From patchwork Thu Dec 26 17:57:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 853699 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp4891410wrq; Thu, 26 Dec 2024 09:59:18 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWFBQKoWu66DOUhRMWKAWXlrhR6eymeD7KlFyZtndDCEjKhttG43yMkSzenVPdYSEA0HRih0g==@linaro.org X-Google-Smtp-Source: AGHT+IE7oW3uhV6hnOxHpeGhZl3RMkPZH1tdeMhPUAtbdgwhYAszWDnmfYyEzdalVcy2iB8ljjbJ X-Received: by 2002:a05:620a:370c:b0:7b1:48ff:6b56 with SMTP id af79cd13be357-7b9ba7ec724mr4467635885a.43.1735235958574; Thu, 26 Dec 2024 09:59:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1735235958; cv=pass; d=google.com; s=arc-20240605; b=aQr/769QY7UtZHNC9YkHyVLcUCkpURyInKy4m/ccbxpNYf5ZveGYR3x0kOZOPHZz08 Cmyi6hEu7IcYtIzOXTBKydnQgrZ0ONMwa+dbgbtHC7skzkwbo6qQrT3IKvPmafvQv9Ot mXqJDe/Q6mz1FYnFKjPA1YHZF3ELJPxHRhndIBxFoQ/TK4DwE7+DR0QoqROc7hMCRqPB fq73o20kD1lMkgK63KRWVEXFAi8aY0pg9QwaDX2gjhCg4jJeLS3+ro4suhN+/FaCx+U1 1EYS7RsmgnX83AOmdfJDk4MCE25EfnK2yadXzZkpdCbfdV9eeyHPdc8jSbsFPXgEt/Xb KeIQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=SdKo263/xeKyhtKL06jgp5c5gakuQc7RyC1tZsZtXZY=; fh=xV8Gp349bHw1ljD2lFQRwhGaJ4bIEzpeFyS/N97S3Sw=; b=V41D+xuiKfzJw3VEY595yyd462GFur+7Gm0OA5eCUhan8Ohawf9HtULRW33qWndbS+ 5Tanl6hmh4KOlikC4SEIHoG9A6JDcv7NlkNgsYllovw4H3LXGCBOridLs88B6lT0sStd od3IokEAVZExQ0v1gh65m5+HlqUwiljzNmhUP0QTtlrpnWwLhYMFUSD0aFSdhtBwjORD 7bxOp3Si1pefonTZZqa/ECYWD3Eu2yOH8V+F8Vz9pvv6z40+3R6Hkr7XpBFY9jscV/tG 1Z3SFon+6lvWVwTVR/f9yIZ6n7oiyabbM51yo2+to99zwUk6FHXKrK4mDKKZtA6oaULI Q0sA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="LVazNa/N"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7b9ac2ad2a6si1693940285a.57.2024.12.26.09.59.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:59:18 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="LVazNa/N"; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 27F633858C60 for ; Thu, 26 Dec 2024 17:59:18 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 27F633858C60 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=LVazNa/N X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) by sourceware.org (Postfix) with ESMTPS id 2485E3858CDA for ; Thu, 26 Dec 2024 17:58:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2485E3858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2485E3858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1029 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235925; cv=none; b=CKeTERpQdWhdJDZhFbfJ5uf8t0clElkSvNNlw/7WPLvuBPtjpvJg6vmE4W+Wr1QlU7myBrKSrEzwS8GYhlP+JVWQC8K+P7oEYQnI60fu2jEUTPJJRP2g8fsXJ90ktMx0Mgd8v+BecF6WdmIpOxzSYWMIGTaG0RK4xfbw8TUSsGs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235925; c=relaxed/simple; bh=0oD+S4zowny19WkjBnEYHNRt6mzXvZcVfCBa0fpKGd4=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=DTosVcIgaaHYUAxp31eiUeE/0uMSKoj6r8FHtYS9bSiuPtU8CjCOKSvS7hn4aMdwSWJ4lN52A/aD643+WvZhcb7vwjC+Jjd8movHLtigG9VeczXccuUIqQQLl0W1KYrGvNwwsslaL2gb+XJ+sRItSLQIvcGKZZq6oOKHjOyFkow= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2485E3858CDA Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-2efd81c7ca4so6325598a91.2 for ; Thu, 26 Dec 2024 09:58:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1735235924; x=1735840724; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SdKo263/xeKyhtKL06jgp5c5gakuQc7RyC1tZsZtXZY=; b=LVazNa/Nt/O+GB4cJxbkT7ckCX5XUMkrly3bi+GKQpkU6xAkTBTD70YCFbRTpA5w+G aa+nYWSSWQwP719hnbW5It1bfrnGVs73IvFOa3nhWQBIGdOHnOvnT5HDCX/Dq9o1w2V4 8Zx1XW72hWJ+1QC9TSzmQF7P5tV8ovQLLX6YwmjCVbReZpPBCqyk9bmqEh6grJI1Md7k d1nHt8bk7wmHF52/6pJzRp7eooUtJIR0t+7kRYWNqyQkSspf2yVcPpkOcLccQMvZVO03 i5aXwNJsb7tvrAX+7mHt/AsjaltvR0Hw/CMCRU/xp4mEWNVpDUXgagNJTTovCC1oWqxi iGnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735235924; x=1735840724; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SdKo263/xeKyhtKL06jgp5c5gakuQc7RyC1tZsZtXZY=; b=VbpPkxVKYUl+cfdc5yozbH2P3dth5FqFCDteKR4tpmV0xhP7lyacvJUCIp8HfeLjw1 kZ4/edYe20eu5klafrG9+2/13cTd4A7JQd059ATnfJJBbUQCJsLMnPzl60T7C6VDzotJ FDwcv5r5arLZVZL0YIX3NTXj4WvWnc0d3x1hGs5FB8yb4liRdp5ZNcvXwkNTAf0OlMch GmQygtFHzJxu6DjT981i1ihokKprzJRKME4UjXV/CMc9nvg+oWLzzil0HWi/5RkIfeVt ICFnT2fZ2E5+KIGHFT5BhuNbJSXV0lG+WGWug7UQLnsqw9Hj/UE0HI5XHntOoGgmTnvd RPrw== X-Gm-Message-State: AOJu0YyQQpj0Dd/892sIBTBUTt7aUIPp1nihpBPYw2tPT88yK1YNIzP7 f2tyOVt9rYjCzCXxTlRCSt9kQVG2ifEF+ozrYAQB0g1bTmHe/la6yNz2vsh/AWI1C0V+bKXmoqw b X-Gm-Gg: ASbGncv1rbaK35b3xh0vWqAjudKw+k7zhPN/O/1FJOWB7Eyb1UaqunOJL8OurVxdX3R BaJj56JjlmnGZ7qpN+fxfMuG36SlWHux0YrOQ4AIusR6z2JmzCsd16/G3i3ieC8yybmQ5e6LdQv CASaC1CTJvzummI6vqz6voxi4+tVUxrVoYE79hOxop6b85LHLlHnqenuDYTmW2u1/aP/YLMB5Rj 3nZS8Hedu9mRrjqg7LTAE5FsML9zJl9XCoBv68cWVHEpDbxP5d7tecJBeq7fTzuJBsWq5uwf49S F3CARXsLYmgx+9dCoWQ4jgsb0trk X-Received: by 2002:a17:90a:d88d:b0:2ea:5e0c:2847 with SMTP id 98e67ed59e1d1-2f452e4e81emr30372199a91.22.1735235923876; Thu, 26 Dec 2024 09:58:43 -0800 (PST) Received: from ubuntu-vm.. (201-92-184-234.dsl.telesp.net.br. [201.92.184.234]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-219dca031besm119484645ad.281.2024.12.26.09.58.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:58:43 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Florian Weimer , Adhemerval Zanella Subject: [PATCH v7 1/4] elf: Cleanup and improve tst-execstack Date: Thu, 26 Dec 2024 14:57:42 -0300 Message-ID: <20241226175834.2531046-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> References: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org Use libsupport and handle new SELinux versions. Reviewed-by: Florian Weimer --- elf/tst-execstack.c | 200 ++++++++++++++++++++------------------------ 1 file changed, 91 insertions(+), 109 deletions(-) diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c index 560b353918..509149ad37 100644 --- a/elf/tst-execstack.c +++ b/elf/tst-execstack.c @@ -1,24 +1,32 @@ /* Test program for making nonexecutable stacks executable - on load of a DSO that requires executable stacks. */ + on load of a DSO that requires executable stacks. -#include -#include -#include -#include -#include + Copyright (C) 2003-2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include #include #include - -static void -print_maps (void) -{ -#if 0 - char *cmd = NULL; - asprintf (&cmd, "cat /proc/%d/maps", getpid ()); - system (cmd); - free (cmd); -#endif -} +#include +#include +#include +#include +#include +#include static void deeper (void (*f) (void)); @@ -38,8 +46,8 @@ static void * waiter_thread (void *arg) { void **f = arg; - pthread_barrier_wait (&startup_barrier); - pthread_barrier_wait (&go_barrier); + xpthread_barrier_wait (&startup_barrier); + xpthread_barrier_wait (&go_barrier); (*((void (*) (void)) *f)) (); @@ -47,40 +55,66 @@ waiter_thread (void *arg) } #endif -static bool allow_execstack = true; - +enum selinux_status { + SELINUX_NOT_PRESENT, + SELINUX_EXECSTACK_DISABLE, + SELINUX_EXECSTACK_ENABLE, +}; static int -do_test (void) +check_selinux_generic (const char *enforce_path, const char *execstack_path) { - /* Check whether SELinux is enabled and disallows executable stacks. */ - FILE *fp = fopen ("/selinux/enforce", "r"); - if (fp != NULL) - { - char *line = NULL; - size_t linelen = 0; + FILE *fp = fopen (enforce_path, "r"); + if (fp == NULL) + return SELINUX_NOT_PRESENT; - bool enabled = false; - ssize_t n = getline (&line, &linelen, fp); - if (n > 0 && line[0] != '0') - enabled = true; + char *line = NULL; + size_t linelen = 0; - fclose (fp); + bool enabled = false; + ssize_t n = getline (&line, &linelen, fp); + if (n > 0 && line[0] != '0') + enabled = true; - if (enabled) + fclose (fp); + + if (enabled) + { + fp = fopen (execstack_path, "r"); + if (fp != NULL) { - fp = fopen ("/selinux/booleans/allow_execstack", "r"); - if (fp != NULL) - { - n = getline (&line, &linelen, fp); - if (n > 0 && line[0] == '0') - allow_execstack = false; - } - - fclose (fp); + n = getline (&line, &linelen, fp); + if (n > 0 && line[0] == '0') + return SELINUX_EXECSTACK_DISABLE; } + + fclose (fp); } + return SELINUX_EXECSTACK_ENABLE; +} + +static bool +check_selinux (void) +{ + /* Old Red Hat like systems. */ + enum selinux_status r = + check_selinux_generic ("/selinux/enforce", + "/selinux/booleans/allow_execstack"); + if (r == SELINUX_NOT_PRESENT) + /* New Red Hard like systems. */ + r = check_selinux_generic ("/sys/fs/selinux/enforce", + "/sys/fs/selinux/booleans/selinuxuser_execstack"); + return r == SELINUX_NOT_PRESENT || r == SELINUX_EXECSTACK_ENABLE; +} + + +static int +do_test (void) +{ + /* Check whether SELinux is enabled and disallows executable stacks. */ + bool allow_execstack = check_selinux (); + printf ("executable stacks %sallowed\n", allow_execstack ? "" : "not "); static void *f; /* Address of this is used in other threads. */ @@ -88,47 +122,26 @@ do_test (void) #if USE_PTHREADS /* Create some threads while stacks are nonexecutable. */ #define N 5 - pthread_t thr[N]; - pthread_barrier_init (&startup_barrier, NULL, N + 1); - pthread_barrier_init (&go_barrier, NULL, N + 1); + xpthread_barrier_init (&startup_barrier, NULL, N + 1); + xpthread_barrier_init (&go_barrier, NULL, N + 1); for (int i = 0; i < N; ++i) - { - int rc = pthread_create (&thr[i], NULL, &waiter_thread, &f); - if (rc) - error (1, rc, "pthread_create"); - } + xpthread_create (NULL, &waiter_thread, &f); /* Make sure they are all there using their stacks. */ - pthread_barrier_wait (&startup_barrier); + xpthread_barrier_wait (&startup_barrier); puts ("threads waiting"); #endif - print_maps (); - #if USE_PTHREADS void *old_stack_addr, *new_stack_addr; size_t stack_size; pthread_t me = pthread_self (); pthread_attr_t attr; - int ret = 0; - - ret = pthread_getattr_np (me, &attr); - if (ret) - { - printf ("before execstack: pthread_getattr_np returned error: %s\n", - strerror (ret)); - return 1; - } - - ret = pthread_attr_getstack (&attr, &old_stack_addr, &stack_size); - if (ret) - { - printf ("before execstack: pthread_attr_getstack returned error: %s\n", - strerror (ret)); - return 1; - } + TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0); + TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &old_stack_addr, + &stack_size) == 0); # if _STACK_GROWS_DOWN old_stack_addr += stack_size; # else @@ -149,36 +162,17 @@ do_test (void) return allow_execstack; } - f = dlsym (h, "tryme"); - if (f == NULL) - { - printf ("symbol not found: %s\n", dlerror ()); - return 1; - } + f = xdlsym (h, "tryme"); /* Test if that really made our stack executable. The `tryme' function should crash if not. */ (*((void (*) (void)) f)) (); - print_maps (); - #if USE_PTHREADS - ret = pthread_getattr_np (me, &attr); - if (ret) - { - printf ("after execstack: pthread_getattr_np returned error: %s\n", - strerror (ret)); - return 1; - } - - ret = pthread_attr_getstack (&attr, &new_stack_addr, &stack_size); - if (ret) - { - printf ("after execstack: pthread_attr_getstack returned error: %s\n", - strerror (ret)); - return 1; - } + TEST_VERIFY_EXIT (pthread_getattr_np (me, &attr) == 0); + TEST_VERIFY_EXIT (pthread_attr_getstack (&attr, &new_stack_addr, + &stack_size) == 0); # if _STACK_GROWS_DOWN new_stack_addr += stack_size; @@ -194,33 +188,21 @@ do_test (void) stacksize and stackaddr respectively. If the size changes due to the above, then both stacksize and stackaddr can change, but the stack bottom should remain the same, which is computed as stackaddr + stacksize. */ - if (old_stack_addr != new_stack_addr) - { - printf ("Stack end changed, old: %p, new: %p\n", - old_stack_addr, new_stack_addr); - return 1; - } + TEST_VERIFY_EXIT (old_stack_addr == new_stack_addr); printf ("Stack address remains the same: %p\n", old_stack_addr); #endif /* Test that growing the stack region gets new executable pages too. */ deeper ((void (*) (void)) f); - print_maps (); - #if USE_PTHREADS /* Test that a fresh thread now gets an executable stack. */ - { - pthread_t th; - int rc = pthread_create (&th, NULL, &tryme_thread, f); - if (rc) - error (1, rc, "pthread_create"); - } + xpthread_create (NULL, &tryme_thread, f); puts ("threads go"); /* The existing threads' stacks should have been changed. Let them run to test it. */ - pthread_barrier_wait (&go_barrier); + xpthread_barrier_wait (&go_barrier); pthread_exit ((void *) (long int) (! allow_execstack)); #endif From patchwork Thu Dec 26 17:57:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 853700 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp4891570wrq; Thu, 26 Dec 2024 09:59:51 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXb+8U9He7nEIRUTPWbAfbNwGtez9G3PXWPc8bYZFxAyZOAh2rsYIDYmn/zTaCoFNVPoqunbA==@linaro.org X-Google-Smtp-Source: AGHT+IHfBhsMdsXy+fbLx870392p8VeyROsGsT55+Nlv8TveB1k6J0D5Xbrr0vHx1ITzgfhUVPeN X-Received: by 2002:ac8:5a04:0:b0:467:6742:5633 with SMTP id d75a77b69052e-46a4a8e8152mr379889911cf.23.1735235991401; Thu, 26 Dec 2024 09:59:51 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1735235991; cv=pass; d=google.com; s=arc-20240605; b=D6mXITwQoSwFv1G/I4IBJJG9NqVpJAYFI8PTsi+DDEoSM5Nszc2hQ+2bnfjeFofItC U88HvrqF529Pi+KlCKx0+OvwU9VpBjddy/FK6dfmQByrY/e1Qsw1Zi2pV/Gbn6jLRmtl d4v+uvhd3kcR7Bp/rOxUbicljtfG6kRwgtItwQtTWmRahwt5Cwb/D6LU8PvvyC7Y936E ZCfAAfOjRmbAiZDVeu/s9uTTiJCABCcW2CgFcUP0A/ibrtAKzfruQ5mQVRzzxww1GX6J HtXScAtO2fi3jImkJ+DBBgE7YUg916aNldKCrL5ZXQUzxx6Jk4ZSi0t+JYBWGHX871b2 Fdcg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=w6sOAhrJi6DO9N/kafEEt4FuCeqI+Ao4Dfo7SDoD+4w=; fh=xV8Gp349bHw1ljD2lFQRwhGaJ4bIEzpeFyS/N97S3Sw=; b=gK7SjTV/8UtAv7Uy0CO0BQe6ihO2nVnwmt2gCIbS7+fV5Qoqy+LRQLBNQ5wUPVvMJ+ qKhOWvjUgc2scgBODDZWQjw2xKhSznFAEvtQfl5D31jn5G7QMvNyvQ3muAvCKEO5DXAb rD3ngpTIX/TyGZodhSOelTlb8RCO51lBSxE6bLpxK/kmWhvZFuUYbPF+be+ORXPTdu5g Jj/awLBRmcgiReHlz0qB5M9mAi7ik9MqBw2phrGLoFbrWbq3jLJvxt0tHVViMz4Z8dMV U2QToiRIdhojB3J+x5eI706evjbzNzmEhvD4+55HdPIDRYpuXMUs3PJnRRGAUGMTyIYR sqxA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=tOfD6O1V; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-46a3ebd7c17si175822531cf.606.2024.12.26.09.59.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:59:51 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=tOfD6O1V; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id F36933858C50 for ; Thu, 26 Dec 2024 17:59:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F36933858C50 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=tOfD6O1V X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by sourceware.org (Postfix) with ESMTPS id 5A8ED3858CDB for ; Thu, 26 Dec 2024 17:58:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5A8ED3858CDB Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5A8ED3858CDB Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::630 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235927; cv=none; b=HMc9zmxZkLL4oG2mfRzZjhhY8EW3zF/BnJ4d3J/C3VOAB8/hedkEmQOiqm9EY2Az2U0wlJETWvqD1DWgSnSpPXQZ6ftSF0xfh5OMX5iSXdJBiO+/VgnEhXSB5HrA/xif0GU6/VXPUjWwNSgWeS2CHWbEfw+lB8DNff8ArvVUE+A= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235927; c=relaxed/simple; bh=3xnO45zRpyBK6pZCujtRvamvJjQ2Mj4TblmVLsJfMK8=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=uj/DOyy7dHt32NOLcv79fFM+Yv5Im6TuwOTns5rvCk+eEFMSjqR+E+QKAoDU6CEzBzo5RQrXZvzWLRe0V3lkhQirDRcP179Ko90+FQJ0QnTrVJ8g4TsYlrXNbuuRlVWde1CmOeOxAomW7VGYC71DebrCjV+YvC3TvE69JOfj1Zw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5A8ED3858CDB Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-2163bd70069so76993935ad.0 for ; Thu, 26 Dec 2024 09:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1735235926; x=1735840726; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=w6sOAhrJi6DO9N/kafEEt4FuCeqI+Ao4Dfo7SDoD+4w=; b=tOfD6O1VGtAJMFL2V/+hcDfL9Lrm33bIO9yKiuIS8wf3xlgIn350wf8PrnpHNjcAuL m74CU0FW3HIvB2LjzEkudATFvhfweoSi4KWum7dvpf49AqmvVzOcjAu2NHceoxtm/H5w NyE23ujJcdesTtnHPQ25QCw5SSaEfOoGy2RmaBjwmoPldjPH3sfKv05NHgskWeDSXvLx 6isUEPUul/Cqa8r08UjGOvf+Uyl/KOovVEszpHtImPjki0AQDhWe/JT762tVM6NMvnHi RvLRI0u4+BAiA6lVmPfmdgY310rgv83BOiGZIsCm6vruOiWqVLTAIYIh9rANppWvHZhN HujA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735235926; x=1735840726; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w6sOAhrJi6DO9N/kafEEt4FuCeqI+Ao4Dfo7SDoD+4w=; b=KGdN3Cm1l73QS7tGa0phxC730MbSHxqkQla21KzgzF0JycMYRnvSGbXINZuoe3tntI zSpTYYYakX9Nh8e2efaiAcjGxmz2K31nvJL+uIm3q/lsZMZ8EUL8Hha6/bS63MzIgvtu V8zHepGF4cZu/PFhoTi7kg7soAjGBSj7I5vrbwEaY0G7ETec4RDRhXb308YFNIg3jut+ MB9g8kcHnXFAV0vL7UKp1Hi7mkTpU0tgljw3P6IqQN11ZcX2qSS8Ct6eINcrxeyy7b3+ F/iacNO91oOccphfIK1zgLe8JFMu8kl3zvQ4wa/ZH+hOzhSCHLLw+nfu8/aWroqS+eW5 +/9w== X-Gm-Message-State: AOJu0Ywp5Rp4SnpHQgUrEnevC0PFMfB0qwn155Ceu3SJ2xMYUwF51GHA PhKdUiuhb5AOd4fo9eSpXDhp2XcHvoBNCUgCqQrnMipnb0ZINLDANcL4pOmjDaotWrH5bUhr25Y D X-Gm-Gg: ASbGncuqSnWiBz2QEyVm1XMLB1HMvN6q/lVwsUDFUq3/NXhON1ZaibJT9rRa/Es+bOK PKubGkBjxA/9cue8g5iWKFkG42YxXbD0p6TPZTpdcACGNimurh5ChMWB1Ej7UZQLykkns9j3CLE HrHrnVAKF3yxaxNFAZhezaRASL7kM9nqOF4BDE+Gv+NeK50815093qq9A7bmLSQdlJdI1mnrld6 xlz9mgwVdmL6BVAnPWAjkvH3xElrb4C3w15ujtQan78NCpwuhNGKdXsBPsRrXL7NuSzWBmp5uDV wDaFipm4kmR3cyYwfTFJYVK8247N X-Received: by 2002:a17:903:41c6:b0:215:b75f:a1e0 with SMTP id d9443c01a7336-219e6e894e9mr232403275ad.7.1735235925696; Thu, 26 Dec 2024 09:58:45 -0800 (PST) Received: from ubuntu-vm.. (201-92-184-234.dsl.telesp.net.br. [201.92.184.234]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-219dca031besm119484645ad.281.2024.12.26.09.58.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:58:45 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Florian Weimer , Adhemerval Zanella Subject: [PATCH v7 2/4] elf: Do not change stack permission on dlopen/dlmopen Date: Thu, 26 Dec 2024 14:57:43 -0300 Message-ID: <20241226175834.2531046-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> References: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org If some shared library loaded with dlopen/dlmopen requires an executable stack, either implicitly because of a missing GNU_STACK ELF header (where the ABI default flags implies in the executable bit) or explicitly because of the executable bit from GNU_STACK; the loader will try to set the both the main thread and all thread stacks (from the pthread cache) as executable. Besides the issue where any __nptl_change_stack_perm failure does not undo the previous executable transition (meaning that if the library fails to load, there can be thread stacks with executable stacks), this behavior was used on recent CVE [1] as a vector for RCE. This patch changes that if a shared library requires an executable stack, and the current stack is not executable, dlopen fails. The change is done only for dynamically loaded modules, if the program or any dependency requires an executable stack, the loader will still change the main thread before program execution and any thread created with default stack configuration. [1] https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Florian Weimer --- NEWS | 6 +++ elf/dl-load.c | 13 ++--- elf/dl-support.c | 4 -- elf/rtld.c | 6 --- elf/tst-execstack.c | 62 +++++++++++++++--------- nptl/allocatestack.c | 19 -------- sysdeps/generic/ldsodefs.h | 22 ++------- sysdeps/mach/hurd/Makefile | 2 + sysdeps/mach/hurd/dl-execstack.c | 1 - sysdeps/nptl/pthreadP.h | 6 --- sysdeps/unix/sysv/linux/Versions | 3 -- sysdeps/unix/sysv/linux/dl-execstack.c | 67 +------------------------- sysdeps/unix/sysv/linux/mips/Makefile | 7 +++ 13 files changed, 66 insertions(+), 152 deletions(-) diff --git a/NEWS b/NEWS index 4ceecd6249..e7975384ff 100644 --- a/NEWS +++ b/NEWS @@ -68,6 +68,12 @@ Deprecated and removed features, and other changes affecting compatibility: * The nios2*-*-linux-gnu configurations are no longer supported. +* dlopen and dlmopen no longer make the stack executable if a shared + library requires it, either implicitly because of a missing GNU_STACK ELF + header (and default ABI permission having the executable bit set) or + explicitly because of the executable bit in GNU_STACK, and the stack is + not already executable. Instead, loading such objects will fail. + Changes to build and runtime requirements: * On recent Linux kernels with vDSO getrandom support, getrandom does not diff --git a/elf/dl-load.c b/elf/dl-load.c index 284857ddf6..a238ff4286 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1315,12 +1315,13 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X)) { /* The stack is presently not executable, but this module - requires that it be executable. */ -#if PTHREAD_IN_LIBC - errval = _dl_make_stacks_executable (stack_endp); -#else - errval = (*GL(dl_make_stack_executable_hook)) (stack_endp); -#endif + requires that it be executable. Only tries to change the + stack protection during process startup. */ + if ((mode & __RTLD_DLOPEN) == 0) + errval = _dl_make_stack_executable (stack_endp); + else + errval = EINVAL; + if (errval) { errstring = N_("\ diff --git a/elf/dl-support.c b/elf/dl-support.c index ee590edf93..fe1f8c8f6a 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -178,10 +178,6 @@ size_t _dl_stack_cache_actsize; uintptr_t _dl_in_flight_stack; int _dl_stack_cache_lock; #else -/* If loading a shared object requires that we make the stack executable - when it was not, we do it by calling this function. - It returns an errno code or zero on success. */ -int (*_dl_make_stack_executable_hook) (void **) = _dl_make_stack_executable; void (*_dl_init_static_tls) (struct link_map *) = &_dl_nothread_init_static_tls; #endif struct dl_scope_free_list *_dl_scope_free_list; diff --git a/elf/rtld.c b/elf/rtld.c index 0637c53017..5eb130be30 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1336,12 +1336,6 @@ dl_main (const ElfW(Phdr) *phdr, __tls_pre_init_tp (); -#if !PTHREAD_IN_LIBC - /* The explicit initialization here is cheaper than processing the reloc - in the _rtld_local definition's initializer. */ - GL(dl_make_stack_executable_hook) = &_dl_make_stack_executable; -#endif - /* Process the environment variable which control the behaviour. */ skip_env = process_envvars (&state); diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c index 509149ad37..4679a9daca 100644 --- a/elf/tst-execstack.c +++ b/elf/tst-execstack.c @@ -23,16 +23,33 @@ #include #include #include +#include #include #include #include #include -static void deeper (void (*f) (void)); +/* The DEFAULT_RWX_STACK controls whether the toolchain enables an executable + stack for the testcase (which does not contain features that might require + an executable stack, such as nested function). + Some ABIs do require an executable stack, even if the toolchain supports + non-executable stack. In this cases the DEFAULT_RWX_STACK can be + overrided. */ +#ifndef DEFAULT_RWX_STACK +# define DEFAULT_RWX_STACK 0 +#else +static void +deeper (void (*f) (void)) +{ + char stack[1100 * 1024]; + explicit_bzero (stack, sizeof stack); + (*f) (); + memfrob (stack, sizeof stack); +} +#endif #if USE_PTHREADS -# include - +# if DEFAULT_RWX_STACK static void * tryme_thread (void *f) { @@ -40,16 +57,21 @@ tryme_thread (void *f) return 0; } +# endif static pthread_barrier_t startup_barrier, go_barrier; static void * waiter_thread (void *arg) { - void **f = arg; xpthread_barrier_wait (&startup_barrier); xpthread_barrier_wait (&go_barrier); +# if DEFAULT_RWX_STACK + void **f = arg; (*((void (*) (void)) *f)) (); +# else + abort (); +# endif return 0; } @@ -117,7 +139,9 @@ do_test (void) printf ("executable stacks %sallowed\n", allow_execstack ? "" : "not "); +#if USE_PTHREADS || DEFAULT_RWX_STACK static void *f; /* Address of this is used in other threads. */ +#endif #if USE_PTHREADS /* Create some threads while stacks are nonexecutable. */ @@ -134,7 +158,7 @@ do_test (void) puts ("threads waiting"); #endif -#if USE_PTHREADS +#if USE_PTHREADS && DEFAULT_RWX_STACK void *old_stack_addr, *new_stack_addr; size_t stack_size; pthread_t me = pthread_self (); @@ -156,11 +180,10 @@ do_test (void) const char *soname = "tst-execstack-mod.so"; #endif void *h = dlopen (soname, RTLD_LAZY); - if (h == NULL) - { - printf ("cannot load: %s\n", dlerror ()); - return allow_execstack; - } +#if !DEFAULT_RWX_STACK + TEST_VERIFY_EXIT (h == NULL); +#else + TEST_VERIFY_EXIT (h != NULL); f = xdlsym (h, "tryme"); @@ -176,9 +199,9 @@ do_test (void) # if _STACK_GROWS_DOWN new_stack_addr += stack_size; -# else +# else new_stack_addr -= stack_size; -# endif +# endif /* It is possible that the dlopen'd module may have been mmapped just below the stack. The stack size is taken as MIN(stack rlimit size, end of last @@ -190,12 +213,12 @@ do_test (void) should remain the same, which is computed as stackaddr + stacksize. */ TEST_VERIFY_EXIT (old_stack_addr == new_stack_addr); printf ("Stack address remains the same: %p\n", old_stack_addr); -#endif +# endif /* Test that growing the stack region gets new executable pages too. */ deeper ((void (*) (void)) f); -#if USE_PTHREADS +# if USE_PTHREADS /* Test that a fresh thread now gets an executable stack. */ xpthread_create (NULL, &tryme_thread, f); @@ -205,19 +228,10 @@ do_test (void) xpthread_barrier_wait (&go_barrier); pthread_exit ((void *) (long int) (! allow_execstack)); +# endif #endif return ! allow_execstack; } -static void -deeper (void (*f) (void)) -{ - char stack[1100 * 1024]; - explicit_bzero (stack, sizeof stack); - (*f) (); - memfrob (stack, sizeof stack); -} - - #include diff --git a/nptl/allocatestack.c b/nptl/allocatestack.c index d9adb5856c..9662b43afe 100644 --- a/nptl/allocatestack.c +++ b/nptl/allocatestack.c @@ -448,25 +448,6 @@ allocate_stack (const struct pthread_attr *attr, struct pthread **pdp, lll_unlock (GL (dl_stack_cache_lock), LLL_PRIVATE); - - /* There might have been a race. Another thread might have - caused the stacks to get exec permission while this new - stack was prepared. Detect if this was possible and - change the permission if necessary. */ - if (__builtin_expect ((GL(dl_stack_flags) & PF_X) != 0 - && (prot & PROT_EXEC) == 0, 0)) - { - int err = __nptl_change_stack_perm (pd); - if (err != 0) - { - /* Free the stack memory we just allocated. */ - (void) __munmap (mem, size); - - return err; - } - } - - /* Note that all of the stack and the thread descriptor is zeroed. This means we do not have to initialize fields with initial value zero. This is specifically true for diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index cec56e2214..172bcd2cf7 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -399,13 +399,6 @@ struct rtld_global #endif #include -#if !PTHREAD_IN_LIBC - /* If loading a shared object requires that we make the stack executable - when it was not, we do it by calling this function. - It returns an errno code or zero on success. */ - EXTERN int (*_dl_make_stack_executable_hook) (void **); -#endif - /* Prevailing state of the stack, PF_X indicating it's executable. */ EXTERN ElfW(Word) _dl_stack_flags; @@ -702,17 +695,10 @@ extern const ElfW(Phdr) *_dl_phdr; extern size_t _dl_phnum; #endif -#if PTHREAD_IN_LIBC -/* This function changes the permissions of all stacks (not just those - of the main stack). */ -int _dl_make_stacks_executable (void **stack_endp) attribute_hidden; -#else -/* This is the initial value of GL(dl_make_stack_executable_hook). - A threads library can change it. The ld.so implementation changes - the permissions of the main stack only. */ -extern int _dl_make_stack_executable (void **stack_endp); -rtld_hidden_proto (_dl_make_stack_executable) -#endif +/* This function changes the permission of the memory region pointed + by STACK_ENDP to executable and update the internal memory protection + flags for future thread stack creation. */ +int _dl_make_stack_executable (void **stack_endp) attribute_hidden; /* Variable pointing to the end of the stack (or close to it). This value must be constant over the runtime of the application. Some programs diff --git a/sysdeps/mach/hurd/Makefile b/sysdeps/mach/hurd/Makefile index 698729a8a6..576c42eb68 100644 --- a/sysdeps/mach/hurd/Makefile +++ b/sysdeps/mach/hurd/Makefile @@ -300,6 +300,8 @@ ifeq ($(subdir),elf) check-execstack-xfail += ld.so libc.so libpthread.so # We always create a thread for signals test-xfail-tst-single_threaded-pthread-static = yes + +CFLAGS-tst-execstack.c += -DDEFAULT_RWX_STACK=1 endif # For bug 30166 diff --git a/sysdeps/mach/hurd/dl-execstack.c b/sysdeps/mach/hurd/dl-execstack.c index 31371bc6e3..0222430131 100644 --- a/sysdeps/mach/hurd/dl-execstack.c +++ b/sysdeps/mach/hurd/dl-execstack.c @@ -47,4 +47,3 @@ _dl_make_stack_executable (void **stack_endp) return ENOSYS; #endif } -rtld_hidden_def (_dl_make_stack_executable) diff --git a/sysdeps/nptl/pthreadP.h b/sysdeps/nptl/pthreadP.h index c2db165052..a8e09bf754 100644 --- a/sysdeps/nptl/pthreadP.h +++ b/sysdeps/nptl/pthreadP.h @@ -289,12 +289,6 @@ extern _Noreturn void __syscall_do_cancel (void) attribute_hidden; extern void __nptl_free_tcb (struct pthread *pd); libc_hidden_proto (__nptl_free_tcb) -/* Change the permissions of a thread stack. Called from - _dl_make_stacks_executable and pthread_create. */ -int -__nptl_change_stack_perm (struct pthread *pd); -rtld_hidden_proto (__nptl_change_stack_perm) - /* longjmp handling. */ extern void __pthread_cleanup_upto (__jmp_buf target, char *targetframe); libc_hidden_proto (__pthread_cleanup_upto) diff --git a/sysdeps/unix/sysv/linux/Versions b/sysdeps/unix/sysv/linux/Versions index 213ff5f1fe..55d565545a 100644 --- a/sysdeps/unix/sysv/linux/Versions +++ b/sysdeps/unix/sysv/linux/Versions @@ -360,7 +360,4 @@ ld { __rseq_offset; __rseq_size; } - GLIBC_PRIVATE { - __nptl_change_stack_perm; - } } diff --git a/sysdeps/unix/sysv/linux/dl-execstack.c b/sysdeps/unix/sysv/linux/dl-execstack.c index b986898598..68db6737f0 100644 --- a/sysdeps/unix/sysv/linux/dl-execstack.c +++ b/sysdeps/unix/sysv/linux/dl-execstack.c @@ -16,19 +16,10 @@ License along with the GNU C Library; if not, see . */ -#include #include -#include -#include -#include -#include -#include -#include -#include -#include -static int -make_main_stack_executable (void **stack_endp) +int +_dl_make_stack_executable (void **stack_endp) { /* This gives us the highest/lowest page that needs to be changed. */ uintptr_t page = ((uintptr_t) *stack_endp @@ -52,57 +43,3 @@ make_main_stack_executable (void **stack_endp) return 0; } - -int -_dl_make_stacks_executable (void **stack_endp) -{ - /* First the main thread's stack. */ - int err = make_main_stack_executable (stack_endp); - if (err != 0) - return err; - - lll_lock (GL (dl_stack_cache_lock), LLL_PRIVATE); - - list_t *runp; - list_for_each (runp, &GL (dl_stack_used)) - { - err = __nptl_change_stack_perm (list_entry (runp, struct pthread, list)); - if (err != 0) - break; - } - - /* Also change the permission for the currently unused stacks. This - might be wasted time but better spend it here than adding a check - in the fast path. */ - if (err == 0) - list_for_each (runp, &GL (dl_stack_cache)) - { - err = __nptl_change_stack_perm (list_entry (runp, struct pthread, - list)); - if (err != 0) - break; - } - - lll_unlock (GL (dl_stack_cache_lock), LLL_PRIVATE); - - return err; -} - -int -__nptl_change_stack_perm (struct pthread *pd) -{ -#if _STACK_GROWS_DOWN - void *stack = pd->stackblock + pd->guardsize; - size_t len = pd->stackblock_size - pd->guardsize; -#elif _STACK_GROWS_UP - void *stack = pd->stackblock; - size_t len = (uintptr_t) pd - pd->guardsize - (uintptr_t) pd->stackblock; -#else -# error "Define either _STACK_GROWS_DOWN or _STACK_GROWS_UP" -#endif - if (__mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0) - return errno; - - return 0; -} -rtld_hidden_def (__nptl_change_stack_perm) diff --git a/sysdeps/unix/sysv/linux/mips/Makefile b/sysdeps/unix/sysv/linux/mips/Makefile index d5725c69d8..05ec9150b2 100644 --- a/sysdeps/unix/sysv/linux/mips/Makefile +++ b/sysdeps/unix/sysv/linux/mips/Makefile @@ -61,6 +61,7 @@ ifeq ($(subdir),elf) # this test is expected to fail. ifneq ($(mips-has-gnustack),yes) test-xfail-check-execstack = yes +CFLAGS-tst-execstack.c += -DDEFAULT_RWX_STACK=1 endif endif @@ -68,6 +69,12 @@ ifeq ($(subdir),stdlib) gen-as-const-headers += ucontext_i.sym endif +ifeq ($(subdir),nptl) +ifeq ($(mips-force-execstack),yes) +CFLAGS-tst-execstack-threads.c += -DDEFAULT_RWX_STACK=1 +endif +endif + ifeq ($(mips-force-execstack),yes) CFLAGS-.o += -Wa,-execstack CFLAGS-.os += -Wa,-execstack From patchwork Thu Dec 26 17:57:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 853702 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp4893919wrq; Thu, 26 Dec 2024 10:03:33 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVtbgyCVjtKqONPR5mmnX0BHM2YBDL1xYcF+LzEj7K0o+6yndbHGeAPUia4QkwlScw4dXQDOA==@linaro.org X-Google-Smtp-Source: AGHT+IGSCq41ovsl9Sj5wEsH8j7XWKvAwBwvMg6DbUsC9nc7tCm3ggIRPLW1CXvteCEu+Mfp+AaA X-Received: by 2002:a05:620a:4452:b0:7b6:6a3b:539b with SMTP id af79cd13be357-7b9ba73895emr3947498685a.17.1735236213634; Thu, 26 Dec 2024 10:03:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1735236213; cv=pass; d=google.com; s=arc-20240605; b=MxZaVip9mMI/E/QY1Q61jY2nCGMsycqqhT/xg2spO48vQN6YFxEeWkaxRKi4khhosm Z47tsmsM2uoiiXMCejuqhDp4rWTFqzcDBolAELndzdFVI2lDZFqDOYoW07ySXuVFn9ks 6wxyns5iEMrvgy1DRAUCntKKllLtUuTKOi1iBVvW1pDOcRQmwqogC23WlVOeoJuCRCgl SQsm7aEsZBJe1Omz0eoKn7PReC03ENtf37m1nLUWgjcbN+4F74f3mTd2m0z6TF1SGkV2 HSF9E6kjkp52u1DcBbAbEt4NBueheP1nOjK1NU2MzNWdHyfTdQXnGWwV2rX+eEXrTGY2 d2nA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=bFqJlhND8ZbiwHoe/6DHdYTaWgb4vpDDDS2F9cj18B0=; fh=xV8Gp349bHw1ljD2lFQRwhGaJ4bIEzpeFyS/N97S3Sw=; b=FNphsbIFu4rIUMf2VUlIgSeudMGZcKcc/XNGjwdyru6FHZcyFVwODDUVJjhGoDumnB VYX2CYm38qPTSBhVsWSTSBlibY1lAU1iyJDaoKzOME+l6o3nvMbyiqxpXMR5SCsQo/Ou fUYCPyYdbsOxnMJ7RnokhJc0xtZtQYv2AZDUob2U2h1UbFtnoow9Ipn0jij0ZO5Wa15B SvdMn3fh/QOviDI3KVLO5qysLx1p78sDpaQax1mePEa+Dgx+ntqfz+c4QfG6Jw8yv7q1 NxC42u34jOff6TJXsA72W7YIpWPf2ZEUhZ47urBBWOt3pnAa1nanXtM0KYBl4gnDdPYn jeKw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XwqTTCUI; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id af79cd13be357-7b9ac4ce805si1888109485a.427.2024.12.26.10.03.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 10:03:33 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XwqTTCUI; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 367243858C48 for ; Thu, 26 Dec 2024 18:03:33 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 367243858C48 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=XwqTTCUI X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by sourceware.org (Postfix) with ESMTPS id 292013858C51 for ; Thu, 26 Dec 2024 17:58:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 292013858C51 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 292013858C51 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::636 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235929; cv=none; b=R2D9s7te3mIePufC+C6ZINiketKpzn3AuA+g7xPBI/wG2Ci3CaUui/kQ3ML78lWAbEKYUA27bYwDPfx+NMuxYZXiId1QaSKi4fOhXxIbva1gxG7d3DQwyZW9YLkQkFXzNJaFzlaSLRFOOiFbX5tI8NLR/UG80sFFBHMJGT7Aw08= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235929; c=relaxed/simple; bh=NhreY4py9k6vBO0fulaO6qTa2bn3uqToEzZ2jDAmm3c=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=fqmjfzHAkD/luDNbLJsTpS77VyIBv6fhf6CeHopTspRAiRVXXZSbgrnmT+tOUGLQ7Ph5AlBVslaX5mvpoWqUCeq6zqI+rjbYuiuuvcgTadV4vLIW2e/+Oo5bIZ8yPQx4gWqeY7bLs4o9+NT5G3u/pCYUdbeG6PDLpcvcpy29MRQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 292013858C51 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-2161eb95317so80130655ad.1 for ; Thu, 26 Dec 2024 09:58:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1735235928; x=1735840728; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bFqJlhND8ZbiwHoe/6DHdYTaWgb4vpDDDS2F9cj18B0=; b=XwqTTCUI3Z+O5rFEs7NArYKKHo9Gfk1O0ZSowM81ywEYVg4cwOh9scRD+8906Y7bTz EsJxlqN2pzVkgxibP024WCdA4oE/jID0CKxnxRrICWqpAagoGvgSMLzzjfcLtAyuL9eP TYYRi3WjfuyRKES4hifSLkETVtkM0cnOseJJNHbhipjwsWtJOSD11Ncg+HdWSnXI7auq FjtjR3GNrs1kQc0FklNWYl4jI78goV+ZTB5V8RiP5GH9Tz3G5OagnMKjFWroRq8dLL8c Wb7vzrNCBZPDgefmGLUnDqCXABzMpDdQk+4iGcM+BcTX/xkDDpveq88xdrdQQgTFKVa/ QnJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735235928; x=1735840728; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bFqJlhND8ZbiwHoe/6DHdYTaWgb4vpDDDS2F9cj18B0=; b=WM6CbsRXHvdBzRLcx9xn8xOoHy4tmyrr9rFxX9B7iMr85DnzSxK4SR6OWgltcRt/RH jnoDZLsKOg7deZHNyI4AUGixE949qD3a+UZf5B4iwl6qzLUvSXNyvraY87sghLFLBQmW KF1zaeIbw0CM/usUZJe0AjeAYbyWsd0+jW3KS3ncRLn2mAoi1LJ7mDpEqGW9BkoBRXRv hQBpuqbqeClOAMIUMAfNos6AQ2Bi/Z/HVfk6xDuyE6JK43jqhEtUNpXKRsX3K+BsVNE5 dP2wqDdg4XLAfTSz0PQnUu01uw34mpn9IppsF/SP3lmUd0IsqQOQu825NnDyKX/9ks0B 8n4A== X-Gm-Message-State: AOJu0YxfmFLk28hCFPbAYOte373r57UVDMBLqcd2m6EHS1RTzdEFEst/ 1M5mfg20K45cehgzY98pY/Pbq58NrFBJhd3kqJZzKPlXLRKYK+P3tWDurRkde2NomVAqrKOhnTv g X-Gm-Gg: ASbGncuMgnFFb7Df7qJw76A3r/Yj2Hm2Wus97hXB1d5W821UGmtBYBtPuqsbyODMmIt eworZuocrw8blHrOK7EasHF6i6KZUE0EcVLjOTvjPvsD0TjQpEecdWMwBseZZsk7TX5eR235Eqm fKsk7pHP/bQkHbuoJYAdXJ9yWgco6wklJsQ5rcaO+v9cqCc0tpjDHTH20Sn5mjK0FBiRqqYrINJ ehj+NdGvGJ8mjahl4rCg+gLJG3/ZG38mMzdHI+GlT8BfRtNFeJNGrlW+2p0wXiHa8o0VR74CLOt AnDP5n+ooOM43C6a+TXdrIz+7Xwd X-Received: by 2002:a17:902:cece:b0:216:282d:c697 with SMTP id d9443c01a7336-219e6ebae8amr259779655ad.27.1735235927644; Thu, 26 Dec 2024 09:58:47 -0800 (PST) Received: from ubuntu-vm.. (201-92-184-234.dsl.telesp.net.br. [201.92.184.234]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-219dca031besm119484645ad.281.2024.12.26.09.58.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:58:47 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Florian Weimer , Adhemerval Zanella Subject: [PATCH v7 3/4] elf: Add tst-execstack-prog-static Date: Thu, 26 Dec 2024 14:57:44 -0300 Message-ID: <20241226175834.2531046-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> References: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org Similar to tst-execstack-prog, check if executable stacks works for statically linked programs. Reviewed-by: Florian Weimer --- elf/Makefile | 7 +++++++ elf/tst-execstack-prog-static.c | 1 + 2 files changed, 8 insertions(+) create mode 100644 elf/tst-execstack-prog-static.c diff --git a/elf/Makefile b/elf/Makefile index e8fc6bd65f..cea48e9537 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -567,6 +567,9 @@ tests-execstack-yes = \ tst-execstack-needed \ tst-execstack-prog \ # tests-execstack-yes +tests-execstack-static-yes = \ + tst-execstack-prog-static + # tests-execstack-static-yes endif endif ifeq ($(have-depaudit),yes) @@ -662,6 +665,7 @@ $(objpfx)tst-rtld-dash-dash.out: tst-rtld-dash-dash.sh $(objpfx)ld.so $(evaluate-test) tests += $(tests-execstack-$(have-z-execstack)) +tests-static+= $(tests-execstack-static-$(have-z-execstack)) ifeq ($(run-built-tests),yes) tests-special += \ $(objpfx)tst-ldconfig-X.out \ @@ -1982,6 +1986,9 @@ LDFLAGS-tst-execstack-needed = -Wl,-z,noexecstack LDFLAGS-tst-execstack-prog = -Wl,-z,execstack CFLAGS-tst-execstack-prog.c += -Wno-trampolines CFLAGS-tst-execstack-mod.c += -Wno-trampolines + +LDFLAGS-tst-execstack-prog-static = -Wl,-z,execstack +CFLAGS-tst-execstack-prog-static.c += -Wno-trampolines endif LDFLAGS-tst-array2 = -Wl,--no-as-needed diff --git a/elf/tst-execstack-prog-static.c b/elf/tst-execstack-prog-static.c new file mode 100644 index 0000000000..328065dd9c --- /dev/null +++ b/elf/tst-execstack-prog-static.c @@ -0,0 +1 @@ +#include From patchwork Thu Dec 26 17:57:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 853701 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp4891753wrq; Thu, 26 Dec 2024 10:00:16 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVGozVl0OHo0Ia8dmAdc0gZkMgryZxG0dhQZ4nvbVuIBRRWN6eQuqHiDUOyr8e5h/Tu9IzZsA==@linaro.org X-Google-Smtp-Source: AGHT+IH6oSdpvgz2Lp0MQiri9ty8riOn8p6C7dgBjjGLY/EcXMbINoGxOADLu2zrFAt/1SBeM0zq X-Received: by 2002:a05:6214:2589:b0:6d8:7d7c:bdd5 with SMTP id 6a1803df08f44-6dd2339fe52mr382115076d6.36.1735236015857; Thu, 26 Dec 2024 10:00:15 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1735236015; cv=pass; d=google.com; s=arc-20240605; b=AoEkgbxPWA/zsH+/u8RJg8oOLFylu2Om61mJ63Gkyyzrqp7BMI8IiBJpN6lFdUfh4Z fm1F4dgyeUcRxx0wUXKHwznL+XrzENyEt/FKg9FTY1o/O0KRsgeSgEgAYauF/Gx5LI7m kb2dtxChKwhytKwREZntKlfW3egrot7j9DHq1CTb6D4sYn6ThPlZ4BDM+XOOUWeQL5kA e4Qjwiauy8qj2a8QFAcpuk85wlOkQMPQnxCeRGZmxEqlk3YrDw6azKGhjTEvyIpr4OlR nbWdbensmnIGJ7Wdn3YgktIuLnJz1LODX/ZUkwiAP4jrOHVuC2Ihx9eKpx3hQVE03Mny S/pw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=tDyRrIdSTi9ivAYiC1NwqgoUxluAWtbZt15rA8D0Rs8=; fh=xV8Gp349bHw1ljD2lFQRwhGaJ4bIEzpeFyS/N97S3Sw=; b=S4j6gtCdmpdj7YEmVw8tZ7eMf2k/km6bLhGzOR4W+ZX64jYCNrzgVGjjNgvZKRQ/Ja 759lBawcgI/mbWMPVbFS9gsRBQCrFhqbmjsd2wN1+y3DHNDsvSa2kaVHoerf3s3DkZCb vmTcfw9lkGymYibpyyDsHVSQ8QTn5/MYc44zawDsxTDj1//Q+ZD1DBPlA961MQsOQ9Yh pXQCVxMA0l9MWHYSZbDUZ6RGzbYmJhUB8LAZOY/o39nSp1LtloRkR8+UVu+NrvT6fhug 40v3rYQg03BaPnZJvcMrWFv1U0a3w1S5po4pLdsroRBWgP9u3H/yBqIQ1LTLQFd6xDP1 WRww==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=peVta0fH; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id 6a1803df08f44-6dd18237267si207346406d6.281.2024.12.26.10.00.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 10:00:14 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=peVta0fH; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6E76F3858C48 for ; Thu, 26 Dec 2024 18:00:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6E76F3858C48 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=peVta0fH X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id 39FC03858C5F for ; Thu, 26 Dec 2024 17:58:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 39FC03858C5F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 39FC03858C5F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::635 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235931; cv=none; b=hjAdh1rZ/ZPod3SZhNEpb+mI/ZCiDhsuUKKTAjpTcWFKpFAVRRJzUmqsGC9iEyviBRT63g/vYKShlzRvTkENjEUreljgVCwEFUyhTHEYsM+AUAtW6txo0Vka1Bqf7fJAspxnw13VUC248Emk1dlSCArhnrRjQfOAR8l3ILAEcW4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735235931; c=relaxed/simple; bh=cY4p/dwV2ejYH5jf6/F72drbOuZnTEtlVX7ciy+HQzs=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=rIitSK+qA1K+PVv5w02+g+82Vsys8kTBO3/OBThQzY2doeAo2UDIKrqX8KM01wBp4TyZW0CEtmxkbyyw6BnKSyDliqropTmTU35jDre9zsFcVye6v9XgMdYIfJE9CZSWlVuUBRrLvLNg91lDlGhi1d0IDNkl7cS2q7VcY9JIF/M= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 39FC03858C5F Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-2166651f752so86782835ad.3 for ; Thu, 26 Dec 2024 09:58:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1735235930; x=1735840730; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tDyRrIdSTi9ivAYiC1NwqgoUxluAWtbZt15rA8D0Rs8=; b=peVta0fHakVkZreBXpKb7559EkgK8QdJQ9lx+l3vmYfSsFY/yux0E4OREHMEovvMMX s/sZz4+fiVqWc4ue80bxHM5/6A8z1Dsa+CytEqAV8QyiBPX9uuLgGPmQrRYCqeKW3WAu wQ5s/5qLnjs1iDuVmdPU5AJZ5F90YqA62LocNO8hbayQ6A6jhz74Da4X4If5t8ptxLUz Wswfe0ksQ+rt8/vFFFmwpRZ1pRWTKCBvk6rCLf5Tib+6gNU0HWoyzemnLHEHsS6k7/C7 1P0YQvBqR+2kHVE8sHb37WONoqhTmflfpk3w01CPCPYe2rV5HDjUH76bt7YbCfXi1tKS vfBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735235930; x=1735840730; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tDyRrIdSTi9ivAYiC1NwqgoUxluAWtbZt15rA8D0Rs8=; b=G9LEmG985Fsk2vECzdq36ldpjP8ljTVbAa2weXAxwPYYUfKhwc2W5JJEJBcXscS318 5DOpTlFUvQvIg5pWlHE8gKOie6bdKWoSWNPiZdHQzyxXFXcSanH8b11QX8rtNeBSVTod JZB8fbl0hop5Sy6wZEMNpyh10h0PdqwXMhcntea6OSRhD9FXBFNwzjMajKp1cy4iANh+ RU+dsg5Jnf1APPETEYg0jdqFSKtQHq9vTBQ6BkHY4dgNU4lqIcWy3ISuDtbR06pFUW2K bs/NI0oxQFxtbMzllovaKpqpHUeGTar6mSW+P6+EqeFMseRNblHo1B8hyJmiClOwKVjj vSlQ== X-Gm-Message-State: AOJu0YyLEC8P8qBGA+BZ/Z/SDMcm4SujlZQJzXzrkGgOiQyxhEREliBI M00ZKwCflp9WcQ6Es8U8dGJJk9+ZBIvDzKasKqTRvENEuqpEfRAa2EUl9/bcLkIrguc/iSw0BgL S X-Gm-Gg: ASbGncvZyM3dJPEjluaeyz2GzReps8rPreNwNfuCTwoQYA5+1rK+TtIz1ugDP/xagAr 0+WZ6S47w8yGTcSjoi2160TqCIQ1iFXLM3GK3bRJ2VY2YktZVE8svaiUx7FqD1sbYWabla6GpbF PeS2VtoLWiaSkFBtSD7q0CcdPnE7Qa4eYqYkVfyzCaS6y8NC+enafkIZH9Urafu5umLinDLjuf/ Pj7ZrFMnrQx2sAGwfLyBpDk5q2KtiVwahclImRUqGTqkyoOTVCEf0NQctDgtiNx7cjfSV78wUrd KtaAtggZx6D87EoULbHtoiUgm5Ho X-Received: by 2002:a17:903:2cc:b0:212:5786:7bb6 with SMTP id d9443c01a7336-219e6e887d0mr296710185ad.3.1735235929475; Thu, 26 Dec 2024 09:58:49 -0800 (PST) Received: from ubuntu-vm.. (201-92-184-234.dsl.telesp.net.br. [201.92.184.234]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-219dca031besm119484645ad.281.2024.12.26.09.58.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Dec 2024 09:58:49 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Florian Weimer , Adhemerval Zanella Subject: [PATCH v7 4/4] elf: Add glibc.rtld.execstack Date: Thu, 26 Dec 2024 14:57:45 -0300 Message-ID: <20241226175834.2531046-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> References: <20241226175834.2531046-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org The new tunable can be used to control whether executable stacks are allowed from either the main program or dependencies. The default is to allow executable stacks. The executable stacks default permission is checked agains the one provided by the PT_GNU_STACK from program headers (if present). The tunable also disables the stack permission change if any dependency requires an executable stack at loading time. Checked on x86_64-linux-gnu, i686-linux-gnu, and aarch64-linux-gnu. Reviewed-by: Florian Weimer --- NEWS | 5 ++++ elf/Makefile | 44 ++++++++++++++++++++++++++++++++++ elf/dl-load.c | 4 +++- elf/dl-support.c | 5 ++++ elf/dl-tunables.list | 6 +++++ elf/rtld.c | 4 ++++ elf/tst-rtld-list-tunables.exp | 1 + manual/tunables.texi | 28 ++++++++++++++++++++++ 8 files changed, 96 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index e7975384ff..36abe588e6 100644 --- a/NEWS +++ b/NEWS @@ -57,6 +57,11 @@ Major new features: liable to change. Features from C2Y are also enabled by _GNU_SOURCE, or by compiling with "gcc -std=gnu2y". +* A new tunable, glibc.rtld.execstack, can be used to control whether a + executable stacks is allowed from the main program, either implicitly due + to a mising GNU_STACK ELF header or explicit explicitly because of the + executable bit in GNU_STACK. The default is to allow executable stacks. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed. diff --git a/elf/Makefile b/elf/Makefile index cea48e9537..4874d9b59e 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -570,6 +570,13 @@ tests-execstack-yes = \ tests-execstack-static-yes = \ tst-execstack-prog-static # tests-execstack-static-yes +ifeq (yes,$(run-built-tests)) +tests-execstack-special-yes = \ + $(objpfx)tst-execstack-needed-noexecstack.out \ + $(objpfx)tst-execstack-prog-noexecstack.out \ + $(objpfx)tst-execstack-prog-static-noexecstack.out \ + # tests-execstack-special-yes +endif # $(run-built-tests) endif endif ifeq ($(have-depaudit),yes) @@ -666,6 +673,7 @@ $(objpfx)tst-rtld-dash-dash.out: tst-rtld-dash-dash.sh $(objpfx)ld.so tests += $(tests-execstack-$(have-z-execstack)) tests-static+= $(tests-execstack-static-$(have-z-execstack)) +tests-special += $(tests-execstack-special-$(have-z-execstack)) ifeq ($(run-built-tests),yes) tests-special += \ $(objpfx)tst-ldconfig-X.out \ @@ -1989,6 +1997,42 @@ CFLAGS-tst-execstack-mod.c += -Wno-trampolines LDFLAGS-tst-execstack-prog-static = -Wl,-z,execstack CFLAGS-tst-execstack-prog-static.c += -Wno-trampolines + +ifeq (yes,$(build-hardcoded-path-in-tests)) +tst-execstack-prog-noexecstack-msg = "Fatal glibc error: executable stack is not allowed$$" +else +tst-execstack-prog-noexecstack-msg = "error while loading shared libraries:.*cannot enable executable stack as shared object requires:" +endif + +$(objpfx)tst-execstack-prog-noexecstack.out: $(objpfx)tst-execstack-prog + $(test-program-cmd-before-env) \ + $(run-program-env) \ + GLIBC_TUNABLES=glibc.rtld.execstack=0 \ + $(test-program-cmd-after-env) $< \ + > $@ 2>&1; echo "status: $$?" >> $@; \ + grep -q $(tst-execstack-prog-noexecstack-msg) $@ \ + && grep -q '^status: 127$$' $@; \ + $(evaluate-test) + +$(objpfx)tst-execstack-needed-noexecstack.out: $(objpfx)tst-execstack-needed + $(test-program-cmd-before-env) \ + $(run-program-env) \ + GLIBC_TUNABLES=glibc.rtld.execstack=0 \ + $(test-program-cmd-after-env) $< \ + > $@ 2>&1; echo "status: $$?" >> $@; \ + grep -q 'error while loading shared libraries:.*cannot enable executable stack as shared object requires:' $@ \ + && grep -q '^status: 127$$' $@; \ + $(evaluate-test) + +$(objpfx)tst-execstack-prog-static-noexecstack.out: $(objpfx)tst-execstack-prog-static + $(test-program-cmd-before-env) \ + $(run-program-env) \ + GLIBC_TUNABLES=glibc.rtld.execstack=0 \ + $< \ + > $@ 2>&1; echo "status: $$?" >> $@; \ + grep -q 'Fatal glibc error: executable stack is not allowed$$' $@ \ + && grep -q '^status: 127$$' $@; \ + $(evaluate-test) endif LDFLAGS-tst-array2 = -Wl,--no-as-needed diff --git a/elf/dl-load.c b/elf/dl-load.c index a238ff4286..76430e26da 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -32,6 +32,7 @@ #include #include #include +#include /* Type for the buffer we put the ELF header and hopefully the program header. This buffer does not really have to be too large. In most @@ -1317,7 +1318,8 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, /* The stack is presently not executable, but this module requires that it be executable. Only tries to change the stack protection during process startup. */ - if ((mode & __RTLD_DLOPEN) == 0) + if ((mode & __RTLD_DLOPEN) == 0 + && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 1) errval = _dl_make_stack_executable (stack_endp); else errval = EINVAL; diff --git a/elf/dl-support.c b/elf/dl-support.c index fe1f8c8f6a..73fcd33892 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -45,6 +45,7 @@ #include #include #include +#include extern char *__progname; char **_dl_argv = &__progname; /* This is checked for some error messages. */ @@ -331,6 +332,10 @@ _dl_non_dynamic_init (void) break; } + if ((__glibc_unlikely (GL(dl_stack_flags)) & PF_X) + && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 0) + _dl_fatal_printf ("Fatal glibc error: executable stack is not allowed\n"); + call_function_static_weak (_dl_find_object_init); /* Setup relro on the binary itself. */ diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list index 40ac5b3776..8e656296bb 100644 --- a/elf/dl-tunables.list +++ b/elf/dl-tunables.list @@ -135,6 +135,12 @@ glibc { maxval: 1 default: 0 } + execstack { + type: INT_32 + minval: 0 + maxval: 1 + default: 1 + } } mem { diff --git a/elf/rtld.c b/elf/rtld.c index 5eb130be30..8dd0381985 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -1645,6 +1645,10 @@ dl_main (const ElfW(Phdr) *phdr, bool has_interp = rtld_setup_main_map (main_map); + if ((__glibc_unlikely (GL(dl_stack_flags)) & PF_X) + && TUNABLE_GET (glibc, rtld, execstack, int32_t, NULL) == 0) + _dl_fatal_printf ("Fatal glibc error: executable stack is not allowed\n"); + /* If the current libname is different from the SONAME, add the latter as well. */ if (_dl_rtld_map.l_info[DT_SONAME] != NULL diff --git a/elf/tst-rtld-list-tunables.exp b/elf/tst-rtld-list-tunables.exp index db0e1c86e9..9f5990f340 100644 --- a/elf/tst-rtld-list-tunables.exp +++ b/elf/tst-rtld-list-tunables.exp @@ -13,5 +13,6 @@ glibc.malloc.top_pad: 0x20000 (min: 0x0, max: 0x[f]+) glibc.malloc.trim_threshold: 0x0 (min: 0x0, max: 0x[f]+) glibc.rtld.dynamic_sort: 2 (min: 1, max: 2) glibc.rtld.enable_secure: 0 (min: 0, max: 1) +glibc.rtld.execstack: 1 (min: 0, max: 1) glibc.rtld.nns: 0x4 (min: 0x1, max: 0x10) glibc.rtld.optional_static_tls: 0x200 (min: 0x0, max: 0x[f]+) diff --git a/manual/tunables.texi b/manual/tunables.texi index 0b1b2898c0..ea870b8156 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -355,6 +355,34 @@ tests for @code{AT_SECURE} programs and not meant to be a security feature. The default value of this tunable is @samp{0}. @end deftp +@deftp Tunable glibc.rtld.execstack +@Theglibc{} will use either the default architecture ABI flags (that might +contain the executable bit) or the value of @code{PT_GNU_STACK} (if present) +to define whether to mark the stack non-executable and if the program or +any shared library dependency requires an executable stack the loader will +change the main stack permission if kernel starts with a non-executable stack. + +The @code{glibc.rtld.execstack} can be used to control whether an executable +stack is allowed from the main program. Setting the value to @code{0} disablesi +the ABI auto-negotiation (meaning no executable stacks even if the ABI or ELF +header requires it), while @code{1} enables auto-negotiation (although the +program might not need an executable stack). + +When executable stacks are not allowed, and if the main program requires it, +the loader will fail with an error message. + +Some systems do not have separate page protection flags at the hardware +level for read access and execute access (sometimes called read-implies-exec). +This mode can also be enabled on certain systems where the hardware supports +separate protection flags. The @theglibc{} tunable configuration is independent +of hardware capabilities and kernel configuration. + +@strong{NB:} Trying to load a dynamic shared library with @code{dlopen} or +@code{dlmopen} that requires an executable stack will always fail if the +main program does not require an executable stack at loading time. This +is enforced regardless of the tunable value. +@end deftp + @node Elision Tunables @section Elision Tunables @cindex elision tunables