld.so.1
then determines that the auditor is already loaded (by the application). A
great deal of inspection and version verifications is being duplicated.

A simpler approach would be to record an auditor within the dynamic application
and have this auditor act as if specified by LD_AUDIT.  The -zglobalaudit flag
deposits a new .dynamic/DT_FLAGS_1 flag (sys/link.h)

#define DF_1_GLOBAUDIT  0x01000000     /* establish global auditing */

This flag tells ld.so.1 to load any local auditor, defined by an executable,
and promote the auditor to be global.

------------------------------------------------------------------------

The ld(1) man page will be updated to add:

       -z globalaudit

           This option supplements an audit library definition that
           has  been  recorded  with  the -P option. This option is
           only meaningful  when  building  a  dynamic  executable.
           Audit  libraries  that are defined within an object with
           the -P option typically allow for the  auditing  of  the
           immediate dependencies of the object. The -z globalaudit
           promotes the auditor to a global auditor, thus  allowing
           the auditing of all dependencies. An auditor established
           with the -P option and the  -z  globalaudit  option,  is
           equivalent  to  the  auditor  being established with the
           LD_AUDIT environment variable. See ld.so.1(1).

------------------------------------------------------------------------

Release Binding:                 Patch/Micro
ld -zglobalaudit option          Committed
DF_1_GLOBAUDIT sys/link.h flag   Committed


--
Rod.

More information about the opensolaris-arc mailing list