From patchwork Wed Jul 31 20:05:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 815670 Delivered-To: patch@linaro.org Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp901464wrs; Wed, 31 Jul 2024 13:05:33 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUQU1hWA8sxj+M7ZEUWlRlVL6HcTGZc99n8R2DuhSsqS6ZA7etkOl/eLOgZRWg/Z5FS6WrnkEOciuqgIjLIYL86 X-Google-Smtp-Source: AGHT+IHIcZ3C4KfCWbgC+Dye6wYTiecXP1IYoUlJ6q7LXX/xOgz7Ytspc+hYwZOX9r2qsnwdHb6p X-Received: by 2002:a05:6808:30a3:b0:3d9:de1e:c24c with SMTP id 5614622812f47-3db511c475amr233185b6e.3.1722456333139; Wed, 31 Jul 2024 13:05:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1722456333; cv=pass; d=google.com; s=arc-20160816; b=bJXdstFPUZvOWbVcC8/zzE0PHq573KVPvwIT2VM2d/Zs58dEqMqPiIIHyrDFCIgC4t iiSmXt1qVKcd0Bw86j0STUt5yEoA/GiFMAHATf7oyWFPi406ujL59UylV9BgGmS/ufKu bJ1ufLOgxN4/h/KX+g9KGJwUETtStOwNIfazWmHSMPQYDUKUkzz1Oy4tXpRTOOyrLVoy Khlxud5uzS2DVXw5Sb0O+hbhXWoSVrd21SCHUUVYvepjTGMHu+r+1EWhDMbY/FCx0I0l ewoEX3Nm+zEQuR3GMqtgsBLJv7WPnaar+DZ+i9OfKw7uo/XOFk8I1iZfVm3XQiapwFS1 z9iw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature :arc-filter:dmarc-filter:delivered-to; bh=bywz0uuolilMMq2zpJZzZ4eqdCSlXyH/h9cX6knWIkQ=; fh=FwUfmHKqXpWNVf1GPLoU6Q840G0J/heMH9xjKapUWx4=; b=FdRy6mT4gCBI+54UB8R3VZ+e+Al/zthlxv1CTC0QJ7q11WAfdgZg2suamJjr6zZS5T AoVfESjsS/vGRX/Adb/8JGoz12UA6B+H0lDECxV2JKm4BzpY63XwCwAn0VUF2Eq+A9PR aI3La4e8Ejrf4groz7voJ0EU29VBaCPhdP8SAZkWfhUKPLIzaNLX7xGNci5JJSkXnikd 4NSM2K8ffp+lFS166XYeHd89F0+aiCNaeCv2GMaYDxOksfVgvJYWVpCrKMoDU31Q99Ts tYDyTEG4YNIGgRIlhHtrHz3CNLbZOuC6/NAVIal56VhopLkZ3PZyCYX1UlFLz9cIhLLL yAYQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=pu43Ijf4; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id d75a77b69052e-44fe8535c55si167075731cf.718.2024.07.31.13.05.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 13:05:33 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=pu43Ijf4; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B3C29385B532 for ; Wed, 31 Jul 2024 20:05:32 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) by sourceware.org (Postfix) with ESMTPS id B94073858283 for ; Wed, 31 Jul 2024 20:05:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B94073858283 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B94073858283 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42e ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1722456319; cv=none; b=POSVw1UTd8IlH9w0PzBcHuiEPOn4J4WBQwvRhNb/pUkMharadzToG/MLIjo0G5mbc35K4EvdwAcUpCmbi9W2LKy3IyiOLa3ntq6vIFEALJYERNlN583zZ/2ihq5hlsBMv61pMIKl+YRrK187hb1EapozMAI5FiiUhXPhDFzKXxI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1722456319; c=relaxed/simple; bh=UNeYG0kVolB729n5BLk1HRRb6RQi3AZ3J4uPAmXMsns=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=d7WI44JINaQpUaycDd45kgvl0RmskpvncDhNKcQVm2vY8UInxdzQCw042MskDpIoS8ufk869UleckgeXCL8YU27MkRE/ZWOGMEwfhV9XY9vzQ58Ufz5SPLymrus0R5lbCLIm5UAjvF9jO9OflQLvqs3dH3OXQH+oW6s+/LmTje0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-70d2ae44790so4382958b3a.2 for ; Wed, 31 Jul 2024 13:05:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722456315; x=1723061115; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=bywz0uuolilMMq2zpJZzZ4eqdCSlXyH/h9cX6knWIkQ=; b=pu43Ijf4cWLcPrF4r9SGZ6AfOYMdle30+p81akZOcmcaA4UoDXE6mxwVrUPrMZUEp1 7D87ZtIvodXYMJvcCEv/lW8XSYooD0YQYtd44vYb8fnk52A9p/WohH2/25Xh7omWRHMY RBDSS1aWTa3M5tBDLu72WsvrHeVmTKXlxVtTLt+22W/9ccPMu9KO8dN3ofkbRfQSjSv0 2KXGa1Z6xE464A2MGjBxvYsCKUCCv1cq+lkMW/852Q3P0Le1b32V86RiHDZnn7hHWkwK NuMirtFxc1xo7JAELztc54x2RTDnhspSaTniIn2/Yz6E0Bu/hsCMd5VZZB72urN/DyCK 0qfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722456315; x=1723061115; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=bywz0uuolilMMq2zpJZzZ4eqdCSlXyH/h9cX6knWIkQ=; b=CHr8a2mFbJfVNEeZ8AokxC9DGUsuETY7mJwIMQRpZXE3dDwg20HqONfqFdJCjCgzgx na2M9PKER1aiR4coEOzRH1z4M/WmYLwUFPRFLI4wY1SP7wxFAeXawGTb9NlvO/hzR9Ot zf6HYTSdflkQkqPWXlAKgre31M0EkPjDgOHRDzTlqNR1QHShNoMynJEQgrbQ+2+M2B8w ra84JfB9lOyJSOzhNKsumdRTcUr0HedBFkY15T3wc4hLxV5LTnAh6XGBPkGyoCwvqSwC 0GQp8ZL2c79/Yt+Uida5A6nvm9FODbp+iVHWtP9GbQdP4fF5nKX9GMVVVsGrVNWftDyI BjIQ== X-Gm-Message-State: AOJu0YxB+8BrVcSmpRW/+8jpqKat33yYZ4CtMqQ+17IQyKyiGJ3Y6qkL RRN6DRFTtGuMWGvXx7Onhcq2mjS9EUit2I9MOFoEl4XkLe2nsR/pM6R3pjAxMNd630mGu1/GaFt 0 X-Received: by 2002:a05:6a20:4996:b0:1c4:f209:f1ea with SMTP id adf61e73a8af0-1c68cf35a01mr483825637.31.1722456315090; Wed, 31 Jul 2024 13:05:15 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:1944:b913:6070:fef0:3852]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70ead8215b3sm10279501b3a.121.2024.07.31.13.05.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 13:05:14 -0700 (PDT) From: Adhemerval Zanella To: binutils@sourceware.org Cc: Stephen Roettger , Jeff Xu , Florian Weimer , Mike Hommey Subject: [PATCH] elf: Add GNU_PROPERTY_NO_MEMORY_SEAL gnu property Date: Wed, 31 Jul 2024 17:05:04 -0300 Message-ID: <20240731200510.2270512-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patch=linaro.org@sourceware.org On a glibc recent proposal [1] to add Linux mseal support [2], Mike Hommey raised that this feature might potentially break Firefox on Linux. The issue is Firefox is built with DT_RELR support, and post-processed with a tool to both remove the GLIBC_ABI_DT_RELR dependency and instrument the binaries to apply the relocation themselves so they can deploy Firefox regardless if loader supports DT_RELR or not (some more details at [3]). To accomplish it, the instrumentation mimics the dynamic loader and temporarily undoes the RELRO machine to be able to apply those relocations, and redoes it afterward. And this is exactly what mseal aims to prevent. The GNU_PROPERTY_NO_MEMORY_SEAL gnu property is a way to mark such objects are not sealed by glibc. When linked with -Wl,-z,no-memory-seal, glibc will not seal either the binary or the shared library (the sealing will still be done by default, if the kernel supports it). The version 2 of glibc support for memory sealing uses this new property [5]. [1] https://sourceware.org/pipermail/libc-alpha/2024-June/157359.html [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370 [3] https://sourceware.org/pipermail/libc-alpha/2024-June/157668.html [4] https://glandium.org/blog/?p=4297 [5] https://sourceware.org/pipermail/libc-alpha/2024-July/158804.html Change-Id: Ibd799db05179332873e371fcc07f15a9bd949cb3 --- bfd/elf-properties.c | 83 +++++++++++++++++++++------ bfd/elfxx-x86.c | 3 +- binutils/readelf.c | 6 ++ include/bfdlink.h | 3 + include/elf/common.h | 1 + ld/emultempl/elf.em | 2 + ld/ld.texi | 4 ++ ld/ldlex.h | 1 + ld/lexsup.c | 2 + ld/testsuite/ld-elf/property-seal-1.d | 15 +++++ ld/testsuite/ld-elf/property-seal-2.d | 15 +++++ 11 files changed, 117 insertions(+), 18 deletions(-) create mode 100644 ld/testsuite/ld-elf/property-seal-1.d create mode 100644 ld/testsuite/ld-elf/property-seal-2.d diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c index ee8bd37f2bd..ed3e4752893 100644 --- a/bfd/elf-properties.c +++ b/bfd/elf-properties.c @@ -177,6 +177,20 @@ _bfd_elf_parse_gnu_properties (bfd *abfd, Elf_Internal_Note *note) prop->pr_kind = property_number; goto next; + case GNU_PROPERTY_NO_MEMORY_SEAL: + if (datasz != 0) + { + _bfd_error_handler + (_("warning: %pB: corrupt no memory sealing size: 0x%x"), + abfd, datasz); + /* Clear all properties. */ + elf_properties (abfd) = NULL; + return false; + } + prop = _bfd_elf_get_property (abfd, type, datasz); + prop->pr_kind = property_number; + goto next; + default: if ((type >= GNU_PROPERTY_UINT32_AND_LO && type <= GNU_PROPERTY_UINT32_AND_HI) @@ -258,6 +272,9 @@ elf_merge_gnu_properties (struct bfd_link_info *info, bfd *abfd, bfd *bbfd, be added to ABFD. */ return aprop == NULL; + case GNU_PROPERTY_NO_MEMORY_SEAL: + return aprop == NULL; + default: updated = false; if (pr_type >= GNU_PROPERTY_UINT32_OR_LO @@ -607,6 +624,33 @@ elf_write_gnu_properties (struct bfd_link_info *info, } } +static asection * +_bfd_elf_link_create_gnu_property_sec (struct bfd_link_info *info, bfd *elf_bfd, + unsigned int elfclass) +{ + asection *sec; + + sec = bfd_make_section_with_flags (elf_bfd, + NOTE_GNU_PROPERTY_SECTION_NAME, + (SEC_ALLOC + | SEC_LOAD + | SEC_IN_MEMORY + | SEC_READONLY + | SEC_HAS_CONTENTS + | SEC_DATA)); + if (sec == NULL) + info->callbacks->einfo (_("%F%P: failed to create GNU property section\n")); + + if (!bfd_set_section_alignment (sec, + elfclass == ELFCLASS64 ? 3 : 2)) + info->callbacks->einfo (_("%F%pA: failed to align section\n"), + sec); + + elf_section_type (sec) = SHT_NOTE; + return sec; +} + + /* Set up GNU properties. Return the first relocatable ELF input with GNU properties if found. Otherwise, return NULL. */ @@ -656,23 +700,7 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info) /* Support -z indirect-extern-access. */ if (first_pbfd == NULL) { - sec = bfd_make_section_with_flags (elf_bfd, - NOTE_GNU_PROPERTY_SECTION_NAME, - (SEC_ALLOC - | SEC_LOAD - | SEC_IN_MEMORY - | SEC_READONLY - | SEC_HAS_CONTENTS - | SEC_DATA)); - if (sec == NULL) - info->callbacks->einfo (_("%F%P: failed to create GNU property section\n")); - - if (!bfd_set_section_alignment (sec, - elfclass == ELFCLASS64 ? 3 : 2)) - info->callbacks->einfo (_("%F%pA: failed to align section\n"), - sec); - - elf_section_type (sec) = SHT_NOTE; + sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass); first_pbfd = elf_bfd; has_properties = true; } @@ -690,6 +718,27 @@ _bfd_elf_link_setup_gnu_properties (struct bfd_link_info *info) |= GNU_PROPERTY_1_NEEDED_INDIRECT_EXTERN_ACCESS; } + if (info->no_memory_seal && elf_bfd != NULL) + { + /* Support -z no-memory-seal. */ + if (first_pbfd == NULL) + { + sec = _bfd_elf_link_create_gnu_property_sec (info, elf_bfd, elfclass); + first_pbfd = elf_bfd; + has_properties = true; + } + + p = _bfd_elf_get_property (first_pbfd, GNU_PROPERTY_NO_MEMORY_SEAL, 0); + if (p->pr_kind == property_unknown) + { + /* Create GNU_PROPERTY_NO_MEMORY_SEAL. */ + p->u.number = GNU_PROPERTY_NO_MEMORY_SEAL; + p->pr_kind = property_number; + } + else + p->u.number |= GNU_PROPERTY_NO_MEMORY_SEAL; + } + /* Do nothing if there is no .note.gnu.property section. */ if (!has_properties) return NULL; diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c index 85737fc18b7..2639c58bc93 100644 --- a/bfd/elfxx-x86.c +++ b/bfd/elfxx-x86.c @@ -4813,7 +4813,8 @@ _bfd_x86_elf_link_fixup_gnu_properties for (p = *listp; p; p = p->next) { unsigned int type = p->property.pr_type; - if (type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED + if (type == GNU_PROPERTY_NO_MEMORY_SEAL + || type == GNU_PROPERTY_X86_COMPAT_ISA_1_USED || type == GNU_PROPERTY_X86_COMPAT_ISA_1_NEEDED || (type >= GNU_PROPERTY_X86_UINT32_AND_LO && type <= GNU_PROPERTY_X86_UINT32_AND_HI) diff --git a/binutils/readelf.c b/binutils/readelf.c index 0f8dc1b9716..93cd1857271 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -21464,6 +21464,12 @@ print_gnu_property_note (Filedata * filedata, Elf_Internal_Note * pnote) printf (_(" "), datasz); goto next; + case GNU_PROPERTY_NO_MEMORY_SEAL: + printf ("no memory sealing "); + if (datasz) + printf (_(" "), datasz); + goto next; + default: if ((type >= GNU_PROPERTY_UINT32_AND_LO && type <= GNU_PROPERTY_UINT32_AND_HI) diff --git a/include/bfdlink.h b/include/bfdlink.h index f802ec627ef..4717b742afd 100644 --- a/include/bfdlink.h +++ b/include/bfdlink.h @@ -429,6 +429,9 @@ struct bfd_link_info /* TRUE if only one read-only, non-code segment should be created. */ unsigned int one_rosegment: 1; + /* TRUE if GNU_PROPERTY_NO_MEMORY_SEAL should be generated. */ + unsigned int no_memory_seal: 1; + /* Nonzero if .eh_frame_hdr section and PT_GNU_EH_FRAME ELF segment should be created. 1 for DWARF2 tables, 2 for compact tables. */ unsigned int eh_frame_hdr_type: 2; diff --git a/include/elf/common.h b/include/elf/common.h index c9920e7731a..80851739e4d 100644 --- a/include/elf/common.h +++ b/include/elf/common.h @@ -890,6 +890,7 @@ /* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0). */ #define GNU_PROPERTY_STACK_SIZE 1 #define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2 +#define GNU_PROPERTY_NO_MEMORY_SEAL 3 /* A 4-byte unsigned integer property: A bit is set if it is set in all relocatable inputs. */ diff --git a/ld/emultempl/elf.em b/ld/emultempl/elf.em index 863657e12f5..b27288f2115 100644 --- a/ld/emultempl/elf.em +++ b/ld/emultempl/elf.em @@ -1030,6 +1030,8 @@ fragment <