Fix symbol resolution issues

mwilck commented 2 years ago

Hi @cvaroqui, hi @bmarzins,

This set fixes #47. The problem analysis can be seen in #47, and in the description of 6e8aec6. In short, if we use duplicate symbols in different shared objects, we need to keep the versions of these symbols in sync, otherwise symbol lookup won't work as intended.

I've sent this via GitHub and not via dm-devel because it's really purely technical stuff that matters only little for the ML, and because people who upgrade multipath-tools because of CVE-2022-41973 and CVE-2022-41974 will be looking here.

The solution for the problem is 3-fold:

the symbols udev and libmpverbosity aren't duplicated any more, but defined only in libmultipath and libmpathutil, respectively.
This leaves get_multipath_config and put_multipath_config as duplicate symbols. For these, we use a new ABI "version" LIBMPATHCOMMON_1.0.0, with comments that make it clear that the version of these symbols must be changed synchronously in the two libraries.

Martin Wilck (5): libmpathutil: move devt2devname() to libmultipath libmpathutil: remove udev symbol libmultipath: remove duplicate export of libmp_verbosity libmpathutil: remove __attribute__((weak)) libmultipath/libmpathutil: use common ABI version for duplicate symbols

@xosevp for information.

mwilck commented 2 years ago

Compare to the example in https://github.com/opensvc/multipath-tools/issues/47#issuecomment-1290567961:

[LIBMPATHCOMMON_1.0.0]
 # LD_DEBUG=bindings ./sbin/multipath -t 2>&1 | egrep '`get_multipath_config'
     15486:     binding file /tmp/mp/lib64/libmpathutil.so.0 [0] to /tmp/mp/lib64/libmultipath.so.0 [0]: normal symbol `get_multipath_config' [LIBMPATHCOMMON_1.0.0]
     15486:     binding file /tmp/mp/lib64/libmultipath.so.0 [0] to /tmp/mp/lib64/libmultipath.so.0 [0]: normal symbol `get_multipath_config' [LIBMPATHCOMMON_1.0.0]
     15486:     binding file ./sbin/multipath [0] to /tmp/mp/lib64/libmultipath.so.0 [0]: normal symbol `get_multipath_config' [LIBMPATHCOMMON_1.0.0]

get_multipath_config is now correctly resolved to the symbol from libmultipath for all referrers, in particular for libmpathutil.

eworm-de commented 2 years ago

I can confirm this does no longer crash for me. Thanks a lot!

eworm-de commented 2 years ago

Will we see a new release with this?

mwilck commented 2 years ago

We haven't done that in the past. We usually accumulate some commits before we bump the version. But maybe we should this time.

@cvaroqui, would you bump to 0.9.3?

cvaroqui commented 2 years ago

Ok. Can you prepare the pr ? I will merge and tag asap

opensvc / multipath-tools

Fix symbol resolution issues #48