From patchwork Tue Mar 11 17:09:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 872462 Delivered-To: patch@linaro.org Received: by 2002:a5d:64ce:0:b0:38f:210b:807b with SMTP id f14csp1594052wri; Tue, 11 Mar 2025 10:14:13 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXL00H+MEoyzVTHAwgNNEb2/YWBdV1r4plmPAhDGX0P2MCdantYfR30FY1K6kj0bJzLy91MUQ==@linaro.org X-Google-Smtp-Source: AGHT+IEQrlgQMcBTGfyW+xWEoY5TvnUKiCya+WNj9YSyOHSSR3qtWxVUbildRGbeXzYkO5wZl7SE X-Received: by 2002:a05:6102:cd3:b0:4bb:eb4a:f9f0 with SMTP id ada2fe7eead31-4c30a76a09dmr12092696137.24.1741713252934; Tue, 11 Mar 2025 10:14:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1741713252; cv=pass; d=google.com; s=arc-20240605; b=YmtBrrm2zBcpoH8plIefXt1dC6b040tNJeCbvL7i8jUpamDXr8QDN9ilmvomaMAD9p 5UwgTlkzGUPice+0qdXEUVHBMaNd+Q7HuEz1y8EtQizrID9iYCkte0riNvHNNVUpbNOn Kw8BACXRfDZgFnbtWTQddSl4BSxkP9qYK1T3p0sGwJoNtuTlPBm2LzVhmgaEG/XbSWPI O3f5ozd+Qtw7FGFmh1ZP9BY7Zks7wV5blggUFHs/xH3X8VmDfGAA9IAwF+9z5xIfncX8 NC4wSqmzkrc4Deq7TVAgMDIii9oNoNwa9SuCp/t3FNDnbABv0zPeGVfALPOHBbUY95MW SA/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=rfPK/162DYzl2VVkadfbNZehzDek7E/3GL4/JyDErMU=; fh=KcDe9xnl32Q8s5hC3CF4r26ysVeQspjxpbjrMk+PnIQ=; b=Kw0758cr/SnrNtJL63pe2NO65GwrQzDt+HGleatgh1deFtYIyFJ4VQpLA0abYkJPPS fxWUCitgfCrzB94qEszq43Fr9QO0swFgkDUFGnNvWT0ULhvbzossbNAVAlU3VxHXqaLd qAPYA/esugc+ObBRkla4EZryeVEV5KKAhPfOoL7qykUOPJdFsgvl9oVBAF4jSBopNHxk 0J5YQLBpdVYBAWbaBgy1073bawa5MlyFxyRT1VTDG+NRMkSJyDYiTKvOzlzCF0uUFde0 lZZbbkBHygUtAWJ/J9Wev1hnUjgnz+zhcNFmRdu6FaOvwri8Z6RzwbMzRS0v62EdajmX 0hMg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=X7bkBVFf; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id ada2fe7eead31-4c31833deffsi2204996137.277.2025.03.11.10.14.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 10:14:12 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=X7bkBVFf; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6B76C3857BA7 for ; Tue, 11 Mar 2025 17:14:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6B76C3857BA7 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=X7bkBVFf X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by sourceware.org (Postfix) with ESMTPS id 091473857B98 for ; Tue, 11 Mar 2025 17:13:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 091473857B98 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 091473857B98 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1741713197; cv=none; b=r7eERlkRyaZr9zk0hmb1WH9mdt/0j0y4RatOp2hW0eUsQf7EkMr9uGJidEP/4hl5lJgWZ+hirNkuBfM1ghCWRt/Gt0/9NEAfngdLvJfpHkrzwbOiPAOLmu608qQGaWQOyLfhh+kvwl/5UVHfqyCW6PjfpPWhIUmVFRAK45NWx7o= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1741713197; c=relaxed/simple; bh=SwX2QvuGK7skVWBNWlkjLMl1ikEU1WbfLdpGJEnA0h0=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=iF3A/exv9NPlEUioyt9b7aEQeqHLO9rnumidDnQO/Cy4Dpx0MSdeiXiLidj0sNOI15WgL2BbAUvdxqEOkwe3Mw6fOkjntJMd6diPPfk/xmWKmDyRsWn99VLG/OwvyOYcIQMv6CtIPpkh5jCatAxU0tqvQPXETlSfkdu0bjvMG1M= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 091473857B98 Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-2ff64550991so8882117a91.0 for ; Tue, 11 Mar 2025 10:13:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1741713196; x=1742317996; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rfPK/162DYzl2VVkadfbNZehzDek7E/3GL4/JyDErMU=; b=X7bkBVFfx2UYHC62l6Yf2mmiGNS3qeVUtD/ldlimarSPgyD3EXNwba+44Wxa1Jwsba 7kIugR3uXgGaqxi4hskjl2laYhoxOgORTBtlP7anyQyMEzeZ2i4EiSaKgVLw62ukDDi+ J/X+ebRQ6gUnLjqGcbOcZ4kgQTLysvsjcwlrDbOXr3FTJzvl3UBDHidaD7b1ifyaKP0E UdaRzavNsn2egwsOrvJXaeiwYBkeGROG4yPiAgcWBWzVY6YVyIyZ62QIaTLaJ19ITMdb m7wURqGkbZk6+htBHzAtgPFzaMqpgClRK01UYHtzn2UPqebQAGVbdSLzP4GyvDuPIecj bISg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741713196; x=1742317996; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rfPK/162DYzl2VVkadfbNZehzDek7E/3GL4/JyDErMU=; b=t+1e0c1zmAB/shEY1ZB9aB9gUE7GCpjG5LTnsUk+OV+saCWbHG9fb0InbaG2HaRNk2 +4ctF4D5XKCh6aJqTT3AFKJBCwnfjjvkiL/VCrvramZuJMphc/yQbo5LCAvwXA5x6BkJ Fs+qjm2FUHMrWIROoDhHFfCYe/XRj9exFdpizszJ0pxJloHGXD0QLjfk3Tu5JL5JxPMA 6lpd0YX4Puh1XwXKdK/0TTmatUVAKlslrMRXC48gMFjKKq2mVQs0q3VJMglj+yJAmno3 LBO50+2pFgDXW6YQKhTf+xXrtOOoKVUns6XAimR0dtaZ22wFYwC7G37sfM9yLW4s98PD LTEQ== X-Gm-Message-State: AOJu0YyG7k6ZWyLvHeVr6NmwmhAFyCvnNNWYZsqwjEiOLvsht/vYQnqh XAeSTvEKe1ctrLrrn/eiHLQupLIC7w+VGMr+E4hdGjlWY9atRc/qv+Oj3qThaAZTYI8WcRKy5UT w X-Gm-Gg: ASbGncvKhZyuMUFrZ912ptCVyRcAAQDf4E8rwoGn6uU99jkyAsXRv806L92PxpIY2li 5Lklf1Y9E8nRZsnKxcHkF308IMct7r7Zv3iGAdQkDumlWM44VNk0VI9dMLYMM6ErY7PInUxl0B3 bEmmnlcaoaJTIm//ry9VLWe99pGIm4REalxZgxtIP6Uz+dxjmmCqNvay0wbCaCEsDZkt7m1u51t Yvfq81ucDChGkyqZgiKVXsy51WrZ/F7MNqluO4laDm/olNJsXFXqoo9yB8d/S/2b+Hqg9HRlK+G v2zyN+hnXoY3jUC/sU1HclKnEH7xM6QCjP7ZKtN426Y3lHpi1AO+zGBWKFavIL/Bew== X-Received: by 2002:a17:90b:384a:b0:2ff:5ec1:6c6a with SMTP id 98e67ed59e1d1-2ff7cea69acmr31135370a91.18.1741713195631; Tue, 11 Mar 2025 10:13:15 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:1ebf:8b5:8f5b:dd39:866]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ff693f8804sm11438131a91.47.2025.03.11.10.13.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 10:13:15 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" , Yury Khrustalev Subject: [PATCH v6 2/9] elf: Parse gnu properties for statically linked binaries Date: Tue, 11 Mar 2025 14:09:49 -0300 Message-ID: <20250311171305.89091-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250311171305.89091-1-adhemerval.zanella@linaro.org> References: <20250311171305.89091-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org It allows static binary to opt-in of memory sealing. The aarch64 already does it for GCS, so refactor it to use __libc_process_gnu_attributes instead. Checked on x86_64-linux-gnu. --- csu/libc-start.c | 4 ++ elf/dl-support.c | 13 ++++++ sysdeps/generic/libc-prop.h | 44 ++++++++++++++++++++ sysdeps/unix/sysv/linux/aarch64/libc-start.h | 11 ----- sysdeps/x86/dl-prop.h | 4 +- 5 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 sysdeps/generic/libc-prop.h diff --git a/csu/libc-start.c b/csu/libc-start.c index 6f3d52e223..44fe5d5738 100644 --- a/csu/libc-start.c +++ b/csu/libc-start.c @@ -36,6 +36,7 @@ #include #include #include +#include #include @@ -276,6 +277,9 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL), /* Perform IREL{,A} relocations. */ ARCH_SETUP_IREL (); + /* Process notes: PT_NOTE / PT_GNU_PROPERTY. */ + __libc_process_gnu_attributes (); + /* The stack guard goes into the TCB, so initialize it early. */ ARCH_SETUP_TLS (); diff --git a/elf/dl-support.c b/elf/dl-support.c index c7860f327a..d8f1dd8ee9 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -45,6 +45,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -330,6 +331,18 @@ _dl_non_dynamic_init (void) _dl_main_map.l_relro_size = ph->p_memsz; break; } + /* Process program headers again, but scan them backwards so + that PT_NOTE can be skipped if PT_GNU_PROPERTY exits. */ + for (const ElfW(Phdr) *ph = &_dl_phdr[_dl_phnum]; ph != _dl_phdr; --ph) + switch (ph[-1].p_type) + { + case PT_NOTE: + _dl_process_pt_note (&_dl_main_map, -1, &ph[-1]); + break; + case PT_GNU_PROPERTY: + _dl_process_pt_gnu_property (&_dl_main_map, -1, &ph[-1]); + break; + } if ((__glibc_unlikely (GL(dl_stack_flags)) & PF_X) && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 0) diff --git a/sysdeps/generic/libc-prop.h b/sysdeps/generic/libc-prop.h new file mode 100644 index 0000000000..723575d29b --- /dev/null +++ b/sysdeps/generic/libc-prop.h @@ -0,0 +1,44 @@ +/* Support for GNU properties for static builds. Generic version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _LIBC_PROP_H +#define _LIBC_PROP_H + +#include + +/* Called at the start of program execution to handle GNU attribute from + PT_NOTE / PT_GNU_PROPERTY. Must be on a top-level stack frame that does + not return. */ +static __always_inline void +__libc_process_gnu_attributes (void) +{ +# ifndef SHARED + struct link_map *main_map = _dl_get_dl_main_map (); + const ElfW(Phdr) *phdr = GL(dl_phdr); + const ElfW(Phdr) *ph; + for (ph = phdr; ph < phdr + GL(dl_phnum); ph++) + if (ph->p_type == PT_GNU_PROPERTY) + { + _dl_process_pt_gnu_property (main_map, -1, ph); + _rtld_main_check (main_map, _dl_argv[0]); + break; + } +# endif +} + +#endif diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h index 75ae0a884a..64acbdb533 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc-start.h +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -34,17 +34,6 @@ aarch64_libc_setup_tls (void) { __libc_setup_tls (); - struct link_map *main_map = _dl_get_dl_main_map (); - const ElfW(Phdr) *phdr = GL(dl_phdr); - const ElfW(Phdr) *ph; - for (ph = phdr; ph < phdr + GL(dl_phnum); ph++) - if (ph->p_type == PT_GNU_PROPERTY) - { - _dl_process_pt_gnu_property (main_map, -1, ph); - _rtld_main_check (main_map, _dl_argv[0]); - break; - } - if (GL(dl_aarch64_gcs) != 0) { int ret = INLINE_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS, diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index 8625751427..9a5e10821c 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -66,9 +66,11 @@ dl_isa_level_check (struct link_map *m, const char *program) static inline void __attribute__ ((always_inline)) _rtld_main_check (struct link_map *m, const char *program) { +#ifdef SAHRED dl_isa_level_check (m, program); -#if CET_ENABLED +# if CET_ENABLED _dl_cet_check (m, program); +# endif #endif }