Re: [PATCH] libselinux: Do not define gettid() if glibc >= 2.30 is used

[Petr Lautrbach <plautrba@xxxxxxxxxx>]

Stephen Smalley <sds@xxxxxxxxxxxxx> writes:

> On 3/11/19 11:00 AM, Petr Lautrbach wrote:
> > Since version 2.30 glibc implements gettid() system call 
> > wrapper, see
> > https://sourceware.org/bugzilla/show_bug.cgi?id=6399
> >
> > Fixes:
> > cc -O2 -g -pipe -Wall -Werror=format-security 
> > -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions 
> > -fstack-protector-strong -grecord-gcc-switches 
> > -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 
> > -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 
> > -mtune=generic -fasynchronous-unwind-tables 
> > -fstack-clash-protection -fcf-protection -I../include 
> > -D_GNU_SOURCE  -DNO_ANDROID_BACKEND   -c -o procattr.o 
> > procattr.c
> > procattr.c:28:14: error: static declaration of ‘gettid’ follows 
> > non-static declaration
> >     28 | static pid_t gettid(void)
> >        |              ^~~~~~
> > In file included from /usr/include/unistd.h:1170,
> >                   from procattr.c:2:
> > /usr/include/bits/unistd_ext.h:34:16: note: previous 
> > declaration of ‘gettid’ was here
> >     34 | extern __pid_t gettid (void) __THROW;
> >        |                ^~~~~~
> >
> > Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx>
>
> I assume the glibc change will break a lot of software out there 
> that assumed
> that "never" meant "never" and rolled their own gettid() 
> wrapper.  Would have
> been nice if they had at least added some #define to indicate 
> that it is now
> provided for easy testing rather than needing to test minor 
> version number.
> Anyway, regardless,

I asked for an advice from glibc Fedora maintainer [1] as the 
current
version is Fedora Rawhide is still 2.29 but it already ships 
gettid
wrapped linked as gettid@@GLIBC_2.30. The response was that I 
should
rename libselinux gettid() to something else in order to prevent 
such
conflict. It would mean that libselinux won't depend on glibc
implementation. But I decided to test the minor version and use
the new glibc wrapper when it's possible.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1685594

> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
>
> > ---
> >   libselinux/src/procattr.c | 15 +++++++++++++--
> >   1 file changed, 13 insertions(+), 2 deletions(-)
> >
> > diff --git a/libselinux/src/procattr.c 
> > b/libselinux/src/procattr.c
> > index 48dd8aff..c6799ef2 100644
> > --- a/libselinux/src/procattr.c
> > +++ b/libselinux/src/procattr.c
> > @@ -22,8 +22,19 @@ static pthread_key_t destructor_key;
> >   static int destructor_key_initialized = 0;
> >   static __thread char destructor_initialized;
> >   -#ifndef __BIONIC__
> > -/* Bionic declares this in unistd.h and has a definition for 
> > it */
> > +/* Bionic and glibc >= 2.30 declare gettid() system call 
> > wrapper in unistd.h and
> > + * has a definition for it */
> > +#ifdef __BIONIC__
> > +  #define OVERRIDE_GETTID 0
> > +#elif !defined(__GLIBC_PREREQ)
> > +  #define OVERRIDE_GETTID 1
> > +#elif !__GLIBC_PREREQ(2,30)
> > +  #define OVERRIDE_GETTID 1
> > +#else
> > +  #define OVERRIDE_GETTID 0
> > +#endif
> > +
> > +#if OVERRIDE_GETTID
> >   static pid_t gettid(void)
> >   {
> >   	return syscall(__NR_gettid);