From patchwork Thu Dec 26 17:57:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 853699 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp4891410wrq; Thu, 26 Dec 2024 09:59:18 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWFBQKoWu66DOUhRMWKAWXlrhR6eymeD7KlFyZtndDCEjKhttG43yMkSzenVPdYSEA0HRih0g==@linaro.org X-Google-Smtp-Source: AGHT+IE7oW3uhV6hnOxHpeGhZl3RMkPZH1tdeMhPUAtbdgwhYAszWDnmfYyEzdalVcy2iB8ljjbJ X-Received: by 2002:a05:620a:370c:b0:7b1:48ff:6b56 with SMTP id af79cd13be357-7b9ba7ec724mr4467635885a.43.1735235958574; Thu, 26 Dec 2024 09:59:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1735235958; cv=pass; d=google.com; s=arc-20240605; b=aQr/769QY7UtZHNC9YkHyVLcUCkpURyInKy4m/ccbxpNYf5ZveGYR3x0kOZOPHZz08 Cmyi6hEu7IcYtIzOXTBKydnQgrZ0ONMwa+dbgbtHC7skzkwbo6qQrT3IKvPmafvQv9Ot mXqJDe/Q6mz1FYnFKjPA1YHZF3ELJPxHRhndIBxFoQ/TK4DwE7+DR0QoqROc7hMCRqPB fq73o20kD1lMkgK63KRWVEXFAi8aY0pg9QwaDX2gjhCg4jJeLS3+ro4suhN+/FaCx+U1 1EYS7RsmgnX83AOmdfJDk4MCE25EfnK2yadXzZkpdCbfdV9eeyHPdc8jSbsFPXgEt/Xb KeIQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=SdKo263/xeKyhtKL06jgp5c5gakuQc7RyC1tZsZtXZY=; fh=xV8Gp349bHw1ljD2lFQRwhGaJ4bIEzpeFyS/N97S3Sw=; b=V41D+xuiKfzJw3VEY595yyd462GFur+7Gm0OA5eCUhan8Ohawf9HtULRW33qWndbS+ 5Tanl6hmh4KOlikC4SEIHoG9A6JDcv7NlkNgsYllovw4H3LXGCBOridLs88B6lT0sStd od3IokEAVZExQ0v1gh65m5+HlqUwiljzNmhUP0QTtlrpnWwLhYMFUSD0aFSdhtBwjORD 7bxOp3Si1pefonTZZqa/ECYWD3Eu2yOH8V+F8Vz9pvv6z40+3R6Hkr7XpBFY9jscV/tG 1Z3SFon+6lvWVwTVR/f9yIZ6n7oiyabbM51yo2+to99zwUk6FHXKrK4mDKKZtA6oaULI Q0sA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="LVazNa/N"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7b9ac2ad2a6si1693940285a.57.2024.12.26.09.59.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:59:18 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="LVazNa/N"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 27F633858C60 for ; Thu, 26 Dec 2024 17:59:18 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 27F633858C60 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=LVazNa/N X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) by sourceware.org (Postfix) with ESMTPS id 2485E3858CDA for ; Thu, 26 Dec 2024 17:58:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2485E3858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2485E3858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1029 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235925; cv=none; b=CKeTERpQdWhdJDZhFbfJ5uf8t0clElkSvNNlw/7WPLvuBPtjpvJg6vmE4W+Wr1QlU7myBrKSrEzwS8GYhlP+JVWQC8K+P7oEYQnI60fu2jEUTPJJRP2g8fsXJ90ktMx0Mgd8v+BecF6WdmIpOxzSYWMIGTaG0RK4xfbw8TUSsGs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235925; c=relaxed/simple; bh=0oD+S4zowny19WkjBnEYHNRt6mzXvZcVfCBa0fpKGd4=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=DTosVcIgaaHYUAxp31eiUeE/0uMSKoj6r8FHtYS9bSiuPtU8CjCOKSvS7hn4aMdwSWJ4lN52A/aD643+WvZhcb7vwjC+Jjd8movHLtigG9VeczXccuUIqQQLl0W1KYrGvNwwsslaL2gb+XJ+sRItSLQIvcGKZZq6oOKHjOyFkow= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2485E3858CDA Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-2efd81c7ca4so6325598a91.2 for ; Thu, 26 Dec 2024 09:58:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1735235924; x=1735840724; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SdKo263/xeKyhtKL06jgp5c5gakuQc7RyC1tZsZtXZY=; b=LVazNa/Nt/O+GB4cJxbkT7ckCX5XUMkrly3bi+GKQpkU6xAkTBTD70YCFbRTpA5w+G aa+nYWSSWQwP719hnbW5It1bfrnGVs73IvFOa3nhWQBIGdOHnOvnT5HDCX/Dq9o1w2V4 8Zx1XW72hWJ+1QC9TSzmQF7P5tV8ovQLLX6YwmjCVbReZpPBCqyk9bmqEh6grJI1Md7k d1nHt8bk7wmHF52/6pJzRp7eooUtJIR0t+7kRYWNqyQkSspf2yVcPpkOcLccQMvZVO03 i5aXwNJsb7tvrAX+7mHt/AsjaltvR0Hw/CMCRU/xp4mEWNVpDUXgagNJTTovCC1oWqxi iGnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735235924; x=1735840724; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SdKo263/xeKyhtKL06jgp5c5gakuQc7RyC1tZsZtXZY=; b=VbpPkxVKYUl+cfdc5yozbH2P3dth5FqFCDteKR4tpmV0xhP7lyacvJUCIp8HfeLjw1 kZ4/edYe20eu5klafrG9+2/13cTd4A7JQd059ATnfJJBbUQCJsLMnPzl60T7C6VDzotJ FDwcv5r5arLZVZL0YIX3NTXj4WvWnc0d3x1hGs5FB8yb4liRdp5ZNcvXwkNTAf0OlMch GmQygtFHzJxu6DjT981i1ihokKprzJRKME4UjXV/CMc9nvg+oWLzzil0HWi/5RkIfeVt ICFnT2fZ2E5+KIGHFT5BhuNbJSXV0lG+WGWug7UQLnsqw9Hj/UE0HI5XHntOoGgmTnvd RPrw== X-Gm-Message-State: AOJu0YyQQpj0Dd/892sIBTBUTt7aUIPp1nihpBPYw2tPT88yK1YNIzP7 f2tyOVt9rYjCzCXxTlRCSt9kQVG2ifEF+ozrYAQB0g1bTmHe/la6yNz2vsh/AWI1C0V+bKXmoqw b X-Gm-Gg: ASbGncv1rbaK35b3xh0vWqAjudKw+k7zhPN/O/1FJOWB7Eyb1UaqunOJL8OurVxdX3R BaJj56JjlmnGZ7qpN+fxfMuG36SlWHux0YrOQ4AIusR6z2JmzCsd16/G3i3ieC8yybmQ5e6LdQv CASaC1CTJvzummI6vqz6voxi4+tVUxrVoYE79hOxop6b85LHLlHnqenuDYTmW2u1/aP/YLMB5Rj 3nZS8Hedu9mRrjqg7LTAE5FsML9zJl9XCoBv68cWVHEpDbxP5d7tecJBeq7fTzuJBsWq5uwf49S F3CARXsLYmgx+9dCoWQ4jgsb0trk X-Received: by 2002:a17:90a:d88d:b0:2ea:5e0c:2847 with SMTP id 98e67ed59e1d1-2f452e4e81emr30372199a91.22.1735235923876; Thu, 26 Dec 2024 09:58:43 -0800 (PST) Received: from ubuntu-vm.. (201-92-184-234.dsl.telesp.net.br. [201.92.184.234]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-219dca031besm119484645ad.281.2024.12.26.09.58.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:58:43 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Florian Weimer , Adhemerval Zanella Subject: [PATCH v7 1/4] elf: Cleanup and improve tst-execstack Date: Thu, 26 Dec 2024 14:57:42 -0300 Message-ID: <20241226175834.2531046-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> References: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org Use libsupport and handle new SELinux versions. Reviewed-by: Florian Weimer --- elf/tst-execstack.c | 200 ++++++++++++++++++++------------------------ 1 file changed, 91 insertions(+), 109 deletions(-) diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c index 560b353918..509149ad37 100644 --- a/elf/tst-execstack.c +++ b/elf/tst-execstack.c @@ -1,24 +1,32 @@ /* Test program for making nonexecutable stacks executable - on load of a DSO that requires executable stacks. */ + on load of a DSO that requires executable stacks. -#include -#include -#include -#include -#include + Copyright (C) 2003-2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include #include #include - -static void -print_maps (void) -{ -#if 0 - char *cmd = NULL; - asprintf (&cmd, "cat /proc/%d/maps", getpid ()); - system (cmd); - free (cmd); -#endif -} +#include +#include +#include +#include +#include +#include static void deeper (void (*f) (void)); @@ -38,8 +46,8 @@ static void * waiter_thread (void *arg) { void **f = arg; - pthread_barrier_wait (&startup_barrier); - pthread_barrier_wait (&go_barrier); + xpthread_barrier_wait (&startup_barrier); + xpthread_barrier_wait (&go_barrier); (*((void (*) (void)) *f)) (); @@ -47,40 +55,66 @@ waiter_thread (void *arg) } #endif -static bool allow_execstack = true; - +enum selinux_status { + SELINUX_NOT_PRESENT, + SELINUX_EXECSTACK_DISABLE, + SELINUX_EXECSTACK_ENABLE, +}; static int -do_test (void) +check_selinux_generic (const char *enforce_path, const char *execstack_path) { - /* Check whether SELinux is enabled and disallows executable stacks. */ - FILE *fp = fopen ("/selinux/enforce", "r"); - if (fp != NULL) - { - char *line = NULL; - size_t linelen = 0; + FILE *fp = fopen (enforce_path, "r"); + if (fp == NULL) + return SELINUX_NOT_PRESENT; - bool enabled = false; - ssize_t n = getline (&line, &linelen, fp); - if (n > 0 && line[0] != '0') - enabled = true; + char *line = NULL; + size_t linelen = 0; - fclose (fp); + bool enabled = false; + ssize_t n = getline (&line, &linelen, fp); + if (n > 0 && line[0] != '0') + enabled = true; - if (enabled) + fclose (fp); + + if (enabled) + { + fp = fopen (execstack_path, "r"); + if (fp != NULL) { - fp = fopen ("/selinux/booleans/allow_execstack", "r"); - if (fp != NULL) - { - n = getline (&line, &linelen, fp); - if (n > 0 && line[0] == '0') - allow_execstack = false; - } - - fclose (fp); + n = getline (&line, &linelen, fp); + if (n > 0 && line[0] == '0') + return SELINUX_EXECSTACK_DISABLE; } + + fclose (fp); } + return SELINUX_EXECSTACK_ENABLE; +} + +static bool +check_selinux (void) +{ + /* Old Red Hat like systems. */ + enum selinux_status r = + check_selinux_generic ("/selinux/enforce", + "/selinux/booleans/allow_execstack"); + if (r == SELINUX_NOT_PRESENT) + /* New Red Hard like systems. */ + r = check_selinux_generic ("/sys/fs/selinux/enforce", + "/sys/fs/selinux/booleans/selinuxuser_execstack"); + return r == SELINUX_NOT_PRESENT || r == SELINUX_EXECSTACK_ENABLE; +} + + +static int +do_test (void) +{ + /* Check whether SELinux is enabled and disallows executable stacks. */ + bool allow_execstack = check_selinux (); + printf ("executable stacks %sallowed\n", allow_execstack ? "" : "not "); static void *f; /* Address of this is used in other threads. */ @@ -88,47 +122,26 @@ do_test (void) #if USE_PTHREADS /* Create some threads while stacks are nonexecutable. */ #define N 5 - pthread_t thr[N]; - pthread_barrier_init (&startup_barrier, NULL, N + 1); - pthread_barrier_init (&go_barrier, NULL, N + 1); + xpthread_barrier_init (&startup_barrier, NULL, N + 1); + xpthread_barrier_init (&go_barrier, NULL, N + 1); for (int i = 0; i < N; ++i) - { - int rc = pthread_create (&thr[i], NULL, &waiter_thread, &f); - if (rc) - error (1, rc, "pthread_create"); - } + xpthread_create (NULL, &waiter_thread, &f); /* Make sure they are all there using their stacks. */ - pthread_barrier_wait (&startup_barrier); + xpthread_barrier_wait (&startup_barrier); puts ("threads waiting"); #endif - print_maps (); - #if USE_PTHREADS void *old_stack_addr, *new_stack_addr; size_t stack_size; pthread_t me = pthread_self (); pthread_attr_t attr; - int ret = 0; - - ret = pthread_getattr_np (me, &attr); - if (ret) - { - printf ("before execstack: pthread_getattr_np returned error: %s\n", - strerror (ret)); - return 1; - } - - ret = pthread_attr_getstack (&attr, &old_stack_addr, &stack_size); - if (ret) - { - printf ("before execstack: pthread_attr_getstack returned error: %s\n", - strerror (ret)); - return 1; - } + TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0); + TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &old_stack_addr, + &stack_size) == 0); # if _STACK_GROWS_DOWN old_stack_addr += stack_size; # else @@ -149,36 +162,17 @@ do_test (void) return allow_execstack; } - f = dlsym (h, "tryme"); - if (f == NULL) - { - printf ("symbol not found: %s\n", dlerror ()); - return 1; - } + f = xdlsym (h, "tryme"); /* Test if that really made our stack executable. The `tryme' function should crash if not. */ (*((void (*) (void)) f)) (); - print_maps (); - #if USE_PTHREADS - ret = pthread_getattr_np (me, &attr); - if (ret) - { - printf ("after execstack: pthread_getattr_np returned error: %s\n", - strerror (ret)); - return 1; - } - - ret = pthread_attr_getstack (&attr, &new_stack_addr, &stack_size); - if (ret) - { - printf ("after execstack: pthread_attr_getstack returned error: %s\n", - strerror (ret)); - return 1; - } + TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0); + TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &new_stack_addr, + &stack_size) == 0); # if _STACK_GROWS_DOWN new_stack_addr += stack_size; @@ -194,33 +188,21 @@ do_test (void) stacksize and stackaddr respectively. If the size changes due to the above, then both stacksize and stackaddr can change, but the stack bottom should remain the same, which is computed as stackaddr + stacksize. */ - if (old_stack_addr != new_stack_addr) - { - printf ("Stack end changed, old: %p, new: %p\n", - old_stack_addr, new_stack_addr); - return 1; - } + TEST_VERIFY_EXIT (old_stack_addr == new_stack_addr); printf ("Stack address remains the same: %p\n", old_stack_addr); #endif /* Test that growing the stack region gets new executable pages too. */ deeper ((void (*) (void)) f); - print_maps (); - #if USE_PTHREADS /* Test that a fresh thread now gets an executable stack. */ - { - pthread_t th; - int rc = pthread_create (&th, NULL, &tryme_thread, f); - if (rc) - error (1, rc, "pthread_create"); - } + xpthread_create (NULL, &tryme_thread, f); puts ("threads go"); /* The existing threads' stacks should have been changed. Let them run to test it. */ - pthread_barrier_wait (&go_barrier); + xpthread_barrier_wait (&go_barrier); pthread_exit ((void *) (long int) (! allow_execstack)); #endif