From patchwork Wed Jan 29 17:22:36 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 860666
Delivered-To: patch@linaro.org
Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp294042wrw;
 Wed, 29 Jan 2025 09:26:48 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCWwAnyYEP1FC2+mvDrI8URS3SaBj/lOBB+VQxBkMFVl7VDrqk3vfW52ypM97HGUIVm671veYQ==@linaro.org
X-Google-Smtp-Source: AGHT+IEs/Mz7xhzewxA1H4MNj4NNz2hr6g3X2uZfKLfHtBvvv2kotWTiBlHdeEmmHTx3aDAJ1gof
X-Received: by 2002:a05:6102:4194:b0:4b2:cca8:88d0 with SMTP id
 ada2fe7eead31-4b9a4ec91eamr3779714137.1.1738171607853;
 Wed, 29 Jan 2025 09:26:47 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1738171607; cv=pass;
 d=google.com; s=arc-20240605;
 b=YVsunKRKbRYKFmThb7anxSr0pMu6mr3PPNXAqV/5zfcpncDWh4gcDABOZyJyChJedt
 S+A1/SjrOabUzGO/Iar26/i69Ax09MbN/i1cdlfnKOsSp/JnG1+djd7vxP8DFQlb6SrQ
 HYDYyWGXsOsTf8YJ+PQ+MtsTTH5OYvYdfxpONjtbE+Jy0eesTdIn6sWPnh6oWz9cz11u
 CUM9LxxMXJ+8YNh4hDVMMCWU9QR2YRVhOzL5I1TRZ7ECOetaT61EqP9D5+Nq0o6Hspcx
 W2LtEEd1QtizYnBnN0LT2ehzIr03G8T1zccFwuaC/iHBbGPo3VUtDF8MtZkSZ11x26ce
 rksA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter
 :delivered-to:dkim-filter;
 bh=528xKOwe6OEOZcsIBlv6jiz2J+X8ybY8DT38bPRnjFM=;
 fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=;
 b=dIcesll4E7Cus5jNkw0zKZ1Np/DRnLQDi0PQKYmCRao3NO0LwT7OhYIYHMIXI+QFnI
 edWm9O4rc8SEwkGRw/1a9xVLIZTkPMlL55idznJeR2YA0uOB1Yi7peXZCv/Fi24+aUfE
 +eARCq9L2dXsroatWYeYNUf3uxOhgE+y8Wt6ps4/rehSb6hgG4cTXA2jlhIXkuyAdEn5
 e5W2XXzPhw/cKLPhWqp/X74kaOSN5xvHlm5kimUpRPLq0e8JoG6dRsaInUz9flD7w+MA
 mpJKueMPGMVQMkgamvTALQrfAZpIoDj7oAMhHy8CgDTFFqzFE97M4I0x7TAzJGkG1lOD
 ZPDw==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=DGXt1cuv;
 arc=pass (i=1); spf=pass (google.com: domain of
 libc-alpha-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <libc-alpha-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id
 ada2fe7eead31-4b7099abdc5si4928177137.442.2025.01.29.09.26.47
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 29 Jan 2025 09:26:47 -0800 (PST)
Received-SPF: pass (google.com: domain of
 libc-alpha-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=DGXt1cuv;
 arc=pass (i=1); spf=pass (google.com: domain of
 libc-alpha-bounces~patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id 5E31C3857B8C
 for <patch@linaro.org>; Wed, 29 Jan 2025 17:26:47 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5E31C3857B8C
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=DGXt1cuv
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com
 [IPv6:2607:f8b0:4864:20::629])
 by sourceware.org (Postfix) with ESMTPS id D06373857C7A
 for <libc-alpha@sourceware.org>; Wed, 29 Jan 2025 17:25:59 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D06373857C7A
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D06373857C7A
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::629
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171560; cv=none;
 b=FPueH6yYbY56WsDCTj0rJkHJKx8nw/vIJ3LtJMhLEtYjAqkmDkdPWpwiA7QPAJ1Y+nar9oaNf7imf8vBLa4bcp9Aco4bgiQvUzu9Cb9TTr7L4ae9TmtAysUA9JJUsMLyWk0AegQk013XDTj0EekQFWBoO9B63RiVvjzicHSnS2w=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1738171560; c=relaxed/simple;
 bh=cEjk1px8xgMeRK7UyJK/3h3I5C1/Vm+G2mRVKtpvfzo=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=tMO37nPY/jET1cUWN7ARVnrNzVwC3RgmqVv8ySIO0SpbmpDR4eymwX+DKtifqse9HY9FGVA613c5bn6OL6AYuURuQrB0m10qyJL+oNmq6DgLzu+C5CEXZSF8naeyVkuMjVBEOxM/tD/2DZyNCJYAoQl5oLEUc9f2tBw+cqiHj8w=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D06373857C7A
Received: by mail-pl1-x629.google.com with SMTP id
 d9443c01a7336-2166f1e589cso12097995ad.3
 for <libc-alpha@sourceware.org>; Wed, 29 Jan 2025 09:25:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1738171558; x=1738776358; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=528xKOwe6OEOZcsIBlv6jiz2J+X8ybY8DT38bPRnjFM=;
 b=DGXt1cuvdkRp1ck/LynHUwn1jTWtLMyD10qKoHsJkdImfEEQObVHauRSM5xpFdFRSt
 EZP611ahyUGNOqyPn4Uue2caqCbEydLtW6OOR3kM/n8QlJrYo4KGTnmxSSrjjodpuaAj
 Ya23Fo/LFjJsNhbvcatzYZv7MRnRk42UVwHaxBmRScIr0cyVMy/CMYdyh5NFMuD2eP6V
 YPhQhpBLJMxzajLKp6XY0IstkjeB8cNavZyTKEYxVB7qO8TQCoUSknrZ58feS4QWlw3n
 GVCdTKNNk7Gt4QPUbsoRZbDQyvk2A8nm76ValHlKIog7UemWUZ+kUjw57JHstQT8xJoX
 xF8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738171558; x=1738776358;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=528xKOwe6OEOZcsIBlv6jiz2J+X8ybY8DT38bPRnjFM=;
 b=R4OV71ZJrW/TLayFuORjoHWhYE9rMvMBzAv0DXzLu/S3a8w+Z//54F7uKIX54J11VI
 3mPkLOJOv5RtTlZgruBYqwtzMOb3Kti/98UAMCrW9WmCZygY1VcKPHkAGdKQuuqobEod
 /sY8UC4tzYoNCeoJxPvQqO3wl7ZyjxugVqN8rU/lBtJBFuRlnvVWw9LAPTYYY1YCmH2G
 gYpngh4Y/JwxZhxvcopU9uPmWOqzDS1UxKS4g6BWeEYIxpJbG06bALggVnBdLAVTajjC
 80o2EL98oC86QVSGwa7MnNNmhGqiijtEwqm2KBMgVYGhE8dkdO9dzSswyuTj2scz4JY8
 dCiw==
X-Gm-Message-State: AOJu0YwcIvuYSmW2e/u1GQGcoU6VYNsabzihOYaLYLLgb2WEtRwTYw4B
 a90//uAe+ohesn3C1uKZjyGX4d0Txa3kZ/X9K5R/G+wAavL+kqrHab0cfCJ8AH4ogDBIK1Mx3HK
 U
X-Gm-Gg: ASbGnctxkDDFmhLpA8PoCJbqhuUAkxsf69knqoDVXjVR5o35LwC6TEVeNVpZaX4/pc7
 UOhSS/8jfcG3ncTPCZ2oD45ixDshqTrInwfQZpOtqmVLcQn57ygNCXfymEWCh83dz3M12do+tmh
 GuskvLvTUSWFyiSebLsD6JjQpj2Xz6L5UMi/uboyekY2d2bpnkkbQx6KrNfdjhAUE8go7Do7hVL
 hGf1JUCDTU9xVOiLB6x7DZtk1BT6NvPm5XsmBqxFNtyFBdJkfkHp8ykIpMTRimPhXa3/Typ6EIt
 P1ItSy7Bne8v9qfd6psGvwWjqpGG
X-Received: by 2002:a17:903:1c5:b0:210:f706:dc4b with SMTP id
 d9443c01a7336-21dd7c653b7mr56515675ad.13.1738171558378;
 Wed, 29 Jan 2025 09:25:58 -0800 (PST)
Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.25.56
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 29 Jan 2025 09:25:58 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Cc: Jeff Xu <jeffxu@google.com>, Florian Weimer <fweimer@redhat.com>,
 "H . J . Lu" <hjl.tools@gmail.com>
Subject: [PATCH v8 2/8] elf: Parse gnu properties for static linked binaries
Date: Wed, 29 Jan 2025 14:22:36 -0300
Message-ID: <20250129172550.1119706-3-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org>
References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org

So the static binary can opt-in of memory sealing.  The aarch64 already
does it for GCS, so refactor it to use __libc_process_gnu_attributes
instead.

Checked on x86_64-linux-gnu.
---
 csu/libc-start.c                             |  4 ++
 elf/dl-support.c                             | 13 ++++++
 sysdeps/generic/libc-prop.h                  | 44 ++++++++++++++++++++
 sysdeps/unix/sysv/linux/aarch64/libc-start.h | 11 -----
 sysdeps/x86/dl-prop.h                        |  4 +-
 5 files changed, 64 insertions(+), 12 deletions(-)
 create mode 100644 sysdeps/generic/libc-prop.h

diff --git a/csu/libc-start.c b/csu/libc-start.c
index 6f3d52e223..44fe5d5738 100644
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -36,6 +36,7 @@
 #include <stdbool.h>
 #include <elf-initfini.h>
 #include <shlib-compat.h>
+#include <libc-prop.h>
 
 #include <elf/dl-tunables.h>
 
@@ -276,6 +277,9 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
   /* Perform IREL{,A} relocations.  */
   ARCH_SETUP_IREL ();
 
+  /* Process notes: PT_NOTE / PT_GNU_PROPERTY.  */
+  __libc_process_gnu_attributes ();
+
   /* The stack guard goes into the TCB, so initialize it early.  */
   ARCH_SETUP_TLS ();
 
diff --git a/elf/dl-support.c b/elf/dl-support.c
index a7d5a5e8ab..6daa196f12 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -46,6 +46,7 @@
 #include <array_length.h>
 #include <dl-symbol-redir-ifunc.h>
 #include <dl-tunables.h>
+#include <dl-prop.h>
 
 extern char *__progname;
 char **_dl_argv = &__progname;	/* This is checked for some error messages.  */
@@ -331,6 +332,18 @@ _dl_non_dynamic_init (void)
 	_dl_main_map.l_relro_size = ph->p_memsz;
 	break;
       }
+  /* Process program headers again, but scan them backwards so
+     that PT_NOTE can be skipped if PT_GNU_PROPERTY exits.  */
+  for (const ElfW(Phdr) *ph = &_dl_phdr[_dl_phnum]; ph != _dl_phdr; --ph)
+    switch (ph[-1].p_type)
+      {
+      case PT_NOTE:
+	_dl_process_pt_note (&_dl_main_map, -1, &ph[-1]);
+	break;
+      case PT_GNU_PROPERTY:
+	_dl_process_pt_gnu_property (&_dl_main_map, -1, &ph[-1]);
+	break;
+      }
 
   if ((__glibc_unlikely (GL(dl_stack_flags)) & PF_X)
       && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 0)
diff --git a/sysdeps/generic/libc-prop.h b/sysdeps/generic/libc-prop.h
new file mode 100644
index 0000000000..723575d29b
--- /dev/null
+++ b/sysdeps/generic/libc-prop.h
@@ -0,0 +1,44 @@
+/* Support for GNU properties for static builds.  Generic version.
+   Copyright (C) 2025 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _LIBC_PROP_H
+#define _LIBC_PROP_H
+
+#include <dl-prop.h>
+
+/* Called at the start of program execution to handle GNU attribute from
+   PT_NOTE / PT_GNU_PROPERTY.  Must be on a top-level stack frame that does
+   not return.  */
+static __always_inline void
+__libc_process_gnu_attributes (void)
+{
+# ifndef SHARED
+  struct link_map *main_map = _dl_get_dl_main_map ();
+  const ElfW(Phdr) *phdr = GL(dl_phdr);
+  const ElfW(Phdr) *ph;
+  for (ph = phdr; ph < phdr + GL(dl_phnum); ph++)
+    if (ph->p_type == PT_GNU_PROPERTY)
+      {
+	_dl_process_pt_gnu_property (main_map, -1, ph);
+	_rtld_main_check (main_map, _dl_argv[0]);
+	break;
+      }
+# endif
+}
+
+#endif
diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h
index 75ae0a884a..64acbdb533 100644
--- a/sysdeps/unix/sysv/linux/aarch64/libc-start.h
+++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h
@@ -34,17 +34,6 @@ aarch64_libc_setup_tls (void)
 {
   __libc_setup_tls ();
 
-  struct link_map *main_map = _dl_get_dl_main_map ();
-  const ElfW(Phdr) *phdr = GL(dl_phdr);
-  const ElfW(Phdr) *ph;
-  for (ph = phdr; ph < phdr + GL(dl_phnum); ph++)
-    if (ph->p_type == PT_GNU_PROPERTY)
-      {
-	_dl_process_pt_gnu_property (main_map, -1, ph);
-	_rtld_main_check (main_map, _dl_argv[0]);
-	break;
-      }
-
   if (GL(dl_aarch64_gcs) != 0)
     {
       int ret = INLINE_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS,
diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h
index 8625751427..9a5e10821c 100644
--- a/sysdeps/x86/dl-prop.h
+++ b/sysdeps/x86/dl-prop.h
@@ -66,9 +66,11 @@ dl_isa_level_check (struct link_map *m, const char *program)
 static inline void __attribute__ ((always_inline))
 _rtld_main_check (struct link_map *m, const char *program)
 {
+#ifdef SAHRED
   dl_isa_level_check (m, program);
-#if CET_ENABLED
+# if CET_ENABLED
   _dl_cet_check (m, program);
+# endif
 #endif
 }