From patchwork Fri Dec 6 17:37:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847842 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp912205wrt; Fri, 6 Dec 2024 09:44:26 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXhYkXdwuQ6/wze+SNYDvnV/Lii6P1kRxkoZCKvozpZbTPMiYnN1vVSfkaPtvp7wfkzhM0RkA==@linaro.org X-Google-Smtp-Source: AGHT+IFZlPQsoWSDZ1DK5kmGK+xhxXetwmYVfs2t63HIUFob/MZDCk5Zzixx/7fauw5Yhrb2LQaT X-Received: by 2002:a05:620a:4153:b0:7b1:4a17:bab0 with SMTP id af79cd13be357-7b6bcad5078mr713913085a.25.1733507066144; Fri, 06 Dec 2024 09:44:26 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733507066; cv=pass; d=google.com; s=arc-20240605; b=dMuNqirZZjxsIfBO2dzyM34MVybbkautwZnjNJKVPQMz/24+8QLfXURZkpb33L24cC 5y+7EbJCAzzIu0A9FluoEwYhkzViAbTr+7//MJZ9Y2MMKD6hp4tiPnlOss7+rx1XBxg7 xnXEh0lC93kIvCA/IvIoiKCC84GnUV733Ygd7pwTxLDcnX/PzV7MII/busR4uZbJSD+a 1Z3e/PO0ntRAYTmdDeGoLx0rlcpXyCrkr07pJ/SHIL2Aan2lUvrMIDtqKFm0HuLjvVGj AzyxLLjjD/l0GCt9JKb4xZGGn7YprptwLFfrRtRoNp/QAai+PSwaxjKB/zuPdcBd4u/F KFTA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=oI9R9z9btlncp/zl9ceW+wapJ0WCy0V2DJz299yNx6E=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=I64Qfa90ablGxvZvVtwUsC/HA1G8SoOvtHYUxdTzKMJmYsrrasHYEP+f3eu73nC2Xu c+7j9n4Hr3t31V8bKc7fG5dgf8D++p0ngBoy9K5t3f11TXq9ugmnlPG2MzJRXsZUYF3i Muklo7uqxURzJHp7N2E8bYh16osD+MwDsX2L1h0dZ8CKpXwRTjveuA0wSwCVC98YH2Tv BxIUIRziXyeXDu6Jp9X/TPdgdfcVWK7Pxat/hxRb1WXnValHjAu/EeYUauecdocYNheT 6jRB5uDT3+hSrQTzy8ALxWOCjNOKGpNBd3pEd/0YTc3W/szQUhBNMKu9XqqwRV+7Nm7H mdjQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SSMDgDNh; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7b6b5aaab82si518546385a.461.2024.12.06.09.44.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:44:26 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SSMDgDNh; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9A5893858CDB for ; Fri, 6 Dec 2024 17:44:25 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9A5893858CDB Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=SSMDgDNh X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) by sourceware.org (Postfix) with ESMTPS id 3AE1A3858410 for ; Fri, 6 Dec 2024 17:38:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3AE1A3858410 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3AE1A3858410 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62b ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506739; cv=none; b=egBQhR2qXUQCCFgM1K1m45pSNn6AZyDuLzLghlMJ3qeLMIyG49vCch7BTI/JtdvfRxeLr9aB3wEaCqSeeIAHjFR/BCBWQklm7JYuJZDi6E47FwPC/ZcUsKb7z6IRU4bwhPsjpJcj8+ZPrEKa7ZrV6dTzvsyHHenb3lp7iW6DqHU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506739; c=relaxed/simple; bh=UuAfGeAxN9H0kDNbFwS/4FxcRk3WPDCbz3soB33M7LQ=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=h6Pnl0F+1F1gI3hqd70pURvBAZOqEzNXUVgOI2aIOQtrMUwKtk8vRikrXF241ujCLES1VSPbzfS6b1OLZzbx+lAcmXsqp0LunTX6gBAnOve3yvKndQ1kh9l5+6yQH7VVpEyf4aPDPivgKchHGzCtgZ81lBkbyPvToXnFWo5o3dk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3AE1A3858410 Received: by mail-pl1-x62b.google.com with SMTP id d9443c01a7336-2155157c58cso15156365ad.0 for ; Fri, 06 Dec 2024 09:38:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506738; x=1734111538; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oI9R9z9btlncp/zl9ceW+wapJ0WCy0V2DJz299yNx6E=; b=SSMDgDNh5jot+xVlmSJZCaWXhjK9wBOnDW3Y/G03wYW6/0elWPL6FGADE4NMdUG+YX +CVrLuUO4tXGDIZMcCJ+O3DJAYUqzFmKO+tn6ZAsWbbBqdmB4hoELQUYQzPuupgQXese Dymn/zhXfSGlPA70QY+MIEY+ah3Y8G6DQnoE6X4zg+5Wk506KuwfX5b+ZvPe1IM4+xPr G6xza4aOITSDGqW1c/QxG4xL3IaSEIvzc7NyqkMUFrHsfUSJQptaqrtCvR3pJHQwlwLE rhdJtY37Bjop7QVWB9+nP5bikWpyII18OnpFpWnwssL0Pe3djwV35BnbtNycJ0T4xqMG 7TXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506738; x=1734111538; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oI9R9z9btlncp/zl9ceW+wapJ0WCy0V2DJz299yNx6E=; b=gRn1wJL0FQmrPx03uWC8Eo9qLV85bfS3U41bFBJi5uoGtfTOxYHcahdyaAfK9Ew2Du Ql1uLv/SVT5JhEDX3RZzXzLKHx4beht4YoXJnuQYYylnTMEiDMkNNL3q+YDUXfCCQ/c/ 7+xmYoi1GkRZuvnJY1+U/YNU9ulioEUurD1yAQpxu4fcvhEV9r415sHXifWVPi8eGSdR zd/xF6QE63oRNXg7VBtvv9aglKHIqkXGgBXUc2CPSnPySb5sas11MqgR6e8sbD0BOVWY +49ysdjWG/5HO/hgnFfz0j3l3GNtubXODTRBQpJo/PtBVa/Jjm9KxjRyj8ksi5QRiBL4 hy+w== X-Gm-Message-State: AOJu0YwdlMtXI+M07IjZCDjqTFS5f51PuLOu4XNkfsTGT0LuVamvuvk9 GrEbzXy+pkw6d7OBjic8VzUz+RDzZalSPlhyj6mhauIiP4ZNl8j273U4Lt82OGs6xuRPByYCI81 9 X-Gm-Gg: ASbGncu+wK3DSZTc8b9oaJ44tobIan3trQacRFMByMlfI53O2Hr/PbA4S/pjliMg+/2 f0a8fiYwq29RRUJ5peTtDkfZPFyX9SCIRr4BXgxb+gUYgvvPMiQ33Ka08pkk+8l6UQGYz0gr9dD fAxbuE7H9Q+gdkfLa5ehaIjh3TJvd5aEGn/E9NVvPq0ajbtvQ7GsMEWUxqrBb/fA7lBW/yWFwU9 v1Z6nVboXvUw4nNzZf8894BW913FaEw2c9ErcLk1BCV9DRb0vmQovhLPLUWqA== X-Received: by 2002:a17:902:e841:b0:216:1eb9:4a48 with SMTP id d9443c01a7336-2161eb94e44mr29612505ad.56.1733506737516; Fri, 06 Dec 2024 09:38:57 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.38.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:38:57 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 1/9] linux: Add mseal syscall support Date: Fri, 6 Dec 2024 14:37:49 -0300 Message-ID: <20241206173850.3766841-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org It as added on Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) as way to block operations as unmaping, moving to another location, shrinking the size, expanding the size, or modifying to a pre-existent memory mapping. Although the systecall only work on 64 bit CPU, the entrypoint was added for all ABIs (since kernel might eventually implement it to additional ones and/or the abi can execute on a 64 bit kernel). Checked on x86_64-linux-gnu. --- NEWS | 4 ++ manual/memory.texi | 66 ++++++++++++++++++ sysdeps/unix/sysv/linux/Makefile | 1 + sysdeps/unix/sysv/linux/Versions | 1 + sysdeps/unix/sysv/linux/aarch64/libc.abilist | 1 + sysdeps/unix/sysv/linux/alpha/libc.abilist | 1 + sysdeps/unix/sysv/linux/arc/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/le/libc.abilist | 1 + sysdeps/unix/sysv/linux/bits/mman-shared.h | 8 +++ sysdeps/unix/sysv/linux/csky/libc.abilist | 1 + sysdeps/unix/sysv/linux/hppa/libc.abilist | 1 + sysdeps/unix/sysv/linux/i386/libc.abilist | 1 + sysdeps/unix/sysv/linux/kernel-features.h | 8 +++ .../sysv/linux/loongarch/lp64/libc.abilist | 1 + .../sysv/linux/m68k/coldfire/libc.abilist | 1 + .../unix/sysv/linux/m68k/m680x0/libc.abilist | 1 + .../sysv/linux/microblaze/be/libc.abilist | 1 + .../sysv/linux/microblaze/le/libc.abilist | 1 + .../sysv/linux/mips/mips32/fpu/libc.abilist | 1 + .../sysv/linux/mips/mips64/n32/libc.abilist | 1 + .../sysv/linux/mips/mips64/n64/libc.abilist | 1 + sysdeps/unix/sysv/linux/or1k/libc.abilist | 1 + .../linux/powerpc/powerpc32/fpu/libc.abilist | 1 + .../powerpc/powerpc32/nofpu/libc.abilist | 1 + .../linux/powerpc/powerpc64/be/libc.abilist | 1 + .../linux/powerpc/powerpc64/le/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv32/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv64/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-32/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-64/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/le/libc.abilist | 1 + .../sysv/linux/sparc/sparc32/libc.abilist | 1 + .../sysv/linux/sparc/sparc64/libc.abilist | 1 + sysdeps/unix/sysv/linux/syscalls.list | 1 + sysdeps/unix/sysv/linux/tst-mseal.c | 67 +++++++++++++++++++ .../unix/sysv/linux/x86_64/64/libc.abilist | 1 + .../unix/sysv/linux/x86_64/x32/libc.abilist | 1 + 39 files changed, 187 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/tst-mseal.c diff --git a/NEWS b/NEWS index 55b74436ab..d65eaeadf7 100644 --- a/NEWS +++ b/NEWS @@ -45,6 +45,10 @@ Major new features: liable to change. Features from C2Y are also enabled by _GNU_SOURCE, or by compiling with "gcc -std=gnu2y". +* On Linux, the mseal function has been added. It allows to seal memory + mappings to avoid further change during process execution such as protection + permissions, unmapping, moving to another location, or shrinking the size. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/manual/memory.texi b/manual/memory.texi index dc4621e2c5..9e902bc67e 100644 --- a/manual/memory.texi +++ b/manual/memory.texi @@ -3072,6 +3072,72 @@ process memory, no matter how it was allocated. However, portable use of the function requires that it is only used with memory regions returned by @code{mmap} or @code{mmap64}. +@deftypefun int mseal (void *@var{address}, size_t @var{length}, unsigned long @var{flags}) +@standards{Linux, sys/mman.h} +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} + +A successful call to the @code {mseal} function seals the memory range of +@var{length} bytes, starting at @var{address}. The sealed memory is +protection against further modifictions such as: + +@itemize @bullet +@item +Unmapping, moving to another location, extending or shrinking the size, +via @code{munmap} and @code{mremap}. + +@item +Moving or expanding a different VMA into the current location, via +@code{mremap}. + +@item +Modifying the memory range with @code{mmap} along with flag @code{MAP_FIXED}. + +@item +Expanding the size with @code{mremap}. + +@item +Change the protection flags with @code{mprotect} or @code{pkey_mprotect}. + +@item +Destructive behaviors on anonymous memory, such as @code{madvice} with +@code{MADV_DONTNEED}. +@end itemize + +The @var{address} must be an allocated virtual memory done by @code{mmap} +or @code{mremap}, and it must be page aligned. The end address (@var{address} +plus @var{length}) must be within an allocated virtual memory range. There +should be no unallocated memory between the start and end of address range. + +The @var{flags} is currently ununsed. + +The @code{mseal} function returns @math{0} on sucess and @math{-1} on +failure. + +The following @code{errno} error conditions are defined for this +function: + +@table @code +@item EPERM +The system blocked the operation, and the given address is unmodified +without partion update. This error is also returned when @code{mseal} +is issued on a 32 bit CPUs (the sealing is currently supported only on +64-bit CPUs, although 32 bit binaries running on 64 bit kernel is +supported). + +@item ENOMEM +Either the @var{address} is not allocated, or the end address is not +allocation, or there is an unallocated memory between start and end address. + +@item ENOSYS +The kernel does not support the @code{mseal} syscall. + +@strong{NB:} The memory sealing changes the lifetime of a mapping, where the +sealing memory could not be unmapped until the process terminates or starts +another one through @code{execve} function. + +@end table +@end deftypefun + @subsection Memory Protection Keys @cindex memory protection key diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index eb9c697ce5..a270b0af4c 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -213,6 +213,7 @@ tests += \ tst-misalign-clone \ tst-mlock2 \ tst-mount \ + tst-mseal \ tst-ntp_adjtime \ tst-ntp_gettime \ tst-ntp_gettimex \ diff --git a/sysdeps/unix/sysv/linux/Versions b/sysdeps/unix/sysv/linux/Versions index 213ff5f1fe..194c9a47d7 100644 --- a/sysdeps/unix/sysv/linux/Versions +++ b/sysdeps/unix/sysv/linux/Versions @@ -331,6 +331,7 @@ libc { GLIBC_2.41 { sched_getattr; sched_setattr; + mseal; } GLIBC_PRIVATE { # functions used in other libraries diff --git a/sysdeps/unix/sysv/linux/aarch64/libc.abilist b/sysdeps/unix/sysv/linux/aarch64/libc.abilist index 38db77e4f7..ca2b42339a 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc.abilist +++ b/sysdeps/unix/sysv/linux/aarch64/libc.abilist @@ -2748,5 +2748,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/alpha/libc.abilist b/sysdeps/unix/sysv/linux/alpha/libc.abilist index 637bfce9fb..e385da44c7 100644 --- a/sysdeps/unix/sysv/linux/alpha/libc.abilist +++ b/sysdeps/unix/sysv/linux/alpha/libc.abilist @@ -3095,6 +3095,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/arc/libc.abilist b/sysdeps/unix/sysv/linux/arc/libc.abilist index 4a305cf730..499e48c8b1 100644 --- a/sysdeps/unix/sysv/linux/arc/libc.abilist +++ b/sysdeps/unix/sysv/linux/arc/libc.abilist @@ -2509,5 +2509,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/arm/be/libc.abilist b/sysdeps/unix/sysv/linux/arm/be/libc.abilist index 1d54f71b14..e9ccb8abb0 100644 --- a/sysdeps/unix/sysv/linux/arm/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/be/libc.abilist @@ -2801,6 +2801,7 @@ GLIBC_2.4 xdrstdio_create F GLIBC_2.4 xencrypt F GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/arm/le/libc.abilist b/sysdeps/unix/sysv/linux/arm/le/libc.abilist index ff7e8bc40b..5f551a3548 100644 --- a/sysdeps/unix/sysv/linux/arm/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/le/libc.abilist @@ -2798,6 +2798,7 @@ GLIBC_2.4 xdrstdio_create F GLIBC_2.4 xencrypt F GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/bits/mman-shared.h b/sysdeps/unix/sysv/linux/bits/mman-shared.h index 7a9874204d..0cd072e235 100644 --- a/sysdeps/unix/sysv/linux/bits/mman-shared.h +++ b/sysdeps/unix/sysv/linux/bits/mman-shared.h @@ -80,6 +80,14 @@ int pkey_free (int __key) __THROW; range. */ int pkey_mprotect (void *__addr, size_t __len, int __prot, int __pkey) __THROW; +/* Seal the address range to avoid further modifications, such as remmap to + shrink or expand the VMA, change protection permission with mprotect, + unmap with munmap, destructive semantic such madvise with MADV_DONTNEED. + The address range must be valid VMA, withouth any gap (unallocated memory) + between start and end, and ADDR much be page aligned (LEN will be page + aligned implicitly). */ +int mseal (void *__addr, size_t __len, unsigned long flags) __THROW; + __END_DECLS #endif /* __USE_GNU */ diff --git a/sysdeps/unix/sysv/linux/csky/libc.abilist b/sysdeps/unix/sysv/linux/csky/libc.abilist index c3ed65467d..50239f275f 100644 --- a/sysdeps/unix/sysv/linux/csky/libc.abilist +++ b/sysdeps/unix/sysv/linux/csky/libc.abilist @@ -2785,5 +2785,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/hppa/libc.abilist b/sysdeps/unix/sysv/linux/hppa/libc.abilist index 8de7644a59..46a7db3e07 100644 --- a/sysdeps/unix/sysv/linux/hppa/libc.abilist +++ b/sysdeps/unix/sysv/linux/hppa/libc.abilist @@ -2821,6 +2821,7 @@ GLIBC_2.4 sys_errlist D 0x400 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/i386/libc.abilist b/sysdeps/unix/sysv/linux/i386/libc.abilist index 4fedf775d4..9b86da3a98 100644 --- a/sysdeps/unix/sysv/linux/i386/libc.abilist +++ b/sysdeps/unix/sysv/linux/i386/libc.abilist @@ -3005,6 +3005,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h index a25cf07e9f..b9038d18bf 100644 --- a/sysdeps/unix/sysv/linux/kernel-features.h +++ b/sysdeps/unix/sysv/linux/kernel-features.h @@ -257,4 +257,12 @@ # define __ASSUME_FCHMODAT2 0 #endif +/* The mseal system call was introduced across all architectures in Linux 6.10 + (although only supported on 64-bit CPUs). */ +#if __LINUX_KERNEL_VERSION >= 0x060A00 +# define __ASSUME_MSEAL 1 +#else +# define __ASSUME_MSEAL 0 +#endif + #endif /* kernel-features.h */ diff --git a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist index 0024282289..9b617ed24b 100644 --- a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist +++ b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist @@ -2269,5 +2269,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist index 142595eb3e..c3308f3d70 100644 --- a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist @@ -2781,6 +2781,7 @@ GLIBC_2.4 xdrstdio_create F GLIBC_2.4 xencrypt F GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist index 85e7746c10..1da35d9cdc 100644 --- a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist @@ -2948,6 +2948,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist index 91dc1b8378..acf4a194f3 100644 --- a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist @@ -2834,5 +2834,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist index 3440e90f6f..72f69dee89 100644 --- a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist @@ -2831,5 +2831,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist index 5ee7b8c52f..f31d29add6 100644 --- a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist @@ -2909,6 +2909,7 @@ GLIBC_2.4 renameat F GLIBC_2.4 symlinkat F GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist index ae7474c0f0..57df1a30cc 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist @@ -2915,6 +2915,7 @@ GLIBC_2.4 renameat F GLIBC_2.4 symlinkat F GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist index cdf040dec2..808d11899f 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist @@ -2817,6 +2817,7 @@ GLIBC_2.4 renameat F GLIBC_2.4 symlinkat F GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/or1k/libc.abilist b/sysdeps/unix/sysv/linux/or1k/libc.abilist index c356a11b1c..e172e3f1eb 100644 --- a/sysdeps/unix/sysv/linux/or1k/libc.abilist +++ b/sysdeps/unix/sysv/linux/or1k/libc.abilist @@ -2259,5 +2259,6 @@ GLIBC_2.40 getcontext F GLIBC_2.40 makecontext F GLIBC_2.40 setcontext F GLIBC_2.40 swapcontext F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist index 7937f94cf0..05390d9b14 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist @@ -3138,6 +3138,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist index d6e35f31d2..8ab5bed681 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist @@ -3183,6 +3183,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist index 2268d6890d..cd025a4593 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist @@ -2892,6 +2892,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist index 7f61b14bc8..e0b47be0e1 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist @@ -2968,5 +2968,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist index 4187241f50..1a8affb9b7 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist @@ -2512,5 +2512,6 @@ GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist index 8935beccac..ef38afe23e 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist @@ -2712,5 +2712,6 @@ GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist index e69dc7ccf6..01067f7be1 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist @@ -3136,6 +3136,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist index 7d860001d8..6223ecbdb2 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist @@ -2929,6 +2929,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sh/be/libc.abilist b/sysdeps/unix/sysv/linux/sh/be/libc.abilist index fcb8161841..ad5fbff8cd 100644 --- a/sysdeps/unix/sysv/linux/sh/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/be/libc.abilist @@ -2828,6 +2828,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sh/le/libc.abilist b/sysdeps/unix/sysv/linux/sh/le/libc.abilist index 3fd078d125..fb16b94525 100644 --- a/sysdeps/unix/sysv/linux/sh/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/le/libc.abilist @@ -2825,6 +2825,7 @@ GLIBC_2.4 sys_errlist D 0x210 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist index 1ce1fe9da7..af231e9ae5 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist @@ -3157,6 +3157,7 @@ GLIBC_2.4 wcstold F GLIBC_2.4 wcstold_l F GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist index 07507b86f6..45a0b0463f 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist @@ -2793,6 +2793,7 @@ GLIBC_2.4 sys_errlist D 0x430 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/syscalls.list b/sysdeps/unix/sysv/linux/syscalls.list index f1cfe8dc13..424bf43868 100644 --- a/sysdeps/unix/sysv/linux/syscalls.list +++ b/sysdeps/unix/sysv/linux/syscalls.list @@ -39,6 +39,7 @@ mlockall - mlockall i:i mlockall mount EXTRA mount i:sssUp __mount mount mount_setattr EXTRA mount_setattr i:isUpU mount_setattr move_mount EXTRA move_mount i:isisU move_mount +mseal EXTRA mseal i:bUU __mseal mseal munlock - munlock i:aU munlock munlockall - munlockall i: munlockall nfsservctl EXTRA nfsservctl i:ipp __compat_nfsservctl nfsservctl@GLIBC_2.0:GLIBC_2.28 diff --git a/sysdeps/unix/sysv/linux/tst-mseal.c b/sysdeps/unix/sysv/linux/tst-mseal.c new file mode 100644 index 0000000000..95637f1377 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-mseal.c @@ -0,0 +1,67 @@ +/* Basic tests for mseal. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + TEST_VERIFY_EXIT (mseal (MAP_FAILED, 0, 0) == -1); + if (errno == ENOSYS || errno == EPERM) + FAIL_UNSUPPORTED ("kernel does not support mseal"); + TEST_COMPARE (errno, EINVAL); + + size_t pagesize = getpagesize (); + void *p = xmmap (NULL, 4 * pagesize, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE, -1); + xmunmap (p + 2 * pagesize, pagesize); + + /* Unaligned address. */ + TEST_VERIFY_EXIT (mseal (p + 1, pagesize, 0) == -1); + TEST_COMPARE (errno, EINVAL); + + /* Length too big. */ + TEST_VERIFY_EXIT (mseal (p, 3 * pagesize, 0) == -1); + TEST_COMPARE (errno, ENOMEM); + + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + /* Apply the same seal should be idempotent. */ + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + + TEST_VERIFY_EXIT (mprotect (p, pagesize, PROT_WRITE) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (munmap (p, pagesize) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (mremap (p, pagesize, 2 * pagesize, 0) == MAP_FAILED); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (madvise (p, pagesize, MADV_DONTNEED) == -1); + TEST_COMPARE (errno, EPERM); + + xmunmap (p + pagesize, pagesize); + xmunmap (p + 3 * pagesize, pagesize); + + return 0; +} + +#include diff --git a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist index 5acf49dbe8..41964726bb 100644 --- a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist @@ -2744,6 +2744,7 @@ GLIBC_2.4 sys_errlist D 0x420 GLIBC_2.4 sys_nerr D 0x4 GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F GLIBC_2.5 __readlinkat_chk F diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist index 02d1bb97dc..3b05723239 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist @@ -2763,5 +2763,6 @@ GLIBC_2.39 stdc_trailing_zeros_ui F GLIBC_2.39 stdc_trailing_zeros_ul F GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F +GLIBC_2.41 mseal F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F From patchwork Fri Dec 6 17:37:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847838 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp910306wrt; Fri, 6 Dec 2024 09:39:39 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXLcTTyiaIYNSIVGn6QzBLMJtbT8wrPdkFLO8gOHggur36GfWD4p+ZD3VFTQaHFaHn/Fg2x1w==@linaro.org X-Google-Smtp-Source: AGHT+IECkDlECvQ89yDr/FqQbpUFIUAvQ2r/XsptqO+zgj4Mp9NH0VBlIX8EFeqvdVJJhKfn4MVE X-Received: by 2002:a05:6214:cc9:b0:6d8:b2f2:bcb8 with SMTP id 6a1803df08f44-6d8e712c0b7mr60755236d6.8.1733506779079; Fri, 06 Dec 2024 09:39:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733506779; cv=pass; d=google.com; s=arc-20240605; b=b3/8p16LNzuZCrz7cgQLW/dnlZGHgfwAN1K34A8PsfUU8qUkxh4nZs1uK+iuOhpKYs yrKEQzlnSdn/lnekjiOkblvQUrWPe7y4HiK9Z1ujG0lHA7Ua7m2NbtL9KNPu+FbYfWf1 5fpOYI9xOEIxV5kBsUZ7DxOmLB+2rXrnX2oSqdkdIVW2Fk8EeCATvfXdhlS+kpfDUjxC M6BXwH+6G+xkGATCj1l1M/ohJ0QvSCVL528zegk/TDInWPqyY6OmRHR093mqfuONKsvG tU90/5uoB/AifK4T5oekCKVLbbZClkEzICRU9dP++1lzJ5lR/s4HysfCYrzP/iw+8dO7 iVQQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=eLdwvVMsoFovliCe4lcLV4NXSopnP16JsgNztuRS9A8=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=a0nfzgrZhvy6083HhLomOEDr4GRMyPYJHdnQKE5AeKmdPSj4TE9iFAeiY7nRyKDB+a QV9oMMnjSOrkLsWH1SlToSgij3FWHr0Ke7UcOHYkn9wYlsfHwJADY8iBBteYKV4ma63B i1HA5xA3d0sHd6f5ElkjO9blT25PzqJk3oq8R1gZYv50sfLGLxfMfKSMFbnZ5YBvANTH yZlLLtSuuEbEI5litIK/vn2Vh/eB/85g3q3AQiBd+Gfz18IY1DcJDZJxzSOqJ4Jnfrxf R2d3jtTHmnFhNVx5SJ31wQCEr0cmvE/GwH0Qr7fP3r0nEMURf4fdvKVXkLZYD9iuoIJW rnog==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XXR3htqH; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id 6a1803df08f44-6d8dac0b481si39582866d6.325.2024.12.06.09.39.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:39 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XXR3htqH; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9386A385840B for ; Fri, 6 Dec 2024 17:39:38 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9386A385840B Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=XXR3htqH X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id 439183858C42 for ; Fri, 6 Dec 2024 17:39:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 439183858C42 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 439183858C42 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506742; cv=none; b=ctZNyoKWnJld3zhKU0ijbPq6/ZGq4vwBZC3nt80Ven6b4OyOM1ATXSu6FbiqRAFZdZhCnUz3MCqTOJxLX+rASSf8BlmrjgwVWwgrnSKGZKvfYSDWzLzohp1d3VjLq2DhhdwkWsPU0lNrt/vzC6FTNt/I4XZE6YjtwMJcx7Q/0kU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506742; c=relaxed/simple; bh=Yu0Ox2J3hWIGFgKoaDMg6x2f9BD+FTjvKoS4XlB+EFo=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=uuj059nUPvlIfxS+SkhQmwfwN3FmhiP1dag4aw2IZJ82O6ZeoH04R1ceKvJELlGAhYjuZLbL5t0Tyxs0zmFo8mQ+UiqK+065lsffeLCM096LbDUaQR1oGgJpQjNfQEQF2wMlgUu+dw1l+0WIDssxYzlK0F0ouKhhN9iUldKaNXY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 439183858C42 Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-215e194b65aso22459715ad.1 for ; Fri, 06 Dec 2024 09:39:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506741; x=1734111541; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eLdwvVMsoFovliCe4lcLV4NXSopnP16JsgNztuRS9A8=; b=XXR3htqHRpu7yYajaOCK62e12XFYGycITMmBorKFh5eIpyudtRmuwpPaX9AuMI/JVi NTsOU9Hqa1AFLJWfrSSdbcUg9Fe/I7xEyfqWd7H+Ai/8x11+uLi8a6hds4Wx0hshbben YkHiqBbs5cyTSbvgonjrXiucaAYqYVzdrQuRY3a3bOiAz6OQtVK/V922Ci/wizET956w F21l4SFeYKnl7lHUMW73xtCUGM8DR7ojlfq6kc5Ux2Ek2Vl8gqdzB9ndwNTn4q6LSgPG sGxsGHdwJxgzjPW58ooc5GQ+0Pa1l3LBM2cgRr0obGhPFSTEIxV77ah1xc8r6UVW2hGW 5rCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506741; x=1734111541; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eLdwvVMsoFovliCe4lcLV4NXSopnP16JsgNztuRS9A8=; b=W1qv1/J+u+WwXg1N0lvjSSJV58S/J0TjgVc6bLMFpv9RjBrnypsSFAK5C6R75QP7Ms JtsxIufwINtN2KyyyJqAVzfCE0xStOWitiNnlkQXTN9/uR/v2278fKIdAf+GGVHdzsbj 4RCmheyEhVX11EYu0KFcrJ55aKeU1ED/nGxkIKL8tit7Id3KHu8AnN+Heync/Mb8R8is grOgBTeAxAKVJ6QwjV5JZ4oOm+M/2vgxao8ML7rtspZJoqyD7QIXj0oGVJTyQ5RRfpHc By+bnXtClSovyw3lwjfofscM8Sh13o0Dx+8nS4h/Ho/N1HNE+OjravBux6m8o199yApa TxNQ== X-Gm-Message-State: AOJu0Yxl/OpiRSLS2rm8c6AQe9yFGqpI/7H19nBFa0RwyCWrUIDouydN 15gSQCjF8EsMrB9STYWCPH3eu2iODUeuDusVN75AhB6RinBSX962nQXa3Zw2st40fxhiWU5eOaJ m X-Gm-Gg: ASbGnctcgstNx2BqqFsjhtKpayVED5Nu3t0hcRSdgngP2+3zzX8RAnNfPq7ZQJxvYUh M7pVgNDzQooSblpLKbpMa50ru8N2klNf1iMC2+WnqzN54Xrwo6h4s6tsPBEB3/KYPR+ykze9u+x egf65AJ2Ym+0Uy9ruGxWIaO5kqjW1ys3Bra9IxohJO7P9QJxfzBO/fLjIoQxvBVbYawu3834wPI BQNm+lP4cLm2Yd91hRpdQh4E53oUbfMeW4mu2ufQ9k1wCxE1CEFhyPrzyUZrQ== X-Received: by 2002:a17:903:1d2:b0:215:7cde:7fa5 with SMTP id d9443c01a7336-21614e06d80mr57142865ad.56.1733506739607; Fri, 06 Dec 2024 09:38:59 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.38.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:38:59 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 2/9] elf: Parse gnu properties for static linked binaries Date: Fri, 6 Dec 2024 14:37:50 -0300 Message-ID: <20241206173850.3766841-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So the static binary can opt-in of memory sealing. Checked on x86_64-linux-gnu. --- elf/dl-support.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/elf/dl-support.c b/elf/dl-support.c index ee590edf93..f0b6be07e9 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -45,6 +45,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -334,6 +335,18 @@ _dl_non_dynamic_init (void) _dl_main_map.l_relro_size = ph->p_memsz; break; } + /* Process program headers again, but scan them backwards so + that PT_NOTE can be skipped if PT_GNU_PROPERTY exits. */ + for (const ElfW(Phdr) *ph = &_dl_phdr[_dl_phnum]; ph != _dl_phdr; --ph) + switch (ph[-1].p_type) + { + case PT_NOTE: + _dl_process_pt_note (&_dl_main_map, -1, &ph[-1]); + break; + case PT_GNU_PROPERTY: + _dl_process_pt_gnu_property (&_dl_main_map, -1, &ph[-1]); + break; + } call_function_static_weak (_dl_find_object_init); From patchwork Fri Dec 6 17:37:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847839 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp910557wrt; Fri, 6 Dec 2024 09:40:18 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVUADd2wwBcw/qFR/w2Vy8GYL3dtgrEmZ25Hqy4ktMxzne5hrHR8GQVrandC5hEqpxnKJeR9g==@linaro.org X-Google-Smtp-Source: AGHT+IGkyKDC4u/uDQ1efV63bACE0Kuah5Pxz6C7A5CvMMhufjJepSsxPpbwdqbJydvv6+DqIDPi X-Received: by 2002:a05:6102:304d:b0:4af:4945:9a0b with SMTP id ada2fe7eead31-4afcaa23ac8mr4754509137.5.1733506818002; Fri, 06 Dec 2024 09:40:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733506817; cv=pass; d=google.com; s=arc-20240605; b=D7qZnjZJCaTX6bQGJ4s2s7QDyF99rkjjIdAiIlPSXZGJGFtdv+7ELg5tb4dsw7FaDy HIUj8kVYgmtJe4LPn+SjUZqlG1LvBWz03khwR9AFUzFj7sFzLryMEHn6OU2Y0cUhfuoX LZFT16287f6UEywHOyUSytBdMqkwNnGhjDaG84MlpMPCPlRg9XJm0gWTF73/0qEaEQ9Z Mzyzifs1URqj3GsUUjGEqgCTp5L85txxHp7p48h0NkxPZKbxwYWT1XKvWDk19mP1XkIi dirAuYqGSB2IjB5WVbX0DgaUtal5PM77syXlq1aOP0E8ZhrHj/G54K0i0dyMLPcCzImK XF3Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=cPEqMAXi1/CcDCU7DfI3OZGCMz96IJO+8lN7RSsBLBc=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=fb4UGmUeE7gMft5FlAxHa+bVuK1XCwnd42N/UQPk1VmGVPBi/w3GhVLsFgbTm38NkJ tb7c7Wjb/fAbfWMelFi6xrQ7k08HTCaY3mbZr3Mk2Bir+fRlhHKhTk1Xv/yd+nY+kpmF AIAUZy8nVH+kGQCBLn7iTT2w5INAm4DKtSegV8mQIsqOtyhvoesQHJ69VuGdFrjrKHUP i0UZSCvSNTBEvtvbKC8IrXq/Z63j0EbuC23yTaDeyu0b19pKDx3P128Ig2Y3thYN4e/8 FI9HkS4B469pTNRq7eGl/A9xgC8ScVXnvAe7iIQwvgopFb6KAYfjk6XaYfx/e2kAO7O1 mAYQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=u9RFxJj9; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id ada2fe7eead31-4afde4a3104si284137.155.2024.12.06.09.40.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:40:17 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=u9RFxJj9; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 7E9153858CDB for ; Fri, 6 Dec 2024 17:40:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7E9153858CDB Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=u9RFxJj9 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by sourceware.org (Postfix) with ESMTPS id 3AA56385840B for ; Fri, 6 Dec 2024 17:39:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3AA56385840B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3AA56385840B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506743; cv=none; b=bet0+7PFXq959kfpv4ykCFFF6/kxiLkTn6VsXQCl2rqq5U0wUpWsrJWE0PqNh6f1PtKpOOTD8UB/PLYtFmdthnLO0QDQjjkHtHH2ZboS8gNVQHfwFxBrz+WejZ0Z7NDFRGs/NhBn243kGN71cq5qZdB0WGClY9g3CBswOoP/DLc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506743; c=relaxed/simple; bh=Gmm1Q1a4lsJw3noBbRK01sKogkQLwZaXPHy2R2xOU5A=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=Ctvokz5noNu67IH/HHR3JSTho7xu7SaRgKFSzCghk1btw4tFbPuu6et/348UjBd0cGoyKj2VMmUQUafhyYFWuCYtGeZD1qnWGM286WsIdjUY3lKDst+2aEiYglJUBu1ixckO0RUYeBw79hFRc+nzqNHkF7+jtxuEpGhiph3vp6s= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3AA56385840B Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-215b4681c94so20126355ad.0 for ; Fri, 06 Dec 2024 09:39:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506742; x=1734111542; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cPEqMAXi1/CcDCU7DfI3OZGCMz96IJO+8lN7RSsBLBc=; b=u9RFxJj9gj2mwvItr9fw+3oKRS7CEDFFbC1PJ5FrJjIiW4SfHOt+bmcgNJqBAolDeN 9KzSx0QOWqj1rvPpPZcuuodb01yIPbOSx9kAAkIlN8PabRs/MT1m8p1VPgKzf0ifAr/s em6MVZP1DSVTJqWOAe/4J3rttq8OFuLhg+EMIHOGXOhNu6wiAvv3G2RBzaiYREpO2H87 QWRv8DSE+BlGmmSuf16jpgQOOpJlU+ILAiMbAg3uHPfTeHRvvqfxP5XeULXrq5v2USni ymfTyrLhmEFt93O/pF7X+KN0F2nmqM0ddERrYwgxzRrHecuuSDRiESEspGcDnbbNzXLE Ex/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506742; x=1734111542; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cPEqMAXi1/CcDCU7DfI3OZGCMz96IJO+8lN7RSsBLBc=; b=MPXYKtaX0A0ztimVUcEdrg2fkEnGLHEm+Ay2o02yT9wHVRH7yYyc/otaTsG5wsaeqz xcbJjXmdDPm+9PcSRLlFYYK8nrlWzcqJYSNSbNdkrm2a1p65iiqWYM5uOtjq72VR0mqM RnltNB70TRtSuXYC4OsjQO3B6Z4LcHrhHq80eyHogcXbqnzVpxVITq7giTg4xJVDduFe Twklm8zeuuHXvNnzUpJyqMl3IIj4Cv1v+teYh++0ZRRBjkaMqcGmQmnqtUk1GKF82RHr LbAoaA0qts7E07OUaCQKMe2yiLK1nQTu+/F9vmqHUyBx5ZmzvyWnJc+UJSWsQqsBen6b v5FQ== X-Gm-Message-State: AOJu0Yx+R534qjCuHc8S1+zwmapKbESySkb0uAGAKUaHRs7qFxzaFEVZ 783b1wYZxe5NTf+6fbNCX6ffdwY2+F9ObzLT7X8zQnVos00SIUjplEDpizPOAmCx68MZ+fAAhTD A X-Gm-Gg: ASbGncseJp+MCs/0wlUCF7TAXkJXlIWlg3ft7RWNlSzjJFJh9eBE93i4G2zRU0Z10+f C98qMKpSZSglcU0zypJQvIdhBv8Uv+7QABPf/O88yVp9ta8dUAzub7CHrPqA7TGcXsVOv3fU+RQ eUu7zsLhiqnb/S2nKHBAO1O5FIf9SFvrd33rQdRHwWtRYHRzQPM5YtA6U6sX5+uqr9ipE++ggDW XRc9uOLZewBxvAfoyK8wF53zD6bTTeUizhLej8qWUV1kIAKS10JuG2wyOAPvw== X-Received: by 2002:a17:902:dac5:b0:215:8112:2fa with SMTP id d9443c01a7336-21614da9d08mr50770065ad.36.1733506741957; Fri, 06 Dec 2024 09:39:01 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.38.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:01 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 3/9] elf: Parse gnu properties for the loader Date: Fri, 6 Dec 2024 14:37:51 -0300 Message-ID: <20241206173850.3766841-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So it can opt-in for memory sealing. Checked on x86_64-linux-gnu. --- elf/rtld.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/elf/rtld.c b/elf/rtld.c index b8cc3f605f..e19086ecad 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1751,11 +1751,15 @@ dl_main (const ElfW(Phdr) *phdr, /* PT_GNU_RELRO is usually the last phdr. */ size_t cnt = rtld_ehdr->e_phnum; while (cnt-- > 0) - if (rtld_phdr[cnt].p_type == PT_GNU_RELRO) + switch (rtld_phdr[cnt].p_type) { + case PT_GNU_RELRO: GL(dl_rtld_map).l_relro_addr = rtld_phdr[cnt].p_vaddr; GL(dl_rtld_map).l_relro_size = rtld_phdr[cnt].p_memsz; break; + case PT_GNU_PROPERTY: + _dl_process_pt_gnu_property (&GL(dl_rtld_map), -1, &rtld_phdr[cnt]); + break; } /* Add the dynamic linker to the TLS list if it also uses TLS. */ From patchwork Fri Dec 6 17:37:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847844 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp912343wrt; Fri, 6 Dec 2024 09:44:44 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXcozVwC453gW89l2oDBl5J7NupwjdHZjGYI2AUIuyKzdKjS1+FEMFuZDjASfUR4kHsE7Exig==@linaro.org X-Google-Smtp-Source: AGHT+IGTJce2nbTWmUL8NeD4zpLI87icreaW5o2awK9QNh6lJDs0YVgjBdVaQvaPnpwAFHaB2Ong X-Received: by 2002:a05:6214:19ed:b0:6d8:a1b4:b591 with SMTP id 6a1803df08f44-6d8e716c226mr61886636d6.23.1733507084424; Fri, 06 Dec 2024 09:44:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733507084; cv=pass; d=google.com; s=arc-20240605; b=HfHqLRT/7ZH5s+fprl9y1K2Im5bv1r3CmZo8Vg2dM76yFDE0U9Wjso9nSzu1OEGYMx 4M+xXd6lwkklEMhbF1tydfhmqIOFIiOID4OI7IT2G3PeuuSlAYLBQ24Q11KbLm6ghhAD R2bqvZ0Nt5OfzKglQ6SRgLwRJWL1DV7l2vGn3BuELkcNsTZyL7gyRl8sZ6KAOVeUgMja rJDRcQDVeb+mjjZYm5Nbt8UTCZOY4hUvkBq/55IvnoghfgQPIeNDWX23kHLHJ/tsUNXW n9j7WNGyBiTWcGjZsgLpBj/adYbteI4W4LiQaLbNys/9eFeoWQ/qr3uyFTsWszkbnS8x mkOQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=xBZndHKorfDELnAIx8RL0wKrbWET7JZzLkXN2FlAwM0=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=fQL3w+WzxLtdGZxCP5i7aInlKAU83I3df5yETgowNPakZCKskVFDxvNEhLdOd/KOwv oOyl69aXdk9QfTw5gxsHaWuQXxtmCMLjBZ3HFGkA96CCe/IZ4ulzfRL+o3ylUX4XljMX b4RKhCIK3Uj5CN0Sc6DLCcrN4odGEcrEPaAlKy2e1DDiTgUrPSZahIbSFL4tSXFrRaIi a+FOqj6LGRXRUzl/o871d6ZSzzWusXmXtvJGqkzDMla//poLuE0obXXKYGIZ1gD3Xj1x e+/i8Wm/MlbEv/fdObzeKhX4p/Ei/YYUapUFG8OXnRDtZDlN79t2ih33jv43KNFA93ub Lc/g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FCndyPJj; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id 6a1803df08f44-6d8dabf2b23si18145126d6.289.2024.12.06.09.44.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:44:44 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FCndyPJj; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id EBE46385840E for ; Fri, 6 Dec 2024 17:44:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EBE46385840E Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=FCndyPJj X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id 6305B3858424 for ; Fri, 6 Dec 2024 17:39:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6305B3858424 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6305B3858424 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::635 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506745; cv=none; b=FNkkRvfhqqeQZm33bKcvEL43CfsFJT9NosZ5zM/eYkK8hgvAZ+YvQWkQaD71KcjgqKsf8QhflKoWdiFKPHnR3TnJWl2rof6N72UrhYgkqGSJsraFocRVhd0TjN5GEoSCmrYQ/EupXUD1t0qk6DGdgBX3h1MIh+uYxYT4xR2Pbow= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506745; c=relaxed/simple; bh=rN/bCiiNS5T0SaYBmuTXWaqx+pX+Z5wdLji4u2u6xjI=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=CDIBA8iMv/hr5FPzwaanC46vULYcObLOzG30fyp0sW+ifhC1sWNI7VuSpdBt5dEtflA52ivS5q6LPgX63NUNHqxx1UtM/gZno0YkajAYEGh4JuaejdEP4dOduNxA4Vh+k1QU4P5J6klSzZFW0okqwfMQWNr8UaXYdz7Ymtt59Fo= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6305B3858424 Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-215da73e256so21088255ad.0 for ; Fri, 06 Dec 2024 09:39:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506744; x=1734111544; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xBZndHKorfDELnAIx8RL0wKrbWET7JZzLkXN2FlAwM0=; b=FCndyPJjCHrcZsFJWqmSO8lEbpQ22d0WdwOdU7VFlxfRvjPqNxoke1Vh8eMJqcpKof y+k59Hvnunm+pFnf+GM2RNSyKr6lvibrTAoKipxLoVs/4RGx14A7oC3mzM26tJAoRHOd DiEeLAvjWdvzzzYvUZbnHCCIrohfpb+uhRIT1NQygyxDh8yuPdvjFKngYnRdYP07d9wd Q3R3QD8B7Pe2XLekWq0U3yesGDbyUBwGa4CIIz4ppHpfAk1oLfXeWVRulBRB7EZtG6FE 2Mp2IXK9Lr2XcnM3u37DUeWewZc8EYjezxgcbdAA5ddOGgfrOBnwZgEEq8DAxD9uT5dR fCkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506744; x=1734111544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xBZndHKorfDELnAIx8RL0wKrbWET7JZzLkXN2FlAwM0=; b=p6ha7UOKtvb1u4mudyqQS2Ag0hVI0Znqc9gId1735+J4kWF1LNqiWZKlbths7JaFbJ tP9cvzjXvh2bcCVfLiLAmTmonu4mVQOiuzhIs6d24BitHJFr/ceJscMJ5QBjjvAOsFxg ZCGDOIsremPYrTRKdk79Y9lNnJewp8A481tt2TisQz3zpIIK482ZAVmZszLxmRV3I8ll saGBVysTwfQcXFT9uifA7IR3/vPvSX5MGwsAeK1LHMllLUpBK2zLh+GvpeFutW6eV5SG Ssh7ZdtwIhp0NMidLdoC1yY7/XFaUFpfI7uvnFJuYRs+WGKOwVWt97CkBsEO83AZ9rxz fQ7g== X-Gm-Message-State: AOJu0YxjyhSgAiu0q/QjRJgJxuYsnEgk7LsqONFqWIt7TQHQ8ms3kRWJ OulOOlAMBKH34mGznpN0GBdHjACLgx5kAVb6qa3bLBqI0sjXTeVchSrpzIjAtvSTpsiYP4L2xTx P X-Gm-Gg: ASbGncsB9sfm7Zc4xw+iozpaXcCXXSs3VDA+N2XSkVAJov2wAn5/18UfZS/349ew3X7 nceSTFXnAcuFVZM6/FuT/tvwMrMORlpiB5L0M+PNrD7Xn+zgp8/uZ4z/xqA74OsUA4GITAyvrhR 2oKWX9j738xcKaHL4u00+czkan5wtAJMqXgcaxveg3lMpXjy5Jiit3aj961lu1r65svKf4n3PZU bJBMINDj1bFNZNYe+42M5G0JGbIFE3NSWTnvrznbwmDD6vvr5T/bfj3v4FQUw== X-Received: by 2002:a17:902:cec7:b0:211:f674:9d60 with SMTP id d9443c01a7336-21614dcc0ecmr53372275ad.50.1733506744155; Fri, 06 Dec 2024 09:39:04 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.39.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:03 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 4/9] rtld: Move call_init_paths after _dl_process_pt_gnu_property Date: Fri, 6 Dec 2024 14:37:52 -0300 Message-ID: <20241206173850.3766841-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org To allow the loader malloc behavior to be changed by the gnu attribute. It would allow the pages allocated to be memory sealed if the loader if built with memory sealing. Checked on x86_64-linux-gnu. --- elf/rtld.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/elf/rtld.c b/elf/rtld.c index e19086ecad..21d282fc87 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1708,10 +1708,6 @@ dl_main (const ElfW(Phdr) *phdr, /* With vDSO setup we can initialize the function pointers. */ setup_vdso_pointers (); - /* Initialize the data structures for the search paths for shared - objects. */ - call_init_paths (&state); - /* Initialize _r_debug_extended. */ struct r_debug *r = _dl_debug_initialize (GL(dl_rtld_map).l_addr, LM_ID_BASE); @@ -1767,6 +1763,10 @@ dl_main (const ElfW(Phdr) *phdr, /* Assign a module ID. Do this before loading any audit modules. */ _dl_assign_tls_modid (&GL(dl_rtld_map)); + /* Initialize the data structures for the search paths for shared + objects. */ + call_init_paths (&state); + audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_AUDIT); audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_DEPAUDIT); From patchwork Fri Dec 6 17:37:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847840 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp910629wrt; Fri, 6 Dec 2024 09:40:23 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXIWn6JvpmSWdVxdJQ/bGmNPjV+mbH+6LUi0YASVWttDBeA53plV0uYRYGN5YoHE0bc5aZGyQ==@linaro.org X-Google-Smtp-Source: AGHT+IFtNCm/132gqHxSUKnfmuTXPxO7fzoOeVyYqYRpb7AhUhs3VUSFgjzyG732N6Qk34GqnEgF X-Received: by 2002:a67:e916:0:b0:4af:d487:45ef with SMTP id ada2fe7eead31-4afd4874811mr2434538137.5.1733506823447; Fri, 06 Dec 2024 09:40:23 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733506823; cv=pass; d=google.com; s=arc-20240605; b=Jue36H+fTp/wzlWzBalTj4lci1Xab0SEiE2V6rb/f5qMfrAMP/DKoZANRzXFu+rkAU y8VKeSa/EG4frJTo909j7d75/q+LEXbKOvz4o1BDQ04oJ330pPHGJxty2fpSS8pMeci9 wNRMNNUJoFeI68PjtHN8GYSLklFXLz7h6MnntmzQ8J+KDeb4U2WxhyNhz3VfwFRehkLD N1F4olv+Dlll4RRrcXoepEdKC4a/jWOuB2To9syS4AsTXOkn6bAcosaGwTIVEMya0Mho WNAQoV94/WkI6YtoC5icOw5p58ZHXqTxhe3GXIpoD2r413OwHewAWSb2EsZSUNR1EXmp yKwQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=DQ1VYmtKopRl3kxpKVrrjfD0u5jpRgSDan+eK48KvDY=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=L0YgGd3SoL9zfbILuvDaMs+NIpVpwC//U9M6p1f9pHM8Cz0rB6ckBBFZ51PbTPUUd5 qN4+a91IC80KoFx2QRKk4qoijb6txzZlVSi8Zq4Su9Xwf94hFA8dqAB6YK3heXUqNzxZ vFmnCwbqaSYtbB20FFuCI4t/Zjb80ysAZDzn1Kg70nq4rmx2gQYFlDptKgi6IcaWrffA Vp5wIIy3ysCoOO7kdd8ImM4I77c9T5+pjmOBpT0ZVm27a3+NiGjiZT15N9Q/KlLVkZAA TuUYKOriAWwxf0BUGLMekkQfQLvb510/CrRXquASoDFTJcDbGfFh4HwkJMSpEfSM4WFR sNXA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kRIZ6N2o; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id ada2fe7eead31-4afbc507001si1321196137.76.2024.12.06.09.40.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:40:23 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kRIZ6N2o; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id EE4A43858408 for ; Fri, 6 Dec 2024 17:40:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EE4A43858408 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=kRIZ6N2o X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by sourceware.org (Postfix) with ESMTPS id 8D1513858406 for ; Fri, 6 Dec 2024 17:39:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8D1513858406 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8D1513858406 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506747; cv=none; b=bejqoNINHdpJZHVvZsEI0wZTErQPSTEydmMtoN3+dIlayzi7RNP5n4FozZBD+l5LTiB9breUX7428SWesWd8HB9ZdJr4bOmCya1WX+Oq18mtuJDuA1XxvrhY9kYlY2hI0pCR/yvsvLKcik7/g6Qi5b3bgbKZVesbw2Ax4PsSRr8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506747; c=relaxed/simple; bh=AGImmDbiUGTsRLXgLYMFa4a+wzUvDG0YH4hoSJ0Xinc=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=HqC7rexAviTy0/e5mpP5fy7z+fhN8vdmCA68C0D+xs473hIJr5TNN/VNBWkR5BMESfc0XCRJFt6vdEAvoTeXwg4GezZCzjvWsiP7HJ29YFHPbp9RYkCVQHRHl2nLqTN4Vvbn0pA4fFH9VOV4CK5kyPWKRcj+urZSNEaFvWxvIME= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8D1513858406 Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-725ad59ad72so1545534b3a.2 for ; Fri, 06 Dec 2024 09:39:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506746; x=1734111546; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DQ1VYmtKopRl3kxpKVrrjfD0u5jpRgSDan+eK48KvDY=; b=kRIZ6N2o1xAxrY3UUko5R9B5WvUK3iYKIVFlLHrWP+qz7ZJHYqQaWYIn09zYAT6vWf JRt2FOJQro7NFmLQwqmQ440YtoSaIrwInU3iKhYzavDrHssw3izlWg6NZ2Wc7kZBEOuG 3lNqC5BfaXCW1Emn3SSf2MyKD0Gs+QtZsrpTnIuUeZzQb5QhOA9ebtz31H/sfscUjnYi 5jcHJmwQHpfTNcraeX3Wjde2e4+GescRBzkCYGtPzjyNctur9VIy+VCkaMU2SRd2RNvR 7jf3CCOIVsNuHABxdJANPXQIxrq+qzYmL/2l4wvEtsbjalNhZ3naDA5+3c2DKsIpZ5MD Q3VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506746; x=1734111546; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DQ1VYmtKopRl3kxpKVrrjfD0u5jpRgSDan+eK48KvDY=; b=EmFoNCCSYlvTFEQ2FX2lQ/Ci7tyGvhesULqjepvBlk4fcC3ytpCRAmaf8OPmxo115H f3uhHLlMxkYstGCfaYpLmhlZzfRGlOC03wJohl1JCC2Zg0KGMrWzWwE9U7ReKNyClSsX 94rO27cjLm1QUVt+p4dBHPhhu0QpLpIlpQdvHjbsyv/NBC0peZ/PJH7jZszAwz33YmBH 9+ug20QIYdYPUZuT7YiwChW/QO6TQxViwrPCv0YSDQaMcCsBInt5M2bkO2kaInTf6dMr nd1LFEJ2/7rjfcXJv+dRQFTeZJjTYmHD2BYiP6AYU6M8jYIz93dJln4Q9pKOfeYzuSx/ u+IQ== X-Gm-Message-State: AOJu0Yy8L2FU0ulc+Mu3DijisPkAuhkRD5WEkkL4g4nWiXH/zJCdm5zQ PKl0BhwNuuuoYyBlk8QJcj6Hkvx5SWIWpyuOdaaUMYegOKELQBV5dAl918NrcTRbc1kaJpDXiIF R X-Gm-Gg: ASbGncvhMUg/jLcTMYG1v4oITft4a6zTc7DrfBAf2krk4hLV/FoEDSm3KwDgVgM+UBw B4p/Z8MW1avZpdC+m4bPliOtV9PWc8XRM9aJcwDX8VTj4/GCDpU0kOVJMiMl/L3UGa1/7hyQ27w AKSgqLpSO9grCiqsJRcok+2szFRXXBswbBa8u6ri+6hEZ+6eXwXtf0seBQvKmrDn19OqkWbeqdj 29q44EgWZhHcbcFMjGqKgqyeDcJFuAMk+xpDYwC1yQ1GxA/UFEpa+i2uppayA== X-Received: by 2002:a17:902:d50c:b0:215:3205:589a with SMTP id d9443c01a7336-21614dd3cd7mr45397975ad.53.1733506746333; Fri, 06 Dec 2024 09:39:06 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.39.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:05 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 5/9] elf: Use RTLD_NODELETE for dependencies Date: Fri, 6 Dec 2024 14:37:53 -0300 Message-ID: <20241206173850.3766841-6-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org So dlopen dependencies for objects opened with RTLD_NODELETE are also marked with RTLD_NODELETE. Checked on x86_64-linux-gnu. --- elf/dl-open.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/elf/dl-open.c b/elf/dl-open.c index ba3c266e6a..f283a87144 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -604,7 +604,8 @@ dl_open_worker_begin (void *a) /* Load that object's dependencies. */ _dl_map_object_deps (new, NULL, 0, 0, - mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT)); + mode & (__RTLD_DLOPEN | RTLD_DEEPBIND | __RTLD_AUDIT + | RTLD_NODELETE)); /* So far, so good. Now check the versions. */ for (unsigned int i = 0; i < new->l_searchlist.r_nlist; ++i) From patchwork Fri Dec 6 17:37:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847845 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp912860wrt; Fri, 6 Dec 2024 09:46:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV6v5p0exyJwGf9rimTJWrEQb0UVPBsjBuyxWu2avtVwjvXK1fNxEcr3stSnsn4jwgEmJX6xg==@linaro.org X-Google-Smtp-Source: AGHT+IETukS+MIxlSjdaHNhmKqNF3ktu7FIYeZK2BgN9diQgfQIhw+OTZ0JJHeZW2yr7TnxVeUzL X-Received: by 2002:a05:6214:20a8:b0:6d8:9815:92e2 with SMTP id 6a1803df08f44-6d8e7114c2cmr39994496d6.15.1733507164939; Fri, 06 Dec 2024 09:46:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733507164; cv=pass; d=google.com; s=arc-20240605; b=EEHg1qPsOLn1lSmg+lMl//UkJexdpmj6v7y9+iddQrsYTQS8l9ulzcSffOJrEPjaHi g6+hzQ8pwL/8nlNrbaso+UMwNS/sUtQivgMdL+vZ+dGgiWd1NnHicIHyJPkI4laO154e u7IKL50gmrMDINJ2GwcLXCRlkUR05XAr5smMSuck6RBRFvE1SMbgJA4HlM93elKjzQSD BuxsupePVLx4b7WtiEIlA96IVCXJLAro4YB3O7oKRKQvq5lNrzCO3Kn98d/hPJQZfnLq 0gLZsCCKK5twEzSv4DHY5K2uEXypzab3sb6Ao9T0W6FDY7KuzI9euvRoirqKHVwTA0It En7Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=r28/8/7vxiDvbH92YDKz8XF+ejZGpNPM7J3OJAXRH+4=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=S2RWKFAoe5LKZoC2JTnCTnu50a70sgIUYv99+2pvGu1VdRfB1w2QQy2G2WGbWr6S/J 9ZMC3lAIsCXVw3V5zxGZZT9e/5S2LrRb9o93tUiGrNak8o1fu1nTtZZpBRnLWwJX5IBN RGykpzzs2q116BrT2iCCpUdTGly9wtDC6o4XGHnSeJSKmJIxmxZuaOeqQK7OJdZIHe1K C9i7cRRSpIMj33Jsq3C+gffMPJRIDnyOG3S6lzTR5cIINZtLY1Gj8++cr33AR+t2ysjd A+q/KHdHHc/a47CWdd0Uk1sseexThw0hU17MId9Q4ofFFDHv14zhrFzYriKLcqP2S+kO AXmA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Hy9Q6ia5; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id 6a1803df08f44-6d8dac0a15fsi47528876d6.356.2024.12.06.09.46.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:46:04 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Hy9Q6ia5; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 7CB0B385840B for ; Fri, 6 Dec 2024 17:46:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7CB0B385840B Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=Hy9Q6ia5 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by sourceware.org (Postfix) with ESMTPS id 34CFB385840A for ; Fri, 6 Dec 2024 17:39:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 34CFB385840A Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 34CFB385840A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::430 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506750; cv=none; b=AjHYRQhUpi2y0W1kNeSK8jWB7fT/d1BYMTtQ/vqvi5I7bW6Zmbfzm9KsfSquKGpJ38FfDrQvSfGUIlPHq/1lKXOva3cEnUJ9S1qT7Z6kz14gjKF7t46PmWidzRZCD/vARgAk1o4Bh7M4yZrXhdfhijnjfLqvj3GLKHiUDk7kmcE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506750; c=relaxed/simple; bh=I9xop5N1cD8pjIt2nuUegx36bYbjA6WxF91wa7mgn8s=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=L0Tsi50PSOhMBHEEY2K0jNKI/5GrGq2qe/HwJpysjcyOoQxowe5rN1T4WxApEkLtkPT6bqddBvWgNP4bKJxhAHAwZk8qkaKUqauiZLBDcRgxBvHVnDnw62dv7yzCjrG68Q0HmD4rupGVTrju5tiN8gFO+BMzdcrgtKqjGoTBeFQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 34CFB385840A Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-7242f559a9fso2534978b3a.1 for ; Fri, 06 Dec 2024 09:39:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506749; x=1734111549; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r28/8/7vxiDvbH92YDKz8XF+ejZGpNPM7J3OJAXRH+4=; b=Hy9Q6ia5mcasHp13REtn+l7abM8x8naOlreoVUKeOB8Dd87Kxb422j2OJ3o8Ay/vdR wHtr5NtBTxPqtg5YdeVCrF27jQUcRSnh8atmZqZsqDGrRPdyYKSdyxAvTQVmerG/oU+X oBMZmJ7SEKNyXK1fE1++8DxZ1xqaGkm9sLxHErX2Uf+pW8coSo4pjKm/cCYdra2ZA6p5 +pt15skw4ZJybx+oGLaBP36v20d8n3A9j2pFLrfUk8U5SJqskFEEAJQzm7sdX78+gGyJ +NnjTQp7C7dED/b4GkmYiy8jrKHcGQxwiXfzHF2G6pIVvBL8WqtBhDRidxmUOWip5i7U sMBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506749; x=1734111549; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r28/8/7vxiDvbH92YDKz8XF+ejZGpNPM7J3OJAXRH+4=; b=arTpAq6Z1c1VAD37X30bWZwJO4wTdDizgct1S2b105MNx9LHfoOEByChe3XukUswYE Vu3ejEPj8sZiSNnLqjocPUSk2JeD7qPqsge5/0E3slPYZ1K/PZlzsYXnHtWwtyQLt51S ZgEjBIhD6TutcDMpEaoZSVti2gD42rObY8AT9sHBU/tU75Qh2slQejDgkXft+1sQ7LF8 bxcdq35eiru8n0zVE96tSNJA5sf+FvKLDMC7gaTUAzvhRoHYHS9ALWnnsRs5ElWSOyij //wphmzAbhABBDfD3xwV5lPOoLuYQeRP3T6UjvomU61tnV4RySio72GcjXfqo/v/gn0J acqQ== X-Gm-Message-State: AOJu0Yw1o4wt4ZiyHwHDHXijYHBz4BAYrS9s+UUVFyL+eD6abF6WmvwO q8kb6IvKSoHKdHib2Ji1TrZtRLOLhvJTqsdh1NpE0iYCMgXXn4FSG2NcoH/jiHhZbFsEntSXx2B 0 X-Gm-Gg: ASbGncvbtoouSUl9P6U8uz2wvnbywpmJqZA7qVmkrA7JHI+38BwfFqCJL7d/HRqxPJF jZL0YpP20NQfzTiF81Zilg3h8k4wkfFOl32UgztNRAyXn1NgVBNGyv5AVOCQuwXuLLaFzzFRLnt uPhXKY5BDfuM/dvIWbxX158SO4Bp8ISZe3tp8iLPBBPCDLKBrS0iF2qx7SlIid+MpVNzhnmQRa5 y0OYYR01qwaMjDdz7W9qVTh9QsCjyak9JivRlAixiK/Jx5l6xewUV6vm9MHqQ== X-Received: by 2002:a17:902:da8a:b0:216:25a2:2ebe with SMTP id d9443c01a7336-21625a22f5fmr17493295ad.19.1733506748539; Fri, 06 Dec 2024 09:39:08 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.39.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:08 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 6/9] elf: Add support to memory sealing Date: Fri, 6 Dec 2024 14:37:54 -0300 Message-ID: <20241206173850.3766841-7-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new Linux mseal syscall allows mark a memory mapping to avoid further changes (such as chaing the protection flags). The memory sealing is done in multiple places where the memory is supposed to be immutable during program execution: * All shared library dependencies from the binary, including the read-only segments after PT_GNU_RELRO setup. * The binary itself, including dynamic and static linked ones. In both cases, it is up either to binary or the loader to set up the sealing. * Any preload libraries, including depedencies. * Any library loaded with dlopen with RTLD_NODELETE flag. * Audit modules. * The loader bump allocator. The memory sealing is controled by a new gnu attribute, GNU_PROPERTY_MEMORY_SEAL, added by the new static linker option '-z memory-seal'. It is set per binary, including statically linked and shared objects. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- NEWS | 6 ++++ elf/dl-load.c | 4 +++ elf/dl-map-segments.h | 16 ++++++++-- elf/dl-minimal-malloc.c | 3 ++ elf/dl-open.c | 4 +++ elf/dl-reloc.c | 50 ++++++++++++++++++++++++++++++ elf/dl-support.c | 3 ++ elf/elf.h | 2 ++ elf/rtld.c | 12 +++++-- elf/setup-vdso.h | 2 ++ include/link.h | 8 +++++ sysdeps/aarch64/dl-prop.h | 5 +++ sysdeps/generic/dl-mseal.h | 23 ++++++++++++++ sysdeps/generic/dl-prop-mseal.h | 36 +++++++++++++++++++++ sysdeps/generic/dl-prop.h | 5 +++ sysdeps/generic/ldsodefs.h | 9 ++++++ sysdeps/unix/sysv/linux/Makefile | 4 +++ sysdeps/unix/sysv/linux/dl-mseal.c | 41 ++++++++++++++++++++++++ sysdeps/unix/sysv/linux/dl-mseal.h | 27 ++++++++++++++++ sysdeps/x86/dl-prop.h | 4 +++ 20 files changed, 259 insertions(+), 5 deletions(-) create mode 100644 sysdeps/generic/dl-mseal.h create mode 100644 sysdeps/generic/dl-prop-mseal.h create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.c create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.h diff --git a/NEWS b/NEWS index d65eaeadf7..723dac1ccc 100644 --- a/NEWS +++ b/NEWS @@ -49,6 +49,12 @@ Major new features: mappings to avoid further change during process execution such as protection permissions, unmapping, moving to another location, or shrinking the size. +* The loader will memory seal all libraries that contains the new gnu + attribute GNU_PROPERTY_MEMORY_SEAL. The memory sealing uses the new Linux + mseal syscall, and it will be applied to all shared libraries dependencies, + the binary, any preload and audit modules, and aby library loaded with + RTLD_NODELETE. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/elf/dl-load.c b/elf/dl-load.c index e986d7faab..b52c29ccb7 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1415,6 +1415,10 @@ cannot enable executable stack as shared object requires"); /* Assign the next available module ID. */ _dl_assign_tls_modid (l); + if (l->l_seal == lt_seal_toseal + && (mode & __RTLD_DLOPEN) && !(mode & RTLD_NODELETE)) + l->l_seal = lt_seal_dont_dlopen; + #ifdef DL_AFTER_LOAD DL_AFTER_LOAD (l); #endif diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h index 30977cf800..51c5286f6e 100644 --- a/elf/dl-map-segments.h +++ b/elf/dl-map-segments.h @@ -18,6 +18,7 @@ . */ #include +#include /* Map a segment and align it properly. */ @@ -115,11 +116,15 @@ _dl_map_segments (struct link_map *l, int fd, if (__glibc_unlikely (loadcmds[nloadcmds - 1].mapstart < c->mapend)) return N_("ELF load command address/offset not page-aligned"); + + caddr_t hole_start = (caddr_t) (l->l_addr + c->mapend); + size_t hole_size = loadcmds[nloadcmds - 1].mapstart - c->mapend; + if (__glibc_unlikely - (__mprotect ((caddr_t) (l->l_addr + c->mapend), - loadcmds[nloadcmds - 1].mapstart - c->mapend, - PROT_NONE) < 0)) + (__mprotect (hole_start, hole_size, PROT_NONE) < 0)) return DL_MAP_SEGMENTS_ERROR_MPROTECT; + if (l->l_seal) + _dl_mseal (hole_start, hole_size); } l->l_contiguous = 1; @@ -188,6 +193,11 @@ _dl_map_segments (struct link_map *l, int fd, -1, 0); if (__glibc_unlikely (mapat == MAP_FAILED)) return DL_MAP_SEGMENTS_ERROR_MAP_ZERO_FILL; + /* We need to seal this here because it will not be part of + the PT_LOAD segments, nor it is taken in RELRO + calculation. */ + if (l->l_seal) + _dl_mseal (mapat, zeroend - zeropage); } } diff --git a/elf/dl-minimal-malloc.c b/elf/dl-minimal-malloc.c index 69fc19c1b7..a701ff89d5 100644 --- a/elf/dl-minimal-malloc.c +++ b/elf/dl-minimal-malloc.c @@ -27,6 +27,7 @@ #include #include #include +#include static void *alloc_ptr, *alloc_end, *alloc_last_block; @@ -62,6 +63,8 @@ __minimal_malloc (size_t n) if (page == MAP_FAILED) return NULL; __set_vma_name (page, nup, " glibc: loader malloc"); + if (GL(dl_rtld_map).l_seal == lt_seal_toseal) + _dl_mseal (page, nup); if (page != alloc_end) alloc_ptr = page; alloc_end = page + nup; diff --git a/elf/dl-open.c b/elf/dl-open.c index f283a87144..36ee904eba 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -807,6 +807,10 @@ dl_open_worker (void *a) if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) _dl_debug_printf ("opening file=%s [%lu]; direct_opencount=%u\n\n", new->l_name, new->l_ns, new->l_direct_opencount); + + /* The seal flag is set only for NEW, however its dependencies could not be + unloaded and thus can also be sealed. */ + _dl_mseal_map (new, true, false); } void * diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c index 76d14830dd..f8127cb166 100644 --- a/elf/dl-reloc.c +++ b/elf/dl-reloc.c @@ -28,6 +28,7 @@ #include <_itoa.h> #include #include "dynamic-link.h" +#include /* Statistics function. */ #ifdef SHARED @@ -345,6 +346,7 @@ _dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[], return; _dl_relocate_object_no_relro (l, scope, reloc_mode, consider_profiling); _dl_protect_relro (l); + _dl_mseal_map (l, false, false); } void @@ -369,6 +371,54 @@ cannot apply additional memory protection after relocation"); } } +static void +_dl_mseal_map_1 (struct link_map *l, bool force) +{ + /* The 'force' check allow to seal audit with sealing enabled after + they are loader during process startup. */ + if (l->l_seal == lt_seal_dont + || (force + ? l->l_seal != lt_seal_dont_dlopen + : l->l_seal == lt_seal_dont_dlopen)) + return; + + int r = -1; + if (l->l_contiguous) + r = _dl_mseal ((void *) l->l_map_start, l->l_map_end - l->l_map_start); + else + { + /* We can use the PT_LOAD segments because even if relro splits the + original RW VMA, mseal works with multiple VMAs with different + flags. */ + const ElfW(Phdr) *ph; + for (ph = l->l_phdr; ph < &l->l_phdr[l->l_phnum]; ++ph) + switch (ph->p_type) + { + case PT_LOAD: + { + ElfW(Addr) mapstart = l->l_addr + + (ph->p_vaddr & ~(GLRO(dl_pagesize) - 1)); + ElfW(Addr) allocend = l->l_addr + ph->p_vaddr + ph->p_memsz; + r = _dl_mseal ((void *) mapstart, allocend - mapstart); + } + break; + } + } + + if (r == 0) + l->l_seal = lt_seal_sealed; +} + +void +_dl_mseal_map (struct link_map *l, bool dep, bool force) +{ + if (l->l_searchlist.r_list == NULL || !dep) + _dl_mseal_map_1 (l, force); + else + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; ++i) + _dl_mseal_map_1 (l->l_searchlist.r_list[i], force); +} + void __attribute_noinline__ _dl_reloc_bad_type (struct link_map *map, unsigned int type, int plt) diff --git a/elf/dl-support.c b/elf/dl-support.c index f0b6be07e9..e43b455de4 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -46,6 +46,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -100,6 +101,7 @@ static struct link_map _dl_main_map = .l_used = 1, .l_tls_offset = NO_TLS_OFFSET, .l_serial = 1, + .l_seal = lt_seal_dont, }; /* Namespace information. */ @@ -352,6 +354,7 @@ _dl_non_dynamic_init (void) /* Setup relro on the binary itself. */ _dl_protect_relro (&_dl_main_map); + _dl_mseal_map (&_dl_main_map, false, false); } #ifdef DL_SYSINFO_IMPLEMENTATION diff --git a/elf/elf.h b/elf/elf.h index 33aea7f743..b9fe2064af 100644 --- a/elf/elf.h +++ b/elf/elf.h @@ -1357,6 +1357,8 @@ typedef struct #define GNU_PROPERTY_STACK_SIZE 1 /* No copy relocation on protected data symbol. */ #define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2 +/* No memory sealing. */ +#define GNU_PROPERTY_MEMORY_SEAL 3 /* A 4-byte unsigned integer property: A bit is set if it is set in all relocatable inputs. */ diff --git a/elf/rtld.c b/elf/rtld.c index 21d282fc87..71902de400 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -53,6 +53,7 @@ #include #include #include +#include #include @@ -478,6 +479,7 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) GL(dl_rtld_map).l_real = &GL(dl_rtld_map); GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start; GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end; + GL(dl_rtld_map).l_seal = lt_seal_dont; /* Copy the TLS related data if necessary. */ #ifndef DONT_USE_BOOTSTRAP_MAP # if NO_TLS_OFFSET != 0 @@ -1042,6 +1044,11 @@ ERROR: audit interface '%s' requires version %d (maximum supported version %d); /* Mark the DSO as being used for auditing. */ dlmargs.map->l_auditing = 1; + + /* Audit modules can not be loaded with RTLD_NODELETE, so apply the sealing + again on all dependencies an and ignore any possible missing seal due + dlopen without RTLD_NODELETE. */ + _dl_mseal_map (dlmargs.map, true, true); } /* Load all audit modules. */ @@ -1124,6 +1131,7 @@ rtld_setup_main_map (struct link_map *main_map) /* And it was opened directly. */ ++main_map->l_direct_opencount; main_map->l_contiguous = 1; + main_map->l_seal = lt_seal_dont; /* A PT_LOAD segment at an unexpected address will clear the l_contiguous flag. The ELF specification says that PT_LOAD @@ -2344,8 +2352,8 @@ dl_main (const ElfW(Phdr) *phdr, at this point. */ __rtld_malloc_init_real (main_map); - if (GL(dl_rtld_map).l_relro_size != 0) - _dl_protect_relro (&GL(dl_rtld_map)); + _dl_protect_relro (&GL(dl_rtld_map)); + _dl_mseal_map (&GL(dl_rtld_map), false, false); rtld_timer_accum (&relocate_time, start); } diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h index 888e1e4897..f115e6eb78 100644 --- a/elf/setup-vdso.h +++ b/elf/setup-vdso.h @@ -66,6 +66,8 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), /* The vDSO is always used. */ l->l_used = 1; + /* The PT_LOAD may not cover all the vdso mapping. */ + l->l_seal = lt_seal_dont; /* Initialize l_local_scope to contain just this map. This allows the use of dl_lookup_symbol_x to resolve symbols within the vdso. diff --git a/include/link.h b/include/link.h index 5ed445d5a6..e8ee740099 100644 --- a/include/link.h +++ b/include/link.h @@ -214,6 +214,14 @@ struct link_map lt_library map. */ unsigned int l_tls_in_slotinfo:1; /* TLS slotinfo updated in dlopen. */ + enum /* Memory sealing status. */ + { + lt_seal_dont = 0, /* Do not seal the object. */ + lt_seal_dont_dlopen, /* Do not seal from a dlopen. */ + lt_seal_toseal, /* The library is marked to be sealed. */ + lt_seal_sealed /* The library is sealed. */ + } l_seal:2; + /* NODELETE status of the map. Only valid for maps of type lt_loaded. Lazy binding sets l_nodelete_active directly, potentially from signal handlers. Initial loading of an diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h index df05c0211d..c66d9a49f0 100644 --- a/sysdeps/aarch64/dl-prop.h +++ b/sysdeps/aarch64/dl-prop.h @@ -19,6 +19,8 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include + extern void _dl_bti_protect (struct link_map *, int) attribute_hidden; extern void _dl_bti_check (struct link_map *, const char *) @@ -45,6 +47,9 @@ static inline int _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + if (!GLRO(dl_aarch64_cpu_features).bti) /* Skip note processing. */ return 0; diff --git a/sysdeps/generic/dl-mseal.h b/sysdeps/generic/dl-mseal.h new file mode 100644 index 0000000000..dccf78ae38 --- /dev/null +++ b/sysdeps/generic/dl-mseal.h @@ -0,0 +1,23 @@ +/* Memory sealing. Generic version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +static inline int +_dl_mseal (void *addr, size_t len) +{ + return 0; +} diff --git a/sysdeps/generic/dl-prop-mseal.h b/sysdeps/generic/dl-prop-mseal.h new file mode 100644 index 0000000000..b1f93a17fb --- /dev/null +++ b/sysdeps/generic/dl-prop-mseal.h @@ -0,0 +1,36 @@ +/* Support for GNU properties. Generic version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_PROP_MSEAL_H +#define _LD_PROP_MSEAL_H + +#include + +static __always_inline bool +_dl_process_gnu_property_seal (struct link_map *l, int fd, uint32_t type, + uint32_t datasz, void *data) +{ + if (type == GNU_PROPERTY_MEMORY_SEAL && datasz == 0) + { + l->l_seal = lt_seal_toseal; + return true; + } + return false; +} + +#endif diff --git a/sysdeps/generic/dl-prop.h b/sysdeps/generic/dl-prop.h index 1d92920a96..5fac690c81 100644 --- a/sysdeps/generic/dl-prop.h +++ b/sysdeps/generic/dl-prop.h @@ -19,6 +19,8 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include + /* The following functions are used by the dynamic loader and the dlopen machinery to process PT_NOTE and PT_GNU_PROPERTY entries in the binary or shared object. The notes can be used to change the @@ -47,6 +49,9 @@ static inline int __attribute__ ((always_inline)) _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + /* Continue until GNU_PROPERTY_1_NEEDED is found. */ if (type == GNU_PROPERTY_1_NEEDED) { diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 91447a5e77..dbfa5d7a6a 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1024,6 +1024,15 @@ void _dl_relocate_object_no_relro (struct link_map *map, /* Protect PT_GNU_RELRO area. */ extern void _dl_protect_relro (struct link_map *map) attribute_hidden; +/* Issue memory sealing for the link map MAP. If MAP is contiguous the + whole region is sealed, otherwise iterate over the program headerrs and + seal each PT_LOAD segment.i + The DEP specify whether to seal the dependencies as well, while FORCE + ignores any possible missing seal due dlopen without RTLD_NODELETE. + The memory sealing should be done *after* RELRO setup. */ +extern void _dl_mseal_map (struct link_map *map, bool dep, bool force) + attribute_hidden; + /* Call _dl_signal_error with a message about an unhandled reloc type. TYPE is the result of ELFW(R_TYPE) (r_info), i.e. an R__* value. PLT is nonzero if this was a PLT reloc; it just affects the message. */ diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index a270b0af4c..8c1389cb0f 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -644,6 +644,10 @@ sysdep-rtld-routines += \ dl-sbrk \ # sysdep-rtld-routines +dl-routines += \ + dl-mseal \ + # dl-routines + others += \ pldd \ # others diff --git a/sysdeps/unix/sysv/linux/dl-mseal.c b/sysdeps/unix/sysv/linux/dl-mseal.c new file mode 100644 index 0000000000..c99fd991cb --- /dev/null +++ b/sysdeps/unix/sysv/linux/dl-mseal.c @@ -0,0 +1,41 @@ +/* Memory sealing. Linux version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +int +_dl_mseal (void *addr, size_t len) +{ + int r; +#if __ASSUME_MSEAL + r = INTERNAL_SYSCALL_CALL (mseal, addr, len, 0); +#else + r = -ENOSYS; + static int mseal_supported = true; + if (atomic_load_relaxed (&mseal_supported)) + { + r = INTERNAL_SYSCALL_CALL (mseal, addr, len, 0); + if (r == -ENOSYS) + atomic_store_relaxed (&mseal_supported, false); + } +#endif + return r; +} diff --git a/sysdeps/unix/sysv/linux/dl-mseal.h b/sysdeps/unix/sysv/linux/dl-mseal.h new file mode 100644 index 0000000000..25e3f724dc --- /dev/null +++ b/sysdeps/unix/sysv/linux/dl-mseal.h @@ -0,0 +1,27 @@ +/* Memory sealing. Linux version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* Seal the ADDR or size LEN to protect against modifications, such as + changes on the permission flags (through mprotect), remap (through + mmap and/or remap), shrink, destruction changes (madvise with + MADV_DONTNEED), or change its size. The input has the same constraints + as the mseal syscall. + + Return 0 in case of success or a negative value otherwise (a negative + errno). */ +int _dl_mseal (void *addr, size_t len) attribute_hidden; diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index 08387dfaff..26a687d611 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -19,6 +19,7 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +#include #include extern void _dl_cet_check (struct link_map *, const char *) @@ -241,6 +242,9 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { /* This is called on each GNU property. */ + if (_dl_process_gnu_property_seal (l, fd, type, datasz, data)) + return 0; + unsigned int needed_1 = 0; unsigned int feature_1_and = 0; unsigned int isa_1_needed = 0; From patchwork Fri Dec 6 17:37:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847841 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp910760wrt; Fri, 6 Dec 2024 09:40:40 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXlLTmVRk9ue9ZBinAf4T+98QtqTHTjeN2HwnwvHs0K0b+Acfs3YuVdBzlaV1VlB1WPJORBWQ==@linaro.org X-Google-Smtp-Source: AGHT+IF6V751x5bW7uzLeLC5U92JMQTsK9h4xOISn+LRhHlvr8TXJYT7b2k6eO9e5XPafMUeI03+ X-Received: by 2002:a05:6102:5108:b0:4af:c245:7512 with SMTP id ada2fe7eead31-4afcaacf83amr4993966137.22.1733506840178; Fri, 06 Dec 2024 09:40:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733506840; cv=pass; d=google.com; s=arc-20240605; b=BGOhAOn1HyBtO+zr98iS2dHQsJFuT8JNzW00Q70ezeYh5Ec8z/KRbxfKMWVlkTT2hq zqBakSmlvadiX4NAn/HjOtfq/SGu4w7qSIOwlGoMpIgt05gnbKX6ps0Qs2POPSc14vSW d8AvoB9tLMd9jYUsyiWW8PEYOue2qmd8NrErc3DXAJNqt17/RuCFyIe97qqp46Y76j0R XWxnYPwrCBULrD9E3X3BEOue1eVe2/koW15aH5BbtErt2sRpv8rmpsGw7oTLk8vwZSRg gfWeYTiezo4Q0+CnJyilVjL1o3hLnHMxEmGLrad2iC7/V9s4x+B7dynkBPIqvN1q3bR+ lwFQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=Gyii1SQ6RIA6zHr9mbG9Ucs5EB/FhzOEAiyXBEfSolw=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=gCs85YvfN8Wf/ZFH9YMhRm2VKc6fixhpq4I44efa78A5wFMgiJ+aOAodqsIuo0mo5X 7r+jBPGb/nkGUm6loc8I/mrB3WLk962BuuRfhzKmFZYjuKUtpqdaklfJA7roJMSlfPPH De3ZB0/pUW4dS1uPa9/PeLU8XjG2iuDJlCzUI7XfJ3TnCYZ4dxpaTrCfn9owpA+LkrSg ba0dqu9PmWMoBnL9SySVfT16YKeeF7lBtanLa2meXfIc/ESYonGUnG7/Ee0P77npG3Ku 0TT+lN3rzx56km7ZAGAh245oojl1ccmobz+5zDQ2ljTW1fGN3THltvIf0tmCXChE/6v8 9XQA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IUTJjfVh; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id ada2fe7eead31-4afbc5055b2si1392647137.7.2024.12.06.09.40.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:40:40 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IUTJjfVh; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id AB29F3858416 for ; Fri, 6 Dec 2024 17:40:39 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AB29F3858416 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=IUTJjfVh X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by sourceware.org (Postfix) with ESMTPS id 0BBC13858408 for ; Fri, 6 Dec 2024 17:39:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0BBC13858408 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0BBC13858408 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506752; cv=none; b=U9i9t0Zdi9qbyoeK2jL7qtqkAFXskW01au65ry1vYUWepatHIAvDIkwTWbcAVMcZIheVyESDvhzSa537piR79qAhIjWAv7C7POUzAhDs6aW7bbfxK8guVUWC54JqOLSR03ADOQ1WO3223SHrb12yy3d2Bj5vo19pBVmA9GILo6I= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506752; c=relaxed/simple; bh=iwYKWLwT0POd0KMBcVTNF7uI1Ua54hG0lBedxuuulU0=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=fifrF4VcJOmRPr5IHv/2+bSEKSVQqDKzamXxJiE9Lu7AvWQIZUhFN1EUXdEy/xs2dhxrr7ErzQZIMfUsBsU/eRanyKbTg8TNNmvrwXwUtSEhH3r117b0oqR232Mc+wB3cQ1qjgirCn1xetRURsVA3b5nl+qghrCR+V8dEwdEasI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0BBC13858408 Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-215810fff52so26278205ad.1 for ; Fri, 06 Dec 2024 09:39:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506751; x=1734111551; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gyii1SQ6RIA6zHr9mbG9Ucs5EB/FhzOEAiyXBEfSolw=; b=IUTJjfVhD7Kk3a65I6t9Dy3Blfmne8xR6Skh4dH4reQf9daB8N3svukJcVOyYlzrJV 4ni9nGosPir9hKnx1yuvGE3ToFtquBdOsRLbVCr4AT6YAyXYDaFrGQTIYFnONkA7VGjA HIYwgM1JI9CAzvpEnqD85RYlDz/qNOhP0U3Vba+nVm1KeBXzoUqjljVdzu9NKe9+5TOB FIjz2t9f341NPArIwjeF8w/JU3+qEGDLoMvbcY751NLC9NVZQ7Dqf7PCxSrfXUAt26sm aU94X0vanSf7KHsDRt5JhL4o8d6BDRJ+3m1ZNe3UL3Qzc8fiwt2KmrbDMMnigXn1g3NB ubUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506751; x=1734111551; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gyii1SQ6RIA6zHr9mbG9Ucs5EB/FhzOEAiyXBEfSolw=; b=J7YX0HGdd9u71oz49oaOZ/eHoaPNOyoOb9hNJQLOF31CrKPXDRf+UYlkjZOqLXYzP4 S2vyXnbpd8MupdQO1U6xvM0m9wAZ7POiBEAR6Zk9tUW3bTpTpqzfWcfDzwCqdY/1TYc9 ZhofAib6iLifstGb7iYVCFPX7cBFoQ8dn1MUbRf9xfwnXMDP+eMC4UHHCkQGbPJ34v8D lgJ7031dFcf7UIvN0+HkgIT9QtJZQJ5QYv3YXAdsW498zSjt2gYXjKtOSRRiOz6kRqrV Y0WlJZnO1Wdh/MgUbvCTWTDo92rDFOsqHf0Pk12MwzA9CjM6FRRvbawg3v/yXpH8PytH RJCQ== X-Gm-Message-State: AOJu0Yy24pmjmjkvfkMYewuPHu5NHsd/aJeTO/FkVXKyQxY8Ss9WHW5l 0IjwwbqitFioRw1e9DRUBliX0ai4nm42K0HCv/Hcl2ZpuleQ0gSmG0Y5vKOAZyGRO0rmgCqn3w0 6 X-Gm-Gg: ASbGnctu77GsxbNdSm2r5v/iqMzHgU4VQcPpPbh1XRcWVYSwK4A95YQts/Rej/firiZ RfiInBrqi6hoZIfRNemi/CTFbsLRHKMWGxGHJK6q8LTa/zP7VOI0IoO5SmWXVUoZCTSukXuL7Hd ftBluSmd71jSCFltTkFV/7fzUoRgrepBttS7LAAQA7y/2Qz2aQP/mPOHoxWBBDY7D558+eMhyln LR08xV1IgIfojoYmAsAqzaGnhmvtKRyQSrWFU69KBe07ZuIM01QejugQlkibg== X-Received: by 2002:a17:903:228c:b0:212:615f:c1 with SMTP id d9443c01a7336-21614d354e0mr59081195ad.14.1733506750612; Fri, 06 Dec 2024 09:39:10 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.39.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:10 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 7/9] Enable memory sealing automatically Date: Fri, 6 Dec 2024 14:37:55 -0300 Message-ID: <20241206173850.3766841-8-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org All libraries, programs, and the testsuite in glibc are now build with memory sealing by default if the toochain supports it. A new configure option, --disable-default-memory-seal, disables it. Checked on aarch64-linux-gnu. --- INSTALL | 5 ++++ Makeconfig | 17 ++++++++++++++ Makerules | 2 ++ NEWS | 4 ++++ configure | 57 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 19 +++++++++++++++ elf/Makefile | 1 + manual/install.texi | 5 ++++ 8 files changed, 110 insertions(+) diff --git a/INSTALL b/INSTALL index 24e3c8d25b..2a340514c2 100644 --- a/INSTALL +++ b/INSTALL @@ -245,6 +245,11 @@ if 'CFLAGS' is specified it must enable optimization. For example: Disable using 'scv' instruction for syscalls. All syscalls will use 'sc' instead, even if the kernel supports 'scv'. PowerPC only. +'--disable-default-memory-seal' + Don't build glibc libraries, programs, and the testsuite with + memory sealing support (GNU_PROPERTY_MEMORY_SEAL). By default, + memory sealing is enabled if toolchain suports the linker option. + '--build=BUILD-SYSTEM' '--host=HOST-SYSTEM' These options are for cross-compiling. If you specify both options diff --git a/Makeconfig b/Makeconfig index a0abc2239b..6c74155b7c 100644 --- a/Makeconfig +++ b/Makeconfig @@ -389,6 +389,21 @@ dt-relr-ldflag = no-dt-relr-ldflag = endif +# Linker options to enable and disable memory sealing (GNU_PROPERTY_MEMORY_SEAL), +# if --disable-default-memory-sealing is used explicit disable memory sealing for +# the case linker defaults to it. +ifeq ($(have-z-memory-seal),yes) +no-memory-seal-ldflag = -Wl,-z,nomemory-seal +ifeq ($(default-memory-seal),yes) +memory-seal-ldflag = -Wl,-z,memory-seal +else +memory-seal-ldflag = $(no-memory-seal-ldflag) +endif +else +memory-seal-ldflag = +no-memory-seal-ldflag = +endif + ifeq (no,$(build-pie-default)) pie-default = $(no-pie-ccflag) else # build-pie-default @@ -433,6 +448,7 @@ link-extra-libs-tests = $(libsupport) ifndef +link-pie +link-pie-before-inputs = $(if $($(@F)-no-pie),$(no-pie-ldflag),-pie) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -Wl,-O1 -nostdlib -nostartfiles \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ @@ -466,6 +482,7 @@ ifndef +link-static +link-static-before-inputs = -nostdlib -nostartfiles -static \ $(if $($(@F)-no-pie),$(no-pie-ldflag),$(static-pie-ldflag)) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(static-pie-dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(real-static-start-installed-name)) \ $(+preinit) $(+prectorT) diff --git a/Makerules b/Makerules index 275110dda8..f2240ed2df 100644 --- a/Makerules +++ b/Makerules @@ -539,6 +539,7 @@ define build-shlib-helper $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \ $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \ -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \ @@ -555,6 +556,7 @@ define build-module-helper $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \ $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \ $(if $($(@F)-no-dt-relr),$(no-dt-relr-ldflag),$(dt-relr-ldflag)) \ + $(if $($(@F)-no-memory-seal),$(no-memory-seal-ldflag),$(memory-seal-ldflag)) \ -B$(csu-objpfx) $(load-map-file) \ $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \ $(link-test-modules-rpath-link) \ diff --git a/NEWS b/NEWS index 723dac1ccc..302babf497 100644 --- a/NEWS +++ b/NEWS @@ -55,6 +55,10 @@ Major new features: the binary, any preload and audit modules, and aby library loaded with RTLD_NODELETE. +* All libraries, progras, and the testsuite in glibc are now build with + memory sealing by default if the toochain supports it. A new configure + option, --disable-default-memory-seal, disables it. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/configure b/configure index e99c0d23af..f006956475 100755 --- a/configure +++ b/configure @@ -809,6 +809,7 @@ enable_mathvec enable_cet enable_scv enable_fortify_source +enable_default_memory_sealing with_cpu ' ac_precious_vars='build_alias @@ -1492,6 +1493,9 @@ Optional Features: Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value supported by the build compiler. + --disable-default-memory-sealing + Do not build glibc libraries, programs, and the + testsuite with memory sealing [default=no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -4856,6 +4860,16 @@ case "$enable_fortify_source" in *) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;; esac +# Check whether --enable-default-memory-sealing was given. +if test ${enable_default_memory_sealing+y} +then : + enableval=$enable_default_memory_sealing; default_memory_sealing=$enableval +else case e in #( + e) default_memory_sealing=yes ;; +esac +fi + + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -7103,6 +7117,49 @@ printf "%s\n" "$libc_linker_feature" >&6; } config_vars="$config_vars have-no-dynamic-linker = $libc_cv_no_dynamic_linker" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for linker that supports -z memory-seal" >&5 +printf %s "checking for linker that supports -z memory-seal... " >&6; } +libc_linker_feature=no +cat > conftest.c <&5 + (eval $ac_try) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then + if ${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -Wl,-z,memory-seal -nostdlib \ + -nostartfiles -fPIC -shared -o conftest.so conftest.c 2>&1 \ + | grep "warning: -z memory-seal ignored" > /dev/null 2>&1; then + true + else + libc_linker_feature=yes + fi +fi +rm -f conftest* +if test $libc_linker_feature = yes; then + libc_cv_z_memory_seal=yes +else + libc_cv_z_memory_seal=no +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_linker_feature" >&5 +printf "%s\n" "$libc_linker_feature" >&6; } + +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +config_vars="$config_vars +have-z-memory-seal = $libc_cv_z_memory_seal" +config_vars="$config_vars +default-memory-seal = $default_memory_sealing" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -static-pie" >&5 printf %s "checking for -static-pie... " >&6; } if test ${libc_cv_static_pie+y} diff --git a/configure.ac b/configure.ac index 06a9c3f252..b88c52a8f4 100644 --- a/configure.ac +++ b/configure.ac @@ -426,6 +426,12 @@ case "$enable_fortify_source" in *) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);; esac +AC_ARG_ENABLE([default-memory-sealing], + AS_HELP_STRING([--disable-default-memory-sealing], + [Do not build glibc libraries, programs, and the testsuite with memory sealing @<:@default=no@:>@]), + [default_memory_sealing=$enableval], + [default_memory_sealing=yes]) + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. @@ -1278,6 +1284,19 @@ LIBC_LINKER_FEATURE([--no-dynamic-linker], [libc_cv_no_dynamic_linker=no]) LIBC_CONFIG_VAR([have-no-dynamic-linker], [$libc_cv_no_dynamic_linker]) +LIBC_LINKER_FEATURE([-z memory-seal], + [-Wl,-z,memory-seal], + [libc_cv_z_memory_seal=yes], + [libc_cv_z_memory_seal=no]) + +# Enable memory-sealing iff it is available and glibc is not configured +# with --disable-defautl-memory-sealing +if test "$libc_cv_z_memory_seal" = no; then + default_memory_sealing=no +fi +LIBC_CONFIG_VAR([have-z-memory-seal], [$libc_cv_z_memory_seal]) +LIBC_CONFIG_VAR([default-memory-seal], [$default_memory_sealing]) + AC_CACHE_CHECK(for -static-pie, libc_cv_static_pie, [dnl LIBC_TRY_CC_OPTION([-static-pie], [libc_cv_static_pie=yes], diff --git a/elf/Makefile b/elf/Makefile index 9172d7306e..8eef4ccfe1 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -1447,6 +1447,7 @@ $(objpfx)ld.so: $(objpfx)librtld.os $(ld-map) $(LINK.o) -nostdlib -nostartfiles -shared -o $@.new \ $(LDFLAGS-rtld) -Wl,-z,defs $(z-now-$(bind-now)) \ $(dt-relr-ldflag) \ + $(memory-seal-ldflag) \ $(filter-out $(map-file),$^) $(load-map-file) \ -Wl,-soname=$(rtld-installed-name) $(call after-link,$@.new) diff --git a/manual/install.texi b/manual/install.texi index 3e68a3d823..58363e8a9c 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -272,6 +272,11 @@ C++ libraries. Disable using @code{scv} instruction for syscalls. All syscalls will use @code{sc} instead, even if the kernel supports @code{scv}. PowerPC only. +@item --disable-default-memory-seal +Don't build glibc libraries, programs, and the testsuite with +memory sealing support (@code{GNU_PROPERTY_MEMORY_SEAL}). By default, +memory sealing is enabled if toolchain suports the linker option. + @item --build=@var{build-system} @itemx --host=@var{host-system} These options are for cross-compiling. If you specify both options and From patchwork Fri Dec 6 17:37:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847843 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp912256wrt; Fri, 6 Dec 2024 09:44:34 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUU2QcXVaZPOaQX5uuwegVXI0UnyxdQqaLpB4aWDZszIWH4OA05Agbj8qiTFKHIxIK4lFogfw==@linaro.org X-Google-Smtp-Source: AGHT+IE+F+DDzCsHOqvtVq1qFQlT6m8LCg1UpD6OynmVINiN/UraMAFecFcocFBhPJkh9TNfwHLp X-Received: by 2002:a05:620a:4111:b0:79f:15ca:b782 with SMTP id af79cd13be357-7b6bcaf27d3mr653183085a.35.1733507073979; Fri, 06 Dec 2024 09:44:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733507073; cv=pass; d=google.com; s=arc-20240605; b=jyOmqS6WdUgZ3meEPrSHGqKlaa/bC5RMyg8sLfPhf4IjekI+EWeN0cyHHTx5zeOTFk YAlGXnBHoc34y23P6CIjv5Y9oAwO/QC6310P8j62tfdvhl+q6wMfa8StQ5doSFd7f1tQ 7TxKgLFvqo9yu7LkrDD4lJDsTMlpgBZ7JiuugdBPIh0LJW7OnUVogxgapjscR+RVDQWX 30LW/XF0rdijGZQ6ABoe4mf6FxFZ9dhL1TW+gkQ0fjLlzTtslYs2qMDJbiA7TB/44ydu klOr+4QGtg5bn6fNVqTlJTP4ibfXpMMC1ty/Lg59MXpElKX1llKwBFxA7BAqcoF8se9H U4QQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=abc8lNoKbjPMG78SgWrV0GODYCDJMMVG6SWjLq84t/E=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=Fwr4Xu2UsOvzhNYPX4Wxzkq1ExDhmz2Ato9bh3ci6C66VGqy0YKhwx8UwMaVVZON/E 1579QBXF/XJR4868j/mHNN/CEgdgp/l6tw9h8mZg6PWjlgRVfGhIxif+hT/e4otl6ASU WgbdlF4cilbJT7IhSq+f1khecw3P2TKdiOKEhfFjA1KdfevI5xn9jtkPxeWIcH3/1FiE 63lObBOKtbpWjX4dQU2td8faUpt6zROb+4Mz3098u8hk5L/bV6p4ckXgpn/hX/tParwb bc5xKo0Kd91qiUJI7DkjCns2Wtewtf5hUsCiEm32R1HDjruh69IsnuP1TM54uFitL//b vMPA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=y38NeSRe; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7b6b5a9053asi427826685a.222.2024.12.06.09.44.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:44:33 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=y38NeSRe; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 809603858427 for ; Fri, 6 Dec 2024 17:44:33 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 809603858427 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=y38NeSRe X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by sourceware.org (Postfix) with ESMTPS id 05C283858282 for ; Fri, 6 Dec 2024 17:39:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 05C283858282 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 05C283858282 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506755; cv=none; b=i5vIOFRKhIxfkhjEckwQQ+uDe3/8hs5BGb8PeS6RC6/dfLQCppdCYM7OWZQIJKHig8OY0k+1X+429BHBGsNnTEN/CDip7m+dPdrpOEUludfcqJrSD1L+9DQZYSGYYQeX9CeEaBF70M0HJocaLToTFWf6KsALoLagMnUyylhdbd4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506755; c=relaxed/simple; bh=68IK0/vsJO6sbDieR1Cgxdcooh5/6emMvKkl4htTZzE=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=S/2axGlG+1cpCdB3qovKdEGO1i8pgEki4ZBF6ZrzSECrBa5Jixe3lW3lWoed7y7s/XQIZntVGsQ/mAEgRux9GHy/BTLus7sW+zv/0rAq1yKhudvnmn5r+Od52gz0f5JjxtWHs9JndP6vslEY4rOtRAh5QZSlu7HeQ13QsBWxraU= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 05C283858282 Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-215909152c5so27125755ad.3 for ; Fri, 06 Dec 2024 09:39:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506753; x=1734111553; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=abc8lNoKbjPMG78SgWrV0GODYCDJMMVG6SWjLq84t/E=; b=y38NeSReeAxXlWAziBbPNFwhkoDYciMJUGShhFw1J+GQJRawQ4etzrAMLDt7HPMQ9n tMMKtq6j1C0JrDROJHYG42V62/n0T2PnSW06cGZfhl/T9JPXX7+fAge5rhk9078N+F5G nxfv4lMFZoPcsEwtnNPwIcZ6hXzIwqgjxLqZ+H+cpPosxIezPEpIq98IzqI5DKabylVd vkIlOilc6ltBnW2/M2zWrmJEUPrACV3OwSgpc8zLP86J2Abaul7NWSxIeL7ukkRiV4pK Yy18KcYXoVuTT6lIoLjwhPTb1vZAtlxxsjjjSNEFQmfATzcbTnyHXuh39z33TV3mxo9t q6cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506753; x=1734111553; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=abc8lNoKbjPMG78SgWrV0GODYCDJMMVG6SWjLq84t/E=; b=uQsoIwUZfHLm1g2t5Wb9N4e70e2VGPPMi8pmL9Qezp3zdUxOhh6wvNqntxnH3FaHEy JuR5POUOGzkxBaJBHWyzgtsd66Z6Y4hpk6KWl4tkhoToEW02CDh9TF1Unq0ZMCe+/ags ikV/TgdF+1JpkeWygoShcUgkYbsbPtm6G3Yrq2WkuWindaw0UMowQCK3nc+CCkxRr3mV WgrTZtdezmb4H14cw7yaAqMfbnflFcf09qziDdo6B1M+6L1u+Wub5THa6pAkJtZfnkCb qb3RBPdmLJTn98RAr4wiVyhhEbP5kDAaUIisbUb+YA6p419st0lebaLE6hASlsmolAFT ofIg== X-Gm-Message-State: AOJu0Yw+tIfOkWy68KcOH+TAWFF/q2PIzeO5sjOhnz2SqmBe9WDFs/Wb sXta4M8iJEfWB6b6ZSJFEDcFpNQyGJLzSAgvpzJHqT+bFubN+CdC9s18xY/Q1Bq3ZvBqNlL51hS 9 X-Gm-Gg: ASbGnctyXpu6cy7pXdI7TWa7gWCT6hPXGXIJYBkvuSq0vwUuP6YtXxwcwUkws/EofiO CNaQiFvgYmsgVHHa1cSRhixpQaMNZUYzJjzKkHUxBN1Vij34AodHiNobhBycip6UY7UUFQ4M0HX GhOJQ+en4B0wSP8EaePdIuJJTXJbPYwpFJFP97xqoP6hnVpOljTzJ9FfPYcuJD+Umf21cWzNiz+ SzUbRbLytiLT3TpRdvMV/J0Er+qtiSjJkGS+f2vh/eN55QkHUT7uCkavkI6ug== X-Received: by 2002:a17:902:efc9:b0:215:a179:14ca with SMTP id d9443c01a7336-21614d5462amr48451775ad.2.1733506752890; Fri, 06 Dec 2024 09:39:12 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.39.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:12 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 8/9] linux: Add memory sealing tests Date: Fri, 6 Dec 2024 14:37:56 -0300 Message-ID: <20241206173850.3766841-9-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The tests check both the default behavior (no memory sealing) and sealing support if linker supports it. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- sysdeps/unix/sysv/linux/Makefile | 87 ++++++ .../sysv/linux/tst-dl_mseal-auditmod-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-auditmod.c | 23 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1.c | 19 ++ .../linux/tst-dl_mseal-dlopen-2-1-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-dlopen-2-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-1-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-2-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c | 74 +++++ .../sysv/linux/tst-dl_mseal-preload-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-preload.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-skeleton.c | 276 ++++++++++++++++++ .../sysv/linux/tst-dl_mseal-static-noseal.c | 45 +++ sysdeps/unix/sysv/linux/tst-dl_mseal-static.c | 42 +++ sysdeps/unix/sysv/linux/tst-dl_mseal.c | 72 +++++ 20 files changed, 830 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal.c diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 8c1389cb0f..19a9e401ca 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -657,6 +657,93 @@ install-bin += \ # install-bin $(objpfx)pldd: $(objpfx)xmalloc.o + +ifeq ($(have-z-memory-seal)$(default-memory-seal),yesyes) +tests-static += \ + tst-dl_mseal-static \ + tst-dl_mseal-static-noseal \ + # tests-static + +tests += \ + $(tests-static) \ + tst-dl_mseal \ + tst-dl_mseal-noseal \ + # tests + +modules-names += \ + tst-dl_mseal-auditmod \ + tst-dl_mseal-auditmod-noseal \ + tst-dl_mseal-dlopen-1 \ + tst-dl_mseal-dlopen-1-1 \ + tst-dl_mseal-dlopen-2 \ + tst-dl_mseal-dlopen-2-1 \ + tst-dl_mseal-dlopen-2-1-noseal \ + tst-dl_mseal-dlopen-2-noseal \ + tst-dl_mseal-mod-1 \ + tst-dl_mseal-mod-1-noseal \ + tst-dl_mseal-mod-2 \ + tst-dl_mseal-mod-2-noseal \ + tst-dl_mseal-preload \ + tst-dl_mseal-preload-noseal \ + # modules-names + +$(objpfx)tst-dl_mseal.out: \ + $(objpfx)tst-dl_mseal-auditmod.so \ + $(objpfx)tst-dl_mseal-preload.so \ + $(objpfx)tst-dl_mseal-mod-1.so \ + $(objpfx)tst-dl_mseal-mod-2.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1.so + +$(objpfx)tst-dl_mseal-noseal.out: \ + $(objpfx)tst-dl_mseal-auditmod-noseal.so \ + $(objpfx)tst-dl_mseal-preload-noseal.so \ + $(objpfx)tst-dl_mseal-mod-1-noseal.so \ + $(objpfx)tst-dl_mseal-mod-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +LDFLAGS-tst-dl_mseal = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-1.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-1.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2.so = -Wl,--no-as-needed + +tst-dl_mseal-dlopen-1-1.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-1.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal: $(objpfx)tst-dl_mseal-mod-1.so +$(objpfx)tst-dl_mseal-mod-1.so: $(objpfx)tst-dl_mseal-mod-2.so +$(objpfx)tst-dl_mseal-dlopen-1.so: $(objpfx)tst-dl_mseal-dlopen-1-1.so +$(objpfx)tst-dl_mseal-dlopen-2.so: $(objpfx)tst-dl_mseal-dlopen-2-1.so + +tst-dl_mseal-noseal-no-memory-seal = yes +tst-dl_mseal-preload-noseal.so-no-memory-seal = yes +tst-dl_mseal-auditmod-noseal.so-no-memory-seal = yes +tst-dl_mseal-mod-2-noseal.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-noseal.so-no-memory-seal =yes + +LDFLAGS-tst-dl_mseal-noseal = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-1-noseal.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-2-noseal.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2-noseal.so = -Wl,--no-as-needed + +tst-dl_mseal-dlopen-2-1-noseal.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal-noseal: $(objpfx)tst-dl_mseal-mod-1-noseal.so +$(objpfx)tst-dl_mseal-mod-1-noseal.so: $(objpfx)tst-dl_mseal-mod-2-noseal.so +$(objpfx)tst-dl_mseal-dlopen-2-noseal.so: $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +tst-dl_mseal-static-noseal-no-memory-seal = yes + +tst-dl_mseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-noseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-noseal-ARGS = -- $(host-test-program-cmd) +endif endif ifeq ($(subdir),rt) diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c new file mode 100644 index 0000000000..a5b257d05e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-auditmod.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c new file mode 100644 index 0000000000..d909a1561c --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c @@ -0,0 +1,23 @@ +/* Audit module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +unsigned int +la_version (unsigned int v) +{ + return v; +} diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c new file mode 100644 index 0000000000..ef1372f47e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c new file mode 100644 index 0000000000..3c2cbe6035 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c new file mode 100644 index 0000000000..0cd647de46 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c new file mode 100644 index 0000000000..0cd647de46 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c new file mode 100644 index 0000000000..f719dd3cba --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c new file mode 100644 index 0000000000..f719dd3cba --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c new file mode 100644 index 0000000000..3bd188efe8 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c new file mode 100644 index 0000000000..3bd188efe8 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c new file mode 100644 index 0000000000..636e9777af --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c new file mode 100644 index 0000000000..636e9777af --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c new file mode 100644 index 0000000000..34d6714448 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c @@ -0,0 +1,74 @@ +/* Basic tests for sealing. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on multiple + places: + + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency module (tst-dl_mseal-mod-2-noseal.so). + - On a audit modules (tst-dl_mseal-auditmod-noeal.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-2-noseal.so). +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload-noseal.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2-noseal.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1-noseal.so" + +#define LIB_AUDIT "tst-dl_mseal-auditmod-noseal.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "libc.so", + "ld.so", + "tst-dl_mseal-mod-1-noseal.so", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + "tst-dl_mseal-noseal", + LIB_PRELOAD, + LIB_AUDIT, + "tst-dl_mseal-mod-2-noseal.so", + LIB_DLOPEN_NODELETE, + LIB_DLOPEN_NODELETE_DEP, + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c new file mode 100644 index 0000000000..32b4153e79 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-preload.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c new file mode 100644 index 0000000000..7831608dd4 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c new file mode 100644 index 0000000000..07cc18dde2 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c @@ -0,0 +1,276 @@ +/* Basic tests for sealing. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#if UINTPTR_MAX == UINT64_MAX +# define PTR_FMT "#018" PRIxPTR +#else +# define PTR_FMT "#010" PRIxPTR +#endif + +static int +new_flags (const char flags[4]) +{ + bool read_flag = flags[0] == 'r'; + bool write_flag = flags[1] == 'w'; + bool exec_flag = flags[2] == 'x'; + + write_flag = !write_flag; + + return (read_flag ? PROT_READ : 0) + | (write_flag ? PROT_WRITE : 0) + | (exec_flag ? PROT_EXEC : 0); +} + +/* Libraries/VMA that could not be sealed, and that checking for sealing + does not work (kernel does not allow changing protection). */ +static const char *non_sealed_vmas[] = +{ + ".", /* basename value for empty string anonymous + mappings. */ + "[heap]", + "[vsyscall]", + "[vvar]", + "[stack]", + "[vvar_vclock]", + "zero", /* /dev/zero */ +}; + +static int +is_in_string_list (const char *s, const char *const list[], size_t len) +{ + for (size_t i = 0; i != len; i++) + if (strcmp (s, list[i]) == 0) + return i; + return -1; +} +#define IS_IN_STRING_LIST(__s, __list) \ + is_in_string_list (__s, __list, array_length (__list)) + +static void * +tf (void *closure) +{ + pthread_exit (NULL); + return NULL; +} + +static int +handle_restart (void) +{ +#ifndef TEST_STATIC + xdlopen (LIB_DLOPEN_NODELETE, RTLD_NOW | RTLD_NODELETE); + xdlopen (LIB_DLOPEN_DEFAULT, RTLD_NOW); +#endif + + /* pthread_exit will load LIBGCC_S_SO. */ + xpthread_join (xpthread_create (NULL, tf, NULL)); + + FILE *fp = xfopen ("/proc/self/maps", "r"); + char *line = NULL; + size_t linesiz = 0; + + unsigned long pagesize = getpagesize (); + + bool found_expected[array_length(expected_sealed_vmas)] = { false }; + while (xgetline (&line, &linesiz, fp) > 0) + { + uintptr_t start; + uintptr_t end; + char flags[5] = { 0 }; + char name[256] = { 0 }; + int idx; + + /* The line is in the form: + start-end flags offset dev inode pathname */ + int r = sscanf (line, + "%" SCNxPTR "-%" SCNxPTR " %4s %*s %*s %*s %256s", + &start, + &end, + flags, + name); + TEST_VERIFY_EXIT (r == 3 || r == 4); + + int found = false; + + const char *libname = basename (name); + if ((idx = IS_IN_STRING_LIST (libname, expected_sealed_vmas)) + != -1) + { + /* Check if we can change the protection flags of the segment. */ + int new_prot = new_flags (flags); + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, + new_prot) == -1); + TEST_VERIFY_EXIT (errno == EPERM); + + /* Also checks trying to map over the sealed libraries. */ + { + char *p = mmap ((void *) start, pagesize, new_prot, + MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + /* And if remap is also blocked. */ + { + char *p = mremap ((void *) start, end - start, end - start, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + printf ("sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found_expected[idx] = true; + found = true; + } + else if ((idx = IS_IN_STRING_LIST (libname, expected_non_sealed_vmas)) + != -1) + { + /* Check if expected non-sealed segments protection can indeed be + changed. The idea is to use something that would not break + process execution, so just try to mprotect with all protection + bits. */ + int new_prot = PROT_READ | PROT_WRITE | PROT_EXEC; + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, new_prot) + == 0); + + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found = true; + } + else if (IS_IN_STRING_LIST (libname, expected_non_sealed_special) != -1) + { + /* These pages protection can no be changed. */ + found = true; + } + + if (!found) + { + if (IS_IN_STRING_LIST (libname, non_sealed_vmas) != -1) + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + else + FAIL_EXIT1 ("unexpected vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + } + } + xfclose (fp); + + printf ("\n"); + + /* Also check if all the expected sealed maps were found. */ + for (int i = 0; i < array_length (expected_sealed_vmas); i++) + if (expected_sealed_vmas[i][0] && !found_expected[i]) + FAIL_EXIT1 ("expected VMA %s not sealed\n", expected_sealed_vmas[i]); + + return 0; +} + +static int restart; +#define CMDLINE_OPTIONS \ + { "restart", no_argument, &restart, 1 }, + +static int +do_test (int argc, char *argv[]) +{ + /* We must have either: + - One or four parameters left if called initially: + + path to ld.so optional + + "--library-path" optional + + the library path optional + + the application name */ + if (restart) + return handle_restart (); + + /* Check the test requirements. */ + { + int r = mseal (NULL, 0, 0); + if (r == -1 && (errno == ENOSYS || errno == EPERM)) + FAIL_UNSUPPORTED ("mseal is not supported by the kernel"); + else + TEST_VERIFY_EXIT (r == 0); + } + support_need_proc ("Reads /proc/self/maps to get stack names."); + + char *spargv[9]; + int i = 0; + for (; i < argc - 1; i++) + spargv[i] = argv[i + 1]; + spargv[i++] = (char *) "--direct"; + spargv[i++] = (char *) "--restart"; + spargv[i] = NULL; + + char *envvarss[] = { +#ifndef TEST_STATIC + (char *) "LD_PRELOAD=" LIB_PRELOAD, + (char *) "LD_AUDIT=" LIB_AUDIT, +#endif + NULL + }; + + struct support_capture_subprocess result = + support_capture_subprogram (spargv[0], spargv, envvarss); + support_capture_subprocess_check (&result, "tst-dl_mseal", 0, + sc_allow_stdout); + + { + FILE *out = fmemopen (result.out.buffer, result.out.length, "r"); + TEST_VERIFY (out != NULL); + char *line = NULL; + size_t linesz = 0; + while (xgetline (&line, &linesz, out)) + printf ("%s", line); + fclose (out); + } + + support_capture_subprocess_free (&result); + + return 0; +} + +#define TEST_FUNCTION_ARGV do_test +#include diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c new file mode 100644 index 0000000000..3a52ee24ed --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c @@ -0,0 +1,45 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on a statically + built binary. In this case only the vDSO (if existent) will be sealed. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + "tst-dl_mseal-static-noseal", + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c new file mode 100644 index 0000000000..c0d82bcd75 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c @@ -0,0 +1,42 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the memory sealing work on a statically built binary. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "tst-dl_mseal-static", +}; + +/* Auxiliary pages mapped by the kernel. */ +static const char *expected_non_sealed_vmas[] = +{ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal.c new file mode 100644 index 0000000000..3b5553a906 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal.c @@ -0,0 +1,72 @@ +/* Basic tests for sealing. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* Check if memory sealing works as expected on multiples places: + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency modules (tst-dl_mseal-mod-{1,2}.so). + - On a audit modules (tst-dl_mseal-auditmod.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-{2,2-1}.so). + - On the libgcc_s opened by thread unwind. +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload.so" +#define LIB_AUDIT "tst-dl_mseal-auditmod.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "libc.so", + "ld.so", + "tst-dl_mseal", + "tst-dl_mseal-mod-1.so", + "tst-dl_mseal-mod-2.so", + LIB_PRELOAD, + LIB_AUDIT, + LIB_DLOPEN_NODELETE, +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + LIB_DLOPEN_NODELETE_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" From patchwork Fri Dec 6 17:37:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 847846 Delivered-To: patch@linaro.org Received: by 2002:a5d:50c2:0:b0:385:e875:8a9e with SMTP id f2csp913667wrt; Fri, 6 Dec 2024 09:48:01 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW01mg0PIS32XvrIoMUSCtxNHAbNJ8IifKwPMeMPIzDLB/RDVSz7oP5x+cy6vNxtkUkq1PFKw==@linaro.org X-Google-Smtp-Source: AGHT+IFN0geIgr4bY9j+S4cZw0gJLiWP8RtLlhh8YwLFtJ+EzdaxZ3qXvE2VxV/NqeQxUqmYSdoJ X-Received: by 2002:a05:622a:22a9:b0:460:f34c:12b6 with SMTP id d75a77b69052e-46734f87e12mr67037691cf.44.1733507281367; Fri, 06 Dec 2024 09:48:01 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1733507281; cv=pass; d=google.com; s=arc-20240605; b=XxZ86ntuQ20qIMZI53WKkG3iSbmSltbP2af6mxCnCZJljpA+dwJ0bPsdeqlGJt3z0i 5fTl80MIPFGHBiKEpmA+farQtUPp7Om3Fm0c5+KyY307S9QTMInoC+3N8b+i+ZYkwbZ3 KBVuJbAVNnBHg9Iq4DbTtYpZG9JMJadZI+wcactdosWvyNRFD8cD5TZdKNaX9MBJQ5V4 HBNzz1W2dEnL6t2jNSf9L4+xisyqhr/P6O4z0+UzQOzylIf4ietGE60M4cCNq/AHtFe/ 2anfpYiLRuSm9EpSVnlfimD15dzTgLMMjb0H3jAcz5+Afay7upp1/hcZcjN22KfpiEK7 qCVQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=8Ens6tV7lCOXvMAK6pRRuOS936jqsW1fzYZnpIoZfUM=; fh=39H2oohB6ZYGhyKHcKf9chiYMCdt+XzUdxuRAxp69qM=; b=WpVHmh+4eJurHeG/7uUeXyVGOiZtK0z3Ku7NIPFkXMJ33Pxk0HSLE2SEBFyNz+w5n+ cU3PE4TUMArzNtw4zhwmKcLkG5TQCSjy88qBJmw2S7alaIW5qJw65pAuiVgdFsB4XPVW F/kv605up2hWUDFUQnI6b6kiAd9Xniy5ZBH7fajxK1XdvF6JAOzui+bDStym7WaTK0sx QBEELJSCyqu94BrZykGUS5aQmhymie/jBetTJxHkTisPuwHx6413VHeeKc1SirNeqStm D70YZPSHtvS1IXcCk+dfHsOYzZyBY15weXPKuC9hTPmFO6vRPFHjq1r01SbDCY3RtBQt zrJg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KD5Ez5Px; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-467296eeae7si48188091cf.212.2024.12.06.09.48.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:48:01 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KD5Ez5Px; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DF3333858423 for ; Fri, 6 Dec 2024 17:48:00 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DF3333858423 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=KD5Ez5Px X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by sourceware.org (Postfix) with ESMTPS id 7EAB03858019 for ; Fri, 6 Dec 2024 17:39:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7EAB03858019 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7EAB03858019 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::634 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506756; cv=none; b=UhFUdgdBRAqWy0UFSSD/eAj95NuWts8ALGPFxWWhghIjbpLwJC3/M//Sh0OQhpHPQHADMM3yPC/3XqfsA3lYky+EH6NoVULnQ0IALW82d6CtBevZP+DeOBfrL0r7JZCw13Gn6FCqvA5uLfc2C6Yb658QQ6C+mDLhZ9wJZ0TCrPg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733506756; c=relaxed/simple; bh=xHfpZ7g6H06woVN0alhqNuP97ou6duk44REgPC9z9PE=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=ZQGgtbKkHbqMzXh6MZhbxxFFyuaKBN7t/aBGxKr3mmUrQJh87ALaVunL1Gg4ryy2pP2+237hrsbV4ON4GnfBrpubB3sdg7Jwk2U8DaMJfnVwj4XScAobt0B93IemwTDDfDzd9QdRo6zZEHLzlS87UzaLkz5vuG/pgIR9Wl+YASU= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7EAB03858019 Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-21568166415so18900015ad.2 for ; Fri, 06 Dec 2024 09:39:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733506755; x=1734111555; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8Ens6tV7lCOXvMAK6pRRuOS936jqsW1fzYZnpIoZfUM=; b=KD5Ez5PxkacP1E/1hW0hZZUUZYv9VdNAAWngneYeNzHPRBXzpttxs4wxwZVBtRa+8A hze3ykPh6mT9F9NowIhM8l0dZcTjB30tApFTblY6QAEA1LxteT+d9bgs2jjZfb4A9Bj3 OuDHYm82PVEnKAG16eZ9TdMIoZ3amj64oI9VaPVQzY1d2oKtVBaSX5p/6YowDkmha4TD Mis5jaLJBBC7rcXR96aEiOGvKNziEDI6E+k5LR8NRAQ9fdvTS/Kmr4yyJFjx3je/+b+F 3QpTHEbOle//LjrAKedfr52Lv7A37weRdW5bgPy5Xmm1VM/xOOEMbwj0qAG40N7mCFjr bs7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733506755; x=1734111555; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8Ens6tV7lCOXvMAK6pRRuOS936jqsW1fzYZnpIoZfUM=; b=tzVlPU0TEXJGDq/FO+AgBClzQGrdU0ISuZ0qrZWinPBUQn6fC6pJAduxm+WxWI6Lxv i3Iem5/tMVDdAyJQJlv9J15IPZxxuABkg90lZTKTpdS2nOqQBlKV+/F3VZBVzOe9qyeS MzI0bUWGIhLEbPt1KU87Zoodf1QnAAQiZOf3Xz4vTZbVVMZhGZQj6BEhmZc0SE5vdXIq gbc4Ek4mUEGrTuhGEsAuTAO/fhXZ2ewFEy8y9ae7HnirGaGT/NPnbTxQev40AtLKZOLD q4QkYBNEp/uXJlF/qU/pO4fi0GJ8xcGbHXFD6BvC34JSdR3SvcT4u4BQoSlNUo+pSrlL Pnfw== X-Gm-Message-State: AOJu0Ywi7nf1oAq5xJGJ1mtI1zjOnhMSOeOTOzmrBI1NwTMIgJeFFrbV rH/McagjESxyHkpXb/GhMegEF4F9z9TFayQH3e/ep4kUlY2XcFcpt/fuMXWR38ZjJBw5d69TfuC 4 X-Gm-Gg: ASbGncvV9DcOVrW9EFCdno4xhFS/8UTfbyQ79IfC9ARtj/WqS67P6UEhXLYiJfPADl8 wFq7L1X+gZ5LyTIIeeBVGXO7zV9owA/5TPODq3iCN0UBCQORNaj0rNt4f2EWShy5yCXe4TX8CK5 80fMCxlaGUXCnHyDNUibQo8l7RH3BpXrHAaNgxwJ5qXZAVZYiPIMXJllnC9Hxujw37NHtqhtK6L 6WpMINPI7aLUAEk9cZceTF+Kahhj5zYWbzGaz1Yoi05QLC4woQ0f8lAIdJ/xQ== X-Received: by 2002:a17:903:41cc:b0:215:5437:e99f with SMTP id d9443c01a7336-21614da3f42mr60073005ad.36.1733506755066; Fri, 06 Dec 2024 09:39:15 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2d1:1460:dd43:b597:c3fc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8f29635sm31409495ad.241.2024.12.06.09.39.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2024 09:39:14 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , Mike Hommey , "H . J . Lu" Subject: [PATCH v4 9/9] elf: Add glibc.rtld.seal tunable Date: Fri, 6 Dec 2024 14:37:57 -0300 Message-ID: <20241206173850.3766841-10-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> References: <20241206173850.3766841-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new tunable can be used to enforce memory sealing on the program and all its dependencies. The tunable accepts two different values: * '0' where loaders follow the GNU_PROPERTY_MEMORY_SEAL attribute if present. This is the default and no sealing would be applied if the object does not have the memory sealing attribute. * '1' where sealing is enforced even if the object does not have the GNU_PROPERTY_MEMORY_SEAL. Also, any syscall failure on memory sealing aborts the programs. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- NEWS | 6 ++ elf/dl-load.c | 3 + elf/dl-mseal-mode.h | 28 +++++++ elf/dl-reloc.c | 13 ++++ elf/dl-support.c | 2 + elf/dl-tunables.list | 6 ++ elf/rtld.c | 5 ++ elf/tst-rtld-list-tunables.exp | 1 + manual/tunables.texi | 35 +++++++++ sysdeps/generic/ldsodefs.h | 6 ++ sysdeps/unix/sysv/linux/Makefile | 15 ++++ sysdeps/unix/sysv/linux/dl-mseal.c | 7 ++ .../unix/sysv/linux/tst-dl_mseal-skeleton.c | 3 + .../unix/sysv/linux/tst-dl_mseal-tunable.c | 76 +++++++++++++++++++ 14 files changed, 206 insertions(+) create mode 100644 elf/dl-mseal-mode.h create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c diff --git a/NEWS b/NEWS index 302babf497..29a65cd7b4 100644 --- a/NEWS +++ b/NEWS @@ -59,6 +59,12 @@ Major new features: memory sealing by default if the toochain supports it. A new configure option, --disable-default-memory-seal, disables it. +* A new tunable, glibc.rtld.seal, can enable memory sealing on the program + and all its dependencies. The tunable accepts two different values, + with '0' applying the GNU attribute GNU_PROPERTY_MEMORY_SEAL (if present), + or '1' to enforce sealing the program and its dependencies (including + preload, audit modules, and objects opened with RTLD_NODELETE). + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/elf/dl-load.c b/elf/dl-load.c index b52c29ccb7..4f77836f6e 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1315,6 +1315,9 @@ cannot enable executable stack as shared object requires"); break; } + /* Update the sealing mode based on the tunable. */ + _dl_mseal_update_map (l, mode); + /* We are done mapping in the file. We no longer need the descriptor. */ if (__glibc_unlikely (__close_nocancel (fd) != 0)) { diff --git a/elf/dl-mseal-mode.h b/elf/dl-mseal-mode.h new file mode 100644 index 0000000000..745ca60064 --- /dev/null +++ b/elf/dl-mseal-mode.h @@ -0,0 +1,28 @@ +/* Memory sealing tunable. Generic definitions. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_MSEAL_MODE_H +#define _DL_MSEAL_MODE_H + +enum dl_seal_mode +{ + DL_SEAL_DEFAULT = 0, + DL_SEAL_ENFORCE = 1, +}; + +#endif diff --git a/elf/dl-reloc.c b/elf/dl-reloc.c index f8127cb166..10a97e4e19 100644 --- a/elf/dl-reloc.c +++ b/elf/dl-reloc.c @@ -29,6 +29,8 @@ #include #include "dynamic-link.h" #include +#include +#include /* Statistics function. */ #ifdef SHARED @@ -371,6 +373,17 @@ cannot apply additional memory protection after relocation"); } } +void +_dl_mseal_update_map (struct link_map *map, int mode) +{ + /* Also enable forced sealing on audit modules, loader will apply it + after the modules is being loaded and validated. */ + if (TUNABLE_GET (glibc, rtld, seal, int32_t, NULL) == DL_SEAL_ENFORCE + && (!(mode & __RTLD_DLOPEN) + || (mode & RTLD_NODELETE) || (mode & __RTLD_AUDIT))) + map->l_seal = lt_seal_toseal; +} + static void _dl_mseal_map_1 (struct link_map *l, bool force) { diff --git a/elf/dl-support.c b/elf/dl-support.c index e43b455de4..bd0bfa3285 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -349,6 +349,8 @@ _dl_non_dynamic_init (void) _dl_process_pt_gnu_property (&_dl_main_map, -1, &ph[-1]); break; } + /* Update the sealing mode based on the tunable. */ + _dl_mseal_update_map (&_dl_main_map, 0); call_function_static_weak (_dl_find_object_init); diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list index 40ac5b3776..4bc694bee5 100644 --- a/elf/dl-tunables.list +++ b/elf/dl-tunables.list @@ -135,6 +135,12 @@ glibc { maxval: 1 default: 0 } + seal { + type: INT_32 + minval: 0 + maxval: 1 + default: 0 + } } mem { diff --git a/elf/rtld.c b/elf/rtld.c index 71902de400..b78ec55cd3 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1247,6 +1247,9 @@ rtld_setup_main_map (struct link_map *main_map) break; } + /* Update the sealing mode based on the tunable. */ + _dl_mseal_update_map (main_map, 0); + /* Adjust the address of the TLS initialization image in case the executable is actually an ET_DYN object. */ if (main_map->l_tls_initimage != NULL) @@ -1766,6 +1769,8 @@ dl_main (const ElfW(Phdr) *phdr, break; } + _dl_mseal_update_map (&GL(dl_rtld_map), 0); + /* Add the dynamic linker to the TLS list if it also uses TLS. */ if (GL(dl_rtld_map).l_tls_blocksize != 0) /* Assign a module ID. Do this before loading any audit modules. */ diff --git a/elf/tst-rtld-list-tunables.exp b/elf/tst-rtld-list-tunables.exp index db0e1c86e9..01e614646c 100644 --- a/elf/tst-rtld-list-tunables.exp +++ b/elf/tst-rtld-list-tunables.exp @@ -15,3 +15,4 @@ glibc.rtld.dynamic_sort: 2 (min: 1, max: 2) glibc.rtld.enable_secure: 0 (min: 0, max: 1) glibc.rtld.nns: 0x4 (min: 0x1, max: 0x10) glibc.rtld.optional_static_tls: 0x200 (min: 0x0, max: 0x[f]+) +glibc.rtld.seal: 0 (min: 0, max: 1) diff --git a/manual/tunables.texi b/manual/tunables.texi index 0b1b2898c0..4dbbdf4ac2 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -355,6 +355,41 @@ tests for @code{AT_SECURE} programs and not meant to be a security feature. The default value of this tunable is @samp{0}. @end deftp +@deftp Tunable glibc.rtld.seal +Sets whether to enable memory sealing during program execution. The sealed +memory prevents further changes to the mapped memory region, such as shrinking +or expanding, mapping another segment over a pre-existing region, or changing +the memory protection flags (check the @code{mseal} for more information). +The sealing is done in multiple places where the memory is supposed to be +immutable over program execution: + +@itemize @bullet +@item +All shared library dependencies from the binary, including the read-only segments +after @code{PT_GNU_RELRO} setup. + +@item +The binary itself, including dynamic and static linked ones. In both cases, it is +up either to binary or the loader to set up the sealing. + +@item +Any preload libraries. + +@item +Any library loaded with @code{dlopen} with @code{RTLD_NODELETE} flag. + +@item +All audit modules and their dependencies. +@end itemize + +The tunable accepts two values: @samp{0} where sealing applies the GNU attribute +@code{GNU_PROPERTY_MEMORY_SEAL} if present, and @samp{1} where sealing is +enforced on the binary and its dependencies. For the enforced mode, +if the memory can not be sealed the process terminates the execution. + +The default value of this tunable is @samp{0}. +@end deftp + @node Elision Tunables @section Elision Tunables @cindex elision tunables diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index dbfa5d7a6a..4bde2df3bc 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -1024,6 +1024,12 @@ void _dl_relocate_object_no_relro (struct link_map *map, /* Protect PT_GNU_RELRO area. */ extern void _dl_protect_relro (struct link_map *map) attribute_hidden; +/* The the sealing mode of MAP based on open MODE and on the rtld.seal + tunable. */ +extern void _dl_mseal_update_map (struct link_map *map, + int mode) + attribute_hidden; + /* Issue memory sealing for the link map MAP. If MAP is contiguous the whole region is sealed, otherwise iterate over the program headerrs and seal each PT_LOAD segment.i diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 19a9e401ca..231f044fe4 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -668,6 +668,7 @@ tests += \ $(tests-static) \ tst-dl_mseal \ tst-dl_mseal-noseal \ + tst-dl_mseal-tunable \ # tests modules-names += \ @@ -707,6 +708,16 @@ $(objpfx)tst-dl_mseal-noseal.out: \ $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so +$(objpfx)tst-dl_mseal-tunable.out: \ + $(objpfx)tst-dl_mseal-auditmod-noseal.so \ + $(objpfx)tst-dl_mseal-preload-noseal.so \ + $(objpfx)tst-dl_mseal-mod-1-noseal.so \ + $(objpfx)tst-dl_mseal-mod-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + LDFLAGS-tst-dl_mseal = -Wl,--no-as-needed LDFLAGS-tst-dl_mseal-mod-1.so = -Wl,--no-as-needed LDFLAGS-tst-dl_mseal-dlopen-1.so = -Wl,--no-as-needed @@ -739,10 +750,14 @@ $(objpfx)tst-dl_mseal-dlopen-2-noseal.so: $(objpfx)tst-dl_mseal-dlopen-2-1-nosea tst-dl_mseal-static-noseal-no-memory-seal = yes +tst-dl_mseal-tunable-no-memory-seal = yes +$(objpfx)tst-dl_mseal-tunable: $(objpfx)tst-dl_mseal-mod-1-noseal.so + tst-dl_mseal-ARGS = -- $(host-test-program-cmd) tst-dl_mseal-static-ARGS = -- $(host-test-program-cmd) tst-dl_mseal-noseal-ARGS = -- $(host-test-program-cmd) tst-dl_mseal-static-noseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-tunable-ARGS = -- $(host-test-program-cmd) endif endif diff --git a/sysdeps/unix/sysv/linux/dl-mseal.c b/sysdeps/unix/sysv/linux/dl-mseal.c index c99fd991cb..e4da0c32d2 100644 --- a/sysdeps/unix/sysv/linux/dl-mseal.c +++ b/sysdeps/unix/sysv/linux/dl-mseal.c @@ -17,6 +17,7 @@ . */ #include +#include #include #include #include @@ -37,5 +38,11 @@ _dl_mseal (void *addr, size_t len) atomic_store_relaxed (&mseal_supported, false); } #endif + if (TUNABLE_GET (glibc, rtld, seal, int32_t, NULL) == DL_SEAL_ENFORCE + && r != 0) + _dl_fatal_printf ("Fatal error: sealing is enforced and an error " + "ocurred for the 0x%lx-0x%lx range\n", + (long unsigned int) addr, + (long unsigned int) addr + len); return r; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c index 07cc18dde2..9c9d8ed6a4 100644 --- a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c @@ -248,6 +248,9 @@ do_test (int argc, char *argv[]) #ifndef TEST_STATIC (char *) "LD_PRELOAD=" LIB_PRELOAD, (char *) "LD_AUDIT=" LIB_AUDIT, +#endif +#ifdef TUNABLE_ENV_VAR + (char *) "GLIBC_TUNABLES=" TUNABLE_ENV_VAR, #endif NULL }; diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c new file mode 100644 index 0000000000..a1069164bb --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c @@ -0,0 +1,76 @@ +/* Basic tests for sealing. Check the tunable in enforce mode. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* This test checks the glibc.rtld.seal enforces sealing on multiple + places: + + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency module (tst-dl_mseal-mod-2-noseal.so). + - On a audit modules (tst-dl_mseal-auditmod-noeal.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-2-noseal.so). +*/ + +#define TUNABLE_ENV_VAR "glibc.rtld.seal=1" + +#define LIB_PRELOAD "tst-dl_mseal-preload-noseal.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2-noseal.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1-noseal.so" + +#define LIB_AUDIT "tst-dl_mseal-auditmod-noseal.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "tst-dl_mseal-tunable", + "libc.so", + "ld.so", + "tst-dl_mseal-mod-1-noseal.so", + "tst-dl_mseal-mod-2-noseal.so", + LIB_DLOPEN_NODELETE, + LIB_DLOPEN_NODELETE_DEP, + LIB_AUDIT, + LIB_PRELOAD, +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c"