From patchwork Thu May 2 16:35:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 794114 Delivered-To: patch@linaro.org Received: by 2002:adf:a153:0:b0:34d:5089:5a9e with SMTP id r19csp346046wrr; Thu, 2 May 2024 09:38:43 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVOoYlk3W15D4kOuu3oSidwxupqNq4X5EWrUaDvAh02yQP55E8ER4AOqrMC1GUC7rpNkjmj5P9GQMiDGyUqVQZ1 X-Google-Smtp-Source: AGHT+IHwyawVzwqQGpLo4oAKjig1/hZQHC0QCCIRy0tHsyBeTSYkmurxLF6gi7kFmUGtg9qTjosy X-Received: by 2002:a05:6870:330b:b0:238:fd65:5415 with SMTP id x11-20020a056870330b00b00238fd655415mr483805oae.37.1714667923426; Thu, 02 May 2024 09:38:43 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714667923; cv=pass; d=google.com; s=arc-20160816; b=AlOMvfpXizkFu3JsDDH4vD/OsvU2yoP+MY3+/IyY1gzpUc5rAmhWBxZz8NHE0zE7L1 9B5GS0jzJ2QwmkLh38Ei9q3W7rHowzNwNeECXg7oAipblZoAh3Zg50EIs78e1TvdgJbJ N8X3IrGYsfFmTOu0gvCpvZasvTX95IUN6xcb0jwnObzaOKRCrzAlVhwsLDLPOOAdVZFT C4OKQOp+lsL4wJloA+RKWA7gJNImXgVb8rVMuNLb36WfqqSZ6i5R3M5Rr23dOkdnD34F Ma6yFXWnT1jUG8m+bixBYJzSRr5GkgMifVXmNyvQe6AumVSGdhC6FUQJHvuYWWrIM4Rl jkbA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=Mhvj6p3FIwhaQ4EXE/dOjpwybOlOt/6m3eCX/KLL/+E=; fh=Fj4D3X8lmeg8caKyS1psvSc6iiuGGH95h/ZziX55t10=; b=upzhHJkFSY3inRMaDo9n9RKmXEWubQe5Oi/NnzJSCh8xdBV+ZXNE9yfNSSiESxWxgV tnr/w66/zxMFR97o4Dl9dT98ITYaEUFUlzQAr8tUeLcRNlklz4ax5DsVPBqQ2E0rTGV9 0386ixvyVmm4Q1ffgcez1nofdSJdxXbhYSB4LlowVSaXzkoc4LNOSUrHwRJltxUg6t/t X18sSBvk6SigYFiYNEI5DIKH2RhT0nYtzm/4g5iudBV9tULjTxjVVYFVrHj+4ywdRjEu cE1pstTn+RsBKj7xKvqVAi5kAYXRR6ETwdE0j9B2nYEKh5Q8E1CW4c50pGVUn0Zz+PHP eepw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=wxZpAnq2; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id pc35-20020a05620a842300b0078edc196108si1237321qkn.143.2024.05.02.09.38.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 May 2024 09:38:43 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=wxZpAnq2; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0F220384AB44 for ; Thu, 2 May 2024 16:38:43 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by sourceware.org (Postfix) with ESMTPS id 5CE43384AB79 for ; Thu, 2 May 2024 16:37:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5CE43384AB79 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5CE43384AB79 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::432 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714667864; cv=none; b=FCvugL2qwDE4wTEAWXCrwZrnN7M4kPAcNGox2ac2wvU+ByORLcSFbpdQWbwcb08j1z9ILDYfVAGX/z6Z7xMNdvsxcFgiv9m65VzybuChZVeYpO1uZ7F4gjJ0vZ594v3yXqoXolFpT/YY24m9akafuI8qBI8PE16WYTT/BbbLRyA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714667864; c=relaxed/simple; bh=DDpzFHaO7t7mIZjlydHBwgAhwbf5aHirbWWQea4vuag=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=kdqvliRByY9jBvH64l1KOshGUsED25AzUhpmmIjJID4kwPVtGLsSD0lUxH5vtYwpFQP82a3369BwNKqZXoEBlsH64Ica68RrfC287sjy+u0MWSVvcm6owGLfJpRqh6CF9jMtjvYBB9q+ZUEChqwq3UlVfIWmNBrOxBv6o8hamNA= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-6ee13f19e7eso7501021b3a.1 for ; Thu, 02 May 2024 09:37:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1714667858; x=1715272658; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Mhvj6p3FIwhaQ4EXE/dOjpwybOlOt/6m3eCX/KLL/+E=; b=wxZpAnq2QNfEdXSn8ZimEA66Xv0VepewWui8fg4wtK0POCayc0nb9Q0RWanPpoviCO 1BbdXSe+rvDrjf36tPRCrVSFEDdKQJYUWJOpPEFJumOwz09Bg203TAKNa3rBPKAq3KCF Whx4orxA+lEvnYhGrsde5WiAarR+wUlw6EEcBBm8dGuxvHD9QjhG2cEyrVShzyvONmi1 ERqZEs5cskPSrW8bcGLp8Epvo056NCkIP8S47voiQXOxHhTNGZ10+/Uy5+yXXvo7gkEu xkXuHrzOMbd8IYs0ydZ/sjApDSqKijuHetnFhin8QOGBo+DKNDBoGWGh1On+C5jd+Hdf Cp8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714667858; x=1715272658; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Mhvj6p3FIwhaQ4EXE/dOjpwybOlOt/6m3eCX/KLL/+E=; b=R8SsTeakDeO1uFHpMTNHBKfTfi0XwXlHvutRtfzSx0wBTWU0VL1tqyarn9CV6vjQH8 GVfPTcrvxgFgc75bf0tntFzuLpgUT2O1w5gLixcokp5QRAOb0eGLJh7SiMR1hydt1/OD Dw1pr3E4VTPppiQ9hqIPH0RjzVltfAj7aVNbyHVN/pav9r6scdzugAfhiJnGEebZmH6l kfL8TDYxxZ+GqBBiUt9QLbS6NtPSYjZfNGsjALOgInjzDwSm8jjpP6z1xjA5WGjwdW9F mm7N0n7NRO5bdxexBJ5ZvmVVKMmwW0C6n1EF+eLMGI1al8q7xPr63DOUe5jn4rYcU0y2 iBAQ== X-Gm-Message-State: AOJu0YyQbGoL1w21oDF84ER0MZqzpS4xf5U3dcwVxfdsRQNjqpwGAIvt fjG4O1MLMXvWPjMUA43h8x/GNwnIDvJ90PzoeV9csC+lFqaP/6YaEdgFfvmejhBEiz4OeoCS6fS l X-Received: by 2002:a05:6a00:3982:b0:6ea:7b29:3ab7 with SMTP id fi2-20020a056a00398200b006ea7b293ab7mr68866pfb.23.1714667857805; Thu, 02 May 2024 09:37:37 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:e3c5:e62b:fe17:6851:b93]) by smtp.gmail.com with ESMTPSA id j4-20020a62b604000000b006ecfa91a210sm1439524pff.100.2024.05.02.09.37.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 May 2024 09:37:37 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Joe Simmons-Talbott , Siddhesh Poyarekar Subject: [PATCH v2 4/4] elf: Make glibc.rtld.enable_secure ignore alias environment variables Date: Thu, 2 May 2024 13:35:59 -0300 Message-ID: <20240502163716.1107975-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240502163716.1107975-1-adhemerval.zanella@linaro.org> References: <20240502163716.1107975-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org Tunable with environment variables aliases are also ignored if glibc.rtld.enable_secure is enabled. The tunable parsing is also optimized a bit, where the loop that checks each environment variable only checks for the tunables with aliases instead of all tables. Checked on aarch64-linux-gnu and x86_64-linux-gnu. --- elf/dl-tunables.c | 36 ++++++--- elf/tst-tunables-enable_secure.c | 133 +++++++++++++++++++++++++++---- scripts/gen-tunables.awk | 16 +++- 3 files changed, 161 insertions(+), 24 deletions(-) diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 63cf8c7ab5..e87d0628b2 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -300,6 +300,9 @@ __tunables_init (char **envp) if (__libc_enable_secure) return; + enum { tunable_num_env_alias = array_length (tunable_env_alias_list) }; + struct tunable_toset_t tunables_env_alias[tunable_num_env_alias] = { 0 }; + while ((envp = get_next_env (envp, &envname, &envval, &prev_envp)) != NULL) { /* The environment variable is allocated on the stack by the kernel, so @@ -311,29 +314,44 @@ __tunables_init (char **envp) continue; } - for (int i = 0; i < tunables_list_size; i++) + for (int i = 0; i < tunable_num_env_alias; i++) { - tunable_t *cur = &tunable_list[i]; + tunable_t *cur = &tunable_list[tunable_env_alias_list[i]]; + const char *name = cur->env_alias; - /* Skip over tunables that have either been set already or should be - skipped. */ - if (cur->initialized || cur->env_alias[0] == '\0') + if (name[0] == '\0') continue; - const char *name = cur->env_alias; - - /* We have a match. Initialize and move on to the next line. */ if (tunable_is_name (name, envname)) { size_t envvallen = 0; /* The environment variable is always null-terminated. */ for (const char *p = envval; *p != '\0'; p++, envvallen++); - tunable_initialize (cur, envval, envvallen); + tunables_env_alias[i] = + (struct tunable_toset_t) { cur, envval, envvallen }; break; } } } + + /* Check if glibc.rtld.enable_secure was set and skip over the environment + variables aliases. */ + if (__libc_enable_secure) + return; + + for (int i = 0; i < tunable_num_env_alias; i++) + { + /* Skip over tunables that have either been set. */ + if (tunables_env_alias[i].t == NULL + || tunables_env_alias[i].t->initialized) + continue; + + if (!tunable_initialize (tunables_env_alias[i].t, + tunables_env_alias[i].value, + tunables_env_alias[i].len)) + parse_tunable_print_error (&tunables_env_alias[i]); + } } void diff --git a/elf/tst-tunables-enable_secure.c b/elf/tst-tunables-enable_secure.c index f5db1c84e9..a0da0fd179 100644 --- a/elf/tst-tunables-enable_secure.c +++ b/elf/tst-tunables-enable_secure.c @@ -17,6 +17,7 @@ . */ #include +#define TUNABLES_INTERNAL 1 #include #include #include @@ -34,6 +35,8 @@ static int restart; static const struct test_t { const char *env; + const char *extraenv; + bool check_multiple; int32_t expected_malloc_check; int32_t expected_enable_secure; } tests[] = @@ -41,39 +44,124 @@ static const struct test_t /* Expected tunable format. */ /* Tunables should be ignored if enable_secure is set. */ { - "glibc.malloc.check=2:glibc.rtld.enable_secure=1", + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + NULL, + false, 0, 1, }, /* Tunables should be ignored if enable_secure is set. */ { - "glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + NULL, + false, 0, 1, }, /* Tunables should be set if enable_secure is unset. */ { - "glibc.rtld.enable_secure=0:glibc.malloc.check=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + NULL, + false, 2, 0, }, + /* Tunables should be ignored if enable_secure is set. */ + { + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + "MALLOC_CHECK_=2", + false, + 0, + 1, + }, + /* Same as before, but with enviroment alias prior GLIBC_TUNABLES. */ + { + "MALLOC_CHECK_=2", + "GLIBC_TUNABLES=glibc.malloc.check=2:glibc.rtld.enable_secure=1", + false, + 0, + 1, + }, + /* Tunables should be ignored if enable_secure is set. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "MALLOC_CHECK_=2", + false, + 0, + 1, + }, + { + "MALLOC_CHECK_=2", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + false, + 0, + 1, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 2, + 0, + }, + { + "MALLOC_CHECK_=1", + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0:glibc.malloc.check=2", + /* Tunable have precedence over the environment variable. */ + false, + 2, + 0, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 1, + 0, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + false, + 1, + 0, + }, + /* Check with tunables environment variable alias set multiple times. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=1:glibc.malloc.check=2", + "MALLOC_CHECK_=2", + true, + 0, + 1, + }, + /* Tunables should be set if enable_secure is unset. */ + { + "GLIBC_TUNABLES=glibc.rtld.enable_secure=0", + /* Tunable have precedence over the environment variable. */ + "MALLOC_CHECK_=1", + true, + 1, + 0, + }, }; static int handle_restart (int i) { if (tests[i].expected_enable_secure == 1) - { - TEST_COMPARE (1, __libc_enable_secure); - } + TEST_COMPARE (1, __libc_enable_secure); else - { - TEST_COMPARE (tests[i].expected_malloc_check, - TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL)); - TEST_COMPARE (tests[i].expected_enable_secure, - TUNABLE_GET_FULL (glibc, rtld, enable_secure, int32_t, - NULL)); - } + TEST_COMPARE (tests[i].expected_enable_secure, + TUNABLE_GET_FULL (glibc, rtld, enable_secure, int32_t, + NULL)); + TEST_COMPARE (tests[i].expected_malloc_check, + TUNABLE_GET_FULL (glibc, malloc, check, int32_t, NULL)); return 0; } @@ -106,14 +194,31 @@ do_test (int argc, char *argv[]) spargv[i] = NULL; } + enum { tunable_num_env_alias = array_length (tunable_env_alias_list) }; + for (int i = 0; i < array_length (tests); i++) { snprintf (nteststr, sizeof nteststr, "%d", i); printf ("[%d] Spawned test for %s\n", i, tests[i].env); setenv ("GLIBC_TUNABLES", tests[i].env, 1); + + char *envp[2 + tunable_num_env_alias + 1] = + { + (char *) tests[i].env, + (char *) tests[i].extraenv, + NULL, + }; + if (tests[i].check_multiple) + { + int j; + for (j=0; j < tunable_num_env_alias; j++) + envp[j + 2] = (char *) tests[i].extraenv; + envp[j + 2] = NULL; + } + struct support_capture_subprocess result - = support_capture_subprogram (spargv[0], spargv, NULL); + = support_capture_subprogram (spargv[0], spargv, envp); support_capture_subprocess_check (&result, "tst-tunables-enable_secure", 0, sc_allow_stderr); support_capture_subprocess_free (&result); diff --git a/scripts/gen-tunables.awk b/scripts/gen-tunables.awk index 9f5336381e..fc3b41376f 100644 --- a/scripts/gen-tunables.awk +++ b/scripts/gen-tunables.awk @@ -156,7 +156,7 @@ END { print "# define TUNABLE_ALIAS_MAX " (max_alias_len + 1) print "# include \"dl-tunable-types.h\"" # Finally, the tunable list. - print "static tunable_t tunable_list[] attribute_relro = {" + print "static tunable_t tunable_list[] attribute_relro __attribute_used__ = {" for (tnm in types) { split (tnm, indices, SUBSEP); t = indices[1]; @@ -168,5 +168,19 @@ END { default_val[t,n,m], env_alias[t,n,m]); } print "};" + + # Map of tunable with environment variables aliases used during parsing. */ + print "\nstatic const tunable_id_t tunable_env_alias_list[] =" + printf "{\n" + for (tnm in types) { + split (tnm, indices, SUBSEP); + t = indices[1]; + n = indices[2]; + m = indices[3]; + if (env_alias[t,n,m] != "{0}") { + printf (" TUNABLE_ENUM_NAME(%s, %s, %s),\n", t, n, m); + } + } + printf "};\n" print "#endif" }