| Message ID | 20250311171305.89091-1-adhemerval.zanella@linaro.org |
|---|---|
| Headers | show
Delivered-To: patch@linaro.org
Received: by 2002:a5d:64ce:0:b0:38f:210b:807b with SMTP id f14csp1594016wri;
Tue, 11 Mar 2025 10:14:06 -0700 (PDT)
X-Forwarded-Encrypted: i=3;
AJvYcCUaUVZV2ueXqauxCAC5/Qy+lkVCXprNAKzHv7PXdXueUiIqLQeY0+QKK4hABqLz9svE2NagfQ==@linaro.org
X-Google-Smtp-Source:
AGHT+IGlG07pM1Tm1NJEELCm8PX1vAjMYQHa+LXsN35u+xwbHbeimR+qPLfslYOxqpARZIOKMdzS
X-Received: by 2002:a05:620a:4385:b0:7c5:50ab:de02 with SMTP id
af79cd13be357-7c550abe59fmr1115911285a.41.1741713245891;
Tue, 11 Mar 2025 10:14:05 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1741713245; cv=pass;
d=google.com; s=arc-20240605;
b=EnGkXJPWgb1rpmNM8ydOr6SLtzLuRrixpWvU3CqA/dHi9KLg0gCQNpqpiQYUYV1HSu
yaLoJ3D45BrRR9jbAeMrH+bLE0Gv/CNunDBag/AiD4VrVRR1l6+EzwTaBqyne5GYgFnh
GgKQEA9PX24kyE83QGrJgfo5ODEm9/fOrxRR0ubqVp946Z3livKHC9E9jMQ166Xc5guY
4f9NIsbzBAlluci7Py8c2QWhSZIY9FwGNBaUqvEbk55Gp/PLWQaCBSyLP5QveuWd3Jf6
jqpQizrCtE2SRFxtpptLC8Gd87bQf3HvAECrpzo/7jxxM8I+vfe458lpcoR4qbN0CfzW
Muaw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:list-subscribe:list-help:list-post:list-archive
:list-unsubscribe:list-id:precedence:content-transfer-encoding
:mime-version:message-id:date:subject:cc:to:from:dkim-signature
:dkim-filter:arc-filter:dmarc-filter:delivered-to:dkim-filter;
bh=X7/ceb3KV4taIDGeRJpjjrmzzQgDhYLDsdlrMP2giLA=;
fh=KcDe9xnl32Q8s5hC3CF4r26ysVeQspjxpbjrMk+PnIQ=;
b=DDGSsrF7lgTTVIAOUVJp0+ShAhakTevChuG88PPC3Ac3PSBwsyajJ+lxttuV1lu+am
IV/a9BgTZLE2MVHefbjTt0dCwgymXLWEn/2LwEzMelWVg3x9G71QTcqe+ebC3EuiEcHV
9qAtKjqYUlWsZDTxfikMpxSuEv3Qebkp3wG0pssXvM/ktDfalT6zm3Cz2o94U9PCZLDx
gfb8JzAlOSnuJbU+uGQoGzyaEfyr0uxHLyNYyKmSC4q5JyxrHFNi0sq1RzaOvCIkm+4G
Wd4VPn4XuzyE3Aci9+7QxD+781vm9x3BavMG8qBVM4h2H+JdkOE/9eOEYHrzN3VHeugR
GLeQ==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=woFq5GeE;
arc=pass (i=1);
spf=pass (google.com: domain of
libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
permitted sender)
smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <libc-alpha-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97])
by mx.google.com with ESMTPS id
af79cd13be357-7c53c8a10fdsi771465385a.468.2025.03.11.10.14.05
for <patch@linaro.org>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 11 Mar 2025 10:14:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of
libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=woFq5GeE;
arc=pass (i=1);
spf=pass (google.com: domain of
libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
permitted sender)
smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
by sourceware.org (Postfix) with ESMTP id 3AE1F3857B98
for <patch@linaro.org>; Tue, 11 Mar 2025 17:14:05 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3AE1F3857B98
Authentication-Results: sourceware.org;
dkim=pass (2048-bit key,
unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
header.s=google header.b=woFq5GeE
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com
[IPv6:2607:f8b0:4864:20::633])
by sourceware.org (Postfix) with ESMTPS id D8C093858435
for <libc-alpha@sourceware.org>; Tue, 11 Mar 2025 17:13:12 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D8C093858435
Authentication-Results: sourceware.org;
dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D8C093858435
Authentication-Results: server2.sourceware.org;
arc=none smtp.remote-ip=2607:f8b0:4864:20::633
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1741713193; cv=none;
b=kxj8S6fHSajqWhozdfmGvN8qQNk5ScdtI/QfTcLwZtjOtcsTneFsS7n1YfFzOWqwVcGzZ/5MUVhWEHFQ8+4/JiE8XZERVAtCnRPJezHUubbCBOeyBQ5MyK20bqT0B9OF7EgQZTGz9kCZx6q+Vc514Zr0O2iF3zd+NzELrjoiseU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
t=1741713193; c=relaxed/simple;
bh=e7VA8K9RJH3e4efWc3RXlic45OWeMtPLpSSnhHq8ZDQ=;
h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
b=jMZ8BBjws5xlKyB5aFGiScwBuNefTEJGucb9b8uxoSEhE3kTYWaZol/0aH6CYIpEttvnnMB2X9CZRI11auaaYtBDJWGavXyEUH8HrZTJVHGqG/d9e/mPfyIP+823el+Ldl6RVlCMlPOglFJO69/yj+bDLz+kvnn7nbeSOSFRkBA=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D8C093858435
Received: by mail-pl1-x633.google.com with SMTP id
d9443c01a7336-224100e9a5cso110180535ad.2
for <libc-alpha@sourceware.org>; Tue, 11 Mar 2025 10:13:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=linaro.org; s=google; t=1741713191; x=1742317991; darn=sourceware.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=X7/ceb3KV4taIDGeRJpjjrmzzQgDhYLDsdlrMP2giLA=;
b=woFq5GeESAgJOPOzlW22FKuH9kDkAzYuwa3W5qRqO+qXmG+DURk+3TqT1+iBDNYKnS
QVIf0L8bQ+AzPvhyQJRDz7GkyHy9sWEAnonKFlLi/t1fg+jVD9JlD0Q1tAAEfNssiGNr
glJb8+coYCbWB3mDeHiV0v3DkhG2jLEZmTIrZnz4930wHcZ3Us3JyWwu2ycEURRP6k6z
A52Od9xf5u4VnoNE8oZACCLXAY78OgcSS4E+VnZV2lq4eBcKCJn0eYGhq/XdusvPovLE
Wjl73JCBgE0BX45rTYQsG4nRVDd6ewVYAzfnf++JuO3uCzP9bf6qDiIGHiBbqUjQE6e8
tQRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1741713191; x=1742317991;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=X7/ceb3KV4taIDGeRJpjjrmzzQgDhYLDsdlrMP2giLA=;
b=JQ0HSVVu4Gg4lq+qpPmTa19xZWw/J6PWiqvnXMgEswz9fUleVNXxsVFg/+ORirsKa/
EbiOP12gwN9DFl6zmdip+5RGwkfLtv1/foKb564Eml5WoUbc6viMKsr8HkH58BRvcDdA
WoBoWv4jy2UDJjwam1cZKhq7IZ70hQ6aiuH8c76J4e13beGu5NdMtIfsHaGtAjslePFd
WTqKCtojuc2+d5TG25ju5QTONyvHtr8X0QSgV8PWedGO6McvbI/q7eLveSjGQXNrgZmR
qfIsLZt9ULplgmT94/TMVDFafoKW2J2LKxw5CLGvt56dD/NxT2Qo7hO9GkGl/54y2BU1
wmiw==
X-Gm-Message-State: AOJu0YzZzWjaVVnyfy4ag58xegIq912LseHWe1judUPYzJsw7HR+bOOR
9fePTdhsOlTXDedYBtXWf61db6CqI/jgWwyeyxM3GCxXFGmqmnTuFIrov497mcgC2U1yqBid7is
2
X-Gm-Gg: ASbGncssD6oPkaRbBxUxNYBkji+gnNHsvWvFR3j5UIXNH6kOBdmTjGBSdUBEcGbDnHR
FAQhA1MdTlnNCd4GPH9B40DlZcJMDNI1w5P+inyAOhC0cUS+RltQIPcmE3jD/WDiNEocmnZx/c0
Co8xFqdpRC++UUclwvPuK6WEr2JHN0PU6dHRYquj1F2lDQQqXj3J+dVnCJXN5VI8/edhilvq2pV
+qWkpdV3pggi7jNPSVp58UqS9IH1npxmCyKk+N09r5aL86mUjoxZmA0yBm8yVY/VUHbV5U0VVSh
Xx2XORXYcvSKUd2BzVSUqTFtgT+QPBzszqa31yHu5KRY6GdO8ptOR5A=
X-Received: by 2002:a17:902:ccc9:b0:223:2aab:462c with SMTP id
d9443c01a7336-22428899f43mr294405375ad.15.1741713190643;
Tue, 11 Mar 2025 10:13:10 -0700 (PDT)
Received: from mandiga.. ([2804:1b3:a7c1:1ebf:8b5:8f5b:dd39:866])
by smtp.gmail.com with ESMTPSA id
98e67ed59e1d1-2ff693f8804sm11438131a91.47.2025.03.11.10.13.08
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 11 Mar 2025 10:13:10 -0700 (PDT)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>, Florian Weimer <fweimer@redhat.com>,
"H . J . Lu" <hjl.tools@gmail.com>,
Yury Khrustalev <yury.khrustalev@arm.com>
Subject: [PATCH v6 0/9] Add support for memory sealing
Date: Tue, 11 Mar 2025 14:09:47 -0300
Message-ID: <20250311171305.89091-1-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org
|
| Series |
Add support for memory sealing
|
expand
|
The Linux 6.10 (8be7258aad44) added the mseal syscall that allows blocking some memory mapping operations on the VMA range: * Unmapping, moving to another location, extending or shrinking the size, munmap, and mremap. * Moving or expanding a different VMA into the current range, via mremap. * Modifying the memory range with mmap along with flag MAP_FIXED. * Expanding the size with mremap. * Change the protection flags with mprotect or pkey_mprotect. * Destructive behaviors on anonymous memory, such as madvice with MADV_DONTNEED. Memory sealing is a hardening mechanism [1] to prevent memory mapping changes to the ELF segment mappings done by the dynamic loader (for instance, the RELRO hardening). The OpenBSD supports a similar hardening with the mimmutable syscall [2]. Memory sealing is an opt-in security feature that requires the new GNU property GNU_PROPERTY_MEMORY_SEAL, defined in Linux ABI [3] and supported on binutils 2.44 [4]. The memory sealing is applied iff the attribute is presented in the binary, and ignored in dependencies otherwise. It allows the program to define whether sealing will be applied, even if the dependencies have the attribute (for instance on CRIU, where it can not work correctly with sealing applied). The GNU_PROPERTY_MEMORY_SEAL enforcement depends on whether the kernel supports the mseal syscall and how glibc is configured. On the default configuration that aims to support older kernel releases, the memory sealing attribute is taken as a hint. If glibc is configured with a minimum kernel of 6.10, where mseal is implied to be supported, sealing is enforced. The memory sealing for ELF segments is done in multiple places where the mapping is supposed to be immutable over program execution: * All shared library dependencies from the binary, including the read-only segments after PT_GNU_RELRO setup. * The binary itself, including dynamic and static links. In both cases, it is up either to binary or the loader to set up the sealing. * Any preload libraries. * Any library loaded with dlopen with RTLD_NODELETE flag (including libgcc.so loaded to enable process unwind and thread cancellation). * Audit modules. There is an option to enable memory sealing for glibc itself, —-enable-memory-sealing, including installed programs and tests. It is disabled by default. Since memory sealing is applied for all the PT_LOAD segments, a new program header is also supported so users can define a region where sealing should not be applied (so users can later initialize and change memory protection). The special section, PT_GNU_MUTABLE (reference implemented at [5]), marks a memory region that should not be sealed if the GNU_PROPERTY_MEMORY_SEAL attribute is present. The section name starts with ".gnu.mutable" and has an alignment and size of the defined maximum page size (-z max-page-size linker options). For instance the code: #define GNU_MUTABLE_SECTION_NAME ".gnu.mutable" unsigned char mutable_array1[64] __attribute__ ((section (GNU_MUTABLE_SECTION_NAME))) = { 0 }; unsigned char mutable_array2[32] __attribute__ ((section (GNU_MUTABLE_SECTION_NAME))) = { 0 }; places both 'mutable_array1' and 'mutable_array2' on a page aligned memory region with the size of a page. The linker sets the alignment and size to simplify support for ABIs with multiple page sizes, otherwise user would need to know the maximum page size to correctly define the alignment and size of the variable. Finally a new tunable can be used to disable memory sealing on the program and all its dependencies. This can be useful for debugging, along with patchable function entries (-fpatchable-function-entry), or profiling (-mfentry, -mnop-count, -minstrument-return) where the program might be run with or without changes to its text segment. I tested on both x86_64-linux-gnu and aarch64-linux-gnu with Linux 6.14, along with some testing on a powerpc64le-linux-gnu and s390x-inux-gnu VMs. [1] https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/ [2] https://man.openbsd.org/mimmutable.2 [3] https://gitlab.com/x86-psABIs/Linux-ABI/-/commit/25a851b99665e7b22db5fabe818efaaa52466893 [4] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=4d890484df4b2cf004f6f1f6d8c39a69fa39c875 [5] https://sourceware.org/git/?p=binutils-gdb.git;a=shortlog;h=refs/heads/azanella/pt_gnu_mutable Changes v5->v6: * Fixed aarch64 gnu attribute handling to work with GCS. * Add support for PT_GNU_MUTABLE. * Fixed mseal manual wording. * Add the tunable to allow some user cases (profiling). * Changed semantics to avoid sealing on dependencies if the attribute is not present on the binary. * Change how to apply sealing on glibc itself (disable by default now) Changes v4->v5: * Removed the tunable. * Rebased against GCS change to enable GNU attribute parsing on all architectures. Changes v3->v4: * Rebase against master (remove nios2 ABI update and handle f2326c2ec0a0a8db changes). * Handle vvar_vclock mapping on tests. Changes v2->v3: * Make the option opt-in instead of opt-out. Adhemerval Zanella (9): linux: Add mseal syscall support elf: Parse gnu properties for statically linked binaries elf: Parse gnu properties for the loader elf: Use RTLD_NODELETE for dependencies elf: Add support to memory sealing Add --enable-memory-sealing configure option linux: Add memory sealing tests linux: Add support for PT_GNU_MUTABLE elf: Add glibc.rtld.seal tunable INSTALL | 6 + Makeconfig | 19 +- Makerules | 2 + NEWS | 23 +- configure | 90 +++++- configure.ac | 38 +++ csu/libc-start.c | 4 + elf/Makefile | 19 +- elf/dl-load.c | 9 + elf/dl-map-segments.h | 17 +- elf/dl-open.c | 3 +- elf/dl-reloc.c | 77 ++++- elf/dl-support.c | 25 ++ elf/dl-tunables.list | 6 + elf/elf.h | 4 + elf/rtld.c | 24 +- elf/setup-vdso.h | 2 + elf/tst-rtld-list-tunables.exp | 1 + include/link.h | 12 + manual/install.texi | 5 + manual/memory.texi | 69 +++++ manual/tunables.texi | 36 +++ sysdeps/aarch64/dl-prop.h | 5 + sysdeps/generic/dl-mseal.h | 22 ++ sysdeps/generic/dl-prop-mseal.h | 34 +++ sysdeps/generic/dl-prop.h | 5 + sysdeps/generic/ldsodefs.h | 10 + sysdeps/generic/libc-prop.h | 44 +++ sysdeps/unix/sysv/linux/Makefile | 106 +++++++ sysdeps/unix/sysv/linux/Versions | 3 + sysdeps/unix/sysv/linux/aarch64/libc-start.h | 11 - sysdeps/unix/sysv/linux/aarch64/libc.abilist | 1 + sysdeps/unix/sysv/linux/alpha/libc.abilist | 1 + sysdeps/unix/sysv/linux/arc/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/le/libc.abilist | 1 + sysdeps/unix/sysv/linux/bits/mman-shared.h | 8 + sysdeps/unix/sysv/linux/csky/libc.abilist | 1 + sysdeps/unix/sysv/linux/dl-mseal.c | 60 ++++ sysdeps/unix/sysv/linux/dl-mseal.h | 31 ++ sysdeps/unix/sysv/linux/hppa/libc.abilist | 1 + sysdeps/unix/sysv/linux/i386/libc.abilist | 1 + sysdeps/unix/sysv/linux/kernel-features.h | 8 + .../sysv/linux/loongarch/lp64/libc.abilist | 1 + .../sysv/linux/m68k/coldfire/libc.abilist | 1 + .../unix/sysv/linux/m68k/m680x0/libc.abilist | 1 + .../sysv/linux/microblaze/be/libc.abilist | 1 + .../sysv/linux/microblaze/le/libc.abilist | 1 + .../sysv/linux/mips/mips32/fpu/libc.abilist | 1 + .../sysv/linux/mips/mips64/n32/libc.abilist | 1 + .../sysv/linux/mips/mips64/n64/libc.abilist | 1 + sysdeps/unix/sysv/linux/or1k/libc.abilist | 1 + .../linux/powerpc/powerpc32/fpu/libc.abilist | 1 + .../powerpc/powerpc32/nofpu/libc.abilist | 1 + .../linux/powerpc/powerpc64/be/libc.abilist | 1 + .../linux/powerpc/powerpc64/le/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv32/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv64/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-32/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-64/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/le/libc.abilist | 1 + .../sysv/linux/sparc/sparc32/libc.abilist | 1 + .../sysv/linux/sparc/sparc64/libc.abilist | 1 + sysdeps/unix/sysv/linux/syscalls.list | 1 + .../unix/sysv/linux/tst-dl_mseal-auditmod.c | 23 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-common.h | 29 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c | 19 ++ .../sysv/linux/tst-dl_mseal-mutable-dlopen.c | 1 + .../sysv/linux/tst-dl_mseal-mutable-mod.c | 47 ++++ .../sysv/linux/tst-dl_mseal-mutable-mod.h | 33 +++ .../sysv/linux/tst-dl_mseal-mutable-static.c | 2 + .../unix/sysv/linux/tst-dl_mseal-mutable.c | 242 ++++++++++++++++ sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c | 94 +++++++ .../unix/sysv/linux/tst-dl_mseal-preload.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-skeleton.c | 266 ++++++++++++++++++ .../sysv/linux/tst-dl_mseal-static-noseal.c | 59 ++++ sysdeps/unix/sysv/linux/tst-dl_mseal-static.c | 56 ++++ .../unix/sysv/linux/tst-dl_mseal-tunable.c | 24 ++ sysdeps/unix/sysv/linux/tst-dl_mseal.c | 92 ++++++ sysdeps/unix/sysv/linux/tst-mseal-pkey.c | 84 ++++++ sysdeps/unix/sysv/linux/tst-mseal.c | 67 +++++ .../unix/sysv/linux/x86_64/64/libc.abilist | 1 + .../unix/sysv/linux/x86_64/x32/libc.abilist | 1 + sysdeps/x86/dl-prop.h | 8 +- 90 files changed, 2104 insertions(+), 26 deletions(-) create mode 100644 sysdeps/generic/dl-mseal.h create mode 100644 sysdeps/generic/dl-prop-mseal.h create mode 100644 sysdeps/generic/libc-prop.h create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.c create mode 100644 sysdeps/unix/sysv/linux/dl-mseal.h create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-common.h create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mutable-dlopen.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mutable-mod.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mutable-mod.h create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mutable-static.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mutable.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-tunable.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-mseal-pkey.c create mode 100644 sysdeps/unix/sysv/linux/tst-mseal.c