From patchwork Wed Jan 29 17:22:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 860674 Delivered-To: patch@linaro.org Received: by 2002:a5d:53cb:0:b0:385:e875:8a9e with SMTP id a11csp298683wrw; Wed, 29 Jan 2025 09:37:24 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWsV1u+NKiabeC51bPIaIxne603w87dP9SR/bEMlpt+34j2pLPt4y63RA3vckez7DnrJ/tCuw==@linaro.org X-Google-Smtp-Source: AGHT+IERQv1ZZe60mC442ShNlueuN/vf7DFqAYnXLayW1SjSPRRxfeC9wpT85Ok5Dx1ims52eSEs X-Received: by 2002:a05:620a:4392:b0:7b6:d4df:2890 with SMTP id af79cd13be357-7bffccbfc62mr575702785a.4.1738172244007; Wed, 29 Jan 2025 09:37:24 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738172243; cv=pass; d=google.com; s=arc-20240605; b=as8lAIYEmCMnAv4hNx6I4vjy02tdbsa2gmJB3ZOw1GF175ehfIgo7is/NHDxTqnk8Y BK7gjKfjArnq60L6uhHgB2OC4dFfyRJXntBBTIV/EOIJCddNLJhrOue4zRrB3NYvX+Xv lJAOFP1+ZcNsxMfPAMzxZfFY064vBtEq3LauvbTsmnvMfm0Sb8gfX7P67DlO+j39YgkX IAJNhibb8/W6so7I1bAdTyr6rO69JputzxNUys4rI3X8FHzvniIC/i2ow2zsDl0Erxze o21d6/3nMVImf6CwlbOk6ULD4Ijt/v1QnCeKYdrAa6SXNb7tnOCgp4GKyXQSWHEpAJ4L fnlw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=I2GcEb6xFR86rEwuPf48DdfLhy6CWCOmFYx/GU28J8U=; fh=NxP0gPoitL2xwHLpRPwMy6HQGuc/oe1BSm1HN6gGwGQ=; b=CWeqSng7FO399/tUUP1g7Yo6wxH1WM01toAKtT/WKw2GWMUNnsKrTnI/YVddwdXcE5 fKAKiK3NJxTyCWhCBbXDoC7lFN0IXEBA2k/qYGd8SLocz14tigbVgx5bI2CkWvmLiFkZ mZ7y3aoEBnWUweZtPOGeKk+vEzx/LcoXGZ7QBQvECY2VPEV4MIiLGYnH52+g6VMZWT8k apgoWkECvzBgqvXcpu58ZW8fq9Ct0AyAgJ9eQE+CvKZeJUHWzFaq7SjZqetnRQeY5ibN 004hgkOeictooLBZ02XqpCvvanOLzSqS0+39D08dYsv9GKL9KRTO8NuZaxABBZXudLXK mTkA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZjIcjjrF; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7be9af2a919si1550044785a.630.2025.01.29.09.37.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:37:23 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZjIcjjrF; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8C6C63857C63 for ; Wed, 29 Jan 2025 17:37:23 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8C6C63857C63 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=ZjIcjjrF X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) by sourceware.org (Postfix) with ESMTPS id 92F833857BBA for ; Wed, 29 Jan 2025 17:26:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 92F833857BBA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 92F833857BBA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171572; cv=none; b=gIowSubckegeJpo0dElktLSGzRQYXfc57QCnwjP8Ki1AjITE/dDN/pKzmmAT93iM9Zxo5ZW/hDB9bPsouAm7MkPaWGvVSka4DNFfpKEaS8ng4GQtyawkGkCPt30g+rsOOiXuXkvWHnmv9vE3e1QsmlmXtu1rExkb+9Obph7n9Vk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738171572; c=relaxed/simple; bh=fogqID4jEg4xSLTWXswYABviyi+qJayp+pVWKXI2CM4=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=HYHDcVK/XfGicWLwIzU02Tvn5ibWpoMLRcx9DwLnGXGgjrNRzqtxYA9wswNo0TT9pGpefgBsRdFUAAEf2hAWAl71crEVuo4xhqaOP56FrUVTkP9oe6JsHS3uLeQzEtwZK6RBTaRYX9OOCP5Bdx3mZa8eRJIV8/JeNDZli8sEAIk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 92F833857BBA Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-2161eb95317so128287465ad.1 for ; Wed, 29 Jan 2025 09:26:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1738171571; x=1738776371; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=I2GcEb6xFR86rEwuPf48DdfLhy6CWCOmFYx/GU28J8U=; b=ZjIcjjrFjdkuqLYCwuj9Xs7HXE68nICR+RuoiN/kHSjoIlNGKfMydLOCF8XrI3zTVL DKQPDhOrl6krI2zE7Oj0BwWiykeUqAb529ov8BAJxZGR39tTtifubIe/wYJOyNXRIz// mwf15SJHN6DFMVrCw/gxsaJ95tKgfovH5hnFfrwRg2u9TnhCPSbSK7MXpKxV2xogS7Gx 4fcyMlGjmWUNh/cfLI4lnqwlDRAAuE9DoFhzqJGsu+KNOL9g8oiMAICqaRKxl14e2J1n kOg6xh6p9RgXIYMjlUx0aKzWutCBv2LEbjCEpJDzCerlspYmMFAgNFLbLLcYWGRIkMK1 ydaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738171571; x=1738776371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I2GcEb6xFR86rEwuPf48DdfLhy6CWCOmFYx/GU28J8U=; b=Y8HLbMnHdI+z1bpfaYKKoMypZPhWlnlw43gH+FU4cYHXyprLsqkD+wr1FM7kItKh2T xLkv+P08fHRMhw/81uihun+zsFQ8pIqkhrYZUbxGWRSuJ6fKwLY52Lc30nNkMMBs0mLG IfNmQr6PCztHxmqXmOMHkshdilgj7MLLWhx8/R8fSyqBKNG3zgYbPKAMhSJ1buVMlrP7 Db0jm2BQOSlegP7yEs3PtpmIWzDLmXiIHmLCqpeJfDySg28nVSuetVv6cqG5ghMeVdd5 BXKK6Lwp7gB+Ic7nKEU/wyF6y02wqWfaP7gZeYpxEVIQz0q2OpJz5NbwpDAVpxB3qWny Zz9Q== X-Gm-Message-State: AOJu0YxRi54oW+tuIvWmA6meNQX7leExKzy9F5VvBXK08d0MglbRN3Mv ITvf60n6ULPNMw4VKI+nLzBcDAp3ffU09G8N5Fuq5tqWDhFv/Uf8FWZwHT63aGRUsqlrX5Td7bL 7 X-Gm-Gg: ASbGncubnpjVz7OsabVEkFszn6moylwJaF2BTbGVzhpMTMZEKovF3fMCRrlHU/0UVia toA9tGdyLwDzP5Qk4mvsr78MZy5t32ubdJQIFnJE9vr+xwjSRTO0CZPIxz6CiMGk7lZfjVyiGye frBzpBFWzhBGjia2RFLYX3i25bz/7LxW39RUKtfSkWRu1GUD9n1wym/TUdIs7TiBAopuKUncr40 LuZPMli5yiqbmNcg7WQAVushQcPkcQCs7vEzGz12nGd71t+MrQEwkjhvm0g8d5xtaIyPvr/oQuZ DDRjxhQZT5mLBMb3NlXTL//QW0v9 X-Received: by 2002:a17:903:298d:b0:216:3436:b87e with SMTP id d9443c01a7336-21dd7dff854mr74485615ad.44.1738171570451; Wed, 29 Jan 2025 09:26:10 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c2:2a23:584e:68a2:9131:7209]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea1c2asm102082535ad.54.2025.01.29.09.26.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Jan 2025 09:26:10 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" Subject: [PATCH v8 8/8] linux: Add memory sealing tests Date: Wed, 29 Jan 2025 14:22:42 -0300 Message-ID: <20250129172550.1119706-9-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> References: <20250129172550.1119706-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new tests added are: 1. tst-dl_mseal: check memory sealing is applied for statically linked binaries. 2. tst-dl_mseal-static: memory sealing is not applied if there is no gnu attribute for statically linked binaries. 3. tst-dl-mseal: check memory sealing works as expected on multiples places: - On the binary itself. - On a LD_PRELOAD library. - On a depedency modules (tst-dl_mseal-mod-{1,2}.so). - On a audit modules (tst-dl_mseal-auditmod.so). - On a dlopen dependency opened with RTLD_NODELETE). - On the libgcc_s Aopened by thread unwind. 4. tst-dl-mseal-noseal: check if mixing object with and without memory sealing works as expected. Checked on x86_64-linux-gnu and aarch64-linux-gnu. --- sysdeps/unix/sysv/linux/Makefile | 97 ++++++ .../sysv/linux/tst-dl_mseal-auditmod-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-auditmod.c | 23 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-1.c | 19 ++ .../linux/tst-dl_mseal-dlopen-2-1-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-dlopen-2-noseal.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-dlopen-2.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-1-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c | 19 ++ .../sysv/linux/tst-dl_mseal-mod-2-noseal.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c | 19 ++ sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c | 80 +++++ .../sysv/linux/tst-dl_mseal-preload-noseal.c | 1 + .../unix/sysv/linux/tst-dl_mseal-preload.c | 19 ++ .../unix/sysv/linux/tst-dl_mseal-skeleton.c | 276 ++++++++++++++++++ .../sysv/linux/tst-dl_mseal-static-noseal.c | 45 +++ sysdeps/unix/sysv/linux/tst-dl_mseal-static.c | 42 +++ sysdeps/unix/sysv/linux/tst-dl_mseal.c | 78 +++++ 20 files changed, 852 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal-static.c create mode 100644 sysdeps/unix/sysv/linux/tst-dl_mseal.c diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index ac67b98406..670ed45964 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -685,6 +685,103 @@ tests-special += \ $(objpfx)tst-nolink-libc-1.out \ $(objpfx)tst-nolink-libc-2.out \ # tests-special + +ifeq ($(have-z-memory-seal),yes) +tests-static += \ + tst-dl_mseal-static \ + tst-dl_mseal-static-noseal \ + # tests-static + +tests += \ + $(tests-static) \ + tst-dl_mseal \ + tst-dl_mseal-noseal \ + # tests + +modules-names += \ + tst-dl_mseal-auditmod \ + tst-dl_mseal-auditmod-noseal \ + tst-dl_mseal-dlopen-1 \ + tst-dl_mseal-dlopen-1-1 \ + tst-dl_mseal-dlopen-2 \ + tst-dl_mseal-dlopen-2-1 \ + tst-dl_mseal-dlopen-2-1-noseal \ + tst-dl_mseal-dlopen-2-noseal \ + tst-dl_mseal-mod-1 \ + tst-dl_mseal-mod-1-noseal \ + tst-dl_mseal-mod-2 \ + tst-dl_mseal-mod-2-noseal \ + tst-dl_mseal-preload \ + tst-dl_mseal-preload-noseal \ + # modules-names + +$(objpfx)tst-dl_mseal.out: \ + $(objpfx)tst-dl_mseal-auditmod.so \ + $(objpfx)tst-dl_mseal-preload.so \ + $(objpfx)tst-dl_mseal-mod-1.so \ + $(objpfx)tst-dl_mseal-mod-2.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1.so + +$(objpfx)tst-dl_mseal-noseal.out: \ + $(objpfx)tst-dl_mseal-auditmod-noseal.so \ + $(objpfx)tst-dl_mseal-preload-noseal.so \ + $(objpfx)tst-dl_mseal-mod-1-noseal.so \ + $(objpfx)tst-dl_mseal-mod-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-1.so \ + $(objpfx)tst-dl_mseal-dlopen-1-1.so \ + $(objpfx)tst-dl_mseal-dlopen-2-noseal.so \ + $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +ifeq ($(default-memory-seal),yes) +CFLAGS-tst-dl_mseal.c += -DDEFAULT_MEMORY_SEAL +CFLAGS-tst-dl_mseal-noseal.c += -DDEFAULT_MEMORY_SEAL +endif + +LDFLAGS-tst-dl_mseal = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-static = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-mod-1.so = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-mod-2.so = -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-dlopen-1.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2.so = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-preload.so = -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-auditmod.so = -Wl,-z,memory-seal + +tst-dl_mseal-dlopen-1-1.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-1.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal: $(objpfx)tst-dl_mseal-mod-1.so +$(objpfx)tst-dl_mseal-mod-1.so: $(objpfx)tst-dl_mseal-mod-2.so +$(objpfx)tst-dl_mseal-dlopen-1.so: $(objpfx)tst-dl_mseal-dlopen-1-1.so +$(objpfx)tst-dl_mseal-dlopen-2.so: $(objpfx)tst-dl_mseal-dlopen-2-1.so + +tst-dl_mseal-noseal-no-memory-seal = yes +tst-dl_mseal-preload-noseal.so-no-memory-seal = yes +tst-dl_mseal-auditmod-noseal.so-no-memory-seal = yes +tst-dl_mseal-mod-2-noseal.so-no-memory-seal = yes +tst-dl_mseal-dlopen-2-noseal.so-no-memory-seal =yes + +LDFLAGS-tst-dl_mseal-noseal = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-mod-1-noseal.so = -Wl,--no-as-needed -Wl,-z,memory-seal +LDFLAGS-tst-dl_mseal-mod-2-noseal.so = -Wl,--no-as-needed +LDFLAGS-tst-dl_mseal-dlopen-2-noseal.so = -Wl,--no-as-needed + +tst-dl_mseal-dlopen-2-1-noseal.so-no-memory-seal = yes + +$(objpfx)tst-dl_mseal-noseal: $(objpfx)tst-dl_mseal-mod-1-noseal.so +$(objpfx)tst-dl_mseal-mod-1-noseal.so: $(objpfx)tst-dl_mseal-mod-2-noseal.so +$(objpfx)tst-dl_mseal-dlopen-2-noseal.so: $(objpfx)tst-dl_mseal-dlopen-2-1-noseal.so + +tst-dl_mseal-static-noseal-no-memory-seal = yes + +tst-dl_mseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-noseal-ARGS = -- $(host-test-program-cmd) +tst-dl_mseal-static-noseal-ARGS = -- $(host-test-program-cmd) +endif + endif endif # $(subdir) == elf diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c new file mode 100644 index 0000000000..a5b257d05e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-auditmod.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c new file mode 100644 index 0000000000..7767620456 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-auditmod.c @@ -0,0 +1,23 @@ +/* Audit module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +unsigned int +la_version (unsigned int v) +{ + return v; +} diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c new file mode 100644 index 0000000000..fd116536ee --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c new file mode 100644 index 0000000000..aa7a18390e --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c new file mode 100644 index 0000000000..dc3d832343 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c new file mode 100644 index 0000000000..dc3d832343 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2_1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c new file mode 100644 index 0000000000..6be7ce4d3d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c new file mode 100644 index 0000000000..6be7ce4d3d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-dlopen-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar2 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c new file mode 100644 index 0000000000..e8e42de5bf --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c new file mode 100644 index 0000000000..e8e42de5bf --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-1.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c new file mode 100644 index 0000000000..05226a443d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2-noseal.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c new file mode 100644 index 0000000000..05226a443d --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-mod-2.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int bar1 (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c new file mode 100644 index 0000000000..936518f0c2 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-noseal.c @@ -0,0 +1,80 @@ +/* Basic tests for sealing. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on multiple + places: + + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency module (tst-dl_mseal-mod-2-noseal.so). + - On a audit modules (tst-dl_mseal-auditmod-noeal.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-2-noseal.so). +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload-noseal.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2-noseal.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1-noseal.so" + +#define LIB_AUDIT "tst-dl_mseal-auditmod-noseal.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ +#ifdef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + "tst-dl_mseal-mod-1-noseal.so", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ +#ifndef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + "tst-dl_mseal-noseal", + LIB_PRELOAD, + LIB_AUDIT, + "tst-dl_mseal-mod-2-noseal.so", + LIB_DLOPEN_NODELETE, + LIB_DLOPEN_NODELETE_DEP, + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c new file mode 100644 index 0000000000..32b4153e79 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload-noseal.c @@ -0,0 +1 @@ +#include "tst-dl_mseal-preload.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c new file mode 100644 index 0000000000..414c8c7295 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-preload.c @@ -0,0 +1,19 @@ +/* Additional module for tst-dl_mseal test. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +int foo (void) { return 42; } diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c new file mode 100644 index 0000000000..de04f117d5 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-skeleton.c @@ -0,0 +1,276 @@ +/* Basic tests for sealing. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#if UINTPTR_MAX == UINT64_MAX +# define PTR_FMT "#018" PRIxPTR +#else +# define PTR_FMT "#010" PRIxPTR +#endif + +static int +new_flags (const char flags[4]) +{ + bool read_flag = flags[0] == 'r'; + bool write_flag = flags[1] == 'w'; + bool exec_flag = flags[2] == 'x'; + + write_flag = !write_flag; + + return (read_flag ? PROT_READ : 0) + | (write_flag ? PROT_WRITE : 0) + | (exec_flag ? PROT_EXEC : 0); +} + +/* Libraries/VMA that could not be sealed, and that checking for sealing + does not work (kernel does not allow changing protection). */ +static const char *non_sealed_vmas[] = +{ + ".", /* basename value for empty string anonymous + mappings. */ + "[heap]", + "[vsyscall]", + "[vvar]", + "[stack]", + "[vvar_vclock]", + "zero", /* /dev/zero */ +}; + +static int +is_in_string_list (const char *s, const char *const list[], size_t len) +{ + for (size_t i = 0; i != len; i++) + if (strcmp (s, list[i]) == 0) + return i; + return -1; +} +#define IS_IN_STRING_LIST(__s, __list) \ + is_in_string_list (__s, __list, array_length (__list)) + +static void * +tf (void *closure) +{ + pthread_exit (NULL); + return NULL; +} + +static int +handle_restart (void) +{ +#ifndef TEST_STATIC + xdlopen (LIB_DLOPEN_NODELETE, RTLD_NOW | RTLD_NODELETE); + xdlopen (LIB_DLOPEN_DEFAULT, RTLD_NOW); +#endif + + /* pthread_exit will load LIBGCC_S_SO. */ + xpthread_join (xpthread_create (NULL, tf, NULL)); + + FILE *fp = xfopen ("/proc/self/maps", "r"); + char *line = NULL; + size_t linesiz = 0; + + unsigned long pagesize = getpagesize (); + + bool found_expected[array_length(expected_sealed_vmas)] = { false }; + while (xgetline (&line, &linesiz, fp) > 0) + { + uintptr_t start; + uintptr_t end; + char flags[5] = { 0 }; + char name[256] = { 0 }; + int idx; + + /* The line is in the form: + start-end flags offset dev inode pathname */ + int r = sscanf (line, + "%" SCNxPTR "-%" SCNxPTR " %4s %*s %*s %*s %256s", + &start, + &end, + flags, + name); + TEST_VERIFY_EXIT (r == 3 || r == 4); + + int found = false; + + const char *libname = basename (name); + if ((idx = IS_IN_STRING_LIST (libname, expected_sealed_vmas)) + != -1) + { + /* Check if we can change the protection flags of the segment. */ + int new_prot = new_flags (flags); + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, + new_prot) == -1); + TEST_VERIFY_EXIT (errno == EPERM); + + /* Also checks trying to map over the sealed libraries. */ + { + char *p = mmap ((void *) start, pagesize, new_prot, + MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + /* And if remap is also blocked. */ + { + char *p = mremap ((void *) start, end - start, end - start, 0); + TEST_VERIFY_EXIT (p == MAP_FAILED); + TEST_VERIFY_EXIT (errno == EPERM); + } + + printf ("sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found_expected[idx] = true; + found = true; + } + else if ((idx = IS_IN_STRING_LIST (libname, expected_non_sealed_vmas)) + != -1) + { + /* Check if expected non-sealed segments protection can indeed be + changed. The idea is to use something that would not break + process execution, so just try to mprotect with all protection + bits. */ + int new_prot = PROT_READ | PROT_WRITE | PROT_EXEC; + TEST_VERIFY_EXIT (mprotect ((void *) start, end - start, new_prot) + == 0); + + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + + found = true; + } + else if (IS_IN_STRING_LIST (libname, expected_non_sealed_special) != -1) + { + /* These pages protection can no be changed. */ + found = true; + } + + if (!found) + { + if (IS_IN_STRING_LIST (libname, non_sealed_vmas) != -1) + printf ("not-sealed: vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + else + FAIL_EXIT1 ("unexpected vma: %" PTR_FMT "-%" PTR_FMT " %s %s\n", + start, + end, + flags, + name); + } + } + xfclose (fp); + + printf ("\n"); + + /* Also check if all the expected sealed maps were found. */ + for (int i = 0; i < array_length (expected_sealed_vmas); i++) + if (expected_sealed_vmas[i][0] && !found_expected[i]) + FAIL_EXIT1 ("expected VMA %s not sealed\n", expected_sealed_vmas[i]); + + return 0; +} + +static int restart; +#define CMDLINE_OPTIONS \ + { "restart", no_argument, &restart, 1 }, + +static int +do_test (int argc, char *argv[]) +{ + /* We must have either: + - One or four parameters left if called initially: + + path to ld.so optional + + "--library-path" optional + + the library path optional + + the application name */ + if (restart) + return handle_restart (); + + /* Check the test requirements. */ + { + int r = mseal (NULL, 0, 0); + if (r == -1 && (errno == ENOSYS || errno == EPERM)) + FAIL_UNSUPPORTED ("mseal is not supported by the kernel"); + else + TEST_VERIFY_EXIT (r == 0); + } + support_need_proc ("Reads /proc/self/maps to get stack names."); + + char *spargv[9]; + int i = 0; + for (; i < argc - 1; i++) + spargv[i] = argv[i + 1]; + spargv[i++] = (char *) "--direct"; + spargv[i++] = (char *) "--restart"; + spargv[i] = NULL; + + char *envvarss[] = { +#ifndef TEST_STATIC + (char *) "LD_PRELOAD=" LIB_PRELOAD, + (char *) "LD_AUDIT=" LIB_AUDIT, +#endif + NULL + }; + + struct support_capture_subprocess result = + support_capture_subprogram (spargv[0], spargv, envvarss); + support_capture_subprocess_check (&result, "tst-dl_mseal", 0, + sc_allow_stdout); + + { + FILE *out = fmemopen (result.out.buffer, result.out.length, "r"); + TEST_VERIFY (out != NULL); + char *line = NULL; + size_t linesz = 0; + while (xgetline (&line, &linesz, out)) + printf ("%s", line); + fclose (out); + } + + support_capture_subprocess_free (&result); + + return 0; +} + +#define TEST_FUNCTION_ARGV do_test +#include diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c new file mode 100644 index 0000000000..9a0a0b3037 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static-noseal.c @@ -0,0 +1,45 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the GNU_PROPERTY_MEMORY_SEAL handling on a statically + built binary. In this case only the vDSO (if existent) will be sealed. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "", +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ + "tst-dl_mseal-static-noseal", + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c new file mode 100644 index 0000000000..d98ec1fa12 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal-static.c @@ -0,0 +1,42 @@ +/* Basic tests for sealing. Static version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks the memory sealing work on a statically built binary. */ + +#define TEST_STATIC 1 + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ + "tst-dl_mseal-static", +}; + +/* Auxiliary pages mapped by the kernel. */ +static const char *expected_non_sealed_vmas[] = +{ + "[vdso]", + "[sigpage]", +}; + +/* Auxiliary kernel pages where permission can not be changed. */ +static const char *expected_non_sealed_special[] = +{ + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c" diff --git a/sysdeps/unix/sysv/linux/tst-dl_mseal.c b/sysdeps/unix/sysv/linux/tst-dl_mseal.c new file mode 100644 index 0000000000..3df28dfba7 --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-dl_mseal.c @@ -0,0 +1,78 @@ +/* Basic tests for sealing. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* Check if memory sealing works as expected on multiples places: + - On the binary itself. + - On a LD_PRELOAD library. + - On a depedency modules (tst-dl_mseal-mod-{1,2}.so). + - On a audit modules (tst-dl_mseal-auditmod.so). + - On a dlopen dependency opened with RTLD_NODELET + (tst-dl_mseal-dlopen-{2,2-1}.so). + - On the libgcc_s opened by thread unwind. +*/ + +#define LIB_PRELOAD "tst-dl_mseal-preload.so" +#define LIB_AUDIT "tst-dl_mseal-auditmod.so" + +#define LIB_DLOPEN_DEFAULT "tst-dl_mseal-dlopen-1.so" +#define LIB_DLOPEN_DEFAULT_DEP "tst-dl_mseal-dlopen-1-1.so" +#define LIB_DLOPEN_NODELETE "tst-dl_mseal-dlopen-2.so" +#define LIB_DLOPEN_NODELETE_DEP "tst-dl_mseal-dlopen-2-1.so" + +/* Expected libraries that loader will seal. */ +static const char *expected_sealed_vmas[] = +{ +#ifdef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + "tst-dl_mseal", + "tst-dl_mseal-mod-1.so", + "tst-dl_mseal-mod-2.so", + LIB_PRELOAD, + LIB_AUDIT, + LIB_DLOPEN_NODELETE, +}; + +/* Expected non sealed libraries. */ +static const char *expected_non_sealed_vmas[] = +{ +#ifndef DEFAULT_MEMORY_SEAL + "libc.so", + "ld.so", +#endif + LIB_DLOPEN_DEFAULT, + LIB_DLOPEN_DEFAULT_DEP, + LIB_DLOPEN_NODELETE_DEP, + /* Auxiary pages mapped by the kernel. */ + "[vdso]", + "[sigpage]", +}; + +/* Special pages, either Auxiliary kernel pages where permission can not be + changed or auxiliary libs that we can know prior hand that sealing is + enabled. */ +static const char *expected_non_sealed_special[] = +{ + LIBGCC_S_SO, + "[vectors]", +}; + +#include "tst-dl_mseal-skeleton.c"