diff mbox series

[v7,1/4] elf: Cleanup and improve tst-execstack

Message ID 20241226175834.2531046-2-adhemerval.zanella@linaro.org
State New
Headers show
Series Improve executable stack handling | expand

Commit Message

Adhemerval Zanella Netto Dec. 26, 2024, 5:57 p.m. UTC
Use libsupport and handle new SELinux versions.
---
 elf/tst-execstack.c | 200 ++++++++++++++++++++------------------------
 1 file changed, 91 insertions(+), 109 deletions(-)

Comments

Florian Weimer Dec. 30, 2024, 5:08 p.m. UTC | #1
* Adhemerval Zanella:

> +static bool
> +check_selinux (void)
> +{
> +  /* Old Red Hat like systems.  */
> +  enum selinux_status r =
> +    check_selinux_generic ("/selinux/enforce",
> +			   "/selinux/booleans/allow_execstack");
> +  if (r == SELINUX_NOT_PRESENT)
> +    /* New Red Hard like systems.  */
> +    r = check_selinux_generic ("/sys/fs/selinux/enforce",
> +			       "/sys/fs/selinux/booleans/selinuxuser_execstack");
> +  return r == SELINUX_NOT_PRESENT || r == SELINUX_EXECSTACK_ENABLE;
> +}

Typo: Red Ha[t]

I think this isn't quite right.  The path prefix (selinuxfs mount point)
is independent of the policy style.  The reference policy
<https://github.com/SELinuxProject/refpolicy> still uses allow_execstack
in its most recent versions.  Only the Fedora policy
<https://github.com/fedora-selinux/selinux-policy> uses
selinuxuser_execstack.

Rest of the changes look okay.

Thanks,
Florian
Adhemerval Zanella Netto Dec. 30, 2024, 7:08 p.m. UTC | #2
On 30/12/24 14:08, Florian Weimer wrote:
> * Adhemerval Zanella:
> 
>> +static bool
>> +check_selinux (void)
>> +{
>> +  /* Old Red Hat like systems.  */
>> +  enum selinux_status r =
>> +    check_selinux_generic ("/selinux/enforce",
>> +			   "/selinux/booleans/allow_execstack");
>> +  if (r == SELINUX_NOT_PRESENT)
>> +    /* New Red Hard like systems.  */
>> +    r = check_selinux_generic ("/sys/fs/selinux/enforce",
>> +			       "/sys/fs/selinux/booleans/selinuxuser_execstack");
>> +  return r == SELINUX_NOT_PRESENT || r == SELINUX_EXECSTACK_ENABLE;
>> +}
> 
> Typo: Red Ha[t]
> 
> I think this isn't quite right.  The path prefix (selinuxfs mount point)
> is independent of the policy style.  The reference policy
> <https://github.com/SELinuxProject/refpolicy> still uses allow_execstack
> in its most recent versions.  Only the Fedora policy
> <https://github.com/fedora-selinux/selinux-policy> uses
> selinuxuser_execstack.

Right, do you prefer if I can move this to a different patch? My first
approach was to use a list of mount points and check for both policy
styles.

I don't have access to a Red Hat release, so I used as a proxy the CentOS 
and Alma Linux we have on gcc compile farm.  It seems that such system
might not be a 100% proxy for Red Hat systems.

> 
> Rest of the changes look okay.
> 
> Thanks,
> Florian
>
Florian Weimer Dec. 30, 2024, 7:47 p.m. UTC | #3
* Adhemerval Zanella Netto:

> On 30/12/24 14:08, Florian Weimer wrote:
>> * Adhemerval Zanella:
>> 
>>> +static bool
>>> +check_selinux (void)
>>> +{
>>> +  /* Old Red Hat like systems.  */
>>> +  enum selinux_status r =
>>> +    check_selinux_generic ("/selinux/enforce",
>>> +			   "/selinux/booleans/allow_execstack");
>>> +  if (r == SELINUX_NOT_PRESENT)
>>> +    /* New Red Hard like systems.  */
>>> +    r = check_selinux_generic ("/sys/fs/selinux/enforce",
>>> +			       "/sys/fs/selinux/booleans/selinuxuser_execstack");
>>> +  return r == SELINUX_NOT_PRESENT || r == SELINUX_EXECSTACK_ENABLE;
>>> +}
>> 
>> Typo: Red Ha[t]
>> 
>> I think this isn't quite right.  The path prefix (selinuxfs mount point)
>> is independent of the policy style.  The reference policy
>> <https://github.com/SELinuxProject/refpolicy> still uses allow_execstack
>> in its most recent versions.  Only the Fedora policy
>> <https://github.com/fedora-selinux/selinux-policy> uses
>> selinuxuser_execstack.
>
> Right, do you prefer if I can move this to a different patch? My first
> approach was to use a list of mount points and check for both policy
> styles.

Let's keep it separate I would say.  It seems uncommon to test glibc
with allow_execstack or equivalent disabled.

> I don't have access to a Red Hat release, so I used as a proxy the CentOS 
> and Alma Linux we have on gcc compile farm.  It seems that such system
> might not be a 100% proxy for Red Hat systems.

I don't think downstreams from RHEL deviate here.  The last RHEL release
that used /selinux as the mount was RHEL 6.  It's got a heavily patched
2.6.32 kernel (with lots of *at system call backports).  It's probably
good enough to build and run glibc now that we have removed the kernel
version check, but I don't expect anyone doing that.

I don't know which mountpoints other distributions use (that aren't
downstream from Fedora).  Fedora formally forked from refpolicy here:

commit 51dc83b2d4cd22cff6fbf6116b954b4f672b90c4
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Sun Dec 24 14:31:11 2017 +0100

    Commit removes big SELinux policy patches against tresys refpolicy.
    
    We're quite diverted from upstream policy. This change will use tarballs
    from github projects:
    https://github.com/fedora-selinux/selinux-policy
    https://github.com/fedora-selinux/selinux-policy-contrib

But the introduction of selinuxuser_execstack is even older, it seems to
date back to:

commit c3956376c7bcb2927655da7737fe6c064d746d72
Author: Dan Walsh <dwalsh@redhat.com>
Date:   Fri Jun 8 10:09:54 2012 -0400

    Add booleans.subs_dist to selinux-policy package

And that didn't make it into the RHEL 6 release, only RHEL 7 and later.

I expect other distributions based on refpolicy to still use
allow_execstack, though.

Thanks,
Florian
Adhemerval Zanella Netto Dec. 30, 2024, 8:09 p.m. UTC | #4
On 30/12/24 16:47, Florian Weimer wrote:
> * Adhemerval Zanella Netto:
> 
>> On 30/12/24 14:08, Florian Weimer wrote:
>>> * Adhemerval Zanella:
>>>
>>>> +static bool
>>>> +check_selinux (void)
>>>> +{
>>>> +  /* Old Red Hat like systems.  */
>>>> +  enum selinux_status r =
>>>> +    check_selinux_generic ("/selinux/enforce",
>>>> +			   "/selinux/booleans/allow_execstack");
>>>> +  if (r == SELINUX_NOT_PRESENT)
>>>> +    /* New Red Hard like systems.  */
>>>> +    r = check_selinux_generic ("/sys/fs/selinux/enforce",
>>>> +			       "/sys/fs/selinux/booleans/selinuxuser_execstack");
>>>> +  return r == SELINUX_NOT_PRESENT || r == SELINUX_EXECSTACK_ENABLE;
>>>> +}
>>>
>>> Typo: Red Ha[t]
>>>
>>> I think this isn't quite right.  The path prefix (selinuxfs mount point)
>>> is independent of the policy style.  The reference policy
>>> <https://github.com/SELinuxProject/refpolicy> still uses allow_execstack
>>> in its most recent versions.  Only the Fedora policy
>>> <https://github.com/fedora-selinux/selinux-policy> uses
>>> selinuxuser_execstack.
>>
>> Right, do you prefer if I can move this to a different patch? My first
>> approach was to use a list of mount points and check for both policy
>> styles.
> 
> Let's keep it separate I would say.  It seems uncommon to test glibc
> with allow_execstack or equivalent disabled.

Ack, updated patch in below.

> 
>> I don't have access to a Red Hat release, so I used as a proxy the CentOS 
>> and Alma Linux we have on gcc compile farm.  It seems that such system
>> might not be a 100% proxy for Red Hat systems.
> 
> I don't think downstreams from RHEL deviate here.  The last RHEL release
> that used /selinux as the mount was RHEL 6.  It's got a heavily patched
> 2.6.32 kernel (with lots of *at system call backports).  It's probably
> good enough to build and run glibc now that we have removed the kernel
> version check, but I don't expect anyone doing that.
> 
> I don't know which mountpoints other distributions use (that aren't
> downstream from Fedora).  Fedora formally forked from refpolicy here:
> 
> commit 51dc83b2d4cd22cff6fbf6116b954b4f672b90c4
> Author: Lukas Vrabec <lvrabec@redhat.com>
> Date:   Sun Dec 24 14:31:11 2017 +0100
> 
>     Commit removes big SELinux policy patches against tresys refpolicy.
>     
>     We're quite diverted from upstream policy. This change will use tarballs
>     from github projects:
>     https://github.com/fedora-selinux/selinux-policy
>     https://github.com/fedora-selinux/selinux-policy-contrib
> 
> But the introduction of selinuxuser_execstack is even older, it seems to
> date back to:
> 
> commit c3956376c7bcb2927655da7737fe6c064d746d72
> Author: Dan Walsh <dwalsh@redhat.com>
> Date:   Fri Jun 8 10:09:54 2012 -0400
> 
>     Add booleans.subs_dist to selinux-policy package
> 
> And that didn't make it into the RHEL 6 release, only RHEL 7 and later.
> 
> I expect other distributions based on refpolicy to still use
> allow_execstack, though.

Thanks for digging this up.  I added this snippet just because I noticed
the tests was being ineffective on CentOS and other Fedora like system.

---

From d66cce76422f1c53e7f4e9dced3112e5f90c1e28 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu, 26 Dec 2024 11:25:28 -0300
Subject: [PATCH 1/4] elf: Cleanup and improve tst-execstack

Use libsupport and handle new SELinux versions.
---
 elf/tst-execstack.c | 126 ++++++++++++++------------------------------
 1 file changed, 41 insertions(+), 85 deletions(-)

diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c
index 560b353918..fae2930f70 100644
--- a/elf/tst-execstack.c
+++ b/elf/tst-execstack.c
@@ -1,24 +1,32 @@
 /* Test program for making nonexecutable stacks executable
-   on load of a DSO that requires executable stacks.  */
+   on load of a DSO that requires executable stacks.
 
-#include <dlfcn.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
+   Copyright (C) 2003-2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <array_length.h>
 #include <error.h>
 #include <stackinfo.h>
-
-static void
-print_maps (void)
-{
-#if 0
-  char *cmd = NULL;
-  asprintf (&cmd, "cat /proc/%d/maps", getpid ());
-  system (cmd);
-  free (cmd);
-#endif
-}
+#include <stdbool.h>
+#include <string.h>
+#include <support/xdlfcn.h>
+#include <support/xthread.h>
+#include <support/check.h>
+#include <support/xstdio.h>
 
 static void deeper (void (*f) (void));
 
@@ -38,8 +46,8 @@ static void *
 waiter_thread (void *arg)
 {
   void **f = arg;
-  pthread_barrier_wait (&startup_barrier);
-  pthread_barrier_wait (&go_barrier);
+  xpthread_barrier_wait (&startup_barrier);
+  xpthread_barrier_wait (&go_barrier);
 
   (*((void (*) (void)) *f)) ();
 
@@ -88,47 +96,26 @@ do_test (void)
 #if USE_PTHREADS
   /* Create some threads while stacks are nonexecutable.  */
   #define N 5
-  pthread_t thr[N];
 
-  pthread_barrier_init (&startup_barrier, NULL, N + 1);
-  pthread_barrier_init (&go_barrier, NULL, N + 1);
+  xpthread_barrier_init (&startup_barrier, NULL, N + 1);
+  xpthread_barrier_init (&go_barrier, NULL, N + 1);
 
   for (int i = 0; i < N; ++i)
-    {
-      int rc = pthread_create (&thr[i], NULL, &waiter_thread, &f);
-      if (rc)
-	error (1, rc, "pthread_create");
-    }
+    xpthread_create (NULL, &waiter_thread, &f);
 
   /* Make sure they are all there using their stacks.  */
-  pthread_barrier_wait (&startup_barrier);
+  xpthread_barrier_wait (&startup_barrier);
   puts ("threads waiting");
 #endif
 
-  print_maps ();
-
 #if USE_PTHREADS
   void *old_stack_addr, *new_stack_addr;
   size_t stack_size;
   pthread_t me = pthread_self ();
   pthread_attr_t attr;
-  int ret = 0;
-
-  ret = pthread_getattr_np (me, &attr);
-  if (ret)
-    {
-      printf ("before execstack: pthread_getattr_np returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
-
-  ret = pthread_attr_getstack (&attr, &old_stack_addr, &stack_size);
-  if (ret)
-    {
-      printf ("before execstack: pthread_attr_getstack returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
+  TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0);
+  TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &old_stack_addr,
+					    &stack_size) == 0);
 # if _STACK_GROWS_DOWN
     old_stack_addr += stack_size;
 # else
@@ -149,36 +136,17 @@ do_test (void)
       return allow_execstack;
     }
 
-  f = dlsym (h, "tryme");
-  if (f == NULL)
-    {
-      printf ("symbol not found: %s\n", dlerror ());
-      return 1;
-    }
+  f = xdlsym (h, "tryme");
 
   /* Test if that really made our stack executable.
      The `tryme' function should crash if not.  */
 
   (*((void (*) (void)) f)) ();
 
-  print_maps ();
-
 #if USE_PTHREADS
-  ret = pthread_getattr_np (me, &attr);
-  if (ret)
-    {
-      printf ("after execstack: pthread_getattr_np returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
-
-  ret = pthread_attr_getstack (&attr, &new_stack_addr, &stack_size);
-  if (ret)
-    {
-      printf ("after execstack: pthread_attr_getstack returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
+  TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0);
+  TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &new_stack_addr,
+					    &stack_size) == 0);
 
 # if _STACK_GROWS_DOWN
     new_stack_addr += stack_size;
@@ -194,33 +162,21 @@ do_test (void)
      stacksize and stackaddr respectively.  If the size changes due to the
      above, then both stacksize and stackaddr can change, but the stack bottom
      should remain the same, which is computed as stackaddr + stacksize.  */
-  if (old_stack_addr != new_stack_addr)
-    {
-      printf ("Stack end changed, old: %p, new: %p\n",
-	      old_stack_addr, new_stack_addr);
-      return 1;
-    }
+  TEST_VERIFY_EXIT (old_stack_addr == new_stack_addr);
   printf ("Stack address remains the same: %p\n", old_stack_addr);
 #endif
 
   /* Test that growing the stack region gets new executable pages too.  */
   deeper ((void (*) (void)) f);
 
-  print_maps ();
-
 #if USE_PTHREADS
   /* Test that a fresh thread now gets an executable stack.  */
-  {
-    pthread_t th;
-    int rc = pthread_create (&th, NULL, &tryme_thread, f);
-    if (rc)
-      error (1, rc, "pthread_create");
-  }
+  xpthread_create (NULL, &tryme_thread, f);
 
   puts ("threads go");
   /* The existing threads' stacks should have been changed.
      Let them run to test it.  */
-  pthread_barrier_wait (&go_barrier);
+  xpthread_barrier_wait (&go_barrier);
 
   pthread_exit ((void *) (long int) (! allow_execstack));
 #endif
Florian Weimer Dec. 30, 2024, 8:22 p.m. UTC | #5
* Adhemerval Zanella Netto:

> From d66cce76422f1c53e7f4e9dced3112e5f90c1e28 Mon Sep 17 00:00:00 2001
> From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> Date: Thu, 26 Dec 2024 11:25:28 -0300
> Subject: [PATCH 1/4] elf: Cleanup and improve tst-execstack
>
> Use libsupport and handle new SELinux versions.

Commit message is now outdated.

For the rest:

Reviewed-by: Florian Weimer <fweimer@redhat.com>

Thanks,
Florian
diff mbox series

Patch

diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c
index 560b353918..509149ad37 100644
--- a/elf/tst-execstack.c
+++ b/elf/tst-execstack.c
@@ -1,24 +1,32 @@ 
 /* Test program for making nonexecutable stacks executable
-   on load of a DSO that requires executable stacks.  */
+   on load of a DSO that requires executable stacks.
 
-#include <dlfcn.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
+   Copyright (C) 2003-2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <array_length.h>
 #include <error.h>
 #include <stackinfo.h>
-
-static void
-print_maps (void)
-{
-#if 0
-  char *cmd = NULL;
-  asprintf (&cmd, "cat /proc/%d/maps", getpid ());
-  system (cmd);
-  free (cmd);
-#endif
-}
+#include <stdbool.h>
+#include <string.h>
+#include <support/xdlfcn.h>
+#include <support/xthread.h>
+#include <support/check.h>
+#include <support/xstdio.h>
 
 static void deeper (void (*f) (void));
 
@@ -38,8 +46,8 @@  static void *
 waiter_thread (void *arg)
 {
   void **f = arg;
-  pthread_barrier_wait (&startup_barrier);
-  pthread_barrier_wait (&go_barrier);
+  xpthread_barrier_wait (&startup_barrier);
+  xpthread_barrier_wait (&go_barrier);
 
   (*((void (*) (void)) *f)) ();
 
@@ -47,40 +55,66 @@  waiter_thread (void *arg)
 }
 #endif
 
-static bool allow_execstack = true;
-
+enum selinux_status {
+  SELINUX_NOT_PRESENT,
+  SELINUX_EXECSTACK_DISABLE,
+  SELINUX_EXECSTACK_ENABLE,
+};
 
 static int
-do_test (void)
+check_selinux_generic (const char *enforce_path, const char *execstack_path)
 {
-  /* Check whether SELinux is enabled and disallows executable stacks.  */
-  FILE *fp = fopen ("/selinux/enforce", "r");
-  if (fp != NULL)
-    {
-      char *line = NULL;
-      size_t linelen = 0;
+  FILE *fp = fopen (enforce_path, "r");
+  if (fp == NULL)
+    return SELINUX_NOT_PRESENT;
 
-      bool enabled = false;
-      ssize_t n = getline (&line, &linelen, fp);
-      if (n > 0 && line[0] != '0')
-	enabled = true;
+  char *line = NULL;
+  size_t linelen = 0;
 
-      fclose (fp);
+  bool enabled = false;
+  ssize_t n = getline (&line, &linelen, fp);
+  if (n > 0 && line[0] != '0')
+    enabled = true;
 
-      if (enabled)
+  fclose (fp);
+
+  if (enabled)
+    {
+      fp = fopen (execstack_path, "r");
+      if (fp != NULL)
 	{
-	  fp = fopen ("/selinux/booleans/allow_execstack", "r");
-	  if (fp != NULL)
-	    {
-	      n = getline (&line, &linelen, fp);
-	      if (n > 0 && line[0] == '0')
-		allow_execstack = false;
-	    }
-
-	  fclose (fp);
+	  n = getline (&line, &linelen, fp);
+	  if (n > 0 && line[0] == '0')
+	    return SELINUX_EXECSTACK_DISABLE;
 	}
+
+      fclose (fp);
     }
 
+  return SELINUX_EXECSTACK_ENABLE;
+}
+
+static bool
+check_selinux (void)
+{
+  /* Old Red Hat like systems.  */
+  enum selinux_status r =
+    check_selinux_generic ("/selinux/enforce",
+			   "/selinux/booleans/allow_execstack");
+  if (r == SELINUX_NOT_PRESENT)
+    /* New Red Hard like systems.  */
+    r = check_selinux_generic ("/sys/fs/selinux/enforce",
+			       "/sys/fs/selinux/booleans/selinuxuser_execstack");
+  return r == SELINUX_NOT_PRESENT || r == SELINUX_EXECSTACK_ENABLE;
+}
+
+
+static int
+do_test (void)
+{
+  /* Check whether SELinux is enabled and disallows executable stacks.  */
+  bool allow_execstack = check_selinux ();
+
   printf ("executable stacks %sallowed\n", allow_execstack ? "" : "not ");
 
   static void *f;		/* Address of this is used in other threads. */
@@ -88,47 +122,26 @@  do_test (void)
 #if USE_PTHREADS
   /* Create some threads while stacks are nonexecutable.  */
   #define N 5
-  pthread_t thr[N];
 
-  pthread_barrier_init (&startup_barrier, NULL, N + 1);
-  pthread_barrier_init (&go_barrier, NULL, N + 1);
+  xpthread_barrier_init (&startup_barrier, NULL, N + 1);
+  xpthread_barrier_init (&go_barrier, NULL, N + 1);
 
   for (int i = 0; i < N; ++i)
-    {
-      int rc = pthread_create (&thr[i], NULL, &waiter_thread, &f);
-      if (rc)
-	error (1, rc, "pthread_create");
-    }
+    xpthread_create (NULL, &waiter_thread, &f);
 
   /* Make sure they are all there using their stacks.  */
-  pthread_barrier_wait (&startup_barrier);
+  xpthread_barrier_wait (&startup_barrier);
   puts ("threads waiting");
 #endif
 
-  print_maps ();
-
 #if USE_PTHREADS
   void *old_stack_addr, *new_stack_addr;
   size_t stack_size;
   pthread_t me = pthread_self ();
   pthread_attr_t attr;
-  int ret = 0;
-
-  ret = pthread_getattr_np (me, &attr);
-  if (ret)
-    {
-      printf ("before execstack: pthread_getattr_np returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
-
-  ret = pthread_attr_getstack (&attr, &old_stack_addr, &stack_size);
-  if (ret)
-    {
-      printf ("before execstack: pthread_attr_getstack returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
+  TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0);
+  TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &old_stack_addr,
+					    &stack_size) == 0);
 # if _STACK_GROWS_DOWN
     old_stack_addr += stack_size;
 # else
@@ -149,36 +162,17 @@  do_test (void)
       return allow_execstack;
     }
 
-  f = dlsym (h, "tryme");
-  if (f == NULL)
-    {
-      printf ("symbol not found: %s\n", dlerror ());
-      return 1;
-    }
+  f = xdlsym (h, "tryme");
 
   /* Test if that really made our stack executable.
      The `tryme' function should crash if not.  */
 
   (*((void (*) (void)) f)) ();
 
-  print_maps ();
-
 #if USE_PTHREADS
-  ret = pthread_getattr_np (me, &attr);
-  if (ret)
-    {
-      printf ("after execstack: pthread_getattr_np returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
-
-  ret = pthread_attr_getstack (&attr, &new_stack_addr, &stack_size);
-  if (ret)
-    {
-      printf ("after execstack: pthread_attr_getstack returned error: %s\n",
-	      strerror (ret));
-      return 1;
-    }
+  TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0);
+  TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &new_stack_addr,
+					    &stack_size) == 0);
 
 # if _STACK_GROWS_DOWN
     new_stack_addr += stack_size;
@@ -194,33 +188,21 @@  do_test (void)
      stacksize and stackaddr respectively.  If the size changes due to the
      above, then both stacksize and stackaddr can change, but the stack bottom
      should remain the same, which is computed as stackaddr + stacksize.  */
-  if (old_stack_addr != new_stack_addr)
-    {
-      printf ("Stack end changed, old: %p, new: %p\n",
-	      old_stack_addr, new_stack_addr);
-      return 1;
-    }
+  TEST_VERIFY_EXIT (old_stack_addr == new_stack_addr);
   printf ("Stack address remains the same: %p\n", old_stack_addr);
 #endif
 
   /* Test that growing the stack region gets new executable pages too.  */
   deeper ((void (*) (void)) f);
 
-  print_maps ();
-
 #if USE_PTHREADS
   /* Test that a fresh thread now gets an executable stack.  */
-  {
-    pthread_t th;
-    int rc = pthread_create (&th, NULL, &tryme_thread, f);
-    if (rc)
-      error (1, rc, "pthread_create");
-  }
+  xpthread_create (NULL, &tryme_thread, f);
 
   puts ("threads go");
   /* The existing threads' stacks should have been changed.
      Let them run to test it.  */
-  pthread_barrier_wait (&go_barrier);
+  xpthread_barrier_wait (&go_barrier);
 
   pthread_exit ((void *) (long int) (! allow_execstack));
 #endif